-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Google Cloud Support Slackbot #673
Changes from all commits
a10679b
a6fb4f6
291f472
067b809
92d4469
1e53cf0
64ca1e8
8498207
049ab32
243d80e
606c8cb
f45a5ea
12afb90
8bec817
9d31016
3f9a7b0
cb0aebe
98647e3
a214e13
c623aec
18e0328
7a75deb
f6dd2b7
817e6a4
615f0d0
e1f3019
d0c4389
aef1720
cbb087f
47375e2
97e6fe9
338a311
8dd2a2b
4019215
fa91a62
bc386cc
a7f66dd
993884c
43732e0
f15b418
ad4b5e3
ba4ac10
180f304
1526a4a
3ef173e
f531f72
7eec127
847baf2
91f25cc
c479e71
7394b59
cf0d99f
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
# Copyright 2021 Google LLC | ||
# | ||
# Licensed under the Apache License, Version 2.0 (the "License"); | ||
# you may not use this file except in compliance with the License. | ||
# You may obtain a copy of the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, software | ||
# distributed under the License is distributed on an "AS IS" BASIS, | ||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
# See the License for the specific language governing permissions and | ||
# limitations under the License. | ||
|
||
|
||
SLACK_TOKEN=<SLACK_TOKEN> | ||
SIGNING_SECRET=<SLACK_SIGNING_SECRET> | ||
ORG_ID=<ORG_ID> | ||
API_KEY=<API_KEY> |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,163 @@ | ||
# ![Google Cloud Support Slackbot](google_cloud_support_slackbot_icon.svg) | ||
# Slack Integration for Google Cloud Support | ||
|
||
Slack app for pulling Google Cloud Support case information via the Cloud Support API and pushing it to Slack. The goal is to help reduce the overall time to resolution for cases of all priorities by putting case updates in Slack where they will be more easily noticed by their devs and engineers. | ||
|
||
The app currently supports the following commands: | ||
|
||
* /google-cloud-support track-case [case_number] -- case updates will be posted to this channel | ||
* /google-cloud-support add-comment [case_number] [comment] -- adds a comment to the case | ||
* /google-cloud-support change-priority [case_number] [priority, e.g. P2] -- changes the priority of the case | ||
* /google-cloud-support stop-tracking [case_number] -- case updates will no longer be posted to this channel | ||
* /google-cloud-support list-tracked-cases -- lists all cases being tracked in this channel | ||
* /google-cloud-support list-tracked-cases-all -- lists all cases being tracked in the workspace | ||
* /google-cloud-support case-details [case_number] -- pull all of the case data as json | ||
* /google-cloud-support sitrep -- report of all active cases in the org | ||
|
||
# Setup Guide | ||
|
||
**Before proceeding, you will need Premium Support to use the Cloud Support API and by association the slackbot** | ||
Setting up your first Slack app can be a daunting task, which is why we are providing a step-by-step guide. | ||
|
||
## Setup Part 1 - Allow list the Support API | ||
|
||
To get access to the API, you will need to send your Techincal Account Manager the following: | ||
|
||
1. The **org id** where you have Premium Support enabled | ||
2. A **project id** where the API will be allow listed | ||
3. The name of a **service account** in the project from step 2, with the service account having the following roles at the org level: | ||
1. **Tech Support Editor** | ||
1. **Org Viewer** | ||
4. The **email addresses** of the people that will be enabling the API in the project | ||
|
||
Your Techincal Account Manager will file a request with the Support API team to give you access. The team typically processes these requests within 24 hours | ||
|
||
## Setup Part 2 - Google Cloud Phase 1 | ||
|
||
In the first phase of our Google Cloud setup, we will verify that our network is setup properly, create a lightweight VM to house our bot, and enable our Cloud Support API and create ourselves an API key. Go to [Google Cloud](https://cloud.google.com/console). **These steps need to be carried out in the project you specified in Part 1 of this setup guide.** | ||
|
||
### Networking | ||
|
||
From **VPC network > Firewall rules**, verify rules exist to **allow SSH and HTTP**. | ||
|
||
1. **If your project doesn't have a VPC, you will need to create one from VPC networks**. Select **Automatic** for your Subnet creation mode, and **allow-ssh** from **Firewall rules** | ||
2. If it doesn't exist, create the following firewall rule: | ||
