Automation - Slack Integration
Overview
The slack integration consists of two things a Slack Bot which needs to be configured in Slack and Slack module in Matrix which handles our side of the communication.
Once the Slack bot has been created it needs to be linked to Matrix using the Matrix Administration client.
Once the two are connected, you can configure the messages exchanged between the two using Slack commands.
Enable Slack in Matrix
The first step is to enable slack in Matrix: this is done in the main Extensions menu of Matrix admin:
Then click on the extended plugin settings and enter this:
{"temp":"temp"}
Creating a Matrix Bot for Slack
- Go to https://api.slack.com/
- If needed login
- In the top right: click "Your Apps"
- Click "Create App", fill the form
- Create a Bot (click Bots)
- Add a Bot User
- Fill the form
- Click on OAuth and Permissions
Click Install App to Workspace
Authorize this .... - Scroll Down To Scopes
Add chat.write.bot
Add channels.write and click on Save Changes - Go to top and reinstall the App
- Back to slack app configuration: Click left on "Event Subscriptions" and
Enable Events
and than set up the connection with matrix
Note: these settings define how text entered in slack is pushed to matrix to do clever stuff (like recognizing matrix item ids)
- Add your webhook url
the url is https://YOUR_MATRIX_DOMAIN.matrixreq.com/rest/1/all/webhook/501
slack will check the URL and you should see a Verified behind Request URL - Add a Workspace Event: Select the message.channels event
- save and reinstall the app as requested
- Add your webhook url
- Create new slash command called /matrix
- as url use the same as above: https://YOUR_MATRIX_DOMAIN.matrixreq.com/rest/1/all/webhook/501
- save and reinstall the app as requested
Linking the Slack Bot to Matrix
- Copy the OAuth Access Token to Matrix
- click on Copy behind the OAuth Access Token
- click on Copy behind the OAuth Access Token
- In the Matrix administration client go to the Extension folder YOURDOMAIN.matrixreq.com/adminConfig/extensions
- add https://slack.com/api as end point for slack
- add the token to the matrix config page
- create a read only Matrix user which has read access to all relevant projects, and add it under user impersonation. Make sure to activate the user through the email sent during creation.
Note: this settings defines the push connection from Matrix to slack.
Improving security
To avoid some unwilling access to Matrix through the Slack plugin, we strongly suggest you add the following steps:
In Slack you take a copy of the Signing Secret below:
Then add this into the extended plugin settings:
As soon as you add this slackSigningSecret field in the extended settings json, all requests from Slack to Matrix will be verified against their signature through a HMAC-SHA256 keyed hash as explained here in the Slack documentation:
https://api.slack.com/docs/verifying-requests-from-slack
Configure what to listen to and how to respond
Invite MatrixBot / private Slack channels
In order for the MatrixBot to listen to messages in private channels, you need to explicitly invite the MatrixApp to these channels.
Note: this does not seem to work consistently on the slack side... so it's not recommended to use private slack channels
/invite MatrixApp
Configure Events and Messages
Note: here we define in which slack channels, matrix should listen in and what should be done if Matrix ids are recognized
- select a slack channel you want to hook up to the matrix bot
- type /matrix help
Note: this will print all commands understood by the matrix bot to subscribe to messages use the following command
Subscribe Syntax/matrix subscribe PROJECT CATEGORIES ACTION TEMPLATE(optional)
- PROJECT is the id of a project
- CATEGORIES can be * for all categories, to a comma separated list of categories, e.g. REQ,SPEC
- ACTION is either
- refer: to indicate that if you type PROJECT/ITEM-ID the matrix bot should display a hperlink and the item's title (or whatever specified in the TEMPLATE parameter)
- mention: is the same as a refer, but the PROJECT is implicit, so it does not need to be typed. Note: there can only one mention per channel
- item_edited: to receive a message if the item (in the specified project/category) was changed in matrix
- item_created: item was created
- item_deleted: item was deleted
- sign_created: a SIGN item was created from a DOC
- sign_signed_partial: someone signed an item
- sign_signed_full: the last person signed an item
- publish: the QMS was published
- TEMPLATE, is optional and defines what information is send to slack and how it is formatted. In these messages you can put in macros which will be replaced by the actual values. The following macros exist
- $link$: is replaced with a hyperlink to the project including and title e.g. MYPROJECT/REQ-12 requirement title
- $author$: is replaced with the last author
- $date$: the last modification date (in server timezone/setting)
- $creator$: is replaced with the person who created the item
- $comment$: with the last comment
- $changes$: a list of changed fields, needs the repeat flag (see below)
- $signatures$": a list of all signatures of a SIGN, needs the repeat flag (see below)
The template can be a simple text, like {text:"$link$ $title$ by $author$"} or a it can be a slack message with attachments. Note: When part of an attachment it needs a repeat clause to be filled.
See also syntax documented by slack for information on how to format these messages.
HOOK_ITEM_EDITED: {text:"Item edited: $link$ $title$", attachments:[ {text:"Changes by $author$","repeat":"author"},{text:"$changes$","repeat":"changes"}]} HOOK_ITEM_DELETED: {text:"Item deleted: $link$"} HOOK_SIGN_CREATED: {text:"Sign item created: $link$ $title$", attachments:[ {text:"Created by $creator$",repeat:\"creator\"},{text:"$signatures$",repeat:"signatures"}]} HOOK_SIGN_SIGNED_PARTIAL: {text:"Partial signature: $link$ $title$", attachments:[ {text:"Created by $creator$",repeat:\"creator\"},{text:"$signatures$",repeat:"signatures"}]} HOOK_SIGN_SIGNED_FULL: {text:"Completed signature: $link$ $title$", attachments:[ {text:"Created by $creator$",repeat:\"creator\"},{text:"$signatures$",repeat:"signatures"}]}