Run symflow init

The symflow init command will generate the configuration for your first Flow.

Overview

Running symflow init must be run in an empty directory, and will generate three files:

  • main.tf: The main Terraform file containing all of your Sym resource delcarations
  • impl.py: A sample implementation file with a reducer and a hook
  • versions.tf: A file declaring the Sym Terraform provider version

Contents

πŸ“˜

Further reading

For more details about each of the files below, please see Initial Configuration Details.

locals {
  environment_name = "main"
}

provider "sym" {
  org = "your-org-slug"
}

resource "sym_flow" "this" {
  name  = "approval"
  label = "Approval"

  implementation = "${path.module}/impl.py"
  environment_id = sym_environment.this.id

  # These variables are made available in your impl.py via `event.flow.vars`
  vars = {
    # You can add more emails to this as a comma separated list, e.g. auto_approve = "[email protected],[email protected]"
    # This variable is used in the `on_request` hook in impl.py!
    auto_approve = "[email protected]"
  }

  params {
    # If you want a Flow with an escalation strategy, add your strategy_id here!
    # strategy_id = ...

    # Each prompt_field defines a custom form field for the Slack modal that
    # requesters fill out to make their requests.
    prompt_field {
      name     = "resource"
      label    = "What do you need access to?"
      type     = "string"
      required = true
    }
  
    prompt_field {
      name     = "reason"
      label    = "Why do you need access?"
      type     = "string"
      required = true
    }
  }
}

# The sym_environment is a container for sym_flows that share configuration values
# (e.g. shared integrations or error logging)
resource "sym_environment" "this" {
  name            = local.environment_name
  runtime_id      = sym_runtime.this.id
  error_logger_id = sym_error_logger.slack.id

  integrations = {
    slack_id = sym_integration.slack.id

    # Add your integration IDs here!
  }
}

resource "sym_integration" "slack" {
  type = "slack"
  name = "${local.environment_name}-slack"

  external_id = "T12345"
}

# This sym_error_logger will output any warnings and errors that occur during
# execution of a sym_flow to a specified channel in Slack.
resource "sym_error_logger" "slack" {
  integration_id = sym_integration.slack.id

  # Make sure that this channel has been created in your workspace
  destination    = "#sym-errors"
}

resource "sym_runtime" "this" {
  name = local.environment_name

  # For AWS IAM, SSO, Lambda strategies, add your context ID here! For example:
  # context_id = sym_integration.runtime_context.id
}
from sym.sdk.annotations import hook, reducer
from sym.sdk.integrations import slack
from sym.sdk.templates import ApprovalTemplate


# Reducers fill in the blanks that your workflow needs in order to run.
@reducer
def get_approvers(event):
    """Route Sym requests to a specified channel."""

    # Make sure that this channel has been created in your workspace!
    return slack.channel("#sym-requests")


# Hooks let you change the control flow of your workflow.
@hook
def on_request(event):
    """Auto-approve people defined in the auto-approve list in the sym_flow vars"""

    flow_vars = event.flow.vars
    auto_approve = flow_vars["auto_approve"].split(",")

    if event.user.username in auto_approve:
        original_reason = event.payload.fields.get("reason")
        new_reason = f"Auto-approved! {original_reason}️"
        return ApprovalTemplate.approve(reason=new_reason)
terraform {
  required_providers {
    sym = {
      source  = "symopsio/sym"
      version = "~> 2.0"
    }
  }
}