-
Notifications
You must be signed in to change notification settings - Fork 0
/
Temporary_Group_Membership.py
75 lines (56 loc) · 3.2 KB
/
Temporary_Group_Membership.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
#!/usr/bin/env python3
# Matthew Prins 2023
# https://github.com/MatthewPrins/Jamf/
# changes group membership from no mobile devices temporarily to all mobile devices
# can be used with cron job to remove devices from a config profile on a schedule
# create mobile device smart group for this purpose, and add it to exclusions for that config profile
# (criteria when creating the smart group doesn't matter, as it will be deleted)
# pip install requests if not already done
import json
import requests
import time
from datetime import datetime
############################
# Editable variables
# Jamf credentials
username="xxxxxx"
password="xxxxxx"
jamfurl="https://xxxxxx.jamfcloud.com"
# Mobile device smart group ID number -- found in URL on group's page
# if trying to remove config profile temporarily, set this group in exclusions for that profile
groupID="123"
# Number of minutes to wait before removing all mobile devices from group
waitminutes=60
############################
# definition for fetching API token
def fetchtoken():
response = requests.post(url=jamfurl + "/api/v1/auth/token", headers={'Accept': 'application/json'}, auth=(username, password))
print("new token fetched\n")
return response.json()['token'], datetime.strptime(response.json()['expires'], '%Y-%m-%dT%H:%M:%S.%fZ')
# definition for invalidating API token
def invalidatetoken():
response = requests.post(url=jamfurl + "/api/v1/auth/invalidate-token", headers={'Authorization': 'Bearer ' + token})
############################
# get initial token
token,tokenexpiration = fetchtoken()
# XML for adding all devices to group membership
XML = "<mobile_device_group><is_smart>true</is_smart><criteria><criterion><name>Serial Number</name><priority>0</priority><and_or>AND</and_or><search_type>is not</search_type><value></value><opening_paren>false</opening_paren><closing_paren>false</closing_paren></criterion></criteria></mobile_device_group>"
#API call to make group all mobile devices
print("sending command to add all mobile devices to group\n")
response = requests.put(url=jamfurl + "/JSSResource/mobiledevicegroups/id/" + groupID, headers={'Content-Type': 'application/xml','Authorization': 'Bearer ' + token}, data=XML)
print("all mobile devices added\n")
#wait
print("waiting for " + str(waitminutes) + " minutes\n")
time.sleep(waitminutes*60)
print("waiting done\n")
# XML for adding all devices to group membership
XML = "<mobile_device_group><is_smart>true</is_smart><criteria><criterion><name>Serial Number</name><priority>0</priority><and_or>AND</and_or><search_type>is</search_type><value></value><opening_paren>false</opening_paren><closing_paren>false</closing_paren></criterion></criteria></mobile_device_group>"
# if less than 5 minutes left, invalidate token and get a new one
if (tokenexpiration-datetime.utcnow()).total_seconds() < 600:
invalidatetoken()
token,tokenexpiration = fetchtoken()
#API call to make group all mobile devices
print("sending command to remove all mobile devices from group\n")
response = requests.put(url=jamfurl + "/JSSResource/mobiledevicegroups/id/" + groupID, headers={'Content-Type': 'application/xml','Authorization': 'Bearer ' + token}, data=XML)
print("all mobile devices removed, script ending\n")
exit()