From 8bf7afb4339abadb9bb26f3faf48f8ac8b54ad22 Mon Sep 17 00:00:00 2001 From: Jahziel Villasana-Espinoza Date: Wed, 4 Dec 2024 17:19:18 -0500 Subject: [PATCH] fix: use better data for the mdm enrollment activity for windows hosts, if it exists (#24392) > Related issue: #23982 # Checklist for submitter If some of the following don't apply, delete the relevant line. - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality --- server/service/integration_mdm_test.go | 8 ++++---- server/service/microsoft_mdm.go | 27 +++++++++++++++++++++++++- 2 files changed, 30 insertions(+), 5 deletions(-) diff --git a/server/service/integration_mdm_test.go b/server/service/integration_mdm_test.go index f480b3de05..ea1d37ecb9 100644 --- a/server/service/integration_mdm_test.go +++ b/server/service/integration_mdm_test.go @@ -6586,12 +6586,12 @@ func (s *integrationMDMTestSuite) TestValidRequestSecurityTokenRequestWithDevice // Checking if an activity was created for the enrollment s.lastActivityOfTypeMatches( fleet.ActivityTypeMDMEnrolled{}.ActivityName(), - `{ + fmt.Sprintf(`{ "mdm_platform": "microsoft", - "host_serial": "", + "host_serial": "%s", "installed_from_dep": false, - "host_display_name": "DESKTOP-0C89RC0" - }`, + "host_display_name": "%s" + }`, windowsHost.HardwareSerial, windowsHost.DisplayName()), 0) expectedDeviceID := "AB157C3A18778F4FB21E2739066C1F27" // TODO: make the hard-coded deviceID in `s.newSecurityTokenMsg` configurable diff --git a/server/service/microsoft_mdm.go b/server/service/microsoft_mdm.go index 4d79d45ce8..20584b2040 100644 --- a/server/service/microsoft_mdm.go +++ b/server/service/microsoft_mdm.go @@ -28,6 +28,7 @@ import ( mdmlifecycle "github.com/fleetdm/fleet/v4/server/mdm/lifecycle" microsoft_mdm "github.com/fleetdm/fleet/v4/server/mdm/microsoft" "github.com/fleetdm/fleet/v4/server/mdm/microsoft/syncml" + "github.com/fleetdm/fleet/v4/server/ptr" kitlog "github.com/go-kit/log" "github.com/go-kit/log/level" @@ -1798,6 +1799,8 @@ func (svc *Service) storeWindowsMDMEnrolledDevice(ctx context.Context, userID st // TODO: azure enrollments come with an empty uuid, I haven't figured // out a good way to identify the device. + displayName := reqDeviceName + var serial string if hostUUID != "" { mdmLifecycle := mdmlifecycle.New(svc.ds, svc.logger) err = mdmLifecycle.Do(ctx, mdmlifecycle.HostOptions{ @@ -1808,12 +1811,34 @@ func (svc *Service) storeWindowsMDMEnrolledDevice(ctx context.Context, userID st if err != nil { return err } + + // Get the host in order to get the correct display name and serial number for the activity + adminTeamFilter := fleet.TeamFilter{ + User: &fleet.User{GlobalRole: ptr.String(fleet.RoleAdmin)}, + } + + hosts, err := svc.ds.ListHostsLiteByUUIDs(ctx, adminTeamFilter, []string{hostUUID}) + if err != nil { + // Do not abort; this call was only made to get better data for the activity, so shouldn't + // fail the request. We fall back to `reqDeviceName` for the display name in this case. + logging.WithExtras(logging.WithNoUser(ctx), + "msg", "failed to get host data for windows MDM enrollment activity", + ) + } + + if len(hosts) == 1 { + // then we found the host, so use the data from there for the activity + displayName = hosts[0].DisplayName() + serial = hosts[0].HardwareSerial + } + } err = svc.NewActivity( ctx, nil, &fleet.ActivityTypeMDMEnrolled{ - HostDisplayName: reqDeviceName, + HostDisplayName: displayName, MDMPlatform: fleet.MDMPlatformMicrosoft, + HostSerial: serial, }) if err != nil { // only logging, the device is enrolled at this point, and we