Set up the Openflow Connector for Slack

Note

The connector is subject to the Connector Terms.

This topic describes the steps to set up the Openflow Connector for Slack.

Prerequisites

  1. Ensure that you have reviewed Openflow Connector for Slack.

  2. Ensure that you have set up Openflow.

Set up a Slack App

Set up a Slack App in your Slack workspace. A Slack Admin is needed to set up access to the Slack Workspace. This is done by creating or supplying credentials to a Slack App and installing the App to the Slack workspace and channels. You can create a Slack App by using the JSON configuration:

  1. Update the JSON manifest. Copy the JSON manifest text below. Change the name and display name properties from EXAMPLE_NAME_CHANGE_THIS to the desired name of your Slack App. It is recommended to use the same name and display name for your App.

    {
    "display_information": {
        "name": "EXAMPLE_NAME_CHANGE_THIS"
    },
    "features": {
        "bot_user": {
            "display_name": "EXAMPLE_NAME_CHANGE_THIS",
            "always_online": false
        }
    },
    "oauth_config": {
        "scopes": {
            "bot": [
                "channels:history",
                "channels:read",
                "groups:history",
                "groups:read",
                "im:history",
                "im:read",
                "mpim:history",
                "mpim:read",
                "users.profile:read",
                "users:read",
                "users:read.email"
            ]
        }
    },
    "settings": {
        "event_subscriptions": {
            "bot_events": [
                "message.channels",
                "message.groups",
                "message.im",
                "message.mpim"
            ]
        },
        "interactivity": {
            "is_enabled": true
        },
        "org_deploy_enabled": false,
        "socket_mode_enabled": true,
        "token_rotation_enabled": false
    }
}
    Copy

  2. Create a Slack app through the Apps page.

    1. On the Your Apps page, select Create New App.

    2. Select From a manifest.

    3. Select the Workspace where you’ll be developing your app. You’ll be able to [distribute your app](https://api.slack.com/distribution) to other workspaces later if you choose.

    4. Copy the updated manifest JSON from step 1.

  3. Generate an app-level token. You need to create an app-level token even after using the JSON manifest. Under Basic Information, scroll to the App-level tokens section and click the button to generate an [app-level token](https://api.slack.com/concepts/token-types#app). Include the connections:write scope to the token.

  4. Install and authorize the app.

    1. Return to the Basic Information section of the app management page.

    2. Install your app by selecting the Install to Workspace button.

    3. You’ll now be sent through the Slack OAuth flow. Select Allow on the following screen.

    If you want to add your app to a different workspace besides your own, these steps would need to be performed by a user from that workspace. After installation, navigate back to the OAuth & Permissions page. You’ll see an access token under OAuth Tokens. Access tokens represent the permissions delegated to your app by the installing user. Keep it safe and secure. Avoid checking them into public version control. Instead, access them through an environment variable.

  5. Adding the App to channels. Your app isn’t a member of any channels yet, so pick a channel to add some test messages in and /invite your app. For example, /invite @Grocery Reminders.

Note

Restart the processors to load the new channels. After the App is added to a new channel, the ConsumeSlackConversation processor in the OpenFlow Runtime needs to be stopped and restarted.

Setup necessary ingress rules

A Snowflake Admin should follow the egress guide to apply egress rules to the endpoint https://slack.com/api and enable WebSocket egress on wss://wss.slack.com. This is easiest done by adding a rule to enable egress on the “slack.com” domain.

Set up Snowflake account

As a Snowflake account administrator, perform the following tasks:

  1. Create a new role or use an existing role and grant the Database privileges.

  2. Create a new Snowflake service user with the type as SERVICE.

  3. Grant the Snowflake service user the role you created in the previous steps.

  4. Configure with key-pair auth for the Snowflake SERVICE user from step 2.

  5. Snowflake strongly recommends this step. Configure a secrets manager supported by Openflow, for example, AWS, Azure, and Hashicorp, and store the public and private keys in the secret store.

    Note

    If for any reason, you do not wish to use a secrets manager, then you are responsible for safeguarding the public key and private key files used for key-pair authentication according to the security policies of your organization.

    1. Once the secrets manager is configured, determine how you will authenticate to it. On AWS, it’s recommended that you the EC2 instance role associated with Openflow as this way no other secrets have to be persisted.

    2. In Openflow, configure a Parameter Provider associated with this Secrets Manager, from the hamburger menu in the upper right. Navigate to Controller Settings » Parameter Provider and then fetch your parameter values.

    3. At this point all credentials can be referenced with the associated parameter paths and no sensitive values need to be persisted within Openflow.

  6. If any other Snowflake users require access to the raw ingested documents and tables ingested by the connector (for example, for custom processing in Snowflake), then grant those users the role created in step 1.

  7. Designate a warehouse for the connector to use. Start with the smallest warehouse size, then experiment with size depending on the number of tables being replicated, and the amount of data transferred. Large table numbers typically scale better with multi-cluster warehouses, rather than larger warehouse sizes.

Configure the connector

As a data engineer, perform the following tasks to configure a connector:

  1. Create a database and schema in Snowflake for the connector to store ingested data.

  2. Download the connector definition file.

  3. Import the connector definition into Openflow:

    1. Open the Snowflake Openflow canvas.

    2. Add a process group. To do this, drag and drop the Process Group icon from the tool palette at the top of the page onto the canvas. Once you release your pointer, a Create Process Group dialog appears.