1. Name: `default-allow-http` | ||
1. Priority: `1000` | ||
1. Direction: `Ingress` | ||
1. Action on match: `Allow` | ||
1. Targets: `Specified target tags` | ||
1. Target tags: `http-server` | ||
1. Source filter: `IP ranges` | ||
1. Source IP ranges: `0.0.0.0/0` | ||
1. Protocols and Ports: `Specified protocols and ports` | ||
1. tcp: `80` | ||
3. If an SSH firewall rule doesn't exist, create the following firewall rule: | ||
1. Name: `default-allow-ssh` | ||
1. Priority: `65534` | ||
1. Direction: `Ingress` | ||
1. Action on match: `Allow` | ||
1. Targets: `All instances in the network` | ||
1. Source filter: `IP ranges` | ||
1. Source IP ranges: `0.0.0.0/0` | ||
1. Protocols and Ports: `Specified protocols and ports` | ||
1. tcp: `22` | ||
|
||
*Note that if you had to create the SSH firewall rule in Step 3, you will want to disable it after you complete the entire setup* | ||
|
||
### VM | ||
|
||
Go to **Compute Engine > VM instances** and perform the following: | ||
|
||
1. Click **+ Create Instance** | ||
1. Under **Machine Configuration**, set the **Machine type** field to **e2-micro**. This should suffice for most implementations. If your team makes heavy use of the Cloud Support and the bot, you may need to upgrade the machine type | ||
1. Under **Identity and API access > Service Account**, select your **service account** that was allow listed for the Cloud Support API | ||
1. Under **Firewall**, select **Allow HTTP traffic**. If this option isn't available and you create the firewall rule in the Networking steps, then you will want to contact your Networking team about policies that may be preventing HTTP traffic | ||
1. Click to expand **Management, security, disks, networking, sole tenancy** | ||
1. Select the **Networking** tab | ||
1. Under **Network interfaces**, click the network interface box | ||
1. Set **Network** to the VPC where you have your firewall rules | ||
1. Under **External IP**, select **Create IP address**. Choose whichever name and network service tier you prefer | ||
1. Click **Create** | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. All setup above can be performed in Terraform or Google Cloud Resource Manager. Is there any guidelines for that repository when Terraform should be used and when plain text tutorial? See example https://github.com/GoogleCloudPlatform/professional-services/tree/main/examples/kerberized_data_lake . There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I think the answer is it depends on each team's maturity with Google Cloud. For an organization that is new to cloud, following the step-by-step guide will likely make the most sense. For more experienced teams though, they will likely have terraform already handy that they can use to build up vanilla projects with most of this implemented |
||
|
||
### API Enablement and the API Key | ||
|
||
From **APIs & Services > Library** ... | ||
|
||
1. Search for and enable the **Cloud Logging API** | ||
2. Search for and enable the **Cloud Support API** | ||
|
||
From **APIs & Services > Credentials** | ||
|
||
1. Click **+Create** and select **API key** | ||
2. Copy your key and choose to **Restrict Key** | ||
1. Under **Application restrictions**, you may select **IP addresses** to restrict usage the VM you created | ||
1. Under **API restrictions**, select **Restrict Key** and from the **Select APIs** dropdown, click **Google Cloud Support API** | ||
|
||
## Setup Part 3 - Slack App | ||
|
||
Go to [Slack Apps](http://api.slack.com/apps) to do the following: | ||
|
||
1. Click **Create New App** and select **From scratch**. Name your app `Google Cloud Support Bot` and select your workspace | ||
2. Under **Settings > Basic Information**, scroll down to **Display Information** and upload the [google_cloud_support_buddy_big.png](google_cloud_support_buddy_big.png) or an icon of your choosing | ||
3. Go to **Features > Slash Commands** and create the following command: | ||
1. Command: `/google-cloud-support ` | ||
1. Request URL: `http://<your_vm_external_ip>/google-cloud-support` | ||
1. Short description: `Track and manage your Google Cloud support cases in Slack. Use /google-cloud-support help for the list of commands` | ||
1. Usage Hint: `[command] [parameter 1] [parameter 2] [parameter 3]` | ||
4. Go to **Features > OAuth & Permissions**. Scroll down to **Scopes** and add the **chat:write** scope. Add the **commands** scope if it isn't listed already listed | ||
5. At the top of the **Features > OAuth & Permissions** page, under **OAuth Tokens for Your Workspace**, click **Install to Workspace**. Copy the token. You may need Slack admin approval to install the app | ||
6. Go to **Settings > Basic Information** and under **App Credentials** copy the `Signing Secret` | ||
|
||
## Setup Part 4 - Google Cloud Phase 2 | ||
|
||
Return to [Google Cloud](https://cloud.google.com/console) and from **Compute Engine > VM instances**, perform the following: | ||
|
||
1. SSH into the VM that you created in part 2 of this setup guide | ||
2. Run the following commands: | ||
1. `sudo apt-get update` | ||
1. `sudo apt-get -y install subversion` | ||
1. `sudo apt-get -y install python3-pip` | ||
1. `sudo apt-get -y install nginx` | ||
1. `cd /` | ||
1. `sudo svn export https://github.com/GoogleCloudPlatform/professional-services/trunk/tools/google-cloud-support-slackbot` | ||
1. `cd /google-cloud-support-slackbot` | ||
1. Use sudo to open the `default` file with your editor of choice, and replace <STATIC_IP> with the external ip address of your VM. Then save and close the file | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Was this item supposed to be further on in the command list? It does not contain a command line command to be executed like the previous points. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This is intentional, the commands for this aren't listed out as I assume most of the people who will be setting this up will have a basic knowledge of vim or nano. |
||
1. `sudo mv default /etc/nginx/sites-available/` | ||
1. Use sudo to open the `.env` file with your editor of choice. Enter your API Key, Slack Token, and numeric org id in their respective locations. Then save and close the file | ||
1. `sudo chmod +x google_cloud_support_slackbot.py` | ||
3. Close the SSH session | ||
4. From Compute Engine > VM instances, click your VM name to go to your VM instance details | ||
5. Stop the VM | ||
6. Once the VM is stopped, click the 'EDIT' button | ||
7. Scroll down to the Custom metadata section and add the following key-value pair: | ||
1. key: `startup-script` | ||
1. value: | ||
`cd /google-cloud-support-slackbot` | ||
`pip3 install -r requirements.txt` | ||
`/google-cloud-support-slackbot/google_cloud_support_slackbot.py` | ||
8. Scroll to the bottom of the page and click 'Save' | ||
9. Start your VM | ||
|
||
## Testing | ||
|
||
To verify that everything was setup correctly, do the following: | ||
1. Go to your Slack workspace | ||
2. Under **Channels** right-click the channel where you want to add the bot and select **Open channel details** | ||
3. Select the **Integrations** tab | ||
4. In the **Apps** section, click **Add apps** and then add the bot | ||
5. Open the channel where you added the bot and run the `/google-cloud-support help` command. If it returns a list of available help commands then everything was setup correctly. If it returns an error that the dispatch failed, then you will need to debug. The most likely culprits are an issue with an org security policy, or a missed step somewhere | ||
|
||
## Closing | ||
|
||
With that you should be all setup! And as a reminder, if you had to create the SSH firewall rule, it is recommended that you go back and disable it. If you ever need to SSH into the machine you can always enable the rule again as needed. | ||
TheLanceLord marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
||
As the Cloud Support API continues to expand and we collect more feedback for requested features, we will release newer versions of the bot and move the previous version into the archive folder. To replace your current bot with the latest version you will only need to do the following: | ||
|
||
1. SSH into your VM instance | ||
2. Run the following commands: | ||
1. `cd /google-cloud-support-slackbot` | ||
1. `sudo svn export --force https://github.com/GoogleCloudPlatform/professional-services/trunk/tools/google-cloud-support-slackbot/google_cloud_support_slackbot.py` | ||
1. `sudo chmod +x google_cloud_support_slackbot.py` | ||
3. Close your SSH session | ||
4. Stop and Start your VM |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
# Changelog | ||
TheLanceLord marked this conversation as resolved.
