Supported Input parameters for Export operation

When you perform the export operation, depending on your cluster environment, you must make sure to configure the env.sh file for the supported input values accordingly.


Input Parameters	Description
POLICYMGR_EXTERNAL_URL	This configuration is used for the Ranger administrator URL. Ranger admin URL should be given along with protocol and port. Multiple Ranger admin URLs are not supported. Example: http://testhost.root.hwx.site:6080 Default : http://localhost:6080 Mandatory: Yes
POLICYMGR_KERBEROS_ENABLED	For kerberos authentication, set this configuration value to true. Kinit with right principal/keytab for authentication before executing the `exportPolicy.sh` script. Default : false Mandatory: No
POLICYMGR_HTTPS_ENABLED	For SSL/HTTPS authentication, set this configuration value to true. If this property is set to true, provide a valid certificate file path in the configuration POLICYMGR_HTTPS_CERT_FILE Default : false Mandatory: No
POLICYMGR_HTTPS_CERT_FILE	For SSL/HTTPS authentication set config POLICYMGR_HTTPS_ENABLED value to true and provide a valid certificate file path for this config Example: `/tmp/cacerts.pem` Default : empty string Mandatory: No
POLICYMGR_ADMIN	This configuration is for Ranger admin user loginID. loginID provided in this config must exist in ranger-admin and must have an ‘admin’ role. For example: If `POLICYMGR_KERBEROS_ENABLED` is set to true, `POLICYMGR_ADMIN` does not need to be configured with a user id. It is inherited from the authenticated Kerberos principal." This is optional for `secured/kerberos/knoxsso` authentication. Default : empty string Mandatory: No
POLICYMGR_PWD	This configuration is for the login password of the loginID provided in config POLICYMGR_ADMIN. This is optional for `secured/kerberos/knoxsso` authentication. Default : empty string Mandatory: No
SOURCE_SERVICE_NAME	This configuration is for Ranger service names of which Ranger policies need to be exported. Multiple service names can be given separated by comma(,) characters. If an empty string is provided then the utility will try to export Ranger policies of all services. Example: hadoopdev,hivedev Default : empty string Mandatory: No
EXPORT_OUTPUT_LOCATION	This configuration is for the output file of exported Ranger policies. If a location is given then the user must have write permission on that file/directory. If an empty string is given then the location shall be the current location. Only local file system path is supported and HDFS file system path is not supported. If directory path is given then file name shall be “`exportedRangerPolicies_$timestamp`”. If path contains the file name also then it will create/overwrite the existing file with the exported Ranger policies JSON content. example : /tmp Default : empty string Mandatory: No
POLICYMGR_KNOXSSO_TOKEN	This config is to provide the KNOX SSO Token for knox sso based authentication to source Ranger-admin. Example : eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJhZG1pbjEiLCJpc3MiOiJLTk9YU1NPIiwiZXhwIjoxNjQ2ODk5MDg4fQ.TZf18N0zHMU2mmNCX0EANCprj3WkWz5VILE80OgLZj6R6z-gB-AVIbnfoKQoJobHTAAXgHiV-6dehFK2oWKWDX7ZXwj5Oxf-11a7ptBkRlRiPeJW7MmHuZgdJIKmauJMmp8Z_67diImU__6wj7jaaY429WjSPBMxmIfsLyayDmk Default : empty string Mandatory: No

Sample output:

HTTP/1.1 307 Temporary Redirect

Date: Wed, 09 Mar 2022 04:11:28 GMT

X-Frame-Options: DENY

Set-Cookie: KNOXSESSIONID=eabe18mw4qrs1f58xjg9d000q;Path=/gateway/knoxsso;Secure;HttpOnly

Expires: Thu, 01 Jan 1970 00:00:00 GMT

Set-Cookie: rememberMe=deleteMe; Path=/gateway/knoxsso; Max-Age=0; Expires=Tue, 08-Mar-2022 04:11:28 GMT

Set-Cookie: hadoop-jwt=eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJhZG1pbjEiLCJpc3MiOiJLTk9YU1NPIiwiZXhwIjoxNjQ2ODk5MDg4fQ.TZf18N0zHMU2mmNCX0EANCprj3WkWz5VILE80OgLZj6R6z-gB-AVIbnfoKQoJobHTAAXgHiV-6dehFK2oWKWDX7ZXwj5Oxf-11a7ptBkRlRiPeJW7MmHuZgdJIKmauJMmp8Z_67diImU__6wj7jaaY429WjSPBMxmIfsLyayDmk;Path=/;Domain=.hwx.site;HttpOnly

Location: http://localhost:6080/service/plugins/services/1

Content-Length: 0

Server: Jetty(9.2.15.v20160210)