-
Notifications
You must be signed in to change notification settings - Fork 38
/
JSSImporter.py
1413 lines (1273 loc) · 55.5 KB
/
JSSImporter.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
#!/usr/bin/python
# Copyright 2014-2017 Shea G. Craig
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
#
# See the License for the specific language governing permissions and
# limitations under the License.
"""See docstring for JSSImporter class."""
from __future__ import absolute_import
import importlib
import os
import sys
import time
from collections import OrderedDict
from distutils.version import StrictVersion
from zipfile import ZipFile, ZIP_DEFLATED
from xml.sax.saxutils import escape
# ElementTree monkey patch borrowed with love from Matteo Ferla.
# https://blog.matteoferla.com/2019/02/uniprot-xml-and-python-elementtree.html
sys.modules.pop("xml.etree.ElementTree", None)
sys.modules["_elementtree"] = None
ElementTree = importlib.import_module("xml.etree.ElementTree")
sys.path.insert(0, "/Library/AutoPkg/JSSImporter")
import jss # pylint: disable=import-error
# Ensure that python-jss dependency is at minimum version
try:
from jss import __version__ as PYTHON_JSS_VERSION
except ImportError:
PYTHON_JSS_VERSION = "0.0.0"
from autopkglib import Processor, ProcessorError # pylint: disable=import-error
__all__ = ["JSSImporter"]
__version__ = "1.1.6"
REQUIRED_PYTHON_JSS_VERSION = StrictVersion("2.1.1")
# Map Python 2 basestring type for Python 3.
if sys.version_info.major == 3:
basestring = str
# pylint: disable=too-many-instance-attributes, too-many-public-methods
class JSSImporter(Processor):
"""Uploads packages to configured Casper distribution points.
Optionally, creates supporting categories, computer groups, policy,
self service icon, extension attributes, and scripts.
File paths to support files are searched for in order:
1. Path as specified.
2. The parent folder of the path.
3. First ParentRecipe's folder.
4. First ParentRecipe's parent folder.
5. Second ParentRecipe's folder.
6. Second ParentRecipe's parent folder.
7. Nth ParentRecipe's folder.
8. Nth ParentRecipe's parent folder.
This search-path method is primarily in place to support using
recipe overrides. It applies to policy_template, computer group
templates, self_service_icon, script templates, and extension
attribute templates. It allows users to avoid having to copy the
file to the override directory for each recipe.
"""
input_variables = {
"prod_name": {
"required": True,
"description": "Name of the product.",
},
"jss_inventory_name": {
"required": False,
"description": "Smart groups using the 'Application Title' "
"criteria need "
"to specify the app's filename, as registered in the JSS's "
"inventory. If this variable is left out, it will generate an "
"'Application Title' by adding '.app' to the prod_name, e.g. "
"prod_name='Google Chrome', calculated "
"jss_inventory_name='Google Chrome.app'. If you need to "
"override this behavior, specify the correct name with this "
"variable.",
},
"pkg_path": {
"required": False,
"description": "Path to a pkg or dmg to import - provided by "
"previous pkg recipe/processor.",
"default": "",
},
"version": {
"required": False,
"description": "Version number of software to import - usually provided "
"by previous pkg recipe/processor, but if not, defaults to "
"'0.0.0.0'. ",
"default": "0.0.0.0",
},
"JSS_REPOS": {
"required": False,
"description": "Array of dicts for each intended distribution point. Each "
"distribution point type requires slightly different "
"configuration keys and data. Please consult the "
"documentation. ",
"default": [],
},
"JSS_URL": {
"required": True,
"description": "URL to a Jamf Pro server that the API user has write access "
"to, optionally set as a key in the com.github.autopkg "
"preference file.",
},
"API_USERNAME": {
"required": True,
"description": "Username of account with appropriate access to "
"jss, optionally set as a key in the com.github.autopkg "
"preference file.",
},
"API_PASSWORD": {
"required": True,
"description": "Password of api user, optionally set as a key in "
"the com.github.autopkg preference file.",
},
"JSS_VERIFY_SSL": {
"required": False,
"description": "If set to False, SSL verification in communication "
"with the Jamf Pro server will be skipped. Defaults to 'True'.",
"default": True,
},
"JSS_SUPPRESS_WARNINGS": {
"required": False,
"description": "Determines whether to suppress urllib3 warnings. "
"If you choose not to verify SSL with JSS_VERIFY_SSL, urllib3 "
"throws warnings for each of the numerous requests "
"JSSImporter makes. If you would like to see them, set to "
"'False'. Defaults to 'True'.",
"default": True,
},
"category": {
"required": False,
"description": "Category to create/associate imported app "
"package with. Defaults to 'No category assigned'.",
},
"policy_category": {
"required": False,
"description": "Category to create/associate policy with. Defaults"
" to 'No category assigned'.",
},
"force_policy_state": {
"required": False,
"description": "If set to False JSSImporter will not override the policy "
"enabled state. This allows creating new policies in a default "
"state and then going and manually enabling them in the Jamf Pro server. "
"Boolean, defaults to 'True'",
"default": True,
},
"os_requirements": {
"required": False,
"description": "Comma-separated list of OS version numbers to "
"allow. Corresponds to the OS Requirements field for "
"packages. The character 'x' may be used as a wildcard, as "
"in '10.9.x'",
"default": "",
},
"package_info": {
"required": False,
"description": "Text to apply to the package's Info field.",
"default": "",
},
"package_notes": {
"required": False,
"description": "Text to apply to the package's Notes field.",
"default": "",
},
"package_priority": {
"required": False,
"description": "Priority to use for deploying or uninstalling the "
"package. Value between 1-20. Defaults to '10'",
"default": "10",
},
"package_reboot": {
"required": False,
"description": "Computers must be restarted after installing the package "
"Boolean. Defaults to 'False'",
"default": "False",
},
"groups": {
"required": False,
"description": "Array of group dictionaries. Wrap each group in a "
"dictionary. Group keys include 'name' (Name of the group to "
"use, required), 'smart' (Boolean: static group=False, smart "
"group=True, default is False, not required), "
"template_path' (string: path to template file to use for "
"group, required for smart groups, invalid for static groups), "
"and 'do_update' (Boolean: default is True, not required)",
},
"exclusion_groups": {
"required": False,
"description": "Array of group dictionaries. Wrap each group in a "
"dictionary. Group keys include 'name' (Name of the group to "
"use, required), 'smart' (Boolean: static group=False, smart "
"group=True, default is False, not required), and "
"template_path' (string: path to template file to use for "
"group, required for smart groups, invalid for static groups), "
"and 'do_update' (Boolean: default is True, not required)",
},
"scripts": {
"required": False,
"description": "Array of script dictionaries. Wrap each script in "
"a dictionary. Script keys include 'name' (Name of the script "
"to use, required), 'template_path' (string: path to template "
"file to use for script, required)",
},
"extension_attributes": {
"required": False,
"description": "Array of extension attribute dictionaries. Wrap each "
"extension attribute in a dictionary. Script keys include: "
"'ext_attribute_path' (string: path to extension attribute "
"file.)",
},
"policy_template": {
"required": False,
"description": "Filename of policy template file. If key is "
"missing or value is blank, policy creation will be skipped.",
"default": "",
},
"policy_action_type": {
"required": False,
"description": "Type of policy 'package_configuration' to perform. Must be "
"one of 'Install', 'Cache', 'Install Cached'.",
"default": "Install",
},
"self_service_description": {
"required": False,
"description": "Use to populate the %SELF_SERVICE_DESCRIPTION% variable for "
"use in templates. Primary use is for filling the info button "
"text in Self Service, but could be used elsewhere.",
"default": "",
},
"self_service_icon": {
"required": False,
"description": "Path to an icon file. Use to add an icon to a "
"self-service enabled policy. Because of the way Casper "
"handles this, the JSSImporter will only upload if the icon's "
"filename is different than the one set on the policy (if it "
"even exists). Please see the README for more information.",
"default": "",
},
"site_id": {
"required": False,
"description": "ID of the target Site",
},
"site_name": {
"required": False,
"description": "Name of the target Site",
},
"STOP_IF_NO_JSS_UPLOAD": {
"required": False,
"default": True,
"description": (
"If True, the processor will stop after verifying that "
"a PKG upload was not required since a PKG of the same name "
"is already present on the server"
),
},
"skip_scope": {
"required": False,
"default": False,
"description": (
"If True, policy scope will not be updated. By default group "
"and policy updates are coupled together. This allows group "
"updates without updating or overwriting policy scope."
),
},
"skip_scripts": {
"required": False,
"default": False,
"description": "If True, policy scripts will not be updated.",
},
}
output_variables = {
"jss_changed_objects": {
"description": "Dictionary of added or changed values."
},
"jss_importer_summary_result": {
"description": "Description of interesting results."
},
}
description = __doc__
def __init__(self, env=None, infile=None, outfile=None):
"""Sets attributes here."""
super(JSSImporter, self).__init__(env, infile, outfile)
self.jss = None
self.pkg_name = None
self.prod_name = None
self.version = None
self.category = None
self.policy_category = None
self.package = None
self.replace_dict = {}
self.extattrs = None
self.groups = None
self.exclusion_groups = None
self.scripts = None
self.policy = None
self.upload_needed = False
# clear any cookies since we want a new session
cookiejar = "/tmp/pythonjss_cookie_jar"
if os.path.isfile(cookiejar):
os.remove(cookiejar)
def create_jss(self):
"""Create a JSS object for API calls"""
kwargs = {
"url": self.env["JSS_URL"],
"user": self.env["API_USERNAME"],
"password": self.env["API_PASSWORD"],
"ssl_verify": self.env["JSS_VERIFY_SSL"],
"repo_prefs": self.env["JSS_REPOS"],
}
self.jss = jss.JSS(**kwargs)
if self.env.get("verbose", 1) >= 4:
self.jss.verbose = True
def init_jss_changed_objects(self):
"""Build a dictionary to track changes to JSS objects."""
keys = (
"jss_repo_updated",
"jss_category_added",
"jss_package_added",
"jss_package_updated",
"jss_group_added",
"jss_group_updated",
"jss_script_added",
"jss_script_updated",
"jss_extension_attribute_added",
"jss_extension_attribute_updated",
"jss_policy_added",
"jss_policy_updated",
"jss_icon_uploaded",
)
self.env["jss_changed_objects"] = {key: [] for key in keys}
def repo_type(self):
"""returns the type of repo"""
if self.env["JSS_REPOS"]:
try:
repo = self.env["JSS_REPOS"][0]["type"]
except KeyError:
repo = "DP"
else:
return
return repo
def wait_for_id(self, obj_cls, obj_name):
"""wait for feedback that the object is there"""
object = None
search_method = getattr(self.jss, obj_cls.__name__)
# limit time to wait to get a package ID.
timeout = time.time() + 120
while time.time() < timeout:
try:
object = search_method(obj_name)
if object.id != 0:
self.output(
"{} ID '{}' verified on server".format(
obj_cls.__name__, object.id
),
verbose_level=2,
)
self.upload_needed = True
return object
else:
self.output(
"Waiting to get {} ID from server (reported: {})...".format(
obj_cls.__name__, object.id
),
verbose_level=2,
)
time.sleep(10)
except jss.GetError:
self.output(
"Waiting to get {} ID from server (none reported)...".format(
obj_cls.__name__
),
verbose_level=2,
)
time.sleep(10)
def handle_category(self, category_type, category_name=None):
"""Ensure a category is present."""
if self.env.get(category_type):
category_name = self.env.get(category_type)
if category_name is not None:
try:
category = self.jss.Category(category_name)
category_name = category.name
self.output(
"Category, type '{}', name '{}', already exists on the Jamf Pro server, "
"moving on...".format(category_type, category_name),
verbose_level=2,
)
except jss.GetError:
# Category doesn't exist
category = jss.Category(self.jss, category_name)
category.save()
self.wait_for_id(jss.Category, category)
try:
category.id
self.output(
"Category, type '{}', name '{}', created.".format(
category_type, category_name
)
)
self.env["jss_changed_objects"]["jss_category_added"].append(
category_name
)
except ValueError:
raise ProcessorError(
"Failed to get category ID from {}.".format(self.repo_type())
)
else:
category = None
return category
def handle_package(self, stop_if_no_upload):
"""Creates or updates, and copies a package object.
This will only upload a package if a file with the same name
does not already exist on a DP. If you need to force a
re-upload, you must delete the package on the DP first.
Further, if you are using a JDS, it will only upload a package
if a package object with a filename matching the AutoPkg
filename does not exist. If you need to force a re-upload to a
JDS, please delete the package object through the web interface
first.
"""
# Skip package handling if there is no package or repos.
pkg_path = self.env["pkg_path"]
if self.repo_type() is None:
self.output(
"No repos are setup so JSSImporter cannot upload packages. "
"If this is a mistake, check your JSS_REPOS array.",
verbose_level=2,
)
return
if pkg_path == "":
self.output(
"No 'pkg_path' key has been passed to the JSSImporter processor. "
"Therefore, no package will be uploaded. ",
verbose_level=2,
)
return
# Ensure that `pkg_path` is valid.
if not os.path.exists(pkg_path):
raise ProcessorError(
"JSSImporter can't find a package at '{}'!".format(pkg_path)
)
# See if the package is non-flat (requires zipping prior to
# upload).
if os.path.isdir(pkg_path):
self.output("Package object is a bundle. Converting to zip...")
pkg_path = self.zip_pkg_path(pkg_path)
self.env["pkg_path"] = pkg_path
# Make sure our change gets added back into the env for
# visibility.
self.pkg_name += ".zip"
# now check if the package object already exists
try:
package = self.jss.Package(self.pkg_name)
self.output("Package object already exists on the Jamf Pro server.")
self.output(
"Package ID: {}".format(package.id),
verbose_level=2,
)
pkg_update = self.env["jss_changed_objects"]["jss_package_updated"]
# for cloud DPs we must assume that the package object means there is an associated package
except jss.GetError:
# Package doesn't exist
self.output("Package object does not already exist on the Jamf Pro server.")
# for CDP or JDS types, the package has to be uploaded first to generate a package object
# then we wait for the package ID, then we can continue to assign attributes to the package
# object.
if (
self.repo_type() == "JDS"
or self.repo_type() == "CDP"
or self.repo_type() == "AWS"
):
self.copy(pkg_path)
package = self.wait_for_id(jss.Package, self.pkg_name)
try:
package.id
pkg_update = self.env["jss_changed_objects"]["jss_package_added"]
except ValueError:
raise ProcessorError(
"Failed to get Package ID from {}.".format(self.repo_type())
)
elif (
self.repo_type() == "DP"
or self.repo_type() == "SMB"
or self.repo_type() == "AFP"
or self.repo_type() == "Local"
):
# for AFP/SMB shares, we create the package object first and then copy the package
# if it is not already there
self.output("Creating Package object...")
package = jss.Package(self.jss, self.pkg_name)
pkg_update = self.env["jss_changed_objects"]["jss_package_added"]
else:
# repo type that is not supported
raise ProcessorError(
"JSSImporter can't upload the Package at '{}'! Repo type {} is not supported. Please reconfigure your JSSImporter prefs.".format(
pkg_path, self.repo_type()
)
)
# For local DPs we check that the package is already on the distribution point and upload it if not
if (
self.repo_type() == "DP"
or self.repo_type() == "SMB"
or self.repo_type() == "AFP"
or self.repo_type() == "Local"
):
if self.jss.distribution_points.exists(os.path.basename(pkg_path)):
self.output("Package upload not required.")
self.upload_needed = False
else:
self.copy(pkg_path)
self.output(
"Package {} uploaded to distribution point.".format(self.pkg_name)
)
self.upload_needed = True
# only update the package object if an upload ad was carried out
if stop_if_no_upload != "False" and not self.upload_needed:
self.output(
"Not overwriting policy as upload requirement is determined as False, "
"and STOP_IF_NO_JSS_UPLOAD is not set to False."
)
self.env["stop_processing_recipe"] = True
return
elif not self.upload_needed:
self.output(
"Overwriting policy although upload requirement is determined as False, "
"because STOP_IF_NO_JSS_UPLOAD is set to False."
)
# now update the package object
os_requirements = self.env.get("os_requirements")
package_info = self.env.get("package_info")
package_notes = self.env.get("package_notes")
package_priority = self.env.get("package_priority")
package_reboot = self.env.get("package_reboot")
if self.category is not None:
cat_name = self.category.name
else:
cat_name = ""
if (
self.repo_type() == "JDS"
or self.repo_type() == "CDP"
or self.repo_type() == "AWS"
):
self.wait_for_id(jss.Package, self.pkg_name)
try:
package.id
pkg_update = self.env["jss_changed_objects"]["jss_package_added"]
except ValueError:
raise ProcessorError(
"Failed to get Package ID from {}.".format(self.repo_type())
)
self.update_object(cat_name, package, "category", pkg_update)
self.update_object(os_requirements, package, "os_requirements", pkg_update)
self.update_object(package_info, package, "info", pkg_update)
self.update_object(package_notes, package, "notes", pkg_update)
self.update_object(package_priority, package, "priority", pkg_update)
self.update_object(package_reboot, package, "reboot_required", pkg_update)
return package
def zip_pkg_path(self, path):
"""Add files from path to a zip file handle.
Args:
path (str): Path to folder to zip.
Returns:
(str) name of resulting zip file.
"""
zip_name = "{}.zip".format(path)
with ZipFile(zip_name, "w", ZIP_DEFLATED, allowZip64=True) as zip_handle:
for root, _, files in os.walk(path):
for member in files:
zip_handle.write(os.path.join(root, member))
self.output("Closing: {}".format(zip_name))
return zip_name
def handle_extension_attributes(self):
"""Add extension attributes if needed."""
extattrs = self.env.get("extension_attributes")
results = []
if extattrs:
for extattr in extattrs:
extattr_object = self.update_or_create_new(
jss.ComputerExtensionAttribute,
extattr["ext_attribute_path"],
update_env="jss_extension_attribute_added",
added_env="jss_extension_attribute_updated",
)
results.append(extattr_object)
return results
def handle_groups(self, groups):
"""Manage group existence and creation."""
computer_groups = []
if groups:
for group in groups:
self.output(
"Computer Group to process: {}".format(group["name"]),
verbose_level=3,
)
if self.validate_input_var(group):
is_smart = group.get("smart", False)
if is_smart:
computer_group = self.add_or_update_smart_group(group)
else:
computer_group = self.add_or_update_static_group(group)
computer_groups.append(computer_group)
return computer_groups
def handle_scripts(self):
"""Add scripts if needed."""
scripts = self.env.get("scripts")
results = []
if scripts:
for script in scripts:
self.output(
"Looking for Script file {}...".format(script["name"]),
verbose_level=2,
)
script_file = self.find_file_in_search_path(script["name"])
try:
with open(script_file) as script_handle:
script_contents = script_handle.read()
except IOError:
raise ProcessorError(
"Script '{}' could not be read!".format(script_file)
)
script_object = self.update_or_create_new(
jss.Script,
script["template_path"],
os.path.basename(script_file),
added_env="jss_script_added",
update_env="jss_script_updated",
script_contents=script_contents,
)
results.append(script_object)
return results
def handle_policy(self):
"""Create or update a policy."""
if self.env.get("policy_template"):
template_filename = self.env.get("policy_template")
policy = self.update_or_create_new(
jss.Policy,
template_filename,
update_env="jss_policy_updated",
added_env="jss_policy_added",
)
self.output(
"Policy object: {}".format(policy.id),
verbose_level=3,
)
else:
self.output("Policy creation not desired, moving on...")
policy = None
return policy
def handle_icon(self):
"""Add self service icon if needed."""
# Icons are tricky. The only way to add new ones is to use
# FileUploads. If you manually upload them, you can add them to
# a policy to get their ID, but there is no way to query the Jamf Pro server
# to see what icons are available. Thus, icon handling involves
# several cooperating methods. If we just add an icon every
# time we run a recipe, however, we end up with a ton of
# redundent icons, and short of actually deleting them in the
# sql database, there's no way to delete icons. So when we run,
# we first check for an existing policy, and if it exists, copy
# its icon XML, which is then added to the templated Policy. If
# there is no icon information, but the recipe specifies one,
# then FileUpload it up.
# If no policy handling is desired, we can't upload an icon.
if self.env.get("self_service_icon") and self.policy is not None:
# Search through search-paths for icon file.
self.output(
"Looking for Icon file {}...".format(self.env["self_service_icon"]),
verbose_level=2,
)
icon_path = self.find_file_in_search_path(self.env["self_service_icon"])
icon_filename = os.path.basename(icon_path)
# Compare the filename in the policy to the one provided by
# the recipe. If they don't match, we need to upload a new
# icon.
policy_filename = self.policy.findtext(
"self_service/self_service_icon/filename"
)
if not policy_filename == icon_filename:
self.output(
"Icon name in existing policy: {}".format(policy_filename),
verbose_level=2,
)
icon = jss.FileUpload(
self.jss, "policies", "id", self.policy.id, icon_path
)
icon.save()
self.env["jss_changed_objects"]["jss_icon_uploaded"].append(
icon_filename
)
self.output("Icon uploaded to the Jamf Pro server.")
else:
self.output("Icon matches existing icon, moving on...")
def update_object(self, data, obj, path, update):
"""Update an object if it differs.
If a value differs between the recipe and the object, update
the object to reflect the change, and add the object to a
summary list.
Args:
data: Recipe string value to enforce.
obj: JSSObject type to set data on.
path: String path to desired XML.
update: Summary list object to append obj to if something
is changed.
"""
if data != obj.findtext(path):
obj.find(path).text = data
obj.save()
self.output(
"{} '{}' updated.".format(str(obj.__class__).split(".")[-1][:-2], path)
)
update.append(obj.name)
def copy(self, source_item, id_=-1):
"""Copy a package or script using the JSS_REPOS preference."""
self.output("Copying {} to all distribution points.".format(source_item))
def output_copy_status(connection):
"""Output AutoPkg copying status."""
self.output("Copying to {}".format(connection["url"]))
self.jss.distribution_points.copy(
source_item, id_=id_, pre_callback=output_copy_status
)
self.env["jss_changed_objects"]["jss_repo_updated"].append(
os.path.basename(source_item)
)
self.output("Copied '{}'".format(source_item))
def build_replace_dict(self):
"""Build dict of replacement values based on available input."""
# First, add in AutoPkg's env, excluding types that don't make
# sense:
replace_dict = {
key: val
for key, val in self.env.items()
if val is not None and isinstance(val, basestring)
}
# Next, add in "official" and Legacy input variables.
replace_dict["VERSION"] = self.version
if self.package is not None:
replace_dict["PKG_NAME"] = self.package.name
replace_dict["PROD_NAME"] = self.env.get("prod_name")
if self.env.get("site_id"):
replace_dict["SITE_ID"] = self.env.get("site_id")
if self.env.get("site_name"):
replace_dict["SITE_NAME"] = self.env.get("site_name")
replace_dict["SELF_SERVICE_DESCRIPTION"] = self.env.get(
"self_service_description"
)
replace_dict["SELF_SERVICE_ICON"] = self.env.get("self_service_icon")
# policy_category is not required, so set a default value if
# absent.
replace_dict["POLICY_CATEGORY"] = self.env.get("policy_category") or "Unknown"
# Some applications may have a product name that differs from
# the name that the JSS uses for its "Application Title"
# inventory field. If so, you can set it with the
# jss_inventory_name input variable. If this variable is not
# specified, it will just append .app, which is how most apps
# work.
if self.env.get("jss_inventory_name"):
replace_dict["JSS_INVENTORY_NAME"] = self.env.get("jss_inventory_name")
else:
replace_dict["JSS_INVENTORY_NAME"] = "%s.app" % self.env.get("prod_name")
self.replace_dict = replace_dict
# pylint: disable=too-many-arguments
def update_or_create_new(
self,
obj_cls,
template_path,
name="",
added_env="",
update_env="",
script_contents="",
):
"""Check for an existing object and update it, or create a new
object.
Args:
obj_cls: The python-jss object class to work with.
template_path: String filename or path to the template
file. See get_templated_object() for more info.
name: The name to use. Defaults to the "name" property of
the templated object.
added_env: The environment var to update if an object is
added.
update_env: The environment var to update if an object is
updated.
script_contents (str): XML escaped script.
do_update (Boolean): Do not overwrite an existing group if
set to False.
