Class: Jamf::Policy

Inherits:

APIObject

• Object
• APIObject
• Jamf::Policy

Includes:

Categorizable, Creatable, Scopable, SelfServable, Sitable, Updatable, Uploadable

Defined in:

lib/jamf/api/classic/api_objects/policy.rb

Overview

A class implementing a JSS Policy.

Like many API objects, the data comes from the API in sections, and the items in the :general section are mapped to direct attributes of this Class.

Policy instances are partially read-only:

• Due to limitations in the API implementation of policies, as well as the complexity of policy objects, only these attributes can be set and updated via the Policy class:

• • name

• • frequency

• • target_drive

• • offline

• • enabled

• • category

• • triggers

• • client maintenance tasks

• • scope, see Scopable and Scopable::Scope

• • files and processes

• • packages, see #add_package and #remove_package

• • scripts see #add_script and #remove_script

• • self service, see SelfServable

• • reboot options

All other values and sections must be edited via the Web App.

Policies may be deleted via this class

Constant Summary

RSRC_BASE =

The base for REST resources of this class

'policies'.freeze

RSRC_LIST_KEY =

the hash key used for the JSON list output of all objects in the JSS

:policies

RSRC_OBJECT_KEY =

The hash key used for the JSON object output. It’s also used in various error messages

:policy

SUBSETS =

subsets available for fetching TODO: FilesProcesses and Maintenance don’t seem to work

i[
  general
  scope
  selfservice
  self_service
  packages
  scripts
  printers
  dockitems
  dock_items
  reboot
  userinteraction
  user_interaction
  disk_encryption
  diskencryption
  accountmaintenance
  account_maintenance
].freeze

UPLOAD_TYPES =

policies can take uploaded icons

{ icon: :policies }.freeze

SELF_SERVICE_TARGET =

policies are available in macOS self Serviec

:macos

SELF_SERVICE_PAYLOAD =

policies via self services are still polcies

:policy

SECTIONS =

i[
  general
  maintenance
  account_maintenance
  scripts
  self_service
  package_configuration
  scope
  user_interaction
  reboot
  files_processes
  dock_items
  disk_encryption
  printers
].freeze

FREQUENCIES =

{
  ongoing: 'Ongoing',
  once_per_computer: 'Once per computer',
  once_per_user: 'Once per user',
  once_per_user_per_computer: 'Once per user per computer',
  daily: 'Once every day',
  weekly: 'Once every week',
  monthly: 'Once every month'
}.freeze

RETRY_EVENTS =

{
  none: 'none',
  checkin: 'check-in',
  trigger: 'trigger'
}.freeze

RESTART_WHEN =

{
  if_pkg_requires: 'Restart if a package or update requires it',
  now: 'Restart immediately',
  delayed: 'Restart',
  dont: 'Do not restart'
}.freeze

RESTART_DISKS =

{
  current: 'Current Startup Disk',
  selected: 'Currently Selected Startup Disk (No Bless)',
  netboot: 'NetBoot',
  os_installer: 'inPlaceOSUpgradeDirectory'
}.freeze

ACCOUNT_ACTIONS =

NOTE: any other value in :specify_startup is a path to some other drive to boot from, e.g. /Volumes/Foo

{
  create: 'Create',
  change_pw: 'Reset',
  delete: 'Delete',
  disable_fv2: 'DisableFileVault'
}.freeze

MGMT_ACCOUNT_ACTIONS =

{
  no_change: 'doNotChange',
  change_pw: 'specified',
  generate_pw: 'random',
  enable_fv2: 'fileVaultEnable',
  disable_fv2: 'fileVaultDisable',
  reset_random: 'resetRandom',
  reset_pw: 'reset'
}.freeze

PACKAGE_ACTIONS =

{
  install: 'Install',
  remove: 'Uninstall',
  cache: 'Cache',
  install_cache: 'Install Cached'
}.freeze

SCRIPT_PRIORITIES =

{
  pre: 'Before',
  before: 'Before',
  post: 'After',
  after: 'After'
}.freeze

DISK_ENCRYPTION_ACTIONS =

{
  apply: 'apply',
  remediate: 'remediate',
  none: 'none'
}

PRINTER_ACTIONS =

{
  map: 'install',
  unmap: 'uninstall'
}.freeze

DOCK_ITEM_ACTIONS =

{
  add_start: 'Add To Beginning',
  add_end: 'Add To End', remove: 'Remove'
}.freeze

NETWORK_REQUIREMENTS =

{
  any: 'Any',
  ethernet: 'EtherNet'
}.freeze

TRIGGER_TYPES =

{
  event: 'EVENT',
  user: 'USER_INITIATED'
}.freeze

TRIGGER_EVENTS =

{
  startup: :trigger_startup,
  login: :trigger_login,
  logout: :trigger_logout,
  checkin: :trigger_checkin,
  network_state: :trigger_network_state_changed,
  enrollment: :trigger_enrollment_complete,
  custom: :trigger_other
}.freeze

NO_USER_LOGGED_IN =

[
  'Do not restart',
  'Restart immediately',
  'Restart if a package or update requires it'
].freeze

USER_LOGGED_IN =

[
  'Do not restart',
  'Restart',
  'Restart if a package or update requires it',
  'Restart immediately'
].freeze

SCOPE_TARGET_KEY =

:computers

LOG_FLUSH_RSRC =

Log Flushing

'logflush'.freeze

LOG_FLUSH_INTERVAL_INTEGERS =

{
  0 => 'Zero',
  1 => 'One',
  2 => 'Two',
  3 => 'Three',
  6 => 'Six'
}.freeze

LOG_FLUSH_INTERVAL_PERIODS =

{
  day: 'Days',
  days: 'Days',
  week: 'Weeks',
  weeks: 'Weeks',
  month: 'Months',
  months: 'Months',
  year: 'Years',
  years: 'Years'
}.freeze

OBJECT_HISTORY_OBJECT_TYPE =

the object type for this object in the object history table. See APIObject#add_object_history_entry

3

SITE_SUBSET =

Where is the Site data in the API JSON?

:general

CATEGORY_SUBSET =

Where is the Category in the API JSON?

:general

CATEGORY_DATA_TYPE =

How is the category stored in the API data?

Hash

SCRIPT_PARAMETERS_AVAILABLE =

All valid script parameters

i[parameter4 parameter5 parameter6 parameter7 parameter8 parameter9 parameter10 parameter11].freeze

Instance Attribute Summary

• #accounts ⇒ Array<Hash> readonly

  Local accts acted-upon by this policy.

• #client_side_limitations ⇒ Hash readonly

  The client-side limitations of this policy.

• #directory_bindings ⇒ Array<Hash> readonly

  The directory bindings applied.

• #disk_encryption ⇒ Hash readonly

  Disk encryption options for this policy.

• #dock_items ⇒ Array<Hash> readonly

  The dock items handled by this policy.

• #enabled ⇒ Boolean (also: #enabled?)

  Is the policy enabled?.

• #fix_byhost ⇒ Boolean

  Should this policy fix the ByHost prefs?.

• #flush_system_cache ⇒ Boolean

  Should this policy flush the system cache?.

• #flush_user_cache ⇒ Boolean

  Should this policy flush the user cache?.

• #frequency ⇒ String

  How often to run the policy on each computer.

• #icon ⇒ Jamf::Icon^? (also: #self_service_icon) included from SelfServable

  The icon used in self-service.

• #in_self_service ⇒ Boolean (also: #in_self_service?) included from SelfServable readonly

  Is this thing available in Self Service?.

• #install_cached_pkgs ⇒ Boolean

  Should this policy install any cached JSS packages?.

• #management_account ⇒ Hash readonly

  The management accout changes applied by the policy.

• #need_to_update ⇒ Boolean included from Updatable readonly

  Do we have unsaved changes?.

• #offline ⇒ Boolean

  Should be policy be available offline.

• #open_firmware_efi_password ⇒ Hash readonly

  The open firmware mode and password.

• #override_default_settings ⇒ Hash readonly

  Overrides for various defaults.

• #packages ⇒ Array<Hash> (also: #pkgs) readonly

  The pkgs handled by this policy.

• #permissions_repair ⇒ Boolean

  Should this policy run a permission repair?.

• #printers ⇒ Array<Hash> readonly

  The printers handled by this policy.

• #reboot_options ⇒ Hash readonly

  Reboot options for the policy.

