Documentation
¶
Index ¶
- Constants
- Variables
- func ConfigHasPayloads(config json.RawMessage) error
- func ConvertMobileconfig(data []byte, filterUnsupported bool) (json.RawMessage, []string, error)
- func ConvertPlist(data []byte, payloadType, displayName string) (json.RawMessage, []string, error)
- func ExtractProfileIdentifiers(data []byte) (uuid, identifier string, err error)
- func FormatComponentJSON(config json.RawMessage) ([]byte, error)
- func InjectIdentifiers(newPlist, existingPlist []byte) ([]byte, error)
- func MissingRequiredKeys(entry map[string]any, defaults *SchemaDefaults) []string
- func PayloadTypeSummary(data []byte) []string
- func ProfileDisplayName(data []byte) string
- func StripConfigDefaults(config json.RawMessage, fetcher *SchemaFetcher) (json.RawMessage, []string)
- func StripDefaultKeys(entry map[string]any, defaults *SchemaDefaults) (int, []string)
- func SupportedPayloadTypesList() []string
- func ValidatePayloads(config json.RawMessage, fetcher *SchemaFetcher) (json.RawMessage, []string)
- type DDMComponent
- type DDMConversionResult
- type SchemaDefaults
- type SchemaFetcher
Constants ¶
const ConflictWarning = `` /* 276-byte string literal not displayed */
ConflictWarning is printed to stderr when converting profiles to blueprint components.
Variables ¶
var SupportedPayloadTypes = map[string]bool{ "com.apple.Dictionary": true, "com.apple.DiscRecording": true, "com.apple.MCX.Accounts": true, "com.apple.MCX.MobileAccounts": true, "com.apple.MCX.TimeMachine": true, "com.apple.MCX.TimeServer": true, "com.apple.NSExtension": true, "com.apple.SystemConfiguration": true, "com.apple.TCC.configuration-profile-policy": true, "com.apple.airprint": true, "com.apple.app.lock": true, "com.apple.applicationaccess": true, "com.apple.appstore": true, "com.apple.asam": true, "com.apple.cellularprivatenetwork.managed": true, "com.apple.conferenceroomdisplay": true, "com.apple.desktop": true, "com.apple.dnsProxy.managed": true, "com.apple.domains": true, "com.apple.familycontrols.contentfilter": true, "com.apple.fileproviderd": true, "com.apple.finder": true, "com.apple.gamed": true, "com.apple.loginitems.managed": true, "com.apple.loginwindow": true, "com.apple.mcxprinting": true, "com.apple.notificationsettings": true, "com.apple.preference.security": true, "com.apple.preference.users": true, "com.apple.screensaver": true, "com.apple.screensaver.user": true, "com.apple.security.firewall": true, "com.apple.security.smartcard": true, "com.apple.servicemanagement": true, "com.apple.shareddeviceconfiguration": true, "com.apple.system.logging": true, "com.apple.systempolicy.control": true, "com.apple.systempolicy.managed": true, "com.apple.tvremote": true, "com.apple.universalaccess": true, "loginwindow": true, }
SupportedPayloadTypes lists legacy payload types supported by Jamf Platform blueprints. Sourced from https://learn.jamf.com/r/en-US/jamf-pro-blueprints-configuration-guide/Blueprints_Release_Notes_Pro
Functions ¶
func ConfigHasPayloads ¶
func ConfigHasPayloads(config json.RawMessage) error
ConfigHasPayloads returns an error if the configuration has an empty payloadContent array, which can happen after StripConfigDefaults removes all payloads.
func ConvertMobileconfig ¶
ConvertMobileconfig parses a mobileconfig (XML plist) and returns a DDMProfileDto configuration suitable for a com.jamf.ddm-configuration-profile blueprint component. When filterUnsupported is true, payloads with unsupported types are silently removed (with a warning). Otherwise they are included and the API will validate them.
func ConvertPlist ¶
ConvertPlist parses a raw preference domain plist and wraps it as a single-payload DDMProfileDto configuration. The payloadType must be the Apple preference domain (e.g. "com.apple.dock").
func ExtractProfileIdentifiers ¶
ExtractProfileIdentifiers extracts the top-level PayloadUUID and PayloadIdentifier from a mobileconfig plist. Returns empty strings when the fields are absent (not an error condition).
func FormatComponentJSON ¶
func FormatComponentJSON(config json.RawMessage) ([]byte, error)
FormatComponentJSON wraps a configuration in a complete component block with the com.jamf.ddm-configuration-profile identifier.
func InjectIdentifiers ¶
InjectIdentifiers preserves the PayloadUUID and PayloadIdentifier from an existing mobileconfig plist into a new mobileconfig plist. This prevents macOS/iOS devices from treating a profile update as a new installation, which causes "ghost profiles" where the old profile lingers on devices even though the server considers it replaced.
Returns the modified new plist bytes serialised in the original plist format. If existingPlist is empty or cannot be parsed, newPlist is returned unchanged without error. If newPlist itself cannot be parsed, an error is returned.
func MissingRequiredKeys ¶
func MissingRequiredKeys(entry map[string]any, defaults *SchemaDefaults) []string
MissingRequiredKeys returns the names of required keys that are absent from the payload entry. A payload missing required keys is invalid and should be removed — the DDM API will reject it regardless.
func PayloadTypeSummary ¶
PayloadTypeSummary returns a human-readable summary of payload types in a mobileconfig.
func ProfileDisplayName ¶
ProfileDisplayName extracts the PayloadDisplayName from a mobileconfig without doing a full conversion. Useful for deriving blueprint names.
func StripConfigDefaults ¶
func StripConfigDefaults(config json.RawMessage, fetcher *SchemaFetcher) (json.RawMessage, []string)
StripConfigDefaults removes keys from each payload in a DDMProfileDto configuration whose values match Apple's published defaults. This reduces noise from profiles that set every key even when the value is the Apple default (common with Jamf Pro's UI). The fetcher is used to retrieve Apple's schema for each payload type. Also validates and removes broken payloads (empty payloads, missing required fields).
Returns the modified configuration and a list of human-readable messages about what was stripped.
func StripDefaultKeys ¶
func StripDefaultKeys(entry map[string]any, defaults *SchemaDefaults) (int, []string)
StripDefaultKeys removes keys from a payload entry whose values match the Apple schema defaults. Returns the count of keys stripped. The payloadType and payloadIdentifier keys are never stripped.
func SupportedPayloadTypesList ¶
func SupportedPayloadTypesList() []string
SupportedPayloadTypesList returns the supported payload types as a sorted slice for shell completion and help text.
func ValidatePayloads ¶
func ValidatePayloads(config json.RawMessage, fetcher *SchemaFetcher) (json.RawMessage, []string)
ValidatePayloads checks each payload in a DDMProfileDto configuration against Apple's schema and removes payloads that would be rejected by the DDM API (e.g. missing required fields, or payloads with no setting keys). This does not strip defaults — it only validates structural correctness.
Call this before uploading to the API even when --strip-defaults is not used.
Types ¶
type DDMComponent ¶
type DDMComponent struct {
Identifier string `json:"identifier"`
Configuration json.RawMessage `json:"configuration"`
}
DDMComponent represents a native DDM blueprint component produced by converting a legacy mobileconfig payload.
type DDMConversionResult ¶
type DDMConversionResult struct {
// NativeComponents are payloads successfully converted to native DDM.
NativeComponents []DDMComponent
// ProfileConfig is the DDMProfileDto wrapping payloads that could not be
// converted. Nil when every payload was converted to a native component.
ProfileConfig json.RawMessage
// DisplayName from the original mobileconfig's PayloadDisplayName.
DisplayName string
// Warnings about conversion issues (dropped keys, unsupported types, etc.).
Warnings []string
// Conversions describes each successful native DDM conversion
// (e.g. "com.apple.mobiledevice.passwordpolicy -> com.jamf.ddm.passcode-settings").
Conversions []string
}
DDMConversionResult holds the output of converting a mobileconfig where compatible payloads are automatically promoted to native DDM components.
func ConvertToDDMComponents ¶
func ConvertToDDMComponents(data []byte, filterUnsupported bool, fetcher *SchemaFetcher) (*DDMConversionResult, error)
ConvertToDDMComponents parses a mobileconfig and converts compatible payloads to native DDM components. Payloads without a converter are wrapped in a com.jamf.ddm-configuration-profile component. When filterUnsupported is true, unsupported payload types without a DDM converter are removed. When fetcher is non-nil, Apple schema defaults are stripped from payload settings before conversion so that default-valued keys are not actively managed.
type SchemaDefaults ¶
SchemaDefaults holds the default values and required field info for an Apple profile schema. Defaults maps key name → default value (only keys that have a default in the schema). Required lists keys with presence: required.
func ParseSchemaDefaults ¶
func ParseSchemaDefaults(data []byte) (*SchemaDefaults, error)
ParseSchemaDefaults extracts default values from a raw Apple profile YAML schema. Exported for testing.
type SchemaFetcher ¶
type SchemaFetcher struct {
// contains filtered or unexported fields
}
SchemaFetcher fetches and caches Apple profile schemas for default stripping.
func NewSchemaFetcher ¶
func NewSchemaFetcher(client *http.Client) *SchemaFetcher
NewSchemaFetcher creates a SchemaFetcher with the given HTTP client. If client is nil, a default client with a 10-second timeout is used.
func (*SchemaFetcher) FetchDefaults ¶
func (f *SchemaFetcher) FetchDefaults(payloadType string) (*SchemaDefaults, error)
FetchDefaults retrieves the Apple schema for the given payload type and returns the default values for its keys. Results are cached per payload type. Returns nil defaults (not an error) if the schema is unavailable.
Source Files