So I came across this article https://www.jamf.com/jamf-nation/third-party-products/files/658/jssid-list-to-static-group-using-the-api-script But I was wondering if I can pass along a curl command in a single line with a computers ID to a static group using the Statics Group ID instead of writing out to a tmp xml file. Here is an example of a basic script I'm using to test. For the moment, I'm using a test serial number since I can easily populate my serial numbers into the script.
If this is possible with a simple (rough example to get the point across)
put $JAMF_COMPUTERID to "${apiuser}:${apipass}" "${jssURL}/JSSResource/computergroups/id/${GROUP_ID}"
that would be awesome
#!/bin/bash
#########################################################################################
# Variables - Do Not Modify
#########################################################################################
# API Credentials
#########################################################################################
apiuser="api"
apipass="pass"
jssURL="https://jamf.server.com:8443"
# Serial Number
#########################################################################################
JAMF_SERIAL="###########"
# Pull Computer Asset Tag from JAMF
#########################################################################################
JAMF_STUDENTID=$(curl -H "Accept: text/xml" -sfku "${apiuser}:${apipass}" "${jssURL}/JSSResource/computers/serialnumber/${JAMF_SERIAL}/subset/general" | xmllint --format - 2>/dev/null | awk -F'>|<' '/<asset_tag>/{print $3; exit}')
echo $JAMF_STUDENTID
# Pull Computer ID from JAMF
#########################################################################################
JAMF_COMPUTERID=$(curl -H "Accept: text/xml" -sfku "${apiuser}:${apipass}" "${jssURL}/JSSResource/computers/serialnumber/${JAMF_SERIAL}/subset/general" | xmllint --format - 2>/dev/null | awk -F'>|<' '/<id>/{print $3; exit}')
echo $JAMF_COMPUTERID
# Put Computer ID into JAMF Static Group
#########################################################################################
GROUP_ID="##"
??? put $JAMF_COMPUTERID to "${apiuser}:${apipass}" "${jssURL}/JSSResource/computergroups/id/${GROUP_ID}"
Here's how I've updated group membership in the past
It's a bit more than you had.
#!/bin/sh
#API login info
apiuser="USERNAME"
apipass='PASSWORD'
jamfProURL="https://jamfproserver:8443"
ComputerName=$(hostname)
#update group with ID 232 aka group you want
GroupID="1234"
apiURL="JSSResource/computergroups/id/${GroupID}"
#XML header stuff
xmlHeader="<?xml version="1.0" encoding="UTF-8" standalone="no"?>"
apiData="<computer_group><id>${GroupID}</id><name>Whatever the GroupName Is</name><computer_additions><computer><name>$ComputerName</name></computer></computer_additions></computer_group>"
curl -sSkiu ${apiuser}:${apipass} "${jamfProURL}/${apiURL}"
-H "Content-Type: text/xml"
-d "${xmlHeader}${apiData}"
-X PUT > /dev/null
@boberito
apiData="<computer_group><id>${GroupID}</id><name>Whatever the GroupName Is</name><computer_additions><computer><name>$ComputerName</name></computer></computer_additions></computer_group>"
SOLID! Thank you! This was driving me crazy, huge help man.
@boberito
You ever done this process for Mobile Devices. Tried to adapt your method but having no luck.
Got this working.
<mobile_device_group><id>${GroupID}</id><name>GROUP NAME</name><mobile_device_additions><mobile_device><serial_number>SERIAL NUMBER</serial_number></mobile_device></mobile_device_additions></mobile_device_group>"
@boberito
Nice script but I seem to have to adde the ComputerName to the APIData call, if I put the computerName as below nothing happens
ComputerName=$C024567GH
@MatG In a bash script the $ means get the value of the variable following the $, so what you wrote is trying to assign the value of a variable named C024567GH to the variable ComputerName. Since you're trying to assign the serial number C024567GH to ComputerName what you want to write is ComputerName="C024567GH"
.
Can anybody tell me, what the minimal needed API account rights are, for this to work?
@L3nny5
needs admin to PUT/POST
Regarding API User privileges, I used Access Level: Full, Privilege Set: Custom (which starts with NO privileges), then added Jamf Pro Server Objects> API Integrations (C-R-U-D as needed) and Static Computer Groups (C-R-U-D as needed)
Confirmed with my Jamf Buddy: ":8443" is not needed for Jamf Cloud.
@adamnewman I'm trying to do this with mobile devices as well but I'm having issues with using this with Basic Authorization and getting "Object must be specified as an xml file". Any thoughts?
Heyo, really need to get this working for a workflow. I keep getting error code 127 (command not found) and I'm not sure why...
Looks like it's erroring out in lines 22-23 of the last curl command:
curl -sSkiu ${apiuser}:${apipass} "${jamfProURL}/${apiURL}"
-H "Content-Type: text/xml"
-d "${xmlHeader}${apiData}"
-X PUT > /dev/null
This is the error I get in Terminal when I call the policy via -trigger:
<?xml version="1.0" encoding="UTF-8"?><computer_group><id>123</id><name>The Group Name I specify</name><is_smart>false</is_smart><site><id>-1</id><name>None</name></site><criteria><size>0</size></criteria><computers><size>0</size></computers></computer_group>/Library/Application Support/JAMF/tmp/Add Mac to Static Group: line 21: -H: command not found
/Library/Application Support/JAMF/tmp/Add Mac to Static Group: line 22: -d: command not found
/Library/Application Support/JAMF/tmp/Add Mac to Static Group: line 23: -X: command not found
Error running script: return code was 127.
Any ideas?
Heyo, really need to get this working for a workflow. I keep getting error code 127 (command not found) and I'm not sure why...
Looks like it's erroring out in lines 22-23 of the last curl command:
curl -sSkiu ${apiuser}:${apipass} "${jamfProURL}/${apiURL}"
-H "Content-Type: text/xml"
-d "${xmlHeader}${apiData}"
-X PUT > /dev/null
This is the error I get in Terminal when I call the policy via -trigger:
<?xml version="1.0" encoding="UTF-8"?><computer_group><id>123</id><name>The Group Name I specify</name><is_smart>false</is_smart><site><id>-1</id><name>None</name></site><criteria><size>0</size></criteria><computers><size>0</size></computers></computer_group>/Library/Application Support/JAMF/tmp/Add Mac to Static Group: line 21: -H: command not found
/Library/Application Support/JAMF/tmp/Add Mac to Static Group: line 22: -d: command not found
/Library/Application Support/JAMF/tmp/Add Mac to Static Group: line 23: -X: command not found
Error running script: return code was 127.
Any ideas?
@user-dzIJnCprEb The curl command should all be on one line, or you need to use the \\ line continuation indicator if you're breaking it across multiple lines, e.g:
curl -sSkiu ${apiuser}:${apipass} "${jamfProURL}/${apiURL}" \\
-H "Content-Type: text/xml" \\
-d "${xmlHeader}${apiData}" \\
-X PUT > /dev/null
@user-dzIJnCprEb The curl command should all be on one line, or you need to use the \\ line continuation indicator if you're breaking it across multiple lines, e.g:
curl -sSkiu ${apiuser}:${apipass} "${jamfProURL}/${apiURL}" \\
-H "Content-Type: text/xml" \\
-d "${xmlHeader}${apiData}" \\
-X PUT > /dev/null
Gah, ok fixed that. So now the policy completes, but the machine is not added to the group.
If I run the script locally in verbose, I get the following, but again Mac is not added to the group:
Last login: Tue Jan 18 13:49:09 on ttys000
admin@admin's-Mac ~ % sh -x /Users/admin/Desktop/group_add.sh
+ apiuser=[jamf_user]
+ apipass=[password]
+ jamfProURL=https://[my org].jamfcloud.com
++ /usr/sbin/scutil --get ComputerName
+ ComputerName='Admin'\\''s Mac'
+ GroupID=131
+ GroupName='Test Group'
+ apiURL=JSSResource/computergroups/id/131
+ xmlHeader='<?xml version=1.0 encoding=UTF-8?>'
+ apiData='<computer_group><id>131</id><name>Test Group</name><computer_additions><computer><name>Admin'\\''s Mac</name></computer></computer_additions></computer_group>'
+ curl -sSkiu [jaf user]:[password] https://[myorg].jamfcloud.com/JSSResource/computergroups/id/131 -H 'Content-Type: text/xml' -d '<?xml version=1.0 encoding=UTF-8?><computer_group><id>131</id><name>Test Group</name><computer_additions><computer><name>Admin'\\''s Mac</name></computer></computer_additions></computer_group>' -X PUT
admin@admin's-Mac ~ %
What am I missing?
Gah, ok fixed that. So now the policy completes, but the machine is not added to the group.
If I run the script locally in verbose, I get the following, but again Mac is not added to the group:
Last login: Tue Jan 18 13:49:09 on ttys000
admin@admin's-Mac ~ % sh -x /Users/admin/Desktop/group_add.sh
+ apiuser=[jamf_user]
+ apipass=[password]
+ jamfProURL=https://[my org].jamfcloud.com
++ /usr/sbin/scutil --get ComputerName
+ ComputerName='Admin'\\''s Mac'
+ GroupID=131
+ GroupName='Test Group'
+ apiURL=JSSResource/computergroups/id/131
+ xmlHeader='<?xml version=1.0 encoding=UTF-8?>'
+ apiData='<computer_group><id>131</id><name>Test Group</name><computer_additions><computer><name>Admin'\\''s Mac</name></computer></computer_additions></computer_group>'
+ curl -sSkiu [jaf user]:[password] https://[myorg].jamfcloud.com/JSSResource/computergroups/id/131 -H 'Content-Type: text/xml' -d '<?xml version=1.0 encoding=UTF-8?><computer_group><id>131</id><name>Test Group</name><computer_additions><computer><name>Admin'\\''s Mac</name></computer></computer_additions></computer_group>' -X PUT
admin@admin's-Mac ~ %
What am I missing?
@user-dzIJnCprEb Looking at the verbose output it appears you are escaping characters in your computer_name field incorrectly. The escape character is a \\, not a '. Using computer_name is also problematic as there's no guarantee that name will be unique. Using serial_number would be safer (although surprisingly not guaranteed to be unique) so the apiData would look something like this:
<computer_group><id>${GroupToAddToID}</id><name>${GroupToAddToName}</name><computer_additions><computer><serial_number>${ComputerSerial}</serial_number></computer></computer_additions></computer_group>"
Gah, ok fixed that. So now the policy completes, but the machine is not added to the group.
If I run the script locally in verbose, I get the following, but again Mac is not added to the group:
Last login: Tue Jan 18 13:49:09 on ttys000
admin@admin's-Mac ~ % sh -x /Users/admin/Desktop/group_add.sh
+ apiuser=[jamf_user]
+ apipass=[password]
+ jamfProURL=https://[my org].jamfcloud.com
++ /usr/sbin/scutil --get ComputerName
+ ComputerName='Admin'\\''s Mac'
+ GroupID=131
+ GroupName='Test Group'
+ apiURL=JSSResource/computergroups/id/131
+ xmlHeader='<?xml version=1.0 encoding=UTF-8?>'
+ apiData='<computer_group><id>131</id><name>Test Group</name><computer_additions><computer><name>Admin'\\''s Mac</name></computer></computer_additions></computer_group>'
+ curl -sSkiu [jaf user]:[password] https://[myorg].jamfcloud.com/JSSResource/computergroups/id/131 -H 'Content-Type: text/xml' -d '<?xml version=1.0 encoding=UTF-8?><computer_group><id>131</id><name>Test Group</name><computer_additions><computer><name>Admin'\\''s Mac</name></computer></computer_additions></computer_group>' -X PUT
admin@admin's-Mac ~ %
What am I missing?
Did you ever figure this out? We are seeing the same thing. The command completes but we get bad request in the return.
Thanks!
Here's how I've updated group membership in the past
It's a bit more than you had.
#!/bin/sh
#API login info
apiuser="USERNAME"
apipass='PASSWORD'
jamfProURL="https://jamfproserver:8443"
ComputerName=$(hostname)
#update group with ID 232 aka group you want
GroupID="1234"
apiURL="JSSResource/computergroups/id/${GroupID}"
#XML header stuff
xmlHeader="<?xml version="1.0" encoding="UTF-8" standalone="no"?>"
apiData="<computer_group><id>${GroupID}</id><name>Whatever the GroupName Is</name><computer_additions><computer><name>$ComputerName</name></computer></computer_additions></computer_group>"
curl -sSkiu ${apiuser}:${apipass} "${jamfProURL}/${apiURL}"
-H "Content-Type: text/xml"
-d "${xmlHeader}${apiData}"
-X PUT > /dev/null
how to use this in postman?
Did you ever figure this out? We are seeing the same thing. The command completes but we get bad request in the return.
Thanks!
You could try the final script shown here https://community.jamf.com/t5/jamf-pro/bearer-token-api-and-adding-computer-to-static-group/td-p/261269
It's based on things several people above have said as well as Richard Trouton and uses the new Bearer Authentication Token that you should be moving to before Jamf shuts down the Basic Auth
@user-dzIJnCprEb Looking at the verbose output it appears you are escaping characters in your computer_name field incorrectly. The escape character is a \\, not a '. Using computer_name is also problematic as there's no guarantee that name will be unique. Using serial_number would be safer (although surprisingly not guaranteed to be unique) so the apiData would look something like this:
<computer_group><id>${GroupToAddToID}</id><name>${GroupToAddToName}</name><computer_additions><computer><serial_number>${ComputerSerial}</serial_number></computer></computer_additions></computer_group>"
Will this work for multiple serial numbers?
something like
<serial_number>${ xxxxxxxx, xxxxxxxx, xxxxxxx}</serial_number>
@user-dzIJnCprEb Looking at the verbose output it appears you are escaping characters in your computer_name field incorrectly. The escape character is a \\, not a '. Using computer_name is also problematic as there's no guarantee that name will be unique. Using serial_number would be safer (although surprisingly not guaranteed to be unique) so the apiData would look something like this:
<computer_group><id>${GroupToAddToID}</id><name>${GroupToAddToName}</name><computer_additions><computer><serial_number>${ComputerSerial}</serial_number></computer></computer_additions></computer_group>"
I mean
ComputerSerial=$( xxxxx, xxxxx, xxxx )