macos_enforce_mdm

macos_enforce_mdm_profiles

in chef/cookbooks/cpe_workspaceone/resources/cpe_workspaceone.rb [92:155]
46 lines of code
12 McCabe index (conditional complexity)

  def macos_enforce_mdm_profiles
    
    unless node.ws1_hubcli_exists
      Chef::Log.warn('cpe_workspaceone - hubcli path does not exist, cannot enforce MDM profiles!')
      return
    end

    device_forcelist = node['cpe_workspaceone']['mdm_profiles']['profiles']['device_forced'] || []

    
    device_attributes = node.ws1_device_attributes
    return if device_attributes.empty? || device_attributes.nil?

    
    enforced_device_ws1_profiles = node['cpe_workspaceone']['mdm_profiles']['profiles']['device']
    device_attributes['DeviceProfiles'].each do |ws1_profile|
      profile_name = ws1_profile['Name']
      profile_id = ws1_profile['Id'].to_s
      profile_version = ws1_profile['CurrentVersion'].to_s
      
      
      installed_profile_name = profile_name + '/V_' + profile_version
      
      if enforced_device_ws1_profiles.include?(profile_name)
        execute "Sending #{profile_name} for device installation to Workspace One console" do
          command node.hubcli_cmd("profiles --install #{profile_id}")
          only_if { node.ws1_hubcli_exists } 
          not_if do
            node.profile_installed?('ProfileDisplayName', installed_profile_name) && \
            !device_forcelist.include?(profile_name)
          end
          timeout node['cpe_workspaceone']['hubcli_timeout']
        end
      end
    end

    user_forcelist = node['cpe_workspaceone']['mdm_profiles']['profiles']['user_forced'] || []

    
    enforced_user_ws1_profiles = node['cpe_workspaceone']['mdm_profiles']['profiles']['user']
    
    
    device_attributes['DeviceProfiles'].each do |ws1_profile|
      profile_name = ws1_profile['Name']
      profile_id = ws1_profile['Id'].to_s
      profile_version = ws1_profile['CurrentVersion'].to_s
      
      
      installed_profile_name = profile_name + '/V_' + profile_version
      
      if enforced_user_ws1_profiles.include?(profile_name)
        execute "Sending #{profile_name} for user installation to Workspace One console" do
          command node.hubcli_cmd("profiles --install #{profile_id}")
          only_if { node.ws1_hubcli_exists } 
          not_if do
            node.user_profile_installed?('ProfileDisplayName', installed_profile_name) && \
            !user_forcelist.include?(profile_name)
          end
          timeout node['cpe_workspaceone']['hubcli_timeout']
        end
      end
    end
  end