• #recon ⇒ Boolean (also: #update_inventory)

  Should this policy run a recon?.

• #reset_name ⇒ Boolean

  Should this policy reset the local hostname?.

• #scope ⇒ Object included from Scopable

  Attribtues.

• #scripts ⇒ Array<Hash> readonly

  The scripts run by this policy.

• #self_service_categories ⇒ Array<Hash> included from SelfServable readonly

  Each Hash has these keys about the category - :id => [Integer] the JSS id of the category - :name => [String] the name of the category.

• #self_service_description ⇒ String included from SelfServable

  The verbage that appears in SelfSvc for this item.

• #self_service_display_name ⇒ String (also: #self_service_dislay_name) included from SelfServable

  The name to display in macOS Self Service.

• #self_service_feature_on_main_page ⇒ Boolean included from SelfServable

  Only applicable to macOS targets.

• #self_service_force_users_to_view_description ⇒ Boolean included from SelfServable

  Should an extra window appear before the user can install the item? (OSX SSvc only).

• #self_service_install_button_text ⇒ String included from SelfServable

  defaults to ‘Install’.

• #self_service_notification_message ⇒ String included from SelfServable

  The message text of the notification.

• #self_service_notification_subject ⇒ String included from SelfServable

  object name.

• #self_service_notification_type ⇒ Symbol included from SelfServable

  How should notifications be sent either :ssvc_only or :ssvc_and_nctr.

• #self_service_notifications_enabled ⇒ Boolean (also: #self_service_notifications_enabled?) included from SelfServable

  Should jamf send notifications to self service?.

• #self_service_reinstall_button_text ⇒ String included from SelfServable

  defaults to ‘Reinstall’.

• #self_service_reminder_frequency ⇒ Integer included from SelfServable

  How often (in days) should reminders be given.

• #self_service_reminders_enabled ⇒ Boolean (also: #self_service_reminders_enabled?) included from SelfServable

  Should self service give reminders by displaying the notification repeatedly?.

• #self_service_removal_password ⇒ String included from SelfServable readonly

  The password needed for removal, in plain text.

• #self_service_user_removable ⇒ Symbol included from SelfServable

  One of the keys in PROFILE_REMOVAL_BY_USER.

• #server_side_limitations ⇒ Hash readonly

  The server-side limitations of this policy.

• #site ⇒ String readonly

  A string with the site name.

• #target_drive ⇒ String

  Which drive should the policy target.

• #trigger ⇒ String readonly

  Either EVENT or USER_INITIATED.

• #trigger_events ⇒ Hash readonly

  The triggers that cause this policy to execute on a client when the @trigger is “EVENT”.

• #user_may_defer ⇒ Boolean readonly

  Can the user defer the policy?.

• #user_may_defer_until ⇒ Time readonly

  When is the user no longer allowed to defer?.

• #user_message_finish ⇒ String (also: #user_message_end) readonly

  The message shown the user at policy end.

• #user_message_start ⇒ String

  The message shown the user at policy start.

• #verify_startup_disk ⇒ Boolean

  Should this policy verify the startup disk?.

Class Method Summary

• .flush_logs(policy, older_than: 0, period: :days, api: nil, cnx: Jamf.cnx) ⇒ void

  Flush logs for a given policy older than a given time period.

• .flush_logs_for_computers(computers = [], older_than: 0, period: :days, api: nil, cnx: Jamf.cnx) ⇒ void

  Flush policy logs for specific computers older than a given time period.

Instance Method Summary

• #add_directory_binding(identifier, **opts) ⇒ Array^?

  Add a Directory Bidning to the list of directory_bindings handled by this policy.

• #add_dock_item(identifier, action) ⇒ Object

  Add a dock item to the policy.

• #add_package(identifier, **opts) ⇒ Array^?

  Add a package to the list of pkgs handled by this policy.

• #add_printer(identifier, **opts) ⇒ String

  Add a specific printer object to the policy.

• #add_script(identifier, **opts) ⇒ Array^?

  Add a script to the list of SCRIPT_PRIORITIESipts run by this policy.

• #add_self_service_category(new_cat, display_in: true, feature_in: false) ⇒ void (also: #set_self_service_category, #change_self_service_category) included from SelfServable

  Add or change one of the categories for this item in self service.

• #add_to_self_service ⇒ void included from SelfServable

  Add this object to self service if not already there.

• #apply_encryption_configuration(identifier) ⇒ Void

  Sets the Disk Encryption application to “Apply” and sets the correct disk encryption configuration ID using either the name or id.

• #category=(new_cat) ⇒ void included from Categorizable

  Change the category of this object.

• #category_assigned? ⇒ Boolean (also: #categorized?) included from Categorizable

  Does this object have a category assigned?.

• #category_id ⇒ Integer included from Categorizable

  The id of the category for this object.

• #category_name ⇒ String (also: #category) included from Categorizable

  The name of the category for this object.

• #category_object ⇒ Jamf::Category included from Categorizable

  The Jamf::Category instance for this object’s category.

• #clone(new_name, api: nil, cnx: nil) ⇒ APIObject included from Creatable

  make a clone of this API object, with a new name.

• #create ⇒ Object included from SelfServable

  HACK: ity hack hack…

• #delete_file? ⇒ Boolean (also: #delete_path?)

  Should the searched-for path be deleted if found?.

• #directory_binding_ids ⇒ Array

  The id’s of the directory_bindings handled by the policy.

• #directory_binding_names ⇒ Array

  The names of the directory_bindings handled by the policy.

• #disable ⇒ Object

  Shortcut for endabled = false.

• #do_not_reboot ⇒ void

  Reboot Options Do Not Reboot Shortcut method to suppress Reboot Options.

• #dock_item_ids ⇒ Array

  The id’s of the dock_items handled by the policy.

• #dock_item_names ⇒ Array

  The names of the dock_items handled by the policy.

• #enable ⇒ Object

  Shortcut for enabled = true.

• #evaluate_new_category(new_cat) ⇒ Array<String, Integer> included from Categorizable

  Given a category name or id, return the name and id TODO: use APIObject.exist? and/or APIObject.valid_id.

• #file_vault_2_reboot=(fv_bool) ⇒ void

  Reboot Options FileVault Authenticated Reboot.

• #flush_logs(older_than: 0, period: :days) ⇒ void

  Flush logs for this policy older than a given time period.

• #initialize(**args) ⇒ Policy constructor

  A new instance of Policy.

• #kill_process? ⇒ Boolean

  Should the searched-for process be killed if found.

• #locate_file ⇒ String

  The term to seach for using the locate command.

• #locate_file=(term) ⇒ void

  Set the term to seach for using the locate command.

• #minutes_until_reboot=(minutes) ⇒ void

  Reboot Options Minutes Until Reboot.

• #name=(newname) ⇒ void included from Updatable

  Change the name of this item Remember to #update to push changes to the server.

• #no_user_logged_in=(no_user_option) ⇒ void

  What to do at reboot when No User Logged In.

• #notify_failed_retries=(bool) ⇒ void
• #notify_failed_retries? ⇒ Boolean (also: #notify_failed_retries, #notify_on_each_failed_retry)

  Should admins be notified of failed retry attempts.

• #package_ids ⇒ Array

  The id’s of the packages handled by the policy.

• #package_names ⇒ Array

  The names of the packages handled by the policy.

• #parse_scope ⇒ void included from Scopable private

  Call this during initialization of objects that have a scope and the scope instance will be created from @init_data.

• #printer_ids ⇒ Array

  The id’s of the printers handled by the policy.

• #printer_names ⇒ Array

  The names of the printers handled by the policy.

• #reboot_message=(message) ⇒ void (also: #message=)

  Set Reboot Message.

• #reissue_key ⇒ Void

  Sets the Disk Encryption application to “Remediate” and sets the remediation key type to individual.

• #remove_directory_binding(identifier) ⇒ Array^?

  Remove a directory binding from this policy by name or id.

• #remove_dock_item(identifier) ⇒ Object

  Remove a dock item from the policy.

• #remove_encryption_configuration ⇒ Void

  Removes the Disk Encryption settings associated with this specific policy.

• #remove_from_self_service ⇒ void included from SelfServable

  Remove this object from self service if it’s there.

• #remove_package(identifier) ⇒ Array^?

  Remove a package from this policy by name or id.

• #remove_printer(identifier) ⇒ Array^?

  Remove a specific printer object from the policy.

• #remove_script(identifier) ⇒ Array^?

  Remove a script from this policy by name or id.

• #remove_self_service_category(cat) ⇒ void included from SelfServable

  Remove a category from those for this item in SSvc.

• #retry_attempts ⇒ Integer

  How many times wil the policy be retried if it fails.

• #retry_attempts=(int) ⇒ void

  Set the number of times to retry if the policy fails.

• #retry_event ⇒ String

  The event that causes a policy retry.

• #retry_event=(evt) ⇒ void

  Set the event that causes a retry if the policy fails.

• #run(show_output = false) ⇒ Boolean^? (also: #execute)

  Try to execute this policy on this machine.

• #run_command ⇒ String (also: #command_to_run)

  The unix shell command to run on ths client.

• #run_command=(command) ⇒ void (also: #command_to_run=)

  Set the unix shell command to be run on the client.

• #script_ids ⇒ Array

  The id’s of the scripts handled by the policy.

• #script_names ⇒ Array

  The names of the scripts handled by the policy.

• #search_by_path ⇒ Pathname

  The path to search for.

• #search_for_process ⇒ String

  The process name to search for on the client.

• #self_service_execute_url ⇒ String included from SelfServable

  The url to view this thing in Self Service.

• #self_service_payload ⇒ Symbol included from SelfServable

  What does this object deploy to the device via self service?.

• #self_service_targets ⇒ Array<Symbol> included from SelfServable

  What devices types can get this thing in Self Service.

• #self_service_view_url ⇒ String included from SelfServable

  The url to view this thing in Self Service.

• #server_side_activation=(activation) ⇒ void

  Set Server Side Activation.

• #server_side_expiration=(expiration) ⇒ void

  Set Server Side Expiration.

• #set_management_account(action, **opts) ⇒ Object

  Interact with management account settings.

• #set_script_parameters(identifier, **opts) ⇒ Array

  Set a script parameter.

• #set_search_by_path(path, delete = false) ⇒ void

  Set the path to search for, a String or Pathname, and whether or not to delete it if found.

• #set_search_for_process(process, kill = false) ⇒ void

  Set the process name to search for, and if it should be killed if found.

• #set_trigger_event(type, new_val) ⇒ void

  Change a trigger event.

• #should_update ⇒ void included from Scopable

  When the scope changes, it calls this to tell us that an update is needed.

• #site=(new_site) ⇒ void included from Sitable

  Change the site of this object.

• #site_assigned? ⇒ Boolean included from Sitable

  Does this object have a site assigned?.

• #site_id ⇒ Integer included from Sitable

  The id of the site for this object.

• #site_name ⇒ String (also: #site) included from Sitable

  The name of the site for this object.

• #site_object ⇒ Jamf::Site included from Sitable

  The Jamf::Site instance for this object’s site.

• #specify_startup=(startup_volume) ⇒ void

  Specify Startup Volume Only Supports “Specify Local Startup Disk”.

• #spotlight_search ⇒ String

  The term to search for using spotlight.

• #spotlight_search=(term) ⇒ void

  Set the term to seach for using spotlight.

• #startup_disk=(startup_disk_option) ⇒ void

  Set Startup Disk Only Supports ‘Specify Local Startup Disk’ at the moment.

• #unset_category ⇒ void included from Categorizable

  Set the category to nothing.

• #unset_site ⇒ void included from Sitable

  Set the site to nothing.

• #update ⇒ Object included from SelfServable

  HACK: ity hack hack…

• #update_locate_database=(bool) ⇒ void

  Set whether or not to update the database used by the locate command.

• #update_locate_database? ⇒ Boolean

  Should we update the database used by the locate command?.

• #upload(type, local_file, force_ipa_upload: false) ⇒ Boolean included from Uploadable

  instance method wrapper for class method.

• #user_logged_in=(logged_in_option) ⇒ void

  What to do at reboot when there is a User Logged In.

• #user_message_end=(message) ⇒ void (also: #user_message_finish=)

  Set User Finish Message.

• #user_removable? ⇒ Boolean^? included from SelfServable

  Can this thing be removed by the user?.

• #verify_management_password(_password = nil) ⇒ TrueClass deprecated Deprecated.

  The API no longer sends SHA256 hashed password data, and instead only has a string of asterisks, meaning we can no longer use it to validate passwords before attempting to use them. Instead, the processes that use the password will fail on their own if the pw is not valid.

  This method remains defined for backward-compatibility with any existing code that calls it. but it will always return true. Itwill be removed in a future version

Constructor Details

#initialize(**args) ⇒ Policy

Returns a new instance of Policy.

See Also:

• APIObject#initialize

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 741

def initialize(**args)
  super

  if @in_jss
    gen = @init_data[:general]
    @target_drive = gen[:target_drive]
    @offline = gen[:offline]
    @enabled = gen[:enabled]
    @site = Jamf::APIObject.get_name(gen[:site][:name])
    @override_default_settings = gen[:override_default_settings]
    @trigger = gen[:trigger]
    @trigger_events = {
      trigger_startup: gen[:trigger_startup],
      trigger_login: gen[:trigger_login],
      trigger_logout: gen[:trigger_logout],
      trigger_checkin: gen[:trigger_checkin],
      trigger_network_state_changed: gen[:trigger_network_state_changed],
      trigger_enrollment_complete: gen[:trigger_enrollment_complete],
      trigger_other: gen[:trigger_other]
    }
    @frequency = gen[:frequency]
    @retry_event = gen[:retry_event]
    @retry_attempts = gen[:retry_attempts]
    @notify_failed_retries = gen[:notify_on_each_failed_retry]

    dtl = gen[:date_time_limitations]

    @server_side_limitations = {
      activation: JSS.epoch_to_time(dtl[:activation_date_epoch]),
      expiration: JSS.epoch_to_time(dtl[:expiration_date_epoch])
    }

    @client_side_limitations = {
      no_execute_on: dtl[:no_execute_on], # NOTE- there's a bug in the JSON output, it's been reported to JAMF.
      no_execute_start: dtl[:no_execute_start], # String like "1:01 AM"
      no_execute_end: dtl[:no_execute_end], # String like "2:02 PM"
      network_requirements: gen[:network_requirements]
    }

    maint = @init_data[:maintenance]
    @verify_startup_disk = maint[:verify]
    @permissions_repair = maint[:permissions]
    @recon = maint[:recon]
    @fix_byhost = maint[:byhost]
    @reset_name = maint[:reset_name]
    @flush_system_cache = maint[:system_cache]
    @install_cached_pkgs = maint[:install_all_cached_packages]
    @flush_user_cache = maint[:user_cache]

    amaint = @init_data[:account_maintenance]
    @directory_bindings = amaint[:directory_bindings]
    @open_firmware_efi_password = amaint[:open_firmware_efi_password]
    @management_account = amaint[:management_account]
    @accounts = amaint[:accounts]

    @packages = @init_data[:package_configuration][:packages] || []

    @scripts = @init_data[:scripts]

    uint = @init_data[:user_interaction]
    @user_may_defer = uint[:allow_users_to_defer]
    @user_may_defer_until = Jamf.parse_time uint[:allow_deferral_until_utc]
    @user_message_start =  uint[:message_start]
    @user_message_finish = uint[:message_finish]

    @reboot_options = @init_data[:reboot]

    @files_processes = @init_data[:files_processes]

    @dock_items = @init_data[:dock_items]

    @disk_encryption = @init_data[:disk_encryption]

    @printers = @init_data[:printers]
    @printers.shift

    # Not in jss yet
  end

  # set non-nil defaults
  @enabled ||= false
  @frequency ||= 'Once per computer'
  @target_drive ||= '/'
  @offline ||= false
  @override_default_settings ||= {}
  @scripts ||= []
  @server_side_limitations ||= {}
  @client_side_limitiations ||= {}
  @trigger_events ||= {}
  @directory_bindings ||= []
  @open_firmware_efi_password ||= {}
  @management_account ||= {}
  @accounts  ||= []
  @packages  ||= []
  @scripts ||= []
  @self_service ||= {}
  @dock_items ||= []
  @disk_encryption ||= {}
  @printers ||= []
  @files_processes ||= {}
  unless @reboot_options
    @reboot_options = {}
    @reboot_options[:user_logged_in] = 'Do not restart'
    @reboot_options[:no_user_logged_in] = 'Do not restart'
  end

  @scope ||= Jamf::Scopable::Scope.new(:computers, all_computers: false)
end

Instance Attribute Details

#accounts ⇒ Array<Hash> (readonly)

Local accts acted-upon by this policy

Keys are:

• :action => “Create”,

• :hint => “foo bar”,

• :picture => “/path/to/pic.tif”,

• :admin => true,

• :home => “/Users/chrisltest”,

• :realname => “ChrisTest Lasell”,

• :filevault_enabled => true,

• :username => “chrisltest”,

• :password_md5 => “3858f62230ac3c915f300c664312c63f”,

• :password => “foobar”,

• :password_sha256=> “c3ab8ff13720e8ad9047dd39466b3c8974e592c2fa383d4a3960714caef0c4f2”

TODO: make individial getters/setters as for @files_processes

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 626

def accounts
  @accounts
end

#client_side_limitations ⇒ Hash (readonly)

The client-side limitations of this policy.

The keys are:

• :no_execute_on - An array of short day names as strings, e.g. [“Sun”, “Mon”, “Tue”]

• :no_execute_start - Time

• :no_execute_end - Time

• :network_connection - String

The data for the first three comes from the API in the date_time_limitations hash of the general section. The fourth comes from the network_requirements of the general section of the API, but the UI shows them in the Client Side Limitations area.

This attribute is just for convience and consistency, and just refers to the data in their API locations

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 515

def client_side_limitations
  @client_side_limitations
end

#directory_bindings ⇒ Array<Hash> (readonly)

The directory bindings applied

each hash is like: {:name => “LDAP”, :id => 4} TODO: handle as for packages & scripts

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 589

def directory_bindings
  @directory_bindings
end

#disk_encryption ⇒ Hash (readonly)

Disk encryption options for this policy

The hash looks like {:disk_encryption_configuration_id => 3, :action => “apply”}

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 726

def disk_encryption
  @disk_encryption
end

#dock_items ⇒ Array<Hash> (readonly)

The dock items handled by this policy

each item hash looks like: {:name => “Mail”, :id => 14, :action => “Add To Beginning”}

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 719

def dock_items
  @dock_items
end

#enabled ⇒ Boolean Also known as: enabled?

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 433

def enabled
  @enabled
end

#fix_byhost ⇒ Boolean

Should this policy fix the ByHost prefs?

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 565

def fix_byhost
  @fix_byhost
end

#flush_system_cache ⇒ Boolean

Should this policy flush the system cache?

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 573

def flush_system_cache
  @flush_system_cache
end

#flush_user_cache ⇒ Boolean

Should this policy flush the user cache?

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 581

def flush_user_cache
  @flush_user_cache
end

#frequency ⇒ String

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 424

def frequency
  @frequency
end

#icon ⇒ Jamf::Icon^? Also known as: self_service_icon Originally defined in module SelfServable

#in_self_service ⇒ Boolean (readonly) Also known as: in_self_service? Originally defined in module SelfServable

#install_cached_pkgs ⇒ Boolean

Should this policy install any cached JSS packages?

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 577

def install_cached_pkgs
  @install_cached_pkgs
end

#management_account ⇒ Hash (readonly)

The management accout changes applied by the policy

The keys are:

• :action see MGMT_ACCOUNT_ACTIONS

• :managed_password

• :managed_password_md5

• :managed_password_sha256

• :managed_password_length # for random generating pws

TODO: make individial getters/setters as for @files_processes

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 606

def management_account
  @management_account
end

#need_to_update ⇒ Boolean (readonly) Originally defined in module Updatable

#offline ⇒ Boolean

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 430

def offline
  @offline
end

#open_firmware_efi_password ⇒ Hash (readonly)

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 592

def open_firmware_efi_password
  @open_firmware_efi_password
end

#override_default_settings ⇒ Hash (readonly)

Overrides for various defaults

NOTE: There’s an API bug in both XML and JSON with the

:distribution_point and :target_drive values.
First off, it's not clear what the :target_drive value here
is overriding, since there's a :target_drive value in the
main General hash.
Second off - when you set a non-default dist.point in the
packages section of the UI, that value shows up in both
this :target_drive and the general one, but the :distribution_point
value here stays empty.

The hash looks like: :distribution_point => “”, :force_afp_smb => false, :netboot_server => “current”, :target_drive => “default”, :sus => “default”

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 460

def override_default_settings
  @override_default_settings
end

#packages ⇒ Array<Hash> (readonly) Also known as: pkgs

The pkgs handled by this policy

Hash keys are:

• :action => “Install”

• :update_autorun => false,

• :feu => false,

• :name => “rbgem-json-1.6.5-4.pkg”,

• :id => 1073

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 639

def packages
  @packages
end

#permissions_repair ⇒ Boolean

Should this policy run a permission repair?

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 556

def permissions_repair
  @permissions_repair
end

#printers ⇒ Array<Hash> (readonly)

The printers handled by this policy

Each Hash looks like: {:make_default => false, :name => “torlan”, :id => 3, :action => “install”}

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 733

def printers
  @printers
end

#reboot_options ⇒ Hash (readonly)

Reboot options for the policy

The hash keys are:

• :user_logged_in => “Do not restart”,

• :minutes_until_reboot => 5,

• :message=> “This computer will restart in 5 minutes. yaddayadda.”,

• :startup_disk => “Current Startup Disk”,

• :specify_startup => “”,

• :no_user_logged_in => “Do not restart”

• :file_vault_2_reboot => false

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 697

def reboot_options
  @reboot_options
end

#recon ⇒ Boolean Also known as: update_inventory

Should this policy run a recon?

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 560

def recon
  @recon
end

#reset_name ⇒ Boolean

Should this policy reset the local hostname?

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 569

def reset_name
  @reset_name
end

#scope ⇒ Object Originally defined in module Scopable

Attribtues

#scripts ⇒ Array<Hash> (readonly)

The scripts run by this policy

Hash keys are:

• :name => “chromegetter.sh”,

• :parameter4 => “”,

• :parameter5 => “”,

• :parameter6 => “”,

• :parameter7 => “”,

• :parameter8 => “”,

• :parameter9 => “”,

• :parameter10 => “”,

• :parameter11 => “”,

• :id => 1428,

• :priority => “After”

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 659

def scripts
  @scripts
end

#self_service_categories ⇒ Array<Hash> (readonly) Originally defined in module SelfServable

Each Hash has these keys about the category

• :id => [Integer] the JSS id of the category

• :name => [String] the name of the category

Most objects also include one or both of these keys:

• :display_in => [Boolean] should the item be displayed in this category in SSvc? (not MobDevConfProfiles)

• :feature_in => [Boolean] should the item be featured in this category in SSVC? (macOS targets only)

#self_service_description ⇒ String Originally defined in module SelfServable

#self_service_display_name ⇒ String Also known as: self_service_dislay_name Originally defined in module SelfServable

#self_service_feature_on_main_page ⇒ Boolean Originally defined in module SelfServable

Only applicable to macOS targets

#self_service_force_users_to_view_description ⇒ Boolean Originally defined in module SelfServable

#self_service_install_button_text ⇒ String Originally defined in module SelfServable

defaults to ‘Install’

#self_service_notification_message ⇒ String Originally defined in module SelfServable

#self_service_notification_subject ⇒ String Originally defined in module SelfServable

object name.

#self_service_notification_type ⇒ Symbol Originally defined in module SelfServable

#self_service_notifications_enabled ⇒ Boolean Also known as: self_service_notifications_enabled? Originally defined in module SelfServable

#self_service_reinstall_button_text ⇒ String Originally defined in module SelfServable

defaults to ‘Reinstall’

#self_service_reminder_frequency ⇒ Integer Originally defined in module SelfServable

#self_service_reminders_enabled ⇒ Boolean Also known as: self_service_reminders_enabled? Originally defined in module SelfServable

#self_service_removal_password ⇒ String (readonly) Originally defined in module SelfServable

#self_service_user_removable ⇒ Symbol Originally defined in module SelfServable

#server_side_limitations ⇒ Hash (readonly)

The server-side limitations of this policy.

