xolo-server 1.0.0 → 2.0.2

data/lib/xolo/server/helpers/file_transfers.rb

@@ -20,6 +20,17 @@ module Xolo
         #######################
         #######################
 
+        UPLOAD_ACTION = 'Upload'
+        REUPLOAD_ACTION = 'Re-upload'
+
+        # Thes values in the cdnType field of the Cloud DP definition
+        # from the API indicate that there is no Cloud DP configured
+        CLOUD_DP_NA = [nil, Xolo::BLANK, 'NONE'].freeze
+
+        # How long to wait for a pkg to appear on the Cloud DP when uploading via API
+        # before giving up and raising an error
+        CLOUD_DP_UPLOAD_TIMEOUT = 1800 # seconds - 30 minutes
+
         # Module Methods
         #######################
         #######################
@@ -60,7 +71,9 @@ module Xolo
           log_info "Processing uploaded SelfService icon for #{params[:title]}"
           title = instantiate_title params[:title]
           title.save_ssvc_icon(tempfile, filename)
-          title.configure_pol_for_self_service if title.self_service
+          # this will configure the ssvc settings but won't make it available
+          # in ssvc - that happens elsewhere.
+          title.configure_pol_for_self_service
         rescue => e
           msg = "#{e.class}: #{e}"
           log_error msg
@@ -69,81 +82,211 @@ module Xolo
           halt 400, { status: 400, error: msg }
         end
 
-        # Handle an uploaded pkg installer
-        # TODO: wrap this in a thread, it might be very slow for large pkgs.
-        # TODO: Also, when threaded, how to report errors?
-        # TODO: Split this into smaller methods
-        #############################
-        def process_incoming_pkg
-          log_info "Processing uploaded installer package for version '#{params[:version]}' of title '#{params[:title]}'"
+        # Upload an pkg installer from xadm to Jamf Pro,
+        # and do all the processing around that
+        ######################
+        def process_and_upload_uploaded_pkg
+          process_and_upload_to_jamf(
+            params[:title],
+            params[:version],
+            pkg_src: params[:file][:tempfile].path,
+            orig_filename: params[:file][:filename]
+          )
+        end
 
-          # the Xolo::Server::Version that owns this pkg
-          version = instantiate_version title: params[:title], version: params[:version]
-          version.lock
+        # upload a package from autopkg to Jamf Pro
+        # and do all the processing around that
+        #
+        # @param title [String] The title the package belongs to
+        # @param version [String, Xolo::Server::Version] the version string or object
+        # @param pkg_src [String, Pathname] the path to the pkg
+        # @return [void]
+        ###########################################
+        def process_and_upload_autopkg_pkg(title, version, pkg_src)
+          process_and_upload_to_jamf(
+            title,
+            version,
+            pkg_src: pkg_src
+          )
+        end
 
-          # is this a re-upload? True if upload_date as any value in it
-          if version.upload_date.pix_empty?
-            action = 'Uploading'
-            re_uploading = false
-          else
-            re_uploading = true
-            action = 'Re-uploading'
-            version.log_change msg: 'Re-uploading pkg file'
-          end
+        # Process a pkg installer and upload to jamf
+        #
+        # @param title [String] the title name
+        # @param version [String, Xolo::Server::Version] the version string or object
+        # @param pkg_src [String, Pathname] the path to the file to be uploaded to Jamf
+        #   This could be one uploaded from xadm, or one created by autopkg
+        # @param orig_filename [String, nil] the original filename of the pkg, e.g. as uploaded from
+        #   an admin's computer. If not provided, the basename of pkg_src will be used.
+        # @return [void]
+        #############################
+        def process_and_upload_to_jamf(title, version, pkg_src:, orig_filename: nil)
+          pkg_src = Pathname.new pkg_src
+          orig_filename ||= pkg_src.basename.to_s
 
-          # the original uploaded filename
-          orig_filename = params[:file][:filename]
-          log_debug "Incoming pkg file '#{orig_filename}' "
-          file_extname = validate_uploaded_pkg(orig_filename)
+          version = instantiate_version(title: title, version: version) if version.is_a?(String)
 
-          # Set the jamf_pkg_file, now that we know the extension
-          uploaded_pkg_name = "#{version.jamf_pkg_name}#{file_extname}"
-          log_debug "Jamf: Package filename will be '#{uploaded_pkg_name}'"
-          version.jamf_pkg_file = uploaded_pkg_name
+          staged_pkg = prep_pkg_for_upload(version, pkg_src)
+          upload_pkg_in_thread(version, staged_pkg, orig_filename)
+        rescue => e
+          msg = "#{e.class}: #{e}"
+          log_error msg
+          e.backtrace.each { |line| log_error "..#{line}" }
+          halt 400, { status: 400, error: msg }
+        ensure
+          pkg_src.delete if pkg_src.file?
+        end
 
-          # The tempfile created by Sinatra when the pkg was uploaded from xadm
-          tempfile = Pathname.new params[:file][:tempfile].path
+        # Prep a .pkg before we start uploading to the dist point
+        #
+        # @param version [Xolo::Server::Version] the version that is being uploaded/re-uploaded
+        # @param pkg_src [Pathname] the path to the file to be uploaded to Jamf
+        # @return [Pathname] the path to the staged pkg that is ready to be uploaded to Jamf
+        #########################################
+        def prep_pkg_for_upload(version, pkg_src)
+          msg = "Jamf: Processing installer package '#{pkg_src}' (#{pkg_src.size.pix_humanize_bytes}) for Jamf Dist upload, title '#{version.title}' version '#{version.version}'"
+          progress msg, log: :info
+
+          version.jamf_pkg_file = dist_pkg_filename(version)
+          log_debug "Jamf: Uploaded package filename will be '#{version.jamf_pkg_file}'"
+          version.save_local_data
 
-          # The uploaded tmpfile will be staged here before uploading again to
-          # the Jamf Dist Point(s)
-          staged_pkg = Xolo::Server::Title.title_dir(params[:title]) + uploaded_pkg_name
+          # The pkg_src will be staged here before uploading to the Dist Point
+          staged_pkg = Xolo::Server::Title.title_dir(version.title) + version.jamf_pkg_file
 
           # remove any old one that might be there
           staged_pkg.delete if staged_pkg.file?
 
-          if need_to_sign?(tempfile)
-            # This will put the signed pkg into the staged_pkg location
-            sign_uploaded_pkg(tempfile, staged_pkg)
-            log_debug "Signing complete, deleting temp file '#{tempfile}'"
-            tempfile.delete if tempfile.file?
-          else
-            log_debug "Uploaded .pkg file doesn't need signing, moving tempfile to '#{staged_pkg.basename}'"
-            # Put the signed pkg into the staged_pkg location
-            tempfile.rename staged_pkg
-          end
+          # This will move/copy the pkg_src into the staged_pkg, signing it on the way if needed, and
+          # delete the original pkg_src file.
+          sign_and_stage(pkg_src, staged_pkg, version)
 
-          # upload the pkg with the uploader tool defined in config
-          # This will set the checksum and manifest in the JPackage object
-          upload_to_dist_point(version.jamf_package, staged_pkg)
+          # Wrap component pkgs in a Distribution pkg if configured to do so
+          staged_pkg = wrap_component_pkg_in_distribution(staged_pkg, version) if Xolo::Server.config.create_distribution_pkgs
 
-          if re_uploading
-            # These must be set before calling wait_to_enable_reinstall_policy
-            version.reupload_date = Time.now
-            version.reuploaded_by = session[:admin]
+          staged_pkg
+        end
 
-            # This will make the version start a thread
-            # that will wait some period of time (to allow for pkg uploads
-            # to complete) before enabling the reinstall policy
-            version.wait_to_enable_reinstall_policy
-          else
-            version.upload_date = Time.now
-            version.uploaded_by = session[:admin]
+        # upload a prepped/staged pkg in a thread, and do the things that need to be done after upload,
+        # like setting the upload/reupload date and user, enabling the reinstall policy if it's a reupload, etc
+        #
+        # @param version [Xolo::Server::Version] the version that is being uploaded/re-uploaded
+        # @param staged_pkg [Pathname] the path to the staged pkg that is ready to be uploaded to Jamf
+        # @return [void]
+        #####################################
+        def upload_pkg_in_thread(version, staged_pkg, orig_filename)
+          if @pkg_upload_thread&.alive?
+            msg = "A pkg upload is already in progress for version '#{version}' - can't start another one until it's done"
+            log_error msg
+            raise msg
           end
 
+          @pkg_upload_thread = Thread.new do
+            begin
+              # is this a re-upload? The jamf_pkg_file will have already
+              # been updated to reflect the new filename with the _N_ if it's a re-upload
+              re_uploading = version.jamf_pkg_file =~ /_(\d+)_\.pkg$/
+
+              # disable reinstall policy if re-uploading,
+              # will be re-enabled after the upload
+              if re_uploading
+                action = REUPLOAD_ACTION
+                pol = version.jamf_auto_reinstall_policy
+                pol.disable
+                pol.save
+              else
+                action = UPLOAD_ACTION
+              end
+
+              upload_to_dist_point(version.jamf_package, staged_pkg)
+
+              uploaded_by =
+                if version.title_object.autopkg_enabled?
+                  Xolo::Server::Helpers::AutoPkg::AUTOPKG_UPLOADED_BY
+                elsif defined?(session)
+                  session[:admin]
+                end
+
+              if re_uploading
+                version.reupload_date = Time.now
+                version.reuploaded_by = uploaded_by
+
+                # if upload via API, wait for pkg to appear then enable the policy
+                if upload_via_api?
+                  wait_for_pkg_and_enable_reinstall_policy(version)
+
+                # otherwise notify someone to confirm upload is complete before enabling the policy
+                else
+                  msg = "Please confirm that re-uploaded pkg '#{version.jamf_pkg_file}' is on the dist point and ready to go, then enable the reinstall policy '#{pol.name}' at #{jamf_auto_reinstall_policy_url}"
+                  log_info msg, alert: true
+
+                end # if upload_via_api?
+
+                # update the dist filename in the jamf package object
+                version.jamf_package.fileName = version.jamf_pkg_file
+                version.jamf_package.packageName = version.jamf_pkg_name
+                version.jamf_package.save
+
+              # if this is a first-time upload, just set the upload date and user
+              else
+                version.upload_date = Time.now
+                version.uploaded_by = uploaded_by
+              end # if re_uploading
+              version.save_local_data
+              version.log_change msg: "#{action}ed pkg file '#{staged_pkg.basename}' to Jamf Pro dist point(s)"
+            rescue => e
+              msg = "Error in pkg upload thread: #{e.class}: #{e}"
+              log_error msg
+              e.backtrace.each { |line| log_error "..#{line}" }
+            end # begin
+
+            update_version_post_upload(version, staged_pkg, orig_filename)
+          end # thread
+        end
+
+        # Wait for a re-uploaded pkg to appear on the Cloud DP after an API upload,
+        # then enable the reinstall policy
+        #
+        # @param version [Xolo::Server::Version] the version that is being re-uploaded
+        # @return [void]
+        #####################
+        def wait_for_pkg_and_enable_reinstall_policy(version)
+          start_time = Time.now
+
+          until cloud_dp_pkg_ready?(version.jamf_pkg_file)
+            if Time.now - start_time > CLOUD_DP_UPLOAD_TIMEOUT
+              msg = "Timed out waiting for pkg '#{version.jamf_pkg_file}' to appear on Cloud DP after upload via API"
+              log_error msg
+              raise msg
+            end
+
+            log_debug "Checking every minute for pkg '#{version.jamf_pkg_file}' to appear on Cloud DP after upload via API..."
+            sleep 60
+          end # until
+
+          log_debug "Pkg '#{version.jamf_pkg_file}' is now on Cloud DP, enabling reinstall policy"
+          pol = version.jamf_auto_reinstall_policy
+          pol.enable
+          pol.save
+
+          msg = "Re-uploaded pkg '#{version.jamf_pkg_file}' is on the dist point and ready to go, reinstall policy '#{pol.name}' has been enabled"
+          log_info msg, alert: true
+        end
+
+        # After uploading a pkg, update the version with info about the pkg,
+        # like whether it's a dist pkg or not, and save the manifest and checksum
+        # NOTE this is run as part of the upload thread.
+        #
+        # @param version [Xolo::Server::Version] the version that is being uploaded/re-uploaded
+        # @param staged_pkg [Pathname] the path to the staged pkg that was uploaded to Jamf
+        # @return [void]
+        ##############################
+        def update_version_post_upload(version, staged_pkg, orig_filename)
           # make note if the pkg is a Distribution package
           version.dist_pkg = pkg_is_distribution?(staged_pkg)
 
-          # save the manifest just in case
+          # save the manifest on the server, just in case
+          # TODO: Support sha3_512 in manifests
           version.manifest_file.pix_atomic_write(version.jamf_package.manifest)
 
           # save the checksum just in case
@@ -156,18 +299,59 @@ module Xolo
           version.save_local_data
 
           # log the upload
-          version.log_change msg: "#{action} pkg file '#{staged_pkg.basename}'"
-
-          # remove the staged pkg and the tempfile
-          staged_pkg.delete
-          tempfile.delete if tempfile.file?
-        rescue => e
-          msg = "#{e.class}: #{e}"
-          log_error msg
-          e.backtrace.each { |line| log_error "..#{line}" }
-          halt 400, { status: 400, error: msg }
+          version.log_change msg: "Uploaded pkg file '#{staged_pkg.basename}' to dist point"
         ensure
-          version.unlock
+          staged_pkg.delete if staged_pkg.file?
+        end
+
+        # What will be the name of the file on the dist point?
+        # For a first upload, it will be 'xolo-<title>-<version>.pkg'
+        #
+        # If we are re-uploading, it will be 'xolo-<title>-<version>_N_.pkg'
+        # where N is an integer (starting with 2) that increments with each re-upload,
+        #
+        # This is so that re-uploads don't have the same filename on the Dist Point, which could
+        # be problematic. It also helps to visually see that this is a re-uploaded pkg
+        # and not the original one.
+        #
+        # @param version [Xolo::Server::Version] the version that is being re-uploaded
+        #
+        # @return [String] the filename to use for the pkg on the dist point
+        ####################
+        def dist_pkg_filename(version)
+          if version.upload_date.pix_empty?
+            # no upload date, this is the first upload
+            "#{version.jamf_pkg_name}#{Xolo::DOT_PKG}"
+
+          elsif version.jamf_pkg_file.to_s =~ /_(\d+)_\.pkg$/
+            # this is a re-upload, does the filename indicat a previous re-upload with a _N_ in the name?
+            next_num = Regexp.last_match[1].to_i + 1
+            "#{version.jamf_pkg_name}_#{next_num}_#{Xolo::DOT_PKG}"
+
+          else
+            # the first re-upload, just add _2_ before the extension
+            "#{version.jamf_pkg_name}_2_#{Xolo::DOT_PKG}"
+          end
+        end
+
+        # If this pkg needs signing, do so putting the signed pkg in the staged_pkg location,
+        # and delete the original pkg_src file.
+        # If it doesn't need signing, just move it to the staged_pkg location.
+        #
+        # @param pkg_src [Pathname] the path to the file to be uploaded to Jamf
+        # @param staged_pkg [Pathname] the path where the pkg should be staged for upload to Jamf
+        # @param version [Xolo::Server::Version] the version that is being uploaded/re-uploaded
+        # @return [void]
+        def sign_and_stage(pkg_src, staged_pkg, version)
+          if need_to_sign?(pkg_src, version)
+            # This will put the signed pkg into the staged_pkg location
+            sign_pkg(pkg_src, staged_pkg)
+            log_debug "Signing complete, signed pkg is '#{staged_pkg}', deleting original file '#{pkg_src}'"
+            pkg_src.delete if pkg_src.file?
+          else
+            log_debug "The .pkg file doesn't need signing, moving pkg_src to '#{staged_pkg}'"
+            pkg_src.rename staged_pkg
+          end
         end
 
         # Check if a package is a Distribution package, if not,
@@ -182,14 +366,69 @@ module Xolo
           pkg_file = Pathname.new(pkg_file)
           raise ArgumentError, "pkg_file does not exist or not a file: #{pkg_file}" unless pkg_file.file?
 
-          tmpdir = Pathname.new(Dir.mktmpdir)
-          workdir = tmpdir + "#{pkg_file.basename}-expanded"
+          `/usr/bin/xar -tf #{pkg_file.to_s.shellescape}`.split("\n").include? 'Distribution'
+        end
 
-          system "/usr/sbin/pkgutil --expand #{pkg_file.to_s.shellescape} #{workdir.to_s.shellescape}"
+        # Wrap a component pkg in a Distribution pkg, return the path to the Distribution pkg,
+        # which should be the same as the orig_pkg
+        #
+        # @param orig_pkg [Pathname, String] The path to the component .pkg
+        # @param version [Xolo::Server::Version] the version that is being uploaded/re-uploaded
+        #
+        # @return [Pathname] The path to the new Distribution pkg
+        ###########################################
+        def wrap_component_pkg_in_distribution(orig_pkg, version)
+          orig_pkg = Pathname.new(orig_pkg)
 
-          workdir.children.map(&:basename).map(&:to_s).include? 'Distribution'
-        ensure
-          tmpdir.rmtree
+          raise ArgumentError, "pkg_file does not exist or not a file: #{orig_pkg}" unless orig_pkg.file?
+
+          if pkg_is_distribution?(orig_pkg)
+            log_debug "Package '#{orig_pkg.basename}' is already a Distribution pkg, not wrapping"
+            return orig_pkg
+          end
+
+          log_info "Wrapping component pkg '#{orig_pkg.basename}' in a Distribution pkg"
+          out_dir = orig_pkg.parent
+          out_file = out_dir + "#{orig_pkg.basename(Xolo::DOT_PKG)}_dist#{Xolo::DOT_PKG}"
+
+          # the productbuild command, with signing if needed
+          prodbuild_cmd = +"/usr/bin/productbuild --package #{orig_pkg.to_s.shellescape} "
+          signing_reason =
+            if version.pkg_is_from_autopkg && Xolo::Server.config.sign_autopkg_pkgs
+              'autopkg'
+            elsif !version.pkg_is_from_autopkg && Xolo::Server.config.sign_pkgs
+              'uploaded'
+            end
+
+          if signing_reason
+            log_info "Signing is enabled for #{signing_reason} pkgs, will sign the Distribution pkg as part of wrapping process"
+
+            sh_kch = Shellwords.escape Xolo::Server::Configuration::PKG_SIGNING_KEYCHAIN.to_s
+            sh_ident = Shellwords.escape Xolo::Server.config.pkg_signing_identity
+            unlock_signing_keychain
+            prodbuild_cmd << "--sign #{sh_ident} --keychain #{sh_kch} "
+          end
+
+          prodbuild_cmd << out_file.to_s.shellescape
+
+          log_debug "Wrapping component pkg in Distribution pkg with this command: #{prodbuild_cmd}"
+
+          if system prodbuild_cmd
+            # remove the component pkg
+            orig_pkg.delete
+            # rename the dist pkg to the original pkg name,
+            out_file.rename orig_pkg
+
+            return orig_pkg
+          end
+
+          raise "Failed to wrap component pkg '#{orig_pkg.basename}' in a Distribution pkg"
+        end
+
+        # are Dist Point uploads configured to be done via the API, or with an upload tool defined in config?
+        #############################
+        def upload_via_api?
+          Xolo::Server.config.upload_tool.to_s.downcase == 'api'
         end
 
         # upload a staged pkg to the dist point(s)
@@ -201,9 +440,17 @@ module Xolo
         # @return [void]
         ###########################################
         def upload_to_dist_point(jpkg, pkg_file)
-          if Xolo::Server.config.upload_tool.to_s.downcase == 'api'
-            jpkg.upload pkg_file # this will update the checksum and manifest automatically, and save back to the server
+          # via API
+          if upload_via_api?
+            log_debug 'Jamf: increasing the API timeout to 30 minutes for the pkg upload'
+            jpkg.cnx.jp_cnx.options.timeout = 1800
+
+            log_debug "Jamf: Attempting upload of #{pkg_file.basename} to primary dist point via API"
+            # this will update the checksum and manifest automatically, and save back to the jamf pro server
+            jpkg.upload pkg_file
             log_info "Jamf: Uploaded #{pkg_file.basename} to primary dist point via API, with new checksum and manifest"
+
+          # via upload tool defined in config
           else
             log_debug "Jamf: Regenerating manifest for package '#{jpkg.packageName}' from #{pkg_file.basename}"
             jpkg.generate_manifest(pkg_file)
@@ -233,19 +480,22 @@ module Xolo
           cmd = "#{tool} #{jpkg_name} #{pkg}"
 
           stdouterr, exit_status = Open3.capture2e(cmd)
-          return if exit_status.success?
+          if exit_status.success?
+            log_debug "Jamf: upload tool succeeded in uploading #{pkg_file.basename} to dist point(s)."
+            return
+          end
 
-          msg =  "Uploader tool failed to upload #{pkg_file.basename} to dist point(s): #{stdouterr}"
+          msg = "Uploader tool failed to upload #{pkg_file.basename} to dist point(s): #{stdouterr}"
           log_error msg
           raise msg
         end
 
         # Confirm and return the extension of the originally uplaoded file,
-        # either .pkg or .zip
+        # as .pkg
         #
         # @param filename [String] The original name of the file uploaded to Xolo.
         #
-        # @return [String] either '.pkg' or '.zip'
+        # @return [String]  '.pkg' is the only valid one for now
         ###############################
         def validate_uploaded_pkg(filename)
           log_debug "Validating pkg file ext for '#{filename}'"
@@ -253,7 +503,87 @@ module Xolo
           file_extname = Pathname.new(filename).extname
           return file_extname if Xolo::OK_PKG_EXTS.include? file_extname
 
-          raise "Bad filename '#{filename}'. Package files must end in .pkg or .zip (for old-style bundle packages)"
+          raise "Bad filename '#{filename}'. Package files must end in #{Xolo::OK_PKG_EXTS.join(', or ')}"
+        end
+
+        # TODO: Use ruby-jss when it implements could-distribution-point rsrc
+        #
+        # @return [Hash] The Cloud DP definition from the API, if available, minus the keyPairId & privateKey
+        #   If no cloud dp defined, returns { cdnType: 'NONE', master: false }
+        ####################
+        def cloud_dp_data
+          return @cloud_dp_data if @cloud_dp_data
+
+          @cloud_dp_data = jamf_cnx.jp_get '/v1/cloud-distribution-point'
+          @cloud_dp_data.delete :privateKey
+          @cloud_dp_data.delete :keyPairId
+          @cloud_dp_data
+        rescue Jamf::Connection::JamfProAPIError => e
+          @cloud_dp_data = { cdnType: 'NONE', master: false }
+          return @cloud_dp_data if jamf_cnx.last_http_response.status == 404
+
+          raise e
+        end
+
+        # @return [Boolean] Is a cloud distribution point defined?
+        ###############################
+        def cloud_dp_available?
+          !CLOUD_DP_NA.include? cloud_dp_data[:cdnType]
+        end
+
+        # TODO: Use ruby-jss when it implements could-distribution-point rsrc
+        # @return [Boolean] Is a cloud distribution point defined?
+        ###############################
+        def cloud_dp_principal?
+          cloud_dp_available? && cloud_dp_data[:master]
+        end
+
+        # TODO: Use ruby-jss when it implements could-distribution-point rsrc
+        #
+        # Does a given pkg name exist on the cloud dp with 'ready' status?
+        #
+        # @param pkg_name [String] the name of the pkg to look for
+        #
+        # @return [Boolean] Is the pkg ready-to-go on the Cloud DP?
+        ###############################
+        def cloud_dp_pkg_ready?(pkg_filename)
+          return false unless cloud_dp_available?
+
+          filt = CGI.escape "fileName=='#{pkg_filename}'"
+          response = jamf_cnx.jp_get "/v1/cloud-distribution-point/files?filter=#{filt}"
+
+          # No fileserver I know of will allow multiples of a single filename....
+          # so assume there's only zero or one
+          data = response[:results].first
+          return false unless data
+
+          # once the status is ready, we should be good to go
+          data[:status] == 'READY'
+        end
+
+        # TODO: Use ruby-jss when it implements could-distribution-point rsrc
+        #
+        # @return [Hash {String => String}] The Jamf ID => FileName of all 'READY' PACKAGE files on
+        #   the Cloud DP.
+        ###############################
+        def cloud_dp_pkgs
+          page = 0
+          page_size = 1000
+          pkgs = {}
+          loop do
+            response = jamf_cnx.jp_get "/v1/cloud-distribution-point/files?page=#{page}&page-size=#{page_size}"
+            results = response[:results]
+            break if results.empty?
+
+            results.each do |f|
+              next unless f[:type] == 'PACKAGE' && f[:status] == 'READY'
+
+              # fileObjectId is the Jamf ID of the Package object for this DP file
+              pkgs[f[:fileObjectId]] = f[:fileName]
+            end
+            page += 1
+          end
+          pkgs
         end
 
       end # FileTransfers

data/lib/xolo/server/helpers/jamf_pro.rb

@@ -68,6 +68,7 @@ module Xolo
 
           host = Xolo::Server.config.jamf_gui_hostname
           host ||= Xolo::Server.config.jamf_hostname
+
           port = Xolo::Server.config.jamf_gui_port
           port ||= Xolo::Server.config.jamf_port
 
@@ -93,20 +94,30 @@ module Xolo
 
           return @jamf_cnx if @jamf_cnx
 
-          @jamf_cnx = Jamf::Connection.new(
+          cnx_opts = {
             name: "jamf-pro-cnx-#{Time.now.strftime('%F-%T')}",
             host: Xolo::Server.config.jamf_hostname,
             port: Xolo::Server.config.jamf_port,
             verify_cert: Xolo::Server.config.jamf_verify_cert,
             ssl_version: Xolo::Server.config.jamf_ssl_version,
             open_timeout: Xolo::Server.config.jamf_open_timeout,
-            timeout: Xolo::Server.config.jamf_timeout,
-            user: Xolo::Server.config.jamf_api_user,
-            pw: Xolo::Server.config.jamf_api_pw,
-            keep_alive: false
-          )
-          log_debug "Jamf: Connected to Jamf Pro at #{@jamf_cnx.base_url} as user '#{Xolo::Server.config.jamf_api_user}'. KeepAlive: #{@jamf_cnx.keep_alive?}, Expires: #{@jamf_cnx.token.expires}. cnx ID: #{@jamf_cnx.object_id}"
+            timeout: Xolo::Server.config.jamf_timeout
+          }
+
+          if Xolo::Server.config.jamf_use_api_client
+            cnxtype = 'API Client'
+            cnx_opts[:client_id] = Xolo::Server.config.jamf_api_user
+            cnx_opts[:client_secret] = Xolo::Server.config.jamf_api_pw
+          else
+            cnxtype = 'User'
+            cnx_opts[:user] = Xolo::Server.config.jamf_api_user
+            cnx_opts[:pw] = Xolo::Server.config.jamf_api_pw
+          end
+
+          @jamf_cnx = Jamf::Connection.new(**cnx_opts)
 
+          log_debug "Jamf: Connected to Jamf Pro at #{@jamf_cnx.base_url} as #{cnxtype} '#{Xolo::Server.config.jamf_api_user}'. KeepAlive: false, Expires: #{@jamf_cnx.token.expires}. cnx ID: #{@jamf_cnx.object_id}"
+          # log_debug "jamf_cnx caller:\n..#{caller_locations(1, 10).map(&:to_s).join("\n..")}"
           @jamf_cnx
         end
 
@@ -147,6 +158,19 @@ module Xolo
           end
         end
 
+        # If we're running on a test server, Jamf objects have a different prefix
+        # which is 'xolo-' prod servers and 'xolotest-' on test servers.
+        #
+        # @return [String] The prefix for Jamf object names
+        ###########################
+        def jamf_obj_name_pfx_base
+          if Xolo::Server.config.test_server
+            Xolo::Server::JAMF_TEST_OBJECT_NAME_PFX
+          else
+            Xolo::Server::JAMF_OBJECT_NAME_PFX
+          end
+        end
+
       end # JamfPro
 
     end # Helpers

data/lib/xolo/server/helpers/log.rb

@@ -73,12 +73,14 @@ module Xolo
         ###############################
         def log_error(msg, alert: false)
           logger.error(session_svr_obj_id) { msg }
+          # caller.each { |l| logger.error(session_svr_obj_id) { "..#{l}" } }
           send_alert msg, :ERROR if alert
         end
 
         ###############################
         def log_fatal(msg, alert: false)
           logger.fatal(session_svr_obj_id) { msg }
+          caller.each { |l| logger.fatal(session_svr_obj_id) { "..#{l}" } }
           send_alert msg, :FATAL if alert
         end
 

data/lib/xolo/server/helpers/maintenance.rb

@@ -175,6 +175,7 @@ module Xolo
           # TODO: Be DRY with this stuff and similar in title_jamf_access.rb
           Xolo::Server::Title.all_titles.each do |title|
             title_obj = instantiate_title title
+            next if title_obj.subscribed?
             next unless title_obj.jamf_patch_ea_awaiting_acceptance?
 
             log_info "Cleanup: Auto-accepting Title Editor EA for title '#{title}'"