Class: JSS::Policy
- Includes:
- Categorizable, Creatable, Scopable, SelfServable, Sitable, Updatable, Uploadable
- Defined in:
- lib/jss/api_object/policy.rb,
lib/jss.rb
Overview
A class implementing a JSS Policy.
Like many API objects, the data comes from the API in sections, and the items in the :general section are mapped to direct attributes of this Class.
Policy instances are partially read-only:
-
Due to limitations in the API implementation of policies, as well as the complexity of policy objects, only these attributes can be set and updated via the Policy class:
-
name
-
-
frequency
-
-
target_drive
-
-
offline
-
-
enabled
-
-
category
-
-
triggers
-
-
client maintenance tasks
-
-
scope, see Scopable and Scopable::Scope
-
-
files and processes
-
-
packages, see #add_package and #remove_package
-
-
scripts see #add_script and #remove_script
-
-
self service, see SelfServable
-
-
reboot options
-
All other values and sections must be edited via the Web App.
Policies may be deleted via this class
Constant Summary collapse
- RSRC_BASE =
The base for REST resources of this class
'policies'.freeze
- RSRC_LIST_KEY =
the hash key used for the JSON list output of all objects in the JSS
:policies
- RSRC_OBJECT_KEY =
The hash key used for the JSON object output. It’s also used in various error messages
:policy
- SUBSETS =
subsets available for fetching TODO: FilesProcesses and Maintenance don’t seem to work
%i[ general scope selfservice self_service packages scripts printers dockitems dock_items reboot userinteraction user_interaction disk_encryption diskencryption accountmaintenance account_maintenance ].freeze
- UPLOAD_TYPES =
policies can take uploaded icons
{ icon: :policies }.freeze
- SELF_SERVICE_TARGET =
policies are available in macOS self Serviec
:macos
- SELF_SERVICE_PAYLOAD =
policies via self services are still polcies
:policy
- SECTIONS =
%i[ general maintenance account_maintenance scripts self_service package_configuration scope user_interaction reboot files_processes dock_items disk_encryption printers ].freeze
- FREQUENCIES =
{ ongoing: 'Ongoing', once_per_computer: 'Once per computer', once_per_user: 'Once per user', once_per_user_per_computer: 'Once per user per computer', daily: 'Once every day', weekly: 'Once every week', monthly: 'Once every month' }.freeze
- RESTART_WHEN =
{ if_pkg_requires: 'Restart if a package or update requires it', now: 'Restart immediately', delayed: 'Restart', dont: 'Do not restart' }.freeze
- RESTART_DISKS =
{ current: 'Current Startup Disk', selected: 'Currently Selected Startup Disk (No Bless)', netboot: 'NetBoot', os_installer: 'inPlaceOSUpgradeDirectory' }.freeze
- ACCOUNT_ACTIONS =
Note: any other value in :specify_startup is a path to some other drive to boot from, e.g. /Volumes/Foo
{ create: 'Create', change_pw: 'Reset', delete: 'Delete', disable_fv2: 'DisableFileVault' }.freeze
- MGMT_ACCOUNT_ACTIONS =
{ no_change: 'doNotChange', change_pw: 'specified', generate_pw: 'random', enable_fv2: 'fileVaultEnable', disable_fv2: 'fileVaultDisable', reset_random: 'resetRandom', reset_pw: 'reset' }.freeze
- PACKAGE_ACTIONS =
{ install: 'Install', remove: 'Uninstall', cache: 'Cache', install_cache: 'Install Cached' }.freeze
- SCRIPT_PRIORITIES =
{ pre: 'Before', before: 'Before', post: 'After', after: 'After' }.freeze
- DISK_ENCRYPTION_ACTIONS =
{ apply: "apply", remediate: "remediate", none: "none" }
- PRINTER_ACTIONS =
{ map: 'install', unmap: 'uninstall' }.freeze
- DOCK_ITEM_ACTIONS =
{ add_start: 'Add To Beginning', add_end: 'Add To End', remove: 'Remove' }.freeze
- NETWORK_REQUIREMENTS =
{ any: 'Any', ethernet: 'EtherNet' }.freeze
- TRIGGER_TYPES =
{ event: 'EVENT', user: 'USER_INITIATED' }.freeze
- TRIGGER_EVENTS =
{ startup: :trigger_startup, login: :trigger_login, logout: :trigger_logout, checkin: :trigger_checkin, network_state: :trigger_network_state_changed, enrollment: :trigger_enrollment_complete, custom: :trigger_other }.freeze
- NO_USER_LOGGED_IN =
[ 'Do not restart', 'Restart immediately', 'Restart if a package or update requires it' ].freeze
- USER_LOGGED_IN =
[ 'Do not restart', 'Restart', 'Restart if a package or update requires it', 'Restart immediately' ].freeze
- SCOPE_TARGET_KEY =
:computers
- LOG_FLUSH_RSRC =
Log Flushing
'logflush'.freeze
- LOG_FLUSH_INTERVAL_INTEGERS =
{ 0 => 'Zero', 1 => 'One', 2 => 'Two', 3 => 'Three', 6 => 'Six' }.freeze
- LOG_FLUSH_INTERVAL_PERIODS =
{ day: 'Day', days: 'Day', week: 'Week', weeks: 'Week', month: 'Month', months: 'Month', year: 'Year', years: 'Year' }.freeze
- OBJECT_HISTORY_OBJECT_TYPE =
the object type for this object in the object history table. See APIObject#add_object_history_entry
3
- SITE_SUBSET =
Where is the Site data in the API JSON?
:general
- CATEGORY_SUBSET =
Where is the Category in the API JSON?
:general
- CATEGORY_DATA_TYPE =
How is the category stored in the API data?
Hash
Instance Attribute Summary collapse
-
#accounts ⇒ Array<Hash>
readonly
Local accts acted-upon by this policy.
-
#client_side_limitations ⇒ Hash
readonly
The client-side limitations of this policy.
-
#directory_bindings ⇒ Array<Hash>
readonly
The directory bindings applied.
-
#disk_encryption ⇒ Hash
readonly
Disk encryption options for this policy.
-
#dock_items ⇒ Array<Hash>
readonly
The dock items handled by this policy.
-
#enabled ⇒ Boolean
(also: #enabled?)
Is the policy enabled?.
-
#fix_byhost ⇒ Boolean
Should this policy fix the ByHost prefs?.
-
#flush_system_cache ⇒ Boolean
Should this policy flush the system cache?.
-
#flush_user_cache ⇒ Boolean
Should this policy flush the user cache?.
-
#frequency ⇒ String
How often to run the policy on each computer.
-
#icon ⇒ JSS::Icon?
(also: #self_service_icon)
included
from SelfServable
The icon used in self-service.
-
#in_self_service ⇒ Boolean
(also: #in_self_service?)
included
from SelfServable
readonly
Is this thing available in Self Service?.
-
#install_cached_pkgs ⇒ Boolean
Should this policy install any cached JSS packages?.
-
#management_account ⇒ Hash
readonly
The management accout changes applied by the policy.
-
#need_to_update ⇒ Boolean
included
from Updatable
readonly
Do we have unsaved changes?.
-
#offline ⇒ Boolean
Should be policy be available offline.
-
#open_firmware_efi_password ⇒ Hash
readonly
The open firmware mode and password.
-
#override_default_settings ⇒ Hash
readonly
Overrides for various defaults.
-
#packages ⇒ Array<Hash>
(also: #pkgs)
readonly
The pkgs handled by this policy.
-
#permissions_repair ⇒ Boolean
Should this policy run a permission repair?.
-
#printers ⇒ Array<Hash>
readonly
The printers handled by this policy.
-
#reboot_options ⇒ Hash
readonly
Reboot options for the policy.
-
#recon ⇒ Boolean
(also: #update_inventory)
Should this policy run a recon?.
-
#reset_name ⇒ Boolean
Should this policy reset the local hostname?.
-
#scope ⇒ Object
included
from Scopable
Attribtues.
-
#scripts ⇒ Array<Hash>
readonly
The scripts run by this policy.
