KerberosConfig(mapping=None, *, ignore_unknown_fields=False, **kwargs)
Specifies Kerberos related configuration.
Attributes | |
---|---|
Name | Description |
enable_kerberos |
bool
Optional. Flag to indicate whether to Kerberize the cluster (default: false). Set this field to true to enable Kerberos on a cluster. |
root_principal_password_uri |
str
Required. The Cloud Storage URI of a KMS encrypted file containing the root principal password. |
kms_key_uri |
str
Required. The uri of the KMS key used to encrypt various sensitive files. |
keystore_uri |
str
Optional. The Cloud Storage URI of the keystore file used for SSL encryption. If not provided, Dataproc will provide a self-signed certificate. |
truststore_uri |
str
Optional. The Cloud Storage URI of the truststore file used for SSL encryption. If not provided, Dataproc will provide a self-signed certificate. |
keystore_password_uri |
str
Optional. The Cloud Storage URI of a KMS encrypted file containing the password to the user provided keystore. For the self-signed certificate, this password is generated by Dataproc. |
key_password_uri |
str
Optional. The Cloud Storage URI of a KMS encrypted file containing the password to the user provided key. For the self-signed certificate, this password is generated by Dataproc. |
truststore_password_uri |
str
Optional. The Cloud Storage URI of a KMS encrypted file containing the password to the user provided truststore. For the self-signed certificate, this password is generated by Dataproc. |
cross_realm_trust_realm |
str
Optional. The remote realm the Dataproc on- luster KDC will trust, should the user enable cross realm trust. |
cross_realm_trust_kdc |
str
Optional. The KDC (IP or hostname) for the remote trusted realm in a cross realm trust relationship. |
cross_realm_trust_admin_server |
str
Optional. The admin server (IP or hostname) for the remote trusted realm in a cross realm trust relationship. |
cross_realm_trust_shared_password_uri |
str
Optional. The Cloud Storage URI of a KMS encrypted file containing the shared password between the on-cluster Kerberos realm and the remote trusted realm, in a cross realm trust relationship. |
kdc_db_key_uri |
str
Optional. The Cloud Storage URI of a KMS encrypted file containing the master key of the KDC database. |
tgt_lifetime_hours |
int
Optional. The lifetime of the ticket granting ticket, in hours. If not specified, or user specifies 0, then default value 10 will be used. |
realm |
str
Optional. The name of the on-cluster Kerberos realm. If not specified, the uppercased domain of hostnames will be the realm. |