PagerDuty

This feature enables you to setup a connection between PagerDuty and Abbey so that Abbey can collect the on-call status of a given user. This status can then be used in policies to either auto-deny access (if a user is not on-call) or skip specific approval steps (in the event a user is on-call).

Add a PagerDuty Connection

1. Go to Settings > Sources page

2. Click on either + Add a New Source or + New Source button
3. In the "Select a source type" dropdown, pick PagerDuty as the source type

4. Choose a name for your connection, and click Create to be redirected to PagerDuty
5. Log into PagerDuty.
6. Click Submit Consent to authorize Abbey Labs to read your on-call details
7. After that, it should automatically redirect you back to Abbey, and your PagerDuty connection is now created. You're now all set to use PagerDuty on-call status in your policies and outputs

Use PagerDuty On-Call Status

Now that you have set up a PagerDuty connection, you can reference PagerDuty on-call schedules in policies skip certain approval steps.

Add a Policy to Skip a Step

1. Add a rego policy to skip a workflow if the user is on-call in PagerDuty

   policies/on-call/pagerduty.rego

   Copy

   package pagerduty
   
   skip[msg] {
     data.user.pagerduty.is_on_call
     msg := sprintf("skipping oncall: %v", [data.user.pagerduty.is_on_call])
   }

   Make sure to add .manifest as well

   policies/on-call/.manifest

   Copy

   {"roots": ["pagerduty"]}

2. Add skip_if block to the workflow you want to skip.

   main.tf

   Copy

   resource "abbey_grant_kit" "null_grant" {
     ...
   
     workflow = {
       steps = [
         {
           reviewers = {
             all_of = [
               "alice@example.com",
               "bob@example.com",
               "carol@example.com"
             ]
           }
   +        skip_if = [
   +          { bundle = "github://example-org/example-repo/policies/on-call" }
   +        ]
   +      }
       ]
     }
   
     ...
   }

3. Now that you have updated your Grant Kit, Deploy Your Grant Kit

And that's it.

• When a user requests access and they are on-call, they will skip the review process and will be granted access right away.

• When a user requests access and they are not on-call, their request has to be reviewed by one of the reviewers as usual.