-
#self_service_categories ⇒ Array<Hash>
included
from SelfServable
readonly
Each Hash has these keys about the category - :id => [Integer] the JSS id of the category - :name => [String] the name of the category.
-
#self_service_description ⇒ String
included
from SelfServable
The verbage that appears in SelfSvc for this item.
-
#self_service_display_name ⇒ String
(also: #self_service_dislay_name)
included
from SelfServable
The name to display in macOS Self Service.
-
#self_service_feature_on_main_page ⇒ Boolean
included
from SelfServable
Only applicable to macOS targets.
-
#self_service_force_users_to_view_description ⇒ Boolean
included
from SelfServable
Should an extra window appear before the user can install the item? (OSX SSvc only).
-
#self_service_install_button_text ⇒ String
included
from SelfServable
defaults to ‘Install’.
-
#self_service_notification_message ⇒ String
included
from SelfServable
The message text of the notification.
-
#self_service_notification_subject ⇒ String
included
from SelfServable
object name.
-
#self_service_notification_type ⇒ Symbol
included
from SelfServable
How should notifications be sent either :ssvc_only or :ssvc_and_nctr.
-
#self_service_notifications_enabled ⇒ Boolean
(also: #self_service_notifications_enabled?)
included
from SelfServable
Should jamf send notifications to self service?.
-
#self_service_reinstall_button_text ⇒ String
included
from SelfServable
defaults to ‘Reinstall’.
-
#self_service_reminder_frequency ⇒ Integer
included
from SelfServable
How often (in days) should reminders be given.
-
#self_service_reminders_enabled ⇒ Boolean
(also: #self_service_reminders_enabled?)
included
from SelfServable
Should self service give reminders by displaying the notification repeatedly?.
-
#self_service_removal_password ⇒ String
included
from SelfServable
readonly
The password needed for removal, in plain text.
-
#self_service_user_removable ⇒ Symbol
included
from SelfServable
One of the keys in PROFILE_REMOVAL_BY_USER.
-
#server_side_limitations ⇒ Hash
readonly
The server-side limitations of this policy.
-
#site ⇒ String
readonly
A string with the site name.
-
#target_drive ⇒ String
Which drive should the policy target.
-
#trigger ⇒ String
readonly
Either EVENT or USER_INITIATED.
-
#trigger_events ⇒ Hash
readonly
The triggers that cause this policy to execute on a client when the @trigger is “EVENT”.
-
#user_may_defer ⇒ Boolean
readonly
Can the user defer the policy?.
-
#user_may_defer_until ⇒ Time
readonly
When is the user no longer allowed to defer?.
-
#user_message_finish ⇒ String
(also: #user_message_end)
readonly
The message shown the user at policy end.
-
#user_message_start ⇒ String
The message shown the user at policy start.
-
#verify_startup_disk ⇒ Boolean
Should this policy verify the startup disk?.
Instance Method Summary collapse
-
#add_directory_binding(identifier, **opts) ⇒ Array?
Add a Directory Bidning to the list of directory_bindings handled by this policy.
-
#add_dock_item(identifier, action) ⇒ Object
Add a dock item to the policy.
-
#add_package(identifier, **opts) ⇒ Array?
Add a package to the list of pkgs handled by this policy.
-
#add_printer(identifier, **opts) ⇒ String
Add a specific printer object to the policy.
-
#add_script(identifier, **opts) ⇒ Array?
Add a script to the list of SCRIPT_PRIORITIESipts run by this policy.
-
#add_self_service_category(new_cat, display_in: true, feature_in: false) ⇒ void
(also: #set_self_service_category, #change_self_service_category)
included
from SelfServable
Add or change one of the categories for this item in self service.
-
#add_to_self_service ⇒ void
included
from SelfServable
Add this object to self service if not already there.
-
#apply_encryption_configuration(identifier) ⇒ Void
Sets the Disk Encryption application to “Apply” and sets the correct disk encryption configuration ID using either the name or id.
-
#category=(new_cat) ⇒ void
included
from Categorizable
Change the category of this object.
-
#category_assigned? ⇒ Boolean
(also: #categorized?)
included
from Categorizable
Does this object have a category assigned?.
-
#category_id ⇒ Integer
included
from Categorizable
The id of the category for this object.
-
#category_name ⇒ String
(also: #category)
included
from Categorizable
The name of the category for this object.
-
#category_object ⇒ JSS::Category
included
from Categorizable
The JSS::Category instance for this object’s category.
-
#clone(new_name, api: nil) ⇒ APIObject
included
from Creatable
make a clone of this API object, with a new name.
-
#create ⇒ Object
included
from SelfServable
HACK: ity hack hack…
-
#delete_file? ⇒ Boolean
(also: #delete_path?)
Should the searched-for path be deleted if found?.
-
#directory_binding_ids ⇒ Array
The id’s of the directory_bindings handled by the policy.
-
#directory_binding_names ⇒ Array
The names of the directory_bindings handled by the policy.
-
#disable ⇒ Object
Shortcut for endabled = false.
-
#do_not_reboot ⇒ void
Reboot Options Do Not Reboot Shortcut method to suppress Reboot Options.
-
#dock_item_ids ⇒ Array
The id’s of the dock_items handled by the policy.
-
#dock_item_names ⇒ Array
The names of the dock_items handled by the policy.
-
#enable ⇒ Object
Shortcut for enabled = true.
-
#evaluate_new_category(new_cat) ⇒ Array<String, Integer>
included
from Categorizable
Given a category name or id, return the name and id TODO: use APIObject.exist? and/or APIObject.valid_id.
-
#file_vault_2_reboot=(fv_bool) ⇒ void
Reboot Options FileVault Authenticated Reboot.
-
#flush_logs(older_than: 0, period: :days) ⇒ void
Flush all policy logs for this policy older than some number of days, weeks, months or years.
-
#initialize(args = {}) ⇒ Policy
constructor
A new instance of Policy.
-
#kill_process? ⇒ Boolean
Should the searched-for process be killed if found.
-
#locate_file ⇒ String
The term to seach for using the locate command.
-
#locate_file=(term) ⇒ void
Set the term to seach for using the locate command.
-
#minutes_until_reboot=(minutes) ⇒ void
Reboot Options Minutes Until Reboot.
-
#name=(newname) ⇒ void
included
from Updatable
Change the name of this item Remember to #update to push changes to the server.
-
#no_user_logged_in=(no_user_option) ⇒ void
What to do at reboot when No User Logged In.
-
#package_ids ⇒ Array
The id’s of the packages handled by the policy.
-
#package_names ⇒ Array
The names of the packages handled by the policy.
-
#parse_scope ⇒ void
included
from Scopable
private
Call this during initialization of objects that have a scope and the scope instance will be created from @init_data.
-
#printer_ids ⇒ Array
The id’s of the printers handled by the policy.
-
#printer_names ⇒ Array
The names of the printers handled by the policy.
-
#reboot_message=(message) ⇒ void
(also: #message=)
Set Reboot Message.
-
#reissue_key ⇒ Void
Sets the Disk Encryption application to “Remediate” and sets the remediation key type to individual.
-
#remove_directory_binding(identifier) ⇒ Array?
Remove a directory binding from this policy by name or id.
-
#remove_dock_item(identifier) ⇒ Object
Remove a dock item from the policy.
-
#remove_encryption_configuration ⇒ Void
Removes the Disk Encryption settings associated with this specific policy.
-
#remove_from_self_service ⇒ void
included
from SelfServable
Remove this object from self service if it’s there.
-
#remove_package(identifier) ⇒ Array?
Remove a package from this policy by name or id.
-
#remove_printer(identifier) ⇒ Array?
Remove a specific printer object from the policy.
-
#remove_script(identifier) ⇒ Array?
Remove a script from this policy by name or id.
-
#remove_self_service_category(cat) ⇒ void
included
from SelfServable
Remove a category from those for this item in SSvc.
-
#run(show_output = false) ⇒ Boolean?
(also: #execute)
Try to execute this policy on this machine.
-
#run_command ⇒ String
(also: #command_to_run)
The unix shell command to run on ths client.
-
#run_command=(command) ⇒ void
(also: #command_to_run=)
Set the unix shell command to be run on the client.
-
#script_ids ⇒ Array
The id’s of the scripts handled by the policy.
-
#script_names ⇒ Array
The names of the scripts handled by the policy.
-
#search_by_path ⇒ Pathname
The path to search for.
-
#search_for_process ⇒ String
The process name to search for on the client.
-
#self_service_execute_url ⇒ String
included
from SelfServable
The url to view this thing in Self Service.
-
#self_service_payload ⇒ Symbol
included
from SelfServable
What does this object deploy to the device via self service?.
-
#self_service_targets ⇒ Array<Symbol>
included
from SelfServable
What devices types can get this thing in Self Service.
-
#self_service_view_url ⇒ String
included
from SelfServable
The url to view this thing in Self Service.
-
#server_side_activation=(activation) ⇒ void
Set Server Side Activation.
-
#server_side_expiration=(expiration) ⇒ void
Set Server Side Expiration.
-
#set_management_account(action, **opts) ⇒ Object
Interact with management account settings.
-
#set_search_by_path(path, delete = false) ⇒ void
Set the path to search for, a String or Pathname, and whether or not to delete it if found.
-
#set_search_for_process(process, kill = false) ⇒ void
Set the process name to search for, and if it should be killed if found.
-
#set_trigger_event(type, new_val) ⇒ void
Change a trigger event.
-
#should_update ⇒ void
included
from Scopable
When the scope changes, it calls this to tell us that an update is needed.
-
#site=(new_site) ⇒ void
included
from Sitable
Change the site of this object.
-
#site_assigned? ⇒ Boolean
included
from Sitable
Does this object have a site assigned?.
-
#site_id ⇒ Integer
included
from Sitable
The id of the site for this object.
-
#site_name ⇒ String
(also: #site)
included
from Sitable
The name of the site for this object.
-
#site_object ⇒ JSS::Site
included
from Sitable
The JSS::Site instance for this object’s site.
-
#specify_startup=(startup_volume) ⇒ void
Specify Startup Volume Only Supports “Specify Local Startup Disk”.
-
#spotlight_search ⇒ String
The term to search for using spotlight.
-
#spotlight_search=(term) ⇒ void
Set the term to seach for using spotlight.
-
#startup_disk=(startup_disk_option) ⇒ void
Set Startup Disk Only Supports ‘Specify Local Startup Disk’ at the moment.
-
#unset_category ⇒ void
included
from Categorizable
Set the category to nothing.
-
#unset_site ⇒ void
included
from Sitable
Set the site to nothing.
-
#update ⇒ Object
included
from SelfServable
HACK: ity hack hack…
-
#update_locate_database=(bool) ⇒ void
Set whether or not to update the database used by the locate command.
-
#update_locate_database? ⇒ Boolean
Should we update the database used by the locate command?.
-
#upload(type, local_file) ⇒ String
included
from Uploadable
Upload a file to the JSS via the REST Resource of the object to which this module is mixed in.
-
#user_logged_in=(logged_in_option) ⇒ void
What to do at reboot when there is a User Logged In.
-
#user_message_end=(message) ⇒ void
(also: #user_message_finish=)
Set User Finish Message.
-
#user_removable? ⇒ Boolean?
included
from SelfServable
Can this thing be removed by the user?.
-
#verify_management_password(password) ⇒ Boolean
Check if management password matches provided password.
Constructor Details
#initialize(args = {}) ⇒ Policy
Returns a new instance of Policy.
611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 |
# File 'lib/jss/api_object/policy.rb', line 611 def initialize(args = {}) super if @in_jss gen = @init_data[:general] @frequency = gen[:frequency] @target_drive = gen[:target_drive] @offline = gen[:offline] @enabled = gen[:enabled] @site = JSS::APIObject.get_name(gen[:site][:name]) @override_default_settings = gen[:override_default_settings] @trigger = gen[:trigger] @trigger_events = { trigger_startup: gen[:trigger_startup], trigger_login: gen[:trigger_login], trigger_logout: gen[:trigger_logout], trigger_checkin: gen[:trigger_checkin], trigger_network_state_changed: gen[:trigger_network_state_changed], trigger_enrollment_complete: gen[:trigger_enrollment_complete], trigger_other: gen[:trigger_other] } dtl = gen[:date_time_limitations] @server_side_limitations = { activation: JSS.epoch_to_time(dtl[:activation_date_epoch]), expiration: JSS.epoch_to_time(dtl[:expiration_date_epoch]) } @client_side_limitations = { no_execute_on: dtl[:no_execute_on], # NOTE- there's a bug in the JSON output, it's been reported to JAMF. no_execute_start: dtl[:no_execute_start], # String like "1:01 AM" no_execute_end: dtl[:no_execute_end], # String like "2:02 PM" network_requirements: gen[:network_requirements] } maint = @init_data[:maintenance] @verify_startup_disk = maint[:verify] @permissions_repair = maint[:permissions] @recon = maint[:recon] @fix_byhost = maint[:byhost] @reset_name = maint[:reset_name] @flush_system_cache = maint[:system_cache] @install_cached_pkgs = maint[:install_all_cached_packages] @flush_user_cache = maint[:user_cache] amaint = @init_data[:account_maintenance] @directory_bindings = amaint[:directory_bindings] @open_firmware_efi_password = amaint[:open_firmware_efi_password] @management_account = amaint[:management_account] @accounts = amaint[:accounts] @packages = @init_data[:package_configuration][:packages] ? @init_data[:package_configuration][:packages] : [] @scripts = @init_data[:scripts] uint = @init_data[:user_interaction] @user_may_defer = uint[:allow_users_to_defer] @user_may_defer_until = JSS.parse_datetime uint[:allow_deferral_until_utc] @user_message_start = uint[:message_start] @user_message_finish = uint[:message_finish] @reboot_options = @init_data[:reboot] @files_processes = @init_data[:files_processes] @dock_items = @init_data[:dock_items] @disk_encryption = @init_data[:disk_encryption] @printers = @init_data[:printers] @printers.shift # Not in jss yet end # set non-nil defaults @enabled ||= false @frequency ||= 'Once per computer' @target_drive ||= '/' @offline ||= false @override_default_settings ||= {} @scripts ||= [] @server_side_limitations ||= {} @client_side_limitiations ||= {} @trigger_events ||= {} @directory_bindings ||= [] @open_firmware_efi_password ||= {} @management_account ||= {} @accounts ||= [] @packages ||= [] @scripts ||= [] @self_service ||= {} @dock_items ||= [] @disk_encryption ||= {} @printers ||= [] @files_processes ||= {} unless @reboot_options @reboot_options = {} @reboot_options[:user_logged_in] = 'Do not restart' @reboot_options[:no_user_logged_in] = 'Do not restart' end @scope ||= JSS::Scopable::Scope.new(:computers, all_computers: false) end |
Instance Attribute Details
#accounts ⇒ Array<Hash> (readonly)
Local accts acted-upon by this policy
Keys are:
-
:action => “Create”,
-
:hint => “foo bar”,
-
:picture => “/path/to/pic.tif”,
-
:admin => true,
-
:home => “/Users/chrisltest”,
-
:realname => “ChrisTest Lasell”,
-
:filevault_enabled => true,
-
:username => “chrisltest”,
-
:password_md5 => “3858f62230ac3c915f300c664312c63f”,
-
:password => “foobar”,
-
:password_sha256=> “c3ab8ff13720e8ad9047dd39466b3c8974e592c2fa383d4a3960714caef0c4f2”
TODO: make individial getters/setters as for @files_processes
496 497 498 |
# File 'lib/jss/api_object/policy.rb', line 496 def accounts @accounts end |
#client_side_limitations ⇒ Hash (readonly)
The client-side limitations of this policy.
The keys are:
-
:no_execute_on - An array of short day names as strings, e.g. [“Sun”, “Mon”, “Tue”]
-
:no_execute_start - Time
-
:no_execute_end - Time
-
:network_connection - String
The data for the first three comes from the API in the date_time_limitations hash of the general section. The fourth comes from the network_requirements of the general section of the API, but the UI shows them in the Client Side Limitations area.
