grokability / kandji2snipe

MIT License
26 stars 15 forks source link

kandji2snipe

About

This python3 script leverages the Kandji and Snipe-IT APIs to accomplish two things:

Overview:

kandji2snipe is designed to sync assets between your Kandji and Snipe-IT instances. The tool searches for assets based on the serial number, not the existing asset tag. If assets exist in Kandji and are not in Snipe-IT, the tool will create an asset and try to match it with an existing Snipe-IT model. This match is based on the device's model identifier (ex. MacBookAir7,1) being entered as the model number in Snipe-IT, rather than the model name. If a matching model isn't found, it will create one.

When an asset is first created, it will fill out only the most basic information. If the asset already exists in your Snipe-IT inventory, the tool will sync the information you specify in the settings.conf file and make sure that the asset tag in Kandji matches the asset tag in Snipe-IT, where Snipe-IT's asset tag for that device is considered the authority.

If the asset tag field is blank in Kandji when the record is being created in Snipe-IT, the script will create an asset tag with KANDJI-$SERIAL_NUMBER unless you enable use_custom_pattern in your settings.conf file.

Requirements:

Configuration - settings.conf:

All of the keys highlighted in bold below are required in your settings.conf file. Please review the settings.conf.example file for example settings and additional details.

Note: do not add "" or '' around any values.

API tokens can also be provided via environment variables for additional security.

export KANDJI_APITOKEN=kandji-api-bearer-token-here
export SNIPE_APIKEY=snipe-api-key-here

[kandji]

[snipe-it]

[asset-tag]


Note:
The following sections require custom fields to be created in Snipe-IT. Please see the API Mapping section for details.

[mac-api-mapping]

[iphone-api-mapping]

[ipad-api-mapping]

[appletv-api-mapping]

API Mapping

To get the database fields for Snipe-IT Custom Fields, go to Settings and then Custom Fields inside of your Snipe-IT instance, scroll down past Fieldsets to Custom Fields, click the column selection button and make sure the 'DB Field' checkbox is checked. Copy and paste the DB Field name for Snipe-IT under platform-api-mapping sections in your settings.conf file.

To get the API mapping fields for Kandji, refer to Kandji's Device Details API example response.

Some example API mappings can be found below:

You need to set the manufacturer_id for Apple devices in the settings.conf file. You can grab the manufacturer_id in Snipe-IT by going to Manufacturers > click the column selection button > select the ID checkbox.

Usage

usage: kandji2snipe [-h] [-l] [-v] [-d] [--dryrun] [--version] [--auto_incrementing] [--do_not_update_kandji] [--do_not_verify_ssl] [-r] [-f] [-u] [-uns] [--mac | --iphone | --ipad | --appletv]

optional arguments:
  -h, --help              Shows this help message and exits.
  -l, --logfile           Saves logging messages to kandji2snipe.log instead of displaying on screen.
  -v, --verbose           Sets the logging level to INFO and gives you a better idea of what the script is doing.
  -d, --debug             Sets logging to include additional DEBUG messages.
  --dryrun                This checks your config and tries to contact both the Kandji and Snipe-IT instances, but exits before updating or syncing any assets.
  --version               Shows the version of this script and exits.
  --auto_incrementing     You can use this if you have auto-incrementing enabled in your Snipe-IT instance to utilize that instead of using KANDJI-<SERIAL NUMBER> for the asset tag.
  --do_not_update_kandji  Does not update Kandji with the asset tags stored in Snipe-IT.
  --do_not_verify_ssl     Skips SSL verification for all Snipe-IT requests. Helpful when you use self-signed certificate.
  -r, --ratelimited       Puts a half second delay between Snipe-IT API calls to adhere to the standard 120/minute rate limit
  -f, --force             Updates the Snipe-IT asset with information from Kandji every time, despite what the timestamps indicate.
  -u, --users             Checks in/out assets based on the user assignment in Kandji.
  -uns, --users_no_search Doesn't search for any users if the specified fields in Kandji and Snipe-IT don't match. (case insensitive)
  --mac                   Runs against Kandji Mac computers only.
  --iphone                Runs against Kandji iPhones only.
  --ipad                  Runs against Kandji iPads only.
  --appletv               Runs against Kandji Apple TVs only.

Testing

It is recommended that you use a test/dev Snipe-IT instance for testing and that your backups are up to date. You can spin up a Snipe-IT instance in Docker pretty quickly (see the Snipe-IT docs).

If you do not have a test/dev Kandji tenant, you can test kandji2snipe using the --do_not_update_kandji argument to prevent data being written back to Kandji.

Acknowledgements

kandji2snipe is inspired by and forked from jamf2snipe, created by Brian Monroe. Thank you for your contributions to the Mac Admin and Open Source communities!

Contributing

If you have something you'd like to add please help by forking this project then creating a pull request to the develop branch. When working on new features, please try to keep existing configs running in the same manner with no changes. When possible, open up an issue and reference it when you make your pull request.