npm - addigy - Versions diffs - 2.3.0 → 2.5.0 - Mend

addigy 2.3.0 → 2.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/index.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { Extension, IAddigyConfig, IAddigyInternalAuthObject, NotificationSettings, PPPCInput, SupportedOsVersions } from './types';
+import { CustomFact, Extension, FilevaultRequest, IAddigyConfig, IAddigyInternalAuthObject, NotificationSettings, PPPCInput, SupportedOsVersions } from './types';
 export * from './types';
 declare enum AlertStatus {
     Acknowledged = "Acknowledged",
@@ -61,7 +61,12 @@ export declare class Addigy {
     }): Promise<any>;
     createNotificationSettingsPolicy(authObject: IAddigyInternalAuthObject, name: string, notificationSettings: NotificationSettings[]): Promise<any>;
     createCustomProfile(authObject: IAddigyInternalAuthObject, name: string, customProfileText: string, supportedOsVersions: SupportedOsVersions, payloadScope?: 'System' | 'User', is_profile_signed?: boolean): Promise<any>;
+    createMdmProfile(authObject: IAddigyInternalAuthObject, mdmProfile: any): Promise<any>;
+    createFilevaultPolicy(authObject: IAddigyInternalAuthObject, name: string, filevault: FilevaultRequest, payloadPriority?: number): Promise<any>;
     createPPPCPolicy(authObject: IAddigyInternalAuthObject, name: string, pppcPolicy: PPPCInput[]): Promise<any>;
+    createCustomFact(authObject: IAddigyInternalAuthObject, name: string, script: string, scriptType: 'bash' | 'python' | 'zsh'): Promise<CustomFact>;
+    getCustomFacts(authObject: IAddigyInternalAuthObject): Promise<CustomFact[]>;
+    getCustomFactByName(authObject: IAddigyInternalAuthObject, name: string): Promise<CustomFact | undefined>;
     getMdmConfigurations(authObject: IAddigyInternalAuthObject): Promise<any[]>;
     getMdmConfigurationByName(authObject: IAddigyInternalAuthObject, name: string): Promise<any>;
     getFileVaultKeys(authObject: IAddigyInternalAuthObject): Promise<object[]>;

package/index.js CHANGED Viewed

@@ -727,6 +727,102 @@ class Addigy {
             throw err;
         }
     }
+    async createMdmProfile(authObject, mdmProfile) {
+        try {
+            let res = await this._addigyRequest('https://app-prod.addigy.com/api/mdm/user/profiles/configurations', {
+                headers: {
+                    Cookie: `auth_token=${authObject.authToken};`,
+                    origin: 'https://app-prod.addigy.com',
+                },
+                method: 'POST',
+                json: { payloads: mdmProfile },
+            });
+            return JSON.parse(res.body);
+        }
+        catch (err) {
+            throw err;
+        }
+    }
+    async createFilevaultPolicy(authObject, name, filevault, payloadPriority = 1) {
+        const groupUUID = uuid_1.v4();
+        const encryptCertPayloadUUID = uuid_1.v4();
+        const basePayload = {
+            payload_display_name: name,
+            payload_version: 1,
+            payload_group_id: groupUUID,
+            addigy_payload_version: 0,
+            payload_priority: payloadPriority,
+        };
+        const payloads = [
+            {
+                ...basePayload,
+                payload_type: 'com.apple.MCX.FileVault2',
+                addigy_payload_type: 'com.addigy.securityAndPrivacy.com.apple.MCX.FileVault2',
+                payload_identifier: `com.addigy.securityAndPrivacy.com.apple.MCX.FileVault2.${groupUUID}`,
+                payload_uuid: uuid_1.v4(),
+                enable: filevault.enable ? 'On' : 'Off',
+                defer: filevault.defer,
+                use_recovery_key: true,
+                show_recovery_key: filevault.showRecoveryKey === undefined ? null : filevault.showRecoveryKey,
+                defer_dont_ask_at_user_logout: filevault.deferDontAskAtUserLogout === undefined
+                    ? null
+                    : filevault.deferDontAskAtUserLogout,
+                defer_force_at_user_login_max_bypass_attempts: filevault.deferForceAtUserLoginMaxBypassAttempts === undefined
+                    ? null
+                    : filevault.deferForceAtUserLoginMaxBypassAttempts,
+            },
+            {
+                ...basePayload,
+                payload_type: 'com.apple.MCX',
+                addigy_payload_type: 'com.addigy.securityAndPrivacy.com.apple.MCX',
+                payload_identifier: `com.addigy.securityAndPrivacy.com.apple.MCX.${groupUUID} `,
+                payload_uuid: uuid_1.v4(),
+                destroy_fv_key_on_standby: filevault.destroyFvKeyOnStandby === undefined
+                    ? null
+                    : filevault.destroyFvKeyOnStandby,
+                dont_allow_fde_disable: true,
+            },
+        ];
+        if (filevault.escrowRecoveryKey)
+            payloads.push({
+                ...basePayload,
+                addigy_payload_type: 'com.addigy.securityAndPrivacy.com.apple.security.pkcs1',
+                payload_type: 'com.apple.security.pkcs1',
+                payload_identifier: `com.addigy.securityAndPrivacy.com.apple.security.pkcs1.${groupUUID}`,
+                payload_uuid: uuid_1.v4(),
+                is_from_security_profile: true,
+            }, {
+                ...basePayload,
+                addigy_payload_type: 'com.addigy.securityAndPrivacy.com.apple.security.FDERecoveryKeyEscrow',
+                payload_type: 'com.apple.security.FDERecoveryKeyEscrow',
+                payload_identifier: `com.addigy.securityAndPrivacy.com.apple.security.FDERecoveryKeyEscrow.${groupUUID}`,
+                payload_uuid: uuid_1.v4(),
+                encrypt_cert_payload_uuid: encryptCertPayloadUUID,
+                location: 'Key will be escrowed to an Addigy secure database.',
+            }, {
+                ...basePayload,
+                addigy_payload_type: 'com.addigy.securityAndPrivacy.com.apple.security.FDERecoveryRedirect',
+                payload_type: 'com.apple.security.FDERecoveryRedirect',
+                payload_identifier: `com.addigy.securityAndPrivacy.com.apple.security.FDERecoveryRedirect.${groupUUID}`,
+                payload_uuid: uuid_1.v4(),
+                encrypt_cert_payload_uuid: encryptCertPayloadUUID,
+                redirect_url: '',
+            });
+        try {
+            let res = await this._addigyRequest('https://app-prod.addigy.com/api/mdm/user/profiles/configurations', {
+                headers: {
+                    Cookie: `auth_token=${authObject.authToken};`,
+                    origin: 'https://app-prod.addigy.com',
+                },
+                method: 'POST',
+                json: { payloads },
+            });
+            return JSON.parse(res.body);
+        }
+        catch (err) {
+            throw err;
+        }
+    }
     async createPPPCPolicy(authObject, name, pppcPolicy) {
         const groupUUID = uuid_1.v4();
         const payload = {
@@ -801,6 +897,54 @@ class Addigy {
         });
         return JSON.parse(res.body);
     }
+    async createCustomFact(authObject, name, script, scriptType) {
+        const shebang = {
+            bash: '#!/bin/bash',
+            python: '#!/usr/bin/python',
+            zsh: '#!/bin/zsh',
+        };
+        const body = {
+            name,
+            os_architectures: {
+                linux_arm: {
+                    is_supported: false,
+                    language: '',
+                    shebang: '',
+                    script: '',
+                },
+                darwin_amd64: {
+                    is_supported: true,
+                    language: scriptType,
+                    shebang: shebang[scriptType],
+                    script,
+                },
+            },
+            return_type: 'string',
+        };
+        const res = await this._addigyRequest('https://app-prod.addigy.com/api/services/facts/custom', {
+            headers: {
+                Cookie: `auth_token=${authObject.authToken};`,
+                origin: 'https://app-prod.addigy.com',
+            },
+            method: 'POST',
+            json: body,
+        });
+        return JSON.parse(res.body);
+    }
+    async getCustomFacts(authObject) {
+        const res = await this._addigyRequest('https://app-prod.addigy.com/api/services/facts/custom', {
+            headers: {
+                Cookie: `auth_token=${authObject.authToken};`,
+                origin: 'https://app-prod.addigy.com',
+            },
+            method: 'GET',
+        });
+        return JSON.parse(res.body);
+    }
+    async getCustomFactByName(authObject, name) {
+        const facts = await this.getCustomFacts(authObject);
+        return facts.find((e) => e.name === name);
+    }
     async getMdmConfigurations(authObject) {
         var _a;
         try {

package/package.json CHANGED Viewed

@@ -8,14 +8,14 @@
     "dependencies": {
         "@expo/plist": "0.0.18",
         "form-data": "4.0.0",
-        "got": "11.8.2",
+        "got": "11.8.5",
         "uuid": "8.3.2"
     },
     "description": "",
     "devDependencies": {
         "@pliancy/eslint-config-ts": "0.0.5",
         "@pliancy/semantic-release-config-npm": "2.1.0",
-        "@types/got": "9.6.11",
+        "@types/got": "9.6.12",
         "@types/jest": "26.0.23",
         "@types/node": "15.12.5",
         "@types/uuid": "8.3.0",
@@ -59,7 +59,7 @@
         "tsc": "tsc -p tsconfig.build.json"
     },
     "types": "index.d.ts",
-    "version": "2.3.0",
+    "version": "2.5.0",
     "volta": {
         "node": "14.17.1",
         "yarn": "1.22.10"

package/types.d.ts CHANGED Viewed

@@ -10,8 +10,8 @@ export interface IAddigyInternalAuthObject {
     emailAddress: string;
 }
 export interface Payload {
-    addigy_payload_type: 'com.addigy.syspolicy.system-extension-policy.com.apple.system-extension-policy' | 'com.addigy.TCC.configuration-profile-policy.com.apple.TCC.configuration-profile-policy' | 'com.addigy.syspolicy.kernel-extension-policy.com.apple.syspolicy.kernel-extension-policy' | 'com.addigy.notifications.com.apple.notificationsettings' | 'com.addigy.custom.mdm.payload';
-    payload_type: 'com.apple.system-extension-policy' | 'com.apple.syspolicy.kernel-extension-policy' | 'com.apple.TCC.configuration-profile-policy' | 'com.apple.notificationsettings' | 'custom';
+    addigy_payload_type: 'com.addigy.syspolicy.system-extension-policy.com.apple.system-extension-policy' | 'com.addigy.TCC.configuration-profile-policy.com.apple.TCC.configuration-profile-policy' | 'com.addigy.syspolicy.kernel-extension-policy.com.apple.syspolicy.kernel-extension-policy' | 'com.addigy.notifications.com.apple.notificationsettings' | 'com.addigy.custom.mdm.payload' | 'com.addigy.securityAndPrivacy.com.apple.MCX.FileVault2' | 'com.addigy.securityAndPrivacy.com.apple.MCX' | 'com.addigy.securityAndPrivacy.com.apple.security.pkcs1' | 'com.addigy.securityAndPrivacy.com.apple.security.FDERecoveryKeyEscrow' | 'com.addigy.securityAndPrivacy.com.apple.security.FDERecoveryRedirect';
+    payload_type: 'com.apple.system-extension-policy' | 'com.apple.syspolicy.kernel-extension-policy' | 'com.apple.TCC.configuration-profile-policy' | 'com.apple.notificationsettings' | 'custom' | 'com.apple.MCX.FileVault2' | 'com.apple.MCX' | 'com.apple.security.pkcs1' | 'com.apple.security.FDERecoveryKeyEscrow' | 'com.apple.security.FDERecoveryRedirect';
     payload_version: number;
     payload_identifier: string;
     payload_uuid: string;
@@ -147,3 +147,50 @@ export interface SupportedOsVersions {
     iOS?: string;
     tvOS?: string;
 }
+export interface FilevaultPayload extends Payload {
+    enable?: 'On' | 'Off';
+    defer?: boolean;
+    use_recovery_key?: boolean;
+    show_recovery_key?: boolean | null;
+    defer_dont_ask_at_user_logout?: boolean | null;
+    defer_force_at_user_login_max_bypass_attempts?: number | null;
+    addigy_payload_version?: number;
+    destroy_fv_key_on_standby?: boolean | null;
+    dont_allow_fde_disable?: boolean;
+    is_from_security_profile?: boolean;
+    encrypt_cert_payload_uuid?: string;
+    location?: string;
+    payload_priority?: number;
+    redirect_url?: string;
+}
+export interface FilevaultRequest {
+    enable?: boolean;
+    defer?: boolean;
+    showRecoveryKey?: boolean;
+    destroyFvKeyOnStandby?: boolean;
+    escrowRecoveryKey?: boolean;
+    deferDontAskAtUserLogout?: boolean;
+    deferForceAtUserLoginMaxBypassAttempts?: -1 | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10;
+}
+export interface CustomFact {
+    organization_id: string;
+    name: string;
+    return_type: string;
+    identifier: string;
+    version: number;
+    os_architectures: CustomFactOSArchitectures;
+    notes: string;
+    provider: string;
+    source: string;
+}
+export interface CustomFactOSArchitectures {
+    linux_arm: CustomFactOSArchitecturesData;
+    darwin_amd64: CustomFactOSArchitecturesData;
+}
+export interface CustomFactOSArchitecturesData {
+    language: string;
+    is_supported: boolean;
+    shebang: string;
+    script: string;
+    md5_hash: string;
+}