Route the Request

Routing Rules

Let's implement our escalation logic for user impersonation requests. The rules we're following are as follows:

  • If the target account is a free tier account, allow the request
  • If the requesting user is assigned to the account, allow them to self-approve
  • Otherwise, send the request on to be approved by one of the on-call support managers

Setup

First, make sure the Sym SDK is installed. Create a Python file at sym/flows/impl.py.

We need to add a few boilerplate imports.

from sym import events
from sym.annotations import hook, reducer
from sym.integrations import slack, pagerduty

on_request Hook

We want to auto-escalate requests to impersonate free tier users. This is accomplished by implementing the on_request hook, which runs after a request is made, but before it is routed.

@hook
def on_request(req):
    # Automatically approve requests for free tier customers
    if req.fields["customer_plan"] == "free":
        return events.approval.approve()

get_approver Reducer

The get_reducer approver takes in a request, and returns the set of people who can approve or deny that request. It is often a function of the requesting user, requested resource (account, in this case), and state from elsewhere (your Django models, in this case).

@reducer
def get_approver(req):
    # If the user is assigned to this account, then they can self-approve.
    if req.fields["is_assigned"]:
        return slack.user(req.user)
    else: # Otherwise, send the approval to the on-call managers.
        on_call_mgrs = pagerduty.on_call(schedule="id_of_mgr_on_call")
        # This would cause each on-call manager to be DMed
        return [slack.user(x) for x in on_call_mgrs]

Provision the Flow

Now that we've implemented our Python hooks with the Sym SDK, we can finally deploy the Flow!

$ terraform apply

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # sym_flow.this will be created
  + resource "sym_flow" "this" {
    ...
  }
  
Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

sym_flow.this: Creating...
sym_flow.this: Creation complete after 1s [id=82fe11633-1412-493e-821b-de708ba089e5]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

Did this page help you?