Platforms
Functions
- async get_target_platforms(self, active: bool = None, systemType: str = None, periodicVerify: bool = None, manualVerify: bool = None, periodicChange: bool = None, manualChange: bool = None, automaticReconcile: bool = None, manualReconcile: bool = None)
Get target platforms that meet given criteria (or all platforms)
- Parameters:
active – Boolean
systemType – str
periodicVerify – Boolean
manualVerify – Boolean
periodicChange – Boolean
manualChange – Boolean
automaticReconcile – Boolean
manualReconcile – Boolean
- Returns:
List of target platform dictionaries
- async get_platforms_details(self, platform_name: str)
Get details for a given platform name
- Parameters:
platform_name – Platform name
- Returns:
a dictionary with the details of the platform
- async search_target_platform(self, search: str = '')
Free search on target platforms. Beware that for a search it can return several platforms If you want to search on a particular platform better use get_target_platform_details.
- Parameters:
search – free search
- Returns:
a list of found platforms
- async get_target_platform_details(self, platform_name: str)
Give detail about one particular platform
- Parameters:
platform_name – Name of the platform
- Returns:
a dict with details of the platform
- async get_target_platform_unique_id(self, platformID: str)
Retrieve the base64 ID of a platform
- Parameters:
platformID – the ID of platform (eg : WinDesktopLocal) or the name (eg “Oracle Database”)
- Returns:
base64 ID of the platform
- async del_target_platform(self, pf_unique_id)
Delete target platform using Unique ID You can get ID using get_target_platform_details:
unique_id = await epv.platform.get_target_platform_unique_id("Unix-SSH")
- Parameters:
pf_unique_id – Platform ID of the platform (Int 64), for ex: 644_56
- Returns:
Boolean
- async deactivate_target_platform(self, pfid: int)
Deactivate target platform using Unique ID (integer) You can get ID using get_target_platform_details
- Parameters:
pfid – Unique Platform ID of the platform
- Returns:
Boolean
- async export_platform(self, pfid: str, outdir: str)
Export platform files to outdir (existing directory)
- Parameters:
pfid –
outdir –
- Returns:
- async get_target_platform_connection_components(self, platformId)
Get the list of PSMConnectors for a platform unique ID
- Parameters:
platformId – the base64 ID of platform (use get_target_platform_unique_id)
- Returns:
a list of connection component
- async get_session_management_policy(self, platformId)
Get management policy info for a platform
- Parameters:
platformId – The base64 UD of platform (use get_target_platform_unique_id)
- Returns:
a dict with management policy infos
- async export_all_platforms(self, outdir: str)
- async import_connection_component(self, zipfile: str)
Import connection component
- Parameters:
zipfile – Contains the connection component info (or generated with cyberark tool)
- Returns:
True
Return Examples
get_platform_details example return
{
"Active":true,
"SystemType":"Database",
"AllowedSafes":".*",
"PrivilegedAccessWorkflows":{
"RequireDualControlPasswordAccessApproval":{
"IsActive":false,
"IsAnException":false
},
"EnforceCheckinCheckoutExclusiveAccess":{
"IsActive":false,
"IsAnException":false
},
"EnforceOnetimePasswordAccess":{
"IsActive":false,
"IsAnException":false
},
"RequireUsersToSpecifyReasonForAccess":{
"IsActive":false,
"IsAnException":false
}
},
"CredentialsManagementPolicy":{
"Verification":{
"PerformAutomatic":false,
"RequirePasswordEveryXDays":7,
"AutoOnAdd":false,
"AllowManual":true
},
"Change":{
"PerformAutomatic":false,
"RequirePasswordEveryXDays":90,
"AutoOnAdd":false,
"AllowManual":true
},
"Reconcile":{
"AutomaticReconcileWhenUnsynced":false,
"AllowManual":true
},
"SecretUpdateConfiguration":{
"ChangePasswordInResetMode":false
}
},
"ID":8,
"PlatformID":"Oracle",
"Name":"Oracle Database"
}
get_platforms_details example return
{
"PlatformID":"MySQL",
"Details":{
"PolicyID":"MySQL",
"PolicyName":"MySQL Server",
"PolicyType":"regular",
"ImmediateInterval":"5",
