Dynamic targeting of actions or baselines via REST

SLB 2023-03-05 17:45:22 UTC #21

This example will update and existing baseline. Tio creat a new baselines you need to use the POST method to the “baselines/custom/IT%20Support” so a new baseline is created, then your need to get the baseline ID returned by the POST before you can deploy can action from it.

jbruns2017 2023-03-05 17:49:52 UTC #22

Any idea how to set that radio button?

SLB 2023-03-05 17:58:21 UTC #23

Afraid not, but what I do is to create the actionfrom the baseline via the console then export the created action then review the XML to see what that setting will change in the action XML so it can then be replicated in the XML you’d need create using PowerShell code.

jbruns2017 2023-03-05 18:06:12 UTC #24

Tried that. I exported a stopped action for that baseline against 2 computers and in the XML, there was no obvious setting that detailed it.

jbruns2017 2023-03-05 19:08:27 UTC #25

So, it sounds like I cannot do a GET on an existing baseline, modify some things in memory only, submit the memory only changes as a new action without any changes occurring to the original baseline. Bummer

JasonWalker 2023-03-05 19:10:35 UTC #26

Looking in to the BES.XSD schema, the “SourceFixletAction” type does not allow for overriding the Relevance or ActionScript from the source fixlet/source baseline. I suspect this is to allow for enforcing the “Custom Content” operator right - as overriding the ActionScript or Relevance would likely count as “Custom Content”, I think an operator who is granted rights to Take Action without having Custom Content can probably only send SourcedFixletAction actions.

What I think needs to happen in this case is to build the full MultipleActionGroup XML. It will end up looking the same as an exported Action from the baseline, with the complication that exporting the Action strips out the Targeting and SourceFixletID nodes. You’ll need to add those back in, they appear after <SettingsLocks> per the schema for MultipleActionGroup. The Baseline’s source site can be defined by GatherURL, SiteID, or Site Name. Here’s an example (using SiteName):

		</SettingsLocks>
		<Target>
		  <ComputerName>endpoint-1</ComputerName>
		</Target>
		<SourceFixletID>
		  <!-- <GatherURL>http://BES-Dev-Root:52311/cgi-bin/bfgather.exe/CustomSite_Production</GatherURL> -->
		  <!-- <SiteID></SiteID> -->
		  <Sitename>Production</Sitename>
		  <FixletID>2272</FixletID>
		</SourceFixletID>
	</MultipleActionGroup>

JasonWalker 2023-03-05 19:26:21 UTC #27

So below is an example of the full XML for one of my lab setup baselines that I’m using to test.

I don’t think I’ll be able to put together the full script for this today, but the basic algorithm would be

Retrieve the Baseline XML via GET
Create a MultipleActionGroup XML. Fill in the Title and Relevance (the Relevance being ‘true’ or whatever custom relevance you want to apply on the new action)
Loop through the BaselineXML retrieving each /BaselineComponentCollection/BaselineComponentGroup/BaselineComponent node.
For each BaselineComponent found in the Baseline XML, create a new MemberAction node in the MultipleActionGroup XML. Title, Relevance, ActionScript, SuccessCriteria, and IncludeInGroupRelevance to apply in the MemberAction node should be retrieved from the BaselineComponent node in the source.
After appending all the MemberAction nodes, supply whatever Settings and Target to use for the action. Then append the <SourceFixletID> node & children to reference the source baseline.

POST the new MultipleActionGroup to /api/actions

    <?xml version="1.0" encoding="UTF-8"?>
    <BES xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="BES.xsd">
    	<MultipleActionGroup>
    		<Title>Lab Network Configuration</Title>
    		<Relevance>true</Relevance>
    		<MemberAction>
    			<Title>Configure Windows Firewall: Allow Inbound ICMP Ping</Title>
    			<Relevance><![CDATA[((((windows of operating system) AND (if exists property "in proxy agent context" then not in proxy agent context else true)) AND (version of operating system >= "6" as version)) AND ((not exists key "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall" of registry AND firewall enabled of current profile of local policy of firewall) OR (exists key ("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\" & (if (current profile type of firewall = domain firewall profile type) then ("DomainProfile") else ("StandardProfile"))) whose (value "EnableFirewall" of it = 1) of registry))) AND (not allow inbound echo request of icmp settings of current profile of local policy of firewall)]]></Relevance>
    			<ActionScript MIMEType="application/x-Fixlet-Windows-Shell">
    action uses wow64 redirection false

    waithidden netsh.exe firewall set icmpsetting 8</ActionScript>
    			<SuccessCriteria Option="RunToCompletion"></SuccessCriteria>
    			<IncludeInGroupRelevance>false</IncludeInGroupRelevance>
    		</MemberAction>
    		
