How do you Put a Computer into a Static Group with API>

Hugonaut
Valued Contributor II

So I came across this article https://www.jamf.com/jamf-nation/third-party-products/files/658/jssid-list-to-static-group-using-the... But I was wondering if I can pass along a curl command in a single line with a computers ID to a static group using the Statics Group ID instead of writing out to a tmp xml file. Here is an example of a basic script I'm using to test. For the moment, I'm using a test serial number since I can easily populate my serial numbers into the script.

If this is possible with a simple (rough example to get the point across)

put $JAMF_COMPUTERID to "${apiuser}:${apipass}" "${jssURL}/JSSResource/computergroups/id/${GROUP_ID}"

that would be awesome

#!/bin/bash

#########################################################################################
# Variables - Do Not Modify
#########################################################################################

# API Credentials
#########################################################################################

apiuser="api"
apipass="pass"
jssURL="https://jamf.server.com:8443"

# Serial Number
#########################################################################################

JAMF_SERIAL="###########"

# Pull Computer Asset Tag  from JAMF
#########################################################################################

JAMF_STUDENTID=$(curl -H "Accept: text/xml" -sfku "${apiuser}:${apipass}" "${jssURL}/JSSResource/computers/serialnumber/${JAMF_SERIAL}/subset/general" | xmllint --format - 2>/dev/null | awk -F'>|<' '/<asset_tag>/{print $3; exit}')

echo $JAMF_STUDENTID

# Pull Computer ID from JAMF
#########################################################################################

JAMF_COMPUTERID=$(curl -H "Accept: text/xml" -sfku "${apiuser}:${apipass}" "${jssURL}/JSSResource/computers/serialnumber/${JAMF_SERIAL}/subset/general" | xmllint --format - 2>/dev/null | awk -F'>|<' '/<id>/{print $3; exit}')

echo $JAMF_COMPUTERID

# Put Computer ID into JAMF Static Group
#########################################################################################

GROUP_ID="##"

??? put $JAMF_COMPUTERID to "${apiuser}:${apipass}" "${jssURL}/JSSResource/computergroups/id/${GROUP_ID}"
________________
Looking for a Jamf Managed Service Provider? Look no further than Rocketman
________________


Virtual MacAdmins Monthly Meetup - First Friday, Every Month
1 ACCEPTED SOLUTION

boberito
Valued Contributor

Here's how I've updated group membership in the past

It's a bit more than you had.

#!/bin/sh

#API login info
apiuser="USERNAME"
apipass='PASSWORD'
jamfProURL="https://jamfproserver:8443"

ComputerName=$(hostname)

#update group with ID 232 aka group you want
GroupID="1234"
apiURL="JSSResource/computergroups/id/${GroupID}"

#XML header stuff
xmlHeader="<?xml version="1.0" encoding="UTF-8" standalone="no"?>"

apiData="<computer_group><id>${GroupID}</id><name>Whatever the GroupName Is</name><computer_additions><computer><name>$ComputerName</name></computer></computer_additions></computer_group>"

curl -sSkiu ${apiuser}:${apipass} "${jamfProURL}/${apiURL}" 
    -H "Content-Type: text/xml" 
    -d "${xmlHeader}${apiData}" 
    -X PUT  > /dev/null

View solution in original post

20 REPLIES 20

boberito
Valued Contributor

Here's how I've updated group membership in the past

It's a bit more than you had.

#!/bin/sh

#API login info
apiuser="USERNAME"
apipass='PASSWORD'
jamfProURL="https://jamfproserver:8443"

ComputerName=$(hostname)

#update group with ID 232 aka group you want
GroupID="1234"
apiURL="JSSResource/computergroups/id/${GroupID}"

#XML header stuff
xmlHeader="<?xml version="1.0" encoding="UTF-8" standalone="no"?>"

apiData="<computer_group><id>${GroupID}</id><name>Whatever the GroupName Is</name><computer_additions><computer><name>$ComputerName</name></computer></computer_additions></computer_group>"

curl -sSkiu ${apiuser}:${apipass} "${jamfProURL}/${apiURL}" 
    -H "Content-Type: text/xml" 
    -d "${xmlHeader}${apiData}" 
    -X PUT  > /dev/null

how to use this in postman?

Hugonaut
Valued Contributor II

@boberito

apiData="<computer_group><id>${GroupID}</id><name>Whatever the GroupName Is</name><computer_additions><computer><name>$ComputerName</name></computer></computer_additions></computer_group>"

SOLID! Thank you! This was driving me crazy, huge help man.

________________
Looking for a Jamf Managed Service Provider? Look no further than Rocketman
________________


Virtual MacAdmins Monthly Meetup - First Friday, Every Month

adamnewman
New Contributor II

@boberito

You ever done this process for Mobile Devices. Tried to adapt your method but having no luck.

adamnewman
New Contributor II

Got this working.

<mobile_device_group><id>${GroupID}</id><name>GROUP NAME</name><mobile_device_additions><mobile_device><serial_number>SERIAL NUMBER</serial_number></mobile_device></mobile_device_additions></mobile_device_group>"

MatG
Contributor III

@boberito

Nice script but I seem to have to adde the ComputerName to the APIData call, if I put the computerName as below nothing happens

ComputerName=$C024567GH

sdagley
Esteemed Contributor II

@MatG In a bash script the $ means get the value of the variable following the $, so what you wrote is trying to assign the value of a variable named C024567GH to the variable ComputerName. Since you're trying to assign the serial number C024567GH to ComputerName what you want to write is ComputerName="C024567GH".

