JAMF Pro API: This script removes a list of machines from one PreStage Enrollment and adds them to another

Set Computer PreStage Scope.bash

#!/bin/bash
#This script removes a list of machines from one PreStage Enrollment and adds them to another
#Checks are applied to see if all machines are able to move between these two PreStages as intended
#This should help keeping track
#
#standing on the shoulders of giants:
#https://community.jamf.com/t5/jamf-pro/creating-an-authorization-token-with-jamf-pro-api-help-would-be/m-p/186172
#https://developer.jamf.com/jamf-pro/reference/computer-prestages-1#put_v2-computer-prestages-id-scope
#https://gist.github.com/talkingmoose/327427d23b422000f9d17183f8ef1d22  
###Thank you very much ####

# server connection information
URL="https://xyz:8443"
username="APIUser"
password="PW0rd"


# provide the Jamf Pro ID of the PreStage Enrollment; look in the URL when viewing the PreStage Enrollment

sourcePrestageID="15"
targetPrestageID="9"

#reset checkflags counter variable (used for checking if all machines are found in source or target PreStageEnrollment)
sourcecheck=0
targetcheck=0

# List of serial numbers to be moved from one PreStage Enrollment to another
serialNumberList=(H12GC3ZLML87
H12GC3ZLML89)

# Number of elements in the list to be used for checking if all elements are found
machinecount=${#serialNumberList[@]}

#timestamp for optional outputfile #now=$(echo "$(timestamp)")
timestamp() {
  date +"%Y-%m-%d_%H-%M-%S" # current time
}


# this function was sourced from https://stackoverflow.com/a/26809278 and modified
function json_array() {
  echo '['
  while [ $# -gt 0 ]; do
    x=${1//\\/\\\\}
    echo \"${x//\"/\\\"}\"
    [ $# -gt 1 ] && echo ', '
    shift
  done
  echo ']'
}

# created base64-encoded credentials
encodedCredentials=$( printf "$username:$password" | /usr/bin/iconv -t ISO-8859-1 | /usr/bin/base64 -i - )

# generate an auth token
authToken=$( /usr/bin/curl "$URL/api/auth/tokens" \
--silent \
--request POST \
--header "Authorization: Basic $encodedCredentials" )

# parse authToken for token, omit expiration
token=$( /usr/bin/awk -F \" '{ print $4 }' <<< "$authToken" | /usr/bin/xargs )

###1st Part - SOURCE
# get existing json for Source PreStage ID
prestageJson=$( /usr/bin/curl "$URL/api/v2/computer-prestages/$sourcePrestageID/scope" \
--silent \
--request GET \
--header "Authorization: Bearer $token" )

# parse prestage json for current versionLock number
versionLock=$( /usr/bin/awk '/\"versionLock\" : / { print }' <<< "$prestageJson" )

#save output to disk if you like
#now=$(echo "$(timestamp)") 
#echo $prestageJson >> /Users/m/Documents/json_bck_$now.sh 
   
#check if machine is in prestage
for machine in "${serialNumberList[@]}"; do 

  found=$( echo "$prestageJson" | grep -o $machine )
  
  if [ "$machine" == "$found" ]; then
    echo "$machine Found"
  else
    echo "$machine Not Found"
    sourcecheck=$((sourcecheck+1))
  fi
done
echo "Sourcechecksum: $sourcecheck machine(s) not found"

###EXIT if not all machines are found in source PreStage Enrollment
if [[ $sourcecheck -ne 0 ]] ; then
### expire the auth token
  /usr/bin/curl "$URL/api/auth/invalidateToken" \
  --silent \
  --request POST \
  --header "Authorization: Bearer $token"
    
  echo "Not all machines found in source - exiting"
  exit 1
fi
##############After Source Check good :-)
#
echo "All source machines found"

# format serial number list for json
formattedSerialNumberList=$( json_array "${serialNumberList[@]}" )
  
# create json data for submission
  jsonData="{
    \"serialNumbers\": $formattedSerialNumberList,
    $versionLock
  }"

#Deactivate Payload HERE for target run only
# Remove from PreStage delete-multiple scope (array of strings) for PreStage ID - POST
  /usr/bin/curl "$URL/api/v2/computer-prestages/$sourcePrestageID/scope/delete-multiple" \
  --silent \
  --request POST \
  --header "Authorization: Bearer $token" \
  --header "Accept: application/json" \
  --header "Content-Type: application/json" \
  --data "$jsonData"

###2nd Part - TARGET 
# get existing json for Target PreStage ID
prestageJson=$( /usr/bin/curl "$URL/api/v2/computer-prestages/$targetPrestageID/scope" \
--silent \
--request GET \
--header "Authorization: Bearer $token" )

# parse prestage json for current versionLock number
versionLock=$( /usr/bin/awk '/\"versionLock\" : / { print }' <<< "$prestageJson" )
 
# create json data for submission - again because of versionlock
  jsonData="{
    \"serialNumbers\": $formattedSerialNumberList,
    $versionLock
  }"

#save output to disk if you like
#now=$(echo "$(timestamp)") 
#echo $prestageJson >> /Users/michael/Documents/json_bck2_$now.sh 
    
#check if machin is in target prestage
for machine in "${serialNumberList[@]}"; do 

  found=$( echo "$prestageJson" | grep -o $machine )
  
  if [ "$machine" == "$found" ]; then
    echo "$machine Found"
  else
    echo "$machine Not Found"
    targetcheck=$((targetcheck+1))
  fi
done
echo "Targetchecksum: $targetcheck machine(s) not yet assigned"

if [[ $targetcheck -ne $machinecount ]] ; then
# expire the auth token
  /usr/bin/curl "$URL/api/auth/invalidateToken" \
  --silent \
  --request POST \
  --header "Authorization: Bearer $token"
  
  echo "Some machines already found in target - exiting"
  exit 1
fi
##############After Target Check good
#
echo "Target awaiting machines"


# Add scope (array of strings) for Target PreStage ID - POST
  /usr/bin/curl "$URL/api/v2/computer-prestages/$targetPrestageID/scope" \
  --silent \
  --request POST \
  --header "Authorization: Bearer $token" \
  --header "Accept: application/json" \
  --header "Content-Type: application/json" \
  --data "$jsonData"

 
# expire the auth token
/usr/bin/curl "$URL/api/auth/invalidateToken" \
--silent \
--request POST \
--header "Authorization: Bearer $token"
echo "DONE"
exit 0