ruby-jss 1.2.4a3 → 1.3.2

data/lib/jamf/api/abstract_classes/generic_reference.rb

@@ -1,4 +1,4 @@
-# Copyright 2019 Pixar
+# Copyright 2020 Pixar
 
 #
 #    Licensed under the Apache License, Version 2.0 (the "Apache License")

data/lib/jamf/api/abstract_classes/json_object.rb

@@ -1,4 +1,4 @@
-# Copyright 2019 Pixar
+# Copyright 2020 Pixar
 #
 #    Licensed under the Apache License, Version 2.0 (the "Apache License")
 #    with the following modification; you may not use this file except in
@@ -482,7 +482,7 @@ module Jamf
     # have an alias without the 'is' so :isManaged will have
     # getters isManaged? and managed?
     #
-    PREDICATE_RE = /^is([A-Z]\w*)$/.freeze
+    PREDICATE_RE = /^is([A-Z]\w+)$/.freeze
 
     # Public Class Methods
     #####################################
@@ -524,7 +524,7 @@ module Jamf
     #
     def self.attr_key_for_alias(als)
       validate_not_abstract
-      self::OBJECT_MODEL.each { |k, deets| return k if k == als || deets[:aliases]&.include?(als) }
+      self::OBJECT_MODEL.each { |k, deets| return k if k == als || deets[:aliases].to_a.include?(als) }
       nil
     end
 
@@ -575,10 +575,11 @@ module Jamf
       else
         define_method(attr_name) { instance_variable_get("@#{attr_name}") }
 
-        # all booleans get a predicate alias
-        alias_method("#{attr_name}?", attr_name) if attr_def[:class] == :boolean
       end
 
+      # all booleans get predicate aliases
+      define_predicates(attr_name) if attr_def[:class] == :boolean
+
       return unless attr_def[:aliases]
 
       # aliases
@@ -586,6 +587,15 @@ module Jamf
     end # create getters
     private_class_method :create_getters
 
+    # create the default aliases for booleans
+    ##############################
+    def self.define_predicates(attr_name)
+      alias_method("#{attr_name}?", attr_name)
+      return unless attr_name.to_s =~ PREDICATE_RE
+
+      alias_method("#{Regexp.last_match(1).downcase}?", attr_name)
+    end
+
     # create setter(s) for an attribute, and any aliases needed
     ##############################
     def self.create_setters(attr_name, attr_def)
@@ -727,7 +737,7 @@ module Jamf
 
       attr_def[:aliases].each { |al| alias_method "#{al}_delete_if", "#{attr_name}_delete_if" }
     end # create_insert_setters
-    private_class_method :create_delete_at_setters
+    private_class_method :create_delete_if_setters
 
     # Raise an exception if this is an abstract class
     # Used in class methods that are defined in abstract classes.
@@ -762,13 +772,9 @@ module Jamf
     #
     # Otherwise, the value is returned unchanged.
     #
-    # If the attribute is defined as an identifier, it must be unique among
-    # the other objects of this subclass in the JSS.
-    #
     # This method only validates single values. When called from multi-value
     # setters, it is used for each value individually.
     #
-    #
     # @param attr_name[Symbol], a top-level key from OBJECT_MODEL for this class
     #
     # @param value [Object] the value to validate for that attribute.

data/lib/jamf/api/abstract_classes/prestage.rb

@@ -1,4 +1,4 @@
-# Copyright 2019 Pixar
+# Copyright 2020 Pixar
 
 #
 #    Licensed under the Apache License, Version 2.0 (the "Apache License")
@@ -235,17 +235,17 @@ module Jamf
     #
     def self.serials_for_prestage(prestage_ident, refresh = false, cnx: Jamf.cnx)
       id = valid_id prestage_ident, cnx: cnx
-      raise Jamf::NoSuchItemError, "No #{self} matching '#{ident}'" unless id
+      raise Jamf::NoSuchItemError, "No #{self} matching '#{prestage_ident}'" unless id
 
       serials_by_prestage_id(refresh, cnx: cnx).select { |_sn, psid| id == psid }.keys
     end
 
