This type of thing is usually done interactively, but when I’m piping output that doesn’t work. So here’s a quick one-liner in bash for pulling the TeamID and BundleID from kexts out of the KextPolicy sqlite database:
sqlite3 /var/db/SystemPolicyConfiguration/KextPolicy "SELECT * from kext_policy;" ".exit"
The Google Directory integration with GSuite allows you to manage which devices have access to GSuite. This allows you to control access based on a variety of factors.
Below, you’ll find a Google Cloud Function that is meant to respond to a webhook. This function takes an action to set a device into ‘approve’ or ‘deny’ as a state within Google Directory. Before using the function you’ll want to set CustomerID, ResourceID, and EMAIL_ACCOUNT for your GSuite account before using.
Once you have all that, you can upload mobiledevice.py in your Google Cloud Console.
# Google Cloud Function meant to respond to a webhook
# Takes an action to set a device into approve or deny state
# Set CustomerID, ResourceID, and EMAIL_ACCOUNT for your GSuite account before using
from google.oauth2 import service_account
You can control the number of columns and rows in LaunchPad. To do so, edit the com.apple.doc defaults domain with the key springboard-rows for the number of rows to display and springboard-columns to control the number of columns displayed. So to set the number of rows LaunchPad will show per screen, send the write verb into defaults for com.apple.dock along with the springboard-rows and an -int of 4:
There are a few ways to grab your CustomerID from G Suite. This is important when configuring SSO or when interfacing with G Suite programmatically (through their lovely API).
The first and easiest way is to look at the web interface. This isn’t the most intuitive. To find the key, open Google Admin and then browse to Security in the menu in the upper left-hand corner, clicking on Dashboard.
Click on Single Sign On and then scroll down until you see EntityID. The EntityID is going to be everything after the = such as C034minsz9330 as follows
You can also find it by visiting the GooglePlay at https://play.google.com/work/adminsettings?pli=1 where it’s listed as Organization ID.
I don’t think this key can be changed. Once you have the key, you can communicate with the Google API Gateway. For example:
Google Cloud Functions provide a streamlined method for running a simple micro-service leveraging custom functions as well as SDKs for any Google service that can be imported into your script. Currently, node.js is the only non-beta language you can build scripts in.
Before you setup Google Cloud Functions in your G Suite domain, first provide the account of a developer with the appropriate permissions, identified in the attached screen.
Enable The SDKs You Need
G Suite has a number of features exposed to their API by importing SDKs into projects. As an example, the Admin SDK provides us with endpoints and classes that make developing micro services to perform actions in the G Suite admin portal easier. In this section we’ll import that SDK, although the tasks for importing other SDKs is similar.
To get started, open the Google Cloud Platform using the button in the upper left hand corner and click on APIs and Services (the names of these buttons change over time).
TheClick on the Enable APIs and Services button in the dashboard.
Under Credentials, provide the appropriate credentials for the app you’re importing the SDK into.
Search for Admin SDK in the search dialog.
Click Admin SDK, made by Google.
Once enabled, you’ll need to create a service account for your function to communicate with.
Setup A Service Account
Service accounts give you a JWT, useful to authenticate from a Google Cloud Function back to an instance of the GSuite Admin portal endpoints. To setup a Service account, go to “IAM & admin” using the button in the upper left hand corner.
Click on Services Accounts.
Provide a project name and a location (if your organization uses locations, otherwise leave that set to No Organization.
Create Your Google Cloud Function
The Google Cloud Function is the microservice that you can then call. This might be sending some json from an app to perform a task from an app, or sending a webhook to the function to perform an action. To get started with functions, click Cloud Function at the bottom of the Google Cloud Platform dashboard.
If functions aren’t enabled, click Enable Billing.
If necessary, click UPGRADE.
The function api will also need to be enabled; if so, click Enable API.
Once all of this is done, you should have a button that says Create function. Click that and then you’ll be able to provide settings for the function.
Settings include the following:
Name: How the function is called in the admin panel.
Memory allocated: How much memory the function can consume.
Trigger: Most will use HTTP for our purposes.
URL: The URL you use to call the function.
Source: The code (typically node.js) that is run.
Note: The package.json allows for us to leverage this function in a multi-tenant fashion.
Once enabled, you can hit the endpoint. If there’s no header parameters you need to send, that could be as simple as:
The curl command can be used to authenticate to an API using a variety of authentication types such as Bearer, OAuth, Token, and of course Basic. To authenticate to the ZuluDesk API, first create an API token. This is done by logging into ZuluDesk, clicking Organization, then Settings, then API, an then clicking on the Add API Key button.
Once you have your API key, your header will look as follows:
The curl command can do this would be as follows, simply converting these into separate values in the -H or header. The URL provided will do a GET against devices, displaying a list of devices in json:
The attached script can be used to migrate data out of a sqldump and into csv and xls for further analysis or ETL’ing. The name of each table is used to create a separate csv file (e.g. table1.csv) and an xls representation of each table is put into a workbook in a spreadsheet.
The script requires Python 3.7. So if you’re on a Mac you might need to install that. Here, we use Homebrew to do so: