Include enrollment details in /id response
#1986
Labels
features-improvements
Features and Improvements
Comments
Probably need to regenerate it at autoupdate restarts, But yeah |
|
@directionless thank you, added to the requirements list! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Background
After launcher is first installed and starts up, it must enroll with K2. It generates "enrollment details" that identify the device -- for example, the device's OS and serial number. It includes these enrollment details in its enrollment request to K2's device server. K2 uses these details to create a
devicecorresponding to this launcher installation.In the future, we want enrollment to happen at a different point in time -- during device trust. (This will enable both secretless launcher installations and multiple enrollments.) In preparation for this work, we want to start including the enrollment details in launcher's localserver response to the
/idendpoint.The enrollment details should not change over time, so we should be able to generate them once on launcher startup, cache them, and then refer to the cached data when constructing the response to the
/idendpoint.Requirements
/idendpoint. The K2 side to consume this data hasn't been implemented yet, so there isn't a hard requirement for how this data should be structured. It is probably reasonable for it to exist at the top level of the response (same asRequestIdandStatus), and for the data format to remain the same as it currently is defined inservice.EnrollmentDetails.Relevant code links
/idendpoint: https://github.com/kolide/launcher/blob/main/ee/localserver/request-id.goThe text was updated successfully, but these errors were encountered: