#281

Using pypmp to call the PMP REST API from python.

Notes

The PMP REST API makes most features of ManageEngine Password Manager Pro manageable and usable with token-authenticated HTTP calls.

There are a couple of existing python projects for interacting with the PMP API. This is a quick test of the pypmp project

Project Sources

The pypmp pypi page documents the latest release. It has a broken link to the source however.

The tristanlatr/pypmp GitHub fork appears to be the code from which the official release has been built from. There is another relatively active fork allenjeong/pypmp that is not fully merged.

Installation

This tool uses the official pypmp library. Install with pip:

pip install -r requirements.txt

Example Script

The pmp_api.py script is a simple example of various API calls using the pypmp library

$ ./pmp_api.py -h
usage: pmp_api.py [-h] [-r R] [-a A] resource_name

Demonstrate basic PMP REST API calls with pypmp

positional arguments:
resource_name  (resources, accounts, account or password)

options:
-h, --help     show this help message and exit
-r R           resource ID
-a A           account ID

Uses settings from environment: PMP_HOST (default: localhost) PMP_PORT (default: 7272) AUTHTOKEN

Auth Failure

If an invalid token is provided:

$ AUTHTOKEN=invalid ./pmp_api.py resources
Request to https://ronda-u2:7272/restapi/json/v1/resources failed: API key received is not associated to any user. Authentication failed.
Failed

Get the Resources Owned and Shared to a User

../resources endpoint

$ ./pmp_api.py resources
[{'RESOURCE DESCRIPTION': '', 'RESOURCE TYPE': 'Linux', 'RESOURCE ID': '1', 'RESOURCE NAME': 'res1', 'NOOFACCOUNTS': '1'}]

v## Get the Accounts that are Part of a Resource

../resources/<Resource ID>/accounts endpoint

$ ./pmp_api.py -r 1 accounts
{'LOCATION': '', 'RESOURCE DESCRIPTION': '', 'RESOURCE TYPE': 'Linux', 'RESOURCE ID': '1', 'ACCOUNT LIST': [{'ACCOUNT_DESCRIPTION': '', 'ISFAVPASS': 'false', 'ACCOUNT ID': '1', 'AUTOLOGONLIST': ['SSH', 'Telnet'], 'ACCOUNT NAME': 'admin', 'PASSWORDREQUEST_REASON_MANDATORY': 'true', 'PASSWORD STATUS': '****', 'ISREMOTEAPPONLY': 'false', 'ACCOUNT PASSWORD POLICY': 'Strong', 'IS_USER_WITH_COMMAND_CONTROL_ROLE': 'false', 'AUTOLOGONSTATUS': 'ALLOWED', 'IS_TICKETID_REQD_ACW': 'false', 'IS_COMMAND_CONTROL_CONFIGURED': 'false', 'PASSWDID': '1', 'IS_TICKETID_REQD_MANDATORY': 'false', 'IS_TICKETID_REQD': 'false', 'ISREASONREQUIRED': 'false'}], 'DEPARTMENT': '', 'PASSWORDREQUEST_REASON_MANDATORY': 'true', 'RESOURCE OWNER': 'admin', 'RESOURCE PASSWORD POLICY': 'Strong', 'IS_LOCAL_ACCOUNTS_AUTOLOGON_RESTRICTED': 'false', 'RESOURCE URL': '', 'IS_SSH_RESTRICTED': 'false', 'NEWSSHTERMINAL': 'false', 'DOMAIN NAME': '', 'ALLOWOPENURLINBROWSER': 'true', 'RESOURCE NAME': 'res1', 'DNS NAME': '1.2.3.4', 'ISRDPRESTRICTED': 'true'}

Get Details of an Account

../resources/<Resource ID>/accounts/<Account ID> endpoint

$ ./pmp_api.py -r 1 -a 1 account
{'DESCRIPTION': 'N/A', 'PASSWDID': '1', 'LAST MODIFIED TIME': 'N/A', 'EXPIRY STATUS': 'Valid', 'COMPLIANT REASON': 'Minimum length must be 8', 'PASSWORDREQUEST_REASON_MANDATORY': 'true', 'PASSWORD STATUS': '****', 'PASSWORD POLICY': 'Strong', 'COMPLIANT STATUS': 'Non-Compliant', 'LAST ACCESSED TIME': 'Mar 13, 2024 08:50 PM'}

Get the Password of an Account that is Part of a Resource

../resources/<Resource ID>/accounts/<Account ID>/password endpoint

$ ./pmp_api.py -r 1 -a 1 password
admin

Credits and References

PMP REST API Docs
pypmp - pypi
tristanlatr/pypmp - GitHub, current release code
allenjeong/pypmp - GitHub, alternative/diverged fork
PasswordManPro_CLI - GitHub
argparse

Project Notes