-
Notifications
You must be signed in to change notification settings - Fork 212
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Slack v2 Connection Resource #381
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice work! Can't wait to use this 🙂 🎉
I am using an API key with Full Access but getting a 401 for this resource only.
Any ideas why that would be? The Slack workspace has been added to PagerDuty and we have already set up some services using the web interface, now trying to add one using terraform. |
I now see the documentation says |
It still doesn't work with a user-level token that has authorized PagerDuty access to slack 🤷 |
@Glen-Moonpig I encountered the same problem. I was using PagerDuty Token with full access and was trying to create Slack V2 NG with terraform. It didn't work. Shouldn't we use Slack Token for it as well??? Any ideas?? |
I expect you need to use a user-level token because the user will need to have authorized OAuth access to their Slack account via the web. On the website UI for the Slack integration this is required to fetch a channel list. |
@Glen-Moonpig Hey mate, create a clean work directory and give it a try. I can manage resource smoothly now.
Don't forget to export user level token to env Have a try. But it's a pain to use user level token indeed. |
@m1n9o Do you need to set the provider "pagerduty" {
token = "api_level_token"
}
provider "pagerduty" {
alias = "user"
token = "user_level_token"
}
resource "pagerduty_slack_connection" "foo" {
provider = pagerduty.user
...
} |
@Glen-Moonpig I dont think so, I tried. It is only valid when PAGERDUTY_USER_TOKEN is set. Look here. |
Oh wow that is not good. We use module inputs for everything, no environment variables. |
Yeah it's not good, but I think you can just export it in where terraform executed. |
Grabbing an environment variable directly in the provider instead allowing the token to be taken as an input is really unfriendly and against the established design patterns for terraform providers. @heimweh @stmcallister Can this be fixed? I'm happy to submit a PR for this |
actually I can see this is being addressed in: https://github.com/PagerDuty/terraform-provider-pagerduty/pull/384/files Can you please also clarify the need for a separate User Token? |
@0x91 User level API Token is mandatory to manage Slack connections. |
@jbfavre Can you explain why it has to be done at the user level? I've seen situations like this at other organizations where they backed off of requiring user level authentication specifically because people want to be able to manage configuration in an automated way without having to create a ghost user. Requiring a pagerduty user level api key means I have to waste a user just to be able to automate slack configuration. If I use a user-level key for an actual user and that user leaves the organization or has a security breach then I have to reset the pagerduty-slack connection and potentially (?) all of the services that use that connection. This seems extremely short-sighted, especially in light of the fact that IaC is becoming so much more common now. Can Pagerduty please rethink this use case. |
@rabidscorpio not sure I'm the best candidate to do so, but I'll try anyway 😉 Now, why not using this OAuth token as an account token ? But, again, I'm not a PagerDuty developer, so I might be wrong in my analysis. Best, |
This adds a new resource for Slack v2 connections in PagerDuty. Fixes #73,#94,#280,#357,#365
Test results: