Slack Bot
- 1 Disclaimer
- 2 Overview
- 3 Version Information
- 4 Software Requirements
- 5 Key Features
- 6 How to Start
- 7 Import Universal Template
- 8 Slack Application Installation & UC Extension Configuration
- 9 Configure Universal Task
- 10 Task Examples
- 11 Task Output
- 11.1 Output Only Fields
- 11.2 STDOUT and STDERR
- 12 Available Commands
- 12.1 Rerun Task Instance
- 12.2 Hold Task Instance
- 12.3 Force Finish/Cancel Task Instance
- 12.4 Get Task Instances
- 12.5 Get Late Tasks
- 12.6 Get Task Instance Output
- 12.7 Get Task Instance Info
- 12.8 Schedule Ad hoc Run
- 12.9 Get Agents
- 12.10 Run Report
- 13 Integration Modifications
- 14 Document References
- 15 Changelog
Disclaimer
Your use of this download is governed by Stonebranch’s Terms of Use, which are available at https://www.stonebranch.com/integration-hub/Terms-and-Privacy/Terms-of-Use/
Overview
Slack is a messaging app for business that connects people to the information they need. By bringing people together to work as one unified team, Slack transforms the way organizations communicate.
This Universal Extension creates a Slack Bot that provides the capability to directly interact with Universal Controller, by executing Slack Commands.
Version Information
Template Name | Extension Name | Extension Version |
|---|---|---|
Slack Bot | ue-slack-bot | 1.0.2 |
Refer to Changelog for version history information.
Software Requirements
This integration requires a Universal Agent and a Python runtime to execute the Universal Task.
Software Requirements for Universal Template and Universal Task
Requires Python 3.7.0 or higher. Tested with the Universal Agent bundled Python distribution.
Software Requirements for Universal Agent
Both Windows and Linux agents are supported.
Universal Agent for Windows x64 Version 7.1.0.0 and later with python options installed.
Universal Agent for Linux Version 7.1.0.0 and later with python options installed.
Software Requirements for Universal Controller
Universal Controller Version 7.1.0.0 and later.
Network and Connectivity Requirements
UE Slack Bot needs outbound connectivity with Slack , which is achieved by using WebSockets, connected in port 443. Additionally, it needs HTTPS outbound connectivity to the Universal Controller for the bot to answer Slack Commands.
Key Features
This Universal Extension provides Slack Commands that let a user gain information about reports, agents and task instances, or even alter the latter. These commands are the following:
Area of Interest | Available Commands |
|---|---|
Tasks and Instances | Rerun a Task Instance. |
Tasks and Instances | Hold a Task Instance. |
Tasks and Instances | Force Finish/Cancel a Task Instance. |
Tasks and Instances | Show Task Instances for specific filter parameters. |
Tasks and Instances | Show Late Task Instance with certain parameters. |
Tasks and Instances | Retrieve the output of a Task Instance. |
Tasks and Instances | Retrieve detailed information about a task instance. |
Tasks and Instances | Schedule an ad-hoc run of a task instance by enabling a trigger. |
Agents | Show the status of all available Universal agents |
Reports | Show a Report. |
Additionally, this extension provides the following features:
Help Menu: Quick access to all available commands.
Graphical & CLI interface: Trigger automation commands both through popup dialogs and "command-line" style interface.
Audit: Keep a detailed audit log on Slack users' interaction to the UAC Bot and the UAC.
Security & fine-grained access control (ACL): Limit the access to the UAC Bot using a private Slack channel (only members of this channel will be able to use the UAC Bot) & manage the level of access of your Slack users, on a resource level (making sure that the right users have access to available resources & actions).
How to Start
This extension is shipped with in-Slack dialogs available to your users, in order for them to be introduced to the basic Slack Bot functionality and provide on-going access to help menu. Here is a list of example screenshots that provide a step-by-step approach to a user for getting familiar to Slack Bot and successfully executing one Slack Bot command.
Step 1: Introduction of the Slack Bot to the users is done at the setup phase, where the Slack Bot greets the channel users with a small and informative message, guiding them on the next actions they could take.
Step 2: The help menu is available to the users whenever they need a list of available commands, from which they can even trigger the corresponding popup dialog (help menu is available though command /uacbot help).
Step 3: Triggering a Slack command from a popup dialog is helpful, as the dialog provides guidance on the available parameters and their values.
Step 4: Slack Bot command results are provided in-channel, with simple and informative messages.
Import Universal Template
To use the Universal Template, the following steps need to be followed:
This Universal Task requires the Resolvable Credentials feature. Check that the Resolvable Credentials Permitted system property has been set to true.
To import the Universal Template into your Controller, follow the instructions here.
When the files have been imported successfully, refresh the Universal Templates list; the Universal Template will appear on the list.
Modifications of this integration, applied by users or customers, before or after import, might affect the supportability of this integration. For more information refer to Integration Modifications.
Slack Application Installation & UC Extension Configuration
In order to use the Slack Bot extension, it is required to:
Create a Slack Application in your workspace.
Configure a slack channel for the UAC Slack bot to operate in.
Configure the extension to connect to the Slack Application.
Initialize channel participants and verify user access.
Those steps are described in detail in the following sections.
Slack Application Creation
Create Application
In order to create a new Slack Application in your workspace, the following steps using an admin account in your Slack workspace needs to be executed:
Navigate to the page which displays the applications created in your workspace: https://api.slack.com/apps
Select option: "Create an app".
Chose option: "From scratch".
Set App Name: "Stonebranch UAC Bot".
Set the workspace that the application will be installed in.
Press button "Create App", which should result to web browser redirection to the application settings page.
Create Application Token
The first configuration needed in this new application is to create an App-Level token, from the "Basic Information" page:
Scroll down to "App-Level Tokens" section .
Press "Generate Token and Scopes".
In the popup provided:
Add some token name (e.g. "app_token").
Add scope: "connections:write".
Press "Generate" button and copy the Token that was just created, it will later be used as input to the "Slack App Token" field of the Slack Bot task.
Close the popup and verify the new token is listed in "Tokens" list.
Apply application configuration
Most of the application configuration needed will be applied through a Manifest file, but on top of this, it is needed to do some additional configuration by hand.
Apply application Manifest file
Navigate to "App Manifest" section (navigation bar on the left) and follow the steps:
Select "YAML" preview.
Override the App Manifest with the following configuration:
display_information: name: Stonebranch UAC Bot description: Integrate Slack Workspace with UAC platform background_color: "#000000"settings: org_deploy_enabled: false token_rotation_enabled: false socket_mode_enabled: true interactivity: is_enabled: true event_subscriptions: bot_events: - app_mentionfeatures: app_home: home_tab_enabled: false messages_tab_enabled: false messages_tab_read_only_enabled: false bot_user: display_name: UACBot always_online: true slash_commands: - command: /uacbot description: Send commands to UAC Bot usage_hint: " [command] [parameters]" should_escape: falseoauth_config: scopes: bot: - app_mentions:read - channels:read - chat:write - commands - files:write - links:write - users:read - groups:read
3. Press "Save Changes".
4. After this step make sure the following settings are set correctly:
Basic Information > Add Features and functionality > Slash Commands: Only one command was created with name '/uacbot'.
Basic Information > Add Features and functionality > Event Subscriptions: Should be enabled, and socket mode identified as enabled.
"Subscribe to bot events" list includes only event "app_mention".
"Subscribe to events on behalf of users" list should be empty.
"App unfurl domain" list should be empty.
Basic Information > Add Features and functionality > Bots:
Verify that Display Name (Bot Name) equals "UACBot".
Verify that Default Name equals "uacbot".
Verify that "Always Show My Bot as Online" is checked.
Verify that Show Tabs > Home Tab is disabled.
Verify that Show Tabs > Messages Tab is disabled.
Basic Information > Add Features and functionality > Permissions:
Verify that in Scopes > Bot Token Scopes list only these scopes are included:
app_mentions:read
channels:read
chat:write
commands
files:write
links:write
users:read
Verify that Scopes > User Token Scopes list is empty.
Application installation in workspace
Navigate to "OAuth & Permissions" (navigation bar on the left).
In section "OAuth Tokens for Your Workspace", select "Install to Workspace", review the requested permissions (they should match the Bot Token Scopes mentioned in previous section), and approve installation.
After successful installation, the web browser will be redirected back to "OAuth & Permissions" page, and a "Bot User OAuth Token" should now be available. Copy the Bot Token that was just created, it will later be used as input to the "Slack Bot Token" field of the Slack Bot task.
Application Icon
The final step in application configuration is setting the application icon that will be visible in all responses the Slack Bot will be posting. To set this up the following steps are required:
Navigate to "Basic Information" (navigation bar on the left).
Scroll down to the "Display Information" section.
Upload the icon provided here:
Configure a slack channel
After creating the new Slack Application, using again a Slack admin account, follow the steps:
Create a new private Slack channel in your workspace (naming is not important).