L3nny5
New Contributor III

Can anybody tell me, what the minimal needed API account rights are, for this to work?

beeboo
Contributor

@L3nny5 needs admin to PUT/POST

marc_grubb
New Contributor III

Regarding API User privileges, I used Access Level: Full, Privilege Set: Custom (which starts with NO privileges), then added Jamf Pro Server Objects> API Integrations (C-R-U-D as needed) and Static Computer Groups (C-R-U-D as needed)

marc_grubb
New Contributor III

Confirmed with my Jamf Buddy: ":8443" is not needed for Jamf Cloud.

alstalent
New Contributor II

@adamnewman I'm trying to do this with mobile devices as well but I'm having issues with using this with Basic Authorization and getting "Object must be specified as an xml file". Any thoughts?

user-dzIJnCprEb
New Contributor

Heyo, really need to get this working for a workflow. I keep getting error code 127 (command not found) and I'm not sure why...

Looks like it's erroring out in lines 22-23 of the last curl command:

curl -sSkiu ${apiuser}:${apipass} "${jamfProURL}/${apiURL}" 
    -H "Content-Type: text/xml" 
    -d "${xmlHeader}${apiData}" 
    -X PUT  > /dev/null

This is the error I get in Terminal when I call the policy via -trigger: 

<?xml version="1.0" encoding="UTF-8"?><computer_group><id>123</id><name>The Group Name I specify</name><is_smart>false</is_smart><site><id>-1</id><name>None</name></site><criteria><size>0</size></criteria><computers><size>0</size></computers></computer_group>/Library/Application Support/JAMF/tmp/Add Mac to Static Group: line 21: -H: command not found
/Library/Application Support/JAMF/tmp/Add Mac to Static Group: line 22: -d: command not found
/Library/Application Support/JAMF/tmp/Add Mac to Static Group: line 23: -X: command not found

Error running script: return code was 127.

Any ideas? 

sdagley
Esteemed Contributor II

@user-dzIJnCprEb The curl command should all be on one line, or you need to use the \ line continuation indicator if you're breaking it across multiple lines, e.g:

curl -sSkiu ${apiuser}:${apipass} "${jamfProURL}/${apiURL}" \
    -H "Content-Type: text/xml" \
    -d "${xmlHeader}${apiData}" \
    -X PUT  > /dev/null

Gah, ok fixed that. So now the policy completes, but the machine is not added to the group.

If I run the script locally in verbose, I get the following, but again Mac is not added to the group:

Last login: Tue Jan 18 13:49:09 on ttys000
admin@admin's-Mac ~ % sh -x /Users/admin/Desktop/group_add.sh  
+ apiuser=[jamf_user]
+ apipass=[password]
+ jamfProURL=https://[my org].jamfcloud.com
++ /usr/sbin/scutil --get ComputerName
+ ComputerName='Admin'\''s Mac'
+ GroupID=131
+ GroupName='Test Group'
+ apiURL=JSSResource/computergroups/id/131
+ xmlHeader='<?xml version=1.0 encoding=UTF-8?>'
+ apiData='<computer_group><id>131</id><name>Test Group</name><computer_additions><computer><name>Admin'\''s Mac</name></computer></computer_additions></computer_group>'
+ curl -sSkiu [jaf user]:[password] https://[myorg].jamfcloud.com/JSSResource/computergroups/id/131 -H 'Content-Type: text/xml' -d '<?xml version=1.0 encoding=UTF-8?><computer_group><id>131</id><name>Test Group</name><computer_additions><computer><name>Admin'\''s Mac</name></computer></computer_additions></computer_group>' -X PUT
admin@admin's-Mac ~ % 

 What am I missing?

sdagley
Esteemed Contributor II

@user-dzIJnCprEb Looking at the verbose output it appears you are escaping characters in your computer_name field incorrectly. The escape character is a \, not a '. Using computer_name is also problematic as there's no guarantee that name will be unique. Using serial_number would be safer (although surprisingly not guaranteed to be unique) so the apiData would look something like this:

 

 

<computer_group><id>${GroupToAddToID}</id><name>${GroupToAddToName}</name><computer_additions><computer><serial_number>${ComputerSerial}</serial_number></computer></computer_additions></computer_group>"

 

 

jul_io
New Contributor

Will this work for multiple serial numbers?

something like 

<serial_number>${ xxxxxxxx, xxxxxxxx, xxxxxxx}</serial_number>

jul_io
New Contributor

I mean

ComputerSerial=$( xxxxx, xxxxx, xxxx )

GGInquisitor
Release Candidate Programs Tester

Did you ever figure this out?  We are seeing the same thing.  The command completes but we get bad request in the return.

Thanks!

You could try the final script shown here https://community.jamf.com/t5/jamf-pro/bearer-token-api-and-adding-computer-to-static-group/td-p/261...

It's based on things several people above have said as well as Richard Trouton and uses the new Bearer Authentication Token that you should be moving to before Jamf shuts down the Basic Auth