Skip to main content
Jamf Nation, hosted by Jamf, is the largest Apple IT management community in the world. Dialog with your fellow IT professionals, gain insight about Apple device deployments, share best practices and bounce ideas off each other. Join the conversation.

Dedicated self_service_icons API parameter needed!

Using the API to copy a policy from one instance to another is a minefield. Particularly difficult is the copying of icons. Here's what I have figured out so far:

To ascertain what self-service icon a particular policy has, you currently have to use something like these commands to get the name and ID:

icon_filename=$( curl -s -k https://$myserver/$instance/JSSResource/policies/id/$id/subset/self_service -H "Accept: application/xml" --user "$apiuser:$apipassword" | xmllint --format - | grep '<filename>' | awk -F '<filename>|</filename>' '/<filename>/ {print $2}' | tr -d ' ' )

icon_id=$( curl -s -k https://$myserver/$instance/JSSResource/policies/id/$id/subset/self_service -H "Accept: application/xml" --user "$apiuser:$apipassword" | xmllint --format -  | sed '/<category>/,/<\/category>/d' | awk -F '<id>|</id>' '/<id>/ {print $2}' | tr -d ' ' )

If you're looking for an existing icon to populate a new policy, you can't search for it by name, so you have to loop through all existing policies and write the results to some sort of array, with which you can then do a search on filename to create an XML snippet containing something like:

    <self_service_icon>
      <id>$icon_id</id>
      <filename>$icon_filename</filename>
      <uri>https://server/instance/iconservlet/?id=$icon_id</uri>
    </self_service_icon>

Then, theoretically, you could use a curl -X PUT command to populate a policy with this information, although I don't think this even works - self_service_icon information appears to be stripped out of uploaded policies regardless of whether it is factual or not.

So then, you have to use the following method for (re-) uploading an icon to a particular policy:

curl -s -f -k -u "apiuser:$apipassword"  -X POST -F name=@"$icon_file" "$myserver/$instance/JSSResource/fileuploads/policies/id/$id"

To do this on a new policy, after uploading the new policy to id 0, you then have to search for it again by name in order to find out the ID with which to perform the above POST command.

However, this does not help us use an icon that is already there, so you get endless repetitions of icons cluttering up the database.

This is all too much work!!

We need an self_service_icons API object. This needs:
- GET/POST/PUT/DELETE for JSSResource/self_service_icons/name/{name} - GET/POST/PUT/DELETE for JSSResource/self_service_icons/id/{id}

Then, a POST/PUT policy XML should only need to refer to a self_service_icon by name or id, for the correct icon to be added to the policy.

This would save a lot of duplication of resources, and presumably could also be coded into the GUI policy duplication method so that a new icon is not created.

Comment

Posted: 9/12/17 at 7:25 AM by ftiff

Thank you Graham!

I'll steal your work for something I'm working on :)

François

Like