Python library for Apache Ranger.
Use the package manager pip to install python client for Apache Ranger.
> pip install apache-ranger
> pip install requests_kerberos (If using kerberos for authentication)
Verify if apache-ranger client is installed:
> pip list
Package Version
------------ ---------
apache-ranger 0.0.12
python test_ranger.py
# test_ranger.py
from apache_ranger.model.ranger_service import *
from apache_ranger.client.ranger_client import *
from apache_ranger.model.ranger_policy import *
## Step 1: create a client to connect to Apache Ranger admin
ranger_url = 'http://localhost:6080'
ranger_auth = ('admin', 'rangerR0cks!')
# For Kerberos authentication
#
# from requests_kerberos import HTTPKerberosAuth
#
# ranger_auth = HTTPKerberosAuth()
ranger = RangerClient(ranger_url, ranger_auth)
# to disable SSL certificate validation (not recommended for production use!)
#
# ranger.session.verify = False
## Step 2: Let's create a service
service = RangerService()
service.name = 'test_hive'
service.type = 'hive'
service.configs = {'username':'hive', 'password':'hive', 'jdbc.driverClassName': 'org.apache.hive.jdbc.HiveDriver', 'jdbc.url': 'jdbc:hive2://ranger-hadoop:10000', 'hadoop.security.authorization': 'true'}
print('Creating service: name=' + service.name)
created_service = ranger.create_service(service)
print(' created service: name=' + created_service.name + ', id=' + str(created_service.id))
## Step 3: Let's create a policy
policy = RangerPolicy()
policy.service = service.name
policy.name = 'test policy'
policy.resources = { 'database': RangerPolicyResource({ 'values': ['test_db'] }),
'table': RangerPolicyResource({ 'values': ['test_tbl'] }),
'column': RangerPolicyResource({ 'values': ['*'] }) }
allowItem1 = RangerPolicyItem()
allowItem1.users = [ 'admin' ]
allowItem1.accesses = [ RangerPolicyItemAccess({ 'type': 'create' }),
RangerPolicyItemAccess({ 'type': 'alter' }) ]
denyItem1 = RangerPolicyItem()
denyItem1.users = [ 'admin' ]
denyItem1.accesses = [ RangerPolicyItemAccess({ 'type': 'drop' }) ]
policy.policyItems = [ allowItem1 ]
policy.denyPolicyItems = [ denyItem1 ]
print('Creating policy: name=' + policy.name)
created_policy = ranger.create_policy(policy)
print(' created policy: name=' + created_policy.name + ', id=' + str(created_policy.id))
## Step 4: Delete policy and service created above
print('Deleting policy: id=' + str(created_policy.id))
ranger.delete_policy_by_id(created_policy.id)
print(' deleted policy: id=' + str(created_policy.id))
print('Deleting service: id=' + str(created_service.id))
ranger.delete_service_by_id(created_service.id)
print(' deleted service: id=' + str(created_service.id))
python test_ranger_kms.py
# test_ranger_kms.py
from apache_ranger.client.ranger_kms_client import RangerKMSClient
from apache_ranger.client.ranger_client import HadoopSimpleAuth
from apache_ranger.model.ranger_kms import RangerKey
import time
##
## Step 1: create a client to connect to Apache Ranger KMS
##
kms_url = 'http://localhost:9292'
kms_auth = HadoopSimpleAuth('keyadmin')
# For Kerberos authentication
#
# from requests_kerberos import HTTPKerberosAuth
#
# kms_auth = HTTPKerberosAuth()
#
# For HTTP Basic authentication
#
# kms_auth = ('keyadmin', 'rangerR0cks!')
kms_client = RangerKMSClient(kms_url, kms_auth)
##
## Step 2: Let's call KMS APIs
##
kms_status = kms_client.kms_status()
print('kms_status():', kms_status)
print()
key_name = 'test_' + str(int(time.time() * 1000))
key = kms_client.create_key(RangerKey({'name':key_name}))
print('create_key(' + key_name + '):', key)
print()
rollover_key = kms_client.rollover_key(key_name, key.material)
print('rollover_key(' + key_name + '):', rollover_key)
print()
kms_client.invalidate_cache_for_key(key_name)
print('invalidate_cache_for_key(' + key_name + ')')
print()
key_metadata = kms_client.get_key_metadata(key_name)
print('get_key_metadata(' + key_name + '):', key_metadata)
print()
current_key = kms_client.get_current_key(key_name)
print('get_current_key(' + key_name + '):', current_key)
print()
encrypted_keys = kms_client.generate_encrypted_key(key_name, 6)
print('generate_encrypted_key(' + key_name + ', ' + str(6) + '):')
for i in range(len(encrypted_keys)):
encrypted_key = encrypted_keys[i]
decrypted_key = kms_client.decrypt_encrypted_key(key_name, encrypted_key.versionName, encrypted_key.iv, encrypted_key.encryptedKeyVersion.material)
reencrypted_key = kms_client.reencrypt_encrypted_key(key_name, encrypted_key.versionName, encrypted_key.iv, encrypted_key.encryptedKeyVersion.material)
print(' encrypted_keys[' + str(i) + ']: ', encrypted_key)
print(' decrypted_key[' + str(i) + ']: ', decrypted_key)
print(' reencrypted_key[' + str(i) + ']:', reencrypted_key)
print()
reencrypted_keys = kms_client.batch_reencrypt_encrypted_keys(key_name, encrypted_keys)
print('batch_reencrypt_encrypted_keys(' + key_name + ', ' + str(len(encrypted_keys)) + '):')
for i in range(len(reencrypted_keys)):
print(' batch_reencrypt_encrypted_key[' + str(i) + ']:', reencrypted_keys[i])
print()
key_versions = kms_client.get_key_versions(key_name)
print('get_key_versions(' + key_name + '):', len(key_versions))
for i in range(len(key_versions)):
print(' key_versions[' + str(i) + ']:', key_versions[i])
print()
for i in range(len(key_versions)):
key_version = kms_client.get_key_version(key_versions[i].versionName)
print('get_key_version(' + str(i) + '):', key_version)
print()
key_names = kms_client.get_key_names()
print('get_key_names():', len(key_names))
for i in range(len(key_names)):
print(' key_name[' + str(i) + ']:', key_names[i])
print()
keys_metadata = kms_client.get_keys_metadata(key_names)
print('get_keys_metadata(' + str(key_names) + '):', len(keys_metadata))
for i in range(len(keys_metadata)):
print(' key_metadata[' + str(i) + ']:', keys_metadata[i])
print()
key = kms_client.get_key(key_name)
print('get_key(' + key_name + '):', key)
print()
kms_client.delete_key(key_name)
print('delete_key(' + key_name + ')')
python test_ranger_user_mgmt.py
# test_ranger_user_mgmt.py
from apache_ranger.client.ranger_client import *
from apache_ranger.utils import *
from apache_ranger.model.ranger_user_mgmt import *
from apache_ranger.client.ranger_user_mgmt_client import *
from datetime import datetime
##
## Step 1: create a client to connect to Apache Ranger
##
ranger_url = 'http://localhost:6080'
ranger_auth = ('admin', 'rangerR0cks!')
# For Kerberos authentication
#
# from requests_kerberos import HTTPKerberosAuth
#
# ranger_auth = HTTPKerberosAuth()
#
# For HTTP Basic authentication
#
# ranger_auth = ('admin', 'rangerR0cks!')
ranger = RangerClient(ranger_url, ranger_auth)
user_mgmt = RangerUserMgmtClient(ranger)
##
## Step 2: Let's call User Management APIs
##
print('\nListing users')
users = user_mgmt.find_users()
print(f' {len(users.list)} users found')
for user in users.list:
print(f' id: {user.id}, name: {user.name}')
print('\nListing groups')
groups = user_mgmt.find_groups()
print(f' {len(groups.list)} groups found')
for group in groups.list:
print(f' id: {group.id}, name: {group.name}')
print('\nListing group-users')
group_users = user_mgmt.find_group_users()
print(f' {len(group_users.list)} group-users found')
for group_user in group_users.list:
print(f' id: {group_user.id}, groupId: {group_user.parentGroupId}, userId: {group_user.userId}')
now = datetime.now()
name_suffix = '-' + now.strftime('%Y%m%d-%H%M%S-%f')
user_name = 'test-user' + name_suffix
group_name = 'test-group' + name_suffix
user = RangerUser({ 'name': user_name, 'firstName': user_name, 'lastName': 'user', 'emailAddress': user_name + '@test.org', 'password': 'Welcome1', 'userRoleList': [ 'ROLE_USER' ], 'otherAttributes': '{ "dept": "test" }' })
print(f'\nCreating user: name={user.name}')
created_user = user_mgmt.create_user(user)
print(f' created user: {created_user}')
group = RangerGroup({ 'name': group_name, 'otherAttributes': '{ "dept": "test" }' })
print(f'\nCreating group: name={group.name}')
created_group = user_mgmt.create_group(group)
print(f' created group: {created_group}')
group_user = RangerGroupUser({ 'name': created_group.name, 'parentGroupId': created_group.id, 'userId': created_user.id })
print(f'\nAdding user {created_user.name} to group {created_group.name}')
created_group_user = user_mgmt.create_group_user(group_user)
print(f' created group-user: {created_group_user}')
print('\nListing group-users')
group_users = user_mgmt.find_group_users()
print(f' {len(group_users.list)} group-users found')
for group_user in group_users.list:
print(f' id: {group_user.id}, groupId: {group_user.parentGroupId}, userId: {group_user.userId}')
print(f'\nListing users for group {group.name}')
users = user_mgmt.get_users_in_group(group.name)
print(f' users: {users}')
print(f'\nListing groups for user {user.name}')
groups = user_mgmt.get_groups_for_user(user.name)
print(f' groups: {groups}')
print(f'\nDeleting group-user {created_group_user.id}')
user_mgmt.delete_group_user_by_id(created_group_user.id)
print(f'\nDeleting group {group.name}')
user_mgmt.delete_group_by_id(created_group.id, True)
print(f'\nDeleting user {user.name}')
user_mgmt.delete_user_by_id(created_user.id, True)
For more examples, checkout sample-client python project in ranger-examples module.
FAQs
Apache Ranger Python client
We found that apache-ranger demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Malicious Go packages are impersonating popular libraries to install hidden loader malware on Linux and macOS, targeting developers with obfuscated payloads.
Security News
Bybit's $1.46B hack by North Korea's Lazarus Group pushes 2025 crypto losses to $1.6B in just two months, already surpassing all of 2024's $1.49B total.
Security News
OpenSSF has published OSPS Baseline, an initiative designed to establish a minimum set of security-related best practices for open source software projects.