terraform-provider-pagerduty
terraform-provider-pagerduty copied to clipboard
PagerDuty
New generation Slack connection improvements
Hello,
Today, I tried the new pagerduty_slack_connection resource.
Thanks for implementing it, it looks very promising.
Here are however few points I noted:
- PAGERDUTY_USER_TOKEN: while I understand you need to figure out which user is asking for a new connection, it makes any centralized terraform apply hard to perform. Our terraform jobs run from Jenkins, and I'm not sure we want to expose a user APi key here. More, this API key will be removed when the corresponding user account is deleted from PagerDuty making terraform job to fail.
- PAGERDUTY_USER_TOKEN (bis): today, the only way to get it used is to expose it through an env variable. I'd like to be able to use a Terraform variable (We currently use Google KMS secrets for our pagerduty Token configuration)
- workspace_id I didn't find any way to get Slack workspace ID from PagerDuty web UI. I know I can guess it from Slack but it's not very convenient to have to open both apps to figure it out.
-
pagerduty_slack_connection.id: when importing an existing connection, one needs to know the connection id. Unfortunately, theCopy the webhook IDbutton is disabled in PagerDuty web UI (I'm account owner, so I assume I've this privilege by default :smirk:) -
pagerduty_slack_connection.config.events: this list should be sorted by provider. It looks like the API does sort it. If you change the order, this will plan a resource update. Besides, it seems that the provider allows more values than the web UI. Don't know whether it's intentionally designed:
~ resource "pagerduty_slack_connection" "my_service" {
id = "XxXxXx" <-- REDACTED
# (7 unchanged attributes hidden)
~ config {
~ events = [
# (3 unchanged elements hidden)
"incident.escalated",
+ "incident.priority_updated",
"incident.reassigned",
+ "incident.reopened",
"incident.resolved",
+ "incident.responder.added",
+ "incident.responder.replied",
+ "incident.status_update_published",
"incident.triggered",
# (1 unchanged element hidden)
]
# (1 unchanged attribute hidden)
}
}
Finally, I feel it'll be hard to manage Slack connections in a fully automated way.
There're some cases where it's likely to fail (user account deleted) and/or PAGERDUTY_USER_TOKEN not properly exposed
I would suggest renaming workspace_id to slack_team_id. The underlying PagerDuty API that this resources uses calls it slack_team_id. I had a lot of trouble finding how to get to the Slack workspace ID until I realized it was the Slack team ID.
Is there any workaround to find the
pagerduty_slack_connection.id?
Use the API with a token from your user to list all slack connections.
curl --request GET \
--url https://app.pagerduty.com/integration-slack/workspaces/YOURSLACKTEAMIDHERE/connections\?limit\=100 \
--header 'Authorization: Token token=YOURTOKENHERE' \
--header 'Content-Type: application/json'```
Upvote for adding somewhere on UI showing slack workspace id/slack connection id.
We recently migrated Slack from team to enterprise version. This makes things extremely hard. In most of posts on internet, they tell you reading the team/workspace id from URL of app.slack.com. But since we created the slack integration on pagerduty earlier, they are mismatched now. the Pagerduty still using earlier id starts with T when API call or Terraform, but the URL on app.slack.com now turns to new one starts with E.
Finally I must guess the Txxx id from the json call URL used by PagerDuty in browser dev tool.
