Skip to main content

Access Control Requests Notifications

Every time an access or revoke request is configured to produce a notification, the resource owner will receive a new message on witboost, that looks like this:

The owner of the resource should have all the contextual information needed to take a decision, and by default, witboost will display:

  • Name, domain, environment and version of the resource where the consumable interface belongs to
  • Name and type of the specific consumable interface where the owner is asked to provide access (e.g. the output port details in case of a data mesh scenario)
  • The user that is going to be granted access in case the request is accepted
  • All the fields that are defined under fields in the access/revoke template

The fields of an access/revoke request can contain information that are not directly readable to the end user. Hence, there is a preprocessing ongoing that can lead your notification message to unexpected results:

  • A JSON object field is always skipped, as this is not user-friendly, unless its shape is that of an Attachment
  • A list of objects is always skipped.
  • A base64 encoded string (e.g. a base64 encoded file content) is always skipped, unless shaped as an Attachment
  • A list of strings is always converted into a list of chips
  • A boolean or number value found in fields is always displayed as-is
  • A file is treated as an attachment if it comes from a FilePicker and no further manipulation with Nunjucks has been applied

Crafting a different notification message

If you would like to enhance the message shown to owners for access and revoke requests, to match your specific use-case, you can leverage the displayFields field in your templates.

Take this template as an example:

apiVersion: witboost.com/v1
kind: AccessControlRequestTemplate
metadata:
  name: access-control-request-template
  title: Access Control Request Template
  description: Template definition for requesting access
spec:
  type: grant
  # the parameters section of an access control request template

  steps:
    - id: send_request
      name: Send Request
      action: access-request:send
      input:
        identities: '${{ parameters.identities }}'
        fields:
          identities: '${{ parameters.identities }}'
          motivation: '${{ parameters.motivation }}'
          name: '${{ parameters.name }}'
          surname: '${{ parameters.surname }}'
          document: '${ parameters.document }}'
        displayFields:
          - title: Motivation
            text: '${{ parameters.motivation }}'
          - title: Identities
            text: 'requested for ${{ parameters.identities }}'
          - title: List
            text: 'This is a list:'
            textList: ['abc', 'def', '123']
          - title: Document
            text: 'An attachment for the access request:'
            attachment: '${{ parameters.document }}'

If a displayFields field is defined, you will override the default notification message that is generated by witboost. In particular, each notification section in the list is defined by:

  • title: The title of the section
  • text: (optional) Some text to display in the notification
  • textList: (optional) A list of text blocks to display in the notification
  • attachment: (optional) A file to display as an attachment to users. This attachment can be downloaded by them. You can reference a field where a FilePicker is defined.

If none of text, textList nor attachment is defined, the section is skipped and won't be displayed.

tip

The attachment field of a section's configuration expects a JSON object shaped like this:

{
  "fileName": "myfilename.pdf",
  "fileContent": "<a valid base64 encoded file>"
}