void HandleAccessRequestEvent(string eventName, string eventBody) { var accessRequestEvent = JsonConvert.DeserializeObject <AccessRequestEvent>(eventBody); Log.Debug($"Recieved event: {eventName}, AssetId: {accessRequestEvent.AssetId}, AccountId: {accessRequestEvent.AccountId}"); var assetAccount = SafeguardClient.GetAssetAccount(accessRequestEvent.AccountId); if (assetAccount.PlatformType == "MicrosoftAD") { if (eventName == "AccessRequestAvailable") { ActiveRolesClient.SetObjectAttribute(assetAccount.DistinguishedName, Config.ARSGJitAccessAttribute, "true"); Log.Info($"Grant access for: {assetAccount.DistinguishedName}. Set {Config.ARSGJitAccessAttribute} = true."); } else { ActiveRolesClient.SetObjectAttribute(assetAccount.DistinguishedName, Config.ARSGJitAccessAttribute, "false"); Log.Info($"Revoke access for: {assetAccount.DistinguishedName}. Set {Config.ARSGJitAccessAttribute} = false."); } } else { Log.Debug($"Ignored event for {assetAccount.Name}, because PlatformType is: {assetAccount.PlatformType}"); } }
public bool Start(HostControl hostControl) { if (ActiveRolesClient == null) { if (!InitActiveRolesClient()) { Log.Fatal("Failed to create ActiveRolesClient"); return(false); } } if (SafeguardClient == null) { if (!InitSafeguardClient()) { Log.Fatal("Failed to create SafeguardClient"); return(false); } } if (IsTest) { Log.Info("Test mode enabled. Stopping service before listening."); hostControl.Stop(); return(true); } // Start listener try { if (Listener == null) { Listener = SafeguardClient.GetEventListener(); } foreach (var e in Events) { Listener.RegisterEventHandler(e.name, HandleAccessRequestEvent); } Listener.Start(); Log.Info("Service Started"); return(true); } catch (Exception e) { Log.Fatal(e.Message); } return(false); }