Community Articles
Find and share helpful community-sourced technical articles
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.
Labels (1)

Below article will guide you on how to access Ranger KMS policies via rest api -

1. I have Cluster with Ranger and Ranger KMS installed.

2. From the documentation it is clearly given on "how to access Ranger policies using rest api". Please check the link below -

https://cwiki.apache.org/confluence/display/RANGER/REST+APIs+for+Policy+Management

3. Below is the example for Range rest api GET method -

a.Sample Ranger Policy for HDFS repository in UI is as below -

11105-screen-shot-2017-01-04-at-15750-pm.png

Below is the rest api GET method call which we can use to get the policy as displayed above -

curl -iv -u <username>:<password> -H "Content-type:application/json" -X GET http://localhost:6080/service/public/api/repository/{id}

Eg. In above screenshot my policy id is "2"

curl -iv -u admin:admin -H "Content-type:application/json" -X GET http://localhost:6080/service/public/api/repository/2

4. Below is my Ranger KMS UI with policy -

11106-screen-shot-2017-01-04-at-20130-pm.png

But if you try the same steps for Ranger KMS it will fail -

curl -iv -u <username>:<password> -H "Content-type:application/json" -X GET http://localhost:6080/service/public/api/repository/{id}

Eg. In above screenshot my policy id is "1"

curl -iv -u admin:admin -H "Content-type:application/json" -X GET http://localhost:6080/service/public/api/repository/1

ERROR:

[root@localhost ~]# curl -iv -u admin:admin -H "Content-type:application/json" -X GET http://localhost:6080/service/public/api/repository/1
* About to connect() to khichadi1.openstacklocal port 6080 (#0)
*   Trying 172.26.81.49... connected
* Connected to khichadi1.openstacklocal (172.26.81.49) port 6080 (#0)
* Server auth using Basic with user 'admin'
> GET /service/public/api/repository/1 HTTP/1.1
> Authorization: Basic YWRtaW46YWRtaW4=
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.16.1 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: khichadi1.openstacklocal:6080
> Accept: */*
> Content-type:application/json
> 
< HTTP/1.1 204 No Content
HTTP/1.1 204 No Content
< Server: Apache-Coyote/1.1
Server: Apache-Coyote/1.1
< Set-Cookie: JSESSIONID=30095A2BD0FBFB384F24734183851135; Path=/; HttpOnly
Set-Cookie: JSESSIONID=30095A2BD0FBFB384F24734183851135; Path=/; HttpOnly
< X-Frame-Options: DENY
X-Frame-Options: DENY
< Content-Type: application/json
Content-Type: application/json
< Date: Wed, 04 Jan 2017 08:32:57 GMT
Date: Wed, 04 Jan 2017 08:32:57 GMT
< 
* Connection #0 to host khichadi1.openstacklocal left intact
* Closing connection #0

5. Since the Rest api for Ranger and Ranger KMS is little bit different. Below is how it works -

In above examples instead of /service/public/api/repository/{id} you need to use /service/plugins/policies/{id} for Ranger KMS

6. Below is the sample example for GET method for Ranger KMS -

curl -iv -u <username>:<password> -H "Content-type:application/json" -X GET http://localhost:6080/service/plugins/policies/{id}

Eg. In above screenshot my policy id is "1"

curl -iv -u admin:admin -H "Content-type:application/json" -X GET http://localhost:6080/service/plugins/policies/1

For rest of the method like create/update/delete you can use above examples replacing the method type. Refer example for details on - https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+0.6+-+REST+APIs+for+Service+Definit...

Do modify accordingly for Ranger KMS rest api for above examples in link.

Let me know if you have any questions for above article. Thanks.

1,767 Views
Don't have an account?
Coming from Hortonworks? Activate your account here
Version history
Revision #:
2 of 2
Last update:
‎08-17-2019 06:10 AM
Updated by:
 
Contributors
Top Kudoed Authors