Show resolved
Hide resolved
|
||
## v0 | ||
/google-cloud-support track-case [case_number] -- case updates are posted to the channel where this command is run | ||
/google-cloud-support add-comment [case_number] [comment] -- adds a comment to the case | ||
/google-cloud-support change-priority [case_number] [priority, e.g. P2] -- changes the priority of the case | ||
/google-cloud-support stop-tracking [case_number] -- case updates will no longer be posted to the channel where this command is run | ||
/google-cloud-support list-tracked-cases -- lists all cases being tracked in the current channel | ||
/google-cloud-support list-tracked-cases-all -- lists all cases being tracked in the workspace | ||
/google-cloud-support case-details [case_number] -- pull all of the case data as json | ||
/google-cloud-support sitrep -- report of all active cases in the org. |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
# Copyright 2021 Google LLC | ||
|
||
# Licensed under the Apache License, Version 2.0 (the "License"); | ||
# you may not use this file except in compliance with the License. | ||
# You may obtain a copy of the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, software | ||
# distributed under the License is distributed on an "AS IS" BASIS, | ||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
# See the License for the specific language governing permissions and | ||
# limitations under the License. | ||
|
||
server { | ||
listen 80; | ||
listen [::]:80; | ||
|
||
server_name <STATIC_IP>; | ||
|
||
location /google-cloud-support { | ||
proxy_pass http://localhost:5000/google-cloud-support; | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we use Google Cloud Run instead? I believe that dedicated virtual machine is pretty high maintance burden for so trival service. It might impact security, because that service require eg. security updates.
In case of Google Cloud Run maintenance of upgrades of operating system is out of the box. In addiction SSL is managed too.
I see that you have shared state on file system, but I believe you can easy save the same data to Google Cloud Storage.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Alternative I can see that Google Cloud have tutorial how to write Slack bot on top of Google Cloud Function: https://cloud.google.com/functions/docs/tutorials/slack#functions_slack_search_tutorial-python
For shared storage you might use Google Cloud Storage or Google Firestore for reduce maintenance burden of storage.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When I modularize the code for the GA release of the Support API, I will also rewrite it so it can be used with containers by using Firestore or GCS for storage, which would also make it work with Cloud Functions as well. One of the first requests I got was to make this work with GKE, so a build that will let people deploy the app wherever they feel most comfortable housing it will be the best option here. I will also add this on the trello for this, and will share a link here once the board is ready
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you make sure GKE users would not be satisfied with their needs better by Cloud Functions eg. ask them? I have the impression that the question about the GKE stems from both of the maintenance of the GCE instance. I have impression that GCF might allow you to run it for a few cents per month, which GKE does not, so it is also an economical and environmentally friendly solution thanks to the optimal use of resources.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I can check with them, I agree that from a cost perspective that Cloud Functions is the way to go, the only issue that some people might have with it is code updates, because Cloud Functions doesn't let you edit your code. You would have to delete the function and then recreate it. I can put together a script to make it less painful though
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can always deploy a new version of a Cloud Function (https://cloud.google.com/functions/docs/deploying#migrating_between_deployments), which, in a way, is an update of an existing function.