ruby-jss 0.9.2 → 0.10.0a1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of ruby-jss might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGES.md +13 -1
- data/README.md +7 -7
- data/bin/cgrouper +6 -6
- data/bin/netseg-update +1 -1
- data/lib/jss.rb +1 -0
- data/lib/jss/api_connection.rb +428 -44
- data/lib/jss/api_object.rb +119 -68
- data/lib/jss/api_object/account.rb +12 -12
- data/lib/jss/api_object/advanced_search.rb +12 -12
- data/lib/jss/api_object/categorizable.rb +4 -4
- data/lib/jss/api_object/category.rb +2 -2
- data/lib/jss/api_object/computer.rb +111 -58
- data/lib/jss/api_object/computer_invitation.rb +2 -2
- data/lib/jss/api_object/creatable.rb +19 -8
- data/lib/jss/api_object/criteriable/criteria.rb +8 -8
- data/lib/jss/api_object/distribution_point.rb +14 -48
- data/lib/jss/api_object/extension_attribute.rb +14 -11
- data/lib/jss/api_object/extension_attribute/computer_extension_attribute.rb +18 -18
- data/lib/jss/api_object/group.rb +7 -7
- data/lib/jss/api_object/ldap_server.rb +51 -60
- data/lib/jss/api_object/locatable.rb +2 -2
- data/lib/jss/api_object/matchable.rb +8 -9
- data/lib/jss/api_object/mobile_device.rb +61 -59
- data/lib/jss/api_object/mobile_device_application.rb +3 -3
- data/lib/jss/api_object/network_segment.rb +24 -19
- data/lib/jss/api_object/package.rb +6 -6
- data/lib/jss/api_object/peripheral.rb +5 -5
- data/lib/jss/api_object/policy.rb +5 -5
- data/lib/jss/api_object/restricted_software.rb +4 -4
- data/lib/jss/api_object/scopable/scope.rb +3 -3
- data/lib/jss/api_object/script.rb +1 -1
- data/lib/jss/api_object/self_servable.rb +3 -3
- data/lib/jss/api_object/self_servable/icon.rb +7 -2
- data/lib/jss/api_object/updatable.rb +2 -2
- data/lib/jss/api_object/uploadable.rb +1 -1
- data/lib/jss/api_object/user.rb +2 -2
- data/lib/jss/composer.rb +37 -10
- data/lib/jss/ruby_extensions/string.rb +51 -42
- data/lib/jss/server.rb +27 -6
- data/lib/jss/utility.rb +44 -0
- data/lib/jss/validate.rb +85 -0
- data/lib/jss/version.rb +1 -1
- metadata +5 -4
@@ -1,26 +1,26 @@
|
|
1
1
|
### Copyright 2017 Pixar
|
2
2
|
|
3
|
-
###
|
3
|
+
###
|
4
4
|
### Licensed under the Apache License, Version 2.0 (the "Apache License")
|
5
5
|
### with the following modification; you may not use this file except in
|
6
6
|
### compliance with the Apache License and the following modification to it:
|
7
7
|
### Section 6. Trademarks. is deleted and replaced with:
|
8
|
-
###
|
8
|
+
###
|
9
9
|
### 6. Trademarks. This License does not grant permission to use the trade
|
10
10
|
### names, trademarks, service marks, or product names of the Licensor
|
11
11
|
### and its affiliates, except as required to comply with Section 4(c) of
|
12
12
|
### the License and to reproduce the content of the NOTICE file.
|
13
|
-
###
|
13
|
+
###
|
14
14
|
### You may obtain a copy of the Apache License at
|
15
|
-
###
|
15
|
+
###
|
16
16
|
### http://www.apache.org/licenses/LICENSE-2.0
|
17
|
-
###
|
17
|
+
###
|
18
18
|
### Unless required by applicable law or agreed to in writing, software
|
19
19
|
### distributed under the Apache License with the above modification is
|
20
20
|
### distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
21
21
|
### KIND, either express or implied. See the Apache License for the specific
|
22
22
|
### language governing permissions and limitations under the Apache License.
|
23
|
-
###
|
23
|
+
###
|
24
24
|
###
|
25
25
|
|
26
26
|
###
|
@@ -94,7 +94,7 @@ module JSS
|
|
94
94
|
### @return [void]
|
95
95
|
###
|
96
96
|
def criteria= (new_criteria)
|
97
|
-
unless new_criteria.kind_of? Array
|
97
|
+
unless new_criteria.kind_of? Array && new_criteria.reject{|c| c.is_a? JSS::Criteriable::Criterion }.empty?
