Below article will guide you on how to access Ranger KMS policies via rest api -
1. I have Cluster with Ranger and Ranger KMS installed.
2. From the documentation it is clearly given on "how to access Ranger policies using rest api". Please check the link below -
https://cwiki.apache.org/confluence/display/RANGER/REST+APIs+for+Policy+Management
3. Below is the example for Range rest api GET method -
a.Sample Ranger Policy for HDFS repository in UI is as below -
Below is the rest api GET method call which we can use to get the policy as displayed above -
curl -iv -u <username>:<password> -H "Content-type:application/json" -X GET http://localhost:6080/service/public/api/repository/{id} Eg. In above screenshot my policy id is "2" curl -iv -u admin:admin -H "Content-type:application/json" -X GET http://localhost:6080/service/public/api/repository/2
4. Below is my Ranger KMS UI with policy -
But if you try the same steps for Ranger KMS it will fail -
curl -iv -u <username>:<password> -H "Content-type:application/json" -X GET http://localhost:6080/service/public/api/repository/{id} Eg. In above screenshot my policy id is "1" curl -iv -u admin:admin -H "Content-type:application/json" -X GET http://localhost:6080/service/public/api/repository/1
ERROR:
[root@localhost ~]# curl -iv -u admin:admin -H "Content-type:application/json" -X GET http://localhost:6080/service/public/api/repository/1 * About to connect() to khichadi1.openstacklocal port 6080 (#0) * Trying 172.26.81.49... connected * Connected to khichadi1.openstacklocal (172.26.81.49) port 6080 (#0) * Server auth using Basic with user 'admin' > GET /service/public/api/repository/1 HTTP/1.1 > Authorization: Basic YWRtaW46YWRtaW4= > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.16.1 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2 > Host: khichadi1.openstacklocal:6080 > Accept: */* > Content-type:application/json > < HTTP/1.1 204 No Content HTTP/1.1 204 No Content < Server: Apache-Coyote/1.1 Server: Apache-Coyote/1.1 < Set-Cookie: JSESSIONID=30095A2BD0FBFB384F24734183851135; Path=/; HttpOnly Set-Cookie: JSESSIONID=30095A2BD0FBFB384F24734183851135; Path=/; HttpOnly < X-Frame-Options: DENY X-Frame-Options: DENY < Content-Type: application/json Content-Type: application/json < Date: Wed, 04 Jan 2017 08:32:57 GMT Date: Wed, 04 Jan 2017 08:32:57 GMT < * Connection #0 to host khichadi1.openstacklocal left intact * Closing connection #0
5. Since the Rest api for Ranger and Ranger KMS is little bit different. Below is how it works -
In above examples instead of /service/public/api/repository/{id} you need to use /service/plugins/policies/{id} for Ranger KMS6. Below is the sample example for GET method for Ranger KMS -
curl -iv -u <username>:<password> -H "Content-type:application/json" -X GET http://localhost:6080/service/plugins/policies/{id} Eg. In above screenshot my policy id is "1" curl -iv -u admin:admin -H "Content-type:application/json" -X GET http://localhost:6080/service/plugins/policies/1
For rest of the method like create/update/delete you can use above examples replacing the method type. Refer example for details on - https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+0.6+-+REST+APIs+for+Service+Definit...
Do modify accordingly for Ranger KMS rest api for above examples in link.
Let me know if you have any questions for above article. Thanks.
