Description:
Worked as a consultant with TELUS Digital and DevOps teams to build an enterprise Slack app for reviewing and approving installation of other Slack apps across their enterprise grid of 50+ workspaces. Also developed custom scripting for a SCIM solution to automatically add new employees to their business workspace.
Case Study:
As a senior consultant at Slalom, I developed the Slack App Approval Bot (SAAB) as a prototype offering, which caught the attention of the Slack product owners at TELUS. After starting an engagement, we worked with Slack and the TELUS InfoSec team to classify Slack app permission scopes as low, medium, and high risk. After getting approval from InfoSec and teaming up with the Cloud Center of Excellence, I was able to set up automated testing and deployment to GCP Kubernetes Engine in a staging environment, with the SAAB in a Slack Grid sandbox. Our clients were able to follow updates to the app in the sandbox and provide feedback along the way.
Prior to the SAAB, users trying to install Slack apps were left waiting for approval from their workspace admins because the process was opaque and confusing. Working with the owner of the Slack grid, we were able to develop a solution that cemented this process for all of TELUS' nearly 100,000 users.
The bot handles requests differently for internal/custom apps and 3rd-party apps. Allowing internal developers to have custom apps automatically approved in some cases. For apps that weren't automatically approved, admins get a custom tailored message in a private channel with the option to approve or reject requests. While another private log channel contains all the requests. Admins also have the ability to update the security ratings within Slack and rate new permission scopes as they are added.
After several months of testing and iterative development, we had a highly-stable, user-friendly, and production-ready Slack bot! We set a date and I prepared the production deployment channels, documentation, and announced the coming change. We went live after-hours, while most employees were sleeping.
While monitoring the bot activity closely for several weeks, I was able to quickly patch a few bugs, thanks to the effective CI/CD. We also ironed out a few issues with existing Slack apps in the process!
Technology Used:
- Slack Bolt for Python
- Prisma ORM
- Postgres DB
- GitHub Actions, Google Cloud Build, GKE
App Functionality:
- Bot receives installation requests from every workspace on the grid – including future ones!
#apps-approve-log
channel contains all the activity.#apps-approve
channel acts as a queue when admins need to act on a request.- Requesting users get a message from the bot when required to gather more information.
- Low risk apps may be auto-approved!
- State-of-the-art DevOps pipeline – automated testing and deployment to GKE with GitHub Actions.