Documentation
¶
Overview ¶
Package scope provides scope manipulation for Jamf Classic API resources. It handles reading, modifying, and writing scope sections (targets, limitations, exclusions) on policies, configuration profiles, and other scopeable resources.
Index ¶
- func AddScopeFlags(cmd *cobra.Command, section *string)
- func AddToScope(s *ScopeXML, singularKey, section, flagName, name string) bool
- func FlattenScope(s *ScopeXML, singularKey string) []map[string]any
- func NewScopeCmd(ctx *registry.CLIContext, res Resource) *cobra.Command
- func OutputScope(out registry.OutputFormatter, s *ScopeXML, singularKey, format string) error
- func PutScope(ctx context.Context, client registry.HTTPClient, res Resource, id string, ...) error
- func RemoveFromScope(s *ScopeXML, singularKey, section, flagName, name string) bool
- func ValidateScopeCombination(singularKey, section, flagName string) error
- func VerifyItemInScope(ctx context.Context, client registry.HTTPClient, res Resource, ...) error
- type ExclusionsXML
- type LimitToUsersXML
- type LimitationsXML
- type NamedItem
- type Resource
- type ScopeItemSlice
- type ScopeStringSlice
- type ScopeTarget
- type ScopeXML
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AddScopeFlags ¶
AddScopeFlags registers the --section and item flags on a scope add/remove command.
func AddToScope ¶
AddToScope adds a named item to the given scope section. Returns true if the item was added, false if already present (idempotent no-op).
func FlattenScope ¶
FlattenScope converts a ScopeXML into a flat list of rows for table output.
func NewScopeCmd ¶
func NewScopeCmd(ctx *registry.CLIContext, res Resource) *cobra.Command
NewScopeCmd creates the "scope" subcommand group with get, add, and remove subcommands for the given Classic API resource.
func OutputScope ¶
func OutputScope(out registry.OutputFormatter, s *ScopeXML, singularKey, format string) error
OutputScope writes the scope to the output formatter. For table/csv/plain formats it flattens the scope into rows; for json/yaml it outputs the full structure.
func PutScope ¶
func PutScope(ctx context.Context, client registry.HTTPClient, res Resource, id string, s *ScopeXML) error
PutScope writes an updated scope back to the Classic API. Uses the subset/Scope endpoint by default; falls back to a full document PUT when res.NoSubsetPut is set.
func RemoveFromScope ¶
RemoveFromScope removes a named item from the given scope section. Returns true if removed, false if not found (idempotent no-op).
For the policy limitation user_group case, user groups can live in BOTH limit_to_users/user_groups (plain strings) AND limitations/user_groups (named items). Both locations are checked.
func ValidateScopeCombination ¶
ValidateScopeCombination checks that the given section/flag combination is valid for the resource type. The acceptance rules below reflect live testing of every flag against every scope-enabled Classic resource (see docs/solutions/).
Notable rules:
- `--user-group` is only valid in limitation/exclusion (LDAP/AD group). Use `--jss-user-group` to target a JSS user group; the previous overload of `--user-group` for target was ambiguous and made wrong-section mistakes undetectable until a GET roundtrip.
- Restricted software is computer-only: it accepts no limitations, and only computer-group / building / department for target and exclusion. The server silently drops jss_user_groups / all_jss_users / user_groups for this resource type.
- `--computer` is only valid in target/exclusion (no concept of a "computer limitation"). `--mobile-device` same.
- `--user` (inventory username, free-text) is only valid in limitation/exclusion.
func VerifyItemInScope ¶ added in v1.17.0
func VerifyItemInScope(ctx context.Context, client registry.HTTPClient, res Resource, name, section, flagName, itemName string, expectPresent bool) error
VerifyItemInScope refetches scope after a PUT and confirms the given item is (or is not) present, depending on `expectPresent`. Catches the silent-drop case where the server returns 200/201 but discards a scope element that doesn't apply to the resource type (e.g. computer_groups limitation on a policy, network_segment on a VPP assignment).
Types ¶
type ExclusionsXML ¶
type ExclusionsXML struct {
Computers ScopeItemSlice `xml:"computers" json:"computers"`
ComputerGroups ScopeItemSlice `xml:"computer_groups" json:"computer_groups"`
MobileDevices ScopeItemSlice `xml:"mobile_devices" json:"mobile_devices"`
MobileDeviceGroups ScopeItemSlice `xml:"mobile_device_groups" json:"mobile_device_groups"`
Users ScopeItemSlice `xml:"users" json:"users"`
UserGroups ScopeItemSlice `xml:"user_groups" json:"user_groups"`
NetworkSegments ScopeItemSlice `xml:"network_segments" json:"network_segments"`
Buildings ScopeItemSlice `xml:"buildings" json:"buildings"`
Departments ScopeItemSlice `xml:"departments" json:"departments"`
JSSUsers ScopeItemSlice `xml:"jss_users" json:"jss_users"`
JSSUserGroups ScopeItemSlice `xml:"jss_user_groups" json:"jss_user_groups"`
IBeacons ScopeItemSlice `xml:"ibeacons" json:"ibeacons"`
}
ExclusionsXML models the <exclusions> section.
type LimitToUsersXML ¶
type LimitToUsersXML struct {
UserGroups ScopeStringSlice `xml:"user_groups" json:"user_groups"`
}
LimitToUsersXML models the <limit_to_users> section (policies only).
type LimitationsXML ¶
type LimitationsXML struct {
Users ScopeItemSlice `xml:"users" json:"users"`
UserGroups ScopeItemSlice `xml:"user_groups" json:"user_groups"`
NetworkSegments ScopeItemSlice `xml:"network_segments" json:"network_segments"`
ComputerGroups ScopeItemSlice `xml:"computer_groups" json:"computer_groups"`
IBeacons ScopeItemSlice `xml:"ibeacons" json:"ibeacons"`
}
LimitationsXML models the <limitations> section.
type NamedItem ¶
type NamedItem struct {
ID string `xml:"id,omitempty" json:"id,omitempty"`
Name string `xml:"name" json:"name"`
UDID string `xml:"udid,omitempty" json:"udid,omitempty"`
}
NamedItem is an item identified by name (and optionally ID or UDID) in scope XML. ID is a string to accommodate both integer IDs (most resources) and UUID IDs (e.g. ebook scope user groups) returned by the Classic API. UDID is populated for individual mobile devices and computers.
type Resource ¶
type Resource struct {
APIPath string // URL segment under /JSSResource/, e.g. "policies"
SingularKey string // XML root key for a single object, e.g. "policy"
ResolveByList bool // when true, resolve name→ID by listing all (no /name/ endpoint)
NoSubsetPut bool // when true, PUT full document instead of /subset/Scope
}
Resource identifies a Classic API resource that supports scope operations.
type ScopeItemSlice ¶
ScopeItemSlice is a list of NamedItem elements under a single XML parent. The child element name (e.g. "computer_group") is learned during unmarshal and reused during marshal. For newly-created lists it falls back to the parent element name with trailing "s" stripped.
func (ScopeItemSlice) MarshalJSON ¶
func (s ScopeItemSlice) MarshalJSON() ([]byte, error)
func (ScopeItemSlice) MarshalXML ¶
func (s ScopeItemSlice) MarshalXML(e *xml.Encoder, start xml.StartElement) error
func (*ScopeItemSlice) UnmarshalXML ¶
func (s *ScopeItemSlice) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error
type ScopeStringSlice ¶
ScopeStringSlice is a list of plain string elements under a single XML parent. Used for policy limitation user groups (limit_to_users/user_groups), where items are bare strings rather than objects with name sub-elements.
func (ScopeStringSlice) MarshalJSON ¶
func (s ScopeStringSlice) MarshalJSON() ([]byte, error)
func (ScopeStringSlice) MarshalXML ¶
func (s ScopeStringSlice) MarshalXML(e *xml.Encoder, start xml.StartElement) error
func (*ScopeStringSlice) UnmarshalXML ¶
func (s *ScopeStringSlice) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error
type ScopeTarget ¶
ScopeTarget holds a resolved flag name and value from a scope add/remove command.
func DetermineScopeTarget ¶
func DetermineScopeTarget(cmd *cobra.Command) (ScopeTarget, error)
DetermineScopeTarget inspects the command's flags to find exactly one scope target flag that was set. Returns an error if zero or multiple flags are set.
type ScopeXML ¶
type ScopeXML struct {
XMLName xml.Name `xml:"scope" json:"-"`
AllComputers bool `xml:"all_computers" json:"all_computers"`
AllMobileDevices bool `xml:"all_mobile_devices,omitempty" json:"all_mobile_devices,omitempty"`
AllJSSUsers bool `xml:"all_jss_users" json:"all_jss_users"`
Computers ScopeItemSlice `xml:"computers" json:"computers"`
ComputerGroups ScopeItemSlice `xml:"computer_groups" json:"computer_groups"`
MobileDevices ScopeItemSlice `xml:"mobile_devices" json:"mobile_devices"`
MobileDeviceGroups ScopeItemSlice `xml:"mobile_device_groups" json:"mobile_device_groups"`
JSSUsers ScopeItemSlice `xml:"jss_users" json:"jss_users"`
JSSUserGroups ScopeItemSlice `xml:"jss_user_groups" json:"jss_user_groups"`
Buildings ScopeItemSlice `xml:"buildings" json:"buildings"`
Departments ScopeItemSlice `xml:"departments" json:"departments"`
Classes ScopeItemSlice `xml:"classes" json:"classes"`
LimitToUsers *LimitToUsersXML `xml:"limit_to_users,omitempty" json:"limit_to_users,omitempty"`
Limitations *LimitationsXML `xml:"limitations,omitempty" json:"limitations,omitempty"`
Exclusions *ExclusionsXML `xml:"exclusions,omitempty" json:"exclusions,omitempty"`
}
ScopeXML models the complete <scope> section of a Classic API resource.
All scopeable item slices are present unconditionally so that an unmarshal → modify → marshal round-trip preserves every section the server returned. A missing field here would cause CLI scope add/remove to silently wipe data the user set elsewhere (e.g. individual mobile devices added via UI).
func FetchScope ¶
func FetchScope(ctx context.Context, client registry.HTTPClient, res Resource, name string) (string, *ScopeXML, error)
FetchScope performs a GET on a Classic API resource by name and returns the resource's ID and parsed scope. When res.ResolveByList is true it lists all records to resolve name→ID first (for resources with no /name/ endpoint).
Source Files