diff --git a/README.md b/README.md index c7f3b595..0676950c 100644 --- a/README.md +++ b/README.md @@ -220,6 +220,8 @@ Gatekeeper primarily communicates out temporary credentials via email, these are | gatekeeper.email.team | The team that will be maintaining gatekeeper on your environment. | string | gatekeeper.email.approverEmails | The email address for the group who will be handling approvals | string | gatekeeper.email.opsEmails | The email address for gatekeeper to reach out to the Ops team | string +| gatekeeper.email.sendAccessRequestedEmail | Whether to send Access Requested emails | boolean +| gatekeeper.email.changeDisclaimer | The disclaimer displayed in any access confirmation emails | string #### DATABASE | Property | Description | Type| diff --git a/services/ec2/src/main/java/org/finra/gatekeeper/configuration/properties/GatekeeperEmailProperties.java b/services/ec2/src/main/java/org/finra/gatekeeper/configuration/properties/GatekeeperEmailProperties.java index db6e39d8..b510fa89 100644 --- a/services/ec2/src/main/java/org/finra/gatekeeper/configuration/properties/GatekeeperEmailProperties.java +++ b/services/ec2/src/main/java/org/finra/gatekeeper/configuration/properties/GatekeeperEmailProperties.java @@ -42,6 +42,23 @@ public class GatekeeperEmailProperties { */ private String team; + + /** + * Whether or not to send Access Requested emails + */ + private boolean sendAccessRequestedEmail; + + public GatekeeperEmailProperties() { + } + + + /** + * The Disclaimer for making a change to a request displayed at the bottom of the email. + */ + private String changeDisclaimer; + + + public String getApproverEmails() { return approverEmails; } @@ -77,4 +94,22 @@ public GatekeeperEmailProperties setTeam(String team) { this.team = team; return this; } + + public boolean isSendAccessRequestedEmail() { + return sendAccessRequestedEmail; + } + + public GatekeeperEmailProperties setSendAccessRequestedEmail(boolean sendAccessRequestedEmail) { + this.sendAccessRequestedEmail = sendAccessRequestedEmail; + return this; + } + + public String getChangeDisclaimer() { + return changeDisclaimer; + } + + public GatekeeperEmailProperties setChangeDisclaimer(String changeDisclaimer) { + this.changeDisclaimer = changeDisclaimer; + return this; + } } diff --git a/services/ec2/src/main/java/org/finra/gatekeeper/services/email/wrappers/EmailServiceWrapper.java b/services/ec2/src/main/java/org/finra/gatekeeper/services/email/wrappers/EmailServiceWrapper.java index d8b565ea..e8e29558 100644 --- a/services/ec2/src/main/java/org/finra/gatekeeper/services/email/wrappers/EmailServiceWrapper.java +++ b/services/ec2/src/main/java/org/finra/gatekeeper/services/email/wrappers/EmailServiceWrapper.java @@ -74,6 +74,7 @@ private void emailHelper(String email, String cc, String subject, String templat params.put("request", request); params.put("user", user); params.put("approverDL", emailProperties.getApproverEmails()); + params.put("changeDisclaimer", emailProperties.getChangeDisclaimer()); if(other != null){ other.forEach((k, v) -> params.put(k.toString(), v)); } @@ -87,12 +88,18 @@ private void emailHelper(String email, String cc, String subject, String templat /** * Notifies the gatekeeper admins (the approvers) that there's a new access request in their bucket. - * + * Will only send email if gatekeeper.email.sendAccessRequestedEmail is set to true * @param request - The request the email is for */ public void notifyAdmins(AccessRequest request){ - logger.info("Notify the admins of: " + request); - emailHelper(emailProperties.getApproverEmails(), null, String.format("GATEKEEPER: Access Requested (%s)", request.getId()), "accessRequested", request); + if(emailProperties.isSendAccessRequestedEmail()) { + logger.info("Notify the admins of: " + request); + emailHelper(emailProperties.getApproverEmails(), null, String.format("GATEKEEPER: Access Requested (%s)", request.getId()), "accessRequested", request); + } + else{ + logger.info("No email was sent to notify admins of " + request + ". Set gatekeeper.email.sendAccessRequestedEmail to true to send emails."); + } + } public void notifyExpired(AccessRequest request){ @@ -149,6 +156,7 @@ public void notifyOfCredentials(AccessRequest request, GatekeeperLinuxNotificati contentMap.put("request", request); contentMap.put("user", notification.getUser()); contentMap.put("instanceStatus", notification.getCreateStatus()); + contentMap.put("changeDisclaimer", emailProperties.getChangeDisclaimer()); //Send out just the username emailHelper(notification.getUser().getEmail(), null, "Access Request " + request.getId() + " - Your temporary username", "username", request, contentMap); diff --git a/services/ec2/src/main/resources/emails/accessGranted.ftl b/services/ec2/src/main/resources/emails/accessGranted.ftl index e103f938..7a091c83 100644 --- a/services/ec2/src/main/resources/emails/accessGranted.ftl +++ b/services/ec2/src/main/resources/emails/accessGranted.ftl @@ -34,10 +34,18 @@ #if> + <#if changeDisclaimer??> + <#if changeDisclaimer != ""> +
+ ${changeDisclaimer} +
+ #if> + #if> +If you have any questions or concerns please reach out to the Gatekeeper approvers at: ${approverDL}
Thanks!
The Gatekeeper Admin Team