Update JIT part1 and part 2 (#485)

* update-part2-tuts

* update the file names

content/docs/tutorials/just-in-time-part1.md → content/docs/tutorials/just-in-time-database-access-part1.md

@@ -18,7 +18,7 @@ This tutorial will guide you through setting up Just-in-Time (JIT) access using
 This is Part 1 of our tutorial series on implementing Just-in-Time (JIT) access:
 
 - Part 1: JIT database access via Bytebase GUI
-- Part 2: [Approve JIT database access via Slack](/docs/tutorials/just-in-time-part2)
+- Part 2: [Approve JIT database access via Slack](/docs/tutorials/just-in-time-database-access-part2)
 - Part 3: Request JIT database access via Slack
 
 ## Prerequisites
@@ -53,7 +53,7 @@ As a developer user, you will not have the access to query the production databa
 
 1. Click `hr_prod`, you will see the SQL Editor icon is greyed out, which means you don't have access to this database in SQL Editor. Even you click **SQL Editor** button on the top bar to navigate to the SQL Editor page, you still don't have access to this database.
 
-   ![bb-sql-editor-grey](/content/docs/tutorials/just-in-time-part1/bb-sql-editor-grey.webp)
+   ![bb-sql-editor-grey](/content/docs/tutorials/just-in-time-database-access-part1/bb-sql-editor-grey.webp)
 
 ## Step 3 - DBA assign you access to the production database (Community and Pro Plan)
 
@@ -65,11 +65,11 @@ In Bytebase **Community** and **Pro Plan**, the Admin/DBA can assign you access
 
 1. In the **Grant Access** modal, select the `SQL Editor User` role, then set 1 day Expiration, and click **Confirm** button. Here you may notice in Community and Pro Plan, you can only set access to all databases in the project.
 
-   ![bb-community-grant-query](/content/docs/tutorials/just-in-time-part1/bb-community-grant-query.webp)
+   ![bb-community-grant-query](/content/docs/tutorials/just-in-time-database-access-part1/bb-community-grant-query.webp)
 
 1. After the access is granted, login as the developer user again, you should see the SQL Editor icon is no longer greyed out, which means you have access to the production database in SQL Editor. After one day, the access will expire automatically.
 
-   ![bb-sql-editor-query](/content/docs/tutorials/just-in-time-part1/bb-sql-editor-query.webp)
+   ![bb-sql-editor-query](/content/docs/tutorials/just-in-time-database-access-part1/bb-sql-editor-query.webp)
 
 ## Step 4 - Request a JIT access to the production database (Enterprise Plan)
 
@@ -81,37 +81,37 @@ In Bytebase **Enterprise Plan**, you can request a JIT access to the production
 
 1. Click **CI/CD** > **Custom Approval** on the left sidebar. Assign licenses to the instances to enable this feature.
 
-   ![bb-assign-license](/content/docs/tutorials/just-in-time-part1/bb-assign-license.webp)
+   ![bb-assign-license](/content/docs/tutorials/just-in-time-database-access-part1/bb-assign-license.webp)
 
 1. Scroll down to **Request Querier Role** section, add `high` risk an approval flow `Project Owner`.
 
-   ![bb-custom-approval](/content/docs/tutorials/just-in-time-part1/bb-custom-approval.webp)
+   ![bb-custom-approval](/content/docs/tutorials/just-in-time-database-access-part1/bb-custom-approval.webp)
 
 1. Click **CI/CD** > **Risk Center** on the left sidebar. Define a High risk policy for `Request Querier Role` which triggers when the environment is `Prod`.
 
-   ![bb-risk-center](/content/docs/tutorials/just-in-time-part1/bb-risk-center.webp)
+   ![bb-risk-center](/content/docs/tutorials/just-in-time-database-access-part1/bb-risk-center.webp)
 
 1. Login as the developer user again, then go to SQL Editor page. Click **Connect to a database** or **Select a database to start**. You should see the `hr_prod` and `hr_test` databases listed, click **Request query** to request a JIT access.
 
-   ![bb-sql-editor-request](/content/docs/tutorials/just-in-time-part1/bb-sql-editor-request.webp)
+   ![bb-sql-editor-request](/content/docs/tutorials/just-in-time-database-access-part1/bb-sql-editor-request.webp)
 
 1. Another way is to go to **Database > Databases** page, click **Request Querier Role**.
 
-   ![bb-databases-request](/content/docs/tutorials/just-in-time-part1/bb-databases-request.webp)
+   ![bb-databases-request](/content/docs/tutorials/just-in-time-database-access-part1/bb-databases-request.webp)
 
 1. In the **Request Querier Role** modal, choose **Manually select**, then `employee` `salary` and `title` under `hr_prod` database, and click **OK** button. Here you may also specify the expiration time which can be a specific time, or relative time from now.
 
