ruby-jss 1.4.1 → 1.6.0

data/lib/jamf/client/management_action.rb

@@ -94,7 +94,7 @@ module JSS
     #
     def self.set_mgmt_action_ncprefs_flags(user, flags, hup: true)
       plist = Pathname.new "/Users/#{user}/Library/Preferences/#{NCPREFS_DOMAIN}.plist"
-      prefs = JSS.parse_plist plist
+      prefs = Jamf.parse_plist plist
       mgmt_action_setting = prefs['apps'].select { |a| a['bundle-id'] == MGMT_ACTION_BUNDLE_ID }.first
       if mgmt_action_setting
         orig_flags = mgmt_action_setting['flags']
@@ -103,8 +103,7 @@ module JSS
         orig_flags = flags
         prefs['apps'] << { 'bundle-id' => MGMT_ACTION_BUNDLE_ID, 'flags' => flags }
       end
-      # system "/usr/bin/defaults write #{NCPREFS_DOMAIN} '#{prefs.to_plist}'"
-      plist.open('w') { |f| f.write prefs.to_plist }
+      plist.open('w') { |f| f.write Jamf.xml_plist_from(prefs) }
       system HUP_NOTIF_CTR_CMD if hup
       orig_flags
     end

data/lib/jamf/composer.rb

@@ -126,7 +126,7 @@ module Jamf
       ###
       comp_plist_out = Pathname.new "/tmp/#{PKG_BUNDLE_ID_PFX}-#{pkg_filename}.plist"
       system "#{PKGBUILD} --analyze --root '#{root}' '#{comp_plist_out}'"
-      comp_plist = Plist.parse_xml comp_plist_out.read
+      comp_plist = Jamf.parse_plist comp_plist_out
 
       ### if the plist is empty, there are no bundles in the pkg
       if comp_plist[0].nil?
@@ -141,7 +141,7 @@ module Jamf
           bndl['BundleHasStrictIdentifier'] = false
         end
         ### write out the edits
-        comp_plist_out.open('w') { |f| f.write comp_plist.to_plist }
+        comp_plist_out.open('w') { |f| f.write Jamf.xml_plist_from(comp_plist) }
         comp_plist_arg = "--component-plist '#{comp_plist_out}'"
       end
 

data/lib/jamf/utility.rb

@@ -187,19 +187,26 @@ module Jamf
     { stringform: valstr, arrayform: valarr }
   end # to_s_and_a
 
-  # Parse a plist into a Ruby data structure.
-  # This enhances Plist::parse_xml taking file paths, as well as XML Strings
-  # and reading the files regardless of binary/XML format.
+  # Parse a plist into a Ruby data structure. The plist parameter may be
+  # a String containing an XML plist, or a path to a plist file, or it may be
+  # a Pathname object pointing to a plist file. The plist files may be XML or
+  # binary.
   #
   # @param plist[Pathname, String] the plist XML, or the path to a plist file
   #
+  # @param symbol_keys[Boolean] should any Hash keys in the result be converted
+  #   into Symbols rather than remain as Strings?
+  #
   # @return [Object] the parsed plist as a ruby hash,array, etc.
   #
-  def self.parse_plist(plist)
+  def self.parse_plist(plist, symbol_keys: false)
+    require 'cfpropertylist'
+
     # did we get a string of xml, or a string pathname?
     case plist
     when String
-      return Plist.parse_xml plist if plist.include? '</plist>'
+      return CFPropertyList.native_types(CFPropertyList::List.new(data: plist).value, symbol_keys) if plist.include? '</plist>'
+
       plist = Pathname.new plist
     when Pathname
       true
@@ -208,11 +215,32 @@ module Jamf
     end # case plist
 
     # if we're here, its a Pathname
-    raise Jamf::MissingDataError, "No such file: #{plist}" unless plist.file?
+    raise JSS::MissingDataError, "No such file: #{plist}" unless plist.file?
 
-    Plist.parse_xml `/usr/libexec/PlistBuddy -x -c print #{Shellwords.escape(plist.to_s)}`.force_encoding('UTF-8')
+    CFPropertyList.native_types(CFPropertyList::List.new(file: plist).value, symbol_keys)
   end # parse_plist
 