     # The id of the prestage to which the given serialNumber is assigned.
-    # nil if not assigned
+    # nil if not assigned or not in DEP.
     #
     # NOTE: If a serial number isn't assigned to any prestage, it may really be
-    # unassigned or it may not exist in your DEP. At the moment there's no way
-    # via the JP-API to know the SNs in DEP that are not assigned
+    # unassigned or it may not exist in your DEP. To see if a SN exists in one
+    # of your Device Enrollment instances, use Jamf::DeviceEnrollment.include?
     #
     # @param sn [String] the serial number to look for
     #
@@ -263,8 +263,8 @@ module Jamf
     # given prestage if a prestage_ident is specified?
     #
     # NOTE: If a serial number isn't assigned to any prestage, it may really be
-    # unassigned or it may not exist in your DEP. At the moment there's no way
-    # via the JP-API to know the SNs in DEP but not assigned
+    # unassigned or it may not exist in your DEP. To see if a SN exists in one
+    # of your Device Enrollment instances, use Jamf::DeviceEnrollment.include?
     #
     # @param sn [String] the serial number to look for
     #
@@ -283,10 +283,10 @@ module Jamf
       return false unless assigned_id
 
       if prestage_ident
-        id = valid_id prestage_ident, cnx: cnx
-        raise Jamf::NoSuchItemError, "No #{self} matching '#{prestage_ident}'" unless id
+        psid = valid_id prestage_ident, cnx: cnx
+        raise Jamf::NoSuchItemError, "No #{self} matching '#{prestage_ident}'" unless psid
 
-        return id == assigned_id
+        return psid == assigned_id
       end
 
       true
@@ -305,13 +305,84 @@ module Jamf
       Jamf::DeviceEnrollment.device_sns(type: type, cnx: cnx) - serials_by_prestage_id(:refresh, cnx: cnx).keys
     end
 
-    # @return [Array<String>] The serial numbers of devices that are not in DEP
+    # @return [Array<String>] The serial numbers of known hardware not in DEP
     #   at all
     def self.sns_not_in_device_enrollment
       # type = self == Jamf::MobileDevicePrestage ? :mobiledevices : :computers
-      nil # TODO: this, once MobileDevice is implemented
+      nil # TODO: this, once MobileDevice  & Computer classes are implemented
     end
 
+    # Assign one or more serialNumber to a prestage
+    # @return [Jamf::PrestageScope] the new scope for the prestage
+    def self.assign(*sns_to_assign, to_prestage:, cnx: Jamf.cnx)
+      prestage_id = valid_id to_prestage
+      raise Jamf::NoSuchItemError, "No #{self} matching '#{to_prestage}'" unless prestage_id
+
+      # all sns_to_assign must be in DEP
+      not_in_dep = sns_to_assign - Jamf::DeviceEnrollment.device_sns
+      raise Jamf::UnsupportedError, "These SNs are not in any Device Enrollment instance: #{not_in_dep.join ', '}" unless not_in_dep.empty?
+
+      # all sns_to_assign must currently be unassigned.
+      already_assigned = sns_to_assign - unassigned_sns
+      raise Jamf::UnsupportedError, "These SNs are already assigned to a prestage: #{already_assigned.join ', '}" unless already_assigned.empty?
+
+      # upcase all sns
+      sns_to_assign.map!(&:to_s)
+      sns_to_assign.map!(&:upcase)
+
+      # get the prestage name
+      prestage_name = map_all(:id, to: :displayName)[prestage_id]
+
+      scope_rsrc = "#{self::RSRC_VERSION}/#{self::RSRC_PATH}/#{prestage_id}/#{SCOPE_RSRC}"
+      scope = Jamf::PrestageScope.new cnx.get(scope_rsrc)
+
+      # add the new sns to the existing ones
+      new_scope_sns = scope.assignments.map(&:serialNumber)
+      new_scope_sns += sns_to_assign
+      new_scope_sns.uniq!
+
+      update_scope(prestage_name, scope_rsrc, new_scope_sns, scope.versionLock, cnx)
+    end # self.assign
+
+    # Unassign one or more serialNumber from a prestage
+    # @return [Jamf::PrestageScope] the new scope for the prestage
+    def self.unassign(*sns_to_unassign, from_prestage:, cnx: Jamf.cnx)
+      prestage_id = valid_id from_prestage
+      raise Jamf::NoSuchItemError, "No #{self} matching '#{from_prestage}'" unless prestage_id
+
+      # upcase all sns
+      sns_to_unassign.map!(&:to_s)
+      sns_to_unassign.map!(&:upcase)
+
+      # get the prestage name
+      prestage_name = map_all(:id, to: :displayName)[prestage_id]
+
+      scope_rsrc = "#{self::RSRC_VERSION}/#{self::RSRC_PATH}/#{prestage_id}/#{SCOPE_RSRC}"
+      scope = Jamf::PrestageScope.new cnx.get(scope_rsrc)
+
+      new_scope_sns = scope.assignments.map(&:serialNumber)
+      new_scope_sns -= sns_to_unassign
+
+      update_scope(prestage_name, scope_rsrc, new_scope_sns, scope.versionLock, cnx)
+    end # self.unassign
+
+    # Provate Class Methods
+    #####################################
+
+    # used by assign and unassign
+    def self.update_scope(prestage_name, scope_rsrc, new_scope_sns, vlock, cnx)
+      assignment_data = {
+        serialNumbers: new_scope_sns,
+        versionLock: vlock
+      }
+      Jamf::PrestageScope.new cnx.put(scope_rsrc, assignment_data)
+    rescue Jamf::Connection::APIError => e
+      raise Jamf::VersionLockError, "The #{self} '#{prestage_name}' was modified by another process during this operation. Please try again" if e.status == 409
+
+      raise e
+    end
+    private_class_method :update_scope
+
     # Instance Methods
     #####################################
 
@@ -351,19 +422,24 @@ module Jamf
 
     # Assign
     def assign(*sns_to_assign)
-      sns_to_assign.map!(&:to_s)
-      new_scope_sns = assigned_sns
-      new_scope_sns += sns_to_assign
-      new_scope_sns.uniq!
-      update_scope(new_scope_sns)
+      @scope = self.class.assign(sns_to_assign, to_prestage: @id, cnx: @cnx)
+      @versionLock = @scope.versionLock
+
+      # sns_to_assign.map!(&:to_s)
+      # new_scope_sns = assigned_sns
+      # new_scope_sns += sns_to_assign
+      # new_scope_sns.uniq!
+      # update_scope(new_scope_sns)
     end
     alias add assign
 
     def unassign(*sns_to_unassign)
-      sns_to_unassign.map!(&:to_s)
-      new_scope_sns = assigned_sns
-      new_scope_sns -= sns_to_unassign
-      update_scope(new_scope_sns)
+      @scope = self.class.unassign(sns_to_unassign, from_prestage: @id, cnx: @cnx)
+      @versionLock = @scope.versionLock
+      # sns_to_unassign.map!(&:to_s)
+      # new_scope_sns = assigned_sns
+      # new_scope_sns -= sns_to_unassign
+      # update_scope(new_scope_sns)
     end
     alias remove unassign
 
@@ -382,20 +458,20 @@ module Jamf
       @scope_rsrc ||= "#{self.class::RSRC_VERSION}/#{self.class::RSRC_PATH}/#{@id}/#{SCOPE_RSRC}"
     end
 
-    def update_scope(new_scope_sns)
-      assignment_data = {
-        serialNumbers: new_scope_sns,
-        versionLock: @scope.versionLock
-      }
-      begin
-        @scope = Jamf::PrestageScope.new @cnx.put(scope_rsrc, assignment_data)
-      rescue Jamf::Connection::APIError => e
-        raise Jamf::VersionLockError, "The #{self.class} '#{name}' has been modified since it was fetched. Please refetch and try again" if e.status == 409
-
-        raise e
-      end # begin
-      @versionLock = @scope.versionLock
-    end
+    # def update_scope(new_scope_sns)
+    #   assignment_data = {
+    #     serialNumbers: new_scope_sns,
+    #     versionLock: @scope.versionLock
+    #   }
+    #   begin
+    #     @scope = Jamf::PrestageScope.new @cnx.put(scope_rsrc, assignment_data)
+    #   rescue Jamf::Connection::APIError => e
+    #     raise Jamf::VersionLockError, "The #{self.class} '#{name}' has been modified since it was fetched. Please refetch and try again" if e.status == 409
+    #
+    #     raise e
+    #   end # begin
+    #   @versionLock = @scope.versionLock
+    # end
 
   end # class
 

data/lib/jamf/api/abstract_classes/prestage_skip_setup_items.rb

@@ -1,4 +1,4 @@
-# Copyright 2019 Pixar
+# Copyright 2020 Pixar
 
 #
 #    Licensed under the Apache License, Version 2.0 (the "Apache License")

data/lib/jamf/api/abstract_classes/resource.rb

@@ -1,4 +1,4 @@
-# Copyright 2019 Pixar
+# Copyright 2020 Pixar
 
 #
 #    Licensed under the Apache License, Version 2.0 (the "Apache License")

data/lib/jamf/api/abstract_classes/singleton_resource.rb

@@ -1,4 +1,4 @@
-# Copyright 2019 Pixar
+# Copyright 2020 Pixar
 
 #
 #    Licensed under the Apache License, Version 2.0 (the "Apache License")

data/lib/jamf/api/attribute_classes/ip_address.rb

@@ -1,4 +1,4 @@
-# Copyright 2019 Pixar
+# Copyright 2020 Pixar
 
 #
 #    Licensed under the Apache License, Version 2.0 (the "Apache License")

data/lib/jamf/api/attribute_classes/timestamp.rb

@@ -1,4 +1,4 @@
-# Copyright 2019 Pixar
+# Copyright 2020 Pixar
 
 #
 #    Licensed under the Apache License, Version 2.0 (the "Apache License")

data/lib/jamf/api/connection.rb

@@ -1,4 +1,4 @@
-# Copyright 2019 Pixar
+# Copyright 2020 Pixar
 
 #
 #    Licensed under the Apache License, Version 2.0 (the "Apache License")
@@ -48,7 +48,7 @@ module Jamf
     RSRC_BASE = 'uapi'.freeze
 
     # The API version must be this or higher
-    MIN_API_VERSION = Gem::Version.new('1.0')
+    MIN_JAMF_VERSION = Gem::Version.new('10.15.0')
 
     HTTPS_SCHEME = 'https'.freeze
 
@@ -77,17 +77,17 @@ module Jamf
     DFT_SSL_VERSION = 'TLSv1_2'.freeze
 
     # refresh token if less than this many seconds until
-    # expiration. Default is 30 minutes if not specified
-    DFT_TOKEN_REFRESH = 60 * 30
+    # expiration. Default is 5 minutes if not specified
+    DFT_TOKEN_REFRESH = 300
 
     # pre-existing tokens must have this many seconds before
     # before they expire
     TOKEN_REUSE_MIN_LIFE = 60
 
-    HTTP_ACCEPT_HEADER = 'Accept'
-    HTTP_CONTENT_TYPE_HEADER = 'Content-Type'
+    HTTP_ACCEPT_HEADER = 'Accept'.freeze
+    HTTP_CONTENT_TYPE_HEADER = 'Content-Type'.freeze
 
-    MIME_JSON = 'application/json'
+    MIME_JSON = 'application/json'.freeze
 
     SLASH = '/'.freeze
 
@@ -111,6 +111,7 @@ module Jamf
       @login_time
       @keep_alive
       @token_refresh
+      @pw_fallback
     ].freeze
 
     # Attributes
@@ -140,6 +141,10 @@ module Jamf
     # @return [String, nil]
     attr_reader :base_url
 
+    # @return [Boolean] if token refresh/keepaliave fails, try to get a new one
+    # with the passwd used with .connect. Defaults to true
+    attr_reader :pw_fallback
+
     # @return [Boolean]
     attr_reader :connected
     alias connected? connected
@@ -227,14 +232,13 @@ module Jamf
     # ### Tokens
     # Instead of a user and password, you may specify a valid 'token:', either:
     #
-    # A Jamf::Connection::Token object, which  can be extracted from an active
+    # A Jamf::Connection::Token object, which can be extracted from an active
     # Jamf::Connection via its #token method
     #
     # or
     #
     # A token string e.g. "eyJhdXR...6EKoo" from any source can also be used.
     #
-    #
     # Any values available via Jamf.config will be used if they are not provided
     # in the parameters.
     #
@@ -251,6 +255,19 @@ module Jamf
     #
     # @param token: [Jamf::Connection::Token, String] An existing, valid token.
     #   When used, there's no need to provide user: or pw:.
+    #   NOTE if using pw_fallback:true (the default) while providing a token
+    #   you will also need to provide the password for the token user in the pw:
+    #   parameter, or be prompted for it. If you don't have the pw for the
+    #   token user, be sure to set pw_fallback to false.
+    #
+    # @param token_refresh: [Integer] Refresh the token this many seconds before
+    #   it expires. Must be >= DFT_TOKEN_REFRESH
+    #
+    # @pararm pw_fallback: [Boolean] Default is true. Use the password provided
+    #   to refresh the token if regular refresh doesn't work (e.g. token is expired).
+    #   NOTE: This causes the password to be kept in memory. If you don't want
+    #   this, explicitly set pw_fallback to false, however long-running processes
+    #   may lose connection if token refresh fails for any reason.
     #
     # @param open_timeout: [Integer] The number of seconds for initial contact
     #   with the host.
@@ -268,7 +285,8 @@ module Jamf
       # This sets all the instance vars to nil, and flushes/creates the caches
       disconnect
 
-      # This sets @token, and adds host, port, user to params from a Token object
+      # If there's a Token object in :token, this sets @token,
+      # and adds host, port, user from that token
       parse_token params
 
       # Get host, port, user and pw from a URL, add to params if needed
@@ -277,6 +295,8 @@ module Jamf
       # apply defaults from config, client, and then this class.
       apply_connection_defaults params
 
+      # Once we're here, all params have been parsed & defaulted into the
+      # params hash, so
       # make sure we have the minimum needed params for a connection
       verify_basic_params params
 
@@ -285,15 +305,20 @@ module Jamf
 
       # if no @token already, get one from from
       # either a token string or a pw
-      @token ||=
+      unless @token
         if params[:token].is_a? String
-          tk = token_from :token_string, params[:token]
+          @token = token_from :token_string, params[:token]
           # get the user from the token
-          @user = tk.user
-          tk
+          @user = @toke.user
+          # if @pw_fallback, the pw must be acquired, since it isn't in
+          # the token
+          @pw = acquire_password(params[:pw]) if @pw_fallback
         else
-          token_from :pw, acquire_password(params[:pw])
+          pw = acquire_password(params[:pw])
+          @token = token_from :pw, pw
+          @pw = pw if @pw_fallback
         end
+      end
 
       # Now get some values from our token
       @base_url = @token.base_url
@@ -303,46 +328,56 @@ module Jamf
       @rest_cnx = create_connection
 
       # make sure versions are good
-      validate_api_version
+      validate_jamf_version
 
       @connected = true
 
       # start keepalive if needed
-      @keep_alive = params[:keep_alive].nil? ? false : params[:keep_alive]
       start_keep_alive if @keep_alive
 
       # return our string output
       to_s
     end # connect
 
+    # reset all values to nil or empty
     def disconnect
-      # reset everything except the name & timeouts
       @connected = false
+      @name = NOT_CONNECTED
       @login_time = nil
+
+      stop_keep_alive
+
       @host = nil
       @port = nil
       @user = nil
-      @token = nil
+      @timeout = nil
+      @open_timeout = nil
       @base_url = nil
+      @token = nil
       @rest_cnx = nil
       @ssl_options = {}
       @keep_alive = nil
+      @token_refresh = nil
+      @pw_fallback = nil
+      @pw = nil
+
       flushcache
     end
 
-    # Same as disconnect, but invalidates the token
+    # Same as disconnect, but invalidates the token on the server first
     def logout
       @token.destroy
       disconnect
     end
 
+    # Get a resource
     def get(rsrc)
       validate_connected
       resp = @rest_cnx.get rsrc
       @last_http_response = resp
       return resp.body if resp.success?
 
-      raise Jamf::Connection::APIError.new(resp)
+      raise Jamf::Connection::APIError, resp
     end
 
     # GET a rsrc without doing any JSON parsing, using
@@ -353,7 +388,7 @@ module Jamf
       @last_http_response = resp
       return resp.body if resp.success?
 
-      raise Jamf::Connection::APIError.new(resp)
+      raise Jamf::Connection::APIError, resp
     end
 
     def post(rsrc, data)
@@ -364,7 +399,7 @@ module Jamf
       @last_http_response = resp
       return resp.body if resp.success?
 
-      raise Jamf::Connection::APIError.new(resp)
+      raise Jamf::Connection::APIError, resp
     end
 
     def put(rsrc, data)
@@ -375,7 +410,7 @@ module Jamf
       @last_http_response = resp
       return resp.body if resp.success?
 
-      raise Jamf::Connection::APIError.new(resp)
+      raise Jamf::Connection::APIError, resp
     end
 
     def patch(rsrc, data)
@@ -386,7 +421,7 @@ module Jamf
       @last_http_response = resp
       return resp.body if resp.success?
 
-      raise Jamf::Connection::APIError.new(resp)
+      raise Jamf::Connection::APIError, resp
     end
 
     def delete(rsrc)
@@ -395,7 +430,7 @@ module Jamf
       @last_http_response = resp
       return resp.body if resp.success?
 
-      raise Jamf::Connection::APIError.new(resp)
+      raise Jamf::Connection::APIError, resp
     end
 
     # A useful string about this connection
@@ -403,13 +438,50 @@ module Jamf
     # @return [String]
     #
     def to_s
-      "Jamf::Connection: https://#{@user}@#{@host}:#{@port}"
+      str =
+        if connected?
+          "#{@base_url}, Token expires: #{@token ? @token.expires : '<token missing>'}"
+        else
+          NOT_CONNECTED
+        end
+      "Jamf::Connection '#{@name == NOT_CONNECTED ? object_id : @name}': #{str}"
+    end
+
+    # Reset the name
+    def name=(new_name)
+      @name = new_name.to_s
     end
 
+    # Are we keeping the connection alive?
     def keep_alive?
-      !@keep_alive_thread.nil?
+      return false unless @keep_alive_thread
+
+      @keep_alive_thread.alive?
+    end
+
+    # @return [Jamf::Timestamp, nil]
+    def next_refresh
+      return unless keep_alive?
+
+      @token.expires - @token_refresh
+    end
+
+    # @return [Float, nil]
+    def secs_to_refresh
+      return unless keep_alive?
+
+      next_refresh - Time.now
     end
 
+    # @return [String, nil] e.g. "1 week 6 days 23 hours 49 minutes 56 seconds"
+    def time_to_refresh
+      return unless keep_alive?
+      return 0 if secs_to_refresh.negative?
+
+      Jamf.humanize_secs secs_to_refresh
+    end
+
+    # Turn keepalive on or offs
     def keep_alive=(bool)
       bool ? start_keep_alive : stop_keep_alive
     end
@@ -422,8 +494,12 @@ module Jamf
       @token_refresh = secs
     end
 
