-
Notifications
You must be signed in to change notification settings - Fork 178
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
SAAS-10148: Remediation Guide for GCP Hadoop Secure Mode Enabled Plug…
…in (#634) * Remediation Guide for GCP Dataproc Cluster Labels Added Plugin * Remediation Guide for GCP Hadoop Secure Mode Enabled Plugin * Apply suggestions from code review Co-authored-by: alphadev4 <[email protected]>
- Loading branch information
1 parent
24934d9
commit 8a4b3cc
Showing
15 changed files
with
58 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,25 @@ | ||
| [](https://cloudsploit.com) | ||
|
|
||
| # GOOGLE / Dataproc / Dataproc Cluster Labels Added | ||
|
|
||
| ## Quick Info | ||
|
|
||
| | | | | ||
| |-|-| | ||
| | **Plugin Title** | Dataproc Cluster Labels Added | | ||
| | **Cloud** | GOOGLE | | ||
| | **Category** | Dataproc | | ||
| | **Description** | Ensure that all Dataproc clusters have labels added. | | ||
| | **More Info** | Labels are a lightweight way to group resources together that are related to or associated with each other. It is a best practice to label cloud resources to better organize and gain visibility into their usage. | | ||
| | **GOOGLE Link** | https://cloud.google.com/dataproc/docs/guides/creating-managing-labels | | ||
| | **Recommended Action** | Ensure labels are added to all Dataproc clusters. | | ||
|
|
||
| ## Detailed Remediation Steps | ||
| 1. Log into the Google Cloud Platform Console. | ||
| 2. Scroll down the left navigation panel and choose "Dataproc" to select the "Clusters" option. </br> <img src="/resources/google/dataproc/dataproc-cluster-labels-added/step2.png"> | ||
| 3. On the "Clusters" page, select the cluster which needs to be verified whether it has labels added or not by clicking on the checkbox next to its name.</br> <img src="/resources/google/dataproc/dataproc-cluster-labels-added/step3.png"/> | ||
| 4. From the panel on the right side, select "Labels" and check if there are any labels shown. If not, the cluster does not have labels added.</br> <img src="/resources/google/dataproc/dataproc-cluster-labels-added/step4.png"/> | ||
| 5. Repeat steps number 3-4 to check other clusters in the project.</br> | ||
| 6. Navigate to "Dataproc" and select "Clusters". From the panel on the right side, click on "Labels" and then click on the checkbox next to the name of the "Cluster" which needs to have labels added.</br> <img src="/resources/google/dataproc/dataproc-cluster-labels-added/step4.png"/> | ||
| 7. Click on "Add Label", and add key and value for the label. Add as many labels as you want and then click "Save".</br> <img src="/resources/google/dataproc/dataproc-cluster-labels-added/step7.png"/> | ||
| 8. Repeat steps number 7-8 to add labels to all other clusters in the project.</br> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,33 @@ | ||
| [](https://cloudsploit.com) | ||
|
|
||
| # Google / Dataproc / Hadoop Secure Mode Enabled | ||
|
|
||
| ## Quick Info | ||
|
|
||
| | | | | ||
| |-|-| | ||
| | **Plugin Title** | Hadoop Secure Mode Enabled | | ||
| | **Cloud** | Google | | ||
| | **Category** | Dataproc | | ||
| | **Description** | Ensure that all Dataproc clusters have hadoop secure mode enabled. | | ||
| | **More Info** | Enabling Hadoop secure mode will allow multi-tenancy with security features like isolation, encryption, and user authentication within the cluster. It also enforces all Hadoop services and users to be authenticated via Kerberos Key distribution. | | ||
| | **Google Link** | https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/security | | ||
| | **Recommended Action** | Enable hadoop secure mode for all dataproc clusters. | | ||
|
|
||
| ## Detailed Remediation Steps | ||
| 1. Log into the Google Cloud Platform Console. | ||
| 2. Scroll down the left navigation panel and choose "Dataproc" to select the "Clusters" option. </br> <img src="../../../resources/google/dataproc/hadoop-secure-mode-enabled/step2.png"> | ||
| 3. On the "Clusters" page, select the cluster which needs to be verified whether it has Hadoop Secure Mode enabled or not by clicking on its name.</br> <img src="../../../resources/google/dataproc/hadoop-secure-mode-enabled/step3.png"/> | ||
| 4. On the "Cluster details" page, click on the "Configuration" tab. </br> <img src="../../../resources/google/dataproc/hadoop-secure-mode-enabled/step4.png"/> | ||
| 5. Scroll down and check the value of "Advanced security". If "Advanced security" is "disabled" then the cluster does not have Hadoop Secure Mode enabled.</br> <img src="../../../resources/google/dataproc/hadoop-secure-mode-enabled/step5.png"/> | ||
| 6. Repeat step number 2 - 5 to verify other "Clusters" in the project.</br> | ||
| 7. Navigate to "Dataproc" and choose "Clusters", and click on the name of the "Cluster" that needs to have Hadoop Secure Mode enabled to go to the "Cluster details" page.</br> <img src="../../../resources/google/dataproc/hadoop-secure-mode-enabled/step3.png"/> | ||
| 8. From the "Cluster details" page, collect all the configuration information for the cluster.</br> | ||
| 9. Go back to the "Clusters" page and click the "Create Cluster" button at top.</br> <img src="../../../resources/google/dataproc/hadoop-secure-mode-enabled/step9.png"/> | ||
| 10. On the "Create Cluster" page, add all the configuration information of the old cluster and then click on "Manage Security" tab on the left-side.</br> <img src="../../../resources/google/dataproc/hadoop-secure-mode-enabled/step10.png"/> | ||
| 11. Under "Kerberos and Hadoop Secure Mode", click on the slider next to "Enable" to enable Hadoop Secure Mode for the cluster.</br> <img src="../../../resources/google/dataproc/hadoop-secure-mode-enabled/step11.png"/> | ||
| 12. Click the "Create" button on left side to create a new dataproc cluster with Hadoop Secure Mode enabled.</br> <img src="../../../resources/google/dataproc/hadoop-secure-mode-enabled/step11.png"/> | ||
| 13. Once the new "Cluster" is created, delete the old cluster by clicking on the checkbox next to its name and then clicking on the "Delete" button at the top.</br> <img src="../../../resources/google/dataproc/hadoop-secure-mode-enabled/step13.png"/> | ||
| 14. Confirm the deleteion by clicking on the "Confirm" button in the "Confirm deletion" popup.</br> <img src="../../../resources/google/dataproc/hadoop-secure-mode-enabled/step14.png"/> | ||
| 15. Repeat steps number 7 - 14 to recreate all the Dataproc "Clusters" in the project with Hadoop Secure Mode enabled.</br> | ||
|
|
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.