+  # Convert any ruby data to an XML plist.
+  #
+  # NOTE: Binary data is tricky. Easiest way is to pass in a
+  # Pathname or IO object (anything that responds to `read` and
+  # returns a bytestring)
+  # and then the CFPropertyList.guess method will read it and
+  # convert it to a Plist <data> element with base64 encoded
+  # data.
+  # For more info, see CFPropertyList.guess
+  #
+  # @param data [Object] the data to be converted, usually a Hash
+  #
+  # @return [String] the object converted into an XML plist
+  #
+  def self.xml_plist_from(data)
+    require 'cfpropertylist'
+    plist = CFPropertyList::List.new
+    plist.value = CFPropertyList.guess(data, convert_unknown_to_string: true)
+    plist.to_str(CFPropertyList::List::FORMAT_XML)
+  end
+
   # TODO: Sill needed in Jamf API?
   #
   # Converts anything that responds to #to_s to a Time, or nil

data/lib/jamf/validate.rb

@@ -37,7 +37,7 @@ module Jamf
   module Validate
 
     # The regular expression that matches a valid MAC address.
-    MAC_ADDR_RE = /^[a-f0-9]{2}(:[a-f0-9]{2}){5}$/i
+    MAC_ADDR_RE = /^[a-f0-9]{2}(:[a-f0-9]{2}){5}$/i.freeze
 
     # Validate the format and content of a MAC address
     #
@@ -50,6 +50,7 @@ module Jamf
     def self.mac_address(val, msg = nil)
       msg ||= "Not a valid MAC address: '#{val}'"
       raise Jamf::InvalidDataError, msg unless val =~ MAC_ADDR_RE
+
       val
     end
 
@@ -68,10 +69,11 @@ module Jamf
       ok = false unless parts.size == 4
       parts.each { |p| ok = false unless p.j_integer? && p.to_i < 256 && p.to_i >= 0 }
       raise Jamf::InvalidDataError, msg unless ok
+
       val
     end
 
-    # Does a give JSONObject class have a given JSON attribute?
+    # Does a given JSONObject class have a given JSON attribute?
     #
     # @param klass [<JSONObject] A class descended from JSONObject
     #
@@ -83,9 +85,24 @@ module Jamf
       raise "#{klass} is not a descendent of JSONObject" unless klass < Jamf::JSONObject
 
       raise Jamf::NoSuchItemError, "No attribute #{attr_name} for class #{klass}" unless klass::OBJECT_MODEL.key? attrib
+
       attr_name
     end
 
+    # Does a value exist in a given enum array?
+    #
+    # @param klass [<JSONObject] A class descended from JSONObject
+    #
+    # @param attr_name [Symbol] The attribute to validate
+    #
+    # @return [Symbol] The valid attribute
+    #
+    def self.in_enum(val, enum)
+      raise Jamf::InvalidDataError, "Value must be one of: #{enum.join ', '}" unless enum.include? val
+
+      val
+    end
+
     # Validate that a value doesn't already exist for a given identifier of
     # a given CollectionResource class
     #
@@ -116,14 +133,12 @@ module Jamf
       raise Jamf::AlreadyExistsError, msg
     end
 
+    TRUE_FALSE = [true, false].freeze
+
     # Confirm that the given value is a boolean value, accepting
-    # Strings and Symbols,  returning real booleans as needed
-    #
-    # Accepted True values: true, 'true', :true, 'yes', :yes
-    #
-    # Accepted False values: false, 'false', :false, 'no', :no
-    #
-    # all Strings and Symbols are case insensitive
+    # strings and symbols and returning real booleans as needed
+    # Accepts: true, false, 'true', 'false', 'yes', 'no', 't','f', 'y', or 'n'
+    # as strings or symbols, case insensitive
     #
     # @param val [Boolean,String,Symbol] The value to validate
     #
@@ -131,14 +146,36 @@ module Jamf
     #
     # @return [Boolean] the valid boolean
     #
-    def self.boolean(val, msg = nil)
-      msg ||= 'Value must be boolean true or false'
-      return true if val.to_s =~ /^(true|yes)$/i
-      return false if val.to_s =~ /^(false|no)$/i
+    def self.boolean(val, msg = 'Value must be true or false, or equivalent string or symbol')
+      return val if TRUE_FALSE.include? val
+      return true if val.to_s =~ /^(t(rue)?|y(es)?)$/i
+      return false if val.to_s =~ /^(f(alse)?|no?)$/i
 
       raise Jamf::InvalidDataError, msg
     end
 
+    # Confirm that a value provided is an integer or a string version
+    # of an integer, and return the string version
+    #
+    # The JPAPI specs say that all IDs are integers in strings
+    # tho, the endpoints are still implementing that in different versions.
+    #
+    # @param val[Object] the value to validate
+    #
+    # @param msg[String] A custom error message when the value is invalid
+    #
+    # @return [String] the valid integer-in-a-string
+    #
+    def self.j_id(val, msg = 'Value must be an Integer or an Integer in a String, e.g. "42"')
+      case val
+      when Integer
+        return val.to_s
+      when String
+        return val if val.j_integer?
+      end
+      raise Jamf::InvalidDataError, msg
+    end
+
     # Confirm that a value is an Integer or a String representation of an
     # Integer. Return the integer, or raise an error
     #
@@ -148,10 +185,10 @@ module Jamf
     #
     # @return [Integer] the valid integer
     #
-    def self.integer(val, msg = nil)
-      msg ||= 'Value must be an Integer'
+    def self.integer(val, msg = 'Value must be an Integer')
       val = val.to_i if val.is_a?(String) && val.j_integer?
       raise Jamf::InvalidDataError, msg unless val.is_a? Integer
+
       val
     end
 