    		<MemberAction>
    			<Title>Configure Windows Firewall: Allow Remote Desktop Services</Title>
    			<Relevance><![CDATA[((((windows of operating system) AND (if exists property "in proxy agent context" then not in proxy agent context else true)) AND (version of operating system >= "6" as version)) AND ((not exists key "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall" of registry AND firewall enabled of current profile of local policy of firewall) OR (exists key ("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\" & (if (current profile type of firewall = domain firewall profile type) then ("DomainProfile") else ("StandardProfile"))) whose (value "EnableFirewall" of it = 1) of registry))) AND (not rule group currently enabled "remote desktop" of firewall)]]></Relevance>
    			<ActionScript MIMEType="application/x-Fixlet-Windows-Shell">
    action uses wow64 redirection false

    waithidden cmd /c netsh.exe advfirewall firewall set rule group="remote desktop" new enable=Yes</ActionScript>
    			<SuccessCriteria Option="RunToCompletion"></SuccessCriteria>
    			<IncludeInGroupRelevance>false</IncludeInGroupRelevance>
    		</MemberAction>

		<Settings>
			<PreActionShowUI>false</PreActionShowUI>
			<HasRunningMessage>false</HasRunningMessage>
			<HasTimeRange>false</HasTimeRange>
			<HasStartTime>false</HasStartTime>
			<HasEndTime>true</HasEndTime>
			<EndDateTimeLocalOffset>P2D</EndDateTimeLocalOffset>
			<HasDayOfWeekConstraint>false</HasDayOfWeekConstraint>
			<UseUTCTime>false</UseUTCTime>
			<ActiveUserRequirement>NoRequirement</ActiveUserRequirement>
			<ActiveUserType>AllUsers</ActiveUserType>
			<HasWhose>false</HasWhose>
			<PreActionCacheDownload>false</PreActionCacheDownload>
			<Reapply>false</Reapply>
			<HasReapplyLimit>true</HasReapplyLimit>
			<ReapplyLimit>3</ReapplyLimit>
			<HasReapplyInterval>false</HasReapplyInterval>
			<HasRetry>false</HasRetry>
			<HasTemporalDistribution>false</HasTemporalDistribution>
			<ContinueOnErrors>true</ContinueOnErrors>
			<PostActionBehavior Behavior="Nothing"></PostActionBehavior>
			<IsOffer>false</IsOffer>
		</Settings>
		<SettingsLocks>
			<ActionUITitle>false</ActionUITitle>
			<PreActionShowUI>false</PreActionShowUI>
			<PreAction>
				<Text>false</Text>
				<AskToSaveWork>false</AskToSaveWork>
				<ShowActionButton>false</ShowActionButton>
				<ShowCancelButton>false</ShowCancelButton>
				<DeadlineBehavior>false</DeadlineBehavior>
				<ShowConfirmation>false</ShowConfirmation>
			</PreAction>
			<HasRunningMessage>false</HasRunningMessage>
			<RunningMessage>
				<Text>false</Text>
			</RunningMessage>
			<TimeRange>false</TimeRange>
			<StartDateTimeOffset>false</StartDateTimeOffset>
			<EndDateTimeOffset>false</EndDateTimeOffset>
			<DayOfWeekConstraint>false</DayOfWeekConstraint>
			<ActiveUserRequirement>false</ActiveUserRequirement>
			<ActiveUserType>false</ActiveUserType>
			<Whose>false</Whose>
			<PreActionCacheDownload>false</PreActionCacheDownload>
			<Reapply>false</Reapply>
			<ReapplyLimit>false</ReapplyLimit>
			<RetryCount>false</RetryCount>
			<RetryWait>false</RetryWait>
			<TemporalDistribution>false</TemporalDistribution>
			<ContinueOnErrors>false</ContinueOnErrors>
			<PostActionBehavior>
				<Behavior>false</Behavior>
				<AllowCancel>false</AllowCancel>
				<Deadline>false</Deadline>
				<Title>false</Title>
				<Text>false</Text>
			</PostActionBehavior>
			<IsOffer>false</IsOffer>
			<AnnounceOffer>false</AnnounceOffer>
			<OfferCategory>false</OfferCategory>
			<OfferDescriptionHTML>false</OfferDescriptionHTML>
		</SettingsLocks>
		<Target>
		  <ComputerName>endpoint-1</ComputerName>
		</Target>
		<SourceFixletID>
		  <!-- <GatherURL>http://BES-Dev-Root:52311/cgi-bin/bfgather.exe/CustomSite_Production</GatherURL> -->
		  <!-- <SiteID></SiteID> -->
		  <Sitename>Production</Sitename>
		  <FixletID>2272</FixletID>
		</SourceFixletID>
	</MultipleActionGroup>
</BES>

Running Baseline with REST API

jbruns2017 2023-03-05 19:48:40 UTC #28

Let me take a look at what you have provided thus far. Thanks to all for your inputs.