Slack Integration SaaS-only ENTERPRISE
This page describes the Slack Integration with Styra DAS that allows you to customize notifications for the decisions you want to receive in Slack. You can configure "out of the box" Notification rules or you can write Rego rules to select which decisions to post to Slack. For example, you can select Denied decisions, decisions related to specific namespaces, users, and decisions for certain images.
Overview
Styra's Slack Integration feature supports posting denials and other outcomes to Slack channels. Developers who only have access to Slack can see why actions on their deployments are denied by an organization's policy. Styra DAS workspace administrators or system owners who have access to these channels can go directly from the post in Slack into Styra DAS to troubleshoot or developers can share the post with their Styra administrators.
Enable Slack Integration for Styra DAS
To enable Slack Integration for Styra DAS:
- Add the application to Slack workspace from Styra DAS.
- Configure notification rules that post decision outcomes to Slack per Kubernetes system or stack.
Configure Slack Integration
Use Styra DAS to govern the development, staging, and production environments. As an administrator, you can set up Styra DAS to post messages. For example, posting Denied decisions to your development teams' Slack channels for these environments.
Connect DAS to Slack
Click on Your Workspace Name >> Settings tab >> Slack Integration page >> Add to Slack button to add the Styra Slack App to your Slack workspace. This action will trigger a standard OAuth 2 workflow. After the requested scopes are granted, the Styra Slack App is added, Styra DAS is connected to Slack and you will be redirected back to Styra's Slack App status page.
Configure Notifications
Now, each Kubernetes system and stack has a new Notifications policy. A workspace administrator or system owner can add and configure predefined Slack Notification Rules, or write their own Rego, that will post decisions that satisfy these rules to their Slack App channels.
The notification rules are configured as follows:
a. Go to your WORKSPACE >> Systems >> your Kubernetes System.
b. Click on the expand/collapse arrow to view the policies.
c. Click Notifications policy. This policy is only visible when Slack is installed. If Slack was installed and then uninstalled, the last updated version of notification policy (instead of empty one) will appear.
d. In the Notifications pane, click Add rule button to add and configure one or more predefined Slack Notification rules.
For example, if each developer team has an assigned namespace in your system’s (dev-k8-system
) Kubernetes cluster, and there are existing Slack channels corresponding to those namespaces (ops-<Namespace>-devs
) then do the following:
-
For
dev-k8-system
, add the Notification rule:Slack: Post Denials to Namespace Channel
: Post denied decisions to a channel named prefix - namespace - suffix. -
Set the rule’s channel_prefix parameter to
ops
and its channel_suffix parameter todevs
.
e. Select the Notify toggle button on the rule to enable Slack notifications and publish the policy.
-
The Styra Slack App does not request channel creation scope from Slack. Therefore, Styra will not be able to deliver the message if the channels configured in the rule do not exist.
-
For more information on how notifications are generated by a
notification
policy from a System or Stack, see the Notification Policy page.
When a denial is triggered for dev-k8-system
, it is posted to the development team’s Slack channel for the namespace.
You can trace the details about that notification by clicking on the link in the message. Styra DAS opens the decision where you can view more details and debug. Clicking the Replay button replays the decision and allows you to see the rule(s) that triggered the denial.
Mute and Unmute Messages
To mute messages through Styra DAS:
- To mute a notification rule, click Ignore toggle button and publish the policy.
- To unmute a notification rule, click Notify toggle button and publish the policy.
Handle Errors
Styra system is designed to keep track of the notifications sent to Slack. When errors occur, the system tries on the failed notifications until either it succeeds or the application is uninstalled. In this way, the system ensures that each important notification will eventually reach the user given possible dependency failures such as intermediate network failure or Slack server being down. The error handling is subject to change based on further improvements.
View Integration Status
To view the status of Slack Integration, click on your workspace name >> Settings >> Slack Integration page.
Uninstall or Remove Slack
To uninstall or remove Styra Slack App and disconnect Styra DAS from Slack, click on your workspace name >> Settings >> Slack Integration >> Remove Slack button.
Use the APIs
The list of related APIs are located in the Notifications page.
Troubleshoot Slack Integration
This section describes problems, possible causes, recommended actions, and error messages, if applicable to the problem.
Problems and Solutions
The following section describe possible problems and solutions.
Users see too many messages
When you see too many messages than expected, do the following:
Check your notification policy configuration by doing the following steps. It is important to note that Styra DAS alerts each decision if the notification
is not empty.
Select the system or stack for which you defined the Notification rules.
a. Click Decisions tab.
b. Enter channel:
into the Filter located at the bottom of the screen and hit the ENTER
or return
key to view decisions that have notifications.
Styra DAS displays all the decisions with details that have the following notification object format.
{
"notifications": [
{
"message": {
"channel": "slack-test",
"type": "slack"
}
}
]
}
c. Expand the details for a decision. Scroll down or use the browser’s Find command to view the notifications
object to see if you have correctly configured every rule to send your decision to the correct channel. If there is more than one entry, then multiple messages will be displayed for a single decision.
d. If you encounter an error in the policy then you can fix it. When you encounter an error in the software then you must Contact Support.
Users cannot see the expected messages
When you cannot see the expected messages, do the following:
a. Check the status of Slack Integration to see if Slack is installed properly. Styra recommends that you uninstall or remove Styra's Slack App and reinstall it to fix any installation problems.
b. Ensure your notification policies are set properly. The decision which you expect to see notification for should contain a notification
object in it as described above.
c. Check if the channel you expect to see the message exists in your Slack workspace.
Users see unexpected messages
When you see unexpected messages, do the following:
a. (Optional) Uninstall the application and then reinstall when it is required.
b. Check the decision which you do not expect to see in notification and make sure the result >> outcome >> notification is empty.