Switch the Slack implementation from RTM to WebSockets

[mszostok]

Warning
If the new BotKube App will be published in Slack App Directory, the v0.12.4 release would not work. Beause of that the new version that supports the WS needs to be release. We can have a feature toggle for that.

Overview

The current Slack BotKube App is based on RTM. This means that it uses the old API.

In this case, we are not able to:

• reduce the app permission
• select events to which we want to be subscribed (related issues: Change Slack unmarshalling error from error to warning level #619, Unmarshalling error logs contain Slack user data #579)

Also, the current implementation exposes an API access token after OAuth for users to copy-paste into their Kubernetes cluster. As stated during Slack app resubmission process, this is against Slack guidelines on safe token storage, so we'll need to find another way for users to connect with Slack, such as providing an encrypted token.

Implementation

The best option would be changing the implementation from RTM to WebSocket mode.

Here is the migration guide: https://api.slack.com/authentication/migration

Acceptance Criteria

• Drive the POC to check if WS implementation has all functionality that BotKube requires.
• Before doing the change, announce it on the Slack #general channel. This change would require others to reinstall the app into workspaces, without that they will still use the old API.
• The Slack BotKube App
  • has required permission only
  • subscribes to handled events only ("messages" and "connected")
  • follows Slack guidelines on safe token storage
• Notification about reconfigured Slack App is posted on Slack and in release notes.
• Get rid of the BotKube Slack app from Heroku

Update:

• is published to the Slack App Directory - THIS NEEDS TO BE ALIGNED WITH RELEASE.
  • submit it as soon as possible (mark it as unstable/alpha etc.)
  • describe the timeline and if that impacts
  • alternative: manual Slack app manifest to import by users
• update E2E tests to the new approach

Resources

• Real Time Messaging API
  
• Migration guide

Update

• Inject app-level token during binary build (same as with analytics API Key)
• Remove Helm parameter for the app-level token
• Update documentation changes

[huseyinbabal]

Need to discuss on this a bit more, since there is a chicken-egg problem. Slack encourages to use socketmode instead of RTM, but at the same time it is not encouraged to publish it Slack App Directory. I already tried to describe and provide a solution which we need to discuss.

[huseyinbabal]

I did further research and app-level token which we need for websocket connection (socketmode) is not something we can share with customers. This is designed for the slack apps which you manage it on your env and serve some features in a multi-tenant environment. We can discuss this further, but simply RTM to socketmode does not seems a programmatic conversion. Stackoverflow answer here

[bygui86]

@huseyinbabal is PR #693 going to change anything in BotKube configuration? When I upgrade to v0.14.0, will I have to change something?