February 25, 2021
This release of the Management Console service introduces the following new features and behavioral changes:
Runtime 7.2.7 is now available and can be used for registering an environment with a 7.2.7 Data Lake and creating Data Hub clusters. See Cloudera Runtime.
CDP administrators now have the ability to delete users in CDP through both the user interface and the CLI. Deleting a user removes all access keys and SSH keys associated with the user, and unassigns all roles and resource roles assigned to the user. The user is also removed from all groups that they belong to. For more information, refer to Deleting users and machine users.
CDP administrators can configure your CDP environment to run FreeIPA in high-availability mode. By default, creating an environment configures a single instance of FreeIPA on its own host, but you can explicitly enable FreeIPA HA during environment registration via CPD web UI or CLI. For more information, refer to Managing FreeIPA.
Interactive login for CDP CLI and CDP SDK
If you would prefer that user access to the CLI/SDK is shorter-lived, you can use the "interactive" method of logging into the CDP CLI/SDK. By default, this login method grants a 12-hour access key to the CLI/SDK. The access key will time out after one hour of inactivity. The interactive method integrates with any SAML-compliant external identity provider. For more information, refer to Logging into the CDP CLI/SDK.
CDP includes a set of default anonymization rules and allows CDP administrators to define custom anonymization rules in order to remove sensitive information from CDP logs. For more information, refer to Defining anonymization rules for CDP logs.
Changes to delete machine user behavior
Deleting a machine user removes all access keys and SSH keys associated with the machine user, and unassigns all roles and resource roles assigned to the machine user. The machine user is also removed from all groups that they belong to. Previously, these steps had to be performed manually prior to machine user deletion. It takes around 2 minutes to fully delete a machine user in CDP. During that time you will not be able to recreate the machine user (that is, for 2 minutes you will not be able to create a machine user with the same machine user name).
Group name length limit
CDP user management framework supports group names of up to 64 characters. Previously up to 32 characters were supported.
Identity provider configuration improvements
The user interface and the overall flow of the identity provider configuration in CDP was improved for better usability.
New CDP SAML Service Provider certificate
The current CDP SAML Service Provider certificate is expiring on March 8, 2021 at 18:05:49 GMT. A replacement certificate is available for any customer whose identity provider will verify the CDP SAML service provider certificate. You can obtain the certificate from this document or by logging it to CDP web interface, navigating to > User Management > Identity Providers, clicking on your identity provider, and the last field "CDP SAML Service Provider Metadata" now contains 2 certificates: the one that expires on March 8, 2021 and the new one. Please consult your identity provider's documentation for how to update service provider certificates. CDP will start using the new certificate for SAML starting March 8, 2021.
Here is the new CDP SAML Service Provider certificate:
-----BEGIN CERTIFICATE----- MIIEKTCCAxGgAwIBAgIUF7LjOby+L8dcCVzWN4ChnTtybiowDQYJKoZIhvcNAQEL BQAwgaMxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwNU2FuIEZy YW5jaXNjbzEVMBMGA1UECgwMQ2xvdWRlcmEgSW5jMRAwDgYDVQQLDAdDRFAgSUFN MSEwHwYDVQQDDBhjb25zb2xlLmNkcC5jbG91ZGVyYS5jb20xIzAhBgkqhkiG9w0B CQEWFHN1cHBvcnRAY2xvdWRlcmEuY29tMB4XDTIxMDIyMzE5NDgxMVoXDTI0MDIy ODE5NDgxMVowgaMxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwN U2FuIEZyYW5jaXNjbzEVMBMGA1UECgwMQ2xvdWRlcmEgSW5jMRAwDgYDVQQLDAdD RFAgSUFNMSEwHwYDVQQDDBhjb25zb2xlLmNkcC5jbG91ZGVyYS5jb20xIzAhBgkq hkiG9w0BCQEWFHN1cHBvcnRAY2xvdWRlcmEuY29tMIIBIjANBgkqhkiG9w0BAQEF AAOCAQ8AMIIBCgKCAQEAszIxvwxxsAE4PqNLfZ2+4zfYI9UpiiePEOKJuL1Q8Mbh ArA53EmZradpYNIQ54a3vGQNeEoi782gcp/JbzLTY0AESnKXzpPXOhX8qMWytrcL QKmSW/eVbZsVEYnyf1wFxtpOcLbHfYB12W1ScD3FKr5BUns6bRCclfiFW1Ei5XLQ yzgSGdKXSvB/8izRr4yyyDT2IX8PelHbONiIKb6OTuuHPwo259RMjZZd2pwMurif JUGBckwYPh7Dkmiw9mTXVSD5fdSP1HvP2RTuPqmkTSgJRwdJD4G6wF1NFOQwItIr 7vf6OzPZJM6A2JCN8RQApMnYyNgT75wWtCNOF8F2cQIDAQABo1MwUTAdBgNVHQ4E FgQUGfVSdXrVb3JsJy5nf4OYp2sJn8IwHwYDVR0jBBgwFoAUGfVSdXrVb3JsJy5n f4OYp2sJn8IwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAkNxk +X2sCbXAIhSUNKUYQEM++ZDSnWzMgdavNeVUzWgTfGdwvDolFzvqU66wiQ8kedK0 qLW6gRZkG+GJUq5vY93pfNSQ5C4P9hhFqpd6tfHme7uHlZCtZh/wjOeYoOpgr0eI qtXxg6U6+6qLqzBi/9Zdc0sLZFNbjQLEFkNHoU7rFODcnLNHemngw+ui2rofsBhK F9Zcqiy91mmCto6OrQMAkXyfrU40S8+Yr9s+wnJEmNIkVN9mfH0TfRJNEvHcuvZ+ WHc4HD/Vu0sL/APPADfLh158MYb9gUNXtE12PxjGYCj4RsFt0/Fbju9mGl+W/n69 qaRFxZmubutaQ1WCzw== -----END CERTIFICATE-----
CDP CLI reference
CDP CLI reference documentation is now available at https://cloudera.github.io/cdp-dev-docs/cli-docs/.
Documentation for configure lifecycle management for logs on AWS and Azur
To avoid unnecessary costs related to Amazon S3 pr ADLS Gen2 cloud storage, you should create lifecycle management rules for your cloud storage location used by CDP for storing logs so that these logs get deleted once they are no longer useful. See Configure lifecycle management for logs on AWS and Configure lifecycle management for logs on Azure.
Consolidated documentation for restricting admin and end user access for CDP services
Consolidated documentation for restricting admin and end user access for CDP services is now available. Previously these options were only covered in documentation related to specific CDP workload services. See Restricting access for CDP services that create their own security groups on AWS and Restricting access for CDP services that create their own security groups on Azure.
Updated AWS and Azure requirements documentation
AWS and Azure requirements documentation was updated to include more requirements related to Data Engineering, Data Warehouse, and Machine Learning. These requirements were previously only documented in service-specific docs. See updated AWS Requirements and Azure Requirements.