The keys are :activation and :expiration, both are Times.

the data comes from the API in the date_time_limitations hash of the general section, but the UI shows them in the Server Side Limitations area. This attribute is just for convience and consistency, and just refers to the data in their API locations

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 497

def server_side_limitations
  @server_side_limitations
end

#site ⇒ String (readonly)

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 437

def site
  @site
end

#target_drive ⇒ String

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 427

def target_drive
  @target_drive
end

#trigger ⇒ String (readonly)

Either EVENT or USER_INITIATED

If it’s EVENT, then one or more of the members @trigger_events must true.

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 522

def trigger
  @trigger
end

#trigger_events ⇒ Hash (readonly)

The triggers that cause this policy to execute on a client when the @trigger is “EVENT”

This is a hash with the following keys. Each comes from the API as a key in the :general hash, but they make more sense separated out like this.

• :trigger_startup => Bool

• :trigger_login => Bool

• :trigger_logout => Bool

• :trigger_checkin => Bool

• :trigger_network_state_changed => Bool

• :trigger_enrollment_complete => Bool

• :trigger_other => the String that causes a custom trigger

To edit a value, call

set_trigger_event(type, new_val)

where type is one of the keys in TRIGGER_EVENTS and new val is the new value (usually boolean)

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 543

def trigger_events
  @trigger_events
end

#user_may_defer ⇒ Boolean (readonly)

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 672

def user_may_defer
  @user_may_defer
end

#user_may_defer_until ⇒ Time (readonly)

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 675

def user_may_defer_until
  @user_may_defer_until
end

#user_message_finish ⇒ String (readonly) Also known as: user_message_end

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 681

def user_message_finish
  @user_message_finish
end

#user_message_start ⇒ String

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 678

def user_message_start
  @user_message_start
end

#verify_startup_disk ⇒ Boolean

Should this policy verify the startup disk?

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 552

def verify_startup_disk
  @verify_startup_disk
end

Class Method Details

.flush_logs(policy, older_than: 0, period: :days, api: nil, cnx: Jamf.cnx) ⇒ void

This method returns an undefined value.

Flush logs for a given policy older than a given time period. This flushes the logs of the given policy for all computers.

IMPORTANT: from the Jamf Developer Site:

The ability to flush logs is currently only supported for flushing all logs
for a given policy or all logs for a given computer. There is no support for
flushing logs for a given policy and computer combination.

(See .flush_logs_for_computers to to flush all logs for given computers)

With no parameters, flushes all logs for the policy.

Without older_than: and period:, will flush all logs for the policy

NOTE: Currently the API doesn’t have a way to flush only failed policies.

WARNING: Log flushing can take a long time, and the API call doesnt return until its finished. The connection timeout will be temporarily raised to 30 minutes, unless it’s already higher.

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 308

def self.flush_logs(policy, older_than: 0, period: :days, api: nil, cnx: Jamf.cnx)
  cnx = api if api

  pol_id = valid_id policy, cnx: cnx
  raise Jamf::NoSuchItemError, "No Policy identified by '#{policy}'." unless pol_id

  older_than, period = validate_log_flush_params(older_than, period)

  # log flushes can be really slow
  orig_timeout = cnx.timeout
  cnx.timeout = 1800 unless orig_timeout && orig_timeout > 1800

  cnx.c_delete "#{LOG_FLUSH_RSRC}/policy/id/#{pol_id}/interval/#{older_than}+#{period}"
ensure
  cnx.timeout = orig_timeout
end

.flush_logs_for_computers(computers = [], older_than: 0, period: :days, api: nil, cnx: Jamf.cnx) ⇒ void

This method returns an undefined value.

Flush policy logs for specific computers older than a given time period. This flushes the logs for all policies for these computers.

IMPORTANT: from the Jamf Developer Site:

The ability to flush logs is currently only supported for flushing all logs
for a given policy or all logs for a given computer. There is no support for
flushing logs for a given policy and computer combination.

(See .flush_logs to to flush all logs for a given policy)

Without older_than: and period:, will flush all logs for the computers

NOTE: Currently the API doesn’t have a way to flush only failed policies.

WARNING: Log flushing can take a long time, and the API call doesnt return until its finished. The connection timeout will be temporarily raised to 30 minutes, unless it’s already higher.

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 354

def self.flush_logs_for_computers(computers = [], older_than: 0, period: :days, api: nil, cnx: Jamf.cnx)
  cnx = api if api

  computers = [computers] unless computers.is_a? Array
  raise JSS::InvalidDataError, 'One or more computers must be specified' if computers.empty?

  older_than, period = validate_log_flush_params(older_than, period)

  # build the xml body for a DELETE request
  xml_doc = REXML::Document.new Jamf::Connection::XML_HEADER
  xml_doc.root.name = 'logflush'
  lf = xml_doc.root
  lf.add_element('log').text = 'policy'
  lf.add_element('interval').text = "#{older_than} #{period}"

  comps_elem = lf.add_element 'computers'
  computers.each do |c|
    id = Jamf::Computer.valid_id c, cnx: cnx
    next unless id

    ce = comps_elem.add_element 'computer'
    ce.add_element('id').text = id.to_s
  end

  # for debugging the xml...
  #
  # formatter = REXML::Formatters::Pretty.new(2)
  # formatter.compact = true
  # formatter.write(xml_doc, $stdout)
  # puts
  # return

  # log flushes can be really slow
  orig_timeout = cnx.timeout
  cnx.timeout = 1800 unless orig_timeout && orig_timeout > 1800

  # Do a DELETE request with a body.
  resp = cnx.c_cnx.delete(LOG_FLUSH_RSRC) do |req|
    req.headers[Jamf::Connection::HTTP_CONTENT_TYPE_HEADER] = Jamf::Connection::MIME_XML
    req.body = xml_doc.to_s
  end

  resp.body
ensure
  cnx.timeout = orig_timeout
end

Instance Method Details

#add_directory_binding(identifier, **opts) ⇒ Array^?

Add a Directory Bidning to the list of directory_bindings handled by this policy. If the directory binding already exists in the policy, nil is returned and no changes are made.

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 1623

def add_directory_binding(identifier, **opts)
  id = validate_directory_binding_opts identifier, opts

  return nil if @directory_bindings.map { |s| s[:id] }.include? id

  name = Jamf::DirectoryBinding.map_all_ids_to(:name, cnx: @cnx)[id]

  directory_binding_data = {
    id: id,
    name: name
  }

  @directory_bindings.insert opts[:position], directory_binding_data

  @need_to_update = true
  @directory_bindings
end

#add_dock_item(identifier, action) ⇒ Object

Add a dock item to the policy

Raises:

• (Jamf::NoSuchItemError)

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 1718

def add_dock_item(identifier, action)
  id = Jamf::DockItem.valid_id identifier, cnx: @cnx

  raise Jamf::NoSuchItemError, "No Dock Item matches '#{identifier}'" unless id

  raise Jamf::InvalidDataError, "Action must be one of: :#{DOCK_ITEM_ACTIONS.keys.join ', :'}" unless DOCK_ITEM_ACTIONS.include? action

  return nil if @dock_items.map { |d| d[:id] }.include? id

  name = Jamf::DockItem.map_all_ids_to(:name, cnx: @cnx)[id]

  @dock_items << { id: id, name: name, action: DOCK_ITEM_ACTIONS[action] }

  @need_to_update = true
  @dock_items
end

#add_package(identifier, **opts) ⇒ Array^?

Add a package to the list of pkgs handled by this policy. If the pkg already exists in the policy, nil is returned and no changes are made.

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 1436

def add_package(identifier, **opts)
  id = validate_package_opts(identifier, opts)

  return nil if @packages.map { |p| p[:id] }.include? id

  name = Jamf::Package.map_all_ids_to(:name, cnx: @cnx)[id]

  pkg_data = {
    id: id,
    name: name,
    action: PACKAGE_ACTIONS[opts[:action]],
    feu: opts[:feu],
    fut: opts[:feu],
    update_autorun: opts[:update_autorun]
  }

  @packages.insert opts[:position], pkg_data

  @need_to_update = true
  @packages
end

#add_printer(identifier, **opts) ⇒ String

Add a specific printer object to the policy.

Author:

• Tyler Morgan

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 1683

def add_printer(identifier, **opts)
  id = validate_printer_opts identifier, opts

  return nil if @printers.map { |p| p[:id] }.include? id

  name = Jamf::Printer.map_all_ids_to(:name, cnx: @cnx)[id]

  printer_data = {
    id: id,
    name: name,
    action: PRINTER_ACTIONS[opts[:action]],
    make_default: opts[:make_default]
  }

  @printers.insert opts[:position], printer_data

  @need_to_update = true
  @printers
end

#add_script(identifier, **opts) ⇒ Array^?

Add a script to the list of SCRIPT_PRIORITIESipts run by this policy. If the script already exists in the policy, nil is returned and no changes are made.

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 1513

def add_script(identifier, **opts)
  id = validate_script_opts(identifier, opts)

  return nil if @scripts.map { |s| s[:id] }.include? id

  name = Jamf::Script.map_all_ids_to(:name, cnx: @cnx)[id]

  script_data = {
    id: id,
    name: name,
    priority: SCRIPT_PRIORITIES[opts[:priority]],
    parameter4: opts[:parameter4],
    parameter5: opts[:parameter5],
    parameter6: opts[:parameter6],
    parameter7: opts[:parameter7],
    parameter8: opts[:parameter8],
    parameter9: opts[:parameter9],
    parameter10: opts[:parameter10],
    parameter11: opts[:parameter11]
  }

  @scripts.insert opts[:position], script_data

  @need_to_update = true
  @scripts
end

#add_self_service_category(new_cat, display_in: true, feature_in: false) ⇒ void Also known as: set_self_service_category, change_self_service_category Originally defined in module SelfServable

This method returns an undefined value.

Add or change one of the categories for this item in self service

Raises:

• (Jamf::NoSuchItemError)

#add_to_self_service ⇒ void Originally defined in module SelfServable

This method returns an undefined value.

Add this object to self service if not already there.

#apply_encryption_configuration(identifier) ⇒ Void

Sets the Disk Encryption application to “Apply” and sets the correct disk encryption configuration ID using either the name or id.

Author:

• Tyler Morgan

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 1788

def apply_encryption_configuration(identifier)
  id = Jamf::DiskEncryptionConfiguration.valid_id identifier

  return if id.nil?

  hash = {
    action: DISK_ENCRYPTION_ACTIONS[:apply],
    disk_encryption_configuration_id: id,
    auth_restart: false
  }

  @disk_encryption = hash
  @need_to_update = true
end

#category=(new_cat) ⇒ void Originally defined in module Categorizable

This method returns an undefined value.

Change the category of this object. Any of the NON_CATEGORIES values will unset the category

Raises:

• (Jamf::NoSuchItemError)

#category_assigned? ⇒ Boolean Also known as: categorized? Originally defined in module Categorizable

Does this object have a category assigned?

#category_id ⇒ Integer Originally defined in module Categorizable

The id of the category for this object.

#category_name ⇒ String Also known as: category Originally defined in module Categorizable

The name of the category for this object. For backward compatibility, this is aliased to just ‘category’

#category_object ⇒ Jamf::Category Originally defined in module Categorizable

The Jamf::Category instance for this object’s category

#clone(new_name, api: nil, cnx: nil) ⇒ APIObject Originally defined in module Creatable

make a clone of this API object, with a new name. The class must be creatable

Raises:

• (Jamf::UnsupportedError)

#create ⇒ Object Originally defined in module SelfServable

HACK: ity hack hack… remove when jamf fixes these bugs

#delete_file? ⇒ Boolean Also known as: delete_path?

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 1337

def delete_file?
  @files_processes[:delete_file]
end

#directory_binding_ids ⇒ Array

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 1602

def directory_binding_ids
  @directory_bindings.map { |p| p[:id] }
end

#directory_binding_names ⇒ Array

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 1607

def directory_binding_names
  @directory_bindings.map { |p| p[:name] }
end

#disable ⇒ Object

Shortcut for endabled = false

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 871

def disable
  self.enabled = false
end

#do_not_reboot ⇒ void

This method returns an undefined value.

Reboot Options Do Not Reboot Shortcut method to suppress Reboot Options

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 1221

def do_not_reboot
  @reboot_options[:user_logged_in] = 'Do not restart'
  @reboot_options[:no_user_logged_in] = 'Do not restart'
  @need_to_update = true
end

#dock_item_ids ⇒ Array

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 1656

def dock_item_ids
  @dock_items.map { |p| p[:id] }
end

#dock_item_names ⇒ Array

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 1661

def dock_item_names
  @dock_items.map { |p| p[:name] }
end

#enable ⇒ Object

Shortcut for enabled = true

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 866

def enable
  self.enabled = true
end

#evaluate_new_category(new_cat) ⇒ Array<String, Integer> Originally defined in module Categorizable

Given a category name or id, return the name and id TODO: use APIObject.exist? and/or APIObject.valid_id

#file_vault_2_reboot=(fv_bool) ⇒ void

This method returns an undefined value.

Reboot Options FileVault Authenticated Reboot

Raises:

• (Jamf::InvalidDataError)

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 1248

def file_vault_2_reboot=(fv_bool)
  raise Jamf::InvalidDataError, 'FileVault 2 Reboot must be a Boolean' unless fv_bool.jss_boolean?

  @reboot_options[:file_vault_2_reboot] = fv_bool
  @need_to_update = true
end

#flush_logs(older_than: 0, period: :days) ⇒ void

This method returns an undefined value.

Flush logs for this policy older than a given time period.

IMPORTANT: from the Jamf Developer Site:

The ability to flush logs is currently only supported for flushing all logs
for a given policy or all logs for a given computer. There is no support for
flushing logs for a given policy and computer combination.

With no parameters, will flush all logs for the policy

NOTE: Currently the API doesn’t have a way to flush only failed policies.

WARNING: Log flushing can take a long time, and the API call doesnt return until its finished. The connection timeout will be temporarily raised to 30 minutes, unless it’s already higher.

Raises:

• (Jamf::NoSuchItemError)

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 1918

def flush_logs(older_than: 0, period: :days)
  raise Jamf::NoSuchItemError, "Policy doesn't exist in the JSS. Use #save first." unless @in_jss

  Jamf::Policy.flush_logs(
    @id,
    older_than: older_than,
    period: period,
    cnx: @cnx
  )
end

#kill_process? ⇒ Boolean

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 1303

def kill_process?
  @files_processes[:kill_process]
end

#locate_file ⇒ String

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 1383

def locate_file
  @files_processes[:locate_file]
end

#locate_file=(term) ⇒ void

This method returns an undefined value.

Set the term to seach for using the locate command

Raises:

• (Jamf::InvalidDataError)

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 1393

def locate_file=(term)
  raise Jamf::InvalidDataError, 'Term to locate must be a String' unless term.is_a? String

  @files_processes[:locate_file] = term
  @need_to_update = true
end

#minutes_until_reboot=(minutes) ⇒ void

This method returns an undefined value.

Reboot Options Minutes Until Reboot

Raises:

• (Jamf::InvalidDataError)

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 1234

def minutes_until_reboot=(minutes)
  raise Jamf::InvalidDataError, 'Minutes until reboot must be an Integer' unless minutes.is_a? Integer

  @reboot_options[:minutes_until_reboot] = minutes
  @need_to_update = true
end

#name=(newname) ⇒ void Originally defined in module Updatable

This method returns an undefined value.

Change the name of this item Remember to #update to push changes to the server.

Raises:

• (Jamf::UnsupportedError)

#no_user_logged_in=(no_user_option) ⇒ void

This method returns an undefined value.

What to do at reboot when No User Logged In

Raises:

• (Jamf::InvalidDataError)

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 1126

def no_user_logged_in=(no_user_option)
  raise Jamf::InvalidDataError, "no_user_logged_in options: #{NO_USER_LOGGED_IN.join(', ')}" unless NO_USER_LOGGED_IN.include? no_user_option

  @reboot_options[:no_user_logged_in] = no_user_option
  @need_to_update = true
end

#notify_failed_retries=(bool) ⇒ void

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 961

def notify_failed_retries=(bool)
  validate_retry_opt
  bool = Jamf::Validate.boolean bool
  return if @notify_failed_retries == bool

  @notify_failed_retries = bool
  @need_to_update = true
end

#notify_failed_retries? ⇒ Boolean Also known as: notify_failed_retries, notify_on_each_failed_retry

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 951

def notify_failed_retries?
  return false unless FREQUENCIES[:once_per_computer] == @frequency

  @notify_failed_retries
end

#package_ids ⇒ Array

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 1407

def package_ids
  @packages.map { |p| p[:id] }
end

#package_names ⇒ Array

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 1412

def package_names
  @packages.map { |p| p[:name] }
end

#parse_scope ⇒ void Originally defined in module Scopable

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

This method returns an undefined value.

Call this during initialization of objects that have a scope and the scope instance will be created from @init_data

#printer_ids ⇒ Array

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 1744

def printer_ids
  @printers.map { |p| p[:id] }
rescue TypeError
  []
end

#printer_names ⇒ Array

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 1751

def printer_names
  @printers.map { |p| p[:name] }
rescue TypeError
  []
end

#reboot_message=(message) ⇒ void Also known as: message=

This method returns an undefined value.

Set Reboot Message

Raises:

• (Jamf::InvalidDataError)

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 1152

def reboot_message=(message)
  raise Jamf::InvalidDataError, 'Reboot message must be a String' unless message.is_a? String

  @reboot_options[:message] = message
  @need_to_update = true
end

#reissue_key ⇒ Void

Sets the Disk Encryption application to “Remediate” and sets the remediation key type to individual.

Author:

• Tyler Morgan

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 1765

def reissue_key
  if @disk_encryption[:action] != DISK_ENCRYPTION_ACTIONS[:remediate]
    # Setting New Action
    hash = {
      action: DISK_ENCRYPTION_ACTIONS[:remediate],
      remediate_key_type: 'Individual'
    }

    @disk_encryption = hash
    @need_to_update = true

  else
    # Update
    nil
  end
end

#remove_directory_binding(identifier) ⇒ Array^?

Remove a directory binding from this policy by name or id

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 1647

def remove_directory_binding(identifier)
  removed = @directory_bindings.delete_if { |s| s[:id] == identifier || s[:name] == identifier }
  @need_to_update = true if removed
  removed
end

#remove_dock_item(identifier) ⇒ Object

Remove a dock item from the policy

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 1736

def remove_dock_item(identifier)
  # TODO: Add validation against Jamf::DockItem
  removed = @dock_items.delete_if { |d| d[:id] == identifier || d[:name] == identifier }
  @need_to_update = true if removed
  removed
end

#remove_encryption_configuration ⇒ Void

Removes the Disk Encryption settings associated with this specific policy.

Author:

• Tyler Morgan

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 1809

def remove_encryption_configuration
  hash = {
    action: DISK_ENCRYPTION_ACTIONS[:none]
  }

  @disk_encryption = hash
  @need_to_update = true
end

#remove_from_self_service ⇒ void Originally defined in module SelfServable

This method returns an undefined value.

Remove this object from self service if it’s there.

#remove_package(identifier) ⇒ Array^?

Remove a package from this policy by name or id

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 1464

def remove_package(identifier)
  removed = @packages.delete_if { |p| p[:id] == identifier || p[:name] == identifier }
  @need_to_update = true if removed
  removed
end

#remove_printer(identifier) ⇒ Array^?

Remove a specific printer object from the policy.

Author:

• Tyler Morgan

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 1710

def remove_printer(identifier)
  removed = @printers.delete_if { |p| p[:id] == identifier || p[:name] == identifier }

  @need_to_update = true
  removed
end

#remove_script(identifier) ⇒ Array^?

Remove a script from this policy by name or id

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 1546

def remove_script(identifier)
  removed = @scripts.delete_if { |s| s[:id] == identifier || s[:name] == identifier }
  @need_to_update = true if removed
  removed
end

#remove_self_service_category(cat) ⇒ void Originally defined in module SelfServable

This method returns an undefined value.

Remove a category from those for this item in SSvc

#retry_attempts ⇒ Integer

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 922

def retry_attempts
  return 0 unless FREQUENCIES[:once_per_computer] == @frequency

  @retry_attempts
end

#retry_attempts=(int) ⇒ void

This method returns an undefined value.

Set the number of times to retry if the policy fails. One of the ways to turn off policy retry is to set this to 0 or -1 The other is to set retry_event to :none

Raises:

• (Jamf::InvalidDataError)

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 935

def retry_attempts=(int)
  validate_retry_opt
  raise Jamf::InvalidDataError, 'Retry attempts must be an integer from 0-10' unless int.is_a?(Integer) && (-1..10).include?(int)

  # if zero or -1, turn off retries
  if int <= 0
    @retry_event = RETRY_EVENTS[:none]
    int = -1
  end
  return if @retry_attempts == int

  @retry_attempts = int
  @need_to_update = true
end

#retry_event ⇒ String

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 892

def retry_event
  return RETRY_EVENTS[:none] unless FREQUENCIES[:once_per_computer] == @frequency

  @retry_event
end

#retry_event=(evt) ⇒ void

This method returns an undefined value.

Set the event that causes a retry if the policy fails. One of the ways to turn off policy retry is to set this to :none The other is to set the retry_attempts to 0

Raises:

• (Jamf::InvalidDataError)

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 905

def retry_event=(evt)
  validate_retry_opt
  raise Jamf::InvalidDataError, "Retry event must be one of :#{RETRY_EVENTS.keys.join ', :'}" unless RETRY_EVENTS.key?(evt) || RETRY_EVENTS.value?(evt)

  evt = evt.is_a?(Symbol) ? RETRY_EVENTS[evt] : evt
  return if evt == @retry_event

  # if the event is not 'none' and attempts is <= 0,
  # set events to 1, or the API won't accept it
  @retry_attempts = 1 if !(evt == RETRY_EVENTS[:none]) && !@retry_attempts.to_i.positive?

  @retry_event = evt
  @need_to_update = true
end

#run(show_output = false) ⇒ Boolean^? Also known as: execute

Try to execute this policy on this machine.

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 1887

def run(show_output = false)
  return nil unless enabled?

  output = Jamf::Client.run_jamf('policy', "-id #{id}", show_output)
  return nil if output.include? 'No policies were found for the ID'

  $CHILD_STATUS.exitstatus.zero? || false
end

#run_command ⇒ String Also known as: command_to_run

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 1259

def run_command
  @files_processes[:run_command]
end

#run_command=(command) ⇒ void Also known as: command_to_run=

This method returns an undefined value.

Set the unix shell command to be run on the client

Raises:

• (Jamf::InvalidDataError)

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 1270

def run_command=(command)
  raise Jamf::InvalidDataError, 'Command to run must be a String' unless command.is_a? String

  @files_processes[:run_command] = command
  @need_to_update = true
end

#script_ids ⇒ Array

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 1473

def script_ids
  @scripts.map { |p| p[:id] }
end

#script_names ⇒ Array

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 1478

def script_names
  @scripts.map { |p| p[:name] }
end

#search_by_path ⇒ Pathname

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 1327

def search_by_path
  if @files_processes[:search_by_path].nil?
    nil
  else
    Pathname.new @files_processes[:search_by_path]
  end
end

#search_for_process ⇒ String

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 1297

def search_for_process
  @files_processes[:search_for_process]
end

#self_service_execute_url ⇒ String Originally defined in module SelfServable

#self_service_payload ⇒ Symbol Originally defined in module SelfServable

What does this object deploy to the device via self service?

#self_service_targets ⇒ Array<Symbol> Originally defined in module SelfServable

What devices types can get this thing in Self Service

#self_service_view_url ⇒ String Originally defined in module SelfServable

#server_side_activation=(activation) ⇒ void

This method returns an undefined value.

Set Server Side Activation

Raises:

• (Jamf::InvalidDataError)

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 1022

def server_side_activation=(activation)
  raise Jamf::InvalidDataError, 'Activation must be a Time' unless activation.is_a? Time

  @server_side_limitations[:activation] = activation
  @need_to_update = true
end

#server_side_expiration=(expiration) ⇒ void

This method returns an undefined value.

Set Server Side Expiration

Raises:

• (Jamf::InvalidDataError)

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 1035

def server_side_expiration=(expiration)
  raise Jamf::InvalidDataError, 'Expiration must be a Time' unless expiration.is_a? Time

  @server_side_limitations[:expiration] = expiration
  @need_to_update = true
end

#set_management_account(action, **opts) ⇒ Object

Interact with management account settings

Reference: developer.jamf.com/documentation#resources-with-passwords

Raises:

• (Jamf::InvalidDataError)

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 1826

def set_management_account(action, **opts)
  # TODO: Add proper error handling
  raise Jamf::InvalidDataError, "Action must be one of: :#{MGMT_ACCOUNT_ACTIONS.keys.join ', :'}" unless MGMT_ACCOUNT_ACTIONS.include? action

  management_data = {}

  if i[change_pw reset_pw].include?(action)
    raise Jamf::MissingDataError, ':password must be provided when changing management account password' if opts[:password].nil?

    management_data = {
      action: MGMT_ACCOUNT_ACTIONS[action],
      managed_password: opts[:password]
    }
  elsif i[reset_random generate_pw].include?(action)
    raise Jamf::MissingDataError, ':password_length must be provided when setting a random password' if opts[:password_length].nil?
    raise Jamf::InvalidDataError, ':password_length must be an Integer' unless opts[:password_length].is_a? Integer

    management_data = {
      action: MGMT_ACCOUNT_ACTIONS[action],
      managed_password_length: opts[:password_length]
    }
  else
    management_data = {
      action: MGMT_ACCOUNT_ACTIONS[action]
    }
  end

  @management_account = management_data

  @need_to_update = true

  @management_account
end

#set_script_parameters(identifier, **opts) ⇒ Array

Set a script parameter

Raises:

• (Jamf::NoSuchItemError)

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 1584

def set_script_parameters(identifier, **opts)
  id = Jamf::Script.valid_id identifier, cnx: @cnx
  raise Jamf::NoSuchItemError, "No script matches '#{identifier}'" unless id

  script_data = @scripts.select { |s| s[:id] == id }[0]
  raise Jamf::InvalidDataError, "Script #{id} is not configured. Use add_script method." unless script_data

  opts.each do |parameter, value|
    script_data[parameter] = value if SCRIPT_PARAMETERS_AVAILABLE.include? parameter
  end

  @need_to_update = true
  @scripts
end

#set_search_by_path(path, delete = false) ⇒ void

This method returns an undefined value.

Set the path to search for, a String or Pathname, and whether or not to delete it if found.

Setter methods (which end with =) can’t easily take multiple arguments, so we instead name them “set_blah_blah” rather than “blah_blah=”

Raises:

• (Jamf::InvalidDataError)

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 1354

def set_search_by_path(path, delete = false)
  raise Jamf::InvalidDataError, 'Path to search for must be a String or a Pathname' unless path.is_a?(String) || path.is_a?(Pathname)

  @files_processes[:search_by_path] = path.to_s
  @files_processes[:delete_file] = delete ? true : false
  @need_to_update = true
end

#set_search_for_process(process, kill = false) ⇒ void

This method returns an undefined value.

Set the process name to search for, and if it should be killed if found.

Setter methods (which end with =) can’t easily take multiple arguments, so we instead name them “set_blah_blah” rather than “blah_blah=”

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 1319

def set_search_for_process(process, kill = false)
  @files_processes[:search_for_process] = process.to_s
  @files_processes[:kill_process] = kill ? true : false
  @need_to_update = true
end

#set_trigger_event(type, new_val) ⇒ void

This method returns an undefined value.

Change a trigger event

Raises:

• (Jamf::InvalidDataError)

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 1004

def set_trigger_event(type, new_val)
  raise Jamf::InvalidDataError, "Trigger type must be one of #{TRIGGER_EVENTS.keys.join(', ')}" unless TRIGGER_EVENTS.key?(type)

  if type == :custom
    raise Jamf::InvalidDataError, 'Custom triggers must be Strings' unless new_val.is_a? String
  else
    raise Jamf::InvalidDataError, 'Non-custom triggers must be true or false' unless Jamf::TRUE_FALSE.include? new_val
  end
  @trigger_events[TRIGGER_EVENTS[type]] = new_val
  @need_to_update = true
end

#should_update ⇒ void Originally defined in module Scopable

This method returns an undefined value.

When the scope changes, it calls this to tell us that an update is needed.

#site=(new_site) ⇒ void Originally defined in module Sitable

This method returns an undefined value.

Change the site of this object. Any of the NON_SITES values will unset the site

Raises:

• (Jamf::NoSuchItemError)

#site_assigned? ⇒ Boolean Originally defined in module Sitable

Does this object have a site assigned?

#site_id ⇒ Integer Originally defined in module Sitable

The id of the site for this object.

#site_name ⇒ String Also known as: site Originally defined in module Sitable

The name of the site for this object. For backward compatibility, this is aliased to just ‘site’

#site_object ⇒ Jamf::Site Originally defined in module Sitable

The Jamf::Site instance for this object’s site

#specify_startup=(startup_volume) ⇒ void

This method returns an undefined value.

Specify Startup Volume Only Supports “Specify Local Startup Disk”

Raises:

• (Jamf::InvalidDataError)

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 1208

def specify_startup=(startup_volume)
  raise Jamf::InvalidDataError, "#{startup_volume} is not a valid Startup Disk" unless startup_volume.is_a? String

  @reboot_options[:specify_startup] = startup_volume
  @need_to_update = true
end

#spotlight_search ⇒ String

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 1364

def spotlight_search
  @files_processes[:spotlight_search]
end

#spotlight_search=(term) ⇒ void

This method returns an undefined value.

Set the term to seach for using spotlight

Raises:

• (Jamf::InvalidDataError)

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 1374

def spotlight_search=(term)
  raise Jamf::InvalidDataError, 'Spotlight search term must be a String' unless term.is_a? String

  @files_processes[:spotlight_search] = term
  @need_to_update = true
end

#startup_disk=(startup_disk_option) ⇒ void

This method returns an undefined value.

Set Startup Disk Only Supports ‘Specify Local Startup Disk’ at the moment

Raises:

• (Jamf::InvalidDataError)

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 1193

def startup_disk=(startup_disk_option)
  raise Jamf::InvalidDataError, "#{startup_disk_option} is not a valid Startup Disk" unless startup_disk_option.is_a? String

  @reboot_options[:startup_disk] = 'Specify Local Startup Disk'
  self.specify_startup = startup_disk_option
  @need_to_update = true
end

#unset_category ⇒ void Originally defined in module Categorizable

This method returns an undefined value.

Set the category to nothing

#unset_site ⇒ void Originally defined in module Sitable

This method returns an undefined value.

Set the site to nothing

#update ⇒ Object Originally defined in module SelfServable

HACK: ity hack hack… remove when jamf fixes these bugs

#update_locate_database=(bool) ⇒ void

This method returns an undefined value.

Set whether or not to update the database used by the locate command.

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 1290

def update_locate_database=(bool)
  @files_processes[:update_locate_database] = Jamf::Validate.boolean bool
  @need_to_update = true
end

#update_locate_database? ⇒ Boolean

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 1280

def update_locate_database?
  @files_processes[:update_locate_database]
end

#upload(type, local_file, force_ipa_upload: false) ⇒ Boolean Originally defined in module Uploadable

instance method wrapper for class method

Upload a file to the JSS to be stored with this instance of the class mixing in the Uploadable module

Raises:

• (Jamf::NoSuchItemError)

#user_logged_in=(logged_in_option) ⇒ void

This method returns an undefined value.

What to do at reboot when there is a User Logged In

Raises:

• (Jamf::InvalidDataError)

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 1139

def user_logged_in=(logged_in_option)
  raise Jamf::InvalidDataError, "user_logged_in options: #{USER_LOGGED_IN.join(', ')}" unless USER_LOGGED_IN.include? logged_in_option

  @reboot_options[:user_logged_in] = logged_in_option
  @need_to_update = true
end

#user_message_end=(message) ⇒ void Also known as: user_message_finish=

This method returns an undefined value.

Set User Finish Message

Raises:

• (Jamf::InvalidDataError)

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 1177

def user_message_end=(message)
  raise Jamf::InvalidDataError, 'User message must be a String' unless message.is_a? String

  @user_message_finish = message
  @need_to_update = true
end

#user_removable? ⇒ Boolean^? Originally defined in module SelfServable

Can this thing be removed by the user?

#verify_management_password(_password = nil) ⇒ TrueClass

Deprecated.

The API no longer sends SHA256 hashed password data, and instead only has a string of asterisks, meaning we can no longer use it to validate passwords before attempting to use them. Instead, the processes that use the password will fail on their own if the pw is not valid.

This method remains defined for backward-compatibility with any existing code that calls it. but it will always return true. Itwill be removed in a future version

Returns Allow the process calling this to continue.

# File 'lib/jamf/api/classic/api_objects/policy.rb', line 1873

def verify_management_password(_password = nil)
  true
end