User Story

As a privileged user (ops/sysadmin) I want to be able to apply one off commands (for debugging/fixes) and/or run my configuration management solution through Chatops/Slack/Rocketchat. At the same time I want to grant read only or a layer of both authentication and authorization to other stakeholders/single channel users. Also restrict/limit the specific calls a user can make to the channel bots and/or list which commands unprivileged users could access (better example may be 2 channels for two authorizations steps or 2 bots in one channel). Ideally security/auditing could; ping, status, metrics, report, etc. to the channel or render reports/audits/charts/etc, or only make available lower risk commands (e.g. ansible playbook w/o declaring git branch or arbitrary cmd - where code being applied can only come from master branch) to restrict team members to only be able to push "approved" code.

Issue

1. In reviewing the code I noticed the condition for a 2FA command: https://github.com/StackStorm/hubot-stackstorm/blob/master/scripts/stackstorm.js#L94 . What is current/planned use (if any) of this to date? is/will it manage 2FA from StackStorm, hubot, or any 3rd party SAML/LDAP/OAuth service?
2. I've come around a number of hubot scripts - are any of these potentially useful or being considered for integration?
   • https://github.com/michaelansel/hubot-rbac
   • https://github.com/hubot-scripts/hubot-auth
   • Others but with deprecation warnings