Community Articles

Find and share helpful community-sourced technical articles.
Labels (1)
avatar
Super Guru

Below article will guide you on how to access Ranger KMS policies via rest api -

1. I have Cluster with Ranger and Ranger KMS installed.

2. From the documentation it is clearly given on "how to access Ranger policies using rest api". Please check the link below -

https://cwiki.apache.org/confluence/display/RANGER/REST+APIs+for+Policy+Management

3. Below is the example for Range rest api GET method -

a.Sample Ranger Policy for HDFS repository in UI is as below -

11105-screen-shot-2017-01-04-at-15750-pm.png

Below is the rest api GET method call which we can use to get the policy as displayed above -

curl -iv -u <username>:<password> -H "Content-type:application/json" -X GET http://localhost:6080/service/public/api/repository/{id}

Eg. In above screenshot my policy id is "2"

curl -iv -u admin:admin -H "Content-type:application/json" -X GET http://localhost:6080/service/public/api/repository/2

4. Below is my Ranger KMS UI with policy -

11106-screen-shot-2017-01-04-at-20130-pm.png

But if you try the same steps for Ranger KMS it will fail -

curl -iv -u <username>:<password> -H "Content-type:application/json" -X GET http://localhost:6080/service/public/api/repository/{id}

Eg. In above screenshot my policy id is "1"

curl -iv -u admin:admin -H "Content-type:application/json" -X GET http://localhost:6080/service/public/api/repository/1

ERROR:

[root@localhost ~]# curl -iv -u admin:admin -H "Content-type:application/json" -X GET http://localhost:6080/service/public/api/repository/1
* About to connect() to khichadi1.openstacklocal port 6080 (#0)
*   Trying 172.26.81.49... connected
* Connected to khichadi1.openstacklocal (172.26.81.49) port 6080 (#0)
* Server auth using Basic with user 'admin'
> GET /service/public/api/repository/1 HTTP/1.1
> Authorization: Basic YWRtaW46YWRtaW4=
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.16.1 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: khichadi1.openstacklocal:6080
> Accept: */*
> Content-type:application/json
> 
< HTTP/1.1 204 No Content
HTTP/1.1 204 No Content
< Server: Apache-Coyote/1.1
Server: Apache-Coyote/1.1
< Set-Cookie: JSESSIONID=30095A2BD0FBFB384F24734183851135; Path=/; HttpOnly
Set-Cookie: JSESSIONID=30095A2BD0FBFB384F24734183851135; Path=/; HttpOnly
< X-Frame-Options: DENY
X-Frame-Options: DENY
< Content-Type: application/json
Content-Type: application/json
< Date: Wed, 04 Jan 2017 08:32:57 GMT
Date: Wed, 04 Jan 2017 08:32:57 GMT
< 
* Connection #0 to host khichadi1.openstacklocal left intact
* Closing connection #0

5. Since the Rest api for Ranger and Ranger KMS is little bit different. Below is how it works -

In above examples instead of /service/public/api/repository/{id} you need to use /service/plugins/policies/{id} for Ranger KMS

6. Below is the sample example for GET method for Ranger KMS -

curl -iv -u <username>:<password> -H "Content-type:application/json" -X GET http://localhost:6080/service/plugins/policies/{id}

Eg. In above screenshot my policy id is "1"

curl -iv -u admin:admin -H "Content-type:application/json" -X GET http://localhost:6080/service/plugins/policies/1

For rest of the method like create/update/delete you can use above examples replacing the method type. Refer example for details on - https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+0.6+-+REST+APIs+for+Service+Definit...

Do modify accordingly for Ranger KMS rest api for above examples in link.

Let me know if you have any questions for above article. Thanks.

3,243 Views