Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

How to use the Ranger Rest API for creating ranger policy.

Labels:
avatar
author-rank pragya_bigdata
Explorer

Created ‎08-07-2017 08:40 AM

Hello I am trying to create policy using rest api, but I am always getting 404 Not Found error.

curl -iv -X POST -H "Content-type:application/json" -H "Accept:application/json" -u '********' https://<hostname of the edge>:6080/service/plugins/policies -d test.json

I enter the password, but after that I am getting the above error.

This error only come during POST but not during GET / DELETE, in that case it is working fine for us.

10,505 Views
0 Kudos
4 REPLIES 4

avatar
author-rank agillan author-rank
Guru

Created ‎08-07-2017 10:29 AM

Hi @Pragya Raj - the URL you pasted there doesn't seem quite right based on this documentation. Which version of HDP/Ranger are you using?

As you can see, that doc indicates the URL is service/public/v2/api/policy. However, this is for Ranger 0.5, which is in HDP versions 2.3+

If you are running Ranger 0.5 as per the above, can you try that URL and let us know if it works?

EDIT: Just rereading, I realise you are probably trying to import a set of policies? Or are you just doing one? If just creating one new one, you use the statement I said above, but if you want to import a set of policies that you exported from another cluster, you do this, according to this documentation. Note the "servicesMap" distinctions and the "multipart"

Import Policies through curl

  1. To Import policies from JSON file without servicesMap curl -i -X POST -H "Content-Type: multipart/form-data" -F 'file=@/path/file.json' -u admin:admin http://<hostname>:<ranger-port>/service/plugins/policies/importPoliciesFromFile?isOverride=true
  2. To Import policies from JSON file with servicesMapcurl -i -X POST -H "Content-Type: multipart/form-data" -F 'file=@/path/file.json' -F ‘servicesMapJson=@/path/servicesMapping.json’ -u admin:admin http://<hostname>:<ranger-port>/service/plugins/policies/importPoliciesFromFile?isOverride=true

EDIT2: When passing in a file as a parameter in the -d flag, you must do @/path/file.json (note the @ symbol)

8,826 Views
0 Kudos

avatar
author-rank srinivasp
Contributor

Created ‎07-05-2021 05:01 AM

Hi,

I have a requirement like, i need to create hive policy with two groups .one group with "ALL" permissions to some "x" user and 2nd group with "select" permission to "y" user.

 

i have created policy through REST APi with one group but with "all" permissions but how to mention 2nd group with "select" permission in same create policy command.

 

Thanks in advance!

 

 

Srini Podili

6,248 Views
0 Kudos

avatar
author-rank pragya_bigdata
Explorer

Created ‎08-07-2017 12:21 PM

Dear Ana,

Thanks for the reply,

The current version if ranger is 0.6.0.2.5 and HDP - 2.5.0.0.

I have followed the documentation which you have posted, and tried to change the url based on the ranger version 0.6, but I am still getting the same issue of 404 not found. Below is the url detail.

curl -iv -X POST -H "Content-type:application/json" -H "Accept:application/json" -u '********' https://<hostname of the edge>:6080/service/public/v2/api/policy -d test.json.

Below is the response output:

==========================================

Note: Unnecessary use of -X or --request, POST is already inferred. * Trying 127.0.0.1... * Connected to 127.0.0.1 (127.0.0.1) port 3128 (#0) * Establish HTTP proxy tunnel to <edge host ip>:6080 * Server auth using Basic with user 'raj504' > CONNECT <edge host ip>:6080 HTTP/1.1 > Host: <edge host ip>:6080 > User-Agent: curl/7.49.1 > < HTTP/1.1 200 Connection established HTTP/1.1 200 Connection established < * Proxy replied OK to CONNECT request * TLS 1.2 connection using TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 * Server certificate: <edge host ip> * Server certificate: *******. Private CA * Server auth using Basic with user 'raj504' > POST /service/public/v2/api/policy HTTP/1.1 > Host: <edge host ip>:6080 > Authorization: Basic cmFqNTA0OlJBbWExOTg0QCo= > User-Agent: curl/7.49.1 > Content-type:application/json > Accept:application/json > Content-Length: 9 > * upload completely sent off: 9 out of 9 bytes < HTTP/1.1 404 Not Found HTTP/1.1 404 Not Found < Server: Apache-Coyote/1.1 Server: Apache-Coyote/1.1 < Set-Cookie: RANGERADMINSESSIONID=AF78310CA9D2C433B349ED5767928211; Path=/; Secure; HttpOnly Set-Cookie: RANGERADMINSESSIONID=AF78310CA9D2C433B349ED5767928211; Path=/; Secure; HttpOnly < WWW-Authenticate: Negotiate WWW-Authenticate: Negotiate < Set-Cookie: hadoop.auth=; Path=/; Domain=<edge host ip>; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Secure; HttpOnly Set-Cookie: hadoop.auth=; Path=/; Domain=<edge host ip>; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Secure; HttpOnly < X-Frame-Options: DENY X-Frame-Options: DENY < Content-Length: 0 Content-Length: 0 < Date: Mon, 07 Aug 2017 10:58:03 GMT Date: Mon, 07 Aug 2017 10:58:03 GMT < * Connection #0 to host 127.0.0.1 left intact

==================================================================

I was getting the same error when I was using /service/plugins/policies while doing POST.

This issue only happens during POST, however when I try to do GET / DELETE it works fine, as I am able to retrieve the details of the policy from the ranger and I am also able to delete the policy.

Not sure, where I am getting it wrong during the POST?

8,826 Views
0 Kudos

avatar
author-rank agillan author-rank
Guru

Created ‎08-07-2017 03:56 PM

Ah yes - I was getting the same behaviour, but then i realised if you are uploading a file with the -d command, you have to do @ before the file name. This command worked for me on Ranger 0.6 on HDP 2.5.0....

curl -iv -X POST -H "Content-type:application/json" -u 'admin:admin' -d @test.json http://`hostname`:6080/service/public/api/policy
8,826 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements