Class: JSS::Policy
- Includes:
- Categorizable, Creatable, Scopable, SelfServable, Sitable, Updatable, Uploadable
- Defined in:
- lib/jss/api_object/policy.rb,
lib/jss.rb
Overview
A class implementing a JSS Policy.
Like many API objects, the data comes from the API in sections, and the items in the :general section are mapped to direct attributes of this Class.
Policy instances are partially read-only:
-
Due to limitations in the API implementation of policies, as well as the complexity of policy objects, only these attributes can be set and updated via the Policy class:
-
name
-
-
frequency
-
-
target_drive
-
-
offline
-
-
enabled
-
-
category
-
-
triggers
-
-
client maintenance tasks
-
-
scope, see Scopable and Scopable::Scope
-
-
files and processes
-
-
packages, see #add_package and #remove_package
-
-
scripts see #add_script and #remove_script
-
-
self service, see SelfServable
-
-
reboot options
-
All other values and sections must be edited via the Web App.
Policies may be deleted via this class
Constant Summary collapse
- RSRC_BASE =
The base for REST resources of this class
'policies'.freeze
- RSRC_LIST_KEY =
the hash key used for the JSON list output of all objects in the JSS
:policies
- RSRC_OBJECT_KEY =
The hash key used for the JSON object output. It’s also used in various error messages
:policy
- SUBSETS =
subsets available for fetching TODO: FilesProcesses and Maintenance don’t seem to work
%i[ general scope selfservice self_service packages scripts printers dockitems dock_items reboot userinteraction user_interaction disk_encryption diskencryption accountmaintenance account_maintenance ].freeze
- UPLOAD_TYPES =
policies can take uploaded icons
{ icon: :policies }.freeze
- SELF_SERVICE_TARGET =
policies are available in macOS self Serviec
:macos
- SELF_SERVICE_PAYLOAD =
policies via self services are still polcies
:policy
- SECTIONS =
%i[ general maintenance account_maintenance scripts self_service package_configuration scope user_interaction reboot files_processes dock_items disk_encryption printers ].freeze
- FREQUENCIES =
{ ongoing: 'Ongoing', once_per_computer: 'Once per computer', once_per_user: 'Once per user', once_per_user_per_computer: 'Once per user per computer', daily: 'Once every day', weekly: 'Once every week', monthly: 'Once every month' }.freeze
- RETRY_EVENTS =
{ none: 'none', checkin: 'check-in', trigger: 'trigger' }.freeze
- RESTART_WHEN =
{ if_pkg_requires: 'Restart if a package or update requires it', now: 'Restart immediately', delayed: 'Restart', dont: 'Do not restart' }.freeze
- RESTART_DISKS =
{ current: 'Current Startup Disk', selected: 'Currently Selected Startup Disk (No Bless)', netboot: 'NetBoot', os_installer: 'inPlaceOSUpgradeDirectory' }.freeze
- ACCOUNT_ACTIONS =
Note: any other value in :specify_startup is a path to some other drive to boot from, e.g. /Volumes/Foo
{ create: 'Create', change_pw: 'Reset', delete: 'Delete', disable_fv2: 'DisableFileVault' }.freeze
- MGMT_ACCOUNT_ACTIONS =
{ no_change: 'doNotChange', change_pw: 'specified', generate_pw: 'random', enable_fv2: 'fileVaultEnable', disable_fv2: 'fileVaultDisable', reset_random: 'resetRandom', reset_pw: 'reset' }.freeze
- PACKAGE_ACTIONS =
{ install: 'Install', remove: 'Uninstall', cache: 'Cache', install_cache: 'Install Cached' }.freeze
- SCRIPT_PRIORITIES =
{ pre: 'Before', before: 'Before', post: 'After', after: 'After' }.freeze
- DISK_ENCRYPTION_ACTIONS =
{ apply: "apply", remediate: "remediate", none: "none" }
- PRINTER_ACTIONS =
{ map: 'install', unmap: 'uninstall' }.freeze
- DOCK_ITEM_ACTIONS =
{ add_start: 'Add To Beginning', add_end: 'Add To End', remove: 'Remove' }.freeze
- NETWORK_REQUIREMENTS =
{ any: 'Any', ethernet: 'EtherNet' }.freeze
- TRIGGER_TYPES =
{ event: 'EVENT', user: 'USER_INITIATED' }.freeze
- TRIGGER_EVENTS =
{ startup: :trigger_startup, login: :trigger_login, logout: :trigger_logout, checkin: :trigger_checkin, network_state: :trigger_network_state_changed, enrollment: :trigger_enrollment_complete, custom: :trigger_other }.freeze
- NO_USER_LOGGED_IN =
[ 'Do not restart', 'Restart immediately', 'Restart if a package or update requires it' ].freeze
- USER_LOGGED_IN =
[ 'Do not restart', 'Restart', 'Restart if a package or update requires it', 'Restart immediately' ].freeze
- SCOPE_TARGET_KEY =
:computers
- LOG_FLUSH_RSRC =
Log Flushing
'logflush'.freeze
- LOG_FLUSH_INTERVAL_INTEGERS =
{ 0 => 'Zero', 1 => 'One', 2 => 'Two', 3 => 'Three', 6 => 'Six' }.freeze
- LOG_FLUSH_INTERVAL_PERIODS =
{ day: 'Day', days: 'Day', week: 'Week', weeks: 'Week', month: 'Month', months: 'Month', year: 'Year', years: 'Year' }.freeze
- OBJECT_HISTORY_OBJECT_TYPE =
the object type for this object in the object history table. See APIObject#add_object_history_entry
3
- SITE_SUBSET =
Where is the Site data in the API JSON?
:general
- CATEGORY_SUBSET =
Where is the Category in the API JSON?
:general
- CATEGORY_DATA_TYPE =
How is the category stored in the API data?
Hash
Instance Attribute Summary collapse
-
#accounts ⇒ Array<Hash>
readonly
Local accts acted-upon by this policy.
-
#client_side_limitations ⇒ Hash
readonly
The client-side limitations of this policy.
-
#directory_bindings ⇒ Array<Hash>
readonly
The directory bindings applied.
-
#disk_encryption ⇒ Hash
readonly
Disk encryption options for this policy.
-
#dock_items ⇒ Array<Hash>
readonly
The dock items handled by this policy.
-
#enabled ⇒ Boolean
(also: #enabled?)
Is the policy enabled?.
-
#fix_byhost ⇒ Boolean
Should this policy fix the ByHost prefs?.
-
#flush_system_cache ⇒ Boolean
Should this policy flush the system cache?.
-
#flush_user_cache ⇒ Boolean
Should this policy flush the user cache?.
-
#frequency ⇒ String
How often to run the policy on each computer.
-
#icon ⇒ JSS::Icon?
(also: #self_service_icon)
included
from SelfServable
The icon used in self-service.
-
#in_self_service ⇒ Boolean
(also: #in_self_service?)
included
from SelfServable
readonly
Is this thing available in Self Service?.
-
#install_cached_pkgs ⇒ Boolean
Should this policy install any cached JSS packages?.
-
#management_account ⇒ Hash
readonly
The management accout changes applied by the policy.
-
#need_to_update ⇒ Boolean
included
from Updatable
readonly
Do we have unsaved changes?.
-
#offline ⇒ Boolean
Should be policy be available offline.
-
#open_firmware_efi_password ⇒ Hash
readonly
The open firmware mode and password.
-
#override_default_settings ⇒ Hash
readonly
Overrides for various defaults.
-
#packages ⇒ Array<Hash>
(also: #pkgs)
readonly
The pkgs handled by this policy.
-
#permissions_repair ⇒ Boolean
Should this policy run a permission repair?.
-
#printers ⇒ Array<Hash>
readonly
The printers handled by this policy.
-
#reboot_options ⇒ Hash
readonly
Reboot options for the policy.
-
#recon ⇒ Boolean
(also: #update_inventory)
Should this policy run a recon?.
-
#reset_name ⇒ Boolean
Should this policy reset the local hostname?.
-
#scope ⇒ Object
included
from Scopable
Attribtues.
-
#scripts ⇒ Array<Hash>
readonly
The scripts run by this policy.
-
#self_service_categories ⇒ Array<Hash>
included
from SelfServable
readonly
Each Hash has these keys about the category - :id => [Integer] the JSS id of the category - :name => [String] the name of the category.
-
#self_service_description ⇒ String
included
from SelfServable
The verbage that appears in SelfSvc for this item.
-
#self_service_display_name ⇒ String
(also: #self_service_dislay_name)
included
from SelfServable
The name to display in macOS Self Service.
