Add initial support of device posture checks (#1540)

This PR implements the following posture checks: * Agent minimum version allowed * OS minimum version allowed * Geo-location based on connection IP For the geo-based location, we rely on GeoLite2 databases which are free IP geolocation databases. MaxMind was tested and we provide a script that easily allows to download of all necessary files, see infrastructure_files/download-geolite2.sh. The OpenAPI spec should extensively cover the life cycle of current version posture checks.
2025-08-15 17:52:47 +02:00 · 2024-02-20 09:59:56 +01:00
parent db3cba5e0f
commit 9bc7b9e897
61 changed files with 5162 additions and 348 deletions
--- a/management/server/peer/peer.go
+++ b/management/server/peer/peer.go
@ -41,6 +41,8 @@ type Peer struct {
 	LastLogin time.Time
 	// Indicate ephemeral peer attribute
 	Ephemeral bool
+	// Geo location based on connection IP
+	Location Location `gorm:"embedded;embeddedPrefix:location_"`
 }

 type PeerStatus struct {
@ -54,25 +56,37 @@ type PeerStatus struct {
 	RequiresApproval bool
 }

+// Location is a geo location information of a Peer based on public connection IP
+type Location struct {
+	ConnectionIP net.IP // from grpc peer or reverse proxy headers depends on setup
+	CountryCode  string
+	CityName     string
+	GeoNameID    uint // city level geoname id
+}
+
 // PeerSystemMeta is a metadata of a Peer machine system
 type PeerSystemMeta struct {
-	Hostname  string
-	GoOS      string
-	Kernel    string
-	Core      string
-	Platform  string
-	OS        string
-	WtVersion string
-	UIVersion string
+	Hostname      string
+	GoOS          string
+	Kernel        string
+	Core          string
+	Platform      string
+	OS            string
+	OSVersion     string
+	WtVersion     string
+	UIVersion     string
+	KernelVersion string
 }

 func (p PeerSystemMeta) isEqual(other PeerSystemMeta) bool {
 	return p.Hostname == other.Hostname &&
 		p.GoOS == other.GoOS &&
 		p.Kernel == other.Kernel &&
+		p.KernelVersion == other.KernelVersion &&
 		p.Core == other.Core &&
 		p.Platform == other.Platform &&
 		p.OS == other.OS &&
+		p.OSVersion == other.OSVersion &&
 		p.WtVersion == other.WtVersion &&
 		p.UIVersion == other.UIVersion
 }
@ -104,6 +118,7 @@ func (p *Peer) Copy() *Peer {
 		LoginExpirationEnabled: p.LoginExpirationEnabled,
 		LastLogin:              p.LastLogin,
 		Ephemeral:              p.Ephemeral,
+		Location:               p.Location,
 	}
 }