Role Based Access Control for Slack-Bolt Applications

Overview

Role Based Access Control for Slack-Bolt Apps

Role Based Access Control (RBAC) is a term applied to limiting the authorization for a specific operation based on the association of a User to a "role". For example:

As an application developer, I want to ensure that only specific Users in a
given User-Group are allowed to execute the "bounce port" command.

The Slack Platform does not natively support the concept of "User Groups", but it does support the standard protcol: System for Cross-domain Identity Management (SCIM). A method for implemeting RBAC in Slack can be accomlished using the Slack SCIM API feature. For example:

As an IT administrator of Okta, I will create SCIM groups that will designate
the specific RBAC User-Groups I want to use in Slack.

This slack-scim-rbac repository provides a Slack-Bolt middleware class.

As a developer using the SCIM protocol, you must obtain a SCIM Token from your Slack administrator and export the environment variable SLACK_SCIM_TOKEN.

The following code snippet is take from the example. In this example the User that entered the "bounce port" message must be a member of the SCIM group "ChatOps-foo". If they are not, then an error message is reported to the User.

from slack_scim_rbac.middleware import AsyncSlackScimRBAC

@app.message(
    re.compile("bounce port", re.I),
    middleware=[AsyncSlackScimRBAC(groups={"ChatOps-foo"})],
)
async def app_bounce_port(request: BoltRequest, context: BoltContext, say: Say):
    await say(f"bouncing port for you <@{context.user_id}> ... standby")

Customizing the Error Response

As a developer you will want to customize the error response to the User. There are two ways to do this. The first way is to provide an error_response function to middleware addition. For example this code will trigger a Modal when the User triggers the /rbacker command that contains the text "bounce port" when they are not part of the "ChatOps-nofuzz" SCIM group.

async def is_bounce_port_command(command: dict):
    return "bounce port" in command["text"]


async def modal_no_you_cant(client: AsyncWebClient, body: dict, context: AsyncBoltContext):
    msg = f"Nope! Sorry <@{context.user_id}> but you cannot do that!"

    view = View(title="Permission Denied!", type="modal", close="Bummer")
    view.blocks = [SectionBlock(text=MarkdownTextObject(text=msg))]
    await client.views_open(trigger_id=body["trigger_id"], view=view)


@app.command(
    command="/rbacker",
    matchers=[is_bounce_port_command],
    middleware=[
        AsyncSlackScimRBAC(
            app_name=app.name,
            groups={"ChatOps-nofuzz"},
            error_response=modal_no_you_cant,
        )
    ],
)
async def slash_rbacker_bounce_port(ack: Ack, say: Say, context: Context):
    await ack()
    await say(
        f"Already then, <@{context.user_id}>, let's get to bouncing that port for ya!"
    )

The other approach is to sub-class the AsyncSlackScimRBAC class and overriding the error_response method.

Customizing the RBAC Validation Process

By default the validate process checks the Slack User groups (name) membership in any of the required group names. You can override this behavior (for example if you have a default "admin" group that you want to always allow but not require in each listener declaration) by sub-classing AsyncSlackScimRBAC and overriding the is_member method.

Limitations

This slack-scim-rbac repository implements middleware for asyncio mode only. A sync implementation should be straightforward, but has not been done since it is not what I needed. If you do, please open an issue (or a PR). Thanks!

Resources

Owner
Jeremy Schulman
Jeremy Schulman
API generated by OpenAPI for nhentai.net

nhentai-api No description provided (generated by Openapi Generator https://github.com/openapitools/openapi-generator) This Python package is automati

Shikanime Deva 1 Nov 01, 2021
gnosis safe tx builder

Ape Safe: Gnosis Safe tx builder Ape Safe allows you to iteratively build complex multi-step Gnosis Safe transactions and safely preview their side ef

228 Dec 22, 2022
Telegram Google Translater Bot Can Translate Any Language To Your Selected Language

🔰 TELEGRAM GOOGLE TRANSLATER 🔰 • ⚡ INSTALLING ⚡ • • ✅ OFFICIAL SUPPORTS ✅ •

⚝ANKIT KUMAR⚝ 2 Jan 16, 2022
arweave-nft-uploader is a Python tool to improve the experience of uploading NFTs to the Arweave storage for use with the Metaplex Candy Machine.

arweave-nft-uploader arweave-nft-uploader is a Python tool to improve the experience of uploading NFTs to the Arweave storage for use with the Metaple

0xEnrico 84 Dec 26, 2022
Simple library for logging to Loggly

#Hoover A python wrapper used to hit the Loggly. API For more information on Hoover see http://wiki.loggly.com/hooverguide ##Install With this git rep

Hoover Loggly 34 May 19, 2021
Trading Strategies (~50%) developed by GreenT on QuantConnect platform over the autumn quarter

Trading Strategies ~50% of codes from the Applied Financial Technology Course. Contributors: Claire W. Derrick T. Frank L. Utkarsh T. Course Leads: Dy

Utkarsh 2 Feb 07, 2022
Karen is a Discord Bot that will check for a list of forbidden words/expressions, removing the message that contains them and replying with another message.

Karen is a Discord Bot that will check for a list of forbidden words/expressions, removing the message that contains them and replying with another message. Everything is highly customizable.

Rafael Almeida 1 Nov 03, 2021
The simple way of using Imgur.

PyImgur The simple way of using Imgur. You can upload images, download images, read comments, update your albums, message people and more. In fact, yo

Andreas Damgaard Pedersen 120 Dec 06, 2022
DongTai API SDK For Python

DongTai-SDK-Python Quick start You need a config file config.json { "DongTai":{ "token":"your token", "url":"http://127.0.0.1:90"

huoxian 50 Nov 24, 2022
Announces when a web3 wallet receives a token

excitare_cito v2.0 by Bogdan Vaida ([email protected]) Announces wh

1 Nov 30, 2021
Automatically mass follows tons of NameMC profiles.

Automatically mass follows tons of NameMC profiles. (Creates REAL traffic to your profile)

Jam 3 Jun 29, 2022
Tesseract Open Source OCR Engine (main repository)

Tesseract OCR About This package contains an OCR engine - libtesseract and a command line program - tesseract. Tesseract 4 adds a new neural net (LSTM

48.3k Jan 05, 2023
An Open Source ALL-In-One Telegram RoBot, that can do lot of things.

URL Uploader Bot An Open Source ALL-In-One Telegram RoBot, that can do lot of things. My Features Installation The Easy Way You can also tap the Deplo

NT BOTS 1 Oct 23, 2021
Playing around with the slack api for learning purposes

SlackBotTest Playing around with the slack api for learning purposes and getting people to contribute Reason for this Project: Bots are very versatile

1 Nov 24, 2021
Python API to interact with Uwazi

Python Uwazi API Quick Start To use the API install the requirements pip3 install -r requirements.txt and use it like this: uwazi_adapter = UwaziAdap

HURIDOCS 2 Dec 16, 2021
Pogodasbot - Telegram bot sending channel weather info

Pogodasbot - Telegram bot sending channel weather info

Qayrat Sultan 1 Dec 15, 2022
Implementation of Chatterbot using Discord API

discord-chat-bot Implementation of Chatterbot using Discord API. Usage Due to the necessity of storing files to train the AI, the bot is not hosted pu

kiwijuice56 0 Sep 29, 2022
Código python para automatizar a junção de arquivos CSV's e salva-los em uma pasta final de destino.

merge_csv Código python para automatizar a junção de arquivos CSV's e salva-los em uma pasta final de destino. Esse projeto é usado pra unir alguns ar

Welder Fariles 1 Jan 12, 2022
Crypto Signal Provider - A web application that allows users to select a cryptocurrency

Crypto_Signal_Provider This is a web application that allows users to select a c

Raul 2 Dec 11, 2022
Telegram music & video bot direct play music

⚡ NOINOI MUSIC PLAYER 🎵 SUPERFAST MUSIC BOT WHO CAN DIRECT PLAY SONG ON TELEGRAM VOICE CHAT ALSO CAN PLAY VIDEO ON VOICE CHATS ✨ Heroku Deploy YOU CA

noinoi-X 1 Dec 28, 2021