-   ![bb-sql-editor-choose](/content/docs/tutorials/just-in-time-part1/bb-sql-editor-choose.webp)
+   ![bb-sql-editor-choose](/content/docs/tutorials/just-in-time-database-access-part1/bb-sql-editor-choose.webp)
 
-   ![bb-sql-editor-custom-expr](/content/docs/tutorials/just-in-time-part1/bb-sql-editor-custom-expr.webp)
+   ![bb-sql-editor-custom-expr](/content/docs/tutorials/just-in-time-database-access-part1/bb-sql-editor-custom-expr.webp)
 
 1. An request issue will be created, switch to the project owner (the admin user), go to **Issue** page, you should see the request issue. Click **Approve** button to approve the request.
 
-   ![bb-request-waiting](/content/docs/tutorials/just-in-time-part1/bb-request-waiting.webp)
+   ![bb-request-waiting](/content/docs/tutorials/just-in-time-database-access-part1/bb-request-waiting.webp)
 
 1. Switch back to the developer user, go to SQL Editor page, you should be able to query from these three tables. If you query from other tables, you will get errors and suggest to request a JIT access.
 
-   ![bb-sql-editor-not-ok](/content/docs/tutorials/just-in-time-part1/bb-sql-editor-not-ok.webp)
+   ![bb-sql-editor-not-ok](/content/docs/tutorials/just-in-time-database-access-part1/bb-sql-editor-not-ok.webp)
 
 1. After the developer user get the access, he can solve the incident. The admin user can revoke the access directly from the **Manage** > **Members** page or wait for the access expiration.
 

content/docs/tutorials/just-in-time-part2.md → content/docs/tutorials/just-in-time-database-access-part2.md

@@ -9,15 +9,15 @@ estimated_time: '30 mins'
 description: 'In this tutorial, we will demonstrate how to automate JIT access via Slack, utilizing Bytebase webhooks and API'
 ---
 
-In the [previous tutorial](/docs/tutorials/just-in-time-part1), we demonstrated how to set up JIT access using the Bytebase GUI. In this tutorial, we will cover how to automate JIT access via Slack, utilizing Bytebase webhooks and API.
+In the [previous tutorial](/docs/tutorials/just-in-time-database-access-part1), we demonstrated how to set up JIT access using the Bytebase GUI. In this tutorial, we will cover how to automate JIT access via Slack, utilizing Bytebase webhooks and API.
 
 When developers need urgent production database access during incidents but lack permissions, they can request Just-in-Time (JIT) access. By triggering the Bytebase webhook, the DBA will receive a notification in Slack immediately and can approve there.
 
 ---
 
 This is Part 2 of our tutorial series on implementing Just-in-Time (JIT) access:
 
-- Part 1: [Grant JIT database access via Bytebase GUI](/docs/tutorials/just-in-time-part1)
+- Part 1: [Grant JIT database access via Bytebase GUI](/docs/tutorials/just-in-time-database-access-part1)
 - Part 2: Approve JIT database access via Slack (this one)
 - Part 3: Request JIT database access via Slack
 
@@ -31,7 +31,7 @@ The complete code for this tutorial is available at: [slack-example](https://git
 
 </HintBlock>
 
-This tutorial skips the Bytebase setup part, if you haven't set up the Bytebase and registered admin and developer users, please follow instructions in the [previous tutorial](/docs/tutorials/just-in-time-part1).
+This tutorial skips the Bytebase setup part, if you haven't set up the Bytebase and registered admin and developer users, please follow instructions in the [previous tutorial](/docs/tutorials/just-in-time-database-access-part1).
 
 ## Prerequisites
 
@@ -49,7 +49,7 @@ Before you begin, make sure you have:
 
 ## Step 1 - Finished the previous tutorial
 
-Make sure you finished the [previous tutorial](/docs/tutorials/just-in-time-part1) and have the Bytebase instance running. Particularly, pay attention to **Step 4**, which is to request JIT access via Bytebase GUI.
+Make sure you finished the [previous tutorial](/docs/tutorials/just-in-time-database-access-part1) and have the Bytebase instance running. Particularly, pay attention to **Step 4**, which is to request JIT access via Bytebase GUI.
 
 The `Request role` feature is supported by **Enterprise Plan** which will be needed for this tutorial, other plans only allow the `Assign role` feature which is not enough. You may request a trial from [here](https://www.bytebase.com/contact-us/).
 
@@ -67,7 +67,7 @@ The `Request role` feature is supported by **Enterprise Plan** which will be nee
 1. By using VS Code's [Port forwarding](https://code.visualstudio.com/docs/editor/port-forwarding), you can forward the local server's ports:
    - `3000` for the `slack-example` app
    - `8080` for the Bytebase instance
-     ![vscode-ports](/content/docs/tutorials/just-in-time-part2/vscode-ports.webp)
+     ![vscode-ports](/content/docs/tutorials/just-in-time-database-access-part2/vscode-ports.webp)
 1. Copy the 8080 port forwarded address to the `.env.local` file as `BB_HOST`.
 1. Also, go to Bytebase, click **Settings > General** to set the address as **External URL**.
 