@@ -164,10 +201,10 @@ module Jamf
     #
     # @return [Float] the valid float
     #
-    def self.float(val, msg = nil)
-      msg ||= 'Value must be a Floating Point number'
+    def self.float(val, msg = 'Value must be a Floating Point number')
       val = val.to_f if val.is_a?(String) && val.j_float?
-      raise Jamf::InvalidDataError, msg unless val.is_a? Flot
+      raise Jamf::InvalidDataError, msg unless val.is_a? Float
+
       val
     end
 
@@ -180,11 +217,12 @@ module Jamf
     #
     # @return [String] the valid String
     #
-    def self.string(val, msg = nil)
-      msg ||= 'Value must be a String'
+    def self.string(val, msg = 'Value must be a String')
       return Jamf::BLANK if val.nil?
+
       val = val.to_s if val.is_a? Symbol
       raise Jamf::InvalidDataError, msg unless val.is_a? String
+
       val
     end
 
@@ -197,10 +235,10 @@ module Jamf
     #
     # @return [String] the valid non-empty string
     #
-    def self.non_empty_string(val, msg = nil)
-      msg ||= 'value must be a non-empty String'
+    def self.non_empty_string(val, msg = 'value must be a non-empty String')
       val = val.to_s if val.is_a? Symbol
       raise Jamf::InvalidDataError, msg unless val.is_a?(String) && !val.empty?
+
       val
     end
 
@@ -214,11 +252,12 @@ module Jamf
     #
     # @return [String] the validated string
     #
-    def self.script_contents(val, msg = nil)
-      msg ||= "value must be a String starting with '#!'"
+    def self.script_contents(val, msg = "value must be a String starting with '#!'")
       raise Jamf::InvalidDataError, msg unless val.is_a?(String) && val.start_with?(SCRIPT_SHEBANG)
+
       val
     end
+
   end # module validate
 
 end # module JSS

data/lib/jamf/version.rb

@@ -27,6 +27,6 @@
 module Jamf
 
   ### The version of the Jamf module
-  VERSION = '0.0.3'.freeze
+  VERSION = '0.0.6a1'.freeze
 
 end # module

data/lib/jss.rb

@@ -58,8 +58,8 @@ module JSS
 
   ###################
   ### Gems
-  require 'rest-client'
-  require 'plist'
+  require 'faraday'
+  require 'faraday_middleware'
   require 'immutable-struct'
   require 'recursive-open-struct'
 

data/lib/jss/api_connection.rb

@@ -25,18 +25,6 @@
 ###
 module JSS
 
-  # Constants
-  #####################################
-
-  # Module Variables
-  #####################################
-
-  # Module Methods
-  #####################################
-
-  # Classes
-  #####################################
-
   # Instances of this class represent a REST connection to a JSS API.
   #
   # For most cases, a single connection to a single JSS is all you need, and
@@ -227,42 +215,6 @@ module JSS
   #   # the variable 'prod2_victim_md' now contains a JSS::MobileDevice queried
   #   # through the connection 'production_api2'.
   #
-  # == Using the APIConnection itself to make API calls.
-  #
-  # Rather than passing an APIConnection into another method, you can call
-  # similar methods on the connection itself. For example, these two calls
-  # have the same result as the two examples above:
-  #
-  #   prod2_computer_sns = production_api2.all :Computer, only: :serial_numbers
-  #   prod2_victim_md = production_api2.fetch :MobileDevice, id: 832
-  #
-  # Here are the API calls you can make directly from an APIConnection object.
-  # They behave practically identically to the same methods in the APIObject
-  # subclasses, since they just call those methods, passing themselves in as the
-  # APIConnection to use.
-  #
-  # - {#all}  The 'list' methods of the various APIObject classes. Use the 'only:'
-  #   parameter to specify one of the sub-list-methods, like #all_ids or
-  #   #all_laptops, e.g. `my_connection.all :computers, only: :id`
-  # - {#map_all_ids} the equivalent of #map_all_ids_to in the APIObject classes
-  # - {#valid_id} given a class and an identifier (like macaddress or udid)
-  #   return a valid id or nil
-  # - {#exist?} given a class and an identifier (like macaddress or udid) does
-  #   the identifier exist for the class in the JSS
-  # - {#match} list items in the JSS matching a query
-  #   (if the object is {Matchable})
-  # - {#fetch} retrieve an object from the JSS
-  # - {#make} instantiate an object to be created in the JSS
-  # - {#computer_checkin_settings} same as {Computer.checkin_settings}
-  # - {#computer_inventory_collection_settings} same as {Computer.inventory_collection_settings}
-  # - {#computer_application_usage} same as {Computer.application_usage}
-  # - {#computer_management_data} same as {Computer.management_data}
-  # - {#master_distribution_point} same as {DistributionPoint.master_distribution_point}
-  # - {#my_distribution_point} same as {DistributionPoint.my_distribution_point}
-  # - {#network_ranges} same as {NetworkSegment.network_ranges}
-  # - {#network_segments_for_ip} same as {NetworkSegment.segments_for_ip}
-  # - {#my_network_segments} same as {NetworkSegment.my_network_segments}
-  #
   # == Low-level use of APIConnection instances.
   #
   # For most cases, using APIConnection instances as mentioned above
@@ -271,7 +223,7 @@ module JSS
   # {#get_rsrc}, {#put_rsrc}, {#post_rsrc}, & {#delete_rsrc}
   # documented below.
   #
-  # For even lower-level work, you can access the underlying RestClient::Resource
+  # For even lower-level work, you can access the underlying Faraday::Connection
   # inside the APIConnection via the connection's {#cnx} attribute.
   #
   # APIConnection instances also have a {#server} attribute which contains an
@@ -330,6 +282,12 @@ module JSS
     # values for the format param of get_rsrc
     GET_FORMATS = %i[json xml].freeze
 
+    HTTP_ACCEPT_HEADER = 'Accept'.freeze
+    HTTP_CONTENT_TYPE_HEADER = 'Content-Type'.freeze
+
+    MIME_JSON = 'application/json'.freeze
+    MIME_XML = 'application/xml'.freeze
+
     # Attributes
     #####################################
 
@@ -337,7 +295,7 @@ module JSS
     attr_reader :user
     alias jss_user user
 
-    # @return [RestClient::Resource] the underlying connection resource
+    # @return [Faraday::Connection] the underlying connection resource
     attr_reader :cnx
 
     # @return [Boolean] are we connected right now?
@@ -359,7 +317,7 @@ module JSS
     # @return [String] the protocol being used: http or https
     attr_reader :protocol
 
-    # @return [RestClient::Response] The response from the most recent API call
+    # @return [Faraday::Response] The response from the most recent API call
     attr_reader :last_http_response
 
     # @return [String] The base URL to to the current REST API
@@ -428,6 +386,7 @@ module JSS
       @name = args.delete :name
       @name ||= :unknown
       @connected = false
+      @object_list_cache = {}
       connect args unless args.empty?
     end # init
 
@@ -453,8 +412,6 @@ module JSS
     # @option args :use_ssl[Boolean] should the connection be made over SSL? Defaults to true.
     #
     # @option args :verify_cert[Boolean] should HTTPS SSL certificates be verified. Defaults to true.
-    #   If your connection raises RestClient::SSLCertificateNotVerified, and you don't care about the
-    #   validity of the SSL cert. just set this explicitly to false.
     #
     # @option args :user[String] a JSS user who has API privs, required if not defined in JSS::CONFIG
     #
@@ -476,6 +433,8 @@ module JSS
 
       args[:no_port_specified] = args[:port].to_s.empty?
       args = apply_connection_defaults args
+      @timeout = args[:timeout]
+      @open_timeout = args[:open_timeout]
 
       # ensure an integer
       args[:port] &&= args[:port].to_i
@@ -494,7 +453,7 @@ module JSS
       args[:password] = acquire_password args
 
       # heres our connection
-      @cnx = RestClient::Resource.new(@rest_url.to_s, args)
+      @cnx = create_connection args[:password]
 
       verify_server_version
 
@@ -543,8 +502,7 @@ module JSS
       @connected = false
     end # disconnect
 
-    # Get an arbitrary JSS resource
-    #
+    # Get a JSS resource
     # The first argument is the resource to get (the part of the API url
     # after the 'JSSResource/' ) The resource must be properly URL escaped
     # beforehand. Note: URL.encode is deprecated, use CGI.escape
@@ -572,14 +530,19 @@ module JSS
       validate_connected
       raise JSS::InvalidDataError, 'format must be :json or :xml' unless GET_FORMATS.include? format
 
-      begin
-        @last_http_response = @cnx[rsrc].get(accept: format)
-        return JSON.parse(@last_http_response.body, symbolize_names: true) if format == :json && !raw_json
+      @last_http_response =
+        @cnx.get(rsrc) do |req|
+          req.headers[HTTP_ACCEPT_HEADER] = format == :json ? MIME_JSON : MIME_XML
+        end
 
-        @last_http_response.body
-      rescue RestClient::ExceptionWithResponse => e
-        handle_http_error e
+      unless @last_http_response.success?
+        handle_http_error
+        return
       end
+
+      return JSON.parse(@last_http_response.body, symbolize_names: true) if format == :json && !raw_json
+
+      @last_http_response.body
     end
 
     # Update an existing JSS resource
@@ -597,10 +560,18 @@ module JSS
       xml.gsub!(/\r/, '
')
 
       # send the data
-      @last_http_response = @cnx[rsrc].put(xml, content_type: 'text/xml')
+      @last_http_response =
+        @cnx.put(rsrc) do |req|
+          req.headers[HTTP_CONTENT_TYPE_HEADER] = MIME_XML
+          req.headers[HTTP_ACCEPT_HEADER] = MIME_XML
+          req.body = xml
+        end
+      unless @last_http_response.success?
+        handle_http_error
+        return
+      end
+
       @last_http_response.body
-    rescue RestClient::ExceptionWithResponse => e
-      handle_http_error e
     end
 
     # Create a new JSS resource
@@ -611,17 +582,24 @@ module JSS
     #
     # @return [String] the xml response from the server.
     #
-    def post_rsrc(rsrc, xml = '')
+    def post_rsrc(rsrc, xml)
       validate_connected
 
       # convert CRs & to 
-      xml.gsub!(/\r/, '
') if xml
+      xml&.gsub!(/\r/, '
')
 
       # send the data
-      @last_http_response = @cnx[rsrc].post(xml, content_type: 'text/xml', accept: :json)
+      @last_http_response =
+        @cnx.post(rsrc) do |req|
+          req.headers[HTTP_CONTENT_TYPE_HEADER] = MIME_XML
+          req.headers[HTTP_ACCEPT_HEADER] = MIME_XML
+          req.body = xml
+        end
+      unless @last_http_response.success?
+        handle_http_error
+        return
+      end
       @last_http_response.body
-    rescue RestClient::ExceptionWithResponse => e
-      handle_http_error e
     end # post_rsrc
 
     # Delete a resource from the JSS
@@ -630,18 +608,23 @@ module JSS
     #
     # @return [String] the xml response from the server.
     #
-    def delete_rsrc(rsrc, xml = nil)
+    def delete_rsrc(rsrc)
       validate_connected
       raise MissingDataError, 'Missing :rsrc' if rsrc.nil?
 
-      # payload?
-      return delete_with_payload rsrc, xml if xml
-
       # delete the resource
-      @last_http_response = @cnx[rsrc].delete
+      @last_http_response =
+        @cnx.delete(rsrc) do |req|
+          req.headers[HTTP_CONTENT_TYPE_HEADER] = MIME_XML
+          req.headers[HTTP_ACCEPT_HEADER] = MIME_XML
+        end
+
+      unless @last_http_response.success?
+        handle_http_error
+        return
+      end
+
       @last_http_response.body
-    rescue RestClient::ExceptionWithResponse => e
-      handle_http_error e
     end # delete_rsrc
 
     # Test that a given hostname & port is a JSS API server
@@ -657,25 +640,8 @@ module JSS
       # ssl_options like :OP_NO_SSLv2 and :OP_NO_SSLv3 will take time to figure out..
       return true if `/usr/bin/curl -s 'https://#{server}:#{port}/#{TEST_PATH}'`.include? TEST_CONTENT
       return true if `/usr/bin/curl -s 'http://#{server}:#{port}/#{TEST_PATH}'`.include? TEST_CONTENT
-      false
 
-      # # try ssl first
-      # # NOTE:  doesn't work if we can't disallow SSLv3 or force TLSv1
-      # # See cheat above.
-      # begin
-      #   return true if open("https://#{server}:#{port}/#{TEST_PATH}", ssl_verify_mode: OpenSSL::SSL::VERIFY_NONE).read.include? TEST_CONTENT
-      #
-      # rescue
-      #   # then regular http
-      #   begin
-      #     return true if open("http://#{server}:#{port}/#{TEST_PATH}").read.include? TEST_CONTENT
-      #   rescue
-      #     # any errors = no API
-      #     return false
-      #   end # begin
-      # end # begin
-      # # if we're here, no API
-      # false
+      false
     end
 
     # The server to which we are connected, or will
@@ -686,267 +652,13 @@ module JSS
     #
     def hostname
       return @server_host if @server_host
+
       srvr = JSS::CONFIG.api_server_name
       srvr ||= JSS::Client.jss_server
       srvr
     end
     alias host hostname
 
-    #################
-
-    # Call one of the 'all*' methods on a JSS::APIObject subclass
-    # using this APIConnection.
-    #
-    #
-    # @deprecated please use the .all class method of the desired class
-    #
-    # @param class_name[String,Symbol] The name of a JSS::APIObject subclass
-    #   see {JSS.api_object_class}
-    #
-    # @param refresh[Boolean] Should the data be re-read from the API?
-    #
-    # @param only[String,Symbol] Limit the output to subset or data. All
-    #   APIObject subclasses can take :ids or :names, which calls the .all_ids
-    #   and .all_names methods. Some subclasses can take other options, e.g.
-    #   MobileDevice can take :udids
-    #
-    # @return [Array] The list of items for the class
-    #
-    def all(class_name, refresh = false, only: nil)
-      the_class = JSS.api_object_class(class_name)
-      list_method = only ? :"all_#{only}" : :all
-
-      raise ArgumentError, "Unknown identifier: #{only} for #{the_class}" unless
-        the_class.respond_to? list_method
-
-      the_class.send list_method, refresh, api: self
-    end
-
-    # Call the 'map_all_ids_to' method on a JSS::APIObject subclass
-    # using this APIConnection.
-    #
-    # @deprecated please use the .map_all_ids_to  class method of the desired class
-    #
-    #
-    # @param class_name[String,Symbol] The name of a JSS::APIObject subclass
-    #   see {JSS.api_object_class}
-    #
-    # @param refresh[Boolean] Should the data be re-read from the API?
-    #
-    # @param to[String,Symbol] the value to which the ids should be mapped
-    #
-    # @return [Hash] The ids for the class keyed to the requested identifier
-    #
-    def map_all_ids(class_name, refresh = false, to: nil)
-      raise "'to:' value must be provided for mapping ids." unless to
-      the_class = JSS.api_object_class(class_name)
-      the_class.map_all_ids_to to, refresh, api: self
-    end
-
-    # Call the 'valid_id' method on a JSS::APIObject subclass
-    # using this APIConnection. See {JSS::APIObject.valid_id}
-    #
-    # @deprecated please use the .valid_id class method of the desired class
-    #
-    #
-    # @param class_name[String,Symbol] The name of a JSS::APIObject subclass,
-    #   see {JSS.api_object_class}
-    #
-    # @param identifier[String,Symbol] the value to which the ids should be mapped
-    #
-    # @param refresh[Boolean] Should the data be re-read from the API?
-    #
-    # @return [Integer, nil] the id of the matching object of the class,
-    #   or nil if there isn't one
-    #
-    def valid_id(class_name, identifier, refresh = true)
-      the_class = JSS.api_object_class(class_name)
-      the_class.valid_id identifier, refresh, api: self
-    end
-
-    # Call the 'exist?' method on a JSS::APIObject subclass
-    # using this APIConnection. See {JSS::APIObject.exist?}
-    #
-    # @deprecated please use the .exist class method of the desired class
-    #
-    # @param class_name[String,Symbol] The name of a JSS::APIObject subclass
-    #   see {JSS.api_object_class}
-    #
-    # @param identifier[String,Symbol] the value to which the ids should be mapped
-    #
-    # @param refresh[Boolean] Should the data be re-read from the API?
-    #
-    # @return [Boolean] Is there an object of this class in the JSS matching
-    #   this indentifier?
-    #
-    def exist?(class_name, identifier, refresh = false)
-      !valid_id(class_name, identifier, refresh).nil?
-    end
-
-    # Call {Matchable.match} for the given class.
-    #
-    # See {Matchable.match}
-    #
-    # @deprecated Please use the .match class method of the desired class
-    #
-    # @param class_name[String,Symbol] The name of a JSS::APIObject subclass
-    #   see {JSS.api_object_class}
-    #
-    # @return (see Matchable.match)
-    #
-    def match(class_name, term)
-      the_class = JSS.api_object_class(class_name)
-      raise JSS::UnsupportedError, "Class #{the_class} is not matchable" unless the_class.respond_to? :match
-      the_class.match term, api: self
-    end
-
-    # Retrieve an object of a given class from the API
-    # See {APIObject.fetch}
-    #
-    # @deprecated Please use the .fetch class method of the desired class
-    #
-    #
-    # @param class_name[String,Symbol] The name of a JSS::APIObject subclass
-    #   see {JSS.api_object_class}
-    #
-    # @return [APIObject] The ruby-instance of the object.
-    #
-    def fetch(class_name, arg)
-      the_class = JSS.api_object_class(class_name)
-      the_class.fetch arg, api: self
-    end
-
-    # Make a ruby instance of a not-yet-existing APIObject
-    # of the given class
-    # See {APIObject.make}
-    #
-    # @deprecated Please use the .make class method of the desired class
-    #
-    # @param class_name[String,Symbol] The name of a JSS::APIObject subclass
-    #   see {JSS.api_object_class}
-    #
-    # @return [APIObject] The un-created ruby-instance of the object.
-    #
-    def make(class_name, **args)
-      the_class = JSS.api_object_class(class_name)
-      args[:api] = self
-      the_class.make args
-    end
-
-    # Call {JSS::Computer.checkin_settings} q.v.,  passing this API
-    # connection
-    # @deprecated Please use JSS::Computer.checkin_settings
-    #
-    def computer_checkin_settings
-      JSS::Computer.checkin_settings api: self
-    end
-
-    # Call {JSS::Computer.inventory_collection_settings} q.v., passing this API
-    # connection
-    # @deprecated Please use JSS::Computer.inventory_collection_settings
-    #
-    def computer_inventory_collection_settings
-      JSS::Computer.inventory_collection_settings api: self
-    end
-
-    # Call {JSS::Computer.application_usage} q.v., passing this API
-    # connection
-    # @deprecated Please use JSS::Computer.application_usage
-    #
-    def computer_application_usage(ident, start_date, end_date = nil)
-      JSS::Computer.application_usage ident, start_date, end_date, api: self
-    end
-
-    # Call {JSS::Computer.management_data} q.v., passing this API
-    # connection
-    #
-    # @deprecated Please use JSS::Computer.management_data
-    #
-    def computer_management_data(ident, subset: nil, only: nil)
-      JSS::Computer.management_data ident, subset: subset, only: only, api: self
-    end
-
-    # Call {JSS::Computer.history} q.v., passing this API
-    # connection
-    #
-    # @deprecated Please use JSS::Computer.management_history or its
-    #   convenience methods. @see JSS::ManagementHistory
-    #
-    def computer_history(ident, subset: nil)
-      JSS::Computer.history ident, subset, api: self
-    end
-
-    # Call {JSS::Computer.send_mdm_command} q.v.,  passing this API
-    # connection
-    #
-    # @deprecated Please use JSS::Computer.send_mdm_command or its
-    #   convenience methods. @see JSS::MDM
-    #
-    def send_computer_mdm_command(targets, command, passcode = nil)
-      opts = passcode ? { passcode: passcode } : {}
-      JSS::Computer.send_mdm_command targets, command, opts: opts, api: self
-    end
-
-    # Get the DistributionPoint instance for the master
-    # distribution point in the JSS. If there's only one
-    # in the JSS, return it even if not marked as master.
-    #
-    # @param refresh[Boolean] re-read from the API?
-    #
-    # @return [JSS::DistributionPoint]
-    #
-    def master_distribution_point(refresh = false)
-      JSS::DistributionPoint.master_distribution_point refresh, api: self
-    end
-
-    # Get the DistributionPoint instance for the machine running
-    # this code, based on its IP address. If none is defined for this IP address,
-    # use the result of master_distribution_point
-    #
-    # @param refresh[Boolean] should the distribution point be re-queried?
-    #
-    # @return [JSS::DistributionPoint]
-    #
-    def my_distribution_point(refresh = false)
-      JSS::DistributionPoint.my_distribution_point refresh, api: self
-    end
-
-    # @deprecated
-    #
-    # @see {JSS::NetworkSegment.network_ranges}
-    #
-    def network_ranges(refresh = false)
-      JSS::NetworkSegment.network_ranges refresh, api: self
-    end # def network_segments
-
-    # @deprecated
-    #
-    # @see {JSS::NetworkSegment.network_segments_for_ip}
-    #
-    def network_segments_for_ip(ip, refresh = false)
-      JSS::NetworkSegment.network_segments_for_ip ip, refresh, api: self
-    end
-
-    # @deprecated
-    #
-    # @see {JSS::NetworkSegment.my_network_segments}
-    #
-    def my_network_segments
-      network_segments_for_ip JSS::Client.my_ip_address
-    end
-
-    # Send an MDM command to one or more mobile devices managed by
-    # this JSS
-    #
-    # see {JSS::MobileDevice.send_mdm_command}
-    #
-    # @deprecated Please use JSS::MobileDevice.send_mdm_command or its
-    #   convenience methods. @see JSS::MDM
-    #
-    def send_mobiledevice_mdm_command(targets, command, data = {})
-      JSS::MobileDevice.send_mdm_command(targets, command, opts: data, api: self)
-    end
-
     # Empty all cached lists from this connection
     # then run garbage collection to clear any available memory
     #
@@ -1052,6 +764,7 @@ module JSS
     #
     def apply_defaults_from_client(args)
       return unless JSS::Client.installed?
+
       # these settings can come from the jamf binary config, if this machine is a JSS client.
       args[:server] ||= JSS::Client.jss_server
       args[:port] ||= JSS::Client.jss_port.to_i
@@ -1105,11 +818,13 @@ module JSS
       # keep this basic level of info available for basic authentication
       # and JSS version checking.
       begin
-        @server = JSS::Server.new get_rsrc('jssuser')[:user], self
-      rescue RestClient::Unauthorized
+        data = get_rsrc('jssuser')
+      rescue JSS::AuthorizationError
         raise JSS::AuthenticationError, "Incorrect JSS username or password for '#{@user}@#{@server_host}:#{@port}'."
       end
 
+      @server = JSS::Server.new data[:user], self
+
       min_vers = JSS.parse_jss_version(JSS::MINIMUM_SERVER_VERSION)[:version]
       return if @server.version >= min_vers # we're good...
 
@@ -1178,77 +893,69 @@ module JSS
       if SSL_PORTS.include? args[:port]
         args[:use_ssl] = true unless args[:use_ssl] == false
       end
+      return unless args[:use_ssl]
+
       # if verify_cert is anything but false, we will verify
-      args[:verify_ssl] = args[:verify_cert] == false ? OpenSSL::SSL::VERIFY_NONE : OpenSSL::SSL::VERIFY_PEER
+      args[:verify_ssl] = args[:verify_cert] != false
+
+      # ssl version if not specified
+      args[:ssl_version] ||= DFT_SSL_VERSION
+
+      @ssl_options = {
+        verify: args[:verify_ssl],
+        version: args[:ssl_version]
+      }
     end
 
-    # Parses the HTTP body of a RestClient::ExceptionWithResponse
-    # (the parent of all HTTP error responses) and its subclasses
-    # and re-raises a JSS::APIError with a more
-    # useful error message.
-    #
-    # @param exception[RestClient::ExceptionWithResponse] the exception to parse
+    # Parses the @last_http_response
+    # and raises a JSS::APIError with a useful error message.
     #
     # @return [void]
     #
-    def handle_http_error(exception)
-      @last_http_response = exception.response
-      case exception
-      when RestClient::ResourceNotFound
-        # other methods catch this and report more details
-        raise exception
-      when RestClient::Conflict
+    def handle_http_error
+      return if @last_http_response.success?
+
+      case @last_http_response.status
+      when 404
+        err = JSS::NoSuchItemError
+        msg = 'Not Found'
+      when 409
         err = JSS::ConflictError
-        msg_matcher = /<p>Error:(.*?)(<|$)/m
-      when RestClient::BadRequest
+        @last_http_response.body =~ /<p>(The server has not .*?)(<|$)/m
+        Regexp.last_match(1) ||  @last_http_response.body =~ %r{<p>Error: (.*?)</p>}
+        msg = Regexp.last_match(1)
+      when 400
         err = JSS::BadRequestError
-        msg_matcher = %r{>Bad Request</p>\n<p>(.*?)</p>\n<p>You can get technical detail}m
-      when RestClient::Unauthorized
-        raise
+        @last_http_response.body =~ %r{>Bad Request</p>\n<p>(.*?)</p>\n<p>You can get technical detail}m
+        msg = Regexp.last_match(1)
+      when 401
+        err = JSS::AuthorizationError
+        msg = 'You are not authorized to do that.'
+      when (500..599)
+        err = JSS::APIRequestError
+        msg = 'There was an internal server error'
       else
         err = JSS::APIRequestError
-        msg_matcher = %r{<body.*?>(.*?)</body>}m
+        msg = "There was a error processing your request, status: #{@last_http_response.status}"
       end
-      exception.http_body =~ msg_matcher
-      msg = Regexp.last_match(1)
-      msg ||= exception.http_body
       raise err, msg
     end
 
-    # RestClient::Resource#delete doesn't take an HTTP payload,
-    # but some JSS API resources require it (notably, logflush).
-    #
-    # This method uses RestClient::Request#execute
-    # to do the same thing that RestClient::Resource#delete does, but
-    # adding the payload.
-    #
-    # @param rsrc[String] the sub-resource we're DELETEing
-    #
-    # @param payload[String] The XML to be passed with the DELETE
-    #
-    # @param additional_headers[Type] See RestClient::Request#execute
-    #
-    # @param &block[Type] See RestClient::Request#execute
-    #
-    # @return [String] the XML response from the server.
-    #
-    def delete_with_payload(rsrc, payload, additional_headers = {}, &block)
-      headers = (@cnx.options[:headers] || {}).merge(additional_headers)
-      @last_http_response = RestClient::Request.execute(
-        @cnx.options.merge(
-          method: :delete,
-          url: @cnx[rsrc].url,
-          payload: payload,
-          headers: headers
-        ),
-        &(block || @block)
-      )
-    rescue RestClient::ExceptionWithResponse => e
-      handle_http_error e
-    end # delete_with_payload
+    # create the faraday connection object
+    def create_connection(pw)
+      Faraday.new(@rest_url, ssl: @ssl_options) do |cnx|
+        cnx.basic_auth @user, pw
+        cnx.options[:timeout] = @timeout
+        cnx.options[:open_timeout] = @open_timeout
+        cnx.adapter Faraday::Adapter::NetHttp
+      end
+    end
 
   end # class APIConnection
 
+  # JSS MODULE METHODS
+  ######################
+
   # Create a new APIConnection object and use it for all
   # future API calls. If connection options are provided,
   # they are passed to the connect method immediately, otherwise
@@ -1276,6 +983,7 @@ module JSS
   #
   def self.use_api_connection(connection)
     raise 'API connections must be instances of JSS::APIConnection' unless connection.is_a? JSS::APIConnection
+
     @api = connection
   end