Small script to call macOS Updates via MicroMDM

micro-os-updates.sh

#!/bin/bash

# Source environment variables
source "$MICROMDM_ENV_PATH"

# Define API endpoints
devices_endpoint="v1/devices"
commands_endpoint="v1/commands"

# Function to validate OS version
validate_version() {
    local version=$1
    if [[ ! $version =~ ^[0-9]+(\.[0-9]+)*$ ]]; then
        echo "Invalid version format: $version. Should be like '14.2'."
        exit 1
    fi
}

validate_action() {
    local action=$1
    case $action in
        "Install"|"InstallLater"|"Download"|"DownloadAndNotify")
            echo "Selected action: $action"
            case $action in
                "Install") echo "This will install the update immediately." ;;
                "InstallLater") echo "This will install the update at a later time." ;;
                "Download") echo "This will start a background download of the update." ;;
                "DownloadAndNotify") echo "This will download the update and notify the user." ;;
            esac
            read -p "Proceed with this action? (y/n): " confirmation
            if [[ $confirmation != "y" ]]; then
                echo "Update action aborted."
                exit 1
            fi
            ;;
        *)
            echo "Invalid action: $action. Should be one of 'Install', 'InstallLater', 'Download', 'DownloadAndNotify'."
            exit 1
            ;;
    esac
}

# Function to get all devices
get_devices() {
    local endpoint="$devices_endpoint"
    devices_json=$(curl "$CURL_OPTS" -X POST --data-binary {} -s -u "micromdm:$API_TOKEN" "$SERVER_URL/$endpoint")
    if [ $? -ne 0 ]; then
        echo "Error fetching devices from MicroMDM."
        exit 1
    fi

    devices=$(echo "$devices_json" | jq -r '.devices[].udid | select(. != null)')
    if [ -z "$devices" ]; then
        echo "No devices found."
        exit 1
    fi
}

schedule_os_update() {
    local udid=$1
    local version=$2
    local deferrals=$3
    local priority=$4
    local action=$5

jq -n \
  --arg request_type "ScheduleOSUpdate" \
  --arg udid "$udid" \
  --arg product_key "$key" \
  --arg product_version "$version" \
  --arg install_action "$action" \
  --arg priority "$priority" \
  --argjson max_user_deferrals "${deferrals--1}" \
  --arg command_uuid "$uuid" \
  '.udid = $udid
     | if $command_uuid != "" then .command_uuid = $command_uuid else . end
     | .request_type = $request_type
     | .updates = [
      .install_action = $install_action
      | if $max_user_deferrals != -1 then .max_user_deferrals = $max_user_deferrals else . end
      | if $product_key != "" then .product_key = $product_key else . end
      | if $product_version != "" then .product_version = $product_version else . end
      | if $priority != "" then .priority = $priority else . end
     ]
  '|\
  curl $CURL_OPTS -K <(cat <<< "-u micromdm:$API_TOKEN") "$SERVER_URL/$commands_endpoint" -d@-
}

# Function to update devices, potential here to call this directly if UDID is supplied as an argument. 
update_devices() {
    local version=$1
    local action=$2

    local deferrals="0"
    local priority="High"

    for udid in $devices; do
        echo "Processing device $udid..."
        schedule_os_update "$udid" "$version" "$deferrals" "$priority" "$action"
    done
}

# Main function
main() {
    local version="${1:-14.2}"
    local action="${2:-Download}"

    validate_version "$version"
    validate_action "$action"

    get_devices
    update_devices "$version" "$action"
}

# Execute main function if the script is run directly
[[ "${BASH_SOURCE[0]}" == "$0" ]] && main "$@"