Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Please see the Cloudera blog for information on the Cloudera Response to CVE-2021-4428

Update policy REST request fails

New Contributor

I have created a policy object in Ranger with

curl -iv -u admin:admin  -H "Content-Type: application/json" -d @hdfs-create-policy.payload -X POST http://192.168.26.111:6080/service/public/v2/api/policy

and I'm trying to modify that entry (adding permissions) using the update policy by service-name and policy-name which fails.

 # curl -iv -u admin:admin  -H "Content-Type: application/json" -d @hdfs-update-policy-by-name.payload -X PUT http://192.168.26.111:6080/service/public/v2/api/Sandbox_hdfs/policy/appaccess
* About to connect() to 192.168.26.111 port 6080 (#0)
*   Trying 192.168.26.111... connected
* Connected to 192.168.26.111 (192.168.26.111) port 6080 (#0)
* Server auth using Basic with user 'admin'
> PUT /service/public/v2/api/Sandbox_hdfs/policy/appaccess HTTP/1.1
> Authorization: Basic YWRtaW46YWRtaW4=
> User-Agent: curl/7.19.7 (x86_64-suse-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8j zlib/1.2.7 libidn/1.10
> Host: 192.168.26.111:6080
> Accept: */*
> Content-Type: application/json
> Content-Length: 760
>
< HTTP/1.1 404 Not Found
HTTP/1.1 404 Not Found
< Server: Apache-Coyote/1.1
Server: Apache-Coyote/1.1
< Set-Cookie: JSESSIONID=125E35576B917EC0F85ED9BEAC80DF72; Path=/; HttpOnly
Set-Cookie: JSESSIONID=125E35576B917EC0F85ED9BEAC80DF72; Path=/; HttpOnly
< X-Frame-Options: DENY
X-Frame-Options: DENY
< Content-Length: 0
Content-Length: 0
< Date: Tue, 19 Jul 2016 18:47:53 GMT
Date: Tue, 19 Jul 2016 18:47:53 GMT
<
* Connection #0 to host 192.168.26.111 left intact
* Closing connection #0

There is nothing at all helpful in the log. Can someone suggest what is the issue here? I'm at total loss 😞 TIA.

The payload for policy creation is:

{
    "isEnabled":true,
    "version":1,
    "service":"Sandbox_hdfs",
    "name":"appaccess",
    "description":"This policy to test Apache Ranger API",
    "isAuditEnabled":true,
    "resources":{
         "path":{
            "isRecursive":true,
            "values":["/app/*"],
            "isExcludes":false
         }
    },
    "policyItems":[
       {
         "users":[],
         "groups":["public","hadoop"],
         "delegateAdmin":true,
         "accesses":[
             {"isAllowed":true,"type":"read"},
             {"isAllowed":true,"type":"write"},
             {"isAllowed":true,"type":"execute"}
         ],
         "conditions":[]
       }
    ]
}

The payload for modify request is:

{
    "isEnabled":true,
    "version":1,
    "service":"Sandbox_hdfs",
    "name":"appaccess",
    "description":"This policy to test Apache Ranger API",
    "isAuditEnabled":true,
    "resources":{
         "path":{
            "isRecursive":true,
            "values":["/app/*"],
            "isExcludes":false
         }
    },
    "policyItems":[
        {
            "users":[],
            "groups":["hadoop"],
            "delegateAdmin":true,
            "accesses":[
                {"isAllowed":true,"type":"read"},
                {"isAllowed":true,"type":"write"},
                {"isAllowed":true,"type":"execute"}
                ]
            ,"conditions":[]
        }
        {
            "users":[],
            "groups":["users"],
            "delegateAdmin":true,
            "accesses":[
                {"isAllowed":true,"type":"read"}
                ]
            ,"conditions":[]
        }
    ]
}
2 REPLIES 2

New Contributor

I just noticed that the delete by service-name and policy-name also fails:

#  curl -iv -u admin:admin -X DELETE  http://192.168.26.111:6080/service/public/v2/api/Sandbox_hdfs/policy/appaccess
* About to connect() to 192.168.26.111 port 6080 (#0)
*   Trying 192.168.26.111... connected
* Connected to 192.168.26.111 (192.168.26.111) port 6080 (#0)
* Server auth using Basic with user 'admin'
> DELETE /service/public/v2/api/Sandbox_hdfs/policy/appaccess HTTP/1.1
> Authorization: Basic YWRtaW46YWRtaW4=
> User-Agent: curl/7.19.7 (x86_64-suse-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8j zlib/1.2.7 libidn/1.10
> Host: 192.168.26.111:6080
> Accept: */*
>
< HTTP/1.1 404 Not Found
HTTP/1.1 404 Not Found
< Server: Apache-Coyote/1.1
Server: Apache-Coyote/1.1
< Set-Cookie: JSESSIONID=1F27D7099E3B3134E02F888400F5C202; Path=/; HttpOnly
Set-Cookie: JSESSIONID=1F27D7099E3B3134E02F888400F5C202; Path=/; HttpOnly
< X-Frame-Options: DENY
X-Frame-Options: DENY
< Content-Length: 0
Content-Length: 0
< Date: Tue, 19 Jul 2016 19:17:51 GMT
Date: Tue, 19 Jul 2016 19:17:51 GMT
<
* Connection #0 to host 192.168.26.111 left intact
* Closing connection #0

Explorer

Hi, did you try with this URL ?

service/public/v2/api/service/{service-name}/policy/{policy-name}