This attribute is just for convience and consistency, and just refers to the data in their API locations
385 386 387 |
# File 'lib/jss/api_object/policy.rb', line 385 def client_side_limitations @client_side_limitations end |
#directory_bindings ⇒ Array<Hash> (readonly)
The directory bindings applied
each hash is like: {:name => “LDAP”, :id => 4} TODO: handle as for packages & scripts
459 460 461 |
# File 'lib/jss/api_object/policy.rb', line 459 def directory_bindings @directory_bindings end |
#disk_encryption ⇒ Hash (readonly)
Disk encryption options for this policy
The hash looks like {:disk_encryption_configuration_id => 3, :action => “apply”}
596 597 598 |
# File 'lib/jss/api_object/policy.rb', line 596 def disk_encryption @disk_encryption end |
#dock_items ⇒ Array<Hash> (readonly)
The dock items handled by this policy
each item hash looks like: {:name => “Mail”, :id => 14, :action => “Add To Beginning”}
589 590 591 |
# File 'lib/jss/api_object/policy.rb', line 589 def dock_items @dock_items end |
#enabled ⇒ Boolean Also known as: enabled?
Returns is the policy enabled?.
303 304 305 |
# File 'lib/jss/api_object/policy.rb', line 303 def enabled @enabled end |
#fix_byhost ⇒ Boolean
Should this policy fix the ByHost prefs?
435 436 437 |
# File 'lib/jss/api_object/policy.rb', line 435 def fix_byhost @fix_byhost end |
#flush_system_cache ⇒ Boolean
Should this policy flush the system cache?
443 444 445 |
# File 'lib/jss/api_object/policy.rb', line 443 def flush_system_cache @flush_system_cache end |
#flush_user_cache ⇒ Boolean
Should this policy flush the user cache?
451 452 453 |
# File 'lib/jss/api_object/policy.rb', line 451 def flush_user_cache @flush_user_cache end |
#frequency ⇒ String
Returns how often to run the policy on each computer.
294 295 296 |
# File 'lib/jss/api_object/policy.rb', line 294 def frequency @frequency end |
#icon ⇒ JSS::Icon? Also known as: self_service_icon Originally defined in module SelfServable
Returns The icon used in self-service.
#in_self_service ⇒ Boolean (readonly) Also known as: in_self_service? Originally defined in module SelfServable
Returns Is this thing available in Self Service?.
#install_cached_pkgs ⇒ Boolean
Should this policy install any cached JSS packages?
447 448 449 |
# File 'lib/jss/api_object/policy.rb', line 447 def install_cached_pkgs @install_cached_pkgs end |
#management_account ⇒ Hash (readonly)
The management accout changes applied by the policy
The keys are:
-
:action see MGMT_ACCOUNT_ACTIONS
-
:managed_password
-
:managed_password_md5
-
:managed_password_sha256
-
:managed_password_length # for random generating pws
TODO: make individial getters/setters as for @files_processes
476 477 478 |
# File 'lib/jss/api_object/policy.rb', line 476 def management_account @management_account end |
#need_to_update ⇒ Boolean (readonly) Originally defined in module Updatable
Returns do we have unsaved changes?.
#offline ⇒ Boolean
Returns should be policy be available offline.
300 301 302 |
# File 'lib/jss/api_object/policy.rb', line 300 def offline @offline end |
#open_firmware_efi_password ⇒ Hash (readonly)
Returns the open firmware mode and password.
462 463 464 |
# File 'lib/jss/api_object/policy.rb', line 462 def open_firmware_efi_password @open_firmware_efi_password end |
#override_default_settings ⇒ Hash (readonly)
Overrides for various defaults
NOTE: There’s an API bug in both XML and JSON with the
:distribution_point and :target_drive values.
First off, it's not clear what the :target_drive value here
is overriding, since there's a :target_drive value in the
main General hash.
Second off - when you set a non-default dist.point in the
packages section of the UI, that value shows up in both
this :target_drive and the general one, but the :distribution_point
value here stays empty.
The hash looks like: :distribution_point => “”, :force_afp_smb => false, :netboot_server => “current”, :target_drive => “default”, :sus => “default”
330 331 332 |
# File 'lib/jss/api_object/policy.rb', line 330 def override_default_settings @override_default_settings end |
#packages ⇒ Array<Hash> (readonly) Also known as: pkgs
The pkgs handled by this policy
Hash keys are:
-
:action => “Install”
-
:update_autorun => false,
-
:feu => false,
-
:name => “rbgem-json-1.6.5-4.pkg”,
-
:id => 1073
509 510 511 |
# File 'lib/jss/api_object/policy.rb', line 509 def packages @packages end |
#permissions_repair ⇒ Boolean
Should this policy run a permission repair?
426 427 428 |
# File 'lib/jss/api_object/policy.rb', line 426 def @permissions_repair end |
#printers ⇒ Array<Hash> (readonly)
The printers handled by this policy
Each Hash looks like: {:make_default => false, :name => “torlan”, :id => 3, :action => “install”}
603 604 605 |
# File 'lib/jss/api_object/policy.rb', line 603 def printers @printers end |
#reboot_options ⇒ Hash (readonly)
Reboot options for the policy
The hash keys are:
-
:user_logged_in => “Do not restart”,
-
:minutes_until_reboot => 5,
-
:message=> “This computer will restart in 5 minutes. yaddayadda.”,
-
:startup_disk => “Current Startup Disk”,
-
:specify_startup => “”,
-
:no_user_logged_in => “Do not restart”
-
:file_vault_2_reboot => false
567 568 569 |
# File 'lib/jss/api_object/policy.rb', line 567 def @reboot_options end |
#recon ⇒ Boolean Also known as: update_inventory
Should this policy run a recon?
430 431 432 |
# File 'lib/jss/api_object/policy.rb', line 430 def recon @recon end |
#reset_name ⇒ Boolean
Should this policy reset the local hostname?
439 440 441 |
# File 'lib/jss/api_object/policy.rb', line 439 def reset_name @reset_name end |
#scripts ⇒ Array<Hash> (readonly)
The scripts run by this policy
Hash keys are:
-
:name => “chromegetter.sh”,
-
:parameter4 => “”,
-
:parameter5 => “”,
-
:parameter6 => “”,
-
:parameter7 => “”,
-
:parameter8 => “”,
-
:parameter9 => “”,
-
:parameter10 => “”,
-
:parameter11 => “”,
-
:id => 1428,
-
:priority => “After”
529 530 531 |
# File 'lib/jss/api_object/policy.rb', line 529 def scripts @scripts end |
#self_service_categories ⇒ Array<Hash> (readonly) Originally defined in module SelfServable
Each Hash has these keys about the category
-
:id => [Integer] the JSS id of the category
-
:name => [String] the name of the category
Most objects also include one or both of these keys:
-
:display_in => [Boolean] should the item be displayed in this category in SSvc? (not MobDevConfProfiles)
-
:feature_in => [Boolean] should the item be featured in this category in SSVC? (macOS targets only)
#self_service_description ⇒ String Originally defined in module SelfServable
Returns The verbage that appears in SelfSvc for this item.
#self_service_display_name ⇒ String Also known as: self_service_dislay_name Originally defined in module SelfServable
Returns The name to display in macOS Self Service.
#self_service_feature_on_main_page ⇒ Boolean Originally defined in module SelfServable
Only applicable to macOS targets
#self_service_force_users_to_view_description ⇒ Boolean Originally defined in module SelfServable
Returns Should an extra window appear before the user can install the item? (OSX SSvc only).
#self_service_install_button_text ⇒ String Originally defined in module SelfServable
defaults to ‘Install’
#self_service_notification_message ⇒ String Originally defined in module SelfServable
Returns The message text of the notification.
#self_service_notification_subject ⇒ String Originally defined in module SelfServable
object name.
#self_service_notification_type ⇒ Symbol Originally defined in module SelfServable
Returns How should notifications be sent either :ssvc_only or :ssvc_and_nctr.
#self_service_notifications_enabled ⇒ Boolean Also known as: self_service_notifications_enabled? Originally defined in module SelfServable
Returns Should jamf send notifications to self service?.
#self_service_reinstall_button_text ⇒ String Originally defined in module SelfServable
defaults to ‘Reinstall’
#self_service_reminder_frequency ⇒ Integer Originally defined in module SelfServable
Returns How often (in days) should reminders be given.
#self_service_reminders_enabled ⇒ Boolean Also known as: self_service_reminders_enabled? Originally defined in module SelfServable
Returns Should self service give reminders by displaying the notification repeatedly?.
#self_service_removal_password ⇒ String (readonly) Originally defined in module SelfServable
Returns The password needed for removal, in plain text.
#self_service_user_removable ⇒ Symbol Originally defined in module SelfServable
Returns one of the keys in PROFILE_REMOVAL_BY_USER.
#server_side_limitations ⇒ Hash (readonly)
The server-side limitations of this policy.
The keys are :activation and :expiration, both are Times.
the data comes from the API in the date_time_limitations hash of the general section, but the UI shows them in the Server Side Limitations area. This attribute is just for convience and consistency, and just refers to the data in their API locations
367 368 369 |
# File 'lib/jss/api_object/policy.rb', line 367 def server_side_limitations @server_side_limitations end |
#site ⇒ String (readonly)
Returns a string with the site name.
307 308 309 |
# File 'lib/jss/api_object/policy.rb', line 307 def site @site end |
#target_drive ⇒ String
Returns which drive should the policy target.
297 298 299 |
# File 'lib/jss/api_object/policy.rb', line 297 def target_drive @target_drive end |
#trigger ⇒ String (readonly)
Either EVENT or USER_INITIATED
If it’s EVENT, then one or more of the members @trigger_events must true.
392 393 394 |
# File 'lib/jss/api_object/policy.rb', line 392 def trigger @trigger end |
#trigger_events ⇒ Hash (readonly)
The triggers that cause this policy to execute on a client when the @trigger is “EVENT”
This is a hash with the following keys. Each comes from the API as a key in the :general hash, but they make more sense separated out like this.
-
:trigger_startup => Bool
-
:trigger_login => Bool
-
:trigger_logout => Bool
-
:trigger_checkin => Bool
-
:trigger_network_state_changed => Bool
-
:trigger_enrollment_complete => Bool
-
:trigger_other => the String that causes a custom trigger
To edit a value, call
set_trigger_event(type, new_val)
where type is one of the keys in TRIGGER_EVENTS and new val is the new value (usually boolean)
413 414 415 |
# File 'lib/jss/api_object/policy.rb', line 413 def trigger_events @trigger_events end |
#user_may_defer ⇒ Boolean (readonly)
Returns can the user defer the policy?.
542 543 544 |
# File 'lib/jss/api_object/policy.rb', line 542 def user_may_defer @user_may_defer end |
#user_may_defer_until ⇒ Time (readonly)
Returns when is the user no longer allowed to defer?.
545 546 547 |
# File 'lib/jss/api_object/policy.rb', line 545 def user_may_defer_until @user_may_defer_until end |
#user_message_finish ⇒ String (readonly) Also known as: user_message_end
Returns the message shown the user at policy end.
551 552 553 |
# File 'lib/jss/api_object/policy.rb', line 551 def @user_message_finish end |
#user_message_start ⇒ String
Returns the message shown the user at policy start.
548 549 550 |
# File 'lib/jss/api_object/policy.rb', line 548 def @user_message_start end |
#verify_startup_disk ⇒ Boolean
Should this policy verify the startup disk?
422 423 424 |
# File 'lib/jss/api_object/policy.rb', line 422 def verify_startup_disk @verify_startup_disk end |
Instance Method Details
#add_directory_binding(identifier, **opts) ⇒ Array?
Add a Directory Bidning to the list of directory_bindings handled by this policy. If the directory binding already exists in the policy, nil is returned and no changes are made.
1341 1342 1343 1344 1345 1346 1347 1348 1349 1350 1351 1352 1353 1354 1355 1356 1357 |
# File 'lib/jss/api_object/policy.rb', line 1341 def add_directory_binding(identifier, **opts) id = validate_directory_binding_opts identifier, opts return nil if @directory_bindings.map { |s| s[:id] }.include? id name = JSS::DirectoryBinding.map_all_ids_to(:name, api: @api)[id] directory_binding_data = { id: id, name: name } @directory_bindings.insert opts[:position], directory_binding_data @need_to_update = true @directory_bindings end |
#add_dock_item(identifier, action) ⇒ Object
Add a dock item to the policy
1439 1440 1441 1442 1443 1444 1445 1446 1447 1448 1449 1450 1451 1452 1453 1454 |
# File 'lib/jss/api_object/policy.rb', line 1439 def add_dock_item(identifier, action) id = JSS::DockItem.valid_id identifier, api: @api raise JSS::NoSuchItemError, "No Dock Item matches '#{identifier}'" unless id raise JSS::InvalidDataError, "Action must be one of: :#{DOCK_ITEM_ACTIONS.keys.join ', :'}" unless DOCK_ITEM_ACTIONS.include? action return nil if @dock_items.map { |d| d[:id] }.include? id name = JSS::DockItem.map_all_ids_to(:name, api: @api)[id] @dock_items << {id: id, name: name, action: DOCK_ITEM_ACTIONS[action]} @need_to_update = true @dock_items end |
#add_package(identifier, **opts) ⇒ Array?
Add a package to the list of pkgs handled by this policy. If the pkg already exists in the policy, nil is returned and no changes are made.
1193 1194 1195 1196 1197 1198 1199 1200 1201 1202 1203 1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 |
# File 'lib/jss/api_object/policy.rb', line 1193 def add_package(identifier, **opts) id = validate_package_opts(identifier, opts) return nil if @packages.map { |p| p[:id] }.include? id name = JSS::Package.map_all_ids_to(:name, api: @api)[id] pkg_data = { id: id, name: name, action: PACKAGE_ACTIONS[opts[:action]], feu: opts[:feu], fut: opts[:feu], update_autorun: opts[:update_autorun] } @packages.insert opts[:position], pkg_data @need_to_update = true @packages end |
#add_printer(identifier, **opts) ⇒ String
Add a specific printer object to the policy.
1403 1404 1405 1406 1407 1408 1409 1410 1411 1412 1413 1414 1415 1416 1417 1418 1419 1420 1421 |
# File 'lib/jss/api_object/policy.rb', line 1403 def add_printer(identifier, **opts) id = validate_printer_opts identifier, opts return nil if @printers.map { |p| p[:id] }.include? id name = JSS::Printer.map_all_ids_to(:name, api: @api)[id] printer_data = { id: id, name: name, action: PRINTER_ACTIONS[opts[:action]], make_default: opts[:make_default] } @printers.insert opts[:position], printer_data @need_to_update = true @printers end |
#add_script(identifier, **opts) ⇒ Array?
Add a script to the list of SCRIPT_PRIORITIESipts run by this policy. If the script already exists in the policy, nil is returned and no changes are made.
1278 1279 1280 1281 1282 1283 1284 1285 1286 1287 1288 1289 1290 1291 1292 1293 1294 1295 1296 1297 1298 1299 1300 1301 1302 1303 |
# File 'lib/jss/api_object/policy.rb', line 1278 def add_script(identifier, **opts) id = validate_script_opts(identifier, opts) return nil if @scripts.map { |s| s[:id] }.include? id name = JSS::Script.map_all_ids_to(:name, api: @api)[id] script_data = { id: id, name: name, priority: SCRIPT_PRIORITIES[opts[:priority]], parameter4: opts[:parameter4], parameter5: opts[:parameter5], parameter6: opts[:parameter6], parameter7: opts[:parameter7], parameter8: opts[:parameter8], parameter9: opts[:parameter9], parameter10: opts[:parameter10], parameter11: opts[:parameter11] } @scripts.insert opts[:position], script_data @need_to_update = true @scripts end |
#add_self_service_category(new_cat, display_in: true, feature_in: false) ⇒ void Also known as: set_self_service_category, change_self_service_category Originally defined in module SelfServable
This method returns an undefined value.
Add or change one of the categories for this item in self service
#add_to_self_service ⇒ void Originally defined in module SelfServable
This method returns an undefined value.
Add this object to self service if not already there.
#apply_encryption_configuration(identifier) ⇒ Void
Sets the Disk Encryption application to “Apply” and sets the correct disk encryption configuration ID using either the name or id.
1517 1518 1519 1520 1521 1522 1523 1524 1525 1526 1527 1528 1529 1530 1531 |
# File 'lib/jss/api_object/policy.rb', line 1517 def apply_encryption_configuration(identifier) id = JSS::DiskEncryptionConfiguration.valid_id identifier return if id.nil? hash = { action: DISK_ENCRYPTION_ACTIONS[:apply], disk_encryption_configuration_id: id, auth_restart: false } @disk_encryption = hash @need_to_update = true end |
#category=(new_cat) ⇒ void Originally defined in module Categorizable
This method returns an undefined value.
Change the category of this object. Any of the NON_CATEGORIES values will unset the category
#category_assigned? ⇒ Boolean Also known as: categorized? Originally defined in module Categorizable
Does this object have a category assigned?
#category_id ⇒ Integer Originally defined in module Categorizable
The id of the category for this object.
#category_name ⇒ String Also known as: category Originally defined in module Categorizable
The name of the category for this object. For backward compatibility, this is aliased to just ‘category’
#category_object ⇒ JSS::Category Originally defined in module Categorizable
The JSS::Category instance for this object’s category
#clone(new_name, api: nil) ⇒ APIObject Originally defined in module Creatable
make a clone of this API object, with a new name. The class must be creatable
#create ⇒ Object Originally defined in module SelfServable
HACK: ity hack hack… remove when jamf fixes these bugs
#delete_file? ⇒ Boolean Also known as: delete_path?
Returns Should the searched-for path be deleted if found?.
1097 1098 1099 |
# File 'lib/jss/api_object/policy.rb', line 1097 def delete_file? @files_processes[:delete_file] end |
#directory_binding_ids ⇒ Array
Returns the id’s of the directory_bindings handled by the policy.
1320 1321 1322 |
# File 'lib/jss/api_object/policy.rb', line 1320 def directory_binding_ids @directory_bindings.map { |p| p[:id] } end |
#directory_binding_names ⇒ Array
Returns the names of the directory_bindings handled by the policy.
1325 1326 1327 |
# File 'lib/jss/api_object/policy.rb', line 1325 def directory_binding_names @directory_bindings.map { |p| p[:name] } end |
#disable ⇒ Object
Shortcut for endabled = false
737 738 739 |
# File 'lib/jss/api_object/policy.rb', line 737 def disable self.enabled = false end |
#do_not_reboot ⇒ void
This method returns an undefined value.
Reboot Options Do Not Reboot Shortcut method to suppress Reboot Options
984 985 986 987 988 |
# File 'lib/jss/api_object/policy.rb', line 984 def do_not_reboot @reboot_options[:user_logged_in] = 'Do not restart' @reboot_options[:no_user_logged_in] = 'Do not restart' @need_to_update = true end |
#dock_item_ids ⇒ Array
Returns the id’s of the dock_items handled by the policy.
1375 1376 1377 |
# File 'lib/jss/api_object/policy.rb', line 1375 def dock_item_ids @dock_items.map { |p| p[:id] } end |
#dock_item_names ⇒ Array
Returns the names of the dock_items handled by the policy.
1380 1381 1382 |
# File 'lib/jss/api_object/policy.rb', line 1380 def dock_item_names @dock_items.map { |p| p[:name] } end |
#enable ⇒ Object
Shortcut for enabled = true
732 733 734 |
# File 'lib/jss/api_object/policy.rb', line 732 def enable self.enabled = true end |
#evaluate_new_category(new_cat) ⇒ Array<String, Integer> Originally defined in module Categorizable
Given a category name or id, return the name and id TODO: use APIObject.exist? and/or APIObject.valid_id
#file_vault_2_reboot=(fv_bool) ⇒ void
This method returns an undefined value.
Reboot Options FileVault Authenticated Reboot
1010 1011 1012 1013 1014 |
# File 'lib/jss/api_object/policy.rb', line 1010 def file_vault_2_reboot=(fv_bool) raise JSS::InvalidDataError, 'FileVault 2 Reboot must be a Boolean' unless fv_bool.jss_boolean? @reboot_options[:file_vault_2_reboot] = fv_bool @need_to_update = true end |
#flush_logs(older_than: 0, period: :days) ⇒ void
This method returns an undefined value.
Flush all policy logs for this policy older than some number of days, weeks, months or years.
With no parameters, flushes all logs
NOTE: Currently the API doesn’t have a way to flush only failed policies.
1638 1639 1640 1641 1642 1643 1644 1645 1646 1647 1648 1649 1650 1651 1652 |
# File 'lib/jss/api_object/policy.rb', line 1638 def flush_logs(older_than: 0, period: :days) raise JSS::NoSuchItemError, "Policy doesn't exist in the JSS. Use #create first." unless @in_jss unless LOG_FLUSH_INTERVAL_INTEGERS.key?(older_than) raise JSS::InvalidDataError, "older_than must be one of these integers: #{LOG_FLUSH_INTERVAL_INTEGERS.keys.join ', '}" end unless LOG_FLUSH_INTERVAL_PERIODS.key?(period) raise JSS::InvalidDataError, "period must be one of these symbols: :#{LOG_FLUSH_INTERVAL_PERIODS.keys.join ', :'}" end interval = "#{LOG_FLUSH_INTERVAL_INTEGERS[older_than]}+#{LOG_FLUSH_INTERVAL_PERIODS[period]}" @api.delete_rsrc "#{LOG_FLUSH_RSRC}/policy/id/#{@id}/interval/#{interval}" end |
#kill_process? ⇒ Boolean
Returns Should the searched-for process be killed if found.
1063 1064 1065 |
# File 'lib/jss/api_object/policy.rb', line 1063 def kill_process? @files_processes[:kill_process] end |
#locate_file ⇒ String
Returns The term to seach for using the locate command.
1141 1142 1143 |
# File 'lib/jss/api_object/policy.rb', line 1141 def locate_file @files_processes[:locate_file] end |
#locate_file=(term) ⇒ void
This method returns an undefined value.
Set the term to seach for using the locate command
1151 1152 1153 1154 1155 |
# File 'lib/jss/api_object/policy.rb', line 1151 def locate_file=(term) raise JSS::InvalidDataError, 'Term to locate must be a String' unless term.is_a? String @files_processes[:locate_file] = term @need_to_update = true end |
#minutes_until_reboot=(minutes) ⇒ void
This method returns an undefined value.
Reboot Options Minutes Until Reboot
997 998 999 1000 1001 |
# File 'lib/jss/api_object/policy.rb', line 997 def minutes_until_reboot=(minutes) raise JSS::InvalidDataError, 'Minutes until reboot must be an Integer' unless minutes.is_a? Integer @reboot_options[:minutes_until_reboot] = minutes @need_to_update = true end |
#name=(newname) ⇒ void Originally defined in module Updatable
This method returns an undefined value.
Change the name of this item Remember to #update to push changes to the server.
#no_user_logged_in=(no_user_option) ⇒ void
This method returns an undefined value.
What to do at reboot when No User Logged In
896 897 898 899 900 |
# File 'lib/jss/api_object/policy.rb', line 896 def no_user_logged_in=(no_user_option) raise JSS::InvalidDataError, "no_user_logged_in options: #{NO_USER_LOGGED_IN.join(', ')}" unless NO_USER_LOGGED_IN.include? no_user_option @reboot_options[:no_user_logged_in] = no_user_option @need_to_update = true end |
#package_ids ⇒ Array
Returns the id’s of the packages handled by the policy.
1164 1165 1166 |
# File 'lib/jss/api_object/policy.rb', line 1164 def package_ids @packages.map { |p| p[:id] } end |
#package_names ⇒ Array
Returns the names of the packages handled by the policy.
1169 1170 1171 |
# File 'lib/jss/api_object/policy.rb', line 1169 def package_names @packages.map { |p| p[:name] } end |
#parse_scope ⇒ void Originally defined in module Scopable
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
This method returns an undefined value.
Call this during initialization of objects that have a scope and the scope instance will be created from @init_data
#printer_ids ⇒ Array
Returns the id’s of the printers handled by the policy.
1465 1466 1467 1468 1469 1470 1471 |
# File 'lib/jss/api_object/policy.rb', line 1465 def printer_ids begin @printers.map { |p| p[:id] } rescue TypeError return [] end end |
#printer_names ⇒ Array
Returns the names of the printers handled by the policy.
1474 1475 1476 1477 1478 1479 1480 |
# File 'lib/jss/api_object/policy.rb', line 1474 def printer_names begin @printers.map { |p| p[:name] } rescue TypeError return [] end end |
#reboot_message=(message) ⇒ void Also known as: message=
This method returns an undefined value.
Set Reboot Message
920 921 922 923 924 |
# File 'lib/jss/api_object/policy.rb', line 920 def () raise JSS::InvalidDataError, 'Reboot message must be a String' unless .is_a? String @reboot_options[:message] = @need_to_update = true end |
#reissue_key ⇒ Void
Sets the Disk Encryption application to “Remediate” and sets the remediation key type to individual.
1492 1493 1494 1495 1496 1497 1498 1499 1500 1501 1502 1503 1504 1505 1506 1507 1508 |
# File 'lib/jss/api_object/policy.rb', line 1492 def reissue_key() if @disk_encryption[:action] != DISK_ENCRYPTION_ACTIONS[:remediate] # Setting New Action hash = { action: DISK_ENCRYPTION_ACTIONS[:remediate], remediate_key_type: "Individual" } @disk_encryption = hash @need_to_update = true else # Update return end end |
#remove_directory_binding(identifier) ⇒ Array?
Remove a directory binding from this policy by name or id
1366 1367 1368 1369 1370 |
# File 'lib/jss/api_object/policy.rb', line 1366 def remove_directory_binding(identifier) removed = @directory_bindings.delete_if { |s| s[:id] == identifier || s[:name] == identifier } @need_to_update = true if removed removed end |
#remove_dock_item(identifier) ⇒ Object
Remove a dock item from the policy
1457 1458 1459 1460 1461 1462 |
# File 'lib/jss/api_object/policy.rb', line 1457 def remove_dock_item(identifier) # TODO: Add validation against JSS::DockItem removed = @dock_items.delete_if { |d| d[:id] == identifier || d[:name] == identifier } @need_to_update = true if removed removed end |
#remove_encryption_configuration ⇒ Void
Removes the Disk Encryption settings associated with this specific policy.
1540 1541 1542 1543 1544 1545 1546 1547 |
# File 'lib/jss/api_object/policy.rb', line 1540 def remove_encryption_configuration() hash = { action: DISK_ENCRYPTION_ACTIONS[:none] } @disk_encryption = hash @need_to_update = true end |
#remove_from_self_service ⇒ void Originally defined in module SelfServable
This method returns an undefined value.
Remove this object from self service if it’s there.
#remove_package(identifier) ⇒ Array?
Remove a package from this policy by name or id
1221 1222 1223 1224 1225 |
# File 'lib/jss/api_object/policy.rb', line 1221 def remove_package(identifier) removed = @packages.delete_if { |p| p[:id] == identifier || p[:name] == identifier } @need_to_update = true if removed removed end |
#remove_printer(identifier) ⇒ Array?
Remove a specific printer object from the policy.
1431 1432 1433 1434 1435 1436 |
# File 'lib/jss/api_object/policy.rb', line 1431 def remove_printer(identifier) removed = @printers.delete_if { |p| p[:id] == identifier || p[:name] == identifier } @need_to_update = true removed end |
#remove_script(identifier) ⇒ Array?
Remove a script from this policy by name or id
1311 1312 1313 1314 1315 |
# File 'lib/jss/api_object/policy.rb', line 1311 def remove_script(identifier) removed = @scripts.delete_if { |s| s[:id] == identifier || s[:name] == identifier } @need_to_update = true if removed removed end |
#remove_self_service_category(cat) ⇒ void Originally defined in module SelfServable
This method returns an undefined value.
Remove a category from those for this item in SSvc
#run(show_output = false) ⇒ Boolean? Also known as: execute
Try to execute this policy on this machine.
1616 1617 1618 1619 1620 1621 |
# File 'lib/jss/api_object/policy.rb', line 1616 def run(show_output = false) return nil unless enabled? output = JSS::Client.run_jamf('policy', "-id #{id}", show_output) return nil if output.include? 'No policies were found for the ID' $CHILD_STATUS.exitstatus.zero? ? true : false end |
#run_command ⇒ String Also known as: command_to_run
Returns The unix shell command to run on ths client.
1020 1021 1022 |
# File 'lib/jss/api_object/policy.rb', line 1020 def run_command @files_processes[:run_command] end |
#run_command=(command) ⇒ void Also known as: command_to_run=
This method returns an undefined value.
Set the unix shell command to be run on the client
1031 1032 1033 1034 1035 |
# File 'lib/jss/api_object/policy.rb', line 1031 def run_command=(command) raise JSS::InvalidDataError, 'Command to run must be a String' unless command.is_a? String @files_processes[:run_command] = command @need_to_update = true end |
#script_ids ⇒ Array
Returns the id’s of the scripts handled by the policy.
1230 1231 1232 |
# File 'lib/jss/api_object/policy.rb', line 1230 def script_ids @scripts.map { |p| p[:id] } end |
#script_names ⇒ Array
Returns the names of the scripts handled by the policy.
1235 1236 1237 |
# File 'lib/jss/api_object/policy.rb', line 1235 def script_names @scripts.map { |p| p[:name] } end |
#search_by_path ⇒ Pathname
Returns The path to search for.
1087 1088 1089 1090 1091 1092 1093 |
# File 'lib/jss/api_object/policy.rb', line 1087 def search_by_path if @files_processes[:search_by_path].nil? return nil else Pathname.new @files_processes[:search_by_path] end end |
#search_for_process ⇒ String
Returns The process name to search for on the client.
1057 1058 1059 |
# File 'lib/jss/api_object/policy.rb', line 1057 def search_for_process @files_processes[:search_for_process] end |
#self_service_execute_url ⇒ String Originally defined in module SelfServable
Returns The url to view this thing in Self Service.
#self_service_payload ⇒ Symbol Originally defined in module SelfServable
What does this object deploy to the device via self service?
#self_service_targets ⇒ Array<Symbol> Originally defined in module SelfServable
What devices types can get this thing in Self Service
#self_service_view_url ⇒ String Originally defined in module SelfServable
Returns The url to view this thing in Self Service.
#server_side_activation=(activation) ⇒ void
This method returns an undefined value.
Set Server Side Activation
802 803 804 805 806 |
# File 'lib/jss/api_object/policy.rb', line 802 def server_side_activation=(activation) raise JSS::InvalidDataError, 'Activation must be a Time' unless activation.is_a? Time @server_side_limitations[:activation] = activation @need_to_update = true end |
#server_side_expiration=(expiration) ⇒ void
This method returns an undefined value.
