Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for dynamic declaration storage #91

Merged
merged 2 commits into from
Oct 8, 2024
Merged

Support for dynamic declaration storage #91

merged 2 commits into from
Oct 8, 2024

Conversation

jessepeterson
Copy link
Owner

@jessepeterson jessepeterson commented Jul 25, 2024
edited
Loading

Adds support for dynamic declarations via interfaces and adapters over declaration storage.

The three declaration interface methods, RetrieveTokensJSON(), RetrieveDeclarationItemsJSON(), and RetrieveEnrollmentDeclarationJSON() are the primary ways by which declarations, declaration items, and tokens are served to clients. We introduce a NewJSONAdapt() service which can dynamically supply declaration items and tokens using a new storage interface method, RetrieveDeclarationItems().

This new interface opens the possibility of composing multiple sets of declarations into a single declaration items. And we do just that with the NewMulti() service which composes multiple declaration storages using "fall-through" to provide a unified "view" of declarations to an enrollment.

Included is an implementation of a "shard" declaration storage. This is combined with the normal backend storage (using the -shard switch to the server) to be simultaneously served with the persisted declarations from disk or database. From the docs:

[shard declaration storage is] an always-on management properties declaration for every enrollment. It contains a shard payload key which is a dynamically computed integer between 0 and 100, inclusive, based on the enrollment ID. This shard key can then be used in activation declaration predicates. For example (@property(shard) <= 75). The identifier of this dynamic declaration is com.github.jessepeterson.kmfddm.storage.shard.v1; the Server Token includes the shard number. It is "static" in that it should not change for any given enrollment.

Also some other minor changes:

  • Move builder code into separate package from core ddm package
  • Unify declaration "not found" return types (and properly support 404 in return of declaration)
  • Introduce sqlc to MySQL backend (though, not fully convert over yet)
  • Changes, updates, additions to tests
  • Separate DDM storage interfaces and improve docs

@jessepeterson
Copy link
Owner Author

As an example, here is what the declarations items looks using the shard backend (and no other declarations):

$ ./tools/ddm-declaration-items.sh 'abc' | jq .
{
  "Declarations": {
    "Activations": [],
    "Assets": [],
    "Configurations": [],
    "Management": [
      {
        "Identifier": "com.github.jessepeterson.kmfddm.storage.shard.v1",
        "ServerToken": "shard=11;version=1"
      }
    ]
  },
  "DeclarationsToken": "89ad6b6991ef675e"

And here is what the actual declaration looks like:

$ ./tools/ddm-declaration.sh 'abc' 'management/com.github.jessepeterson.kmfddm.storage.shard.v1'
{
	"Type": "com.apple.management.properties",
	"Identifier": "com.github.jessepeterson.kmfddm.storage.shard.v1",
	"Payload": {
		"shard": 11
	},
	"ServerToken": "shard=11;version=1"
}

@jessepeterson jessepeterson merged commit ff71259 into main Oct 8, 2024
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@jessepeterson