Support Questions

VR46 · ‎01-20-2016

The way I can automatize kerberization of HDP cluster (here) via curl, I'm wondering if there is a REST api interface to configure Ranger as well. Now, I can see that the Ranger 0.5.0 exposes REST interfaces for Service Definition, Service and Policy Management (link). I'm trying to understand how to make use of these interfaces via curl.

Analysis of the Ranger UI traffic on my 2.3.2 sandbox, tells me that the Ranger UI follows different grammar what is described in the document above. For example, to get service by id, the document instructs to use this request URL:

Request URL : service/public/api/service/{id}

but this doesn't work on sandbox. It fails with this output:

$ curl  -u admin:admin -i -X GET http://127.0.0.1:6080/service/public/api/service/1
HTTP/1.1 404 Not Found
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=C5F2FCA5D32A0521EE4F516C845C9AAD; Path=/; HttpOnly
Content-Length: 0
Date: Wed, 20 Jan 2016 16:19:57 GMT

What works is:

$ curl  -u admin:admin -i -X GET http://127.0.0.1:6080/service/plugins/policies/service/1

To make the matter worse, the document doesn't give an example of how should a complete request URL look like. Maybe I'm using wrong URL totally.

Any help would be appreciated. Thanks.

jstraub · ‎01-20-2016

@Vipin Rathor Great question 🙂 I have implemented a script at one of my customer that is actually adding policies and hdfs directories automatically as soon as a new users joins an AD group, so here is the part about how to use the RestAPI of Ranger to add policies.

HDFS Policy

Template:

{
	"policyName": "name_of_policy",
	"resourceName": "/path1,/path2/blub",
	"description": "",
	"repositoryName": "",
	"repositoryType": "hdfs",
	"isEnabled": "true",
	"isRecursive": "true",
	"isAuditEnabled": "true",
	"permMapList": [{
		"groupList": ["somegroup"],
		"permList": ["Read","Execute", "Write", "Admin"]
	}]
}

Curl:

curl -iv -u <user>:<password> -d @<policy payload> -H "Content-Type: application/json" -X POST http://<RANGER-Host>:6080/service/public/api/policy/

Hive Policy

Template:

{
   "policyName":"name_of_policy",
   "databases":"db1,db2",
   "tables":"mytable,yourtable",
   "columns":"",
   "udfs":"",
   "description":"",
   "repositoryName":"",
   "repositoryType":"hive",
   "tableType":"Inclusion",
   "columnType":"Inclusion",
   "isEnabled":"true",
   "isAuditEnabled":"true",
   "permMapList": [{
		"groupList": ["somegroup"],
		"permList": ["Select"]
	}]
}

Curl:

curl -iv -u <user>:<password> -d @<policy payload> -H "Content-Type: application/json" -X POST http://<RANGER-Host>:6080/service/public/api/policy/

Getting Policies

I just tested the Rest API to get some of my policies from Ranger, it worked. Make sure the Policy ID is valid, otherwise you'll get a "Data not found" error.

Curl

curl -iv -u <user>:<password> -H "Content-type:application/json" -X GET http://horton01.example.com:6080/service/public/api/policy/2

Result:

{
   "id":2,
   "createDate":"2015-11-21T07:03:21Z",
   "updateDate":"2015-12-08T05:54:24Z",
   "owner":"Admin",
   "updatedBy":"Admin",
   "policyName":"Ranger_audits",
   "resourceName":"/apps/solr/ranger_audits",
   "description":"",
   "repositoryName":"bigdata_hadoop",
   "repositoryType":"hdfs",
   "permMapList":[
      {
         "userList":[
            "solr"
         ],
         "groupList":[
         ],
         "permList":[
            "Read",
            "Write",
            "Execute"
         ]
      }
   ],
   "isEnabled":true,
   "isRecursive":true,
   "isAuditEnabled":false,
   "version":"5",
   "replacePerm":false
}

Let me know if you have any questions

View solution in original post

teravaidya · ‎01-06-2017

Hi Vipin, Can you share us the script for adding policies and hdfs directories automatically as soon as a new users joins an AD group.

prashanth_rames · ‎04-05-2017

@Wael Emam and @Vipin Rathor

I faced same API issue as vipin, the document definitely needs a cleaning. I have created a policy using Ranger Rest API and i am trying to delete it by using the document's version

Request URL : "service/public/api/service/{id}"

and i am failing with the error 404.

"curl -iv -u 'D****:********' -X DELETE 'http://myserver.devfg.rbc.com:6080/service/public/api/policy/123'

HTTP/1.1 404 Not Found < Server: Apache-Coyote/1.1 Server: Apache-Coyote/1.1 < X-Frame-Options: DENY X-Frame-Options: DENY < Content-Length: 0 Content-Length: 0 < Date: Wed, 05 Apr 2017 16:58:36 GMT"

But what worked for me is changing the url to

"curl -iv -u 'D****:********' -X DELETE 'http://myserver.devfg.rbc.com:6080/service/plugins/policies/123'

akulkarni1 · ‎04-06-2017

@prashanth ramesh Please check the document REST APIs for Service Definition, Service and Policy Management. The Request URL needs to be "service/public/v2/api/policy/{id}".

Swapnil_patil16 · ‎11-20-2017

@Jonas Straub

Hello I have built a custom ranger plugin. We deploy the plugin by going to Ranger UI. Is there any way do deploy the custom plugin from API/curl Command ?

Cloudera Community

Support Questions

REST api URL to configure Ranger objects