How can we do bulk deletion of devices in PAM?
Release : 4.x
We can utilize REST API to do bulk deletion of devices in PAM. Make a PAM database backup before running below steps.
1. First of all, make sure External Rest API is enabled in PAM. Go to Configuration > Security > Access > Access tab and make sure External REST API is enabled.
2. Create API key for a user (e.g. super) by updating the user on its API Key tab, click the plus sign and name the API Key appropriately, e.g. admin-1
3. Go to the Target Account and open the created API key, click the 'eye' icon and noted the password.
4. Using the above API Key's credentials, open Settings > API Doc where we find the following APIs
- Get all devices
- Delete device
Click the 'Try it out!' button and we can get the 'curl' command example.
5. Using the example of 'curl' command on the API Doc, go to aLinux machine and we can run the 'curl' command to retrieve the devices we would like to delete. For example, below 'curl' command will retrieve max 20 of devices which name starts with 'x-'
curl --insecure -u admin-1 -X GET --header 'Accept: application/json' 'https://<PAM's FQDN>/api.php/v1/devices.json?sortBy=%2BdeviceName&limit=20&searchRelationship=AND&fields=deviceId%2CdeviceName%2CdomainName%2Cdescription%2Cos%2Ctype%2CtypeAccess%2CtypePassword%2CtypeA2A%2CtypePamsc%2CshortName%2CprovisionType%2CdeviceGroupMembership&deviceName=x-'
Notes:
Replace <PAM's FQDN> with the actual PAM FQDN/IP address
The command will prompt for admin-1 API Key's password. We can also set the password in the '-u' argument, by specifying '-u "USERNAME:PASSWORD"'
To just get the deviceID data I can use 'jq' command and re-run the command like below.
curl --insecure -u admin-1 -X GET --header 'Accept: application/json' 'https://<PAM's FQDN>/api.php/v1/devices.json?sortBy=%2BdeviceName&limit=20&searchRelationship=AND&fields=deviceId%2CdeviceName%2CdomainName%2Cdescription%2Cos%2Ctype%2CtypeAccess%2CtypePassword%2CtypeA2A%2CtypePamsc%2CshortName%2CprovisionType%2CdeviceGroupMembership&deviceName=x-' | jq '.devices[].deviceId'
6. Once we have retrieved the device IDs of devices we want to delete we can run the following 'curl' command to delete the device per device ID based on 'curl' command example in the API Doc.
curl --insecure -u admin-1 -X DELETE --header 'Accept: application/json' 'https://<PAM's FQDN>/api.php/v1/devices.json/<deviceId>'
Notes:
Replace <PAM's FQDN> with the actual PAM FQDN/IP address
Replace <deviceId> with the actual device ID
The command will prompt for admin-1 API Key's password. We can also set the password in the '-u' argument, by specifying '-u "USERNAME:PASSWORD"'
We can craft a shell script to iterate on device ID and delete the devices in bulk.