In the previous tutorial, we demonstrated how to set up JIT access using the Bytebase GUI. In this tutorial, we will cover how to automate JIT access via Slack, utilizing Bytebase webhooks and API.
When developers need urgent production database access during incidents but lack permissions, they can request Just-in-Time (JIT) access. By triggering the Bytebase webhook, the DBA will receive a notification in Slack immediately and can approve there.
This is Part 2 of our tutorial series on implementing Just-in-Time (JIT) database access:
In this tutorial, you’ll learn how to approve JIT access via Slack with the help of Bytebase webhooks and APIs.
The complete code for this tutorial is available at: example-slack
This tutorial skips the Bytebase setup part, if you haven’t set up the Bytebase and registered admin and developer users, please follow instructions in the previous tutorial.
Before you begin, make sure you have:
Another option would require clicking to go to bytebase to approve the request, which can be done by built-in Slack webhook integration.
Make sure you finished the previous tutorial and have the Bytebase instance running. Particularly, pay attention to Step 4, which is to request JIT access via Bytebase GUI.
The Request role
feature is supported by Enterprise Plan which will be needed for this tutorial, other plans only allow the Assign role
feature which is not enough. You may request a trial from here.
Log in as Workspace Admin
, and go to IAM & Admin > Users & Groups. Click + Add User, fill in with api-sample
, choose the Workspace DBA
role sufficient for this tutorial and click Confirm.
Find the newly created service account and Copy Service Key. We will use this token to authenticate the API calls.
Sample Project
, click Manage > Members, and assign the service account as Project Owner
which can fit the custom approval set in the previous tutorial.example-slack
code and run itapprove-issue
folder and copy the env-template.local
file to .env.local
..env.local
file.3000
for the example-slack
app8080
for the Bytebase instance
.env.local
file as BB_HOST
.Sample Project
.Slack
webhook, URL as YOUR_3000_FORWARDED_URL/api/bytebase/webhook
.Issue approval needed
as Triggering activities.chat:write
(send message)channels:read
(read channel id for public channel)groups:read
(read channel id for private channel).env.local
file as SLACK_BOT_TOKEN./invite @YOUR_BOT_NAME
.YOUR_3000_FORWARDED_URL/api/slack/interact
. Click Save Changes.Now, everything is ready, let’s verify the workflow:
Sample Project
.hr_prod
database is not accessible.hr_prod
database, and click Request Querier role.
If digging into the code is your interest, here is a brief explanation of the code structure:
src/app/api/bytebase/webhook/route.ts
: handle the webhook from Bytebase.src/app/api/slack/interact/route.ts
: handle the interaction (Approve or Deny) from Slack to Bytebase.src/lib/slack.ts
: send the message to Slack via using the its web API.Congratulations! You’ve successfully set up JIT database access via Slack with the help of Bytebase webhooks and APIs.
In the previous tutorial, we demonstrated how to set up JIT access using the Bytebase GUI. In this tutorial, we will cover how to automate JIT access via Slack, utilizing Bytebase webhooks and API.
When developers need urgent production database access during incidents but lack permissions, they can request Just-in-Time (JIT) access. By triggering the Bytebase webhook, the DBA will receive a notification in Slack immediately and can approve there.
This is Part 2 of our tutorial series on implementing Just-in-Time (JIT) database access:
In this tutorial, you’ll learn how to approve JIT access via Slack with the help of Bytebase webhooks and APIs.
The complete code for this tutorial is available at: example-slack
This tutorial skips the Bytebase setup part, if you haven’t set up the Bytebase and registered admin and developer users, please follow instructions in the previous tutorial.
Before you begin, make sure you have:
Another option would require clicking to go to bytebase to approve the request, which can be done by built-in Slack webhook integration.
Make sure you finished the previous tutorial and have the Bytebase instance running. Particularly, pay attention to Step 4, which is to request JIT access via Bytebase GUI.
The Request role
feature is supported by Enterprise Plan which will be needed for this tutorial, other plans only allow the Assign role
feature which is not enough. You may request a trial from here.
Log in as Workspace Admin
, and go to IAM & Admin > Users & Groups. Click + Add User, fill in with api-sample
, choose the Workspace DBA
role sufficient for this tutorial and click Confirm.
Find the newly created service account and Copy Service Key. We will use this token to authenticate the API calls.
Sample Project
, click Manage > Members, and assign the service account as Project Owner
which can fit the custom approval set in the previous tutorial.example-slack
code and run itapprove-issue
folder and copy the env-template.local
file to .env.local
..env.local
file.3000
for the example-slack
app8080
for the Bytebase instance
.env.local
file as BB_HOST
.Sample Project
.Slack
webhook, URL as YOUR_3000_FORWARDED_URL/api/bytebase/webhook
.Issue approval needed
as Triggering activities.chat:write
(send message)channels:read
(read channel id for public channel)groups:read
(read channel id for private channel).env.local
file as SLACK_BOT_TOKEN./invite @YOUR_BOT_NAME
.YOUR_3000_FORWARDED_URL/api/slack/interact
. Click Save Changes.Now, everything is ready, let’s verify the workflow:
Sample Project
.hr_prod
database is not accessible.hr_prod
database, and click Request Querier role.
If digging into the code is your interest, here is a brief explanation of the code structure:
src/app/api/bytebase/webhook/route.ts
: handle the webhook from Bytebase.src/app/api/slack/interact/route.ts
: handle the interaction (Approve or Deny) from Slack to Bytebase.src/lib/slack.ts
: send the message to Slack via using the its web API.Congratulations! You’ve successfully set up JIT database access via Slack with the help of Bytebase webhooks and APIs.