Set Server Side Expiration
814 815 816 817 818 |
# File 'lib/jss/api_object/policy.rb', line 814 def server_side_expiration=(expiration) raise JSS::InvalidDataError, 'Expiration must be a Time' unless expiration.is_a? Time @server_side_limitations[:expiration] = expiration @need_to_update = true end |
#set_management_account(action, **opts) ⇒ Object
Interact with management account settings
Reference: developer.jamf.com/documentation#resources-with-passwords
1557 1558 1559 1560 1561 1562 1563 1564 1565 1566 1567 1568 1569 1570 1571 1572 1573 1574 1575 1576 1577 1578 1579 1580 1581 1582 1583 1584 1585 1586 1587 1588 1589 1590 |
# File 'lib/jss/api_object/policy.rb', line 1557 def set_management_account(action, **opts) # TODO: Add proper error handling raise JSS::InvalidDataError, "Action must be one of: :#{MGMT_ACCOUNT_ACTIONS.keys.join ', :'}" unless MGMT_ACCOUNT_ACTIONS.include? action management_data = {} if action == :change_pw || action == :reset_pw raise JSS::MissingDataError, ":password must be provided when changing management account password" if opts[:password].nil? management_data = { action: MGMT_ACCOUNT_ACTIONS[action], managed_password: opts[:password] } elsif action == :reset_random || action == :generate_pw raise JSS::MissingDataError, ":password_length must be provided when setting a random password" if opts[:password_length].nil? raise JSS::InvalidDataError, ":password_length must be an Integer" unless opts[:password_length].is_a? Integer management_data = { action: MGMT_ACCOUNT_ACTIONS[action], managed_password_length: opts[:password_length] } else management_data = { action: MGMT_ACCOUNT_ACTIONS[action] } end @management_account = management_data @need_to_update = true @management_account end |
#set_search_by_path(path, delete = false) ⇒ void
This method returns an undefined value.
Set the path to search for, a String or Pathname, and whether or not to delete it if found.
Setter methods (which end with =) can’t easily take multiple arguments, so we instead name them “set_blah_blah” rather than “blah_blah=”
1114 1115 1116 1117 1118 1119 |
# File 'lib/jss/api_object/policy.rb', line 1114 def set_search_by_path(path, delete = false) raise JSS::InvalidDataError, 'Path to search for must be a String or a Pathname' unless path.is_a?(String) || path.is_a?(Pathname) @files_processes[:search_by_path] = path.to_s @files_processes[:delete_file] = delete ? true : false @need_to_update = true end |
#set_search_for_process(process, kill = false) ⇒ void
This method returns an undefined value.
Set the process name to search for, and if it should be killed if found.
Setter methods (which end with =) can’t easily take multiple arguments, so we instead name them “set_blah_blah” rather than “blah_blah=”
1079 1080 1081 1082 1083 |
# File 'lib/jss/api_object/policy.rb', line 1079 def set_search_for_process(process, kill = false) @files_processes[:search_for_process] = process.to_s @files_processes[:kill_process] = kill ? true : false @need_to_update = true end |
#set_trigger_event(type, new_val) ⇒ void
This method returns an undefined value.
Change a trigger event
785 786 787 788 789 790 791 792 793 794 |
# File 'lib/jss/api_object/policy.rb', line 785 def set_trigger_event(type, new_val) raise JSS::InvalidDataError, "Trigger type must be one of #{TRIGGER_EVENTS.keys.join(', ')}" unless TRIGGER_EVENTS.key?(type) if type == :custom raise JSS::InvalidDataError, 'Custom triggers must be Strings' unless new_val.is_a? String else raise JSS::InvalidDataError, 'Non-custom triggers must be true or false' unless JSS::TRUE_FALSE.include? new_val end @trigger_events[TRIGGER_EVENTS[type]] = new_val @need_to_update = true end |
#should_update ⇒ void Originally defined in module Scopable
This method returns an undefined value.
When the scope changes, it calls this to tell us that an update is needed.
#site=(new_site) ⇒ void Originally defined in module Sitable
This method returns an undefined value.
Change the site of this object. Any of the NON_SITES values will unset the site
#site_assigned? ⇒ Boolean Originally defined in module Sitable
Does this object have a site assigned?
#site_id ⇒ Integer Originally defined in module Sitable
The id of the site for this object.
#site_name ⇒ String Also known as: site Originally defined in module Sitable
The name of the site for this object. For backward compatibility, this is aliased to just ‘site’
#site_object ⇒ JSS::Site Originally defined in module Sitable
The JSS::Site instance for this object’s site
#specify_startup=(startup_volume) ⇒ void
This method returns an undefined value.
Specify Startup Volume Only Supports “Specify Local Startup Disk”
972 973 974 975 976 |
# File 'lib/jss/api_object/policy.rb', line 972 def specify_startup=(startup_volume) raise JSS::InvalidDataError, "#{startup_volume} is not a valid Startup Disk" unless startup_volume.is_a? String @reboot_options[:specify_startup] = startup_volume @need_to_update = true end |
#spotlight_search ⇒ String
Returns The term to search for using spotlight.
1123 1124 1125 |
# File 'lib/jss/api_object/policy.rb', line 1123 def spotlight_search @files_processes[:spotlight_search] end |
#spotlight_search=(term) ⇒ void
This method returns an undefined value.
Set the term to seach for using spotlight
1133 1134 1135 1136 1137 |
# File 'lib/jss/api_object/policy.rb', line 1133 def spotlight_search=(term) raise JSS::InvalidDataError, 'Spotlight search term must be a String' unless term.is_a? String @files_processes[:spotlight_search] = term @need_to_update = true end |
#startup_disk=(startup_disk_option) ⇒ void
This method returns an undefined value.
Set Startup Disk Only Supports ‘Specify Local Startup Disk’ at the moment
958 959 960 961 962 963 |
# File 'lib/jss/api_object/policy.rb', line 958 def startup_disk=(startup_disk_option) raise JSS::InvalidDataError, "#{startup_disk_option} is not a valid Startup Disk" unless startup_disk_option.is_a? String @reboot_options[:startup_disk] = 'Specify Local Startup Disk' self.specify_startup = startup_disk_option @need_to_update = true end |
#unset_category ⇒ void Originally defined in module Categorizable
This method returns an undefined value.
Set the category to nothing
#unset_site ⇒ void Originally defined in module Sitable
This method returns an undefined value.
Set the site to nothing
#update ⇒ Object Originally defined in module SelfServable
HACK: ity hack hack… remove when jamf fixes these bugs
#update_locate_database=(bool) ⇒ void
This method returns an undefined value.
Set whether or not to update the database used by the locate command.
1050 1051 1052 1053 |
# File 'lib/jss/api_object/policy.rb', line 1050 def update_locate_database=(bool) @files_processes[:update_locate_database] = JSS::Validate.boolean bool @need_to_update = true end |
#update_locate_database? ⇒ Boolean
Returns Should we update the database used by the locate command?.
1040 1041 1042 |
# File 'lib/jss/api_object/policy.rb', line 1040 def update_locate_database? @files_processes[:update_locate_database] end |
#upload(type, local_file) ⇒ String Originally defined in module Uploadable
Upload a file to the JSS via the REST Resource of the object to which this module is mixed in.
#user_logged_in=(logged_in_option) ⇒ void
This method returns an undefined value.
What to do at reboot when there is a User Logged In
908 909 910 911 912 |
# File 'lib/jss/api_object/policy.rb', line 908 def user_logged_in=(logged_in_option) raise JSS::InvalidDataError, "user_logged_in options: #{USER_LOGGED_IN.join(', ')}" unless USER_LOGGED_IN.include? logged_in_option @reboot_options[:user_logged_in] = logged_in_option @need_to_update = true end |
#user_message_end=(message) ⇒ void Also known as: user_message_finish=
This method returns an undefined value.
Set User Finish Message
943 944 945 946 947 |
# File 'lib/jss/api_object/policy.rb', line 943 def () raise JSS::InvalidDataError, 'User message must be a String' unless .is_a? String @user_message_finish = @need_to_update = true end |
#user_removable? ⇒ Boolean? Originally defined in module SelfServable
Can this thing be removed by the user?
#verify_management_password(password) ⇒ Boolean
Check if management password matches provided password
1598 1599 1600 1601 1602 1603 1604 |
# File 'lib/jss/api_object/policy.rb', line 1598 def verify_management_password(password) raise JSS::InvalidDataError, "Management password must be a string." unless password.is_a? String raise JSS::UnsupportedError, "'#{@management_account[:action].to_s}' does not support management passwords." unless @management_account[:action] == MGMT_ACCOUNT_ACTIONS[:change_pw] || @management_account[:action] == MGMT_ACCOUNT_ACTIONS[:reset_pw] return Digest::SHA256.hexdigest(password).to_s == @management_account[:managed_password_sha256].to_s end |