Fork me on GitHub

Project Notes

#281

Using pypmp to call the PMP REST API from python.

Notes

The PMP REST API makes most features of ManageEngine Password Manager Pro manageable and usable with token-authenticated HTTP calls.

There are a couple of existing python projects for interacting with the PMP API. This is a quick test of the pypmp project

Project Sources

The pypmp pypi page documents the latest release. It has a broken link to the source however.

The tristanlatr/pypmp GitHub fork appears to be the code from which the official release has been built from. There is another relatively active fork allenjeong/pypmp that is not fully merged.

Installation

This tool uses the official pypmp library. Install with pip:

pip install -r requirements.txt

Example Script

The pmp_api.py script is a simple example of various API calls using the pypmp library

$ ./pmp_api.py -h
usage: pmp_api.py [-h] [-r R] [-a A] resource_name

Demonstrate basic PMP REST API calls with pypmp

positional arguments:
resource_name  (resources, accounts, account or password)

options:
-h, --help     show this help message and exit
-r R           resource ID
-a A           account ID

Uses settings from environment: PMP_HOST (default: localhost) PMP_PORT (default: 7272) AUTHTOKEN

Auth Failure

If an invalid token is provided:

$ AUTHTOKEN=invalid ./pmp_api.py resources
Request to https://ronda-u2:7272/restapi/json/v1/resources failed: API key received is not associated to any user. Authentication failed.
Failed

Get the Resources Owned and Shared to a User

../resources endpoint

$ ./pmp_api.py resources
[{'RESOURCE DESCRIPTION': '', 'RESOURCE TYPE': 'Linux', 'RESOURCE ID': '1', 'RESOURCE NAME': 'res1', 'NOOFACCOUNTS': '1'}]

v## Get the Accounts that are Part of a Resource

../resources/<Resource ID>/accounts endpoint

$ ./pmp_api.py -r 1 accounts
{'LOCATION': '', 'RESOURCE DESCRIPTION': '', 'RESOURCE TYPE': 'Linux', 'RESOURCE ID': '1', 'ACCOUNT LIST': [{'ACCOUNT_DESCRIPTION': '', 'ISFAVPASS': 'false', 'ACCOUNT ID': '1', 'AUTOLOGONLIST': ['SSH', 'Telnet'], 'ACCOUNT NAME': 'admin', 'PASSWORDREQUEST_REASON_MANDATORY': 'true', 'PASSWORD STATUS': '****', 'ISREMOTEAPPONLY': 'false', 'ACCOUNT PASSWORD POLICY': 'Strong', 'IS_USER_WITH_COMMAND_CONTROL_ROLE': 'false', 'AUTOLOGONSTATUS': 'ALLOWED', 'IS_TICKETID_REQD_ACW': 'false', 'IS_COMMAND_CONTROL_CONFIGURED': 'false', 'PASSWDID': '1', 'IS_TICKETID_REQD_MANDATORY': 'false', 'IS_TICKETID_REQD': 'false', 'ISREASONREQUIRED': 'false'}], 'DEPARTMENT': '', 'PASSWORDREQUEST_REASON_MANDATORY': 'true', 'RESOURCE OWNER': 'admin', 'RESOURCE PASSWORD POLICY': 'Strong', 'IS_LOCAL_ACCOUNTS_AUTOLOGON_RESTRICTED': 'false', 'RESOURCE URL': '', 'IS_SSH_RESTRICTED': 'false', 'NEWSSHTERMINAL': 'false', 'DOMAIN NAME': '', 'ALLOWOPENURLINBROWSER': 'true', 'RESOURCE NAME': 'res1', 'DNS NAME': '1.2.3.4', 'ISRDPRESTRICTED': 'true'}

Get Details of an Account

../resources/<Resource ID>/accounts/<Account ID> endpoint

$ ./pmp_api.py -r 1 -a 1 account
{'DESCRIPTION': 'N/A', 'PASSWDID': '1', 'LAST MODIFIED TIME': 'N/A', 'EXPIRY STATUS': 'Valid', 'COMPLIANT REASON': 'Minimum length must be 8', 'PASSWORDREQUEST_REASON_MANDATORY': 'true', 'PASSWORD STATUS': '****', 'PASSWORD POLICY': 'Strong', 'COMPLIANT STATUS': 'Non-Compliant', 'LAST ACCESSED TIME': 'Mar 13, 2024 08:50 PM'}

Get the Password of an Account that is Part of a Resource

../resources/<Resource ID>/accounts/<Account ID>/password endpoint

$ ./pmp_api.py -r 1 -a 1 password
admin

Credits and References

About LCK#281 security/pmp

This page is a web-friendly rendering of my project notes shared in the LittleCodingKata GitHub repository.

Project Source on GitHub Return to the LittleCodingKata Catalog
About LittleCodingKata

LittleCodingKata is my collection of programming exercises, research and code toys broadly spanning things that relate to programming and software development (languages, frameworks and tools).

These range from the trivial to the complex and serious. Many are inspired by existing work and I'll note credits and references where applicable. The focus is quite scattered, as I variously work on things new and important in the moment, or go back to revisit things from the past.

This is primarily a personal collection for my own edification and learning, but anyone who stumbles by is welcome to borrow, steal or reference the work here. And if you spot errors or issues I'd really appreciate some feedback - create an issue, send me an email or even send a pull-request.

Follow the Blog follow projects and notes as they are published in your favourite feed reader