Hi @May Just to be sure I wasn't pointing you in the wrong direction with this, I actually put together a working script for this. In the below, you would only need to do the following:
Either hardocode in your API account that has both read and write privileges for policies, or use $4 and $5 passed to the script for the account name and password, respectively. Of course, the latter option is more secure than having those credentials hardcoded into the script, but that all depends on who in your organization has access to look at script and policy details. If it needs to be more secure than that, you'd need to use Jamf's encrypted script parameters workflow, which you can find here.
Secondly, you can either hardcode in or pass the policy ID in question that you want to flip the state on to $6. This one should be fine to hardcode in as it's just the policy ID, not credentials.
In the script, I tried to add as many comments to things where the stuff is happening. I tested this on a junk policy by having my own machine act as the gatekeeper to it. If my machine showed available Software Updates, it would disable the policy (verified in the JSS). If I commented out the section on grabbing updates and hardcoded in a 0 for available updates, it would enable the policy (also verified in the JSS). If the policy is already in the state you want it to be in (enabled/disabled) it would do nothing since no action is needed.
Let me know if you have any questions on this, or have trouble getting it to work. It was tested against Jamf Pro 9.99.0.
#!/bin/bash
APIUSER=""
APIPASS=""
POLICYID=""
if [[ -z "$APIUSER" ]] && [[ ! -z "$4" ]]; then
APIUSER="$4"
elif [ ! -z "$APIUSER" ]; then
APIUSER="$APIUSER"
fi
if [[ -z "$APIPASS" ]] && [[ ! -z "$5" ]]; then
APIPASS="$5"
elif [ ! -z "$APIPASS" ]; then
APIPASS="$APIPASS"
fi
if [[ -z "$POLICYID" ]] && [[ ! -z "$6" ]]; then
POLICYID="$6"
elif [ ! -z "$POLICYID" ]; then
POLICYID="$POLICYID"
fi
if [[ -z "$APIUSER" ]] || [[ -z "$APIPASS" ]] || [[ -z "$POLICYID" ]]; then
echo "API credentials or the JSS policy ID were not passed to this script. Pass the required values to the script and try again."
exit 1
fi
JSSURL=$(defaults read /Library/Preferences/com.jamfsoftware.jamf.plist jss_url)
function flipState ()
{
sed -i "" "s|<enabled>$CURRENT_STATE</enabled>|<enabled>$DESIRED_STATE</enabled>|" /tmp/${POLICYID}.xml
if [ "$?" == 0 ]; then
echo "State changed in local xml file. Attempting to upload"
curl -sfku "${APIUSER}:${APIPASS}" "${JSSURL}JSSResource/policies/id/${POLICYID}" -X PUT -T /tmp/${POLICYID}.xml 2>&1 > /dev/null
status=$?
if [ "$status" == 0 ]; then
echo "Policy state successfully changed to $DESIRED_STATE"
rm /tmp/${POLICYID}.xml
exit 0
else
echo "Error: Policy state could not be changed"
rm /tmp/${POLICYID}.xml
exit 1
fi
fi
}
function getPolicyData ()
{
curl -H "Accept: text/xml" -sfku "${APIUSER}:${APIPASS}" "${JSSURL}JSSResource/policies/id/${POLICYID}" | xmllint --format - > /tmp/${POLICYID}.xml
CURRENT_STATE=$(xpath '/policy/general/enabled/text()' < /tmp/${POLICYID}.xml)
echo "Current policy state: $CURRENT_STATE"
if [ "$CURRENT_STATE" == "$DESIRED_STATE" ]; then
echo "Policy already in desired state. Nothing to do"
exit 0
else
echo "Current policy state and desired state do not match. Changing state for policy"
flipState
fi
}
function checkForSWUs ()
{
echo "Getting available software updates for this system"
SWU_AVAIL_COUNT=$(/usr/sbin/softwareupdate -l | grep "*" | awk 'END{print NR}')
if [ "$SWU_AVAIL_COUNT" -gt 0 ]; then
echo "Current available software updates: $SWU_AVAIL_COUNT"
echo "Setting desired policy state to: false"
DESIRED_STATE="false"
getPolicyData
else
echo "Current available software updates: 0"
echo "Setting desired policy state to: true"
DESIRED_STATE="true"
getPolicyData
fi
}
checkForSWUs