Apache Ranger Python client
Project description
Apache Ranger - Python client
Python library for Apache Ranger.
Installation
Use the package manager pip to install python client for Apache Ranger.
> pip install apache-ranger
> pip install requests_kerberos (If using kerberos for authentication)
Verify if apache-ranger client is installed:
> pip list
Package Version
------------ ---------
apache-ranger 0.0.12
Usage
python test_ranger.py
# test_ranger.py
from apache_ranger.model.ranger_service import *
from apache_ranger.client.ranger_client import *
from apache_ranger.model.ranger_policy import *
## Step 1: create a client to connect to Apache Ranger admin
ranger_url = 'http://localhost:6080'
ranger_auth = ('admin', 'rangerR0cks!')
# For Kerberos authentication
#
# from requests_kerberos import HTTPKerberosAuth
#
# ranger_auth = HTTPKerberosAuth()
ranger = RangerClient(ranger_url, ranger_auth)
# to disable SSL certificate validation (not recommended for production use!)
#
# ranger.session.verify = False
## Step 2: Let's create a service
service = RangerService()
service.name = 'test_hive'
service.type = 'hive'
service.configs = {'username':'hive', 'password':'hive', 'jdbc.driverClassName': 'org.apache.hive.jdbc.HiveDriver', 'jdbc.url': 'jdbc:hive2://ranger-hadoop:10000', 'hadoop.security.authorization': 'true'}
print('Creating service: name=' + service.name)
created_service = ranger.create_service(service)
print(' created service: name=' + created_service.name + ', id=' + str(created_service.id))
## Step 3: Let's create a policy
policy = RangerPolicy()
policy.service = service.name
policy.name = 'test policy'
policy.resources = { 'database': RangerPolicyResource({ 'values': ['test_db'] }),
'table': RangerPolicyResource({ 'values': ['test_tbl'] }),
'column': RangerPolicyResource({ 'values': ['*'] }) }
allowItem1 = RangerPolicyItem()
allowItem1.users = [ 'admin' ]
allowItem1.accesses = [ RangerPolicyItemAccess({ 'type': 'create' }),
RangerPolicyItemAccess({ 'type': 'alter' }) ]
denyItem1 = RangerPolicyItem()
denyItem1.users = [ 'admin' ]
denyItem1.accesses = [ RangerPolicyItemAccess({ 'type': 'drop' }) ]
policy.policyItems = [ allowItem1 ]
policy.denyPolicyItems = [ denyItem1 ]
print('Creating policy: name=' + policy.name)
created_policy = ranger.create_policy(policy)
print(' created policy: name=' + created_policy.name + ', id=' + str(created_policy.id))
## Step 4: Delete policy and service created above
print('Deleting policy: id=' + str(created_policy.id))
ranger.delete_policy_by_id(created_policy.id)
print(' deleted policy: id=' + str(created_policy.id))
print('Deleting service: id=' + str(created_service.id))
ranger.delete_service_by_id(created_service.id)
print(' deleted service: id=' + str(created_service.id))
python test_ranger_kms.py
# test_ranger_kms.py
from apache_ranger.client.ranger_kms_client import RangerKMSClient
from apache_ranger.client.ranger_client import HadoopSimpleAuth
from apache_ranger.model.ranger_kms import RangerKey
import time
##
## Step 1: create a client to connect to Apache Ranger KMS
##
kms_url = 'http://localhost:9292'
kms_auth = HadoopSimpleAuth('keyadmin')
# For Kerberos authentication
#
# from requests_kerberos import HTTPKerberosAuth
#
# kms_auth = HTTPKerberosAuth()
#
# For HTTP Basic authentication
#
# kms_auth = ('keyadmin', 'rangerR0cks!')
kms_client = RangerKMSClient(kms_url, kms_auth)
##
## Step 2: Let's call KMS APIs
##
kms_status = kms_client.kms_status()
print('kms_status():', kms_status)
print()
key_name = 'test_' + str(int(time.time() * 1000))
key = kms_client.create_key(RangerKey({'name':key_name}))
print('create_key(' + key_name + '):', key)
print()
rollover_key = kms_client.rollover_key(key_name, key.material)
print('rollover_key(' + key_name + '):', rollover_key)
print()
kms_client.invalidate_cache_for_key(key_name)
print('invalidate_cache_for_key(' + key_name + ')')
print()
key_metadata = kms_client.get_key_metadata(key_name)
print('get_key_metadata(' + key_name + '):', key_metadata)
print()
current_key = kms_client.get_current_key(key_name)
print('get_current_key(' + key_name + '):', current_key)
print()
encrypted_keys = kms_client.generate_encrypted_key(key_name, 6)
print('generate_encrypted_key(' + key_name + ', ' + str(6) + '):')
for i in range(len(encrypted_keys)):
encrypted_key = encrypted_keys[i]
decrypted_key = kms_client.decrypt_encrypted_key(key_name, encrypted_key.versionName, encrypted_key.iv, encrypted_key.encryptedKeyVersion.material)
reencrypted_key = kms_client.reencrypt_encrypted_key(key_name, encrypted_key.versionName, encrypted_key.iv, encrypted_key.encryptedKeyVersion.material)
print(' encrypted_keys[' + str(i) + ']: ', encrypted_key)
print(' decrypted_key[' + str(i) + ']: ', decrypted_key)
print(' reencrypted_key[' + str(i) + ']:', reencrypted_key)
print()
reencrypted_keys = kms_client.batch_reencrypt_encrypted_keys(key_name, encrypted_keys)