|
98
98
|
raise JSS::InvalidDataError, "Argument must be an Array of JSS::Criteriable::Criterion instances."
|
99
99
|
end
|
100
100
|
new_criteria.each{ |nc| criterion_ok? nc }
|
@@ -140,7 +140,7 @@ module JSS
|
|
140
140
|
###
|
141
141
|
### @return [void]
|
142
142
|
###
|
143
|
-
def insert_criterion(priority,criterion)
|
143
|
+
def insert_criterion(priority, criterion)
|
144
144
|
criterion_ok? criterion
|
145
145
|
@criteria.insert criterion[:priority], criterion
|
146
146
|
set_priorities
|
@@ -26,22 +26,11 @@
|
|
26
26
|
###
|
27
27
|
module JSS
|
28
28
|
|
29
|
-
#####################################
|
30
|
-
### Module Variables
|
31
|
-
#####################################
|
32
|
-
|
33
|
-
### the master dist. point, see JSS.master_distribution_point
|
34
|
-
@@master_distribution_point = nil
|
35
|
-
|
36
|
-
### the dist point for this machine right now
|
37
|
-
@@my_distribution_point =nil
|
38
|
-
|
39
29
|
#####################################
|
40
30
|
### Module Methods
|
41
31
|
#####################################
|
42
32
|
|
43
33
|
|
44
|
-
|
45
34
|
###
|
46
35
|
### A Distribution Point in the JSS
|
47
36
|
###
|
@@ -96,15 +85,6 @@ module JSS
|
|
96
85
|
|
97
86
|
DEFAULT_MOUNTPOINT_PREFIX = "CasperDistribution-id"
|
98
87
|
|
99
|
-
#####################################
|
100
|
-
### Class Variables
|
101
|
-
#####################################
|
102
|
-
|
103
|
-
@@master_distribution_point = nil
|
104
|
-
|
105
|
-
@@my_distribution_point = nil
|
106
|
-
|
107
|
-
#####################################
|
108
88
|
### Class Methods
|
109
89
|
#####################################
|
110
90
|
|
@@ -112,21 +92,14 @@ module JSS
|
|
112
92
|
### distribution point in the JSS. If there's only one
|
113
93
|
### in the JSS, return it even if not marked as master.
|
114
94
|
###
|
95
|
+
### @param refresh[Boolean] should the distribution point be re-queried?
|
96
|
+
###
|
97
|
+
### @param api[JSS::APIConnection] which API connection should we query?
|
98
|
+
###
|
115
99
|
### @return [JSS::DistributionPoint]
|
116
100
|
###
|
117
|
-
def self.master_distribution_point(refresh = false)
|
118
|
-
|
119
|
-
return @@master_distribution_point if @@master_distribution_point
|
120
|
-
|
121
|
-
case self.all.count
|
122
|
-
when 0
|
123
|
-
raise JSS::NoSuchItemError, "No distribution points defined"
|
124
|
-
when 1
|
125
|
-
@@master_distribution_point = self.new :id => self.all_ids[0]
|
126
|
-
else
|
127
|
-
@@master_distribution_point = self.new :id => :master
|
128
|
-
end
|
129
|
-
@@master_distribution_point
|
101
|
+
def self.master_distribution_point(refresh = false, api: JSS.api)
|
102
|
+
api.master_distribution_point refresh
|
130
103
|
end
|
131
104
|
|
132
105
|
### Get the DistributionPoint instance for the machine running
|
@@ -135,20 +108,12 @@ module JSS
|
|
135
108
|
###
|
136
109
|
### @param refresh[Boolean] should the distribution point be re-queried?
|
137
110
|
###
|
111
|
+
### @param api[JSS::APIConnection] which API connection should we query?
|
112
|
+
###
|
138
113
|
### @return [JSS::DistributionPoint]
|
139
114
|
###
|
140
|
-
def self.my_distribution_point(refresh = false)
|
141
|
-
|
142
|
-
return @@my_distribution_point if @@my_distribution_point
|
143
|
-
|
144
|
-
my_net_seg = JSS::NetworkSegment.my_network_segment[0]
|
145
|
-
specific = if my_net_seg
|
146
|
-
JSS::NetworkSegment.new(:id => my_net_seg).distribution_point
|
147
|
-
else
|
148
|
-
nil
|
149
|
-
end
|
150
|
-
@@my_distribution_point = specific ? self.new(:name => specific) : self.master_distribution_point
|
151
|
-
@@my_distribution_point
|
115
|
+
def self.my_distribution_point(refresh = false, api: JSS.api)
|
116
|
+
api.my_distribution_point refresh
|
152
117
|
end
|
153
118
|
|
154
119
|
#####################################
|
@@ -242,7 +207,6 @@ module JSS
|
|
242
207
|
### @return [String] the ssh password as a SHA256 digest
|
243
208
|
attr_reader :ssh_password_sha256
|
244
209
|
|
245
|
-
###
|
246
210
|
### As well as the standard :id, :name, and :data, you can
|
247
211
|
### instantiate this class with :id => :master, in which case you'll
|
248
212
|
### get the Master Distribution Point as defined in the JSS.
|
@@ -251,14 +215,16 @@ module JSS
|
|
251
215
|
### You can also do this more easily by calling JSS.master_distribution_point
|
252
216
|
###
|
253
217
|
def initialize(args = {})
|
218
|
+
args[:api] ||= JSS.api
|
219
|
+
@api = args[:api]
|
254
220
|
|
255
221
|
@init_data = nil
|
256
222
|
|
257
223
|
### looking for master?
|
258
224
|
if args[:id] == :master
|
259
225
|
|
260
|
-
self.class.all_ids.each do |id|
|
261
|
-
@init_data =
|
226
|
+
self.class.all_ids(api: @api).each do |id|
|
227
|
+
@init_data = @api.get_rsrc("#{RSRC_BASE}/id/#{id}")[RSRC_OBJECT_KEY]
|
262
228
|
if @init_data[:is_master]
|
263
229
|
@id = @init_data[:id]
|
264
230
|
@name = @init_data[:name]
|
@@ -201,15 +201,15 @@ module JSS
|
|
201
201
|
### @see JSS::APIObject#delete
|
202
202
|
###
|
203
203
|
def delete
|
204
|
-
orig_open_timeout =
|
205
|
-
orig_timeout =
|
206
|
-
|
207
|
-
|
204
|
+
orig_open_timeout = @api.cnx.options[:open_timeout]
|
205
|
+
orig_timeout = @api.cnx.options[:timeout]
|
206
|
+
@api.timeout = orig_timeout + 1800
|
207
|
+
@api.open_timeout = orig_open_timeout + 1800
|
208
208
|
begin
|
209
209
|
super
|
210
210
|
ensure
|
211
|
-
|
212
|
-
|
211
|
+
@api.timeout = orig_timeout
|
212
|
+
@api.open_timeout = orig_open_timeout
|
213
213
|
end
|
214
214
|
end
|
215
215
|
|
@@ -333,7 +333,7 @@ module JSS
|
|
333
333
|
begin
|
334
334
|
|
335
335
|
search_class = self.class::TARGET_CLASS::SEARCH_CLASS
|
336
|
-
acs = search_class.new :id => :new, :name => "
|
336
|
+
acs = search_class.new api: @api, :id => :new, :name => "ruby-jss-EA-result-search-#{Time.now.to_jss_epoch}"
|
337
337
|
acs.display_fields = [@name]
|
338
338
|
crit_list = [JSS::Criteriable::Criterion.new(:and_or => "and", :name => @name, :search_type => search_type.to_s, :value => desired_value)]
|
339
339
|
acs.criteria = JSS::Criteriable::Criteria.new crit_list
|
@@ -387,11 +387,11 @@ module JSS
|
|
387
387
|
###
|
388
388
|
def latest_values
|
389
389
|
raise JSS::NoSuchItemError, "EA Not In JSS! Use #create to create this #{self.class::RSRC_OBJECT_KEY}." unless @in_jss
|
390
|
-
tmp_advsrch = "
|
390
|
+
tmp_advsrch = "ruby-jss-EA-latest-search-#{Time.now.to_jss_epoch}"
|
391
391
|
|
392
392
|
begin
|
393
393
|
search_class = self.class::TARGET_CLASS::SEARCH_CLASS
|
394
|
-
acs = search_class.new :
|
394
|
+
acs = search_class.new id: :new, name: tmp_advsrch, api: @api
|
395
395
|
acs.display_fields = self.class::TARGET_CLASS == JSS::User ? [@name, USERNAME_FIELD] : [@name, USERNAME_FIELD, LAST_RECON_FIELD]
|
396
396
|
|
397
397
|
# search for 'Username like "" ' because all searchable object classes have a "Username" value
|
@@ -415,8 +415,11 @@ module JSS
|
|
415
415
|
end #acs.search_results.each
|
416
416
|
|
417
417
|
ensure
|
418
|
-
acs
|
419
|
-
|
418
|
+
if defined? acs
|
419
|
+
acs.delete
|
420
|
+
else
|
421
|
+
search_class.fetch(:name => tmp_advsrch, api: @api).delete if search_class.all_names(:refresh, api: @api).include? tmp_advsrch
|
422
|
+
end
|
420
423
|
end
|
421
424
|
|
422
425
|
results
|
@@ -1,26 +1,26 @@
|
|
1
1
|
### Copyright 2017 Pixar
|
2
2
|
|
3
|
-
###
|
3
|
+
###
|
4
4
|
### Licensed under the Apache License, Version 2.0 (the "Apache License")
|
5
5
|
### with the following modification; you may not use this file except in
|
6
6
|
### compliance with the Apache License and the following modification to it:
|
7
7
|
### Section 6. Trademarks. is deleted and replaced with:
|
8
|
-
###
|
8
|
+
###
|
9
9
|
### 6. Trademarks. This License does not grant permission to use the trade
|
10
10
|
### names, trademarks, service marks, or product names of the Licensor
|
11
11
|
### and its affiliates, except as required to comply with Section 4(c) of
|
12
12
|
### the License and to reproduce the content of the NOTICE file.
|
13
|
-
###
|
13
|
+
###
|
14
14
|
### You may obtain a copy of the Apache License at
|
15
|
-
###
|
15
|
+
###
|
16
16
|
### http://www.apache.org/licenses/LICENSE-2.0
|
17
|
-
###
|
17
|
+
###
|
18
18
|
### Unless required by applicable law or agreed to in writing, software
|
19
19
|
### distributed under the Apache License with the above modification is
|
20
20
|
### distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
21
21
|
### KIND, either express or implied. See the Apache License for the specific
|
22
22
|
### language governing permissions and limitations under the Apache License.
|
23
|
-
###
|
23
|
+
###
|
24
24
|
###
|
25
25
|
|
26
26
|
###
|
@@ -81,10 +81,10 @@ module JSS
|
|
81
81
|
|
82
82
|
### these ext attribs are related to these kinds of objects
|
83
83
|
TARGET_CLASS = JSS::Computer
|
84
|
-
|
84
|
+
|
85
85
|
### A criterion that will return all members of the TARGET_CLASS
|
86
86
|
ALL_TARGETS_CRITERION = JSS::Criteriable::Criterion.new(:and_or => "and", :name => "Username", :search_type => "like", :value => '')
|
87
|
-
|
87
|
+
|
88
88
|
### When the intput type is script, what platforms can they run on?
|
89
89
|
PLATFORMS = ["Mac","Windows"]
|
90
90
|
|
@@ -111,12 +111,12 @@ module JSS
|
|
111
111
|
### scripts defined when the type is "script",
|
112
112
|
### however the API will only return the Mac script info if both are defined.
|
113
113
|
###
|
114
|
-
### @return [String]
|
114
|
+
### @return [String]
|
115
115
|
attr_reader :platform
|
116
116
|
|
117
117
|
### @return [String] the script code that will be executed when the @input_type is "script",
|
118
118
|
attr_reader :script
|
119
|
-
|
119
|
+
|
120
120
|
|
121
121
|
### The scripting language of the @script when @input_type is "script",
|
122
122
|
### and the @platform is "Windows"
|
@@ -246,7 +246,7 @@ module JSS
|
|
246
246
|
@script = new_val
|
247
247
|
@need_to_update = true
|
248
248
|
end #
|
249
|
-
|
249
|
+
|
250
250
|
|
251
251
|
###
|
252
252
|
### Change the scripting_language of this EA.
|
@@ -288,12 +288,12 @@ module JSS
|
|
288
288
|
raise JSS::InvalidConnectionError, "Database connection required for 'history' query." unless JSS::DB_CNX.connected?
|
289
289
|
|
290
290
|
computer_id = case computer
|
291
|
-
when *JSS::Computer.all_ids
|
291
|
+
when *JSS::Computer.all_ids(api: @api)
|
292
292
|
computer
|
293
|
-
when *JSS::Computer.all_names
|
294
|
-
JSS::Computer.map_all_ids_to(:name).invert[computer]
|
293
|
+
when *JSS::Computer.all_names(api: @api)
|
294
|
+
JSS::Computer.map_all_ids_to(:name, api: @api).invert[computer]
|
295
295
|
else nil
|
296
|
-
|
296
|
+
end # case
|
297
297
|
|
298
298
|
raise JSS::NoSuchItemError, "No computer found matching '#{computer}'" unless computer_id
|
299
299
|
|
@@ -323,12 +323,12 @@ module JSS
|
|
323
323
|
|
324
324
|
history
|
325
325
|
end # history
|
326
|
-
|
327
|
-
|
326
|
+
|
327
|
+
|
328
328
|
### Aliases here, since YARD seems to have issues with them above
|
329
329
|
alias code script
|
330
330
|
alias code= script=
|
331
|
-
|
331
|
+
|
332
332
|
######################
|
333
333
|
### Private Instance Methods
|
334
334
|
#####################
|
data/lib/jss/api_object/group.rb
CHANGED
@@ -88,16 +88,16 @@ module JSS
|
|
88
88
|
### Returns an Array of all the smart
|
89
89
|
### groups.
|
90
90
|
###
|
91
|
-
def self.all_smart(refresh = false)
|
92
|
-
|
91
|
+
def self.all_smart(refresh = false, api: JSS.api)
|
92
|
+
all(refresh, api: api).select{|g| g[:is_smart] }
|
93
93
|
end
|
94
94
|
|
95
95
|
###
|
96
96
|
### Returns an Array of all the static
|
97
97
|
### groups.
|
98
98
|
###
|
99
|
-
def self.all_static(refresh = false)
|
100
|
-
|
99
|
+
def self.all_static(refresh = false, api: JSS.api)
|
100
|
+
all(refresh, api: api).select{|g| not g[:is_smart] }
|
101
101
|
end
|
102
102
|
|
103
103
|
#####################################
|
@@ -304,7 +304,7 @@ module JSS
|
|
304
304
|
### @return [Array<Hash>] the refresh membership
|
305
305
|
###
|
306
306
|
def refresh_members
|
307
|
-
@members =
|
307
|
+
@members = @api.get_rsrc(@rest_rsrc)[self.class::RSRC_OBJECT_KEY][self.class::MEMBER_CLASS::RSRC_LIST_KEY]
|
308
308
|
end
|
309
309
|
|
310
310
|
###
|
@@ -315,7 +315,7 @@ module JSS
|
|
315
315
|
### @return [void]
|
316
316
|
###
|
317
317
|
def site= (new_val)
|
318
|
-
raise JSS::NoSuchItemError, "No site named #{new_val} in the JSS" unless JSS::Site.all_names.include? new_val
|
318
|
+
raise JSS::NoSuchItemError, "No site named #{new_val} in the JSS" unless JSS::Site.all_names(api: @api).include? new_val
|
319
319
|
@site = new_val
|
320
320
|
@need_to_update = true
|
321
321
|
end
|
@@ -341,7 +341,7 @@ module JSS
|
|
341
341
|
### @return [Hash{:id=>Integer,:name=>String}] the valid id and name
|
342
342
|
###
|
343
343
|
def check_member(m)
|
344
|
-
potential_members = self.class::MEMBER_CLASS.map_all_ids_to(:name)
|
344
|
+
potential_members = self.class::MEMBER_CLASS.map_all_ids_to(:name, api: @api)
|
345
345
|
if m.to_s =~ /^\d+$/
|
346
346
|
return {:id=>m.to_i, :name=> potential_members[m]} if potential_members.keys.include? m.to_i
|
347
347
|
else
|
@@ -1,26 +1,26 @@
|
|
1
1
|
### Copyright 2017 Pixar
|
2
2
|
|
3
|
-
###
|
3
|
+
###
|
4
4
|
### Licensed under the Apache License, Version 2.0 (the "Apache License")
|
5
5
|
### with the following modification; you may not use this file except in
|
6
6
|
### compliance with the Apache License and the following modification to it:
|
7
7
|
### Section 6. Trademarks. is deleted and replaced with:
|
8
|
-
###
|
8
|
+
###
|
9
9
|
### 6. Trademarks. This License does not grant permission to use the trade
|
10
10
|
### names, trademarks, service marks, or product names of the Licensor
|
11
11
|
### and its affiliates, except as required to comply with Section 4(c) of
|
12
12
|
### the License and to reproduce the content of the NOTICE file.
|
13
|
-
###
|
13
|
+
###
|
14
14
|
### You may obtain a copy of the Apache License at
|
15
|
-
###
|
15
|
+
###
|
16
16
|
### http://www.apache.org/licenses/LICENSE-2.0
|
17
|
-
###
|
17
|
+
###
|
18
18
|
### Unless required by applicable law or agreed to in writing, software
|
19
19
|
### distributed under the Apache License with the above modification is
|
20
20
|
### distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
21
21
|
### KIND, either express or implied. See the Apache License for the specific
|
22
22
|
### language governing permissions and limitations under the Apache License.
|
23
|
-
###
|
23
|
+
###
|
24
24
|
###
|
25
25
|
|
26
26
|
###
|
@@ -49,21 +49,21 @@ module JSS
|
|
49
49
|
### LDAP servers, and checking group membership.
|
50
50
|
###
|
51
51
|
### When an LDAPServer instance is created, if it
|
52
|
-
### uses anonymous binding for lookups (the Authentication Type is set to 'none') then
|
52
|
+
### uses anonymous binding for lookups (the Authentication Type is set to 'none') then
|
53
53
|
### the LDAP connection is established immediately. Otherwise, you must use the {#connect}
|
54
54
|
### method, and provide the appropriate password for the lookup account defined.
|
55
55
|
###
|
56
|
-
### Since LDAP server connections are used to verify the validity of LDAP users & groups used in
|
56
|
+
### Since LDAP server connections are used to verify the validity of LDAP users & groups used in
|
57
57
|
### scopes, if you don't connect to all LDAP servers before modifying any scope's user & group
|
58
58
|
### limitations or exceptions, those new values may not be verifiable. Unverified limitations and
|
59
|
-
### exceptions, when sent to the API, will result in a REST 409 Conflict error if the user or
|
59
|
+
### exceptions, when sent to the API, will result in a REST 409 Conflict error if the user or
|
60
60
|
### group doesn't exist. Unfortunately, 409 Conflict errors are very generic and don't indicate the
|
61
|
-
### source of the problem (in this case, a non-existent user or group limitation or exception to the
|
