Merge pull request #1 from FINRAOS/master

Pull Recent

README.md

@@ -220,6 +220,8 @@ Gatekeeper primarily communicates out temporary credentials via email, these are
 | gatekeeper.email.team | The team that will be maintaining gatekeeper on your environment. | string 
 | gatekeeper.email.approverEmails | The email address for the group who will be handling approvals | string
 | gatekeeper.email.opsEmails | The email address for gatekeeper to reach out to the Ops team | string
+| gatekeeper.email.sendAccessRequestedEmail | Whether to send Access Requested emails | boolean
+| gatekeeper.email.changeDisclaimer | The disclaimer displayed in any access confirmation emails  | string
 
 #### DATABASE
 | Property | Description | Type|

services/ec2/src/main/java/org/finra/gatekeeper/configuration/properties/GatekeeperEmailProperties.java

@@ -42,6 +42,23 @@ public class GatekeeperEmailProperties {
      */
     private String team;
 
+
+    /**
+     * Whether or not to send Access Requested emails
+     */
+    private boolean sendAccessRequestedEmail;
+
+    public GatekeeperEmailProperties() {
+    }
+
+
+    /**
+    * The Disclaimer for making a change to a request displayed at the bottom of the email.
+    */
+    private String changeDisclaimer;
+
+
+
     public String getApproverEmails() {
         return approverEmails;
     }
@@ -77,4 +94,22 @@ public GatekeeperEmailProperties setTeam(String team) {
         this.team = team;
         return this;
     }
+
+    public boolean isSendAccessRequestedEmail() {
+        return sendAccessRequestedEmail;
+    }
+
+    public GatekeeperEmailProperties setSendAccessRequestedEmail(boolean sendAccessRequestedEmail) {
+        this.sendAccessRequestedEmail = sendAccessRequestedEmail;
+        return this;
+    }
+
+    public String getChangeDisclaimer() {
+        return changeDisclaimer;
+    }
+
+    public GatekeeperEmailProperties setChangeDisclaimer(String changeDisclaimer) {
+        this.changeDisclaimer = changeDisclaimer;
+        return this;
+    }
 }

services/ec2/src/main/java/org/finra/gatekeeper/services/email/wrappers/EmailServiceWrapper.java

@@ -74,6 +74,7 @@ private void emailHelper(String email, String cc, String subject, String templat
             params.put("request", request);
             params.put("user", user);
             params.put("approverDL", emailProperties.getApproverEmails());
+            params.put("changeDisclaimer", emailProperties.getChangeDisclaimer());
             if(other != null){
                 other.forEach((k, v) -> params.put(k.toString(), v));
             }
@@ -87,12 +88,18 @@ private void emailHelper(String email, String cc, String subject, String templat
 
     /**
      * Notifies the gatekeeper admins (the approvers) that there's a new access request in their bucket.
-     *
+     * Will only send email if gatekeeper.email.sendAccessRequestedEmail is set to true
      * @param request - The request the email is for
      */
     public void notifyAdmins(AccessRequest request){
-        logger.info("Notify the admins of: " + request);
-        emailHelper(emailProperties.getApproverEmails(), null, String.format("GATEKEEPER: Access Requested (%s)", request.getId()), "accessRequested", request);
+        if(emailProperties.isSendAccessRequestedEmail()) {
+            logger.info("Notify the admins of: " + request);
+            emailHelper(emailProperties.getApproverEmails(), null, String.format("GATEKEEPER: Access Requested (%s)", request.getId()), "accessRequested", request);
+        }
+        else{
+            logger.info("No email was sent to notify admins of " + request + ". Set gatekeeper.email.sendAccessRequestedEmail to true to send emails.");
+        }
+
     }
 
     public void notifyExpired(AccessRequest request){
@@ -149,6 +156,7 @@ public void notifyOfCredentials(AccessRequest request, GatekeeperLinuxNotificati
             contentMap.put("request", request);
             contentMap.put("user", notification.getUser());
             contentMap.put("instanceStatus", notification.getCreateStatus());
+            contentMap.put("changeDisclaimer", emailProperties.getChangeDisclaimer());
 
             //Send out just the username
             emailHelper(notification.getUser().getEmail(), null, "Access Request " + request.getId() + " - Your temporary username", "username", request, contentMap);

services/ec2/src/main/resources/emails/accessGranted.ftl

@@ -34,10 +34,18 @@
         </#if>
     </div>
 
+    <#if changeDisclaimer??>
+        <#if changeDisclaimer != "">
+            <p style="color: darkred">
+                    ${changeDisclaimer}
+            </p>
+        </#if>
+    </#if>
+
     <div>
         <p style="color: darkred">If you have any questions or concerns please reach out to the Gatekeeper approvers at: ${approverDL}</p>
     </div>
 
     <div><p>Thanks!</p></div>
     <div><p>The Gatekeeper Admin Team</p></div>
-</html>
+</html>

services/ec2/src/main/resources/emails/credentials.ftl

@@ -21,6 +21,15 @@
     <div>
         <p>The accompanying username will be sent in a separate email. This temporary credential will expire in ${request.getHours()} hours time from retrieval of this message</p>
     </div>
+
+    <#if changeDisclaimer??>
+        <#if changeDisclaimer != "">
+            <p style="color: darkred">
+                ${changeDisclaimer}
+            </p>
+        </#if>
+    </#if>
+
     <div><p>Thanks!</p></div>
     <div><p>The Gatekeeper Admins</p></div>
-</html>
+</html>

services/ec2/src/main/resources/emails/username.ftl

@@ -21,6 +21,15 @@
     <div>
         <p>The accompanying credential will be sent in a separate email. This temporary user will expire in ${request.getHours()} hours time from retrieval of this message</p>
     </div>
+
+    <#if changeDisclaimer??>
+        <#if changeDisclaimer != "">
+            <p style="color: darkred">
+                    ${changeDisclaimer}
+            </p>
+        </#if>
+    </#if>
+
     <div><p>Thanks!</p></div>
     <div><p>The Gatekeeper Admins</p></div>
-</html>
+</html>

services/rds/src/main/java/org/finra/gatekeeper/configuration/GatekeeperProperties.java

@@ -60,6 +60,11 @@ public static class EmailProperties {
          */
         private String team;
 
+        /**
+         * Whether or not to send Access Requested emails
+         */
+        private boolean sendAccessRequestedEmail;
+
         public String getApproverEmails() {
             return approverEmails;
         }
@@ -96,6 +101,15 @@ public EmailProperties setTeam(String team) {
             return this;
         }
 
+        public boolean isSendAccessRequestedEmail() {
+            return sendAccessRequestedEmail;
+        }
+
+        public EmailProperties setSendAccessRequestedEmail(boolean sendAccessRequestedEmail) {
+            this.sendAccessRequestedEmail = sendAccessRequestedEmail;
+            return this;
+        }
+
     }
 
     public AuthenticationProperties getAuth() {

services/rds/src/main/java/org/finra/gatekeeper/services/email/wrappers/EmailServiceWrapper.java

@@ -48,6 +48,7 @@ public class EmailServiceWrapper {
     private String opsEmails;
     private String teamEmail;
     private String mailFrom;
+    private boolean sendAccessRequestedEmail;
 
     @Autowired
     public EmailServiceWrapper(EmailService emailService, GatekeeperProperties gatekeeperProperties){
@@ -56,6 +57,7 @@ public EmailServiceWrapper(EmailService emailService, GatekeeperProperties gatek
         this.opsEmails = gatekeeperProperties.getEmail().getOpsEmails();
         this.teamEmail = gatekeeperProperties.getEmail().getTeam();
         this.mailFrom = gatekeeperProperties.getEmail().getFrom();
+        this.sendAccessRequestedEmail = gatekeeperProperties.getEmail().isSendAccessRequestedEmail();
     }
 
     /*
@@ -94,12 +96,19 @@ private void emailHelper(String email, String cc, String subject, String templat
 
     /**
      * Notifies the gatekeeper admins (the approvers) that there's a new access request in their bucket.
-     *
+     * Will only send email if gatekeeper.email.sendAccessRequestedEmail is set to true
      * @param request - The request the email is for
      */
     public void notifyAdmins(AccessRequest request){
         logger.info("Notify the admins of: " + request);
-        emailHelper(approverEmails, null, String.format("GATEKEEPER: Access Requested (%s)", request.getId()), "accessRequested", request);
+        if(sendAccessRequestedEmail) {
+            logger.info("Notify the admins of: " + request);
+            emailHelper(approverEmails, null, String.format("GATEKEEPER: Access Requested (%s)", request.getId()), "accessRequested", request);
+        }
+        else{
+            logger.info("No email was sent to notify admins of " + request + ". Set gatekeeper.email.sendAccessRequestedEmail to true to send emails.");
+        }
+
     }
 
     public void notifyExpired(AccessRequest request){