Notify requester and approvers via Slack on access request creation and completion (#258)

jonathanhle · web-flow · commit 6d7007cf00e2 · 2025-05-08T12:23:31.000-07:00
diff --git a/examples/plugins/notifications_slack/notifications.py b/examples/plugins/notifications_slack/notifications.py
@@ -168,24 +168,29 @@ def send_message() -> Dict[str, Any]:
             logger.error(f"Failed to send Slack DM to {user.email} after multiple attempts")
 
 
-def send_slack_channel_message(message: str) -> None:
+def send_slack_channel_message(user: OktaUser, message: str) -> None:
     """Send a message to a Slack channel with retry logic.
 
     Args:
         message (str): The message content.
+        user (OktaUser): The user to relate the message to.
     """
     if alerts_channel:
+        user_id = get_user_id_by_email(user.email)
 
-        def send_message() -> Dict[str, Any]:
-            response = client.chat_postMessage(
-                channel=alerts_channel, text=message, as_user=True, unfurl_links=True, unfurl_media=True
-            )
-            logger.info(f"Slack channel message sent: {response['ts']}")
-            return response
+        if user_id:
+            channel_message = f"{user.email} - {message}"
 
-        result = retry_operation(send_message)
-        if not result:
-            logger.error(f"Failed to send message to channel {alerts_channel} after multiple attempts")
+            def send_message() -> Dict[str, Any]:
+                response = client.chat_postMessage(
+                    channel=alerts_channel, text=channel_message, as_user=True, unfurl_links=True, unfurl_media=True
+                )
+                logger.info(f"Slack channel message sent: {response['ts']}")
+                return response
+
+            result = retry_operation(send_message)
+            if not result:
+                logger.error(f"Failed to send message to channel {alerts_channel} after multiple attempts")
 
 
 @notification_hook_impl
@@ -214,8 +219,13 @@ def access_request_created(
         send_slack_dm(approver, approver_message)
     logger.info(f"Approver message: {approver_message}")
 
+    # Send the message to the requester only if they're not already an approver
+    if requester.id not in [approver.id for approver in approvers]:
+        send_slack_dm(requester, approver_message)
+        logger.info("Requester received creation notification")
+
     # Post to the alerts channel
-    send_slack_channel_message(approver_message)
+    send_slack_channel_message(requester, approver_message)
 
 
 @notification_hook_impl
@@ -224,7 +234,6 @@ def access_request_completed(
     group: OktaGroup,
     requester: OktaUser,
     approvers: List[OktaUser],
-    notify_requester: bool,
 ) -> None:
     """Notify the requester that their access request has been processed.
 
@@ -233,7 +242,6 @@ def access_request_completed(
         group (OktaGroup): The group for which access is requested.
         requester (OktaUser): The user requesting access.
         approvers (List[OktaUser]): The list of approvers.
-        notify_requester (bool): Whether to notify the requester.
     """
     access_request_url = get_base_url() + f"/requests/{access_request.id}"
     emoji = ":white_check_mark:" if access_request.status.lower() == "approved" else ":x:"
@@ -244,12 +252,17 @@ def access_request_completed(
     )
 
     # Send the message to the requester
-    if notify_requester:
-        send_slack_dm(requester, requester_message)
+    send_slack_dm(requester, requester_message)
     logger.info(f"Requester message: {requester_message}")
 
+    # Send the message to all approvers (except the requester)
+    for approver in approvers:
+        if approver.id != requester.id:  # Skip if approver is the requester
+            send_slack_dm(approver, requester_message)
+    logger.info("Approvers received completion notification")
+
     # Post to the alerts channel
-    send_slack_channel_message(requester_message)
+    send_slack_channel_message(requester, requester_message)
 
 
 @notification_hook_impl
@@ -275,7 +288,7 @@ def access_expiring_user(groups: List[OktaGroup], user: OktaUser, expiration_dat
     logger.info(f"User message: {message}")
 
     # Post to the alerts channel
-    send_slack_channel_message(message)
+    send_slack_channel_message(user, message)
 
 
 @notification_hook_impl
@@ -312,7 +325,7 @@ def access_expiring_owner(
         logger.info(f"Owner message: {message}")
 
         # Post to the alerts channel
-        send_slack_channel_message(message)
+        send_slack_channel_message(owner, message)
 
     if roles is not None and len(roles) > 0:
         expiring_access_url = get_base_url() + "/expiring-roles?owner_id=@me"
@@ -331,4 +344,4 @@ def access_expiring_owner(
         logger.info(f"Owner message: {message}")
 
         # Post to the alerts channel
-        send_slack_channel_message(message)
+        send_slack_channel_message(owner, message)