-    def api_version
-      @token.api_version
+    def jamf_version
+      @token.jamf_version
+    end
+
+    def jamf_build
+      @token.jamf_build
     end
 
     # Flush the collection and/or ea cache for the given class,
@@ -458,18 +534,17 @@ module Jamf
     ####################################
     private
 
-
     # raise exception if not connected
     def validate_connected
       raise Jamf::InvalidConnectionError, 'Not Connected. Use .connect first.' unless connected?
     end
 
     # raise exception if API version is too low.
-    def validate_api_version
-      vers = api_version
-      return if Gem::Version.new(vers) >= MIN_API_VERSION
+    def validate_jamf_version
+      vers = jamf_version
+      return if Gem::Version.new(vers) >= MIN_JAMF_VERSION
 
-      raise Jamf::InvalidConnectionError, "API version '#{vers}' too low, must be >= '#{MIN_API_VERSION}'"
+      raise Jamf::InvalidConnectionError, "API version '#{vers}' too low, must be >= '#{MIN_JAMF_VERSION}'"
     end
 
     #####  Parse Params
@@ -499,7 +574,7 @@ module Jamf
       raise "Cannot use token: it expires in less than #{TOKEN_REUSE_MIN_LIFE} seconds" if token.secs_remaining < TOKEN_REUSE_MIN_LIFE
     end
 
-    # Get host, port, user and pw from a URL, unless they are already in the params
+    # Get host, port, user and pw from a URL, overriding any already in the params
     #
     # @return [String, nil] the pw if present
     #
@@ -509,27 +584,29 @@ module Jamf
       url = URI.parse url.to_s
       raise ArgumentError, 'Invalid url, scheme must be https' unless url.scheme == HTTPS_SCHEME
 
-      params[:host] ||= url.host
-      params[:port] ||= url.port
-      params[:user] ||= url.user if url.user
-      params[:pw] ||= url.password if url.password
+      params[:host] = url.host
+      params[:port] = url.port
+      params[:user] = url.user if url.user
+      params[:pw] = url.password if url.password
     end
 
-    # Apply defaults from the Jamf.config,
-    # then from the Jamf::Client,
+    # Apply defaults to the unset params for the #connect method
+    # First apply them from from the Jamf.config,
+    # then from the Jamf::Client (read from the jamf binary config),
     # then from the Jamf module defaults
-    # to the unset params for the #connect method
     #
     # @param params[Hash] The params for #connect
     #
     # @return [Hash] The params with defaults applied
     #
     def apply_connection_defaults(params)
-      # if no port given, either directly or via URL, and the host
-      # is a jamfcloud host, always set the port to 443
-      # This should happen before the config is applied, so
-      # on-prem users can still get to jamfcoud without specifying the port
-      params[:port] = JAMFCLOUD_PORT if params[:port].nil? && params[:host].to_s.end_with?(JAMFCLOUD_DOMAIN)
+      # must have a host, but accept legacy :server as well as :host
+      params[:host] ||= params[:server]
+
+      # if we have no port set by this point, set to cloud port
+      # if host is a cloud host. But leave port nil for other hosts
+      # (will be set via client defaults or module defaults)
+      params[:port] ||= JAMFCLOUD_PORT if params[:host].to_s.end_with?(JAMFCLOUD_DOMAIN)
 
       apply_defaults_from_config(params)
 
@@ -583,11 +660,12 @@ module Jamf
     # @return [Hash] The params with defaults applied
     #
     def apply_module_defaults(params)
-      # if we have no port set by this point, assume on-prem
+      # if we have no port set by this point, assume on-prem.
       params[:port] ||= ON_PREM_SSL_PORT
       params[:timeout] ||= DFT_TIMEOUT
       params[:open_timeout] ||= DFT_OPEN_TIMEOUT
       params[:ssl_version] ||= DFT_SSL_VERSION
+      params[:token_refresh] ||= DFT_TOKEN_REFRESH
       # if we have a TTY, pw defaults to :prompt
       params[:pw] ||= :prompt if STDIN.tty?
     end
@@ -603,32 +681,38 @@ module Jamf
       # and is already parsed
       return if @token
 
