Skip to content

This app enables you to interact with Cloud Run on Slack

Notifications You must be signed in to change notification settings

nakamasato/cloud-run-slack-bot

Repository files navigation

Cloud Run Slack Bot

This is a simple Slack bot running on Cloud Run with which you can interact with Cloud Run services.

preview

Architecture

Features

  1. Interact with Cloud Run service on Slack.
    1. Get metrics of Cloud Run service.
    2. Describe Cloud Run service.
  2. Receive notification for Cloud Run audit logs on Slack.

Cloud Run

Roles

  1. roles/run.viewer: To get information of Cloud Run services
  2. roles/monitoring.viewer: To get metrics of Cloud Run services

Environment Variables

  1. PROJECT: GCP Project ID to monitor
  2. REGION: GCP Region to monitor
  3. SLACK_BOT_TOKEN: Slack Bot Token
  4. SLACK_SIGNING_SECRET: Slack bot signing secret
  5. SLACK_APP_TOKEN (optional): Slack oauth token (required for SLACK_APP_MODE=socket)
  6. SLACK_APP_MODE: Slack App Mode (http or socket)
  7. SLACK_CHANNEL (optional): Slack Channel ID to receive notification for Cloud Run audit logs
  8. TMP_DIR (optional): Temporary directory for storing images (default: /tmp)

Deploy

PROJECT=your-project
REGION=asia-northeast1

Initial Setup

echo -n "xoxb-xxxx" | gcloud secrets create slack-bot-token --replication-policy automatic --project "$PROJECT" --data-file=-
echo -n "your-signing-secret" | gcloud secrets create slack-signing-secret --replication-policy automatic --project "$PROJECT" --data-file=-
gcloud iam service-accounts create cloud-run-slack-bot --project $PROJECT
# allow app to access the secret
gcloud secrets add-iam-policy-binding slack-bot-token \
    --member="serviceAccount:cloud-run-slack-bot@${PROJECT}.iam.gserviceaccount.com" \
    --role="roles/secretmanager.secretAccessor" --project ${PROJECT}
gcloud secrets add-iam-policy-binding slack-signing-secret \
    --member="serviceAccount:cloud-run-slack-bot@${PROJECT}.iam.gserviceaccount.com" \
    --role="roles/secretmanager.secretAccessor" --project ${PROJECT}
# allow app to get information about Cloud Run services
gcloud projects add-iam-policy-binding $PROJECT \
    --member=serviceAccount:cloud-run-slack-bot@${PROJECT}.iam.gserviceaccount.com --role=roles/run.viewer
# allow app to get metrics of Cloud Run services
gcloud projects add-iam-policy-binding $PROJECT \
    --member=serviceAccount:cloud-run-slack-bot@${PROJECT}.iam.gserviceaccount.com --role=roles/monitoring.viewer

Deploy to Cloud Run

gcloud run deploy cloud-run-slack-bot \
    --set-secrets "SLACK_BOT_TOKEN=slack-bot-token:latest,SLACK_SIGNING_SECRET=slack-signing-secret:latest" \
    --set-env-vars "PROJECT=$PROJECT,REGION=$REGION,SLACK_APP_MODE=http,TMP_DIR=/tmp" \
    --image nakamasato/cloud-run-slack-bot:0.0.2 \
    --service-account cloud-run-slack-bot@${PROJECT}.iam.gserviceaccount.com \
    --project "$PROJECT" --region "$REGION"

Slack App

  1. Create a new Slack App
  2. Add the following scopes:
  3. Install the app to your workspace
  4. Event Subscriptions
    • Request URL: https://your-cloud-run-url/slack/events
    • Subscribe to bot events: app_mention
  5. Interactivity & Shortcuts
    • Request URL: https://your-cloud-run-url/slack/interaction

Slack Channel Settings

  1. Remove preview for console.cloud.google.com

preview

More

  1. Terraform
  2. Auditing Notification

About

This app enables you to interact with Cloud Run on Slack

Resources

Stars

Watchers

Forks

Packages

 
 
 

Contributors 3

  •  
  •  
  •  

Languages