def SendRetrievalEmail(permission_type,
entity,
user,
template='retrieval_email.txt',
skip_emails=None):
"""Sends a retrieval notification email.
Args:
permission_type: string, one of permission.TYPE_* variables.
entity: base.BasePassphrase instance of retrieved object.
user: base.User object of the user that retrieved the secret.
template: str message template.
skip_emails: list filter emails from recipients.
"""
data = {
'entity': entity,
'helpdesk_email': settings.HELPDESK_EMAIL,
'helpdesk_name': settings.HELPDESK_NAME,
'retrieved_by': user.user.email(),
'user': user,
'server_hostname': app_identity.get_default_version_hostname(),
}
body = util.RenderTemplate(template, data)
user_email = user.user.email()
try:
base_handler.VerifyPermissions(permissions.SILENT_RETRIEVE, user,
permission_type)
return
except base.AccessDeniedError:
pass
try:
# If the user has access to "silently" retrieve keys without the owner
# being notified, email only SILENT_AUDIT_ADDRESSES.
base_handler.VerifyPermissions(
permissions.SILENT_RETRIEVE_WITH_AUDIT_EMAIL, user,
permission_type)
to = [user_email] + settings.SILENT_AUDIT_ADDRESSES
except base.AccessDeniedError:
# Otherwise email the owner and RETRIEVE_AUDIT_ADDRESSES.
to = [user_email] + settings.RETRIEVE_AUDIT_ADDRESSES
if entity.owner:
if '@' in entity.owner:
owner_email = entity.owner
else:
owner_email = '%s@%s' % (entity.owner,
settings.DEFAULT_EMAIL_DOMAIN)
to.append(owner_email)
if skip_emails:
to = [email for email in to if email not in skip_emails]
subject_var = '%s_RETRIEVAL_EMAIL_SUBJECT' % entity.ESCROW_TYPE_NAME.upper(
)
subject = getattr(settings, subject_var,
'Escrow secret retrieval notification.')
util.SendEmail(to, subject, body)
def SendRetrievalEmail(permission_type, entity, user):
"""Sends a retrieval notification email.
Args:
permission_type: string, one of permission.TYPE_* variables.
entity: models instance of retrieved object. (E.G. FileVaultVolume,
DuplicityKeyPair, BitLockerVolume, etc.)
user: models.User object of the user that retrieved the secret.
"""
data = {
'entity': entity,
'helpdesk_email': settings.HELPDESK_EMAIL,
'helpdesk_name': settings.HELPDESK_NAME,
'retrieved_by': user.user.email(),
'user': user,
}
body = util.RenderTemplate('retrieval_email.txt', data)
user_email = user.user.email()
try:
# If the user has access to "silently" retrieve keys without the owner
# being notified, email only SILENT_AUDIT_ADDRESSES.
VerifyPermissions(permissions.SILENT_RETRIEVE, user, permission_type)
to = [user_email] + settings.SILENT_AUDIT_ADDRESSES
except models.AccessDeniedError:
# Otherwise email the owner and RETRIEVE_AUDIT_ADDRESSES.
to = [user_email] + settings.RETRIEVE_AUDIT_ADDRESSES
if entity.owner:
if '@' in entity.owner:
owner_email = entity.owner
else:
owner_email = '%s@%s' % (entity.owner,
settings.DEFAULT_EMAIL_DOMAIN)
to.append(owner_email)
subject_var = '%s_RETRIEVAL_EMAIL_SUBJECT' % entity.ESCROW_TYPE_NAME.upper(
)
subject = getattr(settings, subject_var,
'Escrow secret retrieval notification.')
util.SendEmail(to, subject, body)