Copy the channel ID from the channel info (right click on channel -> get channel details), it will later be used as input to the "Slack Channel ID" field of the Slack Bot task.
Do not invite any Slack users to this channel yet.
Configure Universal Task
For a new Universal Task, create a new task, and enter the required input fields.
Input Fields
The input fields for this Universal Extension are described below.
Field | Input type | Default value | Type | Description |
|---|---|---|---|---|
Slack Bot token | Required | - | Credentials | The Slack bot token as obtained from Slack App. It is used to connect Slack Application with a Workspace.
|
Slack App token | Required | - | Credentials | The Slack app token obtained from Slack App. It is used to connect the Slack Bot with the corresponding Slack App.
|
Slack Channel ID | Required | - | Text | The Slack channel ID that the bot will connect. to. |
ACL | Required | - | Script | The JSON script that contains the ACL rules for your Slack. users. |
Universal Controller URL | Required | - | Text | The URL of the target UC (e.g. http://ue.stonebranch.org:8080/uc). |
Universal Controller Credentials | Required | - | Credentials | This extension uses RESTful Web Services API as a client, and in this field the corresponding username & password should be provided. This user should have Web Service Access enabled (directly or through System Default). It is strongly advised not to reuse admin or any existing user but create a new one used only for this specific integration.
|
UC REST API Timeout | Required | 20 | Text | The timeout (in seconds) that the Slack Bot will wait for UC to respond. If the UC won't respond in the specified time limit Slack will display a corresponding error to the user. |
Auditing | Optional | True | Checkbox | A variable that if selected the bot will provide auditing logs. |
ACL
ACL (Access Control List) is responsible for granting or denying permissions to your Slack users, on accessing specific functionality & resources on UC, through Slack commands. The access rights granted can be fine-grained, using rules that describe the explicit access right for a specific user, providing his e-mail local part(what everything is included before @ symbol) on a specific resource type and the corresponding action on that resource.
Permissions
The default permission (that is used even if it is not explicitly provided in configuration) is DENY for all users on all resources, meaning that by default no Slack user can run any Slack command. Users will be able to use the available Slack commands when rules that permit such actions are added to the ACL. More than one rules can be created for each user, so it is possible for your users to have different access rights per resource. Also this integration supports rules that can be used to specify access rights for multiple users and/or multiple resources, using the wildcard character '*'. This makes it easier to provide access rights to multiple users with a single access rule, but it should be used with caution.
Permissions Evaluation
The ACL rules are evaluated sequentially from the first to the last one, and access to a resource is provided either when an explicit rule is found that grants permission or if no rule denying permission is found in the list.
Permissions Configuration
The ACL configuration is based on UC Scripts (of type Data Script), and more specifically expressed with JSON format. It is expected to be consisted of rules for each user, where each rule has the following fields:
Key | Description |
|---|---|
resource | Whether a command is related to instances, agents or reports. Can be equal to "*" to refer to all available resources. |
action | Available actions that can be performed in a resource. Can be equal to "*" to refer to all available resources. |
permission | Whether the permission of the combination of specified action and resource is allowed or forbidden. |
ACL Rules to Slack Command Mapping
Command | Resource | Action |
|---|---|---|
rerun task instance | instance | instance.rerun |
hold task instance | instance | instance.hold |
force finish task instance | instance | instance.finish |
schedule ad hoc run | instance | instance.schedule |
get task instances | instance | instance.query |
get late tasks | instance | instance.query |
get task instance output | instance | instance.query |
get task instance info | instance | instance.query |
get agents | agent | agent.query |
run report | report | report.run |
Usage Examples
The order in which the rules are provided is essential. The first rule has the most priority whereas the last rule is the lowest priority.
Granting access to user with email "john.doe@company.com" to execute rerun task instance command.
{ "john.doe": [ { "resource": "instance", "action": "instance.rerun", "permission": "ALLOW" } ]}
Granting access to user with email "alice.smith@company.com" to execute rerun task instance and show agents status commands.
{ "alice.smith": [ { "resource": "instance", "action": "instance.rerun", "permission": "ALLOW" }, { "resource": "agent", "action": "agent.query", "permission": "ALLOW" } ]}
Granting access to user with email "john.doe@company.com" to execute all commands related to instances and allow user with email "alice.smith@example" to only run reports and hold task instances.
{ "john.doe": [ { "resource": "instance", "action": "*", "permission": "ALLOW" } ], "alice.smith": [ { "resource": "report", "action": "report.run", "permission": "ALLOW" }, { "resource": "instance", "action": "instance.hold", "permission": "ALLOW" } ]}
Granting access to all users to execute all the commands.
{ "*": [ { "resource": "*", "action": "*", "permission": "ALLOW" } ]}
Granting access to all users to execute all the commands but forbid a user with user with email "john.doe" to run reports.
{ "john.doe": [ { "resource": "report", "action": "report.run", "permission": "DENY" } ], "*": [ { "resource": "*", "action": "*", "permission": "ALLOW" } ]}
Initialize Channel Participants
At this point a new Slack Application should have been configured, an empty private Slack channel, and a Slack Bot task up and running (if this is not the case, please look for the root cause in the extension logs, after enabling Debug log level for the task). In Slack Bot task, an ACL list with the desired user permissions should have been set up also.
What is left for the UAC Slack Bot to be accessible to the users is to:
Invite the corresponding Slack users to the private channel.
Invite the UAC Slack Bot to the channel by just mentioning it (just type @uacbot and press enter).
UAC Slack Bot after being successfully invited to the channel will provide a greeting message for all the users to see. From this point on, users will have access to UAC Slack Bot based on the ACL configuration completed in previous step.
Task Examples
Example of UE Slack Bot Universal Task for starting the execution of the Slack Bot.
Task Output
Since this universal task is designed to operate endlessly, task output is provided only in case of an error in initialization phase or during task instance cancel.
In case of an initialization error the extension produces the following output with error code equals to 20 and invocation fields equal to the extension input.
{ "exit_code": 20, "status_description": "Rule report.query found in ACL is invalid. Please provide a valid rule", "invocation": { "extension": "ue-slack-bot", "version": "1.0.0", "fields": { "slack_bot_token": "****", "slack_app_token": "****", "slack_channel_id": "C01DL0HDZV0", "acl_configuration": "/home/ue-dev/lindev71p377/data/tmp/a32c170f-fd15-4380-b675-e7dde8d6a10a", "uc_url": "http://ue-uac-dev.stonebranch.org/uc", "uc_creds_username": "****", "uc_creds_password": "****", "uc_timeout": 20, "auditing": true } }}
Output Only Fields
The output only fields for this Universal Extension provide operational information of the Slack Bot and are described below.
Field | Type | Description |
|---|---|---|
Total Requests Handled | Text | The total request slack bot has handled since starting |
Total Requests Succeeded | Text | The total request slack bot has returned a successful response |
Total Requests Failed | Text | The total request slack bot has returned a failed response |
Total Validation Errors | Text | The sum of validation errors that slack bot raised |
Total Permission Errors | Text | The sum of permission errors that slack bot raised |
STDOUT and STDERR
STDOUT and STDERR provide additional information to the user. The populated content can be changed in future versions of this extension without notice. Backward compatibility is not guaranteed.
In STDOUT the application also prints auditing logs, if the respective input field checkbox is selected. One example audit log entry for the user "john.doe@company.com" running the command :
<datetime> AUDIT - user:john.doe, channel:C049CHU74P9, command:Get Agents Status, parameters:['groupby:"operating system"'], result: SUCCESS
Available Commands
All the available commands can be executed in two different ways, through Slack's popup interface or directly as a command with parameters. Moreover, all commands require the /uacbot prefix followed by the command name to be recognized as commands by Slack.
In case a user wants to run a command directly the accepted input format is the following:
/uacbot <command_name> parameter_1:'value' parameter_2:'value'
If a command is to be executed through popup interface, then the accepted format is the following
/uacbot <command_name>
Rerun Task Instance
Rerun Task Instance command lets a user to re-run a task instance in Universal Controller. This is possible only if the task instance is not deleted. In case it belongs to a workflow, the workflow should not be deleted, too.
To qualify for re-run, a task instance status must be in one of the following: Success, Start Failure, Failed, Cancelled, Finished.
Command Usage
Command Name: rerun task instance
Parameters | Description | Values and Constraints | Required | Default |
|---|---|---|---|---|
id | sys_id used within the Universal Controller to identify this task instance | Same with Universal Controller | True | - |
Command Examples
/uacbot rerun task instance id:'<some_valid_id>'
Hold Task Instance
Hold Task Instance command lets a user to hold a task instance in the Universal Controller. If a Workflow is put on Hold and has not yet started, the Workflow and all the task instances in it are put on Hold state.
If the command is triggered for a Workflow when it is in Running status, all the task instances within the Workflow that have not yet started are put on Hold; however, the Workflow itself does not go to Hold status because it already has started.
Command Usage
Command Name: hold task instance
Parameters | Description | Values and Constraints | Required | Default |
|---|