Retrieve members of static, smart computer groups and members of reports

HI

I apologize in advance if that question was asked but I cannot find answers :(

I need to retrieve following information through API:

1. retrieve members through API from static computer groups - i need to list computer names that belong to specific computer groups. All i'm able to find is how to list computer groups, but not how to retrieve members.

# Endpoint to retrieve computer groups
$computerGroupsUrl = "$jamfUrl/api/v1/computer-groups"

# Request computer groups
$responseComputerGroups = Invoke-RestMethod -Uri $computerGroupsUrl -Method Get -Headers $headers -ErrorAction Stop

2. retrieve members through API from smart computer groups - i need to list computer names that belong to specific computer groups

3. retrieve data through API from "reports" found under "Search inventory"

Page 1 / 1

Do you already know the static groups you need the members of? Or do you need to read ALL computer groups, determine which ones are static, then output the members of all of them? Or do you have like 8 static groups and you just want an API script that will list the members?

If its just 1 group then you can do the following. You will need to install JQ (https://jqlang.github.io/jq/download/) as I use this to easily manipulate JSON datasets I get back from the API

If you use this in Jamf, you need to set up an API client & roles then add the following script parameters:

4: Jamf URL
5: Client ID
6: Client Secret
7: Device group ID

If you want to enter more than one group then adapt how it reads parameter 7 and add it to an array instead a variable then loop through it to get each group and assign the results to a new array.

#!/usr/bin/env zsh



# -----------------------------------------------------------------------------

# PREREQUISITES

# -----------------------------------------------------------------------------



# Get the logged in user

ConsoleUser=$(echo "show State:/Users/ConsoleUser" | scutil | awk '/Name  && ! /loginwindow/ { print $3 }')



# Log Path

log_path="/Users/${ConsoleUser}/Library/Logs/ComputerGroupReport.log"



# Create log file if it doesnt exist

[[ ! -f "${log_path}" ]] && touch "${log_path}"



# Set up logging

log_message() {

echo "$(date '+%F %X'): $1" | tee -a "$log_path"

}



# -----------------------------------------------------------------------------

# SCRIPT PARAMETERS

# -----------------------------------------------------------------------------



# JAMF Cloud details

jamf_url="${4:-}"



# API login details

client_id="${5:-}"

client_secret="${6:-}"



# Computer group ID

device_group="${7:-}"



[[ "$device_group" == "" ]] && log_message "No group provided. Exiting."; exit 1 || log_message "Group provided: $device_group"





# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

# FUNCTIONS

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #



# -----------------------------------------------------------------------------

# API AUTHENTICATION

# -----------------------------------------------------------------------------

# Establish API token. API session is set in API client and roles section

get_access_token() {

response=$(/usr/bin/curl \\

--silent \\

--location \\

--request POST "${jamf_url}/api/oauth/token" \\

--header "Content-Type: application/x-www-form-urlencoded" \\

--data-urlencode "client_id=${client_id}" \\

--data-urlencode "grant_type=client_credentials" \\

--data-urlencode "client_secret=${client_secret}")

current_epoch=$(date +%s)

access_token=$(echo "$response" | plutil -extract access_token raw -)

token_expires_in=$(echo "$response" | plutil -extract expires_in raw -)

token_expiration_epoch=$((+-1))

}



check_token_expiration() {

current_epoch=$(date +%s)

if [[ $token_expiration_epoch -ge $current_epoch ]]; then

echo "Current epoch time: $current_epoch"

echo "Token valid until the following epoch time: " "$token_expiration_epoch"

else

echo "No valid token available, getting new token"

get_access_token

fi

}



invalidate_token() {

responseCode=$(/usr/bin/curl \\

-w "%{http_code}" \\

-H "Authorization: Bearer ${access_token}" $jamf_url/api/v1/auth/invalidate-token \\

-X POST \\

-s -o /dev/null)



if [[ ${responseCode} == 204 ]]; then

echo "Token successfully invalidated"

access_token=""

token_expiration_epoch="0"

elif [[ ${responseCode} == 401 ]]; then

echo "Token already invalid"

else

echo "An unknown error occurred invalidating the token"

fi

}



# -----------------------------------------------------------------------------

# FUNCTIONS: API CALLS

# -----------------------------------------------------------------------------



# Gets membership of computer group

get_device_group() {

recovery_devices=$(/usr/bin/curl \\

--silent \\

--request GET \\

--header "Authorization: Bearer ${access_token}" \\

--header "Accept: application/json" \\

--url "${jamf_url}/JSSResource/computergroups/id/$device_group")

}



# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

# OPERATIONS

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #



# Create an API token

get_access_token



# Read the computer group for computer IDs

get_device_group "$device_group"





### Display the raw data back from the API

echo $recovery_devices | jq -r .



### List only the computer names

echo "$recovery_devices" | jq -r '.[].computers[].name'

Reply

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded