Kevlar is a Slack bot that prevents a user from being added to a channel on an opt-in basis.
When the Kevlar bot is added to a channel, it listens to two events: messages and users joining a channel.
When a message event happens, it checks the message for if any users were mentioned via @<user>, and query's each user's Kevlar custom field. If any user has their field set to true, Kevlar deletes the message and notifies the channel with a message that it did so with the specific user(s) that had Kevlar enabled.
When a user joins the channel, whether through being mentioned or being added, Kevlar query's that user's Kevlar custom field. If it is set to true, Kevlar leaves the was added to #<channel> by <user>. message alone, removes the user from the channel, and notifies the channel with a message that it did so.
For local development (Linux):
- Python version >=
python 3.11.6. - A Python virtual environment.
- The contents of requirements.txt installed.
For containerized development:
- Docker or Podman.
Slack
- A Slack workspace.
- A Custom Field on a profile with the label "Kevlar" in the About Me section .
- Follow Slack's Administrator Docs for how to get to the admin page.
- At the configure profile page, scroll to the bottom for the "About me" section. Click
+Add data element.- Label:
Kevlar - Placeholder text:
(optional) - Shows up in search:
off - Data Source:
Selectable options- Selectable Options:
false, true
- Selectable Options:
- Click
Save Changes.
- Label:
- Click
Publish Changes.
- A Custom Field on a profile with the label "Kevlar" in the About Me section .
- A Slack Bot.
- Following Slack's Getting started with Bolt for Python guide is advisable.
Socket Modeenabled.- This can be done at
https://app.slack.com/app-settings/<your-workspace-id>/<your-app-id>/socket-mode.
- This can be done at
Eventsenabled.- Two Slack event Subscriptions (this adds their required scopes automatically).
- This page is found at
https://api.slack.com/apps/<your-app-id>/event-subscriptions?. - Click
Subscribe to bot eventsand add the following:member_joined_channelmessage.channelsmessage.groupsmessage.immessage.mpim
- This page is found at
- Two Slack event Subscriptions (this adds their required scopes automatically).
- App, User and Bot token Scopes.
- A Slack app token (starts with
xapp-) with the following OAuth Scopes:channels:historychannels:readchannels:writechat:writegroups:readgroups:writeim:writempim:readmpim:writeusers.profile:read
- A User token (starts with
xoxp-, typically longer than nonuser) with the following OAuth Scopes:channels:historychannels:managechannels:readchat:writegroups_historygroups:readgroups_writeim:historyim:writempim:historympim:readmpim:writeusers.profile:readusers:read
- A Bot token (starts with
xoxb-, typically longer than nonuser) with the following OAuth Scopes:chat:write.customize
- If any of these are missing, Kevlar will complain in
stdoutand tell you which scope was required for the failed API call. - If any of these are redundant (not the minimum required) please let me know by creating an Issue!
- A Slack app token (starts with
- A user service account with administrator privileges. This will be the account the bot acts as, and should have permission to delete other users' messages.
From the project's root:
- Create a Python virtual environment
python3 -m venv .venv- Activate your virtual environment
source ./.venv/bin/activate- Install dependencies
pip install -r requirements.txt- Create a Slack app with the requirements mentioned above under Slack.
- Set the following environment variables to the tokens you created in your Slack Application:
export SLACK_APP_TOKEN=<your-app-token>
export SLACK_USER_TOKEN=<your-user-token>
export SLACK_BOT_TOKEN=<your-bot-token>These can be found under OAuth&Permissions -> OAuth Tokens for Your Workspace in the Slack Admin portal.
- Run with
python3 app.pyYou should see ⚡️ Bolt app is running! if setup was successful.
- Add your bot to the Slack channels/conversations that you would like it to be active in.
- Set a User's
About me -> Kevlarfield to different values for testing.- Note: This field is only visible in web and desktop profile settings as of writing. This is accessed by clicking your profile at the bottom-left of the page.
These commands assume you have Docker or Podman installed. Anywhere podman is mentioned, docker can be substituted.
- Build the container
podman build -t kevlar .- Set the following environment variables to the tokens you created in your Slack Application:
export SLACK_APP_TOKEN=<your-app-token>
export SLACK_USER_TOKEN=<your-user-token>
export SLACK_BOT_TOKEN=<your-bot-token>These can be found under OAuth&Permissions -> OAuth Tokens for Your Workspace in the Slack Admin portal.
- Run the container with environment variables specified:
podman run -e SLACK_APP_TOKEN=$SLACK_APP_TOKEN -e SLACK_USER_TOKEN=$SLACK_USER_TOKEN -e SLACK_BOT_TOKEN=$SLACK_BOT_TOKEN kevlar:latestSteps for the Web UI:
In the Developer view:
- Create a new Project with a title of your choice.
- Create an app within the project
- Click
+Add - Select
Import from Git - Provide a link to this Git repository, or your fork.
- It should detect the Dockerfile, leave this as-is.
- Resource type:
Deployment - Target port:
3000.- Check
Create a route
- Check
- Click
Create
- Click
- Create a ConfigMap
- Name it something like "slack-env"
- Add three key/value pairs
- Key:
SLACK_APP_TOKEN- Value:
<your-app-token>
- Value:
- Key:
SLACK_USER_TOKEN- Value:
<your-user-token>
- Value:
- Key:
SLACK_BOT_TOKEN- Value:
<your-bot-token>
- Value:
- Key:
- Click
Save
- Add the ConfigMap to your Deployment
- Navigate to
Project -> Deployment -> Environment - In
All values from existing ConfigMap or Secrets (envFrom), specify the name of the ConfigMap you created in the dropdown. - Click
Save
- Navigate to
- Redeploy your application
Your bot should now be running!
Steps are similar to the OKD deployment, except manually done via yaml and ignoring OKD features.