@@ -78,19 +78,19 @@ The `Request role` feature is supported by **Enterprise Plan** which will be nee
 1. Set the **Name** as `Slack` webhook, **URL** as `YOUR_3000_FORWARDED_URL/api/bytebase/webhook`.
 1. Select `Issue approval needed` as **Triggering activities**.
 1. Click **Test webhook** and if it's successful, then click **Create**.
-   ![bb-webhook](/content/docs/tutorials/just-in-time-part2/bb-webhook.webp)
+   ![bb-webhook](/content/docs/tutorials/just-in-time-database-access-part2/bb-webhook.webp)
 
 ## Step 5 - Create and invite a Slack bot
 
 1. Go to [Slack apps](https://api.slack.com/apps) and click **Create New App**.
 1. Choose **From scratch**, enter the **App name**, and select your **Workspace**.
 1. Go to **OAuth & Permissions** and add the following permissions under **Scopes**:
-   - `chat:write`
-   - `chat:write.public`
+   - `chat:write` (send message)
+   - `channels:read` (read channel id for public channel)
+   - `groups:read` (read channel id for private channel)
 1. Scroll up to **OAuth Tokens**, click **Install to YOUR_WORKSPACE**, and authorize the app.
 1. Copy the **Bot User OAuth Token** and paste it into the `.env.local` file as **SLACK_BOT_TOKEN**.
 1. Choose a channel and invite the bot to the channel by typing `/invite @YOUR_BOT_NAME`.
-1. Get the **Channel ID** via copying the channel link and extracting the ID from the URL. Copy and paste it into the `.env.local` file as **SLACK_CHANNEL_ID**.
 1. Go to **Interactivity & Shortcuts** in app settings, turn on **Interactivity** and add the **Request URL**: `YOUR_3000_FORWARDED_URL/api/slack/interact`. Click **Save Changes**.
 
 ## Step 6 - Verify the workflow
@@ -100,24 +100,24 @@ Now, everything is ready, let's verify the workflow:
 1. Go to Bytebase, log in as the developer and go into the `Sample Project`.
 1. By default, the developer has no permission to access the database. Click **Manage > Members** and you'll see the devloper only has **Project Developer** role. If you go to **SQL Editor**, you'll see the `hr_prod` database is not accessible.
 1. Click **Database > databases**, select the `hr_prod` database, and click **Request Querier role**.
-   ![bb-db-request](/content/docs/tutorials/just-in-time-part2/bb-db-request.webp)
+   ![bb-db-request](/content/docs/tutorials/just-in-time-database-access-part2/bb-db-request.webp)
 1. Choose the database or table you want to access, and click **OK**.
-   ![bb-request-select](/content/docs/tutorials/just-in-time-part2/bb-request-select.webp)
+   ![bb-request-select](/content/docs/tutorials/just-in-time-database-access-part2/bb-request-select.webp)
 1. A request issue is created, the configured custom approval flow will be matched.
-   ![bb-issue-waiting](/content/docs/tutorials/just-in-time-part2/bb-issue-waiting.webp)
+   ![bb-issue-waiting](/content/docs/tutorials/just-in-time-database-access-part2/bb-issue-waiting.webp)
 1. Go to Slack, the bot already sent a message to the channel, which is triggered by the webhook.
-   ![slack-to-approve](/content/docs/tutorials/just-in-time-part2/slack-to-approve.webp)
+   ![slack-to-approve](/content/docs/tutorials/just-in-time-database-access-part2/slack-to-approve.webp)
 1. Click **Approve** and the Slack Bot will trigger the interact API, which calls Bytebase API to approve the issue.
-   ![slack-request-approved](/content/docs/tutorials/just-in-time-part2/slack-request-approved.webp)
+   ![slack-request-approved](/content/docs/tutorials/just-in-time-database-access-part2/slack-request-approved.webp)
 1. Go back to Bytebase, the issue is approved. The developer can access the database now.
-   ![bb-issue-approved](/content/docs/tutorials/just-in-time-part2/bb-issue-approved.webp)
+   ![bb-issue-approved](/content/docs/tutorials/just-in-time-database-access-part2/bb-issue-approved.webp)
 
 ## Code structure
 
 If digging into the code is your interest, here is a brief explanation of the code structure:
 
 - `src/app/api/bytebase/webhook/route.ts`: handle the webhook from Bytebase.
-- `src/app/api/slack/interact/route.ts`: handle the interaction from Slack.
+- `src/app/api/slack/interact/route.ts`: handle the interaction (Approve or Deny) from Slack to Bytebase.
 - `src/lib/slack.ts`: send the message to Slack via using the its [web API](https://tools.slack.dev/node-slack-sdk/web-api/).
 
 ## Conclusion