[v13] Jamf config for PluginSpecV1

api/proto/teleport/legacy/types/types.proto

@@ -5092,6 +5092,8 @@ message PluginSpecV1 {
     PluginOpenAISettings openai = 3;
     // Settings for the Okta plugin
     PluginOktaSettings okta = 4;
+    // Settings for device trust jamf plugin
+    PluginJamfSettings jamf = 5;
   }
 }
 
@@ -5119,6 +5121,13 @@ message PluginOpenAISettings {
   option (gogoproto.equal) = true;
 }
 
+// Defines settings for Jamf plugin.
+message PluginJamfSettings {
+  option (gogoproto.equal) = true;
+  // Jamf service spec
+  JamfSpecV1 jamf_spec = 1;
+}
+
 // Defines settings for the Okta plugin.
 message PluginOktaSettings {
   option (gogoproto.equal) = true;
@@ -5131,9 +5140,16 @@ message PluginBootstrapCredentialsV1 {
   oneof credentials {
     PluginOAuth2AuthorizationCodeCredentials oauth2_authorization_code = 1;
     PluginBearerTokenCredentials bearer_token = 2;
+    PluginIdSecretCredential id_secret = 3;
   }
 }
 
+// PluginIdSecretCredential can be OAuth2-like client_id and client_secret or username and password.
+message PluginIdSecretCredential {
+  string id = 1;
+  string secret = 2;
+}
+
 message PluginOAuth2AuthorizationCodeCredentials {
   string authorization_code = 1;
   string redirect_uri = 2;
@@ -5166,6 +5182,7 @@ message PluginCredentialsV1 {
   oneof credentials {
     PluginOAuth2AccessTokenCredentials oauth2_access_token = 1;
     PluginBearerTokenCredentials bearer_token = 2;
+    PluginIdSecretCredential id_secret = 3;
     PluginStaticCredentialsRef static_credentials_ref = 4;
   }
 }
@@ -5638,6 +5655,7 @@ message WatchStatusSpecV1 {
 
 // JamfSpecV1 is the base configuration for the Jamf MDM service.
 message JamfSpecV1 {
+  option (gogoproto.equal) = true;
   // Enabled toggles the service on or off.
   bool enabled = 1 [(gogoproto.jsontag) = "enabled,omitempty"];
   // Name of the service device source.
@@ -5672,6 +5690,7 @@ message JamfSpecV1 {
 
 // JamfInventoryEntry is an inventory sync entry for [JamfSpecV1].
 message JamfInventoryEntry {
+  option (gogoproto.equal) = true;
   // Jamf Pro API RSQL filter, used when querying endpoints like
   // "/api/v1/computers-inventory".
   // See https://developer.jamf.com/jamf-pro/reference/get_v1-computers-inventory.

api/types/plugin.go

@@ -36,6 +36,20 @@ const (
 	PluginTypeOpenAI = "openai"
 	// PluginTypeOkta is the Okta plugin
 	PluginTypeOkta = "okta"
+	// PluginTypeJamf is the Jamf MDM plugin
+	PluginTypeJamf = "jamf"
+)
+
+// PluginSubkind represents the type of the plugin, e.g., access request, MDM etc.
+type PluginSubkind string
+
+const (
+	// PluginSubkindUnknown is returned when no plugin subkind matches.
+	PluginSubkindUnknown PluginSubkind = ""
+	// PluginSubkindMDM represents MDM plugins collectively
+	PluginSubkindMDM = "mdm"
+	// PluginSubkindAccess represents access request plugins collectively
+	PluginSubkindAccess = "access"
 )
 
 // Plugin represents a plugin instance
@@ -115,6 +129,16 @@ func (p *PluginV1) CheckAndSetDefaults() error {
 		if bearer.Token == "" {
 			return trace.BadParameter("Token must be specified")
 		}
+	case *PluginSpecV1_Jamf:
+		if settings.Jamf.JamfSpec.ApiEndpoint == "" {
+			return trace.BadParameter("api endpoint must be set")
+		}
+		if p.Credentials == nil {
+			return trace.BadParameter("credentials must be set")
+		}
+		if p.Credentials.GetIdSecret().Id == "" || p.Credentials.GetIdSecret().Secret == "" {
+			return trace.BadParameter("Jamf plugin requires Jamf account username and password")
+		}
 	case *PluginSpecV1_Okta:
 		// Check settings.
 		if settings.Okta == nil {
@@ -268,6 +292,8 @@ func (p *PluginV1) GetType() PluginType {
 		return PluginTypeOpenAI
 	case *PluginSpecV1_Okta:
 		return PluginTypeOkta
+	case *PluginSpecV1_Jamf:
+		return PluginTypeJamf
 	default:
 		return PluginTypeUnknown
 	}