Add hardware serial number to vulnerability and policy webhooks/tickets

[zhumo]

This issue's remaining effort can be completed in ≤1 sprint. It will be valuable even if nothing else ships.

It is planned and ready to implement. It is on the proper kanban board.

Goal

User story
As a Fleet admin,
I want to identify a host via its serial number
so that I can be reasonably confident I am identifying a unique host.

• In the vulnerability and policy webhooks and ticket integrations, include the serial number of the host

Changes

This issue's estimation includes completing:

• [ ] UI changes: TODO
• [ ] CLI usage changes: TODO
• [ ] REST API changes: TODO
• [ ] Permissions changes: TODO
• [ ] Database schema migrations: TODO
• [ ] Outdated documentation changes: TODO
• [ ] Scope transparency changes? TODO
• [ ] Breaking changes requiring major version bump? TODO
• [ ] Changes to paid features or tiers? TODO
• [ ] QA complete?
• [ ] ...

ℹ️  Please read this issue carefully and understand it. Pay special attention to UI wireframes, especially "dev notes".

Context

• Requestor(s): _____

[zayhanlon]

Hey @zayhanlon @ksatter. We're deprioritizing this issue as we won't be able to deliver it in the next 6 weeks. Please bring this back to the PFR call if it surfaces again so we can re-prioritize

[noahtalerman]

Zay: Medium/high priority

[noahtalerman]

Feature fest:

In the vulnerability and policy webhooks and ticket integrations, include the serial number of the host

Does the customer use webhooks? Are we getting this issue mixed up w/ the previous solution in this issue? #12889

[nonpunctual]

@noahtalerman reading through this... 1st comment says it's planned & ready. Still the case? Have other features superseded or replaced it?

I think having it as an host identifier option would be valuable.

[noahtalerman]

Hey @nonpunctual the issue isn't currently being worked on. It has neither the :product (design sprint) nor :release (engineering sprint) label.

Let's chat about it during feature fest.

[noahtalerman]

In the vulnerability and policy webhooks and ticket integrations, include the serial number of the host

@nonpunctual is this the request?

Looking at the user story in the activity feed, I don't know what problem the customer(s) is having.

[nonpunctual]

@noahtalerman I take everything in Github at face value I guess. If the ticket says that at some point this work was planned & ready to implement I assume that's true. I guess if you are saying that you don't even understand the user story, that must not be the case?

The problem is that some orgs would like to use serial number as the Host identifier in Fleet.

This is on top of the fact that there is (I think) a lot of confusion in the docs & in the product regarding "hostname" vs. host identifier. If I am confused by this, I believe it's reasonable to assume customers are too.

To me, what host identifier means is: the string that uniquely identifies a host in the database. Seems like serial number would be a useful options for this in many orgs.

[noahtalerman]

some orgs would like to use serial number as the Host identifier in Fleet.

@nonpunctual got it. What's the workflow? Are they trying to get a host via API using the host's serial? If so, this is possible w/ the Get host by identifier API endpoint.

To prioritize an improvement we have to understand the workflow.

I don't remember what workflow this issue covers (the issue is coming up on 1 year old):

[nonpunctual]

Thanks @noahtalerman is this currently true?

"vulnerability and policy webhooks and ticket integrations include the serial number of the host"?

I think that maybe it's not without adding decorators that include a query for serial number to write to logging.