"Interval":"1440",
"MaxConcurrentConnections":"3",
"AllowedSafes":".*",
"MinValidityPeriod":"60",
"ResetOveridesMinValidity":"yes",
"ResetOveridesTimeFrame":"yes",
"Timeout":"30",
"UnlockIfFail":"no",
"UnrecoverableErrors":"5001,5002,5003,5004,5005,5006,2117",
"MaximumRetries":"5",
"MinDelayBetweenRetries":"90",
"DllName":"PMODBC.dll",
"XMLFile":"yes",
"AllowManualChange":"Yes",
"PerformPeriodicChange":"No",
"HeadStartInterval":"5",
"FromHour":"-1",
"ToHour":"-1",
"ChangeNotificationPeriod":"-1",
"DaysNotifyPriorExpiration":"7",
"VFAllowManualVerification":"Yes",
"VFPerformPeriodicVerification":"No",
"VFFromHour":"-1",
"VFToHour":"-1",
"RCAllowManualReconciliation":"Yes",
"RCAutomaticReconcileWhenUnsynched":"No",
"RCReconcileReasons":"2114,2115,2106,2101",
"RCFromHour":"-1",
"RCToHour":"-1",
"NFNotifyPriorExpiration":"No",
"NFPriorExpirationRecipients":"",
"NFNotifyOnPasswordDisable":"Yes",
"NFOnPasswordDisableRecipients":"",
"NFNotifyOnVerificationErrors":"Yes",
"NFOnVerificationErrorsRecipients":"",
"NFNotifyOnPasswordUsed":"No",
"NFOnPasswordUsedRecipients":"",
"PasswordLength":"12",
"MinUpperCase":"2",
"MinLowerCase":"2",
"MinDigit":"1",
"MinSpecial":"-1",
"PasswordForbiddenChars":"$\\'\\/@\".;{}()-|*>~!^#",
"ChangeCommand":"Set password = '%NEWPASSWORD%'",
"ReconcileCommand":"Set password for '%USER%' = '%NEWPASSWORD%'",
"ConnectionCommand":"Driver={MySQL ODBC 5.3 Unicode Driver}",
"Port":"3306",
"Err2114":"N1045",
"CommandForbiddenCharacters":"\\'\\/@\".{}() -;|*>~!^#\t;Characters that cannot be used in the parameters of the change/reconcile command.",
"CommandBlackList":"delete,drop,exec,create,alter,rename,truncate,comment,select,insert,update,merge,call,explain,lock,grant,revoke",
"OneTimePassword":"Non",
"ExpirationPeriod":"90",
"VFVerificationPeriod":"7",
"PasswordLevelRequestTimeframe":"Non"
},
"Active":false
}
get_target_platform_details example return
{
"Active":true,
"SystemType":"*NIX",
"AllowedSafes":".*",
"PrivilegedAccessWorkflows":{
"RequireDualControlPasswordAccessApproval":{
"IsActive":false,
"IsAnException":false
},
"EnforceCheckinCheckoutExclusiveAccess":{
"IsActive":true,
"IsAnException":false
},
"EnforceOnetimePasswordAccess":{
"IsActive":false,
"IsAnException":false
},
"RequireUsersToSpecifyReasonForAccess":{
"IsActive":false,
"IsAnException":false
}
},
"CredentialsManagementPolicy":{
"Verification":{
"PerformAutomatic":false,
"RequirePasswordEveryXDays":7,
"AutoOnAdd":false,
"AllowManual":true
},
"Change":{
"PerformAutomatic":false,
"RequirePasswordEveryXDays":90,
"AutoOnAdd":false,
"AllowManual":true
},
"Reconcile":{
"AutomaticReconcileWhenUnsynced":false,
"AllowManual":true
},
"SecretUpdateConfiguration":{
"ChangePasswordInResetMode":false
}
},
"PrivilegedSessionManagement":{
"PSMServerId":"PSMServer",
"PSMServerName":"PSM"
},
"ID":38,
"PlatformID":"LinuxDomainAccount",
"Name":"Linux Domain Account"
}
get_session_management_policy example return
{
"PSMConnectors":[
{
"PSMConnectorID":"PSM-RDP",
"Enabled":true
},
{
"PSMConnectorID":"RDP",
"Enabled":true
},
{
"PSMConnectorID":"RDPWinApplet",
"Enabled":true
},
{
"PSMConnectorID":"RDPapplet",
"Enabled":true
}
],
"PSMServerId":"PSMServer"
}
Code samples
Display the number of accounts by platform
async with prod as epv:
pfs = [h['Name'] for h in await epv.platform.get_target_platforms()]
tasks = []
for p in pfs:
tasks.append(epv.account.search_account_by(platform=p))
res = await asyncio.gather(*tasks)
for p,r in zip(pfs,res):
print(f"{p};{len(r)}")
Export then delete a platform
async with prod as epv:
pf_name = "PLATFORM_NAME"
await epv.platform.export_platform(pf_name, "../../../saved_platforms/")
pf_uid = await epv.platform.get_target_platform_unique_id(pf_name)
await epv.platform.del_target_plaform(pf_uid)
Or something like this:
pf_name = ""
while pf_name != "exit":
pf_name = input("PF name: ")
await epv.platform.export_platform(pf_name, "../../../saved_platforms/")
pf_uid = await epv.platform.get_target_platform_unique_id(pf_name)
await epv.platform.del_target_plaform(pf_uid)
print(f"{pf_name} successfully deleted !")