Config Manager¶

class ConfigManager(service_name: str = 'Patcher', in_memory_credentials: dict[str, str] | None = None)[source]¶

Manages configuration settings, primarily focused on handling credentials stored in the macOS keychain.

This class provides methods to securely store, retrieve, and manage sensitive information such as API tokens and client credentials. It integrates with the keyring library to interface with the macOS keychain.

ConfigManager objects are initialized with a default service name of “Patcher”, which is used as a namespace for storing and retrieving credentials in macOS keychain.

For non-interactive use (CI/CD environments without a keychain backend), pass in_memory_credentials to bypass the keychain entirely. Reads check the in-memory dict first and fall through to keyring only if the key is absent. Writes go to the in-memory dict only; keyring is not touched.

Parameters:

service_name (str) – Service name for storing credentials in the keyring. Defaults to ‘Patcher’.
in_memory_credentials (dict[str, str] | None) – Optional dict of credentials held in memory; when present the keyring is not used for either reads or writes.

property in_memory_mode: bool[source]¶: Whether this manager bypasses the keyring (CI/CD-friendly mode).

get_credential(key: str) → str[source]¶

Retrieves a credential by key. In in-memory mode, returns from the in-memory dict (or None if absent). Otherwise reads from the macOS keychain.

Parameters:: key (str) – The key of the credential to retrieve, typically a descriptive name like ‘API_KEY’.
Returns:: The retrieved credential value.
Return type:: str
Raises:: CredentialError – If the specified credential could not be retrieved.

set_credential(key: str, value: str) → None[source]¶

Stores a credential. In in-memory mode, writes to the in-memory dict only; the keychain is never touched. Otherwise writes to the macOS keychain.

Parameters:

key (str) – The key under which the credential will be stored. This acts as an identifier for the credential.
value (str) – The value of the credential to store, such as a password or API token.

Raises:

CredentialError – If the specified credential could not be saved.

Return type:

None

delete_credential(key: str) → bool[source]¶

Deletes the provided credential in the keyring under the specified key. Primarily intended for use with the --reset flag (See reset_config()).

If the specified credential could not be deleted, an error is logged.

Parameters:: key (str) – The credential to delete.
Returns:: True if the credential was successfully deleted, False otherwise.
Return type:: bool

create_client(client: JamfCredentials, token: AccessToken) → None[source]¶

Persist a JamfCredentials object plus its bearer token into the configured credential backend (keyring or in-memory).

Used during setup once a JamfCredentials has been validated and a token has been fetched. Stores CLIENT_ID, CLIENT_SECRET, URL, TOKEN, TOKEN_EXPIRATION.

Parameters:

client (JamfCredentials) – The JamfCredentials object whose values will be stored.
token (AccessToken) – The AccessToken object to save.

Raises:

CredentialError – If any individual credential write fails (propagated from set_credential()).

Return type:

None

reset_config() → bool[source]¶

Resets all credentials by deleting them from the keyring.

Returns:: True if all credentials were successfully deleted, False otherwise.
Return type:: bool