Retrieve members of static, smart computer groups and members of reports

marekm
New Contributor

HI

I apologize in advance if that question was asked but I cannot find answers :( 

I need to retrieve following information through API: 

1. retrieve members through API from static computer groups - i need to list computer names that belong to specific computer groups.  All i'm able to find is how to list computer groups, but not how to retrieve members. 

# Endpoint to retrieve computer groups
$computerGroupsUrl = "$jamfUrl/api/v1/computer-groups"

# Request computer groups
$responseComputerGroups = Invoke-RestMethod -Uri $computerGroupsUrl -Method Get -Headers $headers -ErrorAction Stop

 

2. retrieve members through API from smart computer groups - i need to list computer names that belong to specific computer groups

 

3. retrieve data through API from "reports" found under "Search inventory" 

2 REPLIES 2

williamaddis
New Contributor III

Do you already know the static groups you need the members of? Or do you need to read ALL computer groups, determine which ones are static, then output the members of all of them? Or do you have like 8 static groups and you just want an API script that will list the members?

Tangentism
Contributor III

If its just 1 group then you can do the following. You will need to install JQ (https://jqlang.github.io/jq/download/) as I use this to easily manipulate JSON datasets I get back from the API

If you use this in Jamf, you need to set up an API client &  roles then add the following script parameters:

4: Jamf URL
5: Client ID
6: Client Secret
7: Device group ID

If you want to enter more than one group then adapt how it reads parameter 7 and add it to an array instead a variable then loop through it to get each group and assign the results to a new array.

 

#!/usr/bin/env zsh

# -----------------------------------------------------------------------------
# PREREQUISITES
# -----------------------------------------------------------------------------

# Get the logged in user
ConsoleUser=$(echo "show State:/Users/ConsoleUser" | scutil | awk '/Name :/ && ! /loginwindow/ { print $3 }')

# Log Path
log_path="/Users/${ConsoleUser}/Library/Logs/ComputerGroupReport.log"

# Create log file if it doesnt exist
[[ ! -f "${log_path}" ]] && touch "${log_path}"

# Set up logging
log_message() {
echo "$(date '+%F %X'): $1" | tee -a "$log_path"
}

# -----------------------------------------------------------------------------
# SCRIPT PARAMETERS
# -----------------------------------------------------------------------------

# JAMF Cloud details
jamf_url="${4:-}"

# API login details
client_id="${5:-}"
client_secret="${6:-}"

# Computer group ID
device_group="${7:-}"

[[ "$device_group" == "" ]] && log_message "No group provided. Exiting."; exit 1 || log_message "Group provided: $device_group"


# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# FUNCTIONS
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

# -----------------------------------------------------------------------------
# API AUTHENTICATION
# -----------------------------------------------------------------------------
# Establish API token. API session is set in API client and roles section
get_access_token() {
response=$(/usr/bin/curl \
--silent \
--location \
--request POST "${jamf_url}/api/oauth/token" \
--header "Content-Type: application/x-www-form-urlencoded" \
--data-urlencode "client_id=${client_id}" \
--data-urlencode "grant_type=client_credentials" \
--data-urlencode "client_secret=${client_secret}")
current_epoch=$(date +%s)
access_token=$(echo "$response" | plutil -extract access_token raw -)
token_expires_in=$(echo "$response" | plutil -extract expires_in raw -)
token_expiration_epoch=$((+-1))
}

check_token_expiration() {
current_epoch=$(date +%s)
if [[ $token_expiration_epoch -ge $current_epoch ]]; then
echo "Current epoch time: $current_epoch"
echo "Token valid until the following epoch time: " "$token_expiration_epoch"
else
echo "No valid token available, getting new token"
get_access_token
fi
}

invalidate_token() {
responseCode=$(/usr/bin/curl \
-w "%{http_code}" \
-H "Authorization: Bearer ${access_token}" $jamf_url/api/v1/auth/invalidate-token \
-X POST \
-s -o /dev/null)

if [[ ${responseCode} == 204 ]]; then
echo "Token successfully invalidated"
access_token=""
token_expiration_epoch="0"
elif [[ ${responseCode} == 401 ]]; then
echo "Token already invalid"
else
echo "An unknown error occurred invalidating the token"
fi
}

# -----------------------------------------------------------------------------
# FUNCTIONS: API CALLS
# -----------------------------------------------------------------------------

# Gets membership of computer group
get_device_group() {
recovery_devices=$(/usr/bin/curl \
--silent \
--request GET \
--header "Authorization: Bearer ${access_token}" \
--header "Accept: application/json" \
--url "${jamf_url}/JSSResource/computergroups/id/$device_group")
}

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# OPERATIONS
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

# Create an API token
get_access_token

# Read the computer group for computer IDs
get_device_group "$device_group"


### Display the raw data back from the API
echo $recovery_devices | jq -r .

### List only the computer names
echo "$recovery_devices" | jq -r '.[].computers[].name'