How to export the Ranger policy
Article ID: 295021
Updated On:
Products
Services Suite
Issue/Introduction
In order to upgrade the system or to migrate, it is required to export existing policies in the Ranger. This article provides the procedure to export Ranger policies through the Ranger API.
Environment
Resolution
An API call can be used to export Ranger policies.
In Ranger 0.5 and greater:
curl -ivk -H "Content-type:application/json" -u <Ranger admin user name>:<password> http://<Ranger admin host>:<Ranger service port>/service/plugins/policies/download/<policy name>
In Ranger 0.4:
curl -ivk -H "Content-type:application/json" -u<Ranger admin user name>:<password> http://<Ranger admin host>:<Ranger service port>/service/public/api/policy
Examples
- Ranger 0.5+
[root@admin ~]# curl -ivk -H "Content-type:application/json" -u admin:admin http://admin.hadoop.local:6080/service/plugins/policies/download/hdfs_test_1
* About to connect() to admin.hadoop.local port 6080 (#0)
* Trying 192.168.4.50... connected
* Connected to admin.hadoop.local (192.168.4.50) port 6080 (#0)
* Server auth using Basic with user 'admin'
> GET /service/plugins/policies/download/hdfs_test_1 HTTP/1.1
> Authorization: Basic YWRtaW46YWRtaW4=
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.19.1 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: admin.hadoop.local:6080
> Accept: /
> Content-type:application/json
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Server: Apache-Coyote/1.1
Server: Apache-Coyote/1.1
< Content-Type: application/json
Content-Type: application/json
< Transfer-Encoding: chunked
Transfer-Encoding: chunked
< Date: Wed, 04 May 2016 05:14:00 GMT
Date: Wed, 04 May 2016 05:14:00 GMT
{"serviceName":"hdfs_test_1","serviceId":1,"policyVersion":1,"policyUpdateTime":1462338793000,"policies":[{"id":1,"guid":"1462338793540_165_64","isEnabled":true,"createdBy":"Admin","updatedBy":"Admin","createTime":1462309993000,"updateTime":1462309993000,"version":1,"service":"hdfs_test_1","name":"hdfs_test_1-1-20160504051313","description":"Default Policy for Service: hdfs_test_1","resourceSignature":"6f956063401eda656f1eae8870c1afac","isAuditEnabled":true,"resources":{"path":{"isRecursive":true,"values":["/"],"isExcludes":false}},"policyItems":[{"users":["admin"],"groups":[],"delegateAdmin":true,"accesses":[{"isAllowed":true,"type":"read"},{"isAllowed":true,"type":"write"},{"isAllowed":true,"type":"execute"}],"conditions":[]}]}],"serviceDef":{"id":1,"guid":"0d047247-bafe-4cf8-8e9b-d5d377284b2d","isEnabled":true,"createTime":1462309741000,"updateTime":1462309741000,"version":1,"name":"hdfs","implClass":"org.apache.ranger.services.hdfs.RangerServiceHdfs","label":"HDFS Repository","description":"HDFS Repository","configs":[{"label":"Username","rbKeyLabel":null,"rbKeyDescription":null,"itemId":1,"subType":"","mandatory":true,"validationRegEx":"","validationMessage":"","uiHint":"","rbKeyValidationMessage":null,"name":"username","type":"string","defaultValue":null,"description":null},{"label":"Password","rbKeyLabel":null,"rbKeyDescription":null,"itemId":2,"subType":"","mandatory":true,"validationRegEx":"","validationMessage":"","uiHint":"","rbKeyValidationMessage":null,"name":"password","type":"password","defaultValue":null,"description":null},{"label":"Namenode URL","rbKeyLabel":null,"rbKeyDescription":null,"itemId":3,"subType":"","mandatory":true,"validationRegEx":"","validationMessage":"","uiHint":"","rbKeyValidationMessage":null,"name":"fs.default.name","type":"string","defaultValue":null,"description":null},{"label":"Authorization Enabled","rbKeyLabel":null,"rbKeyDescription":null,"itemId":4,"subType":"YesTrue:NoFalse","mandatory":true,"validationRegEx":"","validationMessage":"","uiHint":"","rbKeyValidationMessage":null,"name":"hadoop.security.authorization","type":"bool","defaultValue":"false","description":null},{"label":"Authentication Type","rbKeyLabel":null,"rbKeyDescription":null,"itemId":5,"subType":"authnType","mandatory":true,"validationRegEx":"","validationMessage":"","uiHint":"","rbKeyValidationMessage":null,"name":"hadoop.security.authentication","type":"enum","defaultValue":"simple","description":null},{"label":null,"rbKeyLabel":null,"rbKeyDescription":null,"itemId":6,"subType":"","mandatory":false,"validationRegEx":"","validationMessage":"","uiHint":"","rbKeyValidationMessage":null,"name":"hadoop.security.auth_to_local","type":"string","defaultValue":null,"description":null},{"label":null,"rbKeyLabel":null,"rbKeyDescription":null,"itemId":7,"subType":"","mandatory":false,"validationRegEx":"","validationMessage":"","uiHint":"","rbKeyValidationMessage":null,"name":"dfs.datanode.kerberos.principal","type":"string","defaultValue":null,"description":null},{"label":null,"rbKeyLabel":null,"rbKeyDescription":null,"itemId":8,"subType":"","mandatory":false,"validationRegEx":"","validationMessage":"","uiHint":"","rbKeyValidationMessage":null,"name":"dfs.namenode.kerberos.principal","type":"string","defaultValue":null,"description":null},{"label":null,"rbKeyLabel":null,"rbKeyDescription":null,"itemId":9,"subType":"","mandatory":false,"validationRegEx":"","validationMessage":"","uiHint":"","rbKeyValidationMessage":null,"name":"dfs.secondary.namenode.kerberos.principal","type":"string","defaultValue":null,"description":null},{"label":"RPC Protection Type","rbKeyLabel":null,"rbKeyDescription":null,"itemId":10,"subType":"rpcProtection","mandatory":false,"validationRegEx":"","validationMessage":"","uiHint":"","rbKeyValidationMessage":null,"name":"hadoop.rpc.protection","type":"enum","defaultValue":"authentication","description":null},{"label":"Common Name for Certificate","rbKeyLabel":null,"rbKeyDescription":null,"itemId":11,"subType":"","mandatory":false,"validationRegEx":"","validationMessage":"","uiHint":"","rbKeyValidationMessage":null,"name":"commonNameForCertificate","type":"string","defaultValue":null,"description":null}],"resources":[{"label":"Resource Path","rbKeyLabel":null,"rbKeyDescription":null,"itemId":1,"mandatory":true,"validationRegEx":"","validationMessage":"","uiHint":"","rbKeyValidationMessage":null,"lookupSupported":true,"recursiveSupported":true,"excludesSupported":false,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"false"},"name":"path","parent":null,"type":"path","level":10,"description":"HDFS file or directory path"}],"accessTypes":[{"label":"Read","rbKeyLabel":null,"itemId":1,"impliedGrants":[],"name":"read"},{"label":"Write","rbKeyLabel":null,"itemId":2,"impliedGrants":[],"name":"write"},{"label":"Execute","rbKeyLabel":null,"itemId":3,"impliedGrants":[],"name":"execute"}],"policyConditions":[],"contextEnrichers":[],"enums":[{"itemId":1,"defaultIndex":0,"name":"authnType","elements":[{"label":"Simple","rbKeyLabel":null Connection #0 to host admin.hadoop.local left intact
* Closing connection #0
,"itemId":1,"name":"simple"},{"label":"Kerberos","rbKeyLabel":null,"itemId":2,"name":"kerberos"}]},{"itemId":2,"defaultIndex":0,"name":"rpcProtection","elements":[{"label":"Authentication","rbKeyLabel":null,"itemId":1,"name":"authentication"},{"label":"Integrity","rbKeyLabel":null,"itemId":2,"name":"integrity"},{"label":"Privacy","rbKeyLabel":null,"itemId":3,"name":"privacy"}]}]}}
- Ranger 0.4
[root@admin ~]# curl -ivk -H "Content-type:application/json" -u admin:admin http://admin.hadoop.local:6080/service/public/api/policy
* About to connect() to admin.hadoop.local port 6080 (#0)
* Trying 192.168.4.20... connected
* Connected to admin.hadoop.local (192.168.4.20) port 6080 (#0)
* Server auth using Basic with user 'admin'
> GET /service/public/api/policy HTTP/1.1
> Authorization: Basic YWRtaW46YWRtaW4=
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: admin.hadoop.local:6080
> Accept: */*
> Content-type:application/json
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Server: Apache-Coyote/1.1
Server: Apache-Coyote/1.1
< Set-Cookie: JSESSIONID=FA78974217500C8C8D70BF6AA49389EC; Path=/; HttpOnly
Set-Cookie: JSESSIONID=FA78974217500C8C8D70BF6AA49389EC; Path=/; HttpOnly
< Content-Type: application/json
Content-Type: application/json
< Transfer-Encoding: chunked
Transfer-Encoding: chunked
< Date: Thu, 02 Jun 2016 05:43:40 GMT
Date: Thu, 02 Jun 2016 05:43:40 GMT
<
* Connection #0 to host admin.hadoop.local left intact
* Closing connection #0
{"startIndex":0,"pageSize":1,"totalCount":1,"resultSize":1,"queryTimeMS":1464846220668,"vXPolicies":[{"id":1,"createDate":"2016-05-04T03:00:52Z","updateDate":"2016-05-04T03:00:52Z","owner":"Admin","updatedBy":"Admin","policyName":"hdfs_test_1-1-20160504030052","resourceName":"/","repositoryName":"hdfs_test_1","repositoryType":"HDFS","permMapList":[{"permList":["Unknown"]}],"isEnabled":true,"isRecursive":true,"isAuditEnabled":true,"version":"0.4.0.3.0.1.0-1","replacePerm":false}]}
Note: URL http://<Ranger admin host>:<Ranger service port>/service/public/api/policy can be loaded with a web browser to see the proper formatted output.
Feedback
Yes
No
Powered by
