Help

Removing computer assignment from Static group using API

Go to solution
Jay_007
Contributor

Posted on ‎05-26-2022 02:58 PM

Hi, I'm new to Jamf Pro and the Apple world and I'm utilising this fantastic API script here. I am wanting to see if a Computer object is a member of a Static group, if so, remove that object from that group. Is this possible? 

 

I'm assuming that I can use this to GET the object (variables are defined at the top of my script):

apiURL="JSSResource/computergroups/id/${StaticGroupID}"

apiData="<computer_group><id>${StaticGroupID}</id><name>${StaticGroupName}</name><computer_additions><computer><name>$ComputerName</name></computer></computer_additions></computer_group>"

group_check=$(curl -s \
	--header "Authorization: Bearer ${api_token}" --header "Content-Type: text/xml" \
	--url "${jamfpro_url}/${apiURL}" \
	--data "${apiData}" \
    --request GET > /dev/null)
if [[ ${group_check} -ne 200 ]]; then    
	echo "Device is no longer assigned to static group. Will not proceed." 
fi
exit 0

Next, if that Computer is assigned to that Group, I want to unassign it, but I only see API functions to DELETE a group or computer object and nothing to remove a computer from a group.

https://developer.jamf.com/jamf-pro/reference/computergroups 

 

Basically the goal here is, assign computers to a Static group to make "Erase and Install macOS" available to that computer in Self Service. When the policy is triggered, remove the computer from that group, then run Erase and Install - This is just a failsafe in case admins forget to remove the computer assignment from the Static group after the erase has been triggered, as we don't want Erase and Install available to devices all the time. Only on a case by case basis.

 

I appreciate any help you can give here. 

0 Kudos
Reply
2 ACCEPTED SOLUTIONS

Go to solution
dlondon
Valued Contributor
In response to Jay_007

Posted on ‎05-29-2022 11:53 PM

I'm not sure that it's necessary to check if the machine is in a group or not.  Adding to a group won't cause an error if it's already in the group and similarly removing from group when it's not in the group also has no error.

Strangely I was thinking about removing from group last week and updated the script here https://community.jamf.com/t5/jamf-pro/bearer-token-api-and-adding-computer-to-static-group/td-p/261...

Maybe that will help

View solution in original post

Reply

Go to solution
Jay_007
Contributor
In response to dlondon

‎05-31-2022 02:09 PM - edited ‎05-31-2022 02:11 PM

Thanks, nice idea having the Add/Remove input parameters. Yeah, I decided to remove that section that checks the group first, as it's assumed that the computer will always be a member if it's running the script anyway. 

My example using <computer_deletions> has done the trick, but I might adapt to yours, as that will be handy in future :) 

View solution in original post

0 Kudos
Reply
5 REPLIES 5

Go to solution
Jay_007
Contributor

‎05-26-2022 03:43 PM - edited ‎05-26-2022 05:51 PM

Ok, so I think I've found what I need, but I'm just not sure how to put it together...

GET computer in group:

 

# Remove apiData as it's not required?

apiURL="JSSResource/computergroups/id/${StaticGroupID}/$ComputerName"

group_check=$(curl -s \
	--header "Authorization: Bearer ${api_token}" --header "Content-Type: text/xml" \
	--url "${jamfpro_url}/${apiURL}" \
    --request GET > /dev/null)
if [[ ${group_check} -ne 200 ]]; then    
	echo "Device is no longer assigned to static group. Will not proceed." 
fi
exit 0

 

Remove computer from group:

 

#Change to "computer_deletions"

apiData="<computer_group><id>${StaticGroupID}</id><name>${StaticGroupName}</name><computer_deletions><computer><name>$ComputerName</name></computer></computer_deletions></computer_group>"

# Use PUT instead of DELETE

curl -s \
	--header "Authorization: Bearer ${api_token}" --header "Content-Type: text/xml" \
	--url "${jamfpro_url}/${apiURL}" \
	--data "${apiData}" \
    --request PUT > /dev/null

 

Am I on the right track? 

Reply

Go to solution
sdagley
Esteemed Contributor II
In response to Jay_007

Posted on ‎05-26-2022 07:41 PM

@Jay_007 Yes, that is the right request type and apiData format to delete a computer from a Static Group

Reply

Go to solution
Jay_007
Contributor
In response to sdagley

‎05-26-2022 08:11 PM - edited ‎05-26-2022 08:11 PM

Thanks. I'm still not doing something right with the GET portion though. I have made a change to the header, but still no luck yet.

 

--header 'Accept: application/xml' \

 

0 Kudos
Reply

Go to solution
dlondon
Valued Contributor
In response to Jay_007

Posted on ‎05-29-2022 11:53 PM

I'm not sure that it's necessary to check if the machine is in a group or not.  Adding to a group won't cause an error if it's already in the group and similarly removing from group when it's not in the group also has no error.

Strangely I was thinking about removing from group last week and updated the script here https://community.jamf.com/t5/jamf-pro/bearer-token-api-and-adding-computer-to-static-group/td-p/261...

Maybe that will help

Reply

Go to solution
Jay_007
Contributor
In response to dlondon

‎05-31-2022 02:09 PM - edited ‎05-31-2022 02:11 PM

Thanks, nice idea having the Add/Remove input parameters. Yeah, I decided to remove that section that checks the group first, as it's assumed that the computer will always be a member if it's running the script anyway. 

My example using <computer_deletions> has done the trick, but I might adapt to yours, as that will be handy in future :) 

0 Kudos
Reply