Skip to main content
Question

Setting an Extension Attribute using policy?


BCPeteo
Forum|alt.badge.img+11

Is it possible to set an Extension Attribute using a policy?
I have an extension Attribute and I want to set to yes using a policy

9 replies

sdagley
Forum|alt.badge.img+25
  • Jamf Heroes
  • 3546 replies
  • July 8, 2021

@ostrowsp If your EA's Input Type is Text Field you could have a Policy run a script to use the Jamf API to set the EA value.


Forum|alt.badge.img+19
  • Honored Contributor
  • 582 replies
  • July 8, 2021

You could write the result of your policy to a file and then have your EA read that file by running a recon at the end of the policy. The only reason I would not use the API is the credential aspect.


BCPeteo
Forum|alt.badge.img+11
  • Author
  • Contributor
  • 152 replies
  • July 8, 2021

If I have a policy to write a file, then the EA can never manually be changed, so that wont really work. I'm surprised there is no way to automatically do this


sdagley
Forum|alt.badge.img+25
  • Jamf Heroes
  • 3546 replies
  • July 8, 2021

@ostrowsp Can you describe what it is you're trying to achieve by modifying an EA? There may be another way to do what you need.


iJake
Forum|alt.badge.img+21
  • Contributor
  • 279 replies
  • July 10, 2021

What @sdagley said, do this via the API in policy script. Put the credentials in the parameters section and pass them to the script.


Forum|alt.badge.img+31
  • Honored Contributor
  • 2721 replies
  • July 11, 2021

If I need to do this I write to a flat file (plist) locally then have the EA just read the values of the keys. That way I can execute all logic off the local state, write the data, and next recon the EA will pick it up.

Also, super big pro tip - if you are collecting data for anything in an EA and you don't get the value you want or there is a failure, just write a value of false to the EA. Blank values can cause issues, and if you write something like false (or 1, 0, or N/A or anything to indicate it is a failure or no results) then you know for sure the code ran. This also largely helps your data downstream if you are collecting data in a data tool.

Here is an example template I use to see if binaries are present (i.e. they get stdout)

#!/bin/zsh

# EA to test if the foo binary is present

if /usr/local/bin/binary_name arg &> /dev/null
  then echo "<result>true</result>"
  else echo "<result>false</result>"
fi

That way if I run reports or check data downstream in our data tools, and I see false I know that the EA ran and it detected a failure. I can also use this value where ea_foo = false as smart group criteria to scope for fixes. So, really I don't see any reason why you would want a blank value in an EA. Blank values should only be found on devices that have not checked in and submitted inventory.


mpuyet
Forum|alt.badge.img+5
  • Jamf Heroes
  • 9 replies
  • July 15, 2021

if you don't want to do it from a script-extensionAttribute you can do a textfield-EA or popupMenu-EA & populate it from a policy using a script payload.

 

Script example to populate an Extension Attribute : 

jamfUrl="https://jss.jamfcloud.com" jamfUser="your_JamfUser" jamfPass="your_JamfPass" V_SerialNumber=$(system_profiler SPHardwareDataType | grep "Serial Number (system)" | awk '{print $4}') EA_Id="123" EA_Value="" curl -sku $jamfUser:$jamfPass -H "Content-type: application/xml" $jamfUrl/JSSResource/computers/serialnumber/$V_SerialNumber -X PUT -d "<computer><extension_attributes><extension_attribute><id>$EA_Id</id><value>$EA_Value</value></extension_attribute></extension_attributes></computer>"

You have to change Jamf API & EA variables.

Additionally you can add an IF to define your EA_Value  result to sent on the device inventory


Forum|alt.badge.img
  • New Contributor
  • 1 reply
  • December 14, 2021
mpuyet wrote:

if you don't want to do it from a script-extensionAttribute you can do a textfield-EA or popupMenu-EA & populate it from a policy using a script payload.

 

Script example to populate an Extension Attribute : 

jamfUrl="https://jss.jamfcloud.com" jamfUser="your_JamfUser" jamfPass="your_JamfPass" V_SerialNumber=$(system_profiler SPHardwareDataType | grep "Serial Number (system)" | awk '{print $4}') EA_Id="123" EA_Value="" curl -sku $jamfUser:$jamfPass -H "Content-type: application/xml" $jamfUrl/JSSResource/computers/serialnumber/$V_SerialNumber -X PUT -d "<computer><extension_attributes><extension_attribute><id>$EA_Id</id><value>$EA_Value</value></extension_attribute></extension_attributes></computer>"

You have to change Jamf API & EA variables.

Additionally you can add an IF to define your EA_Value  result to sent on the device inventory


I am trying to do the same, however, always get the following error: The request requires user authentication

The interesting part is, that everything works (i.e. I am able to pull the values) if I ignore the last piece of the code. So, it's not like my credentials are incorrect.

 -X PUT -d "<computer><extension_attributes><extension_attribute><id>$EA_Id</id><value>$EA_Value</value></extension_attribute></extension_attributes></computer>"


Does anyone have an idea?


Forum|alt.badge.img+1
  • New Contributor
  • 6 replies
  • May 22, 2023

This is a script I found on the internet.
I adapted the parameters for my purposes and then tested the script in a self service policy.
The script runs without errors, but unfortunately my EA field is not filled. It is Data Type "String" & Input Type "Text Field".
Now where could be my error here?

Thank you for your help.

 

#!/bin/bash jamfserver="$4" #set server URL in parameter 4 API_USER="$5" API_PASS="$6" getudid=$(system_profiler SPHardwareDataType | grep UUID | awk '{print $3}') eaID="$7" #set EA ID in parameter 7 eaName="$8" #set EA Name in parameter 8 value="$9" #set desired EA value in paramter 9 # Submit unmanage payload to the Jamf Pro Server #curl -X PUT -sfku $YourAPIUsername:$YourAPIPassword -d @- "$JSSURL$serial/subset/extensionattributes" -H "Content-Type: application/xml" curl -X PUT -sfku $API_USER:$API_PASS "https://$jamfserver/JSSResource/computers/udid/$getudid/subset/extension_attributes" \\ -H "Content-Type: application/xml" \\ -H "Accept: application/xml" \\ -d "<computer><extension_attributes><extension_attribute><id>$eaID</id><name>$eaName</name><type>String</type><value>$value</value></extension_attribute></extension_attributes></computer>" exit 0

 


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings