[v13] Add MDM and TPM fields to device resources

api/proto/teleport/legacy/types/device.proto

@@ -59,6 +59,8 @@ message DeviceSpec {
   string enroll_status = 5 [(gogoproto.jsontag) = "enroll_status"];
   DeviceCredential credential = 6 [(gogoproto.jsontag) = "credential,omitempty"];
   repeated DeviceCollectedData collected_data = 7 [(gogoproto.jsontag) = "collected_data,omitempty"];
+  DeviceSource source = 8 [(gogoproto.jsontag) = "source,omitempty"];
+  DeviceProfile profile = 9 [(gogoproto.jsontag) = "profile,omitempty"];
 }
 
 // DeviceCredential is the resource representation of
@@ -84,4 +86,34 @@ message DeviceCollectedData {
   ];
   string os_type = 3 [(gogoproto.jsontag) = "os_type"];
   string serial_number = 4 [(gogoproto.jsontag) = "serial_number,omitempty"];
+  string model_identifier = 5 [(gogoproto.jsontag) = "model_identifier,omitempty"];
+  string os_version = 6 [(gogoproto.jsontag) = "os_version,omitempty"];
+  string os_build = 7 [(gogoproto.jsontag) = "os_build,omitempty"];
+  string os_username = 8 [(gogoproto.jsontag) = "os_username,omitempty"];
+  string jamf_binary_version = 9 [(gogoproto.jsontag) = "jamf_binary_version,omitempty"];
+  string macos_enrollment_profiles = 10 [(gogoproto.jsontag) = "macos_enrollment_profiles,omitempty"];
+  string reported_asset_tag = 11 [(gogoproto.jsontag) = "reported_asset_tag,omitempty"];
+  string system_serial_number = 12 [(gogoproto.jsontag) = "system_serial_number,omitempty"];
+  string base_board_serial_number = 13 [(gogoproto.jsontag) = "base_board_serial_number,omitempty"];
+}
+
+// DeviceSource is the resource representation of
+// teleport.devicetrust.v1.DeviceSource.
+message DeviceSource {
+  string name = 1 [(gogoproto.jsontag) = "name"];
+  string origin = 2 [(gogoproto.jsontag) = "origin"];
+}
+
+// DeviceProfile is the resource representation of
+// teleport.devicetrust.v1.DeviceProfile.
+message DeviceProfile {
+  google.protobuf.Timestamp update_time = 1 [
+    (gogoproto.stdtime) = true,
+    (gogoproto.jsontag) = "update_time,omitempty"
+  ];
+  string model_identifier = 2 [(gogoproto.jsontag) = "model_identifier,omitempty"];
+  string os_version = 3 [(gogoproto.jsontag) = "os_version,omitempty"];
+  string os_build = 4 [(gogoproto.jsontag) = "os_build,omitempty"];
+  repeated string os_usernames = 5 [(gogoproto.jsontag) = "os_usernames,omitempty"];
+  string jamf_binary_version = 6 [(gogoproto.jsontag) = "jamf_binary_version,omitempty"];
 }

api/types/device.go

@@ -46,7 +46,7 @@ func (d *DeviceV1) CheckAndSetDefaults() error {
 		d.Metadata.Name = uuid.NewString()
 	}
 	if d.Spec.EnrollStatus == "" {
-		d.Spec.EnrollStatus = ResourceEnrollStatusToString(devicepb.DeviceEnrollStatus_DEVICE_ENROLL_STATUS_UNSPECIFIED)
+		d.Spec.EnrollStatus = ResourceDeviceEnrollStatusToString(devicepb.DeviceEnrollStatus_DEVICE_ENROLL_STATUS_UNSPECIFIED)
 	}
 	if d.Spec.Credential != nil && d.Spec.Credential.DeviceAttestationType == "" {
 		d.Spec.Credential.DeviceAttestationType = ResourceDeviceAttestationTypeToString(devicepb.DeviceAttestationType_DEVICE_ATTESTATION_TYPE_UNSPECIFIED)
@@ -69,14 +69,19 @@ func (d *DeviceV1) CheckAndSetDefaults() error {
 	if _, err := ResourceOSTypeFromString(d.Spec.OsType); err != nil {
 		return trace.Wrap(err)
 	}
-	if _, err := ResourceEnrollStatusFromString(d.Spec.EnrollStatus); err != nil {
+	if _, err := ResourceDeviceEnrollStatusFromString(d.Spec.EnrollStatus); err != nil {
 		return trace.Wrap(err)
 	}
 	if d.Spec.Credential != nil {
 		if _, err := ResourceDeviceAttestationTypeFromString(d.Spec.Credential.DeviceAttestationType); err != nil {
 			return trace.Wrap(err)
 		}
 	}
+	if d.Spec.Source != nil {
+		if _, err := ResourceDeviceOriginFromString(d.Spec.Source.Origin); err != nil {
+			return trace.Wrap(err)
+		}
+	}
 
 	return nil
 }
@@ -108,7 +113,7 @@ func DeviceFromResource(res *DeviceV1) (*devicepb.Device, error) {
 		return nil, trace.Wrap(err)
 	}
 
