Add RequestProjectRole API

Makefile

@@ -409,6 +409,13 @@ test-notification:
 		-d '{"project_id":1001, "notification_id":1001}' \
 		$(CORE_API_ADDR) core.alert.AlertService.TestNotification
 
+.PHONY: request-authz-notification
+request-authz-notification:
+	$(GRPCURL) \
+		-plaintext \
+		-d '{"project_id":1001,  "project_name": "projectA", "user_name":"userA"}' \
+		$(CORE_API_ADDR) core.alert.AlertService.RequestAuthzNotification
+
 .PHONY: analyze-alert
 analyze-alert:
 	$(GRPCURL) \

pkg/server/alert/alert_notification.go

@@ -5,6 +5,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"sort"
 	"time"
 
 	"github.com/ca-risken/core/pkg/model"
@@ -219,6 +220,34 @@ func (a *AlertService) TestNotification(ctx context.Context, req *alert.TestNoti
 	return &empty.Empty{}, nil
 }
 
+func (a *AlertService) RequestAuthzNotification(ctx context.Context, req *alert.RequestAuthzNotificationRequest) (*empty.Empty, error) {
+	if err := req.Validate(); err != nil {
+		return nil, err
+	}
+	notifications, err := a.repository.ListNotification(ctx, req.ProjectId, "slack", 0, time.Now().Unix())
+	sort.Slice((*notifications), func(i, j int) bool {
+		return (*notifications)[i].NotificationID < (*notifications)[j].NotificationID
+	})
+	notification := &(*notifications)[0]
+	if err != nil {
+		if errors.Is(err, gorm.ErrRecordNotFound) {
+			return &empty.Empty{}, nil
+		}
+		return nil, err
+	}
+	switch notification.Type {
+	case "slack":
+		err = a.sendSlackRequestAuthzNotification(ctx, a.baseURL, notification.NotifySetting, a.defaultLocale, req.UserName, req.ProjectName, req.ProjectId)
+		if err != nil {
+			a.logger.Errorf(ctx, "Error occured when sending request authz slack notification. err: %v", err)
+			return nil, err
+		}
+	default:
+		a.logger.Warnf(ctx, "This notification_type is unimprement. type: %v", notification.Type)
+	}
+	return &empty.Empty{}, nil
+}
+
 func (a *AlertService) convertNotification(ctx context.Context, n *model.Notification, mask bool) (*alert.Notification, error) {
 	if n == nil {
 		return &alert.Notification{}, nil

pkg/server/alert/alert_slack.go

@@ -37,10 +37,15 @@ const (
 	- Remove the root cause of the problem
 	- If it is an intentional setup/operation and the risk is small, archive it
 	- If the nature of the problem is not urgent and immediate action is difficult, set a target deadline and PEND`
-	slackNotificationAttachmentJa  = "その他、%d件すべてのFindingは <%s/alert/alert?project_id=%d&from=slack|アラート画面> からご確認ください。"
-	slackNotificationAttachmentEn  = "Please check all %d Findings from <%s/alert/alert?project_id=%d&from=slack|Alert screen>."
-	slackNotificationTestMessageJa = "RISKENからのテスト通知です"
-	slackNotificationTestMessageEn = "This is a test notification from RISKEN"
+	slackNotificationAttachmentJa          = "その他、%d件すべてのFindingは <%s/alert/alert?project_id=%d&from=slack|アラート画面> からご確認ください。"
+	slackNotificationAttachmentEn          = "Please check all %d Findings from <%s/alert/alert?project_id=%d&from=slack|Alert screen>."
+	slackNotificationTestMessageJa         = "RISKENからのテスト通知です"
+	slackNotificationTestMessageEn         = "This is a test notification from RISKEN"
+	slackRequestAuthzNotificationMessageJa = `<!here> %sさんが
+      あなたのプロジェクト%sへのアクセスをリクエストしました。
+      問題がなければ<%s/iam/user?project_id=%d&from=slack|ユーザー一覧>から%sさんを招待してください。`
+	slackRequestAuthzNotificationMessageEn = `<!here> %s has requested access to your Project %s. 
+	  If there are no issues, please check <%s/iam/user?project_id=%d&from=slack|the user list> and invite Person %s.`
 )
 
 func (a *AlertService) sendSlackNotification(
@@ -111,6 +116,37 @@ func (a *AlertService) sendSlackTestNotification(ctx context.Context, url, notif
 	return nil
 }
 
+func (a *AlertService) sendSlackRequestAuthzNotification(ctx context.Context, url, notifySetting, defaultLocale, userName, projectName string, projectID uint32) error {
+	var setting slackNotifySetting
+	if err := json.Unmarshal([]byte(notifySetting), &setting); err != nil {
+		return err
+	}
+
+	var locale string
+	switch setting.Locale {
+	case LocaleJa:
+		locale = LocaleJa
+	case LocaleEn:
+		locale = LocaleEn
+	default:
+		locale = defaultLocale
+	}
+
+	if setting.WebhookURL != "" {
+		webhookMsg := getRequestAuthzWebhookMessage(setting.Data.Channel, locale, userName, projectName, url, projectID)
+		if err := slack.PostWebhook(setting.WebhookURL, webhookMsg); err != nil {
+			return fmt.Errorf("failed to send slack(webhookurl): %w", err)
+		}
+	} else if setting.ChannelID != "" {
+		if err := a.postMessageSlackWithRetry(ctx,
+			setting.ChannelID, slack.MsgOptionText(getRequestAuthzSlackMessageText(locale, userName, projectName, url, projectID), false)); err != nil {
+			return fmt.Errorf("failed to send slack(postmessage): %w", err)
+		}
+	}
+
+	return nil
+}
+
 func (a *AlertService) postMessageSlack(channelID string, msg ...slack.MsgOption) error {
 	if _, _, err := a.slackClient.PostMessage(channelID, msg...); err != nil {
 		var rateLimitError *slack.RateLimitedError
@@ -249,6 +285,28 @@ func getTestSlackMessageText(locale string) string {
 	return msgText
 }
 
+func getRequestAuthzWebhookMessage(channel, locale, projectName, userName, url string, projectID uint32) *slack.WebhookMessage {
+	msg := slack.WebhookMessage{
+		Text: getRequestAuthzSlackMessageText(locale, userName, projectName, url, projectID),
+	}
+	// override message
+	if channel != "" {
+		msg.Channel = channel
+	}
+	return &msg
+}
+
+func getRequestAuthzSlackMessageText(locale, projectName, userName, url string, projectID uint32) string {
+	var msgText string
+	switch locale {
+	case LocaleJa:
+		msgText = slackRequestAuthzNotificationMessageJa
+	default:
+		msgText = slackRequestAuthzNotificationMessageEn
+	}
+	return fmt.Sprintf(msgText, userName, projectName, url, projectID, userName)
+}
+
 func getColor(severity string) string {
 	switch severity {
 	case "high":