Last active
February 18, 2023 00:36
-
-
Save talkingmoose/327427d23b422000f9d17183f8ef1d22 to your computer and use it in GitHub Desktop.
As of Jamf Pro 10.14, the Jamf Pro API (/uapi) allows access to create and update scopes for computer PreStage Enrollments. Edit the information at the top and include a list of computer serial numbers for the COMPLETE scope. (The script replaces the scope list; it doesn't update.) Be sure to leave the opening and closing parentheses.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # server connection information | |
| URL="https://talkingmoose.jamfcloud.com" | |
| username="API-Editor" | |
| password="P@55w0rd" | |
| # provide the Jamf Pro ID of the PreStage Enrollment; look in the URL when viewing the PreStage Enrollment | |
| prestageID="1" | |
| # scope the following serial numbers to the PreStage Enrollment | |
| serialNumberList=(C02QR0D0GFWM | |
| C02X82E1LHD3 | |
| C02QHRD0GFWM | |
| C02X8F1CLHD3) | |
| # this function was sourced from https://stackoverflow.com/a/26809278 | |
| function json_array() { | |
| echo -n '[' | |
| while [ $# -gt 0 ]; do | |
| x=${1//\\/\\\\} | |
| echo -n \"${x//\"/\\\"}\" | |
| [ $# -gt 1 ] && echo -n ', ' | |
| shift | |
| done | |
| echo ']' | |
| } | |
| # created base64-encoded credentials | |
| encodedCredentials=$( printf "$username:$password" | /usr/bin/iconv -t ISO-8859-1 | /usr/bin/base64 -i - ) | |
| # generate an auth token | |
| authToken=$( /usr/bin/curl "$URL/uapi/auth/tokens" \ | |
| --silent \ | |
| --request POST \ | |
| --header "Authorization: Basic $encodedCredentials" ) | |
| # parse authToken for token, omit expiration | |
| token=$( /usr/bin/awk -F \" '{ print $4 }' <<< "$authToken" | /usr/bin/xargs ) | |
| # get existing json for PreStage ID | |
| prestageJson=$( /usr/bin/curl "$URL/uapi/v1/computer-prestages/$prestageID/scope" \ | |
| --silent \ | |
| --request GET \ | |
| --header "Authorization: Bearer $token" ) | |
| # parse prestage json for current versionLock number | |
| versionLock=$( /usr/bin/awk '/\"versionLock\" : / { print $3 }' <<< "$prestageJson" ) | |
| # format serial number list for json | |
| formattedSerialNumberList=$( json_array "${serialNumberList[@]}" ) | |
| # create json data for submission | |
| jsonData="{ | |
| \"serialNumbers\": $formattedSerialNumberList, | |
| \"versionLock\": $versionLock | |
| }" | |
| # submit new scope for PreStage ID | |
| /usr/bin/curl "$URL/uapi/v1/computer-prestages/$prestageID/scope" \ | |
| --silent \ | |
| --request PUT \ | |
| --header "Authorization: Bearer $token" \ | |
| --header "Accept: application/json" \ | |
| --header "Content-Type: application/json" \ | |
| --data "$jsonData" | |
| # expire the auth token | |
| /usr/bin/curl "$URL/uapi/auth/invalidateToken" \ | |
| --silent \ | |
| --request POST \ | |
| --header "Authorization: Bearer $token" | |
| exit 0 |
Good call, Andrew. Jamf has a history of changing things like v1 to v2 in their Jamf Pro API. Likely, the developers' reasons are "it's still beta" and likely they could change again.
Thank you so much for your great code! Forked it to make machines move from one prestige enrolment to another.
Thank you so much for your great code! Forked it to make machines move from one prestige enrolment to another.
And I forked yours to make it run from self service and move the current machine into a new prestage, values populated by script payload variables. Thanks my guy!
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Be sure to double check the curl API urls and verify you have all the right needed for the UAPI.