-
#self_service_feature_on_main_page ⇒ Boolean
included
from SelfServable
Only applicable to macOS targets.
-
#self_service_force_users_to_view_description ⇒ Boolean
included
from SelfServable
Should an extra window appear before the user can install the item? (OSX SSvc only).
-
#self_service_install_button_text ⇒ String
included
from SelfServable
defaults to ‘Install’.
-
#self_service_notification_message ⇒ String
included
from SelfServable
The message text of the notification.
-
#self_service_notification_subject ⇒ String
included
from SelfServable
object name.
-
#self_service_notification_type ⇒ Symbol
included
from SelfServable
How should notifications be sent either :ssvc_only or :ssvc_and_nctr.
-
#self_service_notifications_enabled ⇒ Boolean
(also: #self_service_notifications_enabled?)
included
from SelfServable
Should jamf send notifications to self service?.
-
#self_service_reinstall_button_text ⇒ String
included
from SelfServable
defaults to ‘Reinstall’.
-
#self_service_reminder_frequency ⇒ Integer
included
from SelfServable
How often (in days) should reminders be given.
-
#self_service_reminders_enabled ⇒ Boolean
(also: #self_service_reminders_enabled?)
included
from SelfServable
Should self service give reminders by displaying the notification repeatedly?.
-
#self_service_removal_password ⇒ String
included
from SelfServable
readonly
The password needed for removal, in plain text.
-
#self_service_user_removable ⇒ Symbol
included
from SelfServable
One of the keys in PROFILE_REMOVAL_BY_USER.
-
#server_side_limitations ⇒ Hash
readonly
The server-side limitations of this policy.
-
#site ⇒ String
readonly
A string with the site name.
-
#target_drive ⇒ String
Which drive should the policy target.
-
#trigger ⇒ String
readonly
Either EVENT or USER_INITIATED.
-
#trigger_events ⇒ Hash
readonly
The triggers that cause this policy to execute on a client when the @trigger is “EVENT”.
-
#user_may_defer ⇒ Boolean
readonly
Can the user defer the policy?.
-
#user_may_defer_until ⇒ Time
readonly
When is the user no longer allowed to defer?.
-
#user_message_finish ⇒ String
(also: #user_message_end)
readonly
The message shown the user at policy end.
-
#user_message_start ⇒ String
The message shown the user at policy start.
-
#verify_startup_disk ⇒ Boolean
Should this policy verify the startup disk?.
Instance Method Summary collapse
-
#add_directory_binding(identifier, **opts) ⇒ Array?
Add a Directory Bidning to the list of directory_bindings handled by this policy.
-
#add_dock_item(identifier, action) ⇒ Object
Add a dock item to the policy.
-
#add_package(identifier, **opts) ⇒ Array?
Add a package to the list of pkgs handled by this policy.
-
#add_printer(identifier, **opts) ⇒ String
Add a specific printer object to the policy.
-
#add_script(identifier, **opts) ⇒ Array?
Add a script to the list of SCRIPT_PRIORITIESipts run by this policy.
-
#add_self_service_category(new_cat, display_in: true, feature_in: false) ⇒ void
(also: #set_self_service_category, #change_self_service_category)
included
from SelfServable
Add or change one of the categories for this item in self service.
-
#add_to_self_service ⇒ void
included
from SelfServable
Add this object to self service if not already there.
-
#apply_encryption_configuration(identifier) ⇒ Void
Sets the Disk Encryption application to “Apply” and sets the correct disk encryption configuration ID using either the name or id.
-
#category=(new_cat) ⇒ void
included
from Categorizable
Change the category of this object.
-
#category_assigned? ⇒ Boolean
(also: #categorized?)
included
from Categorizable
Does this object have a category assigned?.
-
#category_id ⇒ Integer
included
from Categorizable
The id of the category for this object.
-
#category_name ⇒ String
(also: #category)
included
from Categorizable
The name of the category for this object.
-
#category_object ⇒ JSS::Category
included
from Categorizable
The JSS::Category instance for this object’s category.
-
#clone(new_name, api: nil) ⇒ APIObject
included
from Creatable
make a clone of this API object, with a new name.
-
#create ⇒ Object
included
from SelfServable
HACK: ity hack hack…
-
#delete_file? ⇒ Boolean
(also: #delete_path?)
Should the searched-for path be deleted if found?.
-
#directory_binding_ids ⇒ Array
The id’s of the directory_bindings handled by the policy.
-
#directory_binding_names ⇒ Array
The names of the directory_bindings handled by the policy.
-
#disable ⇒ Object
Shortcut for endabled = false.
-
#do_not_reboot ⇒ void
Reboot Options Do Not Reboot Shortcut method to suppress Reboot Options.
-
#dock_item_ids ⇒ Array
The id’s of the dock_items handled by the policy.
-
#dock_item_names ⇒ Array
The names of the dock_items handled by the policy.
-
#enable ⇒ Object
Shortcut for enabled = true.
-
#evaluate_new_category(new_cat) ⇒ Array<String, Integer>
included
from Categorizable
Given a category name or id, return the name and id TODO: use APIObject.exist? and/or APIObject.valid_id.
-
#file_vault_2_reboot=(fv_bool) ⇒ void
Reboot Options FileVault Authenticated Reboot.
-
#flush_logs(older_than: 0, period: :days) ⇒ void
Flush all policy logs for this policy older than some number of days, weeks, months or years.
-
#initialize(args = {}) ⇒ Policy
constructor
A new instance of Policy.
-
#kill_process? ⇒ Boolean
Should the searched-for process be killed if found.
-
#locate_file ⇒ String
The term to seach for using the locate command.
-
#locate_file=(term) ⇒ void
Set the term to seach for using the locate command.
-
#minutes_until_reboot=(minutes) ⇒ void
Reboot Options Minutes Until Reboot.
-
#name=(newname) ⇒ void
included
from Updatable
Change the name of this item Remember to #update to push changes to the server.
-
#no_user_logged_in=(no_user_option) ⇒ void
What to do at reboot when No User Logged In.
- #notify_failed_retries=(bool) ⇒ void
-
#notify_failed_retries? ⇒ Boolean
(also: #notify_failed_retries, #notify_on_each_failed_retry)
Should admins be notified of failed retry attempts.
-
#package_ids ⇒ Array
The id’s of the packages handled by the policy.
-
#package_names ⇒ Array
The names of the packages handled by the policy.
-
#parse_scope ⇒ void
included
from Scopable
private
Call this during initialization of objects that have a scope and the scope instance will be created from @init_data.
-
#printer_ids ⇒ Array
The id’s of the printers handled by the policy.
-
#printer_names ⇒ Array
The names of the printers handled by the policy.
-
#reboot_message=(message) ⇒ void
(also: #message=)
Set Reboot Message.
-
#reissue_key ⇒ Void
Sets the Disk Encryption application to “Remediate” and sets the remediation key type to individual.
-
#remove_directory_binding(identifier) ⇒ Array?
Remove a directory binding from this policy by name or id.
-
#remove_dock_item(identifier) ⇒ Object
Remove a dock item from the policy.
-
#remove_encryption_configuration ⇒ Void
Removes the Disk Encryption settings associated with this specific policy.
-
#remove_from_self_service ⇒ void
included
from SelfServable
Remove this object from self service if it’s there.
-
#remove_package(identifier) ⇒ Array?
Remove a package from this policy by name or id.
-
#remove_printer(identifier) ⇒ Array?
Remove a specific printer object from the policy.
-
#remove_script(identifier) ⇒ Array?
Remove a script from this policy by name or id.
-
#remove_self_service_category(cat) ⇒ void
included
from SelfServable
Remove a category from those for this item in SSvc.
-
#retry_attempts ⇒ Integer
How many times wil the policy be retried if it fails.
-
#retry_attempts=(int) ⇒ void
Set the number of times to retry if the policy fails.
-
#retry_event ⇒ String
The event that causes a policy retry.
-
#retry_event=(evt) ⇒ void
Set the event that causes a retry if the policy fails.
-
#run(show_output = false) ⇒ Boolean?
(also: #execute)
Try to execute this policy on this machine.
-
#run_command ⇒ String
(also: #command_to_run)
The unix shell command to run on ths client.
-
#run_command=(command) ⇒ void
(also: #command_to_run=)
Set the unix shell command to be run on the client.
-
#script_ids ⇒ Array
The id’s of the scripts handled by the policy.
-
#script_names ⇒ Array
The names of the scripts handled by the policy.
-
#search_by_path ⇒ Pathname
The path to search for.
-
#search_for_process ⇒ String
The process name to search for on the client.
-
#self_service_execute_url ⇒ String
included
from SelfServable
The url to view this thing in Self Service.
-
#self_service_payload ⇒ Symbol
included
from SelfServable
What does this object deploy to the device via self service?.
-
#self_service_targets ⇒ Array<Symbol>
included
from SelfServable
What devices types can get this thing in Self Service.
-
#self_service_view_url ⇒ String
included
from SelfServable
The url to view this thing in Self Service.
-
#server_side_activation=(activation) ⇒ void
Set Server Side Activation.
-
#server_side_expiration=(expiration) ⇒ void
Set Server Side Expiration.
-
#set_management_account(action, **opts) ⇒ Object
Interact with management account settings.
-
#set_search_by_path(path, delete = false) ⇒ void
Set the path to search for, a String or Pathname, and whether or not to delete it if found.
-
#set_search_for_process(process, kill = false) ⇒ void
Set the process name to search for, and if it should be killed if found.
-
#set_trigger_event(type, new_val) ⇒ void
Change a trigger event.
-
#should_update ⇒ void
included
from Scopable
When the scope changes, it calls this to tell us that an update is needed.
-
#site=(new_site) ⇒ void
included
from Sitable
Change the site of this object.
-
#site_assigned? ⇒ Boolean
included
from Sitable
Does this object have a site assigned?.
-
#site_id ⇒ Integer
included
from Sitable
The id of the site for this object.
-
#site_name ⇒ String
(also: #site)
included
from Sitable
The name of the site for this object.
-
#site_object ⇒ JSS::Site
included
from Sitable
The JSS::Site instance for this object’s site.
-
#specify_startup=(startup_volume) ⇒ void
Specify Startup Volume Only Supports “Specify Local Startup Disk”.
-
#spotlight_search ⇒ String
The term to search for using spotlight.
-
#spotlight_search=(term) ⇒ void
Set the term to seach for using spotlight.
-
#startup_disk=(startup_disk_option) ⇒ void
Set Startup Disk Only Supports ‘Specify Local Startup Disk’ at the moment.
-
#unset_category ⇒ void
included
from Categorizable
Set the category to nothing.
-
#unset_site ⇒ void
included
from Sitable
Set the site to nothing.
-
#update ⇒ Object
included
from SelfServable
HACK: ity hack hack…
-
#update_locate_database=(bool) ⇒ void
Set whether or not to update the database used by the locate command.
-
#update_locate_database? ⇒ Boolean
Should we update the database used by the locate command?.
-
#upload(type, local_file) ⇒ String
included
from Uploadable
Upload a file to the JSS via the REST Resource of the object to which this module is mixed in.
-
#user_logged_in=(logged_in_option) ⇒ void
What to do at reboot when there is a User Logged In.
-
#user_message_end=(message) ⇒ void
(also: #user_message_finish=)
Set User Finish Message.
-
#user_removable? ⇒ Boolean?
included
from SelfServable
Can this thing be removed by the user?.
-
#verify_management_password(password) ⇒ Boolean
Check if management password matches provided password.
Constructor Details
#initialize(args = {}) ⇒ Policy
Returns a new instance of Policy.
617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 |
# File 'lib/jss/api_object/policy.rb', line 617 def initialize(args = {}) super if @in_jss gen = @init_data[:general] @target_drive = gen[:target_drive] @offline = gen[:offline] @enabled = gen[:enabled] @site = JSS::APIObject.get_name(gen[:site][:name]) @override_default_settings = gen[:override_default_settings] @trigger = gen[:trigger] @trigger_events = { trigger_startup: gen[:trigger_startup], trigger_login: gen[:trigger_login], trigger_logout: gen[:trigger_logout], trigger_checkin: gen[:trigger_checkin], trigger_network_state_changed: gen[:trigger_network_state_changed], trigger_enrollment_complete: gen[:trigger_enrollment_complete], trigger_other: gen[:trigger_other] } @frequency = gen[:frequency] @retry_event = gen[:retry_event] @retry_attempts = gen[:retry_attempts] @notify_failed_retries = gen[:notify_on_each_failed_retry] dtl = gen[:date_time_limitations] @server_side_limitations = { activation: JSS.epoch_to_time(dtl[:activation_date_epoch]), expiration: JSS.epoch_to_time(dtl[:expiration_date_epoch]) } @client_side_limitations = { no_execute_on: dtl[:no_execute_on], # NOTE- there's a bug in the JSON output, it's been reported to JAMF. no_execute_start: dtl[:no_execute_start], # String like "1:01 AM" no_execute_end: dtl[:no_execute_end], # String like "2:02 PM" network_requirements: gen[:network_requirements] } maint = @init_data[:maintenance] @verify_startup_disk = maint[:verify] @permissions_repair = maint[:permissions] @recon = maint[:recon] @fix_byhost = maint[:byhost] @reset_name = maint[:reset_name] @flush_system_cache = maint[:system_cache] @install_cached_pkgs = maint[:install_all_cached_packages] @flush_user_cache = maint[:user_cache] amaint = @init_data[:account_maintenance] @directory_bindings = amaint[:directory_bindings] @open_firmware_efi_password = amaint[:open_firmware_efi_password] @management_account = amaint[:management_account] @accounts = amaint[:accounts] @packages = @init_data[:package_configuration][:packages] ? @init_data[:package_configuration][:packages] : [] @scripts = @init_data[:scripts] uint = @init_data[:user_interaction] @user_may_defer = uint[:allow_users_to_defer] @user_may_defer_until = JSS.parse_datetime uint[:allow_deferral_until_utc] @user_message_start = uint[:message_start] @user_message_finish = uint[:message_finish] @reboot_options = @init_data[:reboot] @files_processes = @init_data[:files_processes] @dock_items = @init_data[:dock_items] @disk_encryption = @init_data[:disk_encryption] @printers = @init_data[:printers] @printers.shift # Not in jss yet end # set non-nil defaults @enabled ||= false @frequency ||= 'Once per computer' @target_drive ||= '/' @offline ||= false @override_default_settings ||= {} @scripts ||= [] @server_side_limitations ||= {} @client_side_limitiations ||= {} @trigger_events ||= {} @directory_bindings ||= [] @open_firmware_efi_password ||= {} @management_account ||= {} @accounts ||= [] @packages ||= [] @scripts ||= [] @self_service ||= {} @dock_items ||= [] @disk_encryption ||= {} @printers ||= [] @files_processes ||= {} unless @reboot_options @reboot_options = {} @reboot_options[:user_logged_in] = 'Do not restart' @reboot_options[:no_user_logged_in] = 'Do not restart' end @scope ||= JSS::Scopable::Scope.new(:computers, all_computers: false) end |
Instance Attribute Details
#accounts ⇒ Array<Hash> (readonly)
Local accts acted-upon by this policy
Keys are:
-
:action => “Create”,
-
:hint => “foo bar”,
-
:picture => “/path/to/pic.tif”,
-
:admin => true,
-
:home => “/Users/chrisltest”,
-
:realname => “ChrisTest Lasell”,
-
:filevault_enabled => true,
-
:username => “chrisltest”,
-
:password_md5 => “3858f62230ac3c915f300c664312c63f”,
-
:password => “foobar”,
-
:password_sha256=> “c3ab8ff13720e8ad9047dd39466b3c8974e592c2fa383d4a3960714caef0c4f2”
TODO: make individial getters/setters as for @files_processes
502 503 504 |
# File 'lib/jss/api_object/policy.rb', line 502 def accounts @accounts end |
#client_side_limitations ⇒ Hash (readonly)
The client-side limitations of this policy.
The keys are:
-
:no_execute_on - An array of short day names as strings, e.g. [“Sun”, “Mon”, “Tue”]
-
:no_execute_start - Time
-
:no_execute_end - Time
-
:network_connection - String
The data for the first three comes from the API in the date_time_limitations hash of the general section. The fourth comes from the network_requirements of the general section of the API, but the UI shows them in the Client Side Limitations area.
This attribute is just for convience and consistency, and just refers to the data in their API locations
391 392 393 |
# File 'lib/jss/api_object/policy.rb', line 391 def client_side_limitations @client_side_limitations end |
#directory_bindings ⇒ Array<Hash> (readonly)
The directory bindings applied
each hash is like: {:name => “LDAP”, :id => 4} TODO: handle as for packages & scripts
465 466 467 |
# File 'lib/jss/api_object/policy.rb', line 465 def directory_bindings @directory_bindings end |
#disk_encryption ⇒ Hash (readonly)
Disk encryption options for this policy
The hash looks like {:disk_encryption_configuration_id => 3, :action => “apply”}
602 603 604 |
# File 'lib/jss/api_object/policy.rb', line 602 def disk_encryption @disk_encryption end |
#dock_items ⇒ Array<Hash> (readonly)
The dock items handled by this policy
each item hash looks like: {:name => “Mail”, :id => 14, :action => “Add To Beginning”}
595 596 597 |
# File 'lib/jss/api_object/policy.rb', line 595 def dock_items @dock_items end |
#enabled ⇒ Boolean Also known as: enabled?
Returns is the policy enabled?.
309 310 311 |
# File 'lib/jss/api_object/policy.rb', line 309 def enabled @enabled end |
#fix_byhost ⇒ Boolean
Should this policy fix the ByHost prefs?
441 442 443 |
# File 'lib/jss/api_object/policy.rb', line 441 def fix_byhost @fix_byhost end |
#flush_system_cache ⇒ Boolean
Should this policy flush the system cache?
449 450 451 |
# File 'lib/jss/api_object/policy.rb', line 449 def flush_system_cache @flush_system_cache end |
#flush_user_cache ⇒ Boolean
Should this policy flush the user cache?
457 458 459 |
# File 'lib/jss/api_object/policy.rb', line 457 def flush_user_cache @flush_user_cache end |
#frequency ⇒ String
Returns how often to run the policy on each computer.
300 301 302 |
# File 'lib/jss/api_object/policy.rb', line 300 def frequency @frequency end |
#icon ⇒ JSS::Icon? Also known as: self_service_icon Originally defined in module SelfServable
Returns The icon used in self-service.
#in_self_service ⇒ Boolean (readonly) Also known as: in_self_service? Originally defined in module SelfServable
Returns Is this thing available in Self Service?.
#install_cached_pkgs ⇒ Boolean
Should this policy install any cached JSS packages?
453 454 455 |
# File 'lib/jss/api_object/policy.rb', line 453 def install_cached_pkgs @install_cached_pkgs end |
#management_account ⇒ Hash (readonly)
The management accout changes applied by the policy
The keys are:
-
:action see MGMT_ACCOUNT_ACTIONS
-
:managed_password
-
:managed_password_md5
-
:managed_password_sha256
-
:managed_password_length # for random generating pws
TODO: make individial getters/setters as for @files_processes
482 483 484 |
# File 'lib/jss/api_object/policy.rb', line 482 def management_account @management_account end |
#need_to_update ⇒ Boolean (readonly) Originally defined in module Updatable
Returns do we have unsaved changes?.
#offline ⇒ Boolean
Returns should be policy be available offline.
306 307 308 |
# File 'lib/jss/api_object/policy.rb', line 306 def offline @offline end |
#open_firmware_efi_password ⇒ Hash (readonly)
Returns the open firmware mode and password.
468 469 470 |
# File 'lib/jss/api_object/policy.rb', line 468 def open_firmware_efi_password @open_firmware_efi_password end |
#override_default_settings ⇒ Hash (readonly)
Overrides for various defaults
NOTE: There’s an API bug in both XML and JSON with the
:distribution_point and :target_drive values.
First off, it's not clear what the :target_drive value here
is overriding, since there's a :target_drive value in the
main General hash.
Second off - when you set a non-default dist.point in the
packages section of the UI, that value shows up in both
this :target_drive and the general one, but the :distribution_point
value here stays empty.
The hash looks like: :distribution_point => “”, :force_afp_smb => false, :netboot_server => “current”, :target_drive => “default”, :sus => “default”
336 337 338 |
# File 'lib/jss/api_object/policy.rb', line 336 def override_default_settings @override_default_settings end |
#packages ⇒ Array<Hash> (readonly) Also known as: pkgs
The pkgs handled by this policy
Hash keys are:
-
:action => “Install”
-
:update_autorun => false,
-
:feu => false,
-
:name => “rbgem-json-1.6.5-4.pkg”,
-
:id => 1073
515 516 517 |
# File 'lib/jss/api_object/policy.rb', line 515 def packages @packages end |
#permissions_repair ⇒ Boolean
Should this policy run a permission repair?
432 433 434 |
# File 'lib/jss/api_object/policy.rb', line 432 def @permissions_repair end |
#printers ⇒ Array<Hash> (readonly)
The printers handled by this policy
Each Hash looks like: {:make_default => false, :name => “torlan”, :id => 3, :action => “install”}
609 610 611 |
# File 'lib/jss/api_object/policy.rb', line 609 def printers @printers end |
#reboot_options ⇒ Hash (readonly)
Reboot options for the policy
The hash keys are:
-
:user_logged_in => “Do not restart”,
-
:minutes_until_reboot => 5,
-
:message=> “This computer will restart in 5 minutes. yaddayadda.”,
-
:startup_disk => “Current Startup Disk”,
-
:specify_startup => “”,
-
:no_user_logged_in => “Do not restart”
-
:file_vault_2_reboot => false
573 574 575 |
# File 'lib/jss/api_object/policy.rb', line 573 def @reboot_options end |
#recon ⇒ Boolean Also known as: update_inventory
Should this policy run a recon?
436 437 438 |
# File 'lib/jss/api_object/policy.rb', line 436 def recon @recon end |
#reset_name ⇒ Boolean
Should this policy reset the local hostname?
445 446 447 |
# File 'lib/jss/api_object/policy.rb', line 445 def reset_name @reset_name end |
#scripts ⇒ Array<Hash> (readonly)
The scripts run by this policy
Hash keys are:
-
:name => “chromegetter.sh”,
-
:parameter4 => “”,
-
:parameter5 => “”,
-
:parameter6 => “”,
-
:parameter7 => “”,
-
:parameter8 => “”,
-
:parameter9 => “”,
-
:parameter10 => “”,
-
:parameter11 => “”,
-
:id => 1428,
-
:priority => “After”
535 536 537 |
# File 'lib/jss/api_object/policy.rb', line 535 def scripts @scripts end |
#self_service_categories ⇒ Array<Hash> (readonly) Originally defined in module SelfServable
Each Hash has these keys about the category
-
:id => [Integer] the JSS id of the category
-
:name => [String] the name of the category
Most objects also include one or both of these keys:
-
:display_in => [Boolean] should the item be displayed in this category in SSvc? (not MobDevConfProfiles)
-
:feature_in => [Boolean] should the item be featured in this category in SSVC? (macOS targets only)
#self_service_description ⇒ String Originally defined in module SelfServable
Returns The verbage that appears in SelfSvc for this item.
#self_service_display_name ⇒ String Also known as: self_service_dislay_name Originally defined in module SelfServable
Returns The name to display in macOS Self Service.
#self_service_feature_on_main_page ⇒ Boolean Originally defined in module SelfServable
Only applicable to macOS targets
#self_service_force_users_to_view_description ⇒ Boolean Originally defined in module SelfServable
Returns Should an extra window appear before the user can install the item? (OSX SSvc only).
#self_service_install_button_text ⇒ String Originally defined in module SelfServable
defaults to ‘Install’
#self_service_notification_message ⇒ String Originally defined in module SelfServable
Returns The message text of the notification.
#self_service_notification_subject ⇒ String Originally defined in module SelfServable
object name.
#self_service_notification_type ⇒ Symbol Originally defined in module SelfServable
Returns How should notifications be sent either :ssvc_only or :ssvc_and_nctr.
#self_service_notifications_enabled ⇒ Boolean Also known as: self_service_notifications_enabled? Originally defined in module SelfServable
Returns Should jamf send notifications to self service?.
#self_service_reinstall_button_text ⇒ String Originally defined in module SelfServable
defaults to ‘Reinstall’
#self_service_reminder_frequency ⇒ Integer Originally defined in module SelfServable
Returns How often (in days) should reminders be given.
#self_service_reminders_enabled ⇒ Boolean Also known as: self_service_reminders_enabled? Originally defined in module SelfServable
Returns Should self service give reminders by displaying the notification repeatedly?.
#self_service_removal_password ⇒ String (readonly) Originally defined in module SelfServable
Returns The password needed for removal, in plain text.
#self_service_user_removable ⇒ Symbol Originally defined in module SelfServable
Returns one of the keys in PROFILE_REMOVAL_BY_USER.
#server_side_limitations ⇒ Hash (readonly)
The server-side limitations of this policy.
The keys are :activation and :expiration, both are Times.
the data comes from the API in the date_time_limitations hash of the general section, but the UI shows them in the Server Side Limitations area. This attribute is just for convience and consistency, and just refers to the data in their API locations
373 374 375 |
# File 'lib/jss/api_object/policy.rb', line 373 def server_side_limitations @server_side_limitations end |
#site ⇒ String (readonly)
Returns a string with the site name.
313 314 315 |
# File 'lib/jss/api_object/policy.rb', line 313 def site @site end |
#target_drive ⇒ String
Returns which drive should the policy target.
303 304 305 |
# File 'lib/jss/api_object/policy.rb', line 303 def target_drive @target_drive end |
#trigger ⇒ String (readonly)
Either EVENT or USER_INITIATED
If it’s EVENT, then one or more of the members @trigger_events must true.
398 399 400 |
# File 'lib/jss/api_object/policy.rb', line 398 def trigger @trigger end |
#trigger_events ⇒ Hash (readonly)
The triggers that cause this policy to execute on a client when the @trigger is “EVENT”
This is a hash with the following keys. Each comes from the API as a key in the :general hash, but they make more sense separated out like this.
-
:trigger_startup => Bool
-
:trigger_login => Bool
-
:trigger_logout => Bool
-
:trigger_checkin => Bool
-
:trigger_network_state_changed => Bool
-
:trigger_enrollment_complete => Bool
-
:trigger_other => the String that causes a custom trigger
To edit a value, call
set_trigger_event(type, new_val)
where type is one of the keys in TRIGGER_EVENTS and new val is the new value (usually boolean)
419 420 421 |
# File 'lib/jss/api_object/policy.rb', line 419 def trigger_events @trigger_events end |
#user_may_defer ⇒ Boolean (readonly)
Returns can the user defer the policy?.
548 549 550 |
# File 'lib/jss/api_object/policy.rb', line 548 def user_may_defer @user_may_defer end |
#user_may_defer_until ⇒ Time (readonly)
Returns when is the user no longer allowed to defer?.
551 552 553 |
# File 'lib/jss/api_object/policy.rb', line 551 def user_may_defer_until @user_may_defer_until end |
#user_message_finish ⇒ String (readonly) Also known as: user_message_end
Returns the message shown the user at policy end.
557 558 559 |
# File 'lib/jss/api_object/policy.rb', line 557 def @user_message_finish end |
#user_message_start ⇒ String
Returns the message shown the user at policy start.
554 555 556 |
# File 'lib/jss/api_object/policy.rb', line 554 def @user_message_start end |
#verify_startup_disk ⇒ Boolean
Should this policy verify the startup disk?
428 429 430 |
# File 'lib/jss/api_object/policy.rb', line 428 def verify_startup_disk @verify_startup_disk end |
Instance Method Details
#add_directory_binding(identifier, **opts) ⇒ Array?
Add a Directory Bidning to the list of directory_bindings handled by this policy. If the directory binding already exists in the policy, nil is returned and no changes are made.
1435 1436 1437 1438 1439 1440 1441 1442 1443 1444 1445 1446 1447 1448 1449 1450 1451 |
# File 'lib/jss/api_object/policy.rb', line 1435 def add_directory_binding(identifier, **opts) id = validate_directory_binding_opts identifier, opts return nil if @directory_bindings.map { |s| s[:id] }.include? id name = JSS::DirectoryBinding.map_all_ids_to(:name, api: @api)[id] directory_binding_data = { id: id, name: name } @directory_bindings.insert opts[:position], directory_binding_data @need_to_update = true @directory_bindings end |
#add_dock_item(identifier, action) ⇒ Object
Add a dock item to the policy
1533 1534 1535 1536 1537 1538 1539 1540 1541 1542 1543 1544 1545 1546 1547 1548 |
# File 'lib/jss/api_object/policy.rb', line 1533 def add_dock_item(identifier, action) id = JSS::DockItem.valid_id identifier, api: @api raise JSS::NoSuchItemError, "No Dock Item matches '#{identifier}'" unless id raise JSS::InvalidDataError, "Action must be one of: :#{DOCK_ITEM_ACTIONS.keys.join ', :'}" unless DOCK_ITEM_ACTIONS.include? action return nil if @dock_items.map { |d| d[:id] }.include? id name = JSS::DockItem.map_all_ids_to(:name, api: @api)[id] @dock_items << {id: id, name: name, action: DOCK_ITEM_ACTIONS[action]} @need_to_update = true @dock_items end |
#add_package(identifier, **opts) ⇒ Array?
Add a package to the list of pkgs handled by this policy. If the pkg already exists in the policy, nil is returned and no changes are made.
1287 1288 1289 1290 1291 1292 1293 1294 1295 1296 1297 1298 1299 1300 1301 1302 1303 1304 1305 1306 1307 |
# File 'lib/jss/api_object/policy.rb', line 1287 def add_package(identifier, **opts) id = validate_package_opts(identifier, opts) return nil if @packages.map { |p| p[:id] }.include? id name = JSS::Package.map_all_ids_to(:name, api: @api)[id] pkg_data = { id: id, name: name, action: PACKAGE_ACTIONS[opts[:action]], feu: opts[:feu], fut: opts[:feu], update_autorun: opts[:update_autorun] } @packages.insert opts[:position], pkg_data @need_to_update = true @packages end |
#add_printer(identifier, **opts) ⇒ String
Add a specific printer object to the policy.
1497 1498 1499 1500 1501 1502 1503 1504 1505 1506 1507 1508 1509 1510 1511 1512 1513 1514 1515 |
# File 'lib/jss/api_object/policy.rb', line 1497 def add_printer(identifier, **opts) id = validate_printer_opts identifier, opts return nil if @printers.map { |p| p[:id] }.include? id name = JSS::Printer.map_all_ids_to(:name, api: @api)[id] printer_data = { id: id, name: name, action: PRINTER_ACTIONS[opts[:action]], make_default: opts[:make_default] } @printers.insert opts[:position], printer_data @need_to_update = true @printers end |
#add_script(identifier, **opts) ⇒ Array?
Add a script to the list of SCRIPT_PRIORITIESipts run by this policy. If the script already exists in the policy, nil is returned and no changes are made.
1372 1373 1374 1375 1376 1377 1378 1379 1380 1381 1382 1383 1384 1385 1386 1387 1388 1389 1390 1391 1392 1393 1394 1395 1396 1397 |
# File 'lib/jss/api_object/policy.rb', line 1372 def add_script(identifier, **opts) id = validate_script_opts(identifier, opts) return nil if @scripts.map { |s| s[:id] }.include? id name = JSS::Script.map_all_ids_to(:name, api: @api)[id] script_data = { id: id, name: name, priority: SCRIPT_PRIORITIES[opts[:priority]], parameter4: opts[:parameter4], parameter5: opts[:parameter5], parameter6: opts[:parameter6], parameter7: opts[:parameter7], parameter8: opts[:parameter8], parameter9: opts[:parameter9], parameter10: opts[:parameter10], parameter11: opts[:parameter11] } @scripts.insert opts[:position], script_data @need_to_update = true @scripts end |
#add_self_service_category(new_cat, display_in: true, feature_in: false) ⇒ void Also known as: set_self_service_category, change_self_service_category Originally defined in module SelfServable
This method returns an undefined value.
Add or change one of the categories for this item in self service
#add_to_self_service ⇒ void Originally defined in module SelfServable
This method returns an undefined value.
Add this object to self service if not already there.
#apply_encryption_configuration(identifier) ⇒ Void
Sets the Disk Encryption application to “Apply” and sets the correct disk encryption configuration ID using either the name or id.
1611 1612 1613 1614 1615 1616 1617 1618 1619 1620 1621 1622 1623 1624 1625 |
# File 'lib/jss/api_object/policy.rb', line 1611 def apply_encryption_configuration(identifier) id = JSS::DiskEncryptionConfiguration.valid_id identifier return if id.nil? hash = { action: DISK_ENCRYPTION_ACTIONS[:apply], disk_encryption_configuration_id: id, auth_restart: false } @disk_encryption = hash @need_to_update = true end |
#category=(new_cat) ⇒ void Originally defined in module Categorizable
This method returns an undefined value.
Change the category of this object. Any of the NON_CATEGORIES values will unset the category
#category_assigned? ⇒ Boolean Also known as: categorized? Originally defined in module Categorizable
Does this object have a category assigned?
#category_id ⇒ Integer Originally defined in module Categorizable
The id of the category for this object.
#category_name ⇒ String Also known as: category Originally defined in module Categorizable
The name of the category for this object. For backward compatibility, this is aliased to just ‘category’
#category_object ⇒ JSS::Category Originally defined in module Categorizable
The JSS::Category instance for this object’s category
#clone(new_name, api: nil) ⇒ APIObject Originally defined in module Creatable
make a clone of this API object, with a new name. The class must be creatable
#create ⇒ Object Originally defined in module SelfServable
HACK: ity hack hack… remove when jamf fixes these bugs
#delete_file? ⇒ Boolean Also known as: delete_path?
Returns Should the searched-for path be deleted if found?.
1191 1192 1193 |
# File 'lib/jss/api_object/policy.rb', line 1191 def delete_file? @files_processes[:delete_file] end |
#directory_binding_ids ⇒ Array
Returns the id’s of the directory_bindings handled by the policy.
1414 1415 1416 |
# File 'lib/jss/api_object/policy.rb', line 1414 def directory_binding_ids @directory_bindings.map { |p| p[:id] } end |
#directory_binding_names ⇒ Array
Returns the names of the directory_bindings handled by the policy.
1419 1420 1421 |
# File 'lib/jss/api_object/policy.rb', line 1419 def directory_binding_names @directory_bindings.map { |p| p[:name] } end |
#disable ⇒ Object
Shortcut for endabled = false
746 747 748 |
# File 'lib/jss/api_object/policy.rb', line 746 def disable self.enabled = false end |
#do_not_reboot ⇒ void
This method returns an undefined value.
Reboot Options Do Not Reboot Shortcut method to suppress Reboot Options
1078 1079 1080 1081 1082 |
# File 'lib/jss/api_object/policy.rb', line 1078 def do_not_reboot @reboot_options[:user_logged_in] = 'Do not restart' @reboot_options[:no_user_logged_in] = 'Do not restart' @need_to_update = true end |
#dock_item_ids ⇒ Array
Returns the id’s of the dock_items handled by the policy.
1469 1470 1471 |
# File 'lib/jss/api_object/policy.rb', line 1469 def dock_item_ids @dock_items.map { |p| p[:id] } end |
#dock_item_names ⇒ Array
Returns the names of the dock_items handled by the policy.
1474 1475 1476 |
# File 'lib/jss/api_object/policy.rb', line 1474 def dock_item_names @dock_items.map { |p| p[:name] } end |
#enable ⇒ Object
Shortcut for enabled = true
741 742 743 |
# File 'lib/jss/api_object/policy.rb', line 741 def enable self.enabled = true end |
#evaluate_new_category(new_cat) ⇒ Array<String, Integer> Originally defined in module Categorizable
Given a category name or id, return the name and id TODO: use APIObject.exist? and/or APIObject.valid_id
#file_vault_2_reboot=(fv_bool) ⇒ void
This method returns an undefined value.
Reboot Options FileVault Authenticated Reboot
1104 1105 1106 1107 1108 |
# File 'lib/jss/api_object/policy.rb', line 1104 def file_vault_2_reboot=(fv_bool) raise JSS::InvalidDataError, 'FileVault 2 Reboot must be a Boolean' unless fv_bool.jss_boolean? @reboot_options[:file_vault_2_reboot] = fv_bool @need_to_update = true end |
#flush_logs(older_than: 0, period: :days) ⇒ void
This method returns an undefined value.
Flush all policy logs for this policy older than some number of days, weeks, months or years.
With no parameters, flushes all logs
NOTE: Currently the API doesn’t have a way to flush only failed policies.
1732 1733 1734 1735 1736 1737 1738 1739 1740 1741 1742 1743 1744 1745 1746 |
# File 'lib/jss/api_object/policy.rb', line 1732 def flush_logs(older_than: 0, period: :days) raise JSS::NoSuchItemError, "Policy doesn't exist in the JSS. Use #create first." unless @in_jss unless LOG_FLUSH_INTERVAL_INTEGERS.key?(older_than) raise JSS::InvalidDataError, "older_than must be one of these integers: #{LOG_FLUSH_INTERVAL_INTEGERS.keys.join ', '}" end unless LOG_FLUSH_INTERVAL_PERIODS.key?(period) raise JSS::InvalidDataError, "period must be one of these symbols: :#{LOG_FLUSH_INTERVAL_PERIODS.keys.join ', :'}" end interval = "#{LOG_FLUSH_INTERVAL_INTEGERS[older_than]}+#{LOG_FLUSH_INTERVAL_PERIODS[period]}" @api.delete_rsrc "#{LOG_FLUSH_RSRC}/policy/id/#{@id}/interval/#{interval}" end |
#kill_process? ⇒ Boolean
Returns Should the searched-for process be killed if found.
1157 1158 1159 |
# File 'lib/jss/api_object/policy.rb', line 1157 def kill_process? @files_processes[:kill_process] end |
#locate_file ⇒ String
Returns The term to seach for using the locate command.
1235 1236 1237 |
# File 'lib/jss/api_object/policy.rb', line 1235 def locate_file @files_processes[:locate_file] end |
#locate_file=(term) ⇒ void
This method returns an undefined value.
Set the term to seach for using the locate command
1245 1246 1247 1248 1249 |
# File 'lib/jss/api_object/policy.rb', line 1245 def locate_file=(term) raise JSS::InvalidDataError, 'Term to locate must be a String' unless term.is_a? String @files_processes[:locate_file] = term @need_to_update = true end |
#minutes_until_reboot=(minutes) ⇒ void
This method returns an undefined value.
Reboot Options Minutes Until Reboot
1091 1092 1093 1094 1095 |
# File 'lib/jss/api_object/policy.rb', line 1091 def minutes_until_reboot=(minutes) raise JSS::InvalidDataError, 'Minutes until reboot must be an Integer' unless minutes.is_a? Integer @reboot_options[:minutes_until_reboot] = minutes @need_to_update = true end |
#name=(newname) ⇒ void Originally defined in module Updatable
This method returns an undefined value.
Change the name of this item Remember to #update to push changes to the server.
#no_user_logged_in=(no_user_option) ⇒ void
This method returns an undefined value.
What to do at reboot when No User Logged In
990 991 992 993 994 |
# File 'lib/jss/api_object/policy.rb', line 990 def no_user_logged_in=(no_user_option) raise JSS::InvalidDataError, "no_user_logged_in options: #{NO_USER_LOGGED_IN.join(', ')}" unless NO_USER_LOGGED_IN.include? no_user_option @reboot_options[:no_user_logged_in] = no_user_option @need_to_update = true end |
#notify_failed_retries=(bool) ⇒ void
This method returns an undefined value.
838 839 840 841 842 843 844 845 |
# File 'lib/jss/api_object/policy.rb', line 838 def notify_failed_retries=(bool) validate_retry_opt bool = JSS::Validate.boolean bool return if @notify_failed_retries == bool @notify_failed_retries = bool @need_to_update = true end |
#notify_failed_retries? ⇒ Boolean Also known as: notify_failed_retries, notify_on_each_failed_retry
Returns Should admins be notified of failed retry attempts.
828 829 830 831 832 |
# File 'lib/jss/api_object/policy.rb', line 828 def notify_failed_retries? return false unless FREQUENCIES[:once_per_computer] == @frequency @notify_failed_retries end |
#package_ids ⇒ Array
Returns the id’s of the packages handled by the policy.
1258 1259 1260 |
# File 'lib/jss/api_object/policy.rb', line 1258 def package_ids @packages.map { |p| p[:id] } end |
#package_names ⇒ Array
Returns the names of the packages handled by the policy.
1263 1264 1265 |
# File 'lib/jss/api_object/policy.rb', line 1263 def package_names @packages.map { |p| p[:name] } end |
#parse_scope ⇒ void Originally defined in module Scopable
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
This method returns an undefined value.
Call this during initialization of objects that have a scope and the scope instance will be created from @init_data
#printer_ids ⇒ Array
Returns the id’s of the printers handled by the policy.
1559 1560 1561 1562 1563 1564 1565 |
# File 'lib/jss/api_object/policy.rb', line 1559 def printer_ids begin @printers.map { |p| p[:id] } rescue TypeError return [] end end |
#printer_names ⇒ Array
Returns the names of the printers handled by the policy.
1568 1569 1570 1571 1572 1573 1574 |
# File 'lib/jss/api_object/policy.rb', line 1568 def printer_names begin @printers.map { |p| p[:name] } rescue TypeError return [] end end |
#reboot_message=(message) ⇒ void Also known as: message=
This method returns an undefined value.
Set Reboot Message
1014 1015 1016 1017 1018 |
# File 'lib/jss/api_object/policy.rb', line 1014 def () raise JSS::InvalidDataError, 'Reboot message must be a String' unless .is_a? String @reboot_options[:message] = @need_to_update = true end |
#reissue_key ⇒ Void
Sets the Disk Encryption application to “Remediate” and sets the remediation key type to individual.
1586 1587 1588 1589 1590 1591 1592 1593 1594 1595 1596 1597 1598 1599 1600 1601 1602 |
# File 'lib/jss/api_object/policy.rb', line 1586 def reissue_key() if @disk_encryption[:action] != DISK_ENCRYPTION_ACTIONS[:remediate] # Setting New Action hash = { action: DISK_ENCRYPTION_ACTIONS[:remediate], remediate_key_type: "Individual" } @disk_encryption = hash @need_to_update = true else # Update return end end |
#remove_directory_binding(identifier) ⇒ Array?
Remove a directory binding from this policy by name or id
1460 1461 1462 1463 1464 |
# File 'lib/jss/api_object/policy.rb', line 1460 def remove_directory_binding(identifier) removed = @directory_bindings.delete_if { |s| s[:id] == identifier || s[:name] == identifier } @need_to_update = true if removed removed end |
#remove_dock_item(identifier) ⇒ Object
Remove a dock item from the policy
1551 1552 1553 1554 1555 1556 |
# File 'lib/jss/api_object/policy.rb', line 1551 def remove_dock_item(identifier) # TODO: Add validation against JSS::DockItem removed = @dock_items.delete_if { |d| d[:id] == identifier || d[:name] == identifier } @need_to_update = true if removed removed end |
#remove_encryption_configuration ⇒ Void
Removes the Disk Encryption settings associated with this specific policy.
1634 1635 1636 1637 1638 1639 1640 1641 |
# File 'lib/jss/api_object/policy.rb', line 1634 def remove_encryption_configuration() hash = { action: DISK_ENCRYPTION_ACTIONS[:none] } @disk_encryption = hash @need_to_update = true end |
#remove_from_self_service ⇒ void Originally defined in module SelfServable
This method returns an undefined value.
Remove this object from self service if it’s there.
#remove_package(identifier) ⇒ Array?
Remove a package from this policy by name or id
1315 1316 1317 1318 1319 |
# File 'lib/jss/api_object/policy.rb', line 1315 def remove_package(identifier) removed = @packages.delete_if { |p| p[:id] == identifier || p[:name] == identifier } @need_to_update = true if removed removed end |
#remove_printer(identifier) ⇒ Array?
Remove a specific printer object from the policy.
1525 1526 1527 1528 1529 1530 |
# File 'lib/jss/api_object/policy.rb', line 1525 def remove_printer(identifier) removed = @printers.delete_if { |p| p[:id] == identifier || p[:name] == identifier } @need_to_update = true removed end |
#remove_script(identifier) ⇒ Array?
Remove a script from this policy by name or id
1405 1406 1407 1408 1409 |
# File 'lib/jss/api_object/policy.rb', line 1405 def remove_script(identifier) removed = @scripts.delete_if { |s| s[:id] == identifier || s[:name] == identifier } @need_to_update = true if removed removed end |
#remove_self_service_category(cat) ⇒ void Originally defined in module SelfServable
This method returns an undefined value.
Remove a category from those for this item in SSvc
#retry_attempts ⇒ Integer
Returns How many times wil the policy be retried if it fails. -1 means no retries, otherwise, an integer from 1 to 10.
799 800 801 802 803 |
# File 'lib/jss/api_object/policy.rb', line 799 def retry_attempts return 0 unless FREQUENCIES[:once_per_computer] == @frequency @retry_attempts end |
#retry_attempts=(int) ⇒ void
This method returns an undefined value.
Set the number of times to retry if the policy fails. One of the ways to turn off policy retry is to set this to 0 or -1 The other is to set retry_event to :none
812 813 814 815 816 817 818 819 820 821 822 823 824 825 |
# File 'lib/jss/api_object/policy.rb', line 812 def retry_attempts=(int) validate_retry_opt raise JSS::InvalidDataError, 'Retry attempts must be an integer from 0-10' unless int.is_a?(Integer) && (-1..10).include?(int) # if zero or -1, turn off retries if int <= 0 @retry_event = RETRY_EVENTS[:none] int = -1 end return if @retry_attempts == int @retry_attempts = int @need_to_update = true end |
#retry_event ⇒ String
Returns The event that causes a policy retry.
767 768 769 770 771 |
# File 'lib/jss/api_object/policy.rb', line 767 def retry_event return RETRY_EVENTS[:none] unless FREQUENCIES[:once_per_computer] == @frequency @retry_event end |
#retry_event=(evt) ⇒ void
This method returns an undefined value.
Set the event that causes a retry if the policy fails. One of the ways to turn off policy retry is to set this to :none The other is to set the retry_attempts to 0
780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 |
# File 'lib/jss/api_object/policy.rb', line 780 def retry_event=(evt) validate_retry_opt raise JSS::InvalidDataError, "Retry event must be one of :#{RETRY_EVENTS.keys.join ', :'}" unless RETRY_EVENTS.key?(evt) || RETRY_EVENTS.value?(evt) evt = evt.is_a?(Symbol) ? RETRY_EVENTS[evt] : evt return if evt == @retry_event # if the event is not 'none' and attempts is <= 0, # set events to 1, or the API won't accept it unless evt == RETRY_EVENTS[:none] @retry_attempts = 1 unless @retry_attempts.positive? end @retry_event = evt @need_to_update = true end |
#run(show_output = false) ⇒ Boolean? Also known as: execute
Try to execute this policy on this machine.
1710 1711 1712 1713 1714 1715 |
# File 'lib/jss/api_object/policy.rb', line 1710 def run(show_output = false) return nil unless enabled? output = JSS::Client.run_jamf('policy', "-id #{id}", show_output) return nil if output.include? 'No policies were found for the ID' $CHILD_STATUS.exitstatus.zero? ? true : false end |
#run_command ⇒ String Also known as: command_to_run
Returns The unix shell command to run on ths client.
1114 1115 1116 |
# File 'lib/jss/api_object/policy.rb', line 1114 def run_command @files_processes[:run_command] end |
#run_command=(command) ⇒ void Also known as: command_to_run=
This method returns an undefined value.
Set the unix shell command to be run on the client
1125 1126 1127 1128 1129 |
# File 'lib/jss/api_object/policy.rb', line 1125 def run_command=(command) raise JSS::InvalidDataError, 'Command to run must be a String' unless command.is_a? String @files_processes[:run_command] = command @need_to_update = true end |
#script_ids ⇒ Array
Returns the id’s of the scripts handled by the policy.
1324 1325 1326 |
# File 'lib/jss/api_object/policy.rb', line 1324 def script_ids @scripts.map { |p| p[:id] } end |
#script_names ⇒ Array
Returns the names of the scripts handled by the policy.
1329 1330 1331 |
# File 'lib/jss/api_object/policy.rb', line 1329 def script_names @scripts.map { |p| p[:name] } end |
#search_by_path ⇒ Pathname
Returns The path to search for.
1181 1182 1183 1184 1185 1186 1187 |
# File 'lib/jss/api_object/policy.rb', line 1181 def search_by_path if @files_processes[:search_by_path].nil? return nil else Pathname.new @files_processes[:search_by_path] end end |
#search_for_process ⇒ String
Returns The process name to search for on the client.
1151 1152 1153 |
# File 'lib/jss/api_object/policy.rb', line 1151 def search_for_process @files_processes[:search_for_process] end |
#self_service_execute_url ⇒ String Originally defined in module SelfServable
Returns The url to view this thing in Self Service.
#self_service_payload ⇒ Symbol Originally defined in module SelfServable
What does this object deploy to the device via self service?
#self_service_targets ⇒ Array<Symbol> Originally defined in module SelfServable
What devices types can get this thing in Self Service
#self_service_view_url ⇒ String Originally defined in module SelfServable
Returns The url to view this thing in Self Service.
#server_side_activation=(activation) ⇒ void
This method returns an undefined value.
Set Server Side Activation
896 897 898 899 900 |
# File 'lib/jss/api_object/policy.rb', line 896 def server_side_activation=(activation) raise JSS::InvalidDataError, 'Activation must be a Time' unless activation.is_a? Time @server_side_limitations[:activation] = activation @need_to_update = true end |
#server_side_expiration=(expiration) ⇒ void
This method returns an undefined value.
Set Server Side Expiration
908 909 910 911 912 |
# File 'lib/jss/api_object/policy.rb', line 908 def server_side_expiration=(expiration) raise JSS::InvalidDataError, 'Expiration must be a Time' unless expiration.is_a? Time @server_side_limitations[:expiration] = expiration @need_to_update = true end |
#set_management_account(action, **opts) ⇒ Object
Interact with management account settings
Reference: developer.jamf.com/documentation#resources-with-passwords
1651 1652 1653 1654 1655 1656 1657 1658 1659 1660 1661 1662 1663 1664 1665 1666 1667 1668 1669 1670 1671 1672 1673 1674 1675 1676 1677 1678 1679 1680 1681 1682 1683 1684 |
# File 'lib/jss/api_object/policy.rb', line 1651 def set_management_account(action, **opts) # TODO: Add proper error handling raise JSS::InvalidDataError, "Action must be one of: :#{MGMT_ACCOUNT_ACTIONS.keys.join ', :'}" unless MGMT_ACCOUNT_ACTIONS.include? action management_data = {} if action == :change_pw || action == :reset_pw raise JSS::MissingDataError, ":password must be provided when changing management account password" if opts[:password].nil? management_data = { action: MGMT_ACCOUNT_ACTIONS[action], managed_password: opts[:password] } elsif action == :reset_random || action == :generate_pw raise JSS::MissingDataError, ":password_length must be provided when setting a random password" if opts[:password_length].nil? raise JSS::InvalidDataError, ":password_length must be an Integer" unless opts[:password_length].is_a? Integer management_data = { action: MGMT_ACCOUNT_ACTIONS[action], managed_password_length: opts[:password_length] } else management_data = { action: MGMT_ACCOUNT_ACTIONS[action] } end @management_account = management_data @need_to_update = true @management_account end |
#set_search_by_path(path, delete = false) ⇒ void
This method returns an undefined value.
Set the path to search for, a String or Pathname, and whether or not to delete it if found.
Setter methods (which end with =) can’t easily take multiple arguments, so we instead name them “set_blah_blah” rather than “blah_blah=”
1208 1209 1210 1211 1212 1213 |
# File 'lib/jss/api_object/policy.rb', line 1208 def set_search_by_path(path, delete = false) raise JSS::InvalidDataError, 'Path to search for must be a String or a Pathname' unless path.is_a?(String) || path.is_a?(Pathname) @files_processes[:search_by_path] = path.to_s @files_processes[:delete_file] = delete ? true : false @need_to_update = true end |
#set_search_for_process(process, kill = false) ⇒ void
This method returns an undefined value.
Set the process name to search for, and if it should be killed if found.
Setter methods (which end with =) can’t easily take multiple arguments, so we instead name them “set_blah_blah” rather than “blah_blah=”
1173 1174 1175 1176 1177 |
# File 'lib/jss/api_object/policy.rb', line 1173 def set_search_for_process(process, kill = false) @files_processes[:search_for_process] = process.to_s @files_processes[:kill_process] = kill ? true : false @need_to_update = true end |
#set_trigger_event(type, new_val) ⇒ void
This method returns an undefined value.
Change a trigger event
879 880 881 882 883 884 885 886 887 888 |
# File 'lib/jss/api_object/policy.rb', line 879 def set_trigger_event(type, new_val) raise JSS::InvalidDataError, "Trigger type must be one of #{TRIGGER_EVENTS.keys.join(', ')}" unless TRIGGER_EVENTS.key?(type) if type == :custom raise JSS::InvalidDataError, 'Custom triggers must be Strings' unless new_val.is_a? String else raise JSS::InvalidDataError, 'Non-custom triggers must be true or false' unless JSS::TRUE_FALSE.include? new_val end @trigger_events[TRIGGER_EVENTS[type]] = new_val @need_to_update = true end |
#should_update ⇒ void Originally defined in module Scopable
This method returns an undefined value.
When the scope changes, it calls this to tell us that an update is needed.
#site=(new_site) ⇒ void Originally defined in module Sitable
This method returns an undefined value.
Change the site of this object. Any of the NON_SITES values will unset the site
#site_assigned? ⇒ Boolean Originally defined in module Sitable
Does this object have a site assigned?
#site_id ⇒ Integer Originally defined in module Sitable
The id of the site for this object.
#site_name ⇒ String Also known as: site Originally defined in module Sitable
The name of the site for this object. For backward compatibility, this is aliased to just ‘site’
#site_object ⇒ JSS::Site Originally defined in module Sitable
The JSS::Site instance for this object’s site
#specify_startup=(startup_volume) ⇒ void
This method returns an undefined value.
Specify Startup Volume Only Supports “Specify Local Startup Disk”
1066 1067 1068 1069 1070 |
# File 'lib/jss/api_object/policy.rb', line 1066 def specify_startup=(startup_volume) raise JSS::InvalidDataError, "#{startup_volume} is not a valid Startup Disk" unless startup_volume.is_a? String @reboot_options[:specify_startup] = startup_volume @need_to_update = true end |
#spotlight_search ⇒ String
Returns The term to search for using spotlight.
1217 1218 1219 |
# File 'lib/jss/api_object/policy.rb', line 1217 def spotlight_search @files_processes[:spotlight_search] end |
#spotlight_search=(term) ⇒ void
This method returns an undefined value.
Set the term to seach for using spotlight
1227 1228 1229 1230 1231 |
# File 'lib/jss/api_object/policy.rb', line 1227 def spotlight_search=(term) raise JSS::InvalidDataError, 'Spotlight search term must be a String' unless term.is_a? String @files_processes[:spotlight_search] = term @need_to_update = true end |
#startup_disk=(startup_disk_option) ⇒ void
This method returns an undefined value.
Set Startup Disk Only Supports ‘Specify Local Startup Disk’ at the moment
1052 1053 1054 1055 1056 1057 |
# File 'lib/jss/api_object/policy.rb', line 1052 def startup_disk=(startup_disk_option) raise JSS::InvalidDataError, "#{startup_disk_option} is not a valid Startup Disk" unless startup_disk_option.is_a? String @reboot_options[:startup_disk] = 'Specify Local Startup Disk' self.specify_startup = startup_disk_option @need_to_update = true end |
#unset_category ⇒ void Originally defined in module Categorizable
This method returns an undefined value.
Set the category to nothing
#unset_site ⇒ void Originally defined in module Sitable
This method returns an undefined value.
Set the site to nothing
#update ⇒ Object Originally defined in module SelfServable
HACK: ity hack hack… remove when jamf fixes these bugs
#update_locate_database=(bool) ⇒ void
This method returns an undefined value.
Set whether or not to update the database used by the locate command.
1144 1145 1146 1147 |
# File 'lib/jss/api_object/policy.rb', line 1144 def update_locate_database=(bool) @files_processes[:update_locate_database] = JSS::Validate.boolean bool @need_to_update = true end |
#update_locate_database? ⇒ Boolean
Returns Should we update the database used by the locate command?.
1134 1135 1136 |
# File 'lib/jss/api_object/policy.rb', line 1134 def update_locate_database? @files_processes[:update_locate_database] end |
#upload(type, local_file) ⇒ String Originally defined in module Uploadable
Upload a file to the JSS via the REST Resource of the object to which this module is mixed in.
#user_logged_in=(logged_in_option) ⇒ void
This method returns an undefined value.
What to do at reboot when there is a User Logged In
1002 1003 1004 1005 1006 |
# File 'lib/jss/api_object/policy.rb', line 1002 def user_logged_in=(logged_in_option) raise JSS::InvalidDataError, "user_logged_in options: #{USER_LOGGED_IN.join(', ')}" unless USER_LOGGED_IN.include? logged_in_option @reboot_options[:user_logged_in] = logged_in_option @need_to_update = true end |
#user_message_end=(message) ⇒ void Also known as: user_message_finish=
This method returns an undefined value.
Set User Finish Message
1037 1038 1039 1040 1041 |
# File 'lib/jss/api_object/policy.rb', line 1037 def () raise JSS::InvalidDataError, 'User message must be a String' unless .is_a? String @user_message_finish = @need_to_update = true end |
#user_removable? ⇒ Boolean? Originally defined in module SelfServable
Can this thing be removed by the user?
#verify_management_password(password) ⇒ Boolean
Check if management password matches provided password
1692 1693 1694 1695 1696 1697 1698 |
# File 'lib/jss/api_object/policy.rb', line 1692 def verify_management_password(password) raise JSS::InvalidDataError, "Management password must be a string." unless password.is_a? String raise JSS::UnsupportedError, "'#{@management_account[:action].to_s}' does not support management passwords." unless @management_account[:action] == MGMT_ACCOUNT_ACTIONS[:change_pw] || @management_account[:action] == MGMT_ACCOUNT_ACTIONS[:reset_pw] return Digest::SHA256.hexdigest(password).to_s == @management_account[:managed_password_sha256].to_s end |