feat: add db table for host lock and wipe (#16580)

> Related issue: #16386 

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Manual QA for all new/changed functionality

changes/16386-host-lock-schema

@@ -0,0 +1 @@
+- Adds the `host_mdm_actions` DB table to support MDM lock and wipe functionality.

server/datastore/mysql/hosts.go

@@ -493,6 +493,7 @@ var hostRefs = []string{
 	"host_script_results",
 	"query_results",
 	"host_activities",
+	"host_mdm_actions",
 }
 
 // NOTE: The following tables are explicity excluded from hostRefs list and accordingly are not

server/datastore/mysql/hosts_test.go

@@ -6378,6 +6378,13 @@ func testHostsDeleteHosts(t *testing.T, ds *Datastore) {
 	)
 	require.NoError(t, err)
 
+	// Update the host_mdm_actions table
+	_, err = ds.writer(context.Background()).Exec(`
+          INSERT INTO host_mdm_actions (host_id, lock_ref, wipe_ref, suspended)
+          VALUES (?, uuid(), uuid(), false)
+	`, host.ID)
+	require.NoError(t, err)
+
 	// Check there's an entry for the host in all the associated tables.
 	for _, hostRef := range hostRefs {
 		var ok bool

server/datastore/mysql/migrations/tables/20240205121956_CreateTableHostLockWipe.go

@@ -0,0 +1,38 @@
+package tables
+
+import (
+	"database/sql"
+	"fmt"
+)
+
+func init() {
+	MigrationClient.AddMigration(Up_20240205121956, Down_20240205121956)
+}
+
+func Up_20240205121956(tx *sql.Tx) error {
+	// Adding a new table for this data as the existing `host_mdm` table is related more closely to
+	// enrollment logic.
+	// lock_ref and wipe_ref are the UUIDs of the actions taken to lock or wipe a host. These could
+	// point at MDM commands or script executions, depending on the host platform. suspended
+	// indicates whether or not further actions on this host are suspended (will be set to true
+	// while the wipe or lock action is pending, and set to false again once the action has completed).
+	stmt := `
+		CREATE TABLE host_mdm_actions (
+			host_id INT UNSIGNED NOT NULL,
+			lock_ref VARCHAR(36) NULL,
+			wipe_ref VARCHAR(36) NULL,
+			suspended TINYINT(1) NOT NULL DEFAULT FALSE,
+			PRIMARY KEY (host_id)
+		)
+	`
+
+	if _, err := tx.Exec(stmt); err != nil {
+		return fmt.Errorf("create table host_mdm_actions: %w", err)
+	}
+
+	return nil
+}
+
+func Down_20240205121956(tx *sql.Tx) error {
+	return nil
+}