PagerDuty
This feature enables you to setup a connection between PagerDuty and Abbey so that Abbey can collect the on-call status of a given user. This status can then be used in policies to either auto-deny access (if a user is not on-call) or skip specific approval steps (in the event a user is on-call).
Add a PagerDuty Connection
Go to Settings > Sources page
Click on either + Add a New Source or + New Source button
Settings > Sources page In the "Select a source type" dropdown, pick PagerDuty as the source type
Choose a name for your connection, and click Create to be redirected to PagerDuty
Log into PagerDuty.
Click Submit Consent to authorize Abbey Labs to read your on-call details
After that, it should automatically redirect you back to Abbey, and your PagerDuty connection is now created. You're now all set to use PagerDuty on-call status in your policies and outputs
Use PagerDuty On-Call Status
Now that you have set up a PagerDuty connection, you can reference PagerDuty on-call schedules in policies skip certain approval steps.
Add a Policy to Skip a Step
Add a rego policy to skip a workflow if the user is on-call in PagerDuty
package pagerduty skip[msg] { data.user.pagerduty.is_on_call msg := sprintf("skipping oncall: %v", [data.user.pagerduty.is_on_call]) }Make sure to add
.manifestas well{"roots": ["pagerduty"]}Add
skip_ifblock to the workflow you want to skip.resource "abbey_grant_kit" "null_grant" { ... workflow = { steps = [ { reviewers = { all_of = [ "[email protected]", "[email protected]", "[email protected]" ] } + skip_if = [ + { bundle = "github://example-org/example-repo/policies/on-call" } + ] + } ] } ... }Now that you have updated your Grant Kit, Deploy Your Grant Kit
And that's it.
When a user requests access and they are on-call, they will skip the review process and will be granted access right away.
When a user requests access and they are not on-call, their request has to be reviewed by one of the reviewers as usual.
Last updated