Support Questions

Find answers, ask questions, and share your expertise

Unable to get a Cloudera Data Engineering API access token

avatar
Explorer

Hello,

Following https://docs.cloudera.com/data-engineering/cloud/api-access/topics/cde-api-get-access-token.html I am unable to get a response from the curl command, just hanging. Maybe it would finish with a timeout.

Seems this endpoint is not accessible. Any help to troubleshoot is welcomed.

1 ACCEPTED SOLUTION

avatar
Super Collaborator

Hello @lbourgeois 

 

Apology for the delayed response & Thank You for the details. Internally, I could generate "

HTTP ERROR 403 Forbidden", if I remove DEAdmin & DEUser from the Environment associated with the CDE Service for the User, for which the [User]:[Pass] is being passed. Once the above Privilege were added back to the User at Environment Level & "Synchronize Users" Operation Completed successfully, the Token was available (Wait for ~5 Minutes before retrying the Curl Command). 

 

Kindly review & let us know if the above Step works for you.

 

Regards, Smarak

View solution in original post

6 REPLIES 6

avatar
Super Collaborator

Hello @lbourgeois 

 

Thanks for using Cloudera Community. Based on the Post, you are using to get CDE API Access Token & the Command just hangs. In short, You entered the Workload Password after using your Environment CDE Base URL followed by the KnoxToken Endpoint:

### curl -u <Your-Workload-User> <Your-CDE-Base-URL>/gateway/authtkn/knoxtoken/api/v1/token

 

Kindly confirm if the behavior is Consistent across all CDE Services & all Users. Whether the DataLake (FreeIPA & IDBroker) is Up & Running. Additionally, Confirm the CDE Version being used. 

 

Regards, Smarak

 

[1] https://docs.cloudera.com/data-engineering/cloud/api-access/topics/cde-api-get-access-token.html

 

avatar
Explorer

Hello @smdas,

 

Thanks for your answer. After recreating a new environment I am now able to reach /gateway/authtkn/knoxtoken/api/v1/token endpoint (I guess issue was in subnets connectivity) but now I face another issue : /gateway/authtkn/knoxtoken/api/v1/token endpoint is giving a 401 ERR_INVALID_AUTH_CREDENTIALS.

I then tried to reset my workload user password but got a 404 after submitting the form (same issue was seen with some users in our org but not all) which is now my current blocker to move forward with CDE.

 

Thanks in advance for your help.

 

Laurent

avatar
Explorer

 No curl command is now returning http 401 that's why I wanted te reset my password but when doing so I face a 404 after password reset form submit

avatar
Explorer

Last update : Using a previous password which I think is the current one I bypassde the http 401 and now face a http 403 forbidden when doing : 

 

curl -v -u [user]:[pass] https://service.cde-[...].cloudera.site/gateway/authtkn/knoxtoken/api/v1/token

 

I tried adding my user to Knox ranger policies and resync user with env but no success

avatar
Super Collaborator

Hello @lbourgeois 

 

Apology for the delayed response & Thank You for the details. Internally, I could generate "

HTTP ERROR 403 Forbidden", if I remove DEAdmin & DEUser from the Environment associated with the CDE Service for the User, for which the [User]:[Pass] is being passed. Once the above Privilege were added back to the User at Environment Level & "Synchronize Users" Operation Completed successfully, the Token was available (Wait for ~5 Minutes before retrying the Curl Command). 

 

Kindly review & let us know if the above Step works for you.

 

Regards, Smarak

avatar
Explorer

Hello @smdas,

After having added DEAdmin & DEUser to my user I can now get the token et use jobs REST API.

Thanks for your help.

Regards, Laurent