PoshBot

PoshBot is a chatbot written in PowerShell. It makes extensive use of classes introduced in PowerShell 5.0. PowerShell modules are loaded into PoshBot and instantly become available as bot commands. PoshBot currently supports connecting to Slack to provide you with awesome ChatOps goodness.

What Can PoshBot Do?

Pretty much anything you want 🙂 No seriously. PoshBot executes functions or cmdlets from PowerShell modules. Use PoshBot to connect to servers and report status, deploy code, execute runbooks, query APIs, etc. If you can write it in PowerShell, PoshBot can execute it.

PoshBot includes a simple yet effective Role-Based Access Control (RBAC) model that you can apply to your bot commands. While it would be great if everyone could execute everything, many commands in your ChatOps environment may be sensitive in nature or particularly powerful, requiring an extra degree of control over who can execute what.

PoshBot uses the concept of Permissions, Roles, and Groups to optionally control the execution of commands. It is the union of these constructs and the user that secures the command.

Permissions

A PoshBot command can have one or more permissions attached to them. A permission is the base unit used for security. Permissions are nothing more than tokens that are applied to commands. These permissions are then collected into roles. Permissions available in a plugin are defined in the PrivateData section of the PowerShell module manifest for the plugin. When specifying the permissions inside the module manifest, an array of strings and/or hashtables can be used. When using a hashtable, a Name key must be used. The Description key is optional but recommended.

Roles

Roles are a collection of permissions. Roles allow the bot administrator to construct a set of permissions from across many plugins that together control access to a set of related commands. Perhaps you have several plugins installed that include commands that you want to grant to a Service Desk user. You can create a role with only the permissions required for their job and nothing more. Roles are not included with plugins. The bot administrator creates roles and they are stored with the bot configuration.

Groups

Groups are used to associate users with one or more roles and therefore, one or permissions to execute commands. When a user is added to a group, that user has the authorization to execute any command that has permission in a role that is part of that group. To put it another way, a user has all the permissions from all the roles added to that group.

Install && Use

Copyright (c) 2017 Brandon Olin