Returns:
The recipe object after updating.
"""
# Create a new object from the template
recipe_object = self.get_templated_object(obj_cls, template_path)
# Ensure categories exist prior to using them in an object.
# Text replacement has already happened, so categories should
# be in place.
try:
category_name = recipe_object.category.text
except AttributeError:
category_name = None
if category_name is not None:
self.handle_category(obj_cls.root_tag, category_name)
if not name:
name = recipe_object.name
# Check for an existing object with this name.
existing_object = None
search_method = getattr(self.jss, obj_cls.__name__)
try:
existing_object = search_method(name)
except jss.GetError:
pass
# If object is a Policy, we need to inject scope, scripts,
# package, and an icon.
if obj_cls is jss.Policy:
# If a policy_category has been given as an input variable,
# it wins. Replace whatever is in the template, and add in
# a category tag if it isn't there.
if self.env.get("policy_category"):
policy_category = recipe_object.find("category")
if policy_category is None:
policy_category = ElementTree.SubElement(recipe_object, "category")
policy_category.text = self.env.get("policy_category")
if existing_object is not None:
# If this policy already exists, and it has an icon set,
# copy its icon section to our template, as we have no
# other way of getting this information.
icon_xml = existing_object.find("self_service/self_service_icon")
if icon_xml is not None:
self.add_icon_to_policy(recipe_object, icon_xml)
if not self.env.get("force_policy_state"):
state = existing_object.find("general/enabled").text
recipe_object.find("general/enabled").text = state
# If skip_scope is True then don't include scope data.
if self.env["skip_scope"] is not True:
self.add_scope_to_policy(recipe_object)
else:
self.output(
"Skipping assignment of scope as skip_scope is set to {}".format(
self.env["skip_scope"]
)
)
# If skip_scripts is True then don't include scripts data.
if self.env["skip_scripts"] is not True:
self.add_scripts_to_policy(recipe_object)
else:
self.output(
"Skipping assignment of scripts as skip_scripts is set to {}".format(
self.env["skip_scripts"]
)
)
# add package to policy if there is one
self.add_package_to_policy(recipe_object)
# If object is a script, add the passed contents to the object.
# throw it into the `script_contents` tag of the object.
if obj_cls is jss.Script and script_contents:
tag = ElementTree.SubElement(recipe_object, "script_contents")
tag.text = script_contents
if existing_object is not None:
# Update the existing object.
# Copy the ID from the existing object to the new one so
# that it knows how to save itself.
recipe_object._basic_identity["id"] = existing_object.id
recipe_object.save()
# get feedback that the object has been created
object = self.wait_for_id(obj_cls, name)
try:
object.id
# Retrieve the updated XML.
recipe_object = search_method(name)
self.output("{} '{}' updated.".format(obj_cls.__name__, name))
if update_env:
self.env["jss_changed_objects"][update_env].append(name)
except ValueError:
raise ProcessorError(
"Failed to get {} ID from {}.".format(
obj_cls.__name__, self.repo_type()
)
)
else:
# Object doesn't exist yet.
recipe_object.save()
# get feedback that the object has been created
object = self.wait_for_id(obj_cls, name)
try:
object.id
self.output("{} '{}' created.".format(obj_cls.__name__, name))
if added_env:
self.env["jss_changed_objects"][added_env].append(name)
except ValueError:
raise ProcessorError(
"Failed to get {} ID from {}.".format(
obj_cls.__name__, self.repo_type()
)
)
return recipe_object
# pylint: enable=too-many-arguments
def get_templated_object(self, obj_cls, template_path):
"""Return an object based on a template located in search path.
Args:
obj_cls: JSSObject class (for the purposes of JSSImporter a
Policy or a ComputerGroup)
template_path: String filename or path to template file.
See find_file_in_search_path() for more information on
file searching.
Returns:
A JSS Object created based on the template,
post-text-replacement.
"""
self.output(
"Looking for {} template file {}...".format(
obj_cls.__name__, os.path.basename(template_path)
),
verbose_level=2,
)
final_template_path = self.find_file_in_search_path(template_path)