Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

How to delete users synced in ambari server

Solved Go to solution
Highlighted

How to delete users synced in ambari server

Rising Star
 
1 ACCEPTED SOLUTION

Accepted Solutions

Re: How to delete users synced in ambari server

Guru

You can script it using the following python script [delete_users.py]:

import sys,json
from string import Template 
password='admin'
ambari_host='revo5.hortonworks.local'
request = Template("echo 'Removing $user_name'\ncurl --insecure -u admin:$password -H 'X-Requested-By: ambari' -X DELETE http://$ambari_host:8080/api/v1/users/$user_name")
payload = json.load(sys.stdin)
for user in payload["items"]:
    if user["Users"]["ldap_user"]:
        print request.substitute(password=password,ambari_host=ambari_host,user_name=user["Users"]["user_name"])

$ curl -u admin:admin 'http://revo5.hortonworks.local:8080/api/v1/users/?Users/user_name.matches%28.*.*%29&fields=*' > users.json

$ cat users.json | python delete_users.py > delete_users.sh

The python script will output an echo statement for the username and a curl request delete each LDAP user. You can review that shell script as it will have all of the individual curl commands to delete the LDAP users that have been sync'd into Ambari. Once you're comfortable with the list you can run it with bash and observe the process.

$ bash delete_users.sh

6 REPLIES 6

Re: How to delete users synced in ambari server

Re: How to delete users synced in ambari server

Rising Star

How to delete all LDAP users alone using REST API ? we have 250,000 LDAP users. Cannot remove individually.

Other option : Will deleting the users from database table "users" solve this ? Does the table have any dependencies or constraints that we need to take care.

Re: How to delete users synced in ambari server

@nbalaji-elangovan There is jira opened by @Paul Codding to delete users from CLI

Re: How to delete users synced in ambari server

Guru

You can script it using the following python script [delete_users.py]:

import sys,json
from string import Template 
password='admin'
ambari_host='revo5.hortonworks.local'
request = Template("echo 'Removing $user_name'\ncurl --insecure -u admin:$password -H 'X-Requested-By: ambari' -X DELETE http://$ambari_host:8080/api/v1/users/$user_name")
payload = json.load(sys.stdin)
for user in payload["items"]:
    if user["Users"]["ldap_user"]:
        print request.substitute(password=password,ambari_host=ambari_host,user_name=user["Users"]["user_name"])

$ curl -u admin:admin 'http://revo5.hortonworks.local:8080/api/v1/users/?Users/user_name.matches%28.*.*%29&fields=*' > users.json

$ cat users.json | python delete_users.py > delete_users.sh

The python script will output an echo statement for the username and a curl request delete each LDAP user. You can review that shell script as it will have all of the individual curl commands to delete the LDAP users that have been sync'd into Ambari. Once you're comfortable with the list you can run it with bash and observe the process.

$ bash delete_users.sh

Re: How to delete users synced in ambari server

Thanks @Paul Codding. This needs to go into offical docs :)

Re: How to delete users synced in ambari server

New Contributor

Paul Coddling solution worked for me. I am using HDP 3.0.1 and was able to use this solution to remove over 800 users via the REST API.


I did have 2 conditions that I had to resolve manually:

1) for users with a $ in their name I had to escape them in the delete_users.sh script. So '...users/$somenamehere' becomes '...users/\$somenamehere'. I had 95 of these so I used vi to do a search and replace like this:

:%s/users\/\$/users\/\\$/g
2) This didn't work for users with a space in the name. I only had one like this so I replaced the space with a %20 and executed the curl command manually.


If someone had the time they could pull the statement to recreate the users.json into the python script, loop through them all and edit the names if needed and then execute the python statement. But I got this to work pretty quickly and didn't mind making the manual changes.