xolo-server 1.0.0 → 2.0.2

data/lib/xolo/server/mixins/title_ted_access.rb

@@ -65,6 +65,11 @@ module Xolo
         # @return [Windoo::SoftwareTitle]
         ##########################
         def create_title_in_ted
+          if subscribed?
+            log_debug "Title Editor: SoftwareTitle '#{title}' is subscribed, skipping Title Editor creation"
+            return
+          end
+
           # delete an old one if its there
           ted_title&.delete if Windoo::SoftwareTitle.all_ids(cnx: ted_cnx).include? title
 
@@ -86,8 +91,10 @@ module Xolo
           sleep 2
 
           # re-fetch the title from ted and enable it
+          progress "Title Editor: Enabling SoftwareTitle '#{title}'", log: :info
           ted_title(refresh: true).enable
 
+          # cache the new title object id
           self.ted_id_number = ted_title.softwareTitleId
         end
 
@@ -171,6 +178,10 @@ module Xolo
         # @return [void]
         ##########################
         def update_title_in_ted
+          if subscribed?
+            log_debug "Title Editor: SoftwareTitle '#{title}' is subscribed, skipping Title Editor update"
+            return
+          end
           return unless changes_for_update
 
           unless any_ted_changes?
@@ -197,6 +208,9 @@ module Xolo
           # This will also apply the changes to all patch component criteria
           apply_requirement_changes
 
+          # re-enable all patches, after any change, which might have disabled them
+          reenable_all_ted_patches
+
           # mucking with the patches often disables the title, make sure its enabled.
           enable_ted_title
 
@@ -212,10 +226,12 @@ module Xolo
           req_change = requirement_change
           return unless req_change
 
-          new_app_name = changes_for_update.dig :app_name, :new
-          new_app_bundle_id = changes_for_update.dig :app_bundle_id, :new
           new_ea_script = changes_for_update.dig :version_script, :new
 
+          # if either of these are nil in changes, then use the existing value
+          new_app_name = changes_for_update.dig(:app_name, :new) || app_name
+          new_app_bundle_id = changes_for_update.dig(:app_bundle_id, :new) || app_bundle_id
+
           case req_change
           when :app_to_ea
             # create the ea
@@ -236,6 +252,7 @@ module Xolo
           when :update_app
             # set the requirement to use the new app data
             set_ted_title_requirement app_name: new_app_name, app_bundle_id: new_app_bundle_id
+
             # for all versions, update the patch compotent criteria to use the new app data
             set_ted_patch_component_criteria_after_update app_name: new_app_name, app_bundle_id: new_app_bundle_id
 
@@ -287,11 +304,19 @@ module Xolo
           end
         end
 
+        # In the TitleEditor, the version script is
+        # stored as an Extension Attribute - each title can
+        # only have one.
+        # and it needs a 'key', which is the name used to indicate the
+        # EA in various criteria, and is the EA name in Jamf Patch.
+        # The key is jamf_obj_name_pfx on the title
+        # so for title 'foobar', it is 'xolo-foobar' or 'xolotest-foobar' for test servers
+        # That value is also used as the display name
         # @return [String] The key and display name of a version script stored
         #   in the title editor as the ExtAttr for this title
         #####################
         def ted_ea_key
-          @ted_ea_key ||= self.class.ted_ea_key title
+          @ted_ea_key ||= "#{jamf_obj_name_pfx_base}#{title}"
         end
 
         # Create the EA in the Title Editor
@@ -416,6 +441,8 @@ module Xolo
         #
         # Re-enable the title in ted after updating any patches
         #
+        # TODO: Now that we are using stub patches, do we need the loop?
+        #
         # @return [void]
         ##############################
         def enable_ted_title
@@ -430,10 +457,10 @@ module Xolo
           loop do
             raise Xolo::TimeoutError, "Title Editor: Timed out waiting for SoftwareTitle '#{title}' to enable" if Time.now > breaktime
 
-            sleep 5
             ted_title(refresh: true).enable
             break
           rescue Windoo::MissingDataError => e
+            sleep 5
             log_debug "Title Editor: Looping up to #{Xolo::Server::Constants::MAX_JAMF_WAIT_FOR_TITLE_EDITOR} secs while re-enabling SoftwareTitle '#{title}': #{e}"
 
             # make sure all patches are enabled, even tho at least one should have been
@@ -463,6 +490,8 @@ module Xolo
         # @return [String] the URL for the title in the Title Editor
         #####################
         def ted_title_url
+          return unless managed?
+
           "https://#{Xolo::Server.config.ted_hostname}/softwaretitles/#{ted_id_number}"
         end
 
@@ -475,6 +504,10 @@ module Xolo
         # @return [void]
         ############################
         def repair_ted_title
+          if subscribed?
+            log_debug "Title Editor: SoftwareTitle '#{title}' is subscribed, skipping Title Editor repair"
+            return
+          end
           progress "Title Editor: Repairing SoftwareTitle '#{title}'", log: :info
 
           # TODO: version order??
@@ -500,16 +533,25 @@ module Xolo
           if ted_title.patches.empty?
             create_and_enable_stub_patch_in_ted(ted_title)
           else
-            # make sure at least one patch is enabled
-            unless ted_title.patches.to_a.any?(&:enabled?)
-              progress "Title Editor: Enabling at least the first patch for title '#{title}'", log: :info
-              ted_title.patches.first.enable
+            # repair all patches, because reparing the title might have changed the requirements
+            progress "Title Editor: Re-enabling all patches for '#{title}'", log: :info
+            version_objects.each do |vobj|
+              vobj.repair_ted_patch
             end
           end
 
           ted_title.enable unless ted_title(refresh: true).enabled?
         end
 
+        # Re-enable all patches in the title editor
+        # @return [void]
+        ###########################
+        def reenable_all_ted_patches
+          # re-enable all patches, after any change, which might have disabled them
+          progress "Title Editor: Re-enabling all patches for '#{title}'", log: :info
+          version_objects.each { |vobj| vobj.enable_ted_patch }
+        end
+
       end # TitleEditorTitle
 
     end # Mixins

data/lib/xolo/server/mixins/version_jamf_access.rb

@@ -26,29 +26,24 @@ module Xolo
 
         # The group of macs with this version installed
         # is named the full prefix plus this suffix.
-        JAMF_SMART_GROUP_NAME_INSTALLED_SFX = '-installed'
+        JAMF_SMART_GROUP_NAME_INSTALLED_SFX = 'installed'
 
         # The policy that does initial installs on-demand
         # (via 'xolo install <title> <version') is named the full
         # prefix plus this suffix.
-        JAMF_POLICY_NAME_MANUAL_INSTALL_SFX = '-manual-install'
+        JAMF_POLICY_NAME_MANUAL_INSTALL_SFX = 'manual-install'
 
         # The policy that does auto-installs is named the full
         # prefix plus this suffix.
         # The scope is changed as needed when a version's status
         # changes
-        JAMF_POLICY_NAME_AUTO_INSTALL_SFX = '-auto-install'
+        JAMF_POLICY_NAME_AUTO_INSTALL_SFX = 'auto-install'
 
         # The policy that does auto-re-installs is named the full
         # prefix plus this suffix.
         # The scope is changed as needed when a version's status
         # changes
-        JAMF_POLICY_NAME_AUTO_REINSTALL_SFX = '-auto-reinstall'
-
-        # How long to wait after a pkg re-upload before creating/enabling/flushing
-        # the auto-reinstall policy
-        # See TODO in #wait_to_enable_reinstall_policy
-        JAMF_AUTO_REINSTALL_WAIT_SECS = 15 * 60
+        JAMF_POLICY_NAME_AUTO_REINSTALL_SFX = 'auto-reinstall'
 
         # POLICIES, PATCH POLICIES, SCOPING
         #############################
@@ -197,7 +192,11 @@ module Xolo
           jamf_auto_install_policy
           jamf_manual_install_policy
 
-          activate_patch_version_in_jamf
+          if subscribed?
+            activate_subscribed_patch_version_in_jamf
+          else
+            activate_managed_patch_version_in_jamf
+          end
         end
 
         # Apply edits to the Xolo version to Jamf as needed
@@ -276,8 +275,6 @@ module Xolo
           # Delete package object
           # This is slow and it blocks, so do it in a thread and update progress every
           # 15 secs
-          return unless Jamf::JPackage.valid_id packageName: jamf_pkg_name, cnx: jamf_cnx
-
           delete_jamf_package
 
           # The code below is used when we want real-time progress updates to xadm
@@ -321,6 +318,8 @@ module Xolo
           @jamf_package =
             if id
               log_debug "Jamf: Fetching Jamf::JPackage '#{id}'"
+              self.jamf_pkg_id = id # in case we only had the name before, now we have the id, so save it
+              save_local_data
               Jamf::JPackage.fetch id: id, cnx: jamf_cnx
             else
               return if deleting?
@@ -329,10 +328,16 @@ module Xolo
             end
         end
 
+        # @return [Boolean] does the jamf_package exist?
+        #########################
+        def jamf_package_exist?
+          !Jamf::JPackage.valid_id(packageName: jamf_pkg_name, cnx: jamf_cnx).nil?
+        end
+
         # @return [Jamf::JPackage] Create the Jamf::JPackage object for this version and return it
         #########################
         def create_jamf_package
-          progress "Jamf: Creating Package object '#{jamf_pkg_name}'", log: :info
+          progress "Jamf: Creating Jamf::JPackage '#{jamf_pkg_name}'", log: :info
 
           # The filename is temporary, and will be replaced when the file is uploaded
           pkg = Jamf::JPackage.create(
@@ -442,13 +447,13 @@ module Xolo
         # @return [void]
         #########################
         def delete_jamf_package
-          pkg_id = Jamf::JPackage.valid_id packageName: jamf_pkg_name, cnx: jamf_cnx
+          pkg_id = jamf_pkg_id || Jamf::JPackage.valid_id(packageName: jamf_pkg_name, cnx: jamf_cnx)
           return unless pkg_id
 
           msg = "Jamf: Starting deletion of Package '#{jamf_pkg_name}' id #{jamf_pkg_id} at #{Time.now.strftime '%F %T'}"
           progress msg, log: :info
 
-          warning = +"IMPORTANT: Package deletion is slow. If you plan to re-add this version, '#{version}', please\n  "
+          warning = +"IMPORTANT: Package deletion can be slow. If you plan to re-add this version, '#{version}', please\n  "
           warning <<
             if Xolo::Server.config.alert_tool
               'check your Xolo alerts for completion, which can take up to 5 minutes,'
@@ -489,14 +494,18 @@ module Xolo
         # @return [Jamf::Policy] The auto-install-policy for this version, if it exists
         ##########################
         def jamf_auto_install_policy
-          @jamf_auto_install_policy ||=
-            if jamf_auto_install_policy_exist?
-              Jamf::Policy.fetch(name: jamf_auto_install_policy_name, cnx: jamf_cnx)
-            else
-              return if deleting?
+          # This is imporant to avoid infinite recursion
+          return @jamf_auto_install_policy if @jamf_auto_install_policy
 
-              create_jamf_auto_install_policy
-            end
+          if jamf_auto_install_policy_exist?
+            @jamf_auto_install_policy = Jamf::Policy.fetch(name: jamf_auto_install_policy_name, cnx: jamf_cnx)
+          else
+            return if deleting?
+
+            # this sets @jamf_auto_install_policy
+            create_jamf_auto_install_policy
+          end
+          @jamf_auto_install_policy
         end
 
         # The auto install policy is triggered by checkin
@@ -505,32 +514,34 @@ module Xolo
         # Before release, the targets are those defined in #pilot_groups_to_use
         #
         # After release, the targets are changed to those
-        # in title_object#target_group
+        # in title_object#release_groups
         #
         # This policy is never in self service
         # @return [Jamf::Policy] the auto install policy for this version
         #########################
         def create_jamf_auto_install_policy
           progress "Jamf: Creating Auto Install Policy: #{jamf_auto_install_policy_name}", log: :debug
-          pol = Jamf::Policy.create name: jamf_auto_install_policy_name, cnx: jamf_cnx
-          configure_jamf_auto_install_policy(pol)
-          pol.save
-          pol
+
+          @jamf_auto_install_policy = Jamf::Policy.create name: jamf_auto_install_policy_name, cnx: jamf_cnx
+
+          configure_jamf_auto_install_policy
+          @jamf_auto_install_policy.save
         end
 
         # repair the auto-install policy only
         #############################
         def repair_jamf_auto_install_policy
           progress "Jamf: Repairing Auto Install Policy '#{jamf_auto_install_policy_name}'", log: :info
-          pol = jamf_auto_install_policy
-          configure_jamf_auto_install_policy(pol)
-          pol.save
+          configure_jamf_auto_install_policy
+          jamf_auto_install_policy.save
         end
 
         # Configure the given policy as the auto-install policy for this version
         # @param pol [Jamf::Policy] the policy to configure
         ################################
-        def configure_jamf_auto_install_policy(pol)
+        def configure_jamf_auto_install_policy(pol = nil)
+          pol ||= jamf_auto_install_policy
+
           pol.category = Xolo::Server::JAMF_XOLO_CATEGORY
           pol.set_trigger_event :checkin, true
           pol.set_trigger_event :custom, Xolo::BLANK
@@ -553,7 +564,7 @@ module Xolo
           end
 
           # enable or disable based on status
-          if pilot? || released?
+          if pilot? || released? || releasing?
             pol.enable
           else
             pol.disable
@@ -679,8 +690,6 @@ module Xolo
             )
           else
             return if deleting?
-            # don't create unless there's been a re-upload of the pkg
-            return unless reupload_date
 
             create_jamf_installed_group
           end
@@ -730,51 +739,20 @@ module Xolo
         # The criteria for the smart group in Jamf that contains all Macs
         # with this version of this title installed
         #
-        # If we have, or are about to update to, a version_script (EA) then use it,
-        # otherwise use the app_name and app_bundle_id.
+        # We use the "Patch Reporting: #{title_object.display_name}" criterion so that we don't
+        # care whether the title uses a version-script or app data.
         #
         # @return [Array<Jamf::Criteriable::Criterion>]
         ###################################
         def jamf_installed_group_criteria
-          # does this title use an app bundle?
-          if title_object.app_name
-            [
-              Jamf::Criteriable::Criterion.new(
-                and_or: :and,
-                name: 'Application Title',
-                search_type: 'is',
-                value: title_object.app_name
-              ),
-
-              Jamf::Criteriable::Criterion.new(
-                and_or: :and,
-                name: 'Application Bundle ID',
-                search_type: 'is',
-                value: title_object.app_bundle_id
-              ),
-
-              Jamf::Criteriable::Criterion.new(
-                and_or: :and,
-                name: 'Application Version',
-                search_type: 'is',
-                value: version
-              )
-            ]
-
-          # if not, it must have a version script
-          elsif title_object.version_script
-            [
-              Jamf::Criteriable::Criterion.new(
-                and_or: :and,
-                name: title_object.jamf_normal_ea_name,
-                search_type: 'is',
-                value: version
-              )
-            ]
-
-          else
-            raise Xolo::Core::Exceptions::InvalidDataError, "Title #{title} has neither a version_script nor a defined app bundle."
-          end
+          [
+            Jamf::Criteriable::Criterion.new(
+              and_or: :or,
+              name: "Patch Reporting: #{title_object.display_name}",
+              search_type: 'is',
+              value: version
+            )
+          ]
         end
 
         #########################
@@ -794,7 +772,7 @@ module Xolo
         # @return [Boolean] does the jamf_auto_reinstall_policy exist?
         ##########################
         def jamf_auto_reinstall_policy_exist?
-          Jamf::Policy.all_names(cnx: jamf_cnx).include? jamf_auto_reinstall_policy_name
+          Jamf::Policy.all_names(:refresh, cnx: jamf_cnx).include? jamf_auto_reinstall_policy_name
         end
 
         # Create or fetch the auto re-install policy for this version
@@ -808,8 +786,6 @@ module Xolo
               Jamf::Policy.fetch(name: jamf_auto_reinstall_policy_name, cnx: jamf_cnx)
             else
               return if deleting?
-              # don't create unless there's been a re-upload of the pkg
-              return unless reupload_date
 
               create_jamf_auto_reinstall_policy
             end
@@ -839,6 +815,9 @@ module Xolo
         # @param pol [Jamf::Policy] the policy to configure
         ######################
         def configure_jamf_auto_reinstall_policy(pol)
+          # this creates the installed group if it doesn't already exist
+          jamf_installed_group
+
           pol.category = Xolo::Server::JAMF_XOLO_CATEGORY
           pol.set_trigger_event :checkin, true
           pol.set_trigger_event :custom, Xolo::BLANK
@@ -846,7 +825,7 @@ module Xolo
           pol.recon = false
           pol.retry_event = :checkin
           pol.retry_attempts = 5
-          pol.scope.set_targets :computer_groups, [jamf_installed_group_name]
+          pol.scope.set_targets :computer_groups, [jamf_installed_group.name]
 
           # exclusions are for always
           set_policy_exclusions pol
@@ -870,41 +849,6 @@ module Xolo
           @jamf_auto_reinstall_policy_url = "#{jamf_gui_url}/policies.html?id=#{pol_id}&o=r"
         end
 
-        # This will start a thread
-        # that will wait some period of time (to allow for pkg uploads
-        # to complete) before enabling and flushing the logs for the reinstall policy.
-        # This will make all macs with this version installed get it re-installed.
-        # @return [void]
-        def wait_to_enable_reinstall_policy
-          return if @enable_reinstall_policy_thread&.alive?
-          return unless reupload_date
-
-          # TODO: some setting to determine how long to wait?
-          # - If uploading via the Jamf API, we need to give it time
-          #   to then upload the file to the cloud distribution point
-          # - If uploading via a custom tool, we need to give that
-          #   tool time to re-upload to wherever it uploads to
-          # - May need to wait for other non-jamf/non-xolo processes
-          #   to sync the package to other distribution points. This
-          #   might be very site-specific.
-
-          # For now, we wait 15 minutes.
-          wait_time = JAMF_AUTO_REINSTALL_WAIT_SECS
-
-          @enable_reinstall_policy_thread = Thread.new do
-            log_debug "Jamf: Starting enable_reinstall_policy_thread: waiting #{wait_time} seconds before enabling reinstall policy for version #{version} of title #{title}"
-            sleep wait_time
-
-            log_debug "Jamf: enable_reinstall_policy_thread: enabling and flushing logs for reinstall policy for version #{version} of title #{title}"
-
-            pol = jamf_auto_reinstall_policy
-            pol.enable
-            pol.flush_logs
-            pol.save
-          end
-          @enable_reinstall_policy_thread.name = "enable_reinstall_policy_thread-#{title}-#{version}"
-        end
-
         #######  The Jamf Patch Policy
         ###########################################
         ###########################################
@@ -977,10 +921,10 @@ module Xolo
           # a rollback is being done
           ppol.allow_downgrade = false
 
-          # This should always be false, so that
+          # This should default to false, so that
           # we don't accidentally downgrade non-xolo test installs,
           # or server-pushed updates (like with commvault or cisco VPN)
-          ppol.patch_unknown = false
+          ppol.patch_unknown = patch_unknown ? true : false
 
           ppol.enable
 
@@ -1000,10 +944,10 @@ module Xolo
           ppol.name = jamf_patch_policy_name
           ppol.target_version = version
 
-          # This should always be false, so that
+          # This should default tofalse, so that
           # we don't accidentally downgrade non-xolo test installs,
           # or server-pushed updates (like with commvault or cisco VPN)
-          ppol.patch_unknown = false
+          ppol.patch_unknown = patch_unknown ? true : false
 
           if pilot?
             set_policy_pilot_groups ppol
@@ -1290,7 +1234,14 @@ module Xolo
           @jamf_patch_version = title_object.jamf_patch_title.versions[version]
           return @jamf_patch_version if @jamf_patch_version
 
-          # TODO: wait for it to appear when adding?
+          if repairing?
+            # if we're repairing, and the version isn't visible in Jamf, then
+            # jamf polled the title editor in the few moments it was disabled.
+            # and jamf will see it again within 5 minutes.
+            return nil
+          end
+
+          # TODO: wait for it to appear when adding, or re-appear when repairing?
           msg = "Jamf: Version '#{version}' of Title '#{title}' is not visible in Jamf. Is the Patch enabled in the Title Editor?"
           log_error msg
           raise Xolo::NoSuchItemError, msg
@@ -1304,7 +1255,7 @@ module Xolo
         #
         # @return [void]
         #########################
-        def activate_patch_version_in_jamf
+        def activate_managed_patch_version_in_jamf
           # don't do this if there's already one running for this instance
           if @activate_patch_version_thread&.alive?
             log_debug "Jamf: activate_patch_version_thread already running. Caller: #{caller_locations.first}"
@@ -1336,13 +1287,7 @@ module Xolo
             end
 
             if did_it
-              assign_pkg_to_patch_in_jamf
-              # give jamf a moment to catch up and refresh the patch title
-              # so we see the pkg has been assigned
-              sleep 2
-              title_object.jamf_patch_title(refresh: true)
-
-              create_jamf_patch_policy
+              activate_patch_version_in_jamf
               msg = "Jamf: Version '#{version}' of title '#{title}' is now visible in Jamf Pro. Package assigned and Patch policy created."
               log_info msg, alert: true
             else
@@ -1353,6 +1298,37 @@ module Xolo
           @activate_patch_version_thread.name = "activate_patch_version_thread-#{title}-#{version}"
         end
 
+        # Patches for subscribed titles are already visible in Jamf Patch Management
+        # So we just need to assign the pkg to the patch version, and create the patch policy.
+        ##########################
+        def activate_subscribed_patch_version_in_jamf
+          msg = "Jamf: Assigning package and creating patch policy for version '#{version}' of subscribed title '#{title}'"
+          log_info msg
+          activate_patch_version_in_jamf
+        end
+
+        # Assign the package for this version to the Jamf::PatchTitle::Version in Jamf
+        # and create the patch policy for this version.
+        #
+        # @return [void]
+        ##########################
+        def activate_patch_version_in_jamf
+          log_debug "Jamf: Activating patch version in Jamf for version '#{version}' of title '#{title}'"
+
+          # create the Jamf::JPackage object if needed
+          jamf_package
+          title_object.jamf_patch_title(refresh: true)
+          sleep 3
+
+          assign_pkg_to_patch_in_jamf
+          # give jamf a moment to catch up and refresh the patch title
+          # so we see the pkg has been assigned
+          sleep 2
+          title_object.jamf_patch_title(refresh: true)
+
+          create_jamf_patch_policy
+        end
+
         # Assign the Package to the Jamf::PatchTitle::Version for this Xolo version.
         # This 'activates' the version in Jamf Patch, and must happen before
         # patch policies can be created
@@ -1368,10 +1344,23 @@ module Xolo
         # @return [void]
         ########################################
         def assign_pkg_to_patch_in_jamf
-          log_info "Jamf: Assigning package '#{jamf_pkg_name}' to patch version '#{version}' of title '#{title}'"
+          patch_vers_obj = jamf_patch_version
+
+          if patch_vers_obj.nil? && repairing?
+            msg = "Jamf: Cant re-assign package '#{jamf_pkg_name}' to patch version '#{version}' of title '#{title}' at this time. If there are problems with it, try 'repair' again later."
+            progress msg, log: :info
+            return
+          end
+
+          progress "Jamf: Assigning package '#{jamf_pkg_name}' to patch version '#{version}' of title '#{title}'", log: :info
+
+          log_debug "Jamf: jamf_patch_version is: #{patch_vers_obj}"
+
+          patch_vers_obj.package = jamf_pkg_name
+          log_debug "Jamf: jamf_patch_version after assignment is: #{patch_vers_obj}"
 
-          jamf_patch_version.package = jamf_pkg_name
           title_object.jamf_patch_title.save
+          log_debug 'Jamf: Saved jamf_patch_title after assigning package to version.'
         end
 
         # Get the patch report for this version