Drop public channel requirement for slack images

[wotbrew]

Previously, before a file could be embedded in a bot post (e.g. images in a dashboard subscription post), it first had to be uploaded to the slack-files-channel. This PR makes it so that the slack-files-channel is no longer necessary, and images can be embedded directly in posts without additional ceremony.

When setting up the slack integration, users no longer need to specify a files channel name. They now only need provide the oauth token.

To be clear, if this PR is merged we will no longer post images to the configured files channel - so if users somehow depend on that (not only the dashboard/alert posts themselves, but the file post) then we might break them. On balance I consider this unlikely enough that the additional complexity required to support any such use cases would not be worth it.

This has a few advantages:

• Fewer requirements of users to get started with slack, less likely to bounce off due to confusion etc
• Privacy and security is improved
  e.g say you had a dashboard of employee stats, salary, sick days etc - you might hesitate setting up a subscription because all your slack users would be able to see the dashboard images.
• Less complexity, tests, documentation needed
• We could not get private channels to work as a files channel, this bypasses that problem.

downgrades note This is a code only change, the setting is not deleted from existing instances, so if downgraded - the slack integration will start using the files channel again. If a new slack installation (that has never used the files channel) is downgraded, then the files channel will need to be added before the integration works again.

Closes #53319

Closes WRK-59

Description

This is made possible by dropping the legacy slack 'attachment' used for images, and instead utilising the blockkit image element, which permits sending private files directly using the slack_file field.

For large dashboards, more than one slack post will be made per notification, to work around block limits (50 per message).

How to verify

Describe the steps to verify that the changes are working as expected.

1. Setup a new slack integration

   • admin settings
   • notifications
   • create slack app (I used my own slack developer workspace)

2. Create a dashboard

3. Test a subscription

   • click on sharing
   • click on subscriptions
   • click 'send it to slack'
   • choose a channel to post to (private or public is fine)
   • click send to slack now

4. Observe the post in slack, image is shared directly without posting to a files channel

Checklist

• Tests have been added/updated to cover changes in this PR.

[trunk-io]

     

Failed Test	Failure Summary	Logs
multi-row-create-test	The expected result of the `spec-update/do-update!` function does not match the actual result.	Logs ↗︎

View Full Report ↗︎ ⋅ Docs

[qnkhuat]

Testing and I get this error: clojure.lang.ExceptionInfo: Slack API error: missing_scope {:error-code "missing_scope", :message "Slack API error: missing_scope", :response {:ok false, :error "missing_scope", :needed "files:read", :provided "users:read,channels:read,channels:join,files:write,chat:write,chat:write.customize,chat:write.public"}, :url "https://slack.com/api/files.info"} looks like we need to include files:read scope

[crisptrutski]

Devils advocating here, but can you imagine any customers being upset at losing the image firehose? Can't imagine a user wanting to be in that channel, but perhaps being used for automation or something.

[qnkhuat]

So I've added the files:read scope and it works.

But I have another issue with sending a big dashboard with 34 cards: Caused by: clojure.lang.ExceptionInfo: Slack API error: invalid_blocks {:error-code "invalid_blocks", :message "Slack API error: invalid_blocks", :response {:ok false, :error "invalid_blocks", :errors ["no more than 50 items allowed [json-pointer:/blocks]"], :response_metadata {:messages ["[ERROR] no more than 50 items allowed [json-pointer:/blocks]"]}}}

For your info, I use the example dashboards at http://localhost:3000/dashboard/1-e-commerce-insights.

I think we need to find a way around this, otherwise this will break some existing integration.

[wotbrew]

Devils advocating here, but can you imagine any customers being upset at losing the image firehose? Can't imagine a user wanting to be in that channel, but perhaps being used for automation or something.

I mean, yes - I can imagine it. I think we win on balance?

[qnkhuat]

nicely done!

no scope changes, get passed the block limit.

I do find a mention of slack-channel in docs/configuring-metabase/config-template.md which I think you need to remove.

other than that this looks great to me.

Side note: I think we need to mention in the release note that we'll no longer update images to a channel in case people rely on these.