From 969a3574b0b63a1ce3a869a69da209dd0f59e26c Mon Sep 17 00:00:00 2001
From: Alan Parra <alan.parra@goteleport.com>
Date: Thu, 27 Apr 2023 18:41:00 -0300
Subject: [PATCH] Define distinct types for all device events

---
 lib/events/api.go     | 23 +++++++++++++++++++++++
 lib/events/dynamic.go |  5 ++++-
 2 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/lib/events/api.go b/lib/events/api.go
index 41c6a858f1df2..f8e56bc7c2250 100644
--- a/lib/events/api.go
+++ b/lib/events/api.go
@@ -586,7 +586,30 @@ const (
 	SSMRunEvent = "ssm.run"
 
 	// DeviceEvent is the catch-all event for Device Trust events.
+	// Deprecated: Use one of the more specific event codes below.
 	DeviceEvent = "device"
+	// DeviceCreateEvent is emitted on device registration.
+	// This is an inventory management event.
+	DeviceCreateEvent = "device.create"
+	// DeviceDeleteEvent is emitted on device deletion.
+	// This is an inventory management event.
+	DeviceDeleteEvent = "device.delete"
+	// DeviceUpdateEvent is emitted on device updates.
+	// This is an inventory management event.
+	DeviceUpdateEvent = "device.update"
+	// DeviceEnrollEvent is emitted when a device is enrolled.
+	// Enrollment events are issued due to end-user action, using the trusted
+	// device itself.
+	DeviceEnrollEvent = "device.enroll"
+	// DeviceAuthenticateEvent is emitted when a device is authenticated.
+	// Authentication events are issued due to end-user action, using the trusted
+	// device itself.
+	DeviceAuthenticateEvent = "device.authenticate"
+	// DeviceEnrollTokenCreateEvent is emitted when a new enrollment token is
+	// issued for a device.
+	// Device enroll tokens are issued by either a device admin or during
+	// client-side auto-enrollment.
+	DeviceEnrollTokenCreateEvent = "device.token.create"
 
 	// BotJoinEvent is emitted when a bot joins
 	BotJoinEvent = "bot.join"
diff --git a/lib/events/dynamic.go b/lib/events/dynamic.go
index 3c499567bbb40..e9672e8dc5cd6 100644
--- a/lib/events/dynamic.go
+++ b/lib/events/dynamic.go
@@ -223,7 +223,10 @@ func FromEventFields(fields EventFields) (events.AuditEvent, error) {
 		e = &events.MFADeviceAdd{}
 	case MFADeviceDeleteEvent:
 		e = &events.MFADeviceDelete{}
-	case DeviceEvent:
+	case DeviceEvent, // Keep DeviceEvent here for backwards compatibility.
+		DeviceCreateEvent, DeviceDeleteEvent, DeviceUpdateEvent,
+		DeviceEnrollEvent, DeviceAuthenticateCode,
+		DeviceEnrollTokenCreateEvent:
 		e = &events.DeviceEvent{}
 	case LockCreatedEvent:
 		e = &events.LockCreate{}