Is there an option to get a consolidated report for all machines (A2A clients) in a request group, for all request groups.
Release : 4.1
This is a 2-step process using Rest API calls that are not published in the Settings > Api DOC page as of January 2023, but were tested successfully with PAM 4.0.2 and 4.1.1:
1) Get a list of all request groups using URL
https://<pamserver>/cspm/ext/rest/requestGroups
Sample output:
{"data":[{"id":1,"name":"Requestors","description":"All requestor data.","type":"requestor","dynamic":true,"readOnly":true,"targetServers":[],"targetApplications":[],"targetAccounts":[],"groupClients":[],"groupScripts":[],"dynamicServerFilters":{},"dynamicApplicationFilters":{},"dynamicAccountFilters":{},"dynamicClientFilters":{},"dynamicScriptFilters":{},"secretType":false},{"id":2001,"name":"Server Control Distribution Servers","description":"Server Control Distribution Servers Request Group","type":"requestor","dynamic":true,"readOnly":true,"targetServers":[],"targetApplications":[],"targetAccounts":[],"groupClients":[],"groupScripts":[],"dynamicServerFilters":{},"dynamicApplicationFilters":{},"dynamicAccountFilters":{},"dynamicClientFilters":{},"dynamicScriptFilters":{},"secretType":false},{"id":16001,"name":"411requestgrouptest","description":null,"type":"requestor","dynamic":true,"readOnly":false,"targetServers":[],"targetApplications":[],"targetAccounts":[],"groupClients":[],"groupScripts":[],"dynamicServerFilters":{},"dynamicApplicationFilters":{},"dynamicAccountFilters":{},"dynamicClientFilters":{},"dynamicScriptFilters":{},"secretType":false}],"success":true,"total":3,"message":null}
2) For each request group ID returned, get the list of A2A clients in the group using URL
https://<pamserver>/cspm/ext/rest/requestGroups/showGroup/a2aClients/{id}
Sample output (truncated):
{"data":[{"createDate":1670888930000,"updateDate":1672335909000,"createUser":"client","updateUser":"super","hash":"hV2b8AwGWa8OltAxB7CXlpTBVYY=","hostName":"10.11.12.13","deviceName":"TEST-RHEL7-DEVICE","deviceId":29001,"type":"CLIENT","port":"28888","oldKey":null,"currentKey":"{1001}eabebd66e229780765....
To demonstrated one use of these Rest API resources, a UNIX shell script is attached that retrieves the list of request groups and then gets the list of A2A clients in each group. The attached python script is used to convert output from JSON to CSV. Note that .txt extensions were added to the files to reduce the risk of getting the downloads blocked. These scripts were tested with small sets of request groups and clients in the groups. They may not be adequate for large data sets and are meant for reference only.
Alternatively; there is also another Linux shell script called a2aauthmap.sh, attached to this KB, which showcases the same functionality. However it uses one script, but the script requires the rpm called jq to be installed.