Setting an Extension Attribute using policy?

BCPeteo
Contributor II

Is it possible to set an Extension Attribute using a policy?
I have an extension Attribute and I want to set to yes using a policy

9 REPLIES 9

sdagley
Esteemed Contributor II

@ostrowsp If your EA's Input Type is Text Field you could have a Policy run a script to use the Jamf API to set the EA value.

Tribruin
Valued Contributor II

You could write the result of your policy to a file and then have your EA read that file by running a recon at the end of the policy. The only reason I would not use the API is the credential aspect.

BCPeteo
Contributor II

If I have a policy to write a file, then the EA can never manually be changed, so that wont really work. I'm surprised there is no way to automatically do this

sdagley
Esteemed Contributor II

@ostrowsp Can you describe what it is you're trying to achieve by modifying an EA? There may be another way to do what you need.

iJake
Valued Contributor

What @sdagley said, do this via the API in policy script. Put the credentials in the parameters section and pass them to the script.

tlarkin
Honored Contributor

If I need to do this I write to a flat file (plist) locally then have the EA just read the values of the keys. That way I can execute all logic off the local state, write the data, and next recon the EA will pick it up.

Also, super big pro tip - if you are collecting data for anything in an EA and you don't get the value you want or there is a failure, just write a value of false to the EA. Blank values can cause issues, and if you write something like false (or 1, 0, or N/A or anything to indicate it is a failure or no results) then you know for sure the code ran. This also largely helps your data downstream if you are collecting data in a data tool.

Here is an example template I use to see if binaries are present (i.e. they get stdout)

#!/bin/zsh

# EA to test if the foo binary is present

if /usr/local/bin/binary_name arg &> /dev/null
  then echo "<result>true</result>"
  else echo "<result>false</result>"
fi

That way if I run reports or check data downstream in our data tools, and I see false I know that the EA ran and it detected a failure. I can also use this value where ea_foo = false as smart group criteria to scope for fixes. So, really I don't see any reason why you would want a blank value in an EA. Blank values should only be found on devices that have not checked in and submitted inventory.

mpuyet
New Contributor II

if you don't want to do it from a script-extensionAttribute you can do a textfield-EA or popupMenu-EA & populate it from a policy using a script payload.

 

Script example to populate an Extension Attribute : 

jamfUrl="https://jss.jamfcloud.com"
jamfUser="your_JamfUser"
jamfPass="your_JamfPass"
V_SerialNumber=$(system_profiler SPHardwareDataType | grep "Serial Number (system)" | awk '{print $4}')
EA_Id="123"

EA_Value=""

curl -sku $jamfUser:$jamfPass -H "Content-type: application/xml" $jamfUrl/JSSResource/computers/serialnumber/$V_SerialNumber -X PUT -d "<computer><extension_attributes><extension_attribute><id>$EA_Id</id><value>$EA_Value</value></extension_attribute></extension_attributes></computer>"

You have to change Jamf API & EA variables.

Additionally you can add an IF to define your EA_Value  result to sent on the device inventory

egorsc
New Contributor

I am trying to do the same, however, always get the following error: The request requires user authentication

The interesting part is, that everything works (i.e. I am able to pull the values) if I ignore the last piece of the code. So, it's not like my credentials are incorrect.

 -X PUT -d "<computer><extension_attributes><extension_attribute><id>$EA_Id</id><value>$EA_Value</value></extension_attribute></extension_attributes></computer>"


Does anyone have an idea?

Claudius
New Contributor II

This is a script I found on the internet.
I adapted the parameters for my purposes and then tested the script in a self service policy.
The script runs without errors, but unfortunately my EA field is not filled. It is Data Type "String" & Input Type "Text Field".
Now where could be my error here?

Thank you for your help.

 

#!/bin/bash

jamfserver="$4" #set server URL in parameter 4
API_USER="$5"
API_PASS="$6"
getudid=$(system_profiler SPHardwareDataType | grep UUID | awk '{print $3}')
eaID="$7" #set EA ID in parameter 7
eaName="$8" #set EA Name in parameter 8
value="$9" #set desired EA value in paramter 9

# Submit unmanage payload to the Jamf Pro Server
#curl -X PUT -sfku $YourAPIUsername:$YourAPIPassword -d @- "$JSSURL$serial/subset/extensionattributes" -H "Content-Type: application/xml"
curl -X PUT -sfku $API_USER:$API_PASS "https://$jamfserver/JSSResource/computers/udid/$getudid/subset/extension_attributes" \
	-H "Content-Type: application/xml" \
	-H "Accept: application/xml" \
	-d "<computer><extension_attributes><extension_attribute><id>$eaID</id><name>$eaName</name><type>String</type><value>$value</value></extension_attribute></extension_attributes></computer>"

exit 0