print('batch_reencrypt_encrypted_keys(' + key_name + ', ' + str(len(encrypted_keys)) + '):')
for i in range(len(reencrypted_keys)):
print(' batch_reencrypt_encrypted_key[' + str(i) + ']:', reencrypted_keys[i])
print()
key_versions = kms_client.get_key_versions(key_name)
print('get_key_versions(' + key_name + '):', len(key_versions))
for i in range(len(key_versions)):
print(' key_versions[' + str(i) + ']:', key_versions[i])
print()
for i in range(len(key_versions)):
key_version = kms_client.get_key_version(key_versions[i].versionName)
print('get_key_version(' + str(i) + '):', key_version)
print()
key_names = kms_client.get_key_names()
print('get_key_names():', len(key_names))
for i in range(len(key_names)):
print(' key_name[' + str(i) + ']:', key_names[i])
print()
keys_metadata = kms_client.get_keys_metadata(key_names)
print('get_keys_metadata(' + str(key_names) + '):', len(keys_metadata))
for i in range(len(keys_metadata)):
print(' key_metadata[' + str(i) + ']:', keys_metadata[i])
print()
key = kms_client.get_key(key_name)
print('get_key(' + key_name + '):', key)
print()
kms_client.delete_key(key_name)
print('delete_key(' + key_name + ')')
python test_ranger_user_mgmt.py
# test_ranger_user_mgmt.py
from apache_ranger.client.ranger_client import *
from apache_ranger.utils import *
from apache_ranger.model.ranger_user_mgmt import *
from apache_ranger.client.ranger_user_mgmt_client import *
from datetime import datetime
##
## Step 1: create a client to connect to Apache Ranger
##
ranger_url = 'http://localhost:6080'
ranger_auth = ('admin', 'rangerR0cks!')
# For Kerberos authentication
#
# from requests_kerberos import HTTPKerberosAuth
#
# ranger_auth = HTTPKerberosAuth()
#
# For HTTP Basic authentication
#
# ranger_auth = ('admin', 'rangerR0cks!')
ranger = RangerClient(ranger_url, ranger_auth)
user_mgmt = RangerUserMgmtClient(ranger)
##
## Step 2: Let's call User Management APIs
##
print('\nListing users')
users = user_mgmt.find_users()
print(f' {len(users.list)} users found')
for user in users.list:
print(f' id: {user.id}, name: {user.name}')
print('\nListing groups')
groups = user_mgmt.find_groups()
print(f' {len(groups.list)} groups found')
for group in groups.list:
print(f' id: {group.id}, name: {group.name}')
print('\nListing group-users')
group_users = user_mgmt.find_group_users()
print(f' {len(group_users.list)} group-users found')
for group_user in group_users.list:
print(f' id: {group_user.id}, groupId: {group_user.parentGroupId}, userId: {group_user.userId}')
now = datetime.now()
name_suffix = '-' + now.strftime('%Y%m%d-%H%M%S-%f')
user_name = 'test-user' + name_suffix
group_name = 'test-group' + name_suffix
user = RangerUser({ 'name': user_name, 'firstName': user_name, 'lastName': 'user', 'emailAddress': user_name + '@test.org', 'password': 'Welcome1', 'userRoleList': [ 'ROLE_USER' ], 'otherAttributes': '{ "dept": "test" }' })
print(f'\nCreating user: name={user.name}')
created_user = user_mgmt.create_user(user)
print(f' created user: {created_user}')
group = RangerGroup({ 'name': group_name, 'otherAttributes': '{ "dept": "test" }' })
print(f'\nCreating group: name={group.name}')
created_group = user_mgmt.create_group(group)
print(f' created group: {created_group}')
group_user = RangerGroupUser({ 'name': created_group.name, 'parentGroupId': created_group.id, 'userId': created_user.id })
print(f'\nAdding user {created_user.name} to group {created_group.name}')
created_group_user = user_mgmt.create_group_user(group_user)
print(f' created group-user: {created_group_user}')
print('\nListing group-users')
group_users = user_mgmt.find_group_users()
print(f' {len(group_users.list)} group-users found')
for group_user in group_users.list:
print(f' id: {group_user.id}, groupId: {group_user.parentGroupId}, userId: {group_user.userId}')
print(f'\nListing users for group {group.name}')
users = user_mgmt.get_users_in_group(group.name)
print(f' users: {users}')
print(f'\nListing groups for user {user.name}')
groups = user_mgmt.get_groups_for_user(user.name)
print(f' groups: {groups}')
print(f'\nDeleting group-user {created_group_user.id}')
user_mgmt.delete_group_user_by_id(created_group_user.id)
print(f'\nDeleting group {group.name}')
user_mgmt.delete_group_by_id(created_group.id, True)
print(f'\nDeleting user {user.name}')
user_mgmt.delete_user_by_id(created_user.id, True)
For more examples, checkout sample-client python project in ranger-examples module.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
apache-ranger-0.0.12.tar.gz
(24.1 kB
view hashes)
Built Distribution
Close
Hashes for apache_ranger-0.0.12-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 6a6e9c4aa4c74bc65741ba1fde08688a5fb6a3b5f71b8573449ab27d8fb2a71d |
|
| MD5 | 5186c4aa0118fb36c6818358a19fc7b9 |
|
| BLAKE2b-256 | efc6fe7aa214a21984346c79346e63ae78ef12bda6203e1c6ebd765cdd45818f |