    3. On the Create Process Group dialog, select the connector definition file to import.

  4. Right-click on the imported process group and select Parameters.

  5. Populate the required parameter values as described in Flow parameters.

  6. Right-click on the plane and select Enable all Controller Services.

  7. Right-click on the imported process group and select Start. The connector starts the data ingestion.

  8. Query the Cortex Search service.

Flow parameters

Parameter Name

Description

Example or Default Value

App Token

App token of the Slack App created by the Slack Admin

xapp -1-12345678910-123456 7890123-abcdefghijklm

Bot Token

Bot token of the Slack App created by the Slack Admin

xoxb-1234567890123- 9876543210987-abcdefG HIJKLMNopqrstUVWXYZ

Chunk Overlap

When chunking text, the amount of overlap text to keep between chunks.

50

Connector ID

A unique ID to assign the connector. This will be included in the message metadata

Example_ID

Cortex Search Name

The name of the Cortex Search resource that is created.

`` SLACK_CORTEX_SEARCH``

Max Chunk Chars

The number of characters to include in text chunks.

512

Membership Table

The table name to include Slack membership records

SLACK_MEMBERSHIP

Message Table

The table name to include Slack message records

SLACK_MESSAGES

Openflow Instance Database

Database will be created in the user’s Snowflake account if necessary. Conversations, metadata and ACLs will be ingested into tables in the schema specified

Openflow

Openflow Instance Schema

Schema will be created in the target database in the user’s Snowflake account if necessary. Stage and tables will be created to ingest files, metadata and ACLs.

production

Refresh Slack Members

Amount of time in between refreshing Slack membership

120 minutes

Reply Monitor Window Seconds

The number of seconds the Con sumeSlackConversation processor will look back in time for replies to threads.

300

Snowflake Account

Snowflake account identifier with organization name and account name formatted as [organization -name]-[account-name]

myorg-myaccount

Snowflake Role

The role to assume after authenticating to Snowflake

INGEST_ADMIN

Snowflake Username

The username to connect to the Snowflake account.

user@company.org

Snowflake Private Key

The RSA private key which is used for authentication. The RSA key must be formatted according to PKCS8 standards and have standard PEM headers and footers. Note that either Snowflake Private Key File or Snowflake Private Key must be defined

N/A

Snowflake Private Key File

The file that contains the RSA Private Key used for authentication to Snowflake, formatted according to PKCS8 standards and having standard PEM headers and footers. The header line starts with —–BEGIN PRIVATE

/opt/resources/ snowflake/ rsa_key.p8

Snowflake Private Key Password

The password associated with the Snowflake Private Key File

N/A

Snowflake Warehouse

The Snowflake warehouse to use for Snowflake operations and for the Cortex Service

dev_warehouse

Upload Latency

The amount of time to wait to upload data to Snowflake in batches.

60 seconds

Query the Cortex Search service

You can use the Cortex Search service to build chat and search applications to chat with or query your messages in Slack.

After you install and configure the connector and it begins ingesting content from Slack, you can query the Cortex Search service. For more information about using Cortex Search, see Query a Cortex Search service.

Filter responses

To restrict responses from the Cortex Search service to messages that a specific user has access to in Slack you can specify a filter containing the email address of the user when you query Cortex Search. For example, filter.@contains.memberids or filter.@contains.memberemails. The Cortex Search service is created in the same database and schema as the Slack tables, specified by the Openflow Instance Database and Openflow Instance Schema parameters. The name of the Cortex Search service is determined by the Cortex Search Name parameter.

Run the following SQL code in a SQL worksheet to query the Cortex Search service with messages ingested by Slack.

Replace the following:

  • cortex_db: Name of the database containing the cortex search service, specified by the Openflow Instance Database parameter.

  • cortex_schema: Name of the schema containing the cortex search service, specified by the Openflow Instance Schema parameter.

  • cortex_search_service_name: Name of the cortex search service, specified by the Cortex Search Name parameter.

  • user_emailID: Email ID of the user who you want to filter the responses for.

  • your_question: The question that you want to get responses for.

  • number_of_results: Maximum number of results to return in the response. The maximum value is 1000 and the default value is 10.

SELECT PARSE_JSON(
  SNOWFLAKE.CORTEX.SEARCH_PREVIEW(
    '<cortex_db>.<cortex_schema>.<cortex_search_service_name>',
      '{
        "query": "<your_question>",
         "columns": ["text", "channel", "ts","username"],
         "filter": {"@contains": {"memberemails": "<user_emailID>"} },
         "limit": <number_of_results>
       }'
   )
)['results'] AS results
Copy

Here’s a complete list of values that you can enter for columns:

  • type

  • subtype

  • channel

  • user

  • username

  • connectorId

  • workspaceId

  • ts

  • threadTs

Example: Query an AI assistant for human resources (HR) information

You can use Cortex Search to query an AI assistant for employees to chat about the latest Slack posts. The messages that are searched can come from informative Slack channels such as general or it-help.

Run the following in a SQL worksheet to query the Cortex Search service over messages ingested from Slack.

Replace the following:

  • cortex_db: Name of the database containing the cortex search service, specified by the Openflow Instance Database parameter.

  • cortex_schema: Name of the schema containing the cortex search service, specified by the Openflow Instance Schema parameter.

  • cortex_search_service_name: Name of the cortex search service, specified by the Cortex Search Name parameter.

  • user_emailID: Email ID of the user who you want to filter the responses for.

SELECT PARSE_JSON(
     SNOWFLAKE.CORTEX.SEARCH_PREVIEW(
          '<cortex_db>.<cortex_schema>.<cortex_search_service_name>',
          '{
             "query": "What is my vacation carry over policy?",
             "columns": ["text", "channel", “ts”,”username”],
             "filter": {"@contains": {"memberemails": "<user_emailID>"} },
             "limit": 1
          }'
     )
 )['results'] AS results
Copy
Language: English