-	enrollStatus, err := ResourceEnrollStatusFromString(res.Spec.EnrollStatus)
+	enrollStatus, err := ResourceDeviceEnrollStatusFromString(res.Spec.EnrollStatus)
 	if err != nil {
 		return nil, trace.Wrap(err)
 	}
@@ -138,10 +143,43 @@ func DeviceFromResource(res *DeviceV1) (*devicepb.Device, error) {
 		}
 
 		collectedData[i] = &devicepb.DeviceCollectedData{
-			CollectTime:  toTimePB(d.CollectTime),
-			RecordTime:   toTimePB(d.RecordTime),
-			OsType:       dataOSType,
-			SerialNumber: d.SerialNumber,
+			CollectTime:             toTimePB(d.CollectTime),
+			RecordTime:              toTimePB(d.RecordTime),
+			OsType:                  dataOSType,
+			SerialNumber:            d.SerialNumber,
+			ModelIdentifier:         d.ModelIdentifier,
+			OsVersion:               d.OsVersion,
+			OsBuild:                 d.OsBuild,
+			OsUsername:              d.OsUsername,
+			JamfBinaryVersion:       d.JamfBinaryVersion,
+			MacosEnrollmentProfiles: d.MacosEnrollmentProfiles,
+			ReportedAssetTag:        d.ReportedAssetTag,
+			SystemSerialNumber:      d.SystemSerialNumber,
+			BaseBoardSerialNumber:   d.BaseBoardSerialNumber,
+		}
+	}
+
+	var source *devicepb.DeviceSource
+	if s := res.Spec.Source; s != nil {
+		origin, err := ResourceDeviceOriginFromString(s.Origin)
+		if err != nil {
+			return nil, trace.Wrap(err)
+		}
+		source = &devicepb.DeviceSource{
+			Name:   s.Name,
+			Origin: origin,
+		}
+	}
+
+	var profile *devicepb.DeviceProfile
+	if p := res.Spec.Profile; p != nil {
+		profile = &devicepb.DeviceProfile{
+			UpdateTime:        toTimePB(p.UpdateTime),
+			ModelIdentifier:   p.ModelIdentifier,
+			OsVersion:         p.OsVersion,
+			OsBuild:           p.OsBuild,
+			OsUsernames:       p.OsUsernames,
+			JamfBinaryVersion: p.JamfBinaryVersion,
 		}
 	}
 
@@ -155,6 +193,8 @@ func DeviceFromResource(res *DeviceV1) (*devicepb.Device, error) {
 		EnrollStatus:  enrollStatus,
 		Credential:    cred,
 		CollectedData: collectedData,
+		Source:        source,
+		Profile:       profile,
 	}, nil
 }
 
@@ -189,10 +229,39 @@ func DeviceToResource(dev *devicepb.Device) *DeviceV1 {
 	collectedData := make([]*DeviceCollectedData, len(dev.CollectedData))
 	for i, d := range dev.CollectedData {
 		collectedData[i] = &DeviceCollectedData{
-			CollectTime:  toTimePtr(d.CollectTime),
-			RecordTime:   toTimePtr(d.RecordTime),
-			OsType:       ResourceOSTypeToString(d.OsType),
-			SerialNumber: d.SerialNumber,
+			CollectTime:             toTimePtr(d.CollectTime),
+			RecordTime:              toTimePtr(d.RecordTime),
+			OsType:                  ResourceOSTypeToString(d.OsType),
+			SerialNumber:            d.SerialNumber,
+			ModelIdentifier:         d.ModelIdentifier,
+			OsVersion:               d.OsVersion,
+			OsBuild:                 d.OsBuild,
+			OsUsername:              d.OsUsername,
+			JamfBinaryVersion:       d.JamfBinaryVersion,
+			MacosEnrollmentProfiles: d.MacosEnrollmentProfiles,
+			ReportedAssetTag:        d.ReportedAssetTag,
+			SystemSerialNumber:      d.SystemSerialNumber,
+			BaseBoardSerialNumber:   d.BaseBoardSerialNumber,
+		}
+	}
+
+	var source *DeviceSource
+	if s := dev.Source; s != nil {
+		source = &DeviceSource{
+			Name:   s.Name,
+			Origin: ResourceDeviceOriginToString(s.Origin),
+		}
+	}
+
+	var profile *DeviceProfile
+	if p := dev.Profile; p != nil {
+		profile = &DeviceProfile{
+			UpdateTime:        toTimePtr(p.UpdateTime),
+			ModelIdentifier:   p.ModelIdentifier,
+			OsVersion:         p.OsVersion,
+			OsBuild:           p.OsBuild,
+			OsUsernames:       p.OsUsernames,
+			JamfBinaryVersion: p.JamfBinaryVersion,
 		}
 	}
 
@@ -209,9 +278,11 @@ func DeviceToResource(dev *devicepb.Device) *DeviceV1 {
 			AssetTag:      dev.AssetTag,
 			CreateTime:    toTimePtr(dev.CreateTime),
 			UpdateTime:    toTimePtr(dev.UpdateTime),
-			EnrollStatus:  ResourceEnrollStatusToString(dev.EnrollStatus),
+			EnrollStatus:  ResourceDeviceEnrollStatusToString(dev.EnrollStatus),
 			Credential:    cred,
 			CollectedData: collectedData,
+			Source:        source,
+			Profile:       profile,
 		},
 	}
 	_ = res.CheckAndSetDefaults() // assign default fields
@@ -222,6 +293,8 @@ func DeviceToResource(dev *devicepb.Device) *DeviceV1 {
 // for use in resource fields.
 func ResourceOSTypeToString(osType devicepb.OSType) string {
 	switch osType {
+	case devicepb.OSType_OS_TYPE_UNSPECIFIED:
+		return "unspecified"
 	case devicepb.OSType_OS_TYPE_LINUX:
 		return "linux"
 	case devicepb.OSType_OS_TYPE_MACOS:
@@ -237,6 +310,8 @@ func ResourceOSTypeToString(osType devicepb.OSType) string {
 // for resource fields to OSType.
 func ResourceOSTypeFromString(osType string) (devicepb.OSType, error) {
 	switch osType {
+	case "", "unspecified":
+		return devicepb.OSType_OS_TYPE_UNSPECIFIED, nil
 	case "linux":
 		return devicepb.OSType_OS_TYPE_LINUX, nil
 	case "macos":
@@ -248,9 +323,9 @@ func ResourceOSTypeFromString(osType string) (devicepb.OSType, error) {
 	}
 }
 
-// ResourceEnrollStatusToString converts DeviceEnrollStatus to a string
+// ResourceDeviceEnrollStatusToString converts DeviceEnrollStatus to a string
 // representation suitable for use in resource fields.
-func ResourceEnrollStatusToString(enrollStatus devicepb.DeviceEnrollStatus) string {
+func ResourceDeviceEnrollStatusToString(enrollStatus devicepb.DeviceEnrollStatus) string {
 	switch enrollStatus {
 	case devicepb.DeviceEnrollStatus_DEVICE_ENROLL_STATUS_ENROLLED:
 		return "enrolled"
@@ -263,9 +338,9 @@ func ResourceEnrollStatusToString(enrollStatus devicepb.DeviceEnrollStatus) stri
 	}
 }
 
-// ResourceEnrollStatusFromString converts a string representation of
+// ResourceDeviceEnrollStatusFromString converts a string representation of
 // DeviceEnrollStatus suitable for resource fields to DeviceEnrollStatus.
-func ResourceEnrollStatusFromString(enrollStatus string) (devicepb.DeviceEnrollStatus, error) {
+func ResourceDeviceEnrollStatusFromString(enrollStatus string) (devicepb.DeviceEnrollStatus, error) {
 	switch enrollStatus {
 	case "enrolled":
 		return devicepb.DeviceEnrollStatus_DEVICE_ENROLL_STATUS_ENROLLED, nil
@@ -314,3 +389,33 @@ func ResourceDeviceAttestationTypeFromString(
 		return devicepb.DeviceAttestationType_DEVICE_ATTESTATION_TYPE_UNSPECIFIED, trace.BadParameter("unknown attestation type %q", attestationType)
 	}
 }
+
+func ResourceDeviceOriginToString(o devicepb.DeviceOrigin) string {
+	switch o {
+	case devicepb.DeviceOrigin_DEVICE_ORIGIN_UNSPECIFIED:
+		return "unspecified"
+	case devicepb.DeviceOrigin_DEVICE_ORIGIN_API:
+		return "api"
+	case devicepb.DeviceOrigin_DEVICE_ORIGIN_JAMF:
+		return "jamf"
+	case devicepb.DeviceOrigin_DEVICE_ORIGIN_INTUNE:
+		return "intune"
+	default:
+		return o.String()
+	}
+}
+
+func ResourceDeviceOriginFromString(s string) (devicepb.DeviceOrigin, error) {
+	switch s {
+	case "", "unspecified":
+		return devicepb.DeviceOrigin_DEVICE_ORIGIN_UNSPECIFIED, nil
+	case "api":
+		return devicepb.DeviceOrigin_DEVICE_ORIGIN_API, nil
+	case "jamf":
+		return devicepb.DeviceOrigin_DEVICE_ORIGIN_JAMF, nil
+	case "intune":
+		return devicepb.DeviceOrigin_DEVICE_ORIGIN_INTUNE, nil
+	default:
+		return devicepb.DeviceOrigin_DEVICE_ORIGIN_UNSPECIFIED, trace.BadParameter("unknown device origin %q", s)
+	}
+}