diff --git a/docs/pages/access-controls/access-request-plugins/opsgenie.mdx b/docs/pages/access-controls/access-request-plugins/opsgenie.mdx index eef4136557140..0d55708c3324d 100644 --- a/docs/pages/access-controls/access-request-plugins/opsgenie.mdx +++ b/docs/pages/access-controls/access-request-plugins/opsgenie.mdx @@ -75,10 +75,10 @@ spec: - approve: 1 deny: 1 annotations: - teleport.dev/schedules: ['teleport-access-request-notifications'] + teleport.dev/notify-services: ['teleport-access-request-notifications'] ``` -The `teleport.dev/schedules` annotation specifies the schedule the alert will be be created for. +The `teleport.dev/notify-services` annotation specifies the schedules the alert will be be created for. ### Create a user who will request access @@ -121,7 +121,7 @@ As the Teleport user `myuser`, create an Access Request for the `editor` role: In Opsgenie, you will see a new alert containing information about the Access Request in either the default schedule specified when enrolling the plugin, -or in the schedules specified by `teleport.dev/schedules` annotation in the requester's role. +or in the schedules specified by `teleport.dev/notify-services` annotation in the requester's role. ### Resolve the request diff --git a/integrations/access/accessrequest/app.go b/integrations/access/accessrequest/app.go index 94e3ea172c6c3..f59708b2801b1 100644 --- a/integrations/access/accessrequest/app.go +++ b/integrations/access/accessrequest/app.go @@ -352,7 +352,7 @@ func (a *App) getMessageRecipients(ctx context.Context, req types.AccessRequest) recipientSet.Add(common.Recipient{}) return recipientSet.ToSlice() case types.PluginTypeOpsgenie: - if recipients, ok := req.GetSystemAnnotations()[types.TeleportNamespace+types.ReqAnnotationSchedulesLabel]; ok { + if recipients, ok := req.GetSystemAnnotations()[types.TeleportNamespace+types.ReqAnnotationNotifyServicesLabel]; ok { for _, recipient := range recipients { rec, err := a.bot.FetchRecipient(ctx, recipient) if err != nil { diff --git a/integrations/access/opsgenie/bot.go b/integrations/access/opsgenie/bot.go index 3c63d2881ca6c..84f81699bebe0 100644 --- a/integrations/access/opsgenie/bot.go +++ b/integrations/access/opsgenie/bot.go @@ -61,11 +61,15 @@ func (b Bot) SendReviewReminders(ctx context.Context, recipients []common.Recipi // BroadcastAccessRequestMessage creates an alert for the provided recipients (schedules) func (b *Bot) BroadcastAccessRequestMessage(ctx context.Context, recipients []common.Recipient, reqID string, reqData pd.AccessRequestData) (data accessrequest.SentMessages, err error) { - schedules := []string{} + rawRecipients := []string{} for _, recipient := range recipients { - schedules = append(schedules, recipient.Name) + rawRecipients = append(rawRecipients, recipient.Name) + } + schedules := []string{} + if annSchedules, ok := reqData.SystemAnnotations[types.TeleportNamespace+types.ReqAnnotationSchedulesLabel]; ok { + schedules = annSchedules } - if len(recipients) == 0 { + if len(schedules) == 0 { schedules = append(schedules, b.client.DefaultSchedules...) } opsgenieReqData := RequestData{ @@ -79,7 +83,8 @@ func (b *Bot) BroadcastAccessRequestMessage(ctx context.Context, recipients []co Reason: reqData.ResolutionReason, }, SystemAnnotations: types.Labels{ - types.TeleportNamespace + types.ReqAnnotationSchedulesLabel: schedules, + types.TeleportNamespace + types.ReqAnnotationSchedulesLabel: schedules, + types.TeleportNamespace + types.ReqAnnotationNotifyServicesLabel: rawRecipients, }, } opsgenieData, err := b.client.CreateAlert(ctx, reqID, opsgenieReqData) diff --git a/integrations/access/opsgenie/client.go b/integrations/access/opsgenie/client.go index 9e63c3423767b..8ce6edae00754 100644 --- a/integrations/access/opsgenie/client.go +++ b/integrations/access/opsgenie/client.go @@ -160,7 +160,7 @@ func (og Client) CreateAlert(ctx context.Context, reqID string, reqData RequestD func (og Client) getResponders(reqData RequestData) []Responder { schedules := og.DefaultSchedules - if reqSchedules, ok := reqData.SystemAnnotations[types.TeleportNamespace+types.ReqAnnotationSchedulesLabel]; ok { + if reqSchedules, ok := reqData.SystemAnnotations[types.TeleportNamespace+types.ReqAnnotationNotifyServicesLabel]; ok { schedules = reqSchedules } responders := make([]Responder, 0, len(schedules)) diff --git a/integrations/access/opsgenie/client_test.go b/integrations/access/opsgenie/client_test.go index abe2caf072a4c..83278d28e23db 100644 --- a/integrations/access/opsgenie/client_test.go +++ b/integrations/access/opsgenie/client_test.go @@ -56,7 +56,7 @@ func TestCreateAlert(t *testing.T) { Roles: []string{"role1", "role2"}, RequestReason: "someReason", SystemAnnotations: types.Labels{ - types.TeleportNamespace + types.ReqAnnotationSchedulesLabel: {"responder@teleport.com"}, + types.TeleportNamespace + types.ReqAnnotationNotifyServicesLabel: {"responder@teleport.com"}, }, }) assert.NoError(t, err) diff --git a/rfd/0109-opsgenie-plugin.md b/rfd/0109-opsgenie-plugin.md index 936aa060904cf..38ceb5de45fb1 100644 --- a/rfd/0109-opsgenie-plugin.md +++ b/rfd/0109-opsgenie-plugin.md @@ -108,8 +108,8 @@ spec: request: roles: [someOtherRole] annotations: - opsgenie_notify_services: ["service1", "service2"] # These are the Opsgenie services alerts will be created under - opsgenie_oncall_schedules: ["service1", "service2"] # These are the Opsgenie schedules checked during auto approval + teleport.dev/notify-services: ["service1", "service2"] # These are the Opsgenie schedules alerts will be created under + teleport.dev/schedules: ["service1", "service2"] # These are the Opsgenie schedules checked during auto approval ``` ## Implementation details