Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

How to use the Ranger Rest API for creating ranger policy.

Highlighted

How to use the Ranger Rest API for creating ranger policy.

New Contributor

Hello I am trying to create policy using rest api, but I am always getting 404 Not Found error.

curl -iv -X POST -H "Content-type:application/json" -H "Accept:application/json" -u '********' https://<hostname of the edge>:6080/service/plugins/policies -d test.json

I enter the password, but after that I am getting the above error.

This error only come during POST but not during GET / DELETE, in that case it is working fine for us.

3 REPLIES 3

Re: How to use the Ranger Rest API for creating ranger policy.

Hi @Pragya Raj - the URL you pasted there doesn't seem quite right based on this documentation. Which version of HDP/Ranger are you using?

As you can see, that doc indicates the URL is service/public/v2/api/policy. However, this is for Ranger 0.5, which is in HDP versions 2.3+

If you are running Ranger 0.5 as per the above, can you try that URL and let us know if it works?

EDIT: Just rereading, I realise you are probably trying to import a set of policies? Or are you just doing one? If just creating one new one, you use the statement I said above, but if you want to import a set of policies that you exported from another cluster, you do this, according to this documentation. Note the "servicesMap" distinctions and the "multipart"

Import Policies through curl

  1. To Import policies from JSON file without servicesMap curl -i -X POST -H "Content-Type: multipart/form-data" -F 'file=@/path/file.json' -u admin:admin http://<hostname>:<ranger-port>/service/plugins/policies/importPoliciesFromFile?isOverride=true
  2. To Import policies from JSON file with servicesMapcurl -i -X POST -H "Content-Type: multipart/form-data" -F 'file=@/path/file.json' -F ‘servicesMapJson=@/path/servicesMapping.json’ -u admin:admin http://<hostname>:<ranger-port>/service/plugins/policies/importPoliciesFromFile?isOverride=true

EDIT2: When passing in a file as a parameter in the -d flag, you must do @/path/file.json (note the @ symbol)

Highlighted

Re: How to use the Ranger Rest API for creating ranger policy.

New Contributor

Dear Ana,

Thanks for the reply,

The current version if ranger is 0.6.0.2.5 and HDP - 2.5.0.0.

I have followed the documentation which you have posted, and tried to change the url based on the ranger version 0.6, but I am still getting the same issue of 404 not found. Below is the url detail.

curl -iv -X POST -H "Content-type:application/json" -H "Accept:application/json" -u '********' https://<hostname of the edge>:6080/service/public/v2/api/policy -d test.json.

Below is the response output:

==========================================

Note: Unnecessary use of -X or --request, POST is already inferred. * Trying 127.0.0.1... * Connected to 127.0.0.1 (127.0.0.1) port 3128 (#0) * Establish HTTP proxy tunnel to <edge host ip>:6080 * Server auth using Basic with user 'raj504' > CONNECT <edge host ip>:6080 HTTP/1.1 > Host: <edge host ip>:6080 > User-Agent: curl/7.49.1 > < HTTP/1.1 200 Connection established HTTP/1.1 200 Connection established < * Proxy replied OK to CONNECT request * TLS 1.2 connection using TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 * Server certificate: <edge host ip> * Server certificate: *******. Private CA * Server auth using Basic with user 'raj504' > POST /service/public/v2/api/policy HTTP/1.1 > Host: <edge host ip>:6080 > Authorization: Basic cmFqNTA0OlJBbWExOTg0QCo= > User-Agent: curl/7.49.1 > Content-type:application/json > Accept:application/json > Content-Length: 9 > * upload completely sent off: 9 out of 9 bytes < HTTP/1.1 404 Not Found HTTP/1.1 404 Not Found < Server: Apache-Coyote/1.1 Server: Apache-Coyote/1.1 < Set-Cookie: RANGERADMINSESSIONID=AF78310CA9D2C433B349ED5767928211; Path=/; Secure; HttpOnly Set-Cookie: RANGERADMINSESSIONID=AF78310CA9D2C433B349ED5767928211; Path=/; Secure; HttpOnly < WWW-Authenticate: Negotiate WWW-Authenticate: Negotiate < Set-Cookie: hadoop.auth=; Path=/; Domain=<edge host ip>; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Secure; HttpOnly Set-Cookie: hadoop.auth=; Path=/; Domain=<edge host ip>; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Secure; HttpOnly < X-Frame-Options: DENY X-Frame-Options: DENY < Content-Length: 0 Content-Length: 0 < Date: Mon, 07 Aug 2017 10:58:03 GMT Date: Mon, 07 Aug 2017 10:58:03 GMT < * Connection #0 to host 127.0.0.1 left intact

==================================================================

I was getting the same error when I was using /service/plugins/policies while doing POST.

This issue only happens during POST, however when I try to do GET / DELETE it works fine, as I am able to retrieve the details of the policy from the ranger and I am also able to delete the policy.

Not sure, where I am getting it wrong during the POST?

Highlighted

Re: How to use the Ranger Rest API for creating ranger policy.

Ah yes - I was getting the same behaviour, but then i realised if you are uploading a file with the -d command, you have to do @ before the file name. This command worked for me on Ranger 0.6 on HDP 2.5.0....

curl -iv -X POST -H "Content-type:application/json" -u 'admin:admin' -d @test.json http://`hostname`:6080/service/public/api/policy
Don't have an account?
Coming from Hortonworks? Activate your account here