-      # must have a host, but accept legacy :server as well as :host
-      params[:host] ||= params[:server]
+      # must have a host
       raise Jamf::MissingDataError, 'No Jamf :host specified, or in configuration.' unless params[:host]
 
       # no need for user or pass if using a token string
       return if params[:token].is_a? String
 
+      # must have user and pw
       raise Jamf::MissingDataError, 'No Jamf :user specified, or in configuration.' unless params[:user]
       raise Jamf::MissingDataError, "No :pw specified for user '#{params[:user]}'" unless params[:pw]
     end
 
+    # Turn the connection parameters into instance vars
     def parse_connect_params(params)
       @host = params[:host]
       @port = params[:port]
-      @port ||= @host.end_with?(JAMFCLOUD_DOMAIN) ? JAMFCLOUD_PORT : ON_PREM_SSL_PORT
       @user = params[:user]
-      @token_refresh = params[:token_refresh] || DFT_TOKEN_REFRESH
-      @timeout = params[:timeout] || DFT_TIMEOUT
-      @open_timeout = params[:open_timeout] || DFT_TIMEOUT
+
+      @keep_alive = params[:keep_alive].nil? ? false : params[:keep_alive]
+      @pw_fallback = params[:pw_fallback].nil? ? true : params[:pw_fallback]
+      @token_refresh = params[:token_refresh].to_i
+
+      @timeout = params[:timeout]
+      @open_timeout = params[:open_timeout]
       @base_url = URI.parse "https://#{@host}:#{@port}/#{RSRC_BASE}"
+
       # ssl opts for faraday
       # TODO: implement all of faraday's options
       @ssl_options = {
         verify: params[:verify_cert],
         version: params[:ssl_version]
       }
+
       @name = "#{@user}@#{@host}:#{@port}" if @name == NOT_CONNECTED
     end
 
@@ -659,16 +743,18 @@ module Jamf
     # @return [String] The password for the connection
     #
     def acquire_password(param_pw)
-      if param_pw == :prompt
-        Jamf.prompt_for_password "Enter the password for Jamf user #{@user}@#{@host}:"
-      elsif param_pw.is_a?(Symbol) && param_pw.to_s.start_with?('stdin')
-        param_pw.to_s =~ /^stdin(\d+)$/
-        line = Regexp.last_match(1)
-        line ||= 1
-        Jamf.stdin line
-      else
-        param_pw
-      end # if
+      pw =
+        if param_pw == :prompt
+          Jamf.prompt_for_password "Enter the password for Jamf user #{@user}@#{@host}:"
+        elsif param_pw.is_a?(Symbol) && param_pw.to_s.start_with?('stdin')
+          param_pw.to_s =~ /^stdin(\d+)$/
+          line = Regexp.last_match(1)
+          line ||= 1
+          Jamf.stdin line
+        else
+          param_pw
+        end # if
+      pw
     end # acquire pw
 
     # create the faraday connection object
@@ -702,9 +788,16 @@ module Jamf
         Thread.new do
           loop do
             sleep 60
-            next if @token.secs_remaining > @token_refresh
-
-            @token.keep_alive
+            begin
+              next if @token.secs_remaining > @token_refresh
+
+              @token.refresh @pw
+              # make sure faraday uses the new token
+              @rest_cnx.headers[:authorization] = @token.auth_token
+            rescue
+              # TODO: Some kind of error reporting
+              next
+            end
           end # loop
         end # thread
     end
@@ -717,7 +810,7 @@ module Jamf
     def stop_keep_alive
       return unless @keep_alive_thread
 
-      @keep_alive_thread.kill
+      @keep_alive_thread.kill if @keep_alive_thread.alive?
       @keep_alive_thread = nil
     end
 
@@ -763,4 +856,8 @@ module Jamf
     @active_connection = connection
   end
 
+  def self.disconnect
+    @active_connection.disconnect if @active_connection
+  end
+
 end # module Jamf