Skip to main content

Access Control Requests Notifications

Every time an access or revoke request is configured to produce a notification, the resource owner will receive a new message on witboost, that looks like this:

The owner of the resource should have all the contextual information needed to take a decision, and by default, witboost will display:

  • Name, domain, environment and version of the resource where the consumable interface belongs to
  • Name and type of the specific consumable interface where the owner is asked to provide access (e.g. the output port details in case of a data mesh scenario)
  • The user that is going to be granted access in case the request is accepted
  • All the fields that are defined under fields in the access/revoke template

The fields of an access/revoke request can contain information that are not directly readable to the end user. Hence, there is a preprocessing ongoing that can lead your notification message to unexpected results:

  • A JSON object field is always skipped, as this is not user-friendly, unless its shape is that of an Attachment
  • A list of objects is always skipped.
  • A base64 encoded string (e.g. a base64 encoded file content) is always skipped, unless shaped as an Attachment
  • A list of strings is always converted into a list of chips
  • A boolean or number value found in fields is always displayed as-is
  • A file is treated as an attachment if it comes from a FilePicker and no further manipulation with Nunjucks has been applied

Crafting a different notification message

If you would like to enhance the message shown to owners for access and revoke requests, to match your specific use-case, you can leverage the displayFields field in your templates.

Take this template as an example:

apiVersion: witboost.com/v1
kind: AccessControlRequestTemplate
metadata:
name: access-control-request-template
title: Access Control Request Template
description: Template definition for requesting access
spec:
type: grant
# the parameters section of an access control request template

steps:
- id: send_request
name: Send Request
action: access-request:send
input:
identities: '${{ parameters.identities }}'
fields:
identities: '${{ parameters.identities }}'
motivation: '${{ parameters.motivation }}'
name: '${{ parameters.name }}'
surname: '${{ parameters.surname }}'
document: '${ parameters.document }}'
displayFields:
- title: Motivation
text: '${{ parameters.motivation }}'
- title: Identities
text: 'requested for ${{ parameters.identities }}'
- title: List
text: 'This is a list:'
textList: ['abc', 'def', '123']
- title: Document
text: 'An attachment for the access request:'
attachment: '${{ parameters.document }}'

If a displayFields field is defined, you will override the default notification message that is generated by witboost. In particular, each notification section in the list is defined by:

  • title: The title of the section
  • text: (optional) Some text to display in the notification
  • textList: (optional) A list of text blocks to display in the notification
  • attachment: (optional) A file to display as an attachment to users. This attachment can be downloaded by them. You can reference a field where a FilePicker is defined.

If none of text, textList nor attachment is defined, the section is skipped and won't be displayed.

tip

The attachment field of a section's configuration expects a JSON object shaped like this:

{
"fileName": "myfilename.pdf",
"fileContent": "<a valid base64 encoded file>"
}