sync different data sources to snipe-it

The goal of sync2snipe is to extend the functionality of jamf2snipe to other data sources.

tosnipe.py acts as a base upon which to add additional items.

By modularizing the codebase it should be fairly easy to mirror the logic in j2s.py to different MDM's, licensing data, Google Chrome devices, and more.

Code has been included for each data source so that this program remains self sufficent as possible. I attempted to map out the wonderful Snipe-IT API for each endpoint. This should feasibly allow most information to be updated in Snipe-IT without having to write new code.

python3 -m pip install -r resources/requirements/global_reqs.txt

The configuration resides in settings.json.

Each service syncing to Snipe-IT should have its own top level key with associated mappings as values.

By default, this will use keyring to store your sensitive credentials in your keychain.

If you wish to use this program in a CI envrionment, or elsewhere, where the keychain is not a feasible option instantiate the class with env_vars=True.

j2s = Jamf2Snipe(env_vars=True)

An example of where this is set:

• In the Snipe Class
• This calls the get_config function. If env_vars is set to True, the function will pull the values from the environment.

There are two options to configure:

• Pass --verbose for high level information on what is occuring.
• Pass --debug for detailed information on what is occuring.

• Pass --log-to-file
  • By default this will log to sync2snipe-$date_stamp.log
  • To override this pass --log-file with the file you wish the logs to be written to.

There were several changes to the architecture of jamf2snipe in this program that should significantly increase the speed.

Calls are made to Jamf and Snipe in the beggining to gather all of the information needed to compare what needs to be done. Subsequent calls to either API only occur when it is time to sync the information back to the source.

All options show below

./j2s.py -h
usage: j2s.py [-h] [--create-missing-users] [-d] [--disable-requests-logging] [--do_not_verify_ssl] [--dryrun] [-f] [-l] [-lf LOG_FILE] [-rt] [-s SETTINGS_FILE] [-v]
              [--auto_incrementing] [--do_not_update_jamf] [-u | -uf | -ui | -uae] [-ued USERS_EMAIL_DOMAIN] [-m | -c]

options:
  -h, --help            show this help message and exit
  --create-missing-users
                        Create users if they are missing in Snipe-IT.
  -d, --debug           Sets logging to include additional DEBUG messages.
  --disable-requests-logging
                        In debug logging disables the requests library logs
  --do_not_verify_ssl   Skips SSL verification for all requests. Helpful when you use self-signed certificate.
  --dryrun              This checks your config and tries to contact both the JAMFPro and Snipe-it instances, but exits before updating or syncing any assets.
  -f, --force           Updates the Snipe asset with information every time, despite what the timestamps indicate.
  -l, --log-to-file     Output log results to file.
  -lf LOG_FILE, --log-file LOG_FILE
                        location of log file. defaults to sync2snipe-$date.log.
  -rt, --run-tests      Run startup tests to see if hosts are reachable.
  -s SETTINGS_FILE, --settings-file SETTINGS_FILE
                        location of settings file. defaults to settings.json.
  -v, --verbose         Sets the logging level to INFO and gives you a better idea of what the script is doing.
  --auto_incrementing   You can use this if you have auto-incrementing enabled in your snipe instance to utilize that instead of adding the Jamf ID for the asset tag.
  --do_not_update_jamf  Does not update Jamf with the asset tags stored in Snipe.
  -u, --users           Checks out the item to the current user in Jamf if it's not already deployed
  -uf, --users_force    Checks out the item to the user specified in Jamf no matter what
  -ui, --users-inverse  Checks out the item to the current user in Jamf if it's already deployed
  -uae, --users-are-emails
                        This flag will append your domain to the username.
  -ued USERS_EMAIL_DOMAIN, --users-email-domain USERS_EMAIL_DOMAIN
                        Domain to append onto user names.
  -m, --mobiles         Runs against the Jamf mobiles endpoint only.
  -c, --computers       Runs against the Jamf computers endpoint only.

If you pass the --dryrun flag the program will run through each item logging what it would be doing.

Passing the flag --users-are-emails will attempt to look up users in Snipe-IT by taking the username in Jamf and appending it with the domain provided. This may be useful if the IdP has your users login stored as emails while Jamf does not.

• Note: this requires --users-email-domain to specify what domain to append.

• Anyone who has built a *-2snipe program - please reach out! I would like to add support for anything the community needs.
• I am working on code to sync ChromeOS, and other devices from Google Workspace, to Snipe. Following the pattern in this repo the Google API code will reside under google.
• Adding an example Github Action workflow to use for [j2s.py]
• Writing tests.

• Without jamf2snipe this project wouldnt exist.
• The jamf python library was the source for all the good bits of the jamf code.