Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Refactor macOS configuration profiles and packages*** #112

Merged
merged 1 commit into from
Apr 4, 2024
Merged

Refactor macOS configuration profiles and packages*** #112

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
160 changes: 80 additions & 80 deletions workload/terraform/jamfpro/accounts.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,90 +1,90 @@

# resource "jamfpro_account" "jamf_pro_account_001" {
# name = "tf-ghapipeline-account-custom-privileges-full-access"
# directory_user = false
# full_name = "micky mouse"
# password = "mySecretThing10" // Password must be at least 10 characters long. password not stored in state
# email = "[email protected]"
# enabled = "Enabled"
# force_password_change = true
# access_level = "Full Access" // Full Access / Site Access / Group Access
# privilege_set = "Custom" // "Administrator", "Auditor", "Enrollment Only", "Custom"
resource "jamfpro_account" "jamf_pro_account_001" {
name = "tf-ghapipeline-account-custom-privileges-full-access"
directory_user = false
full_name = "micky mouse"
password = "mySecretThing10" // Password must be at least 10 characters long. password not stored in state
email = "[email protected]"
enabled = "Enabled"
force_password_change = true
access_level = "Full Access" // Full Access / Site Access / Group Access
privilege_set = "Custom" // "Administrator", "Auditor", "Enrollment Only", "Custom"

# jss_objects_privileges = [
# "Create Categories",
# "Read Categories",
# "Update Categories",
# "Delete Categories",
# "Create Directory Bindings",
# "Read Directory Bindings",
# "Update Directory Bindings",
# "Delete Directory Bindings",
# "Create Dock Items",
# "Read Dock Items",
# "Update Dock Items",
# "Delete Dock Items",
# "Create Packages",
# "Read Packages",
# "Update Packages",
# "Delete Packages",
# "Create Printers",
# "Read Printers",
# "Update Printers",
# "Delete Printers",
# "Create Scripts",
# "Read Scripts",
# "Update Scripts",
# "Delete Scripts",
# ]
# jss_settings_privileges = ["Read SSO Settings", "Update User-Initiated Enrollment"]
# jss_actions_privileges = ["Flush Policy Logs"]
# casper_admin_privileges = ["Use Casper Admin", "Save With Casper Admin"]
jss_objects_privileges = [
"Create Categories",
"Read Categories",
"Update Categories",
"Delete Categories",
"Create Directory Bindings",
"Read Directory Bindings",
"Update Directory Bindings",
"Delete Directory Bindings",
"Create Dock Items",
"Read Dock Items",
"Update Dock Items",
"Delete Dock Items",
"Create Packages",
"Read Packages",
"Update Packages",
"Delete Packages",
"Create Printers",
"Read Printers",
"Update Printers",
"Delete Printers",
"Create Scripts",
"Read Scripts",
"Update Scripts",
"Delete Scripts",
]
jss_settings_privileges = ["Read SSO Settings", "Update User-Initiated Enrollment"]
jss_actions_privileges = ["Flush Policy Logs"]
casper_admin_privileges = ["Use Casper Admin", "Save With Casper Admin"]

# }
}


# resource "jamfpro_account" "jamf_pro_account_002" {
# name = "tf-ghapipeline-account-group-privileges-group-access"
# directory_user = false
# full_name = "jonny bravo"
# password = "mySecretThing10" // Password must be at least 10 characters long. password not stored in state
# email = "[email protected]"
# enabled = "Enabled"
# force_password_change = true
# access_level = "Group Access" // Full Access / Site Access / Group Access
# privilege_set = "Custom" // Must be "Custom" for group access
# groups {
# id = 195
# name = "tf-localtest-standard-group"
# }
# }
resource "jamfpro_account" "jamf_pro_account_002" {
name = "tf-ghapipeline-account-group-privileges-group-access"
directory_user = false
full_name = "jonny bravo"
password = "mySecretThing10" // Password must be at least 10 characters long. password not stored in state
email = "[email protected]"
enabled = "Enabled"
force_password_change = true
access_level = "Group Access" // Full Access / Site Access / Group Access
privilege_set = "Custom" // Must be "Custom" for group access
groups {
id = 195
name = "tf-localtest-standard-group"
}
}

# resource "jamfpro_account" "jamf_pro_account_003" {
# name = "tf-ghapipeline-account-custom-privileges-site-access"
# directory_user = false
# full_name = "donald duck"
# password = "securePassword" // Password must be at least 10 characters long. password not stored in state
# email = "[email protected]"
# enabled = "Enabled"
# force_password_change = true
# access_level = "Site Access" // Full Access / Site Access / Group Access
# privilege_set = "Custom"
resource "jamfpro_account" "jamf_pro_account_003" {
name = "tf-ghapipeline-account-custom-privileges-site-access"
directory_user = false
full_name = "donald duck"
password = "securePassword" // Password must be at least 10 characters long. password not stored in state
email = "[email protected]"
enabled = "Enabled"
force_password_change = true
access_level = "Site Access" // Full Access / Site Access / Group Access
privilege_set = "Custom"

# site {
# id = 967
# name = "test"
# }
site {
id = 967
name = "test"
}

# jss_objects_privileges = ["Create Advanced Computer Searches",
# "Read Advanced Computer Searches",
# "Update Advanced Computer Searches",
# "Delete Advanced Computer Searches",
# "Create Advanced Mobile Device Searches",
# "Read Advanced Mobile Device Searches",
# "Update Advanced Mobile Device Searches",
# "Delete Advanced Mobile Device Searches",
# ]
jss_objects_privileges = ["Create Advanced Computer Searches",
"Read Advanced Computer Searches",
"Update Advanced Computer Searches",
"Delete Advanced Computer Searches",
"Create Advanced Mobile Device Searches",
"Read Advanced Mobile Device Searches",
"Update Advanced Mobile Device Searches",
"Delete Advanced Mobile Device Searches",
]

# jss_actions_privileges = ["Allow User to Enroll", "Assign Users to Computers", "Assign Users to Mobile Devices", "Change Password"]
jss_actions_privileges = ["Allow User to Enroll", "Assign Users to Computers", "Assign Users to Mobile Devices", "Change Password"]

# }
}
36 changes: 18 additions & 18 deletions workload/terraform/jamfpro/macosconfigurationprofiles.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,20 +1,20 @@

# resource "jamfpro_macos_configuration_profile" "jamfpro_macos_configuration_profile_001" {
# name = "tf-ghatest-macosconfigprofile-accessibility-options"
# distribution_method = "Install Automatically"
# payload = file("${path.module}/support_files/configuration_profiles/accessibility-chara-nosub-test.mobileconfig")
# category {
# id = -1
# }
# scope {
# all_computers = false
# computer_ids = sort([17, 18])
# computer_group_ids = sort([53])
# jss_user_ids = [4]
# jss_user_group_ids = [4]
resource "jamfpro_macos_configuration_profile" "jamfpro_macos_configuration_profile_001" {
name = "tf-ghatest-macosconfigprofile-accessibility-options"
distribution_method = "Install Automatically"
payload = file("${path.module}/support_files/configuration_profiles/accessibility-chara-nosub-test.mobileconfig")
category {
id = -1
}
scope {
all_computers = false
computer_ids = sort([17, 18])
computer_group_ids = sort([53])
jss_user_ids = [4]
jss_user_group_ids = [4]

# exclusions {
# department_ids = [27653]
# }
# }
# }
exclusions {
department_ids = [27653]
}
}
}
50 changes: 25 additions & 25 deletions workload/terraform/jamfpro/packages.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,29 +1,29 @@

# resource "jamfpro_package" "jamfpro_package_001" {
# name = "tf-ghatest-package-suspiciouspackage"
# package_file_path = "support_files/packages/SuspiciousPackage.dmg"
# category = "Unknown"
# info = "tf package deployment for demonstration"
# notes = "This package is used for Terraform provider documentation example."
# priority = 10
# reboot_required = false
# fill_user_template = true
# fill_existing_users = true
# boot_volume_required = false
# allow_uninstalled = false
# os_requirements = "macOS 10.15.1, macOS 10.15.7"
# install_if_reported_available = false
# send_notification = true
# }
resource "jamfpro_package" "jamfpro_package_001" {
name = "tf-ghatest-package-suspiciouspackage"
package_file_path = "support_files/packages/SuspiciousPackage.dmg"
category = "Unknown"
info = "tf package deployment for demonstration"
notes = "This package is used for Terraform provider documentation example."
priority = 10
reboot_required = false
fill_user_template = true
fill_existing_users = true
boot_volume_required = false
allow_uninstalled = false
os_requirements = "macOS 10.15.1, macOS 10.15.7"
install_if_reported_available = false
send_notification = true
}

# data "jamfpro_package" "jamfpro_package_001_data" {
# id = jamfpro_package.jamfpro_package_001.id
# }
data "jamfpro_package" "jamfpro_package_001_data" {
id = jamfpro_package.jamfpro_package_001.id
}

# output "jamfpro_package_001_data_id" {
# value = data.jamfpro_package.jamfpro_package_001_data.id
# }
output "jamfpro_package_001_data_id" {
value = data.jamfpro_package.jamfpro_package_001_data.id
}

# output "jamfpro_package_001_data_name" {
# value = data.jamfpro_package.jamfpro_package_001_data.name
# }
output "jamfpro_package_001_data_name" {
value = data.jamfpro_package.jamfpro_package_001_data.name
}
106 changes: 53 additions & 53 deletions workload/terraform/jamfpro/scripts.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,65 +1,65 @@
# resource "jamfpro_script" "jamfpro_script_001" {
# name = "tf-ghatest-correct-application-permissions-v1.0"
# script_contents = file("${path.module}/support_files/scripts/Correct Application Permissions.sh")
# os_requirements = "13"
# priority = "BEFORE"
# info = "Adds target user or group to specified group membership, or removes said membership."
# notes = "Jamf Pro script parameters: 4 -> 7"
# parameter4 = "Google Chrome" // targetApplication
# }
resource "jamfpro_script" "jamfpro_script_001" {
name = "tf-ghatest-correct-application-permissions-v1.0"
script_contents = file("${path.module}/support_files/scripts/Correct Application Permissions.sh")
os_requirements = "13"
priority = "BEFORE"
info = "Adds target user or group to specified group membership, or removes said membership."
notes = "Jamf Pro script parameters: 4 -> 7"
parameter4 = "Google Chrome" // targetApplication
}

# data "jamfpro_script" "jamfpro_script_001_data" {
# id = jamfpro_script.jamfpro_script_001.id
# }
data "jamfpro_script" "jamfpro_script_001_data" {
id = jamfpro_script.jamfpro_script_001.id
}

# output "jamfpro_script_001_data_id" {
# value = data.jamfpro_script.jamfpro_script_001_data.id
# }
output "jamfpro_script_001_data_id" {
value = data.jamfpro_script.jamfpro_script_001_data.id
}

# output "jamfpro_script_001_data_name" {
# value = data.jamfpro_script.jamfpro_script_001_data.name
# }
output "jamfpro_script_001_data_name" {
value = data.jamfpro_script.jamfpro_script_001_data.name
}

# resource "jamfpro_script" "jamfpro_script_002" {
# name = "tf-ghatest-encrypt-apfs-volume-v5.0.1"
# script_contents = file("${path.module}/support_files/scripts/Encrypt APFS Volume.zsh")
# os_requirements = "13"
# priority = "BEFORE"
# info = "Adds target user or group to specified group membership, or removes said membership."
# notes = "Jamf Pro script parameters: 4"
# parameter4 = "/" // targetVolume
# }
resource "jamfpro_script" "jamfpro_script_002" {
name = "tf-ghatest-encrypt-apfs-volume-v5.0.1"
script_contents = file("${path.module}/support_files/scripts/Encrypt APFS Volume.zsh")
os_requirements = "13"
priority = "BEFORE"
info = "Adds target user or group to specified group membership, or removes said membership."
notes = "Jamf Pro script parameters: 4"
parameter4 = "/" // targetVolume
}

# data "jamfpro_script" "jamfpro_script_002_data" {
# id = jamfpro_script.jamfpro_script_002.id
# }
data "jamfpro_script" "jamfpro_script_002_data" {
id = jamfpro_script.jamfpro_script_002.id
}

# output "jamfpro_script_002_data_id" {
# value = data.jamfpro_script.jamfpro_script_002_data.id
# }
output "jamfpro_script_002_data_id" {
value = data.jamfpro_script.jamfpro_script_002_data.id
}

# output "jamfpro_script_002_data_name" {
# value = data.jamfpro_script.jamfpro_script_002_data.name
# }
output "jamfpro_script_002_data_name" {
value = data.jamfpro_script.jamfpro_script_002_data.name
}

# resource "jamfpro_script" "jamfpro_script_003" {
# name = "tf-ghatest-reset-safari-v2.1.4"
# script_contents = file("${path.module}/support_files/scripts/Reset Safari.sh")
# os_requirements = "13"
# priority = "BEFORE"
# info = "Deleting Safari preference files to reset to system default."
# notes = "Jamf Pro script parameters: none"
resource "jamfpro_script" "jamfpro_script_003" {
name = "tf-ghatest-reset-safari-v2.1.4"
script_contents = file("${path.module}/support_files/scripts/Reset Safari.sh")
os_requirements = "13"
priority = "BEFORE"
info = "Deleting Safari preference files to reset to system default."
notes = "Jamf Pro script parameters: none"

# }
}

# data "jamfpro_script" "jamfpro_script_003_data" {
# id = jamfpro_script.jamfpro_script_003.id
# }
data "jamfpro_script" "jamfpro_script_003_data" {
id = jamfpro_script.jamfpro_script_003.id
}

# output "jamfpro_script_003_data_id" {
# value = data.jamfpro_script.jamfpro_script_003_data.id
# }
output "jamfpro_script_003_data_id" {
value = data.jamfpro_script.jamfpro_script_003_data.id
}

# output "jamfpro_script_003_data_name" {
# value = data.jamfpro_script.jamfpro_script_003_data.name
# }
output "jamfpro_script_003_data_name" {
value = data.jamfpro_script.jamfpro_script_003_data.name
}