Posted on 12-18-2023 03:56 PM
Hello,
I've created a script to to see if any employees have more than 1 mac and then tie it to an extension attritubte. I've done an API get curl to pull information from a computer advance search I've made and then assign it to a list. The list then compares to another list that pulls google chrome emails that is tied to their work email.
The script is working on my end, but it does not post anything to the extension attribute. Is there anything in my script that is preventing to post? If a user has more than 1 mac, I just want it to say "yes" in the extension attribute.
Any input is appreciated! Thanks in advance to everyone.
user_list=()
##########################################################################################
# Curl command only retrieves the email addresses of this advanced search group.
# Command will api-GET the contents of the Advanced search
EmailList=$(/usr/bin/curl -X GET -s -H "Authorization: Bearer $api_Token" "$jssURL/JSSResource/advancedcomputersearches/id/149" -H "accept:text/xml" | xmllint --xpath "advanced_computer_search/computers/computer/Email_Address/text()" - | sort | uniq -c)
# Populate the array using awk and scans to see which emails appear twice or more. If a user appears more than once, this indicates user has multiple
while read -r email; do
user_list+=("$email")
done < <(awk '{if ($1 >= 2) print $2}' <<< "$EmailList")
##########################################################################################
####### Command will find the currently logged in google account #######
####### After pulling the currently logged in google account #######
####### It'll compare the email to $user_list to see if there is a duplicate mac. #######
currentUser=$(scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ { print $3 }')
GoogleChromeAccounts=$(cat /Users/$currentUser/Library/Application\ Support/Google/Chrome/Local\ State | plutil -convert xml1 - -o - | grep -A1 user_name | grep @ | cut -d ">" -f 2 | cut -d "<" -f1)
readarray -t accounts_array <<< "$GoogleChromeAccounts"
##### Commands will search through duplicate list and compare to the logged in google account #####
for user in ${user_list[@]}; do
for gmail in ${accounts_array[@]}; do
if [[ " $user " == " $gmail " ]]; then
result="yes"
echo "<result>$result</result>"
exit
fi
done
done
Posted on 12-19-2023 07:58 AM
What is the result if $user does not equal $gmail? How are you testing this on your end? I'm trying to understand your workflow. EAs won't show anything until the Macs have submitted an inventory, so you won't see results until they do.
Posted on 12-19-2023 09:46 AM
Hey Howie, I appreciate your help. $user does not equal $gmail it doesn't echo anything. Essentially I'm just leaving the EA blank if there is no match.
As for testing, I'm just running the script I pasted above in Code Runner. I've ran sudo jamf recon to update the inventory several times and still no dice.
Posted on 12-19-2023 11:41 AM
The problem might be related to your for user in ${user_list[@]}; do loop.
I suggest trying to move the echo "<result>$result</result>" outside of the loop, removing the exit inside the loop, and assigning a default value to "result" right before the loop. For example:
result=""
for user in ${user_list[@]}; do
for gmail in ${accounts_array[@]}; do
if [[ " $user " == " $gmail " ]]; then
result="yes"
fi
done
done
echo "<result>$result</result>"
If that still doesn't work, then the result variable assignment isn't holding when outside of the loop and you might need to try a different type of loop. This format often works well for me when others fail.
result=""
while read user; do
for gmail in ${accounts_array[@]}; do
if [[ " $user " == " $gmail " ]]; then
result="yes"
fi
done
done < <(printf '%s\n' "${user_list[@]}")
echo "<result>$result</result>"
Posted on 12-19-2023 01:40 PM
Thank you so much for the recommendations.
I've edited the script for the EA in our jamf instance and still not getting any output. Not to sure what's going on. It works perfectly in coderunner but it's just not generating the result variable and displaying it.
Posted on 12-19-2023 03:21 PM
Hey @SV_JamfTech, generally how I tend to solve these issues is by making the script output a lot of debug lines, so I can see what the script is actually seeing.
Since this is an EA script, you won't really get the lines of output when it collects inventory, so what you might want to consider is creating a regular script out of what you have, add a number of debug lines and then add it to a policy and have the policy run on some of the Macs you've been testing it against. When the policy runs, the script should send back those debug lines in stdout and show up in the policy log. Then maybe you can see what's going on.
For example, add some lines like this throughout the script in the appropriate places.
echo "$EmailList"
printf '%s\n' "${user_list[@]}"
printf '%s\n' "${accounts_array[@]}"
Then after the script runs in a normal policy, see what output you're getting for them.
Off the top of my head, the one difference between you running the script locally in CodeRunner versus from a jamf recon is that the recon is running in a root shell, and the CodeRunner execution is not. Even if the account it runs under is a local admin, it's not the same as when it runs from within a Jamf Pro inventory collection. It might have something to do with why you're not getting the results you expect.
Posted on 12-19-2023 03:37 PM
This helps a lot and is some great info. Thank you!! Looks like I've got some more testing to do. I'm going to implement your recommendations and work from there. I appreciate your input and help @mm2270