Additional ACL Tests + Slackbot fix (#4430)

* try turning drive perm sync on

* try passing in env var

* add some logs

* Update pr-integration-tests.yml

* revert "Update pr-integration-tests.yml"

This reverts commit 76a44adbfed4d94282bc99450ab05b2759e81521.

* Revert "add some logs"

This reverts commit ab9e6bcfb1825b4f5d701f1b758d92b2a0bc1850.

* Revert "try passing in env var"

This reverts commit 9c0b6162ea856d53b82bd3daac71642266714426.

* Revert "try turning drive perm sync on"

This reverts commit 2d35f61f427432defd775459d55cfd93be0646f5.

* try slack connector

* k

* update

* remove logs

* remove more logs

* nit

* k

* k

* address nits

* run test with additional logs

* Revert "run test with additional logs"

This reverts commit 1397a2c4a0a554da66a825299eaa6ddf18cdcc39.

* Revert "address nits"

This reverts commit d5e24b019dfaf41e88d4e2bd41734e92d64b929d.

backend/ee/onyx/external_permissions/slack/doc_sync.py

@@ -5,12 +5,14 @@ from slack_sdk import WebClient
 from ee.onyx.external_permissions.slack.utils import fetch_user_id_to_email_map
 from onyx.access.models import DocExternalAccess
 from onyx.access.models import ExternalAccess
+from onyx.connectors.credentials_provider import OnyxDBCredentialsProvider
 from onyx.connectors.slack.connector import get_channels
 from onyx.connectors.slack.connector import make_paginated_slack_api_call_w_retries
 from onyx.connectors.slack.connector import SlackConnector
 from onyx.db.models import ConnectorCredentialPair
 from onyx.indexing.indexing_heartbeat import IndexingHeartbeatInterface
 from onyx.utils.logger import setup_logger
+from shared_configs.contextvars import get_current_tenant_id
 
 
 logger = setup_logger()
@@ -101,7 +103,12 @@ def _get_slack_document_access(
     callback: IndexingHeartbeatInterface | None,
 ) -> Generator[DocExternalAccess, None, None]:
     slack_connector = SlackConnector(**cc_pair.connector.connector_specific_config)
-    slack_connector.load_credentials(cc_pair.credential.credential_json)
+
+    # Use credentials provider instead of directly loading credentials
+    provider = OnyxDBCredentialsProvider(
+        get_current_tenant_id(), "slack", cc_pair.credential.id
+    )
+    slack_connector.set_credentials_provider(provider)
 
     slim_doc_generator = slack_connector.retrieve_all_slim_documents(callback=callback)
 

backend/ee/onyx/external_permissions/slack/group_sync.py

@@ -51,6 +51,7 @@ def _get_slack_group_members_email(
 
 
 def slack_group_sync(
+    tenant_id: str,
     cc_pair: ConnectorCredentialPair,
 ) -> list[ExternalUserGroup]:
     slack_client = WebClient(

backend/ee/onyx/external_permissions/sync_params.py

@@ -15,6 +15,7 @@ from ee.onyx.external_permissions.post_query_censoring import (
     DOC_SOURCE_TO_CHUNK_CENSORING_FUNCTION,
 )
 from ee.onyx.external_permissions.slack.doc_sync import slack_doc_sync
+from ee.onyx.external_permissions.slack.group_sync import slack_group_sync
 from onyx.access.models import DocExternalAccess
 from onyx.configs.constants import DocumentSource
 from onyx.db.models import ConnectorCredentialPair
@@ -56,6 +57,7 @@ DOC_PERMISSIONS_FUNC_MAP: dict[DocumentSource, DocSyncFuncType] = {
 GROUP_PERMISSIONS_FUNC_MAP: dict[DocumentSource, GroupSyncFuncType] = {
     DocumentSource.GOOGLE_DRIVE: gdrive_group_sync,
     DocumentSource.CONFLUENCE: confluence_group_sync,
+    DocumentSource.SLACK: slack_group_sync,
 }
 
 

backend/onyx/connectors/slack/connector.py

@@ -255,7 +255,9 @@ _DISALLOWED_MSG_SUBTYPES = {
 def default_msg_filter(message: MessageType) -> bool:
     # Don't keep messages from bots
     if message.get("bot_id") or message.get("app_id"):
-        if message.get("bot_profile", {}).get("name") == "OnyxConnector":
+        bot_profile_name = message.get("bot_profile", {}).get("name")
+        print(f"bot_profile_name: {bot_profile_name}")
+        if bot_profile_name == "DanswerBot Testing":
             return False
         return True
 

backend/tests/integration/common_utils/managers/cc_pair.py

@@ -444,6 +444,7 @@ class CCPairManager:
         )
         if group_sync_result.status_code != 409:
             group_sync_result.raise_for_status()
+        time.sleep(2)
 
     @staticmethod
     def get_doc_sync_task(

backend/tests/integration/connector_job_tests/slack/conftest.py

@@ -14,9 +14,8 @@ from tests.integration.connector_job_tests.slack.slack_api_utils import SlackMan
 @pytest.fixture()
 def slack_test_setup() -> Generator[tuple[dict[str, Any], dict[str, Any]], None, None]:
     slack_client = SlackManager.get_slack_client(os.environ["SLACK_BOT_TOKEN"])
-    admin_user_id = SlackManager.build_slack_user_email_id_map(slack_client)[
-        "admin@onyx-test.com"
-    ]
+    user_map = SlackManager.build_slack_user_email_id_map(slack_client)
+    admin_user_id = user_map["admin@onyx-test.com"]
 
     (
         public_channel,

backend/tests/integration/connector_job_tests/slack/test_permission_sync.py

@@ -3,8 +3,6 @@ from datetime import datetime
 from datetime import timezone
 from typing import Any
 
-import pytest
-
 from onyx.connectors.models import InputType
 from onyx.db.enums import AccessType
 from onyx.server.documents.models import DocumentSource
@@ -25,7 +23,6 @@ from tests.integration.common_utils.vespa import vespa_fixture
 from tests.integration.connector_job_tests.slack.slack_api_utils import SlackManager
 
 
-@pytest.mark.xfail(reason="flaky - see DAN-789 for example", strict=False)
 def test_slack_permission_sync(
     reset: None,
     vespa_client: vespa_fixture,
@@ -221,7 +218,6 @@ def test_slack_permission_sync(
     assert private_message not in onyx_doc_message_strings
 
 
-@pytest.mark.xfail(reason="flaky", strict=False)
 def test_slack_group_permission_sync(
     reset: None,
     vespa_client: vespa_fixture,