void HandleAccessRequestEvent(string eventName, string eventBody)
{
var accessRequestEvent = JsonConvert.DeserializeObject <AccessRequestEvent>(eventBody);
Log.Debug($"Recieved event: {eventName}, AssetId: {accessRequestEvent.AssetId}, AccountId: {accessRequestEvent.AccountId}");
var assetAccount = SafeguardClient.GetAssetAccount(accessRequestEvent.AccountId);
if (assetAccount.PlatformType == "MicrosoftAD")
{
if (eventName == "AccessRequestAvailable")
{
ActiveRolesClient.SetObjectAttribute(assetAccount.DistinguishedName, Config.ARSGJitAccessAttribute, "true");
Log.Info($"Grant access for: {assetAccount.DistinguishedName}. Set {Config.ARSGJitAccessAttribute} = true.");
}
else
{
ActiveRolesClient.SetObjectAttribute(assetAccount.DistinguishedName, Config.ARSGJitAccessAttribute, "false");
Log.Info($"Revoke access for: {assetAccount.DistinguishedName}. Set {Config.ARSGJitAccessAttribute} = false.");
}
}
else
{
Log.Debug($"Ignored event for {assetAccount.Name}, because PlatformType is: {assetAccount.PlatformType}");
}
}
public bool Start(HostControl hostControl)
{
if (ActiveRolesClient == null)
{
if (!InitActiveRolesClient())
{
Log.Fatal("Failed to create ActiveRolesClient");
return(false);
}
}
if (SafeguardClient == null)
{
if (!InitSafeguardClient())
{
Log.Fatal("Failed to create SafeguardClient");
return(false);
}
}
if (IsTest)
{
Log.Info("Test mode enabled. Stopping service before listening.");
hostControl.Stop();
return(true);
}
// Start listener
try
{
if (Listener == null)
{
Listener = SafeguardClient.GetEventListener();
}
foreach (var e in Events)
{
Listener.RegisterEventHandler(e.name, HandleAccessRequestEvent);
}
Listener.Start();
Log.Info("Service Started");
return(true);
}
catch (Exception e)
{
Log.Fatal(e.Message);
}
return(false);
}
