2

We have installed Apache Ranger and the Web UI works fine, most of the REST API method works fine on both PublicAPIsv2 and RoleREST as per https://ranger.apache.org/apidocs/ui/index.html.
I can get “test_role” id by calling GET /public/v2/api/roles/name/test_role which returns the id 409.
I can get test_role content by calling GET /public/v2/api/roles/409
I can change test_role users list by editing the response I get from GET /public/v2/api/roles/409 and submitting it through PUT /public/v2/api/roles/409

The body is:

{
    "id": 409,
    "isEnabled": true,
    "createdBy": "admin",
    "updatedBy": "admin",
    "createTime": 1598241102841,
    "updateTime": 1601975068428,
    "name": "test_role",
    "options": {},
    "users": [
        {
            "name": "test_user1”,
            "isAdmin": true
        },
        {
            "name": “test_user2”,
            "isAdmin": true
        },
        {
            "name": “test_user3”,
            "isAdmin": false
        }
    ],
    "groups": [
        {
            "name": "test_group”,
            "isAdmin": false
        }
    ],
    "roles": []
}

But calling PUT /public/v2/api/roles/409/addUsersAndGroups returns “404 not found”. I tried with the same body as above as parameter, and also with:

{
    "users": [
        {
            "name": “test_user4”,
            "isAdmin": true
        }
    ]
}

Would anybody know what is the correct body to send as parameter to: /public/v2/api/roles/409/addUsersAndGroups?
Also, making a wrong call such as GET /public/v2/api/roles/409/addUsersAndGroups returns “405 method not allowed”. So I believe it shows the end point does exist. I’m not sure why calling PUT public/v2/api/roles/409/addUsersAndGroups with (probably) incorrect body returns “404 not found” and not an error message related to the wrong parameter.

Shayan Shafiq
  • 1,447
  • 5
  • 18
  • 25
pr001
  • 21
  • 2
  • no solution yet... however workaround works. – Ram Dwivedi Mar 22 '21 at 05:57
  • Same problem, the point is that if you use `https://ranger_url/service/roles/roles/` you would replace ENTIRELY the role. It's quite different from what you want to achieve, which is adding A user to a role. – hey_rey Jul 01 '22 at 16:15

1 Answers1

0

It happens because Apache Ranger API documentation is wrong, remove the suffix /addUsersAndGroups of your endpoint and it will work.

Example: https://ranger_url/service/roles/roles/409

Where 409 is the role ID, as you're using on your example.

The body that is needed:

{
    "name": "test_role",
    "users": [
        {
            "name": "test_user1",
            "isAdmin": true
        }
    ]
}
Bruno Rocha
  • 1