61
|
+
### source of the problem (in this case, a non-existent user or group limitation or exception to the
|
62
62
|
### scope). The {JSS::Scopable} module tries to catch these errors and raise a more useful
|
63
63
|
### exception when they happen.
|
64
64
|
###
|
65
65
|
### The class method {LDAPServer.all_ldaps} returns a Hash of JSS::LDAPServer instances.
|
66
|
-
### one for each server defined in the JSS.
|
66
|
+
### one for each server defined in the JSS.
|
67
67
|
###
|
68
68
|
### The class methods {LDAPServer.user_in_ldap?} and {LDAPServer.group_in_ldap?} can be
|
69
69
|
### used to check all defined LDAP servers for a user or group. They are used by
|
@@ -76,44 +76,33 @@ module JSS
|
|
76
76
|
###
|
77
77
|
class LDAPServer < JSS::APIObject
|
78
78
|
|
79
|
-
#####################################
|
80
|
-
### Mix-Ins
|
81
|
-
#####################################
|
82
79
|
|
83
|
-
#####################################
|
84
|
-
### Class Variables
|
85
|
-
#####################################
|
86
|
-
|
87
|
-
@@all_ldaps = nil
|
88
|
-
|
89
|
-
#####################################
|
90
80
|
### Class Methods
|
91
81
|
#####################################
|
92
|
-
|
82
|
+
|
83
|
+
### DEPRECATED: Please Use ::all_objects
|
93
84
|
###
|
94
85
|
### @param refresh[Boolean] should the LDAP server data be re-read from the API?
|
95
86
|
###
|
96
87
|
### @return [Hash{String => JSS::LDAPServer}] JSS::LDAPServer instances for all defined servers
|
97
88
|
###
|
98
|
-
def self.all_ldaps(refresh = false)
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
@@all_ldaps = {}
|
103
|
-
JSS::LDAPServer.all.each { |svr| @@all_ldaps[svr[:name]] = JSS::LDAPServer.new(:id =>svr[:id])}
|
104
|
-
|
105
|
-
@@all_ldaps
|
89
|
+
def self.all_ldaps(refresh = false, api: JSS.api)
|
90
|
+
hash = {}
|
91
|
+
all_objects(refresh, api: api) { |ls| hash[ls.name] = s }
|
92
|
+
hash
|
106
93
|
end
|
107
|
-
|
94
|
+
|
108
95
|
###
|
109
96
|
### @param user[String] a username to search for in all LDAP servers
|
110
97
|
###
|
111
98
|
### @return [Boolean] does the user exist in any LDAP server?
|
112
99
|
###
|
113
|
-
def self.user_in_ldap?
|
114
|
-
|
115
|
-
|
116
|
-
|
100
|
+
def self.user_in_ldap?(user, api: JSS.api)
|
101
|
+
all_objects(refresh, api: api).each do |ldap|
|
102
|
+
next if ldap.find_user(user, :exact).empty?
|
103
|
+
return true
|
104
|
+
end
|
105
|
+
false
|
117
106
|
end
|
118
107
|
|
119
108
|
###
|
@@ -121,10 +110,12 @@ module JSS
|
|
121
110
|
###
|
122
111
|
### @return [Boolean] does the group exist in any LDAP server?
|
123
112
|
###
|
124
|
-
def self.group_in_ldap? (group)
|
125
|
-
|
126
|
-
|
127
|
-
|
113
|
+
def self.group_in_ldap? (group, api: JSS.api)
|
114
|
+
all_objects(refresh, api: api).each do |ldap|
|
115
|
+
next if ldap.find_group(group, :exact).empty?
|
116
|
+
return true
|
117
|
+
end
|
118
|
+
false
|
128
119
|
end
|
129
120
|
|
130
121
|
|
@@ -258,10 +249,10 @@ module JSS
|
|
258
249
|
### - :map_user_membership_to_group_field =>
|
259
250
|
###
|
260
251
|
attr_reader :user_group_membership_mappings
|
261
|
-
|
252
|
+
|
262
253
|
### @return [Boolean] we we connected to this server at the moment?
|
263
254
|
attr_reader :connected
|
264
|
-
|
255
|
+
|
265
256
|
#####################################
|
266
257
|
### Constructor
|
267
258
|
#####################################
|
@@ -313,7 +304,7 @@ module JSS
|
|
313
304
|
|
314
305
|
@connection = nil
|
315
306
|
@connected = false
|
316
|
-
|
307
|
+
|
317
308
|
# If we are using anonymous binding, connect now
|
318
309
|
connect if @authentication_type == :anonymous
|
319
310
|
end
|
@@ -333,9 +324,9 @@ module JSS
|
|
333
324
|
### @return [Array<Hash>] The @user_attrs_to_get for all usernames matching the query
|
334
325
|
###
|
335
326
|
def find_user(user, exact = false, additional_filter = nil)
|
336
|
-
|
327
|
+
|
337
328
|
raise JSS::InvalidConnectionError, "Not connected to LDAP server '#{@name}'. Please use #connect first." unless @connected
|
338
|
-
|
329
|
+
|
339
330
|
if @use_wildcards and not exact
|
340
331
|
user_filter = Net::LDAP::Filter.contains(@user_mappings[:map_username], user)
|
341
332
|
else
|
@@ -391,9 +382,9 @@ module JSS
|
|
391
382
|
### @return [Array<Hash>] The @user_group_attrs_to_get for all groups matching the query
|
392
383
|
###
|
393
384
|
def find_group(group, exact = false, additional_filter = nil)
|
394
|
-
|
385
|
+
|
395
386
|
raise JSS::InvalidConnectionError, "Not connected to LDAP server '#{@name}'. Please use #connect first." unless @connected
|
396
|
-
|
387
|
+
|
397
388
|
if @use_wildcards and not exact
|
398
389
|
group_filter = Net::LDAP::Filter.contains(@user_group_mappings[:map_group_name], group)
|
399
390
|
else
|
@@ -448,9 +439,9 @@ module JSS
|
|
448
439
|
### @todo Implement checking groups membership in 'other' ldap area
|
449
440
|
###
|
450
441
|
def check_membership(user, group)
|
451
|
-
|
442
|
+
|
452
443
|
raise JSS::InvalidConnectionError, "Not connected to LDAP server '#{@name}'. Please use #connect first." unless @connected
|
453
|
-
|
444
|
+
|
454
445
|
found_user = find_user(user, :exact)[0]
|
455
446
|
found_group = find_group(group, :exact)[0]
|
456
447
|
|
@@ -492,15 +483,15 @@ module JSS
|
|
492
483
|
### @param pw[String,Symbol] the LDAP connection password for this server. Can be nil if
|
493
484
|
### authentication type is 'none'.
|
494
485
|
### If :prompt, the user is promted on the commandline to enter the password for the :user.
|
495
|
-
### If :stdin#, the password is read from a line of std in represented by the digit at #,
|
496
|
-
### so :stdin3 reads the passwd from the third line of standard input. defaults to line 2,
|
486
|
+
### If :stdin#, the password is read from a line of std in represented by the digit at #,
|
487
|
+
### so :stdin3 reads the passwd from the third line of standard input. defaults to line 2,
|
497
488
|
### if no digit is supplied. see {JSS.stdin}
|
498
489
|
###
|
499
490
|
###
|
500
491
|
### @return [Boolean] did we connect to the LDAP server with the defined credentials
|
501
492
|
###
|
502
493
|
def connect(pw = nil)
|
503
|
-
|
494
|
+
|
504
495
|
unless @authentication_type == :anonymous
|
505
496
|
# how do we get the password?
|
506
497
|
password = if pw == :prompt
|
@@ -513,24 +504,24 @@ module JSS
|
|
513
504
|
else
|
514
505
|
pw
|
515
506
|
end
|
516
|
-
|
517
|
-
|
507
|
+
|
508
|
+
|
518
509
|
raise JSS::InvalidDataError, "Incorrect password for LDAP connection account '#{@lookup_dn}'" unless @lookup_pw_sha256 == Digest::SHA2.new(256).update(password.to_s).to_s
|
519
|
-
end # unless
|
510
|
+
end # unless
|
520
511
|
|
521
512
|
@connection = Net::LDAP.new :host => @hostname, :port => @port, :auth => {:method => @authentication_type, :username => @lookup_dn, :password => password }
|
522
|
-
|
513
|
+
|
523
514
|
@connected = true
|
524
515
|
end # connect
|
525
|
-
|
526
|
-
|
527
|
-
|
516
|
+
|
517
|
+
|
518
|
+
|
528
519
|
###
|
529
520
|
### Aliases
|
530
521
|
###
|
531
|
-
|
522
|
+
|
532
523
|
alias connected? connected
|
533
|
-
|
524
|
+
|
534
525
|
end # class ldap server
|
535
526
|
|
536
527
|
end # module
|