Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

313539854 Add Pub/Sub as notification backend #204

Merged
merged 7 commits into from
Dec 6, 2023
Merged

313539854 Add Pub/Sub as notification backend #204

merged 7 commits into from
Dec 6, 2023

Conversation

jpassing
Copy link
Collaborator

Add Pub/Sub as an optional notification backend. When configured, JIT Access sends
the following three types of notifications to a Pub/Sub topic:

JIT self approval:

{
    type: "ActivationSelfApproved",
    attributes: {
        role: "roles/automl.viewer",
        beneficiary: "alice@example.com",
        start_time: "2023-11-28T22:13:44Z",
        end_time: "2023-11-28T22:23:44Z",
        justification: "...",
        project_id: "project-1"
    }
}

MPA approval request:

{
    "type": "RequestActivation",
    "attributes": {
        "role": "roles/genomics.editor",
        "beneficiary": "alice@example.com",
        "start_time": "2023-11-28T22:19:06Z",
        "end_time": "2023-11-28T22:29:06Z",
        "reviewers": [
            "a-bob@example.com",
            "jitaccess-testuser1@example.com",
            "jitaccess-testuser2@example.com"
        ],
        "justification": "test",
        "action_url": "http://localhost:8080/?activation=JhbGciOi...",
        "request_expiry_time": "2023-11-28T23:19:06Z",
        "base_url": "http://localhost:8080/",
        "project_id": "project-1"
    }
}

MPA approval:

{
    "type": "ActivationApproved",
    "attributes": {
        "role": "roles/genomics.editor",
        "beneficiary": "alice@example.com",
        "start_time": "2023-11-28T22:19:06Z",
        "end_time": "2023-11-28T22:29:06Z",
        "reviewers": [
            "a-bob@example.com",
            "jitaccess-testuser1@example.com",
            "jitaccess-testuser2@example.com"
        ],
        "justification": "test",
        "base_url": "http://localhost:8080/",
        "approver": "a-bob@example.com",
        "project_id": "project-1"
    }
}

This PR is derived from #154.

@jpassing jpassing mentioned this pull request Nov 28, 2023
Closed
jpassing and others added 7 commits November 30, 2023 14:30
@jpassing @mjstatham @zhangran1
We created a Pub/Sub adapter to avoid having to extend JIT Access wit…
148efc3 
…h non-core functionality, such as sending messages or logs to third-party systems. This allows defined events to be published to a specific topic.

The events that are currently emitted are:

Binding approval request
Binding implementation, either self or peer approved
Error messages
Events have a unique origin attribute that identifies the event type, as well as a JSON event payload that can be processed by third-party applications. The Pub/Sub functionality is activated when the environment variable TOPIC_NAME is present in the app.yaml file.

This PR also includes an improvement to standardise the time format of the IAM condition to be truncated to seconds, rather than nanos. This allows third-party code in other languages to reliably interpret and process the time format.

Co-authored-by: Mark Statham <mstatham@google.com>
Co-authored-by: Ethan Han <ethanhan@google.com>
Co-authored-by: Ran Zhang <zhangrran@google.com>
@jpassing
Refactor PubSubAdapter, add PubSubNotificationService
616b022
@jpassing
Publish notifications to Pub/Sub
bb61d86
@jpassing
Delete obsolete files
cb36c61
@jpassing
Add tests for PubSubNotificationService
18aca06
@jpassing
Send notification on self-approval
64a599b
@jpassing
Apply HTTP timeout settings to Pub/Sub adapter
d82a66f
@jpassing jpassing force-pushed the feature/pubsub-backend branch from 6d5725f to d82a66f Compare November 30, 2023 03:35
@jpassing jpassing merged commit 695de07 into master Dec 6, 2023
5 checks passed
@jpassing jpassing deleted the feature/pubsub-backend branch December 6, 2023 02:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@jpassing