From 1ecbbf265d6534cfa1293c8d5fbc45b5ecbf8ba8 Mon Sep 17 00:00:00 2001
From: Brian Joerger <bjoerger@goteleport.com>
Date: Wed, 24 Jan 2024 11:13:31 -0800
Subject: [PATCH] MFA usage events (#36975)

* Proto changes.

* Submit MFA Authentication Events.

* Address coment.
---
 lib/usagereporter/teleport/audit.go |  7 +++++++
 lib/usagereporter/teleport/types.go | 17 +++++++++++++++++
 2 files changed, 24 insertions(+)

diff --git a/lib/usagereporter/teleport/audit.go b/lib/usagereporter/teleport/audit.go
index 437d3c44a3a08..f093f4a385c59 100644
--- a/lib/usagereporter/teleport/audit.go
+++ b/lib/usagereporter/teleport/audit.go
@@ -234,6 +234,13 @@ func ConvertAuditEvent(event apievents.AuditEvent) Anonymizable {
 			Days:      e.Days,
 			IsSuccess: e.Status.Success,
 		}
+	case *apievents.ValidateMFAAuthResponse:
+		return &MFAAuthenticationEvent{
+			UserName:          e.User,
+			DeviceId:          e.MFADevice.DeviceID,
+			DeviceType:        e.MFADevice.DeviceType,
+			MfaChallengeScope: e.ChallengeScope,
+		}
 	}
 
 	return nil
diff --git a/lib/usagereporter/teleport/types.go b/lib/usagereporter/teleport/types.go
index 64cb726888b10..004affc05521f 100644
--- a/lib/usagereporter/teleport/types.go
+++ b/lib/usagereporter/teleport/types.go
@@ -1013,6 +1013,23 @@ func (e *DiscoveryFetchEvent) Anonymize(a utils.Anonymizer) prehogv1a.SubmitEven
 	}
 }
 
+// MFAAuthenticationEvent is emitted when a user performs MFA authentication.
+type MFAAuthenticationEvent prehogv1a.MFAAuthenticationEvent
+
+// Anonymize anonymizes the event.
+func (e *MFAAuthenticationEvent) Anonymize(a utils.Anonymizer) prehogv1a.SubmitEventRequest {
+	return prehogv1a.SubmitEventRequest{
+		Event: &prehogv1a.SubmitEventRequest_MfaAuthenticationEvent{
+			MfaAuthenticationEvent: &prehogv1a.MFAAuthenticationEvent{
+				UserName:          a.AnonymizeString(e.UserName),
+				DeviceId:          a.AnonymizeString(e.DeviceId),
+				DeviceType:        e.DeviceType,
+				MfaChallengeScope: e.MfaChallengeScope,
+			},
+		},
+	}
+}
+
 // ConvertUsageEvent converts a usage event from an API object into an
 // anonymizable event. All events that can be submitted externally via the Auth
 // API need to be defined here.