Trying to upload compliance editor guidance to Jamf Pro

wrinks
New Contributor II

Hi all,

 

I'm trying to upload a guidance from Compliance Editor to Jamf pro. I'm at the portion where it's asking for a client ID and secret. I haven't used the jamf API before and I know you need to create a API role first, but I'm not sure what privileges I would need for a compliance editor upload.

4 REPLIES 4

Tangentism
Contributor II

The guide (link at the bottom of that page) gives a list of the required API permissions, under the section: Uploading to Jamf Pro > Use safe practices

It shows this require permissions matrix.

Screenshot 2023-11-14 at 11.39.44.png

wrinks
New Contributor II

Thanks. That answered my question.

 

Problem now is it's still saying it's failing to generate a token and to verify my username and password. I've copied and pasted the client id and secret into the requisite fields so I'm not sure where I'm going wrong...

Tangentism
Contributor II

Feel free to use my zsh code:

 

# Jamf API URL
jamfURL="https://[yourserver].jamfcloud.com"

# API Credentials
client_id="xxxxxxx"
client_secret="xxxxxxx"

# TOKEN ACQUSITION

getAccessToken() {
    response=$(
        /usr/bin/curl \
            --silent \
            --location \
            --request POST "${jamfURL}/api/oauth/token" \
            --header "Content-Type: application/x-www-form-urlencoded" \
            --data-urlencode "client_id=${client_id}" \
            --data-urlencode "grant_type=client_credentials" \
            --data-urlencode "client_secret=${client_secret}"
    )
    access_token=$(echo "$response" | plutil -extract access_token raw -)
    token_expires_in=$(echo "$response" | plutil -extract expires_in raw -)
    token_expiration_epoch=$(($current_epoch + $token_expires_in - 1))
}

checkTokenExpiration() {
    current_epoch=$(date +%s)
    if [[ token_expiration_epoch -ge current_epoch ]]; then
        echo "Token valid until the following epoch time: " "$token_expiration_epoch"
    else
        echo "No valid token available, getting new token"
        getAccessToken
    fi
}

invalidateToken() {
    responseCode=$(
        /usr/bin/curl \
            -w "%{http_code}" \
            -H "Authorization: Bearer ${access_token}" $jamfURL/api/v1/auth/invalidate-token \
            -X POST \
            -s -o /dev/null
    )
    if [[ ${responseCode} == 204 ]]; then
        echo "Token successfully invalidated"
        access_token=""
        token_expiration_epoch="0"
    elif [[ ${responseCode} == 401 ]]; then
        echo "Token already invalid"
    else
        echo "An unknown error occurred invalidating the token"
    fi
}

Tangentism
Contributor II

Ignore that.... Looking at too many windows to realise you were using their tool.....