Skip to main content

HI

I apologize in advance if that question was asked but I cannot find answers :( 

I need to retrieve following information through API: 

1. retrieve members through API from static computer groups - i need to list computer names that belong to specific computer groups.  All i'm able to find is how to list computer groups, but not how to retrieve members. 

# Endpoint to retrieve computer groups
$computerGroupsUrl = "$jamfUrl/api/v1/computer-groups"

# Request computer groups
$responseComputerGroups = Invoke-RestMethod -Uri $computerGroupsUrl -Method Get -Headers $headers -ErrorAction Stop

 

2. retrieve members through API from smart computer groups - i need to list computer names that belong to specific computer groups

 

3. retrieve data through API from "reports" found under "Search inventory" 

Do you already know the static groups you need the members of? Or do you need to read ALL computer groups, determine which ones are static, then output the members of all of them? Or do you have like 8 static groups and you just want an API script that will list the members?


If its just 1 group then you can do the following. You will need to install JQ (https://jqlang.github.io/jq/download/) as I use this to easily manipulate JSON datasets I get back from the API

If you use this in Jamf, you need to set up an API client &  roles then add the following script parameters:

4: Jamf URL
5: Client ID
6: Client Secret
7: Device group ID

If you want to enter more than one group then adapt how it reads parameter 7 and add it to an array instead a variable then loop through it to get each group and assign the results to a new array.

 

#!/usr/bin/env zsh # ----------------------------------------------------------------------------- # PREREQUISITES # ----------------------------------------------------------------------------- # Get the logged in user ConsoleUser=$(echo "show State:/Users/ConsoleUser" | scutil | awk '/Name :/ && ! /loginwindow/ { print $3 }') # Log Path log_path="/Users/${ConsoleUser}/Library/Logs/ComputerGroupReport.log" # Create log file if it doesnt exist [[ ! -f "${log_path}" ]] && touch "${log_path}" # Set up logging log_message() { echo "$(date '+%F %X'): $1" | tee -a "$log_path" } # ----------------------------------------------------------------------------- # SCRIPT PARAMETERS # ----------------------------------------------------------------------------- # JAMF Cloud details jamf_url="${4:-}" # API login details client_id="${5:-}" client_secret="${6:-}" # Computer group ID device_group="${7:-}" [[ "$device_group" == "" ]] && log_message "No group provided. Exiting."; exit 1 || log_message "Group provided: $device_group" # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # FUNCTIONS # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # ----------------------------------------------------------------------------- # API AUTHENTICATION # ----------------------------------------------------------------------------- # Establish API token. API session is set in API client and roles section get_access_token() { response=$(/usr/bin/curl \\ --silent \\ --location \\ --request POST "${jamf_url}/api/oauth/token" \\ --header "Content-Type: application/x-www-form-urlencoded" \\ --data-urlencode "client_id=${client_id}" \\ --data-urlencode "grant_type=client_credentials" \\ --data-urlencode "client_secret=${client_secret}") current_epoch=$(date +%s) access_token=$(echo "$response" | plutil -extract access_token raw -) token_expires_in=$(echo "$response" | plutil -extract expires_in raw -) token_expiration_epoch=$((+-1)) } check_token_expiration() { current_epoch=$(date +%s) if [[ $token_expiration_epoch -ge $current_epoch ]]; then echo "Current epoch time: $current_epoch" echo "Token valid until the following epoch time: " "$token_expiration_epoch" else echo "No valid token available, getting new token" get_access_token fi } invalidate_token() { responseCode=$(/usr/bin/curl \\ -w "%{http_code}" \\ -H "Authorization: Bearer ${access_token}" $jamf_url/api/v1/auth/invalidate-token \\ -X POST \\ -s -o /dev/null) if [[ ${responseCode} == 204 ]]; then echo "Token successfully invalidated" access_token="" token_expiration_epoch="0" elif [[ ${responseCode} == 401 ]]; then echo "Token already invalid" else echo "An unknown error occurred invalidating the token" fi } # ----------------------------------------------------------------------------- # FUNCTIONS: API CALLS # ----------------------------------------------------------------------------- # Gets membership of computer group get_device_group() { recovery_devices=$(/usr/bin/curl \\ --silent \\ --request GET \\ --header "Authorization: Bearer ${access_token}" \\ --header "Accept: application/json" \\ --url "${jamf_url}/JSSResource/computergroups/id/$device_group") } # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # OPERATIONS # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # Create an API token get_access_token # Read the computer group for computer IDs get_device_group "$device_group" ### Display the raw data back from the API echo $recovery_devices | jq -r . ### List only the computer names echo "$recovery_devices" | jq -r '.[].computers[].name'