update-security-access

subtitle

Updates the security access settings of the given environment.

version

0.9.122

Description

Updates the security access settings of the given environment.

Synopsis

  update-security-access
--environment <value>
--gateway-node-security-group-id <value>
--default-security-group-id <value>
[--cli-input-json <value>]
[--generate-cli-skeleton]

Options

--environment (string)

The name or the CRN of the environment.

--gateway-node-security-group-id (string)

Security group ID where Knox-enabled hosts are placed.

--default-security-group-id (string)

Security group ID for non-gateway nodes.

--cli-input-json (string)

Performs service operation based on the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, the CLI values will override the JSON-provided values.

--generate-cli-skeleton (boolean)

Prints a sample input JSON to standard output. Note the specified operation is not run if this argument is specified. The sample input can be used as an argument for --cli-input-json.

Output

environment -> (object)

The environment.

environmentName -> (string)

Name of the environment.

crn -> (string)

CRN of the environment.

status -> (string)

Status of the environment.

region -> (string)

Region of the environment.

cloudPlatform -> (string)

Cloud platform of the environment.

credentialName -> (string)

Name of the credential of the environment.

network -> (object)

The network.

networkName -> (string)

Name or id of the network

subnetIds -> (array)

Subnet names or ids of the network.

item -> (string)

endpointAccessGatewayScheme -> (string)

The scheme for the endpoint gateway. PUBLIC indicates an external endpoint that can be accessed over the Internet.

endpointAccessGatewaySubnetIds -> (array)

The subnets to use for endpoint access gateway.

item -> (string)

aws -> (object)

AWS network parameters.

vpcId -> (string)

VPC ids of the specified networks.

azure -> (object)

Azure network parameters.

networkId -> (string)

The id of the Azure VNet.

resourceGroupName -> (string)

The name of the resource group associated with the VNet.

usePublicIp -> (boolean)

Whether to associate public ip’s to the resources within the network.

databasePrivateDnsZoneId -> (string)

The full Azure resource ID of the existing Private DNS Zone used for Flexible Server and Single Server Databases.

aksPrivateDnsZoneId -> (string)

The full Azure resource ID of an existing Private DNS zone used for the AKS.

enableOutboundLoadBalancer -> (boolean)

Whether the outbound load balancer was created for this environment.

flexibleServerSubnetIds -> (array)

The subnets delegated for Flexible Server database. Accepts either the name or the full resource id.

item -> (string)

gcp -> (object)

GCP network parameters.

networkName -> (string)

The name of the GCP VPC.

usePublicIp -> (boolean)

Whether to associate public ip’s to the resources within the network.

sharedProjectId -> (string)

The ID of the Google project associated with the VPC.

networkCidr -> (string)

The range of private IPv4 addresses that resources will use under this network.

subnetMetadata -> (map)

Additional subnet metadata of the network.

key -> (string)

value -> (object)

Information about a cloud provider subnet.

subnetId -> (string)

The id of the subnet.

subnetName -> (string)

The name of the subnet.

availabilityZone -> (string)

The availability zone of the subnet.

cidr -> (string)

The CIDR IP range of the subnet.

logStorage -> (object)

Storage configuration for cluster and audit logs.

enabled -> (boolean)

Whether external log storage is enabled.

awsDetails -> (object)

AWS-specific log storage configuration information.

storageLocationBase -> (string)

The base location to store logs in S3. This should be an s3a:// url.

instanceProfile -> (string)

The AWS instance profile that which contains the necessary permissions to access the S3 storage location.

azureDetails -> (object)

Azure-specific log storage configuration information.

storageLocationBase -> (string)

The storage location to use. The location has to be in the following format abfs://filesystem@storage-account-name.dfs.core.windows.net.

managedIdentity -> (string)

The managed identity associated with the logger. This identity should have Storage Blob Data Contributor role on the given storage account.

gcpDetails -> (object)

GCP-specific log storage configuration information.

storageLocationBase -> (string)

The storage location to use. This should be a gs:// url.

serviceAccountEmail -> (string)

Email ID of the service account associated with the logging instances.

backupStorage -> (object)

Storage configuration for backup.

enabled -> (boolean)

Whether external backup storage is enabled. The default value is disabled.

awsDetails -> (object)

AWS-specific backup storage configuration information.

storageLocationBase -> (string)

The base location to store backup in S3. This should be an s3a:// url.

instanceProfile -> (string)

The AWS instance profile which contains the necessary permissions to access the S3 storage location.

azureDetails -> (object)

Azure-specific backup storage configuration information.

storageLocationBase -> (string)

The storage location to use. The location has to be in the following format abfs://filesystem@storage-account-name.dfs.core.windows.net.

managedIdentity -> (string)

The managed identity associated with the backup. This identity should have Storage Blob Data Contributor role on the given storage account.

gcpDetails -> (object)

GCP-specific backup storage configuration information.

