Add rolemap support to teleport-plugin-email chart

charts/access/email/README.md

@@ -118,6 +118,20 @@ The following values can be set for the Helm chart:
     <td><code>[]</code></td>
   </tr>
 
+  <tr>
+    <td><code>roleToRecipients</code></td>
+    <td>
+      Mapping of roles to a list of emails. <br />
+      Example:
+      <pre>
+"dev" = ["[email protected]", "[email protected]"]
+"*" = ["access-requests"]</pre>
+    </td>
+    <td>map</td>
+    <td><code>{}</code></td>
+    <td>yes</td>
+  </tr>
+
   <tr>
     <td><code>log.output</code></td>
     <td>

charts/access/email/templates/configmap.yaml

@@ -10,11 +10,11 @@ data:
     addr = "{{ .Values.teleport.address }}"
     identity = "/var/lib/teleport/plugins/email/auth_id"
 
-    {{ if .Values.mailgun.enabled }}
+    {{ if .Values.mailgun.enabled -}}
     [mailgun]
     domain      = "{{ .Values.mailgun.domain }}"
     private_key = "{{ .Values.mailgun.privateKey }}"
-    {{ else if .Values.smtp.enabled }}
+    {{ else if .Values.smtp.enabled -}}
     [smtp]
     host          = "{{ .Values.smtp.host }}"
     port          = {{ .Values.smtp.port }}
@@ -25,11 +25,19 @@ data:
     password_file = "{{ .Values.smtp.passwordFile }}"
     {{ end }}
     starttls_policy = "{{ .Values.smtp.starttlsPolicy }}"
-    {{ end -}}
+    {{- end }}
 
     [delivery]
     sender = "{{ .Values.delivery.sender }}"
+    {{- if (not .Values.roleToRecipients) }}
     recipients = {{ .Values.delivery.recipients | toJson }}
+    {{- else }}
+
+    [role_to_recipients]
+    {{- range $role, $recipients := .Values.roleToRecipients }}
+    {{ $role | toJson }} = {{ $recipients | toJson }}
+    {{- end }}
+    {{- end }}
 
     [log]
     output = "{{ .Values.log.output }}"

charts/access/email/tests/__snapshot__/configmap_test.yaml.snap

@@ -7,10 +7,11 @@ should match the snapshot (mailgun on):
         addr = "teleport.example.com:1234"
         identity = "/var/lib/teleport/plugins/email/auth_id"
 
-
         [mailgun]
         domain      = "mymailgunsubdomain.mailgun.org"
         private_key = "xoxb-71d75f662b0eac53565a38c8cc0316f6"
+
+
         [delivery]
         sender = ""
         recipients = []
@@ -36,14 +37,14 @@ should match the snapshot (smtp on):
         addr = "teleport.example.com:1234"
         identity = "/var/lib/teleport/plugins/email/auth_id"
 
-
         [smtp]
-        host          = "smtp.someservice.com"
+        host          = "smtp.example.com"
         port          = 1234
         username      = "mysmtpuser"
         password      = "mysmtppasswd"
 
         starttls_policy = "mandatory"
+
         [delivery]
         sender = "[email protected]"
         recipients = ["[email protected]"]
@@ -69,14 +70,14 @@ should match the snapshot (smtp on, no starttls):
         addr = "teleport.example.com:1234"
         identity = "/var/lib/teleport/plugins/email/auth_id"
 
-
         [smtp]
-        host          = "smtp.someservice.com"
+        host          = "smtp.example.com"
         port          = 1234
         username      = "mysmtpuser"
         password_file = "/etc/teleport/supersecretemailpw"
 
         starttls_policy = "mandatory"
+
         [delivery]
         sender = ""
         recipients = []
@@ -102,14 +103,14 @@ should match the snapshot (smtp on, password file):
         addr = "teleport.example.com:1234"
         identity = "/var/lib/teleport/plugins/email/auth_id"
 
-
         [smtp]
-        host          = "smtp.someservice.com"
+        host          = "smtp.example.com"
         port          = 1234
         username      = "mysmtpuser"
         password_file = "/etc/teleport/supersecretemailpw"
 
         starttls_policy = "mandatory"
+
         [delivery]
         sender = ""
         recipients = []
@@ -126,7 +127,7 @@ should match the snapshot (smtp on, password file):
         app.kubernetes.io/version: 9.2.3
         helm.sh/chart: teleport-plugin-email-9.2.3
       name: RELEASE-NAME-teleport-plugin-email
-should match the snapshot (smtp on, starttls disabled):
+should match the snapshot (smtp on, roleToRecipients set):
   1: |
     apiVersion: v1
     data:
@@ -135,14 +136,50 @@ should match the snapshot (smtp on, starttls disabled):
         addr = "teleport.example.com:1234"
         identity = "/var/lib/teleport/plugins/email/auth_id"
 
+        [smtp]
+        host          = "smtp.example.com"
+        port          = 1234
+        username      = "mysmtpuser"
+        password      = "mysmtppasswd"
+
+        starttls_policy = "mandatory"
+
+        [delivery]
+        sender = "[email protected]"
+
+        [role_to_recipients]
+        "*" = ["[email protected]"]
+        "dev" = ["[email protected]"]
+
+        [log]
+        output = "/var/log/teleport-email.log"
+        severity = "DEBUG"
+    kind: ConfigMap
+    metadata:
+      labels:
+        app.kubernetes.io/instance: RELEASE-NAME
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: teleport-plugin-email
+        app.kubernetes.io/version: 9.2.1
+        helm.sh/chart: teleport-plugin-email-9.2.1
+      name: RELEASE-NAME-teleport-plugin-email
+should match the snapshot (smtp on, starttls disabled):
+  1: |
+    apiVersion: v1
+    data:
+      teleport-email.toml: |
+        [teleport]
+        addr = "teleport.example.com:1234"
+        identity = "/var/lib/teleport/plugins/email/auth_id"
 
         [smtp]
-        host          = "smtp.someservice.com"
+        host          = "smtp.example.com"
         port          = 1234
         username      = "mysmtpuser"
         password_file = "/etc/teleport/supersecretemailpw"
 
         starttls_policy = "disabled"
+
         [delivery]
         sender = ""
         recipients = []

charts/access/email/tests/configmap_test.yaml

@@ -9,7 +9,7 @@ tests:
       maingun.enabled: false
       smtp:
         enabled: true
-        host: smtp.someservice.com
+        host: smtp.example.com
         port: 1234
         username: mysmtpuser
         password: mysmtppasswd
@@ -24,14 +24,39 @@ tests:
     asserts:
       - matchSnapshot: {}
 
+  - it: should match the snapshot (smtp on, roleToRecipients set)
+    set:
+      teleport:
+        address: teleport.example.com:1234
+      maingun.enabled: false
+      smtp:
+        enabled: true
+        host: smtp.example.com
+        port: 1234
+        username: mysmtpuser
+        password: mysmtppasswd
+        starttlsPolicy: mandatory
+      delivery:
+        sender: [email protected]
+      roleToRecipients:
+        '*':
+          - [email protected]
+        'dev':
+          - '[email protected]'
+      log:
+        output: /var/log/teleport-email.log
+        severity: DEBUG
+    asserts:
+      - matchSnapshot: {}
+
   - it: should match the snapshot (smtp on, password file)
     set:
       teleport:
         address: teleport.example.com:1234
       maingun.enabled: false
       smtp:
         enabled: true
-        host: smtp.someservice.com
+        host: smtp.example.com
         port: 1234
         username: mysmtpuser
         passwordFile: /etc/teleport/supersecretemailpw
@@ -46,7 +71,7 @@ tests:
       maingun.enabled: false
       smtp:
         enabled: true
-        host: smtp.someservice.com
+        host: smtp.example.com
         port: 1234
         username: mysmtpuser
         passwordFile: /etc/teleport/supersecretemailpw
@@ -61,7 +86,7 @@ tests:
       maingun.enabled: false
       smtp:
         enabled: true
-        host: smtp.someservice.com
+        host: smtp.example.com
         port: 1234
         username: mysmtpuser
         passwordFile: /etc/teleport/supersecretemailpw

charts/access/email/values.schema.json

@@ -472,6 +472,33 @@
             },
             "additionalProperties": true
         },
+        "roleToRecipients": {
+            "$id": "#/properties/roleToRecipients",
+            "type": "object",
+            "default": {},
+            "examples": [
+                {
+                    "dev": [
+                        "devs-slack-channel"
+                    ],
+                    "*": [
+                        "[email protected]",
+                        "admin-slack-channel"
+                    ]
+                }
+            ],
+            "additionalProperties": {
+                "type": "array",
+                "items": {
+                    "type": "string",
+                    "examples": [
+                        "example-slack-channel",
+                        "[email protected]"
+                    ]
+                },
+                "minItems": 1
+            }
+        },
         "log": {
             "$id": "#/properties/log",
             "type": "object",

charts/access/email/values.yaml

@@ -77,6 +77,8 @@ delivery:
   sender: ""
   recipients: []
 
+roleToRecipients: {}
+
 log:
   output: stdout
   severity: INFO