Slack Integration

General discussion of anything Unimus
Post Reply
unimusisgreat
Posts: 2
Joined: Wed Sep 18, 2024 5:52 pm

Wed Sep 18, 2024 5:58 pm

Hi,

Is it correct that slack notification integration doesn't support private channels? We created the app as per the blog post provided but it only works in public channels even if we add the bot user / app to the private channel. We've even tried starting from scratch but the results are always the same.

If you tail the log you see:

Token='57 character(s)', channelID='#private-channel-name'}'
2024-09-18 19:39:34.378 WARN 12 --- [SimpleAsyncTaskExecutor-75] n.u.b.n.s.slack.SlackNotificationSender : Failed to upload file via Slack, reason: channel not found

We've just migrated from RANCID and can safely say unimus Really is Awesome.

Thank you very much!
User avatar
Tomas
Posts: 1267
Joined: Sat Jun 25, 2016 12:33 pm

Thu Sep 19, 2024 6:28 pm

unimusisgreat wrote:
Wed Sep 18, 2024 5:58 pm
Hi,

Is it correct that slack notification integration doesn't support private channels? We created the app as per the blog post provided but it only works in public channels even if we add the bot user / app to the private channel. We've even tried starting from scratch but the results are always the same.

If you tail the log you see:

Token='57 character(s)', channelID='#private-channel-name'}'
2024-09-18 19:39:34.378 WARN 12 --- [SimpleAsyncTaskExecutor-75] n.u.b.n.s.slack.SlackNotificationSender : Failed to upload file via Slack, reason: channel not found

We've just migrated from RANCID and can safely say unimus Really is Awesome.

Thank you very much!
Hi,

Private channels should be supported. If the bot is a member of the private channel, it should be able to post to it. Most likely the issue is in Slack bot's OAuth Permissions. Does your bot have the "channels:read", "chat:write", "mpim:read", "mpim:write" and "groups:read" permissions?

If those are already assigned to the bot, you could take a look at other permissions in the "channels", "groups" and "mpim" scopes. Sadly the Slack OAuth scopes are not well documented, so you might have to experiment a little to find all the needed scopes.

Hope this helps.
unimusisgreat
Posts: 2
Joined: Wed Sep 18, 2024 5:52 pm

Thu Sep 19, 2024 10:38 pm

Thanks so much for the response.

I've done some more testing and frankly the results have been confusing.

Test 1:
Create a public channel e.g. unimus-alerts everything is fine , test notification works and normal notifications come through.

Test 2:
Change that channel to private, test notifications stop working but real notifications still come through which is great.

Test 3:
Let's imagine we want to use an existing private channel where we already receive other security / change alerts.

Change the configuration to point to a different private channel (app / bot is already added as an integration) , test notifications do not work (no change) but furthermore real notifications do not work either.

Finally ...

Test 4:

Change the configuration back to the original channel that was previously working even when private. Alerts no longer work at all which is not the result I expected.

I'm curious in test 3 and 4 if Unimus is even trying to send the alert, it seems almost like there is some channel validation process that needs to occur in order for Unimus to even attempt to send the message. I used the manifest file from the article provided.

Anyway I'm not sure if the feedback is useful , just my experience.

Thanks,

Jos
User avatar
Tomas
Posts: 1267
Joined: Sat Jun 25, 2016 12:33 pm

Fri Sep 20, 2024 4:08 pm

unimusisgreat wrote:
Thu Sep 19, 2024 10:38 pm
Thanks so much for the response.

I've done some more testing and frankly the results have been confusing.
...

I'm curious in test 3 and 4 if Unimus is even trying to send the alert, it seems almost like there is some channel validation process that needs to occur in order for Unimus to even attempt to send the message. I used the manifest file from the article provided.
The manifest in the blog article is a bit conservative - for example, it doesn't include "groups:write", as the Slack docs specify it grants privilege to manage private channels. We didn't want to add that as the default privilege. It's quite possible that OAuth Scope is required to actually post to private channels. Like I mentioned, Slacks docs are quite poor in documenting what each scope does exactly.

Could you please test adding OAuth Scopes to the bot like I mentioned in my previous post, and see if that helps?
Post Reply