google-cloud-platformterraformslackstackdriver

Obtain Slack auth_token for Terraform google_monitoring_notification_channel resource


I'm looking to set up some alerts from gcloud -> slack, and so far have a test up and running having followed these instructions:

https://cloud.google.com/monitoring/support/notification-options?_ga=2.190773474.-879257953.1550134526#slack

However, ideally I'd store the config for these notifications in a terraform script so that I don't have manual steps to follow if things need setting up again. It looks like this should be possible: https://www.terraform.io/docs/providers/google/r/monitoring_notification_channel.html

I've run gcloud alpha monitoring channel-descriptors describe projects/<My Project>/notificationChannelDescriptors/slack, which produces the following output for the labels+type:

labels:
- description: A permanent authentication token provided by Slack. This field is obfuscated
    by returning only a few characters of the key when fetched.
  key: auth_token
- description: The Slack channel to which to post notifications.
  key: channel_name
type: slack

So, I think my terraform config for the notification channel wants to be:

resource "google_monitoring_notification_channel" "basic" {
  display_name = "My slack notifications"
  type = "slack"
  labels = {
    auth_token = "????????"
    channel_name = "#notification-channel"
  }
}

However, I can't figure out how to obtain the auth token for this script? I can't seem to extract the one I've already set up from Slack or gcloud, and can't find any instructions for creating one from scratch...

N.B. This is not a Terraform-specific issue, because the script is just hooking into the google REST API. So, anyone using the API directly would also have to obtain this auth_token from somewhere. There must be an intended way to obtain it or why is it in the API at all...?


Solution

    1. Visit https://app.google.stackdriver.com/settings/accounts/notifications/slack?project=YOUR_PROJECT_NAME
    2. Select "Add Slack Channel"
    3. Select "Authorize Stackdriver"
    4. Select "Install"
    5. You will be redirected back to a URL of the form: https://app.google.stackdriver.com/settings/accounts/notifications/slack/add?project=YOUR_PROJECT_NAME&auth_token=AUTH_TOKEN_HERE
    6. Save the notification channel (this seems to be necessary to finish the oauth flow)
    7. Copy/paste the auth token from the &auth_token= parameter in the query string

    You will end up with an extra notification channel, i.e. the one you created in the console, but after that you will be able to reuse the auth token in terraform-managed notification channels.