search

jgarcesres / git2jamf

Github action to create, update and delete scripts in jamf :octocat:
MIT License
20 stars 2 forks source link

Jamf Pro 10.50 updates API Workflows #4

Closed viktorfilipssonsonos closed 1 year ago

viktorfilipssonsonos commented 1 year ago

Is your feature request related to a problem? Please describe. Jamf Pro 10.50 is releasing an updated workflow for API calls and will finally be using API Applications generated in Jamf rather then username and password. git2jira hence needs to be able to handle this new auth.

Describe the solution you'd like git2jira hence needs to be able to handle the new api auth where it gets the token with api client id and secret instead of username and password.

Describe alternatives you've considered n/a

Additional context Details from jamf here https://developer.jamf.com/jamf-pro/docs/client-credentials

This is what I use in Powershell to post for the token with clientid and secret.

    $body = @{
        grant_type    = 'client_credentials'
        client_id     = "$ClientId"
        client_secret = "$ClientSecret"
    }
    $url = "$jamfProUrl/api/oauth/token"
    $apiCall = Invoke-RestMethod -Uri "$url" -Method POST -Body $body -ContentType 'application/x-www-form-urlencoded'
jgarcesres commented 1 year ago

I created a branch with the changes, can you test it on your test server? add another action to run against it like this:


on:
  push:
    branches: 
      - master
jobs:
  jamf_scripts:
    runs-on: ubuntu-latest
    name: git2jamf_test
    steps:
      - name: checkout
        uses: actions/checkout@v3
      - name: git2jamf
        uses: jgarcesres/git2jamf@client_auth
        with: 
          jamf_url: ${{ secrets.jamf_test_url }}
          jamf_auth_type: oauth
          jamf_username: ${{ secrets.jamf_client_id }}
          jamf_password: ${{ secrets.jamf_client_secret }}
          script_dir: 'scripts'```
viktorfilipssonsonos commented 1 year ago

Ok, I ran it now and got some errors, The API Keys are correct and have the same access as the sa account we used prior.


08:09:19: reading environment variables
08:09:19: url is: ***
08:09:19: workspace dir is: /github/workspace
08:09:19: script_dir is:  /github/workspace/scripts
08:09:19: branch is set to: refs/heads/testMasterAuth
08:09:19: script_deletion is: false
08:09:19: scripts_extensions are: ['sh', 'py']
08:09:19: prefix is disabled
08:09:19: grabing the token from jamf
08:09:19: An error has been caught in function 'push_scripts', process 'MainProcess' (1), thread 'MainThread' (140659031239496):
Traceback (most recent call last):

  File "/action/action.py", line 340, in <module>
    push_scripts()
    └ <function push_scripts at 0x7fedb9f8f950>

> File "/action/action.py", line 228, in push_scripts
    token = get_jamf_token(url,auth_type, username, password)
            │              │   │          │         └ '***'
            │              │   │          └ '***'
            │              │   └ 'oauth'
            │              └ '***'
            └ <function get_jamf_token at 0x7fedba37e7a0>

  File "/action/action.py", line 25, in get_jamf_token
    logger.success(f"got the token! it expires in: {token_request.json()['expires']}")
    │      └ <function Logger.success at 0x7fedba0589e0>
    └ <loguru.logger handlers=[(id=1, level=20, sink=<stdout>)]>

KeyError: 'expires'
08:09:20: checking the list of local scripts to upload or create
08:09:20: searching for files ending in ['sh', 'py'] in /github/workspace/scripts
08:09:20: found these: 
08:09:20: []
08:09:20: doublechecking for duplicate script names
08:09:20: nice, no duplicate script names, we can continue
08:09:20: now checking jamf for its list of scripts
08:09:20: status code: 401
08:09:20: error retrevieving script list
08:09:20: {
  "httpStatus" : 401,
  "errors" : [ ]
}
08:09:20: An error has been caught in function 'push_scripts', process 'MainProcess' (1), thread 'MainThread' (140659031239496):
Traceback (most recent call last):

  File "/action/action.py", line 340, in <module>
    push_scripts()
    └ <function push_scripts at 0x7fedb9f8f950>

> File "/action/action.py", line 246, in push_scripts
    scripts['jamf'] =  get_all_jamf_scripts(url, token)
    │                  │                    │    └ None
    │                  │                    └ '***'
    │                  └ <function get_all_jamf_scripts at 0x7fedb9f87dd0>
    └ {'github': [], 'github_simple_name': []}

  File "/action/action.py", line 120, in get_all_jamf_scripts
    raise Exception("error retrevieving script list")

Exception: error retrevieving script list
08:09:20: setting all script names to lower case to avoid false positives in our search.
08:09:20: worry not, this won't affect the actual naming :)
08:09:20: An error has been caught in function '<module>', process 'MainProcess' (1), thread 'MainThread' (140659031239496):
Traceback (most recent call last):

> File "/action/action.py", line 340, in <module>
    push_scripts()
    └ <function push_scripts at 0x7fedb9f8f950>

  File "/action/action.py", line 250, in push_scripts
    for script in scripts['jamf']:
                  └ {'github': [], 'github_simple_name': [], 'jamf': None}

TypeError: 'NoneType' object is not iterable
08:09:20: no EA script folder set, skipping
08:09:20: we're done!
jgarcesres commented 1 year ago

Yeah, the authentication worked, it just returns the time it expires in a a different key than with traditional auth. Try again please

viktorfilipssonsonos commented 1 year ago

Still getting a few errors after the token generation

19:12:14: reading environment variables
19:12:14: url is: ***
19:12:14: workspace dir is: /github/workspace
19:12:14: script_dir is:  /github/workspace/scripts
19:12:14: branch is set to: refs/heads/testMasterAuth
19:12:14: script_deletion is: false
19:12:14: scripts_extensions are: ['sh', 'py']
19:12:14: prefix is disabled
19:12:14: grabing the token from jamf
19:12:14: got the token! it expires in: 299
19:12:14: An error has been caught in function 'push_scripts', process 'MainProcess' (1), thread 'MainThread' (139973789731656):
Traceback (most recent call last):

  File "/action/action.py", line 343, in <module>
    push_scripts()
    └ <function push_scripts at 0x7f4e2e656950>

> File "/action/action.py", line 231, in push_scripts
    token = get_jamf_token(url,auth_type, username, password)
            │              │   │          │         └ '***'
            │              │   │          └ '***'
            │              │   └ 'oauth'
            │              └ '***'
            └ <function get_jamf_token at 0x7f4e2ea457a0>

  File "/action/action.py", line 29, in get_jamf_token
    return token_request.json()['token']
           │             └ <function Response.json at 0x7f4e2ea41cb0>
           └ <Response [200]>

KeyError: 'token'
19:12:14: checking the list of local scripts to upload or create
19:12:14: searching for files ending in ['sh', 'py'] in /github/workspace/scripts
19:12:14: found these: 
19:12:14: []
19:12:14: doublechecking for duplicate script names
19:12:14: nice, no duplicate script names, we can continue
19:12:14: now checking jamf for its list of scripts
19:12:14: status code: 401
19:12:14: error retrevieving script list
19:12:14: {
  "httpStatus" : 401,
  "errors" : [ ]
}
19:12:14: An error has been caught in function 'push_scripts', process 'MainProcess' (1), thread 'MainThread' (139973789731656):
Traceback (most recent call last):

  File "/action/action.py", line 343, in <module>
    push_scripts()
    └ <function push_scripts at 0x7f4e2e656950>

> File "/action/action.py", line 249, in push_scripts
    scripts['jamf'] =  get_all_jamf_scripts(url, token)
    │                  │                    │    └ None
    │                  │                    └ '***'
    │                  └ <function get_all_jamf_scripts at 0x7f4e2e64fdd0>
    └ {'github': [], 'github_simple_name': []}

  File "/action/action.py", line 123, in get_all_jamf_scripts
    raise Exception("error retrevieving script list")

Exception: error retrevieving script list
19:12:14: setting all script names to lower case to avoid false positives in our search.
19:12:14: worry not, this won't affect the actual naming :)
19:12:14: An error has been caught in function '<module>', process 'MainProcess' (1), thread 'MainThread' (139973789731656):
Traceback (most recent call last):

> File "/action/action.py", line 343, in <module>
    push_scripts()
    └ <function push_scripts at 0x7f4e2e656950>

  File "/action/action.py", line 253, in push_scripts
    for script in scripts['jamf']:
                  └ {'github': [], 'github_simple_name': [], 'jamf': None}

TypeError: 'NoneType' object is not iterable
19:12:14: no EA script folder set, skipping
19:12:14: we're done!
viktorfilipssonsonos commented 1 year ago

hang on, ignore my last post. I realized I had not set the target for script folders correctly Running test again right now

viktorfilipssonsonos commented 1 year ago

Ok ran the test again with the correct path, Looks like Im hitting a 401 auth issue, when trying to get the script list in Jamf, Ive confirmed tokens and even tested with an token with access to everything and still 401 error.

19:40:25: reading environment variables
19:40:25: url is: ***
19:40:25: workspace dir is: /github/workspace
19:40:25: script_dir is:  /github/workspace/**/jamf_scripts
19:40:25: branch is set to: refs/heads/testMasterAuth
19:40:25: script_deletion is: false
19:40:25: scripts_extensions are: ['sh', 'py']
19:40:25: prefix is disabled
19:40:25: grabing the token from jamf
19:40:26: got the token! it expires in: 299
19:40:26: An error has been caught in function 'push_scripts', process 'MainProcess' (1), thread 'MainThread' (140637879982920):
Traceback (most recent call last):

  File "/action/action.py", line 343, in <module>
    push_scripts()
    └ <function push_scripts at 0x7fe8cd421950>

> File "/action/action.py", line 231, in push_scripts
    token = get_jamf_token(url,auth_type, username, password)
            │              │   │          │         └ '***'
            │              │   │          └ '***'
            │              │   └ 'oauth'
            │              └ '***'
            └ <function get_jamf_token at 0x7fe8cd80d7a0>

  File "/action/action.py", line 29, in get_jamf_token
    return token_request.json()['token']
           │             └ <function Response.json at 0x7fe8cd80ccb0>
           └ <Response [200]>

KeyError: 'token'
19:40:26: checking the list of local scripts to upload or create
19:40:26: searching for files ending in ['sh', 'py'] in /github/workspace/**/jamf_scripts
19:40:26: found these: 
19:40:26: [REDACTED - List of all our scripts to look]
19:40:26: doublechecking for duplicate script names
19:40:26: nice, no duplicate script names, we can continue
19:40:26: now checking jamf for its list of scripts
19:40:26: status code: 401
19:40:26: error retrevieving script list
19:40:26: {
  "httpStatus" : 401,
  "errors" : [ ]
}
19:40:26: An error has been caught in function 'push_scripts', process 'MainProcess' (1), thread 'MainThread' (140637879982920):
Traceback (most recent call last):

  File "/action/action.py", line 343, in <module>
    push_scripts()
    └ <function push_scripts at 0x7fe8cd421950>

> File "/action/action.py", line 249, in push_scripts
    scripts['jamf'] =  get_all_jamf_scripts(url, token)
    │                  │                    │    └ None
    │                  │                    └ '***'
    │                  └ <function get_all_jamf_scripts at 0x7fe8cd41add0>
    └ {'github': ['/github/workspace/pathtoscript.sh', '/github/workspace/pathtoscript/...

  File "/action/action.py", line 123, in get_all_jamf_scripts
    raise Exception("error retrevieving script list")

Exception: error retrevieving script list
19:40:26: setting all script names to lower case to avoid false positives in our search.
19:40:26: worry not, this won't affect the actual naming :)
19:40:26: An error has been caught in function '<module>', process 'MainProcess' (1), thread 'MainThread' (140637879982920):
Traceback (most recent call last):

> File "/action/action.py", line 343, in <module>
    push_scripts()
    └ <function push_scripts at 0x7fe8cd421950>

  File "/action/action.py", line 253, in push_scripts
    for script in scripts['jamf']:
        │         └ {'github': ['/github/workspace/pathtoscript.sh', '/github/workspace/pathtoscript...
        └ 'script name'

TypeError: 'NoneType' object is not iterable
19:40:26: no EA script folder set, skipping
19:40:26: we're done!
jgarcesres commented 1 year ago

Ok, it was a similar issue to before and totally my bad, the token key is also different. Third times the charm?

viktorfilipssonsonos commented 1 year ago

Still error on getting all scripts. 401

viktorfilipssonsonos commented 1 year ago

Did a quick check and pulled the scripts endpoint manually using the same credentials to pull the key and it worked. So something else is funky here.

jgarcesres commented 1 year ago

my bad, accidentally deleted the return of token in the method that handles auth... woops. try again?

viktorfilipssonsonos commented 1 year ago

Huston we have liftoff.

Now its running fine.