Skip to content

2023 demo K Scripts

Jump to bottom Edit New page
Chris Lasell edited this page Aug 24, 2023 · 1 revision

Hands On, Real-time Jamf APIs Using ruby-jss

Scripts

Previous           TOC           Next

Writing a script to use over and over

  • Its great to have a live, interactive shell to do things in your JSS in real-time

  • Now lets save some ruby into a script we can run whenever we need

  • In our JSS we have:

    • A user extension aattribute that marks some users as VIPs
    • A smart user group of those users
      • Our company is volatile, people go in and out of this group a lot

  • We want:

    • A Computer Group of computers assigned to those VIPs
    • A Mobile Device group of devices assigned to those VIPs

  • In the Jamf Web UI, you can't create computer or device smart groups based on a user extension attribute

  • So we will use ruby-jss to maintain static Computer and Mobile Device groups

  • We can type or paste the steps into irb every time we want to update our computer and device groups,

    • OR we could save them into a file and make it executable, and run it automatically every so often.

  • Here's a script to automatically maintain our static Computer and Device groups

    • I'm not going to actually run this script, but we'll go through it line by line.
#!/usr/bin/ruby
require 'ruby-jss'

##### Constants

JAMF_API_HOST = 'myhost.jamfcloud.com'
JAMF_API_USER = 'api-user'

USER_GROUP = 'VIPs'
COMPUTER_GROUP = 'VIP-Computers'
DEVICE_GROUP = 'VIP-Devices'

# Connect to the Classic API
passwd = `/some/secure/tool --to-get the --correct-password-for --user #{JAMF_API_USER}`.chomp
Jamf.connect host: JAMF_API_HOST, user: JAMF_API_USER, pw: passwd

# Fetch the Smart User Group
# It's based on User Ext Attrib 'vip' containing 'yes'
user_group = Jamf::UserGroup.fetch name: USER_GROUP

# Fetch the Static Groups
comp_group = Jamf::ComputerGroup.fetch name: COMPUTER_GROUP
dev_group = Jamf::MobileDeviceGroup.fetch name: DEVICE_GROUP

# Clear out the group memberships in the static groups
comp_group.clear
dev_group.clear

# Loop thru the user ids in the user group
user_group.member_ids.each do |user_id|

  # Fetch the user object
  user = Jamf::User.fetch id: user_id

  puts "--- Processing user: #{user.name}"

  # Loop thru the user's computers, adding each to the computer group
  user.computers.each do |comp|
    comp_group.add_member comp[:id]
    puts "  ..Added Computer '#{comp[:name]}''"
  end # user.computers.each

  # Loop thru the user's devices, adding each to the device group
  user.mobile_devices.each do |dev|
    dev_group.add_member dev[:id]
    puts "  ..Added Device '#{dev[:name]}'"
  end # user.mobile_devices

end # user_group.member_ids.each

puts '--- Done with users'

# add_member doesn't save immediately like change_membership
# so we need to save the group changes
comp_group.save
puts '--- Saved Computer Group'

dev_group.save
puts '--- Saved Mobile Device Group'

# Finito
puts 'All Done!'

  • Tada! A useful re-runable tool, in a short page of easily readable code.

  • Lets take a moment to look at what it's doing.

    • (...)

  • In the real world, this script would be more robust and refined, for example:

    • Catching errors and reporting them properly
    • Adding and removing the members as needed, not clearing and re-adding them every time
    • If automated, output would go to a log file

  • A few other comments:

    • This script uses /usr/bin/ruby which is the ruby that ships with macOS.
      • Apple has said for years now that it will eventually go away from the base OS, like Python already has
      • It's an old version of ruby, but should still work with ruby-jss
      • You should install your own ruby and use that one.

Previous           TOC           Next

Add a custom footer

ruby-jss Wiki Home

Clone this wiki locally