Support Questions
Find answers, ask questions, and share your expertise
Announcements
Check out our newest addition to the community, the Cloudera Innovation Accelerator group hub.

How to use the Ranger Rest API for creating ranger policy.

New Contributor

Hello I am trying to create policy using rest api, but I am always getting 404 Not Found error.

curl -iv -X POST -H "Content-type:application/json" -H "Accept:application/json" -u '********' https://<hostname of the edge>:6080/service/plugins/policies -d test.json

I enter the password, but after that I am getting the above error.

This error only come during POST but not during GET / DELETE, in that case it is working fine for us.

4 REPLIES 4

Hi @Pragya Raj - the URL you pasted there doesn't seem quite right based on this documentation. Which version of HDP/Ranger are you using?

As you can see, that doc indicates the URL is service/public/v2/api/policy. However, this is for Ranger 0.5, which is in HDP versions 2.3+

If you are running Ranger 0.5 as per the above, can you try that URL and let us know if it works?

EDIT: Just rereading, I realise you are probably trying to import a set of policies? Or are you just doing one? If just creating one new one, you use the statement I said above, but if you want to import a set of policies that you exported from another cluster, you do this, according to this documentation. Note the "servicesMap" distinctions and the "multipart"

Import Policies through curl

  1. To Import policies from JSON file without servicesMap curl -i -X POST -H "Content-Type: multipart/form-data" -F 'file=@/path/file.json' -u admin:admin http://<hostname>:<ranger-port>/service/plugins/policies/importPoliciesFromFile?isOverride=true
  2. To Import policies from JSON file with servicesMapcurl -i -X POST -H "Content-Type: multipart/form-data" -F 'file=@/path/file.json' -F ‘servicesMapJson=@/path/servicesMapping.json’ -u admin:admin http://<hostname>:<ranger-port>/service/plugins/policies/importPoliciesFromFile?isOverride=true

EDIT2: When passing in a file as a parameter in the -d flag, you must do @/path/file.json (note the @ symbol)

Contributor

Hi,

I have a requirement like, i need to create hive policy with two groups .one group with "ALL" permissions to some "x" user and 2nd group with "select" permission to "y" user.

 

i have created policy through REST APi with one group but with "all" permissions but how to mention 2nd group with "select" permission in same create policy command.

 

Thanks in advance!

 

 

Srini Podili

New Contributor

Dear Ana,

Thanks for the reply,

The current version if ranger is 0.6.0.2.5 and HDP - 2.5.0.0.

I have followed the documentation which you have posted, and tried to change the url based on the ranger version 0.6, but I am still getting the same issue of 404 not found. Below is the url detail.

curl -iv -X POST -H "Content-type:application/json" -H "Accept:application/json" -u '********' https://<hostname of the edge>:6080/service/public/v2/api/policy -d test.json.

Below is the response output:

==========================================

Note: Unnecessary use of -X or --request, POST is already inferred. * Trying 127.0.0.1... * Connected to 127.0.0.1 (127.0.0.1) port 3128 (#0) * Establish HTTP proxy tunnel to <edge host ip>:6080 * Server auth using Basic with user 'raj504' > CONNECT <edge host ip>:6080 HTTP/1.1 > Host: <edge host ip>:6080 > User-Agent: curl/7.49.1 > < HTTP/1.1 200 Connection established HTTP/1.1 200 Connection established < * Proxy replied OK to CONNECT request * TLS 1.2 connection using TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 * Server certificate: <edge host ip> * Server certificate: *******. Private CA * Server auth using Basic with user 'raj504' > POST /service/public/v2/api/policy HTTP/1.1 > Host: <edge host ip>:6080 > Authorization: Basic cmFqNTA0OlJBbWExOTg0QCo= > User-Agent: curl/7.49.1 > Content-type:application/json > Accept:application/json > Content-Length: 9 > * upload completely sent off: 9 out of 9 bytes < HTTP/1.1 404 Not Found HTTP/1.1 404 Not Found < Server: Apache-Coyote/1.1 Server: Apache-Coyote/1.1 < Set-Cookie: RANGERADMINSESSIONID=AF78310CA9D2C433B349ED5767928211; Path=/; Secure; HttpOnly Set-Cookie: RANGERADMINSESSIONID=AF78310CA9D2C433B349ED5767928211; Path=/; Secure; HttpOnly < WWW-Authenticate: Negotiate WWW-Authenticate: Negotiate < Set-Cookie: hadoop.auth=; Path=/; Domain=<edge host ip>; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Secure; HttpOnly Set-Cookie: hadoop.auth=; Path=/; Domain=<edge host ip>; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Secure; HttpOnly < X-Frame-Options: DENY X-Frame-Options: DENY < Content-Length: 0 Content-Length: 0 < Date: Mon, 07 Aug 2017 10:58:03 GMT Date: Mon, 07 Aug 2017 10:58:03 GMT < * Connection #0 to host 127.0.0.1 left intact

==================================================================

I was getting the same error when I was using /service/plugins/policies while doing POST.

This issue only happens during POST, however when I try to do GET / DELETE it works fine, as I am able to retrieve the details of the policy from the ranger and I am also able to delete the policy.

Not sure, where I am getting it wrong during the POST?

Ah yes - I was getting the same behaviour, but then i realised if you are uploading a file with the -d command, you have to do @ before the file name. This command worked for me on Ranger 0.6 on HDP 2.5.0....

curl -iv -X POST -H "Content-type:application/json" -u 'admin:admin' -d @test.json http://`hostname`:6080/service/public/api/policy