storageLocationBase -> (string)

The storage location to use. This should be a gs:// url.

serviceAccountEmail -> (string)

Email ID of the service account associated with the backup instances.

authentication -> (object)

Additional SSH key authentication configuration for accessing cluster node instances.

publicKey -> (string)

SSH Public key string.

publicKeyId -> (string)

Public SSH key ID already registered in the cloud provider.

loginUserName -> (string)

The SSH user name created on the nodes for SSH access.

securityAccess -> (object)

Security control configuration for FreeIPA and Datalake deployment.

cidr -> (string)

CIDR range which is allowed for inbound traffic. Either IPv4 or IPv6 is allowed.

securityGroupIdForKnox -> (string)

Security group where Knox-enabled hosts are placed.

defaultSecurityGroupId -> (string)

Security group where all other hosts are placed.

description -> (string)

Description of the environment

statusReason -> (string)

The status reason.

created -> (datetime)

Creation date

creator -> (string)

The CRN of the user who has created the given environment.

awsDetails -> (object)

AWS-specific environment configuration information.

s3GuardTableName -> (string)

The name for the DynamoDB table backing S3Guard.

gcpDetails -> (object)

GCP specific environment configuration information.

sharedProjectId -> (string)

ID of the Google project where the resources are created.

workloadAnalytics -> (boolean)

When this is enabled, diagnostic information about job and query execution is sent to Workload Manager for Data Hub clusters created within this environment.

reportDeploymentLogs -> (boolean)

When true, this will report additional diagnostic information back to Cloudera.

freeipa -> (object)

Details of a FreeIPA cluster.

crn -> (string)

CRN of the FreeIPA cluster.

domain -> (string)

The domain name of the FreeIPA cluster.

hostname -> (string)

The hostname of the FreeIPA cluster.

serverIP -> (array)

The IP addresses of the FreeIPA cluster.

item -> (string)

recipes -> (array)

The recipes for the FreeIPA cluster.

item -> (string)

instances -> (array)

The instances of the FreeIPA cluster.

item -> (object)

Object for a FreeIPA instance providing specific information about the instance.

availabilityZone -> (string)

The availability zone of the instance.

discoveryFQDN -> (string)

The fully qualified domain name of the instance in the service discovery cluster.

instanceId -> (string)

The instance ID for the instance.

instanceGroup -> (string)

The instance group that contains the instance.

instanceStatus -> (string)

The status of the instance.

instanceStatusReason -> (string)

The status reason for the instance.

instanceType -> (string)

The type of the instance (either GATEWAY or GATEWAY_PRIMARY).

instanceVmType -> (string)

The VM type of the instance. Supported values depend on the cloud platform.

lifeCycle -> (string)

The life cycle type for the instance (either NORMAL or SPOT).

privateIP -> (string)

The private IP of the instance.

publicIP -> (string)

The public IP of the instance.

sshPort -> (integer)

The SSH port of the instance.

subnetId -> (string)

The subnet ID of the instance.

attachedVolumes -> (array)

List of volumes attached to this instance.

item -> (object)

The attached volume configuration.

count -> (integer)

The number of volumes.

volumeType -> (string)

The type of volumes.

size -> (integer)

The size of each volume in GB.

instanceCountByGroup -> (integer)

The number of FreeIPA instances to create per group when creating FreeIPA in environment.

multiAz -> (boolean)

Whether the given FreeIPA is deployed in a multi-availability zone way or not.

proxyConfig -> (object)

A proxy config object.

proxyConfigName -> (string)

The name of the proxy config.

crn -> (string)

The CRN of the proxy config.

protocol -> (string)

The protocol.

host -> (string)

The proxy host.

port -> (integer)

The proxy port.

description -> (string)

A description for the proxy config.

noProxyHosts -> (string)

Comma-separated list of ‘CIDR’, ‘[.]host[:port]’ (can be a subdomain as well) and ‘IP[:port]’ entries that should not be proxied. Wildcards are not accepted. For example .cloudera.com,192.168.1.1

user -> (string)

The proxy user.

password -> (string)

The proxy password.

inboundProxyCidr -> (array)

Allow these CIDR for Inbound communication.

item -> (string)

tags -> (object)

Environment tags object containing the tag values defined for the environment.

userDefined -> (map)

Map of tag names to values, for user-defined tags.

key -> (string)

value -> (string)

Tag value for the user-defined tag.

defaults -> (map)

Map of tag names to values, for default tags.

key -> (string)

value -> (string)

Tag value for the default tag.

dataServices -> (object)

Data Services parameters response of the environment.

azure -> (object)

Azure-specific Data Service parameters response.

sharedManagedIdentity -> (string)

User-assigned managed identity used by the AKS control plane.

customDockerRegistry -> (object)

The configured custom docker registry for data services.

crn -> (string)

The CRN of the configured custom docker registry for data services on the environment.

Form Factors

public, private