You will need to modify this command to use it as it will not work as-is.
Note that API generally requires you to perform the following actions:
- "do stuff"
- publish (possibly followed by more "do stuff")
The command I provided is a "do stuff" command.
-s sid.txt refers to a session file created with mgmt_cli login > sid.txt
There are other ways to reference a session you've created (e.g. --session-id).
Given that you need to execute this command numerous times, it's best to create a proper session versus using the -r true shortcut that is often shown in mgmt_cli commands.
For more on the API: https://sc1.checkpoint.com/documents/latest/APIs/index.html#introduction~v1.9%20
A given API call will only return a certain number of results, even if there are more results to be had.
Think of it this way: you don't read Moby Dick all at once, you read it a page at a time.
The API works on the same principle, only providing you a limited amount of data at a time.
Think of the offset parameter as how you specify the "page" you want to read.
You have 22,000+ users.
The API is only going to give you, say, 500 at a time (it could be less).
You can verify the precise number with:
mgmt_cli -r true --format json show users | jq '.to'
The API will also tell you exactly how many results it has.
It's easy enough to find out with:
mgmt_cli -r true --format json show users | jq '.total'
Note that in both cases, I am using -r true here, which effectively mimics the API flow I mentioned above and should only be used for simple operations.
For the task you're doing, proper session management (with explicit login/logout) is highly recommended for performance reasons.
Which means, to get the second page of results (i.e. the next 500 users), my command would look something like:
mgmt_cli -s sid.txt --format json show users details-level full show-certificates true offset 500 | jq -r '.objects | [.name, ."expiration-date"."iso-8601", .certificates.status] | @csv'
The third page of results (i.e. the 500 users after that), the command would look something like:
mgmt_cli -s sid.txt --format json show users details-level full show-certificates true offset 1000 | jq -r '.objects | [.name, ."expiration-date"."iso-8601", .certificates.status] | @csv'
And so on until you have all the users.
You could create a simple for loop in a bash script that calls this command numerous times.
Just for context, mgmt_cli is returning the results and the results are being piped to jq in order to provide only the data you're interested in and in a format that is easier to parse.