5.8 KiB
OpenProject Connector Concept
OpenProject is the first proposed concrete connector for
govoplan-connectors. It gives GovOPlaN a public-sector-friendly project and
work-package integration target without making project management a core
platform dependency.
Goals
- Register OpenProject connection profiles.
- Test API reachability and authentication without exposing secrets.
- Read projects, users, statuses, and work packages for linking.
- Create or update work packages from GovOPlaN tasks/cases/workflows once those modules request the capability.
- Receive or poll changes for external-reference synchronization.
- Keep all OpenProject-specific client code inside the connector module.
Non-Goals
- Replacing a future native GovOPlaN project-management module.
- Importing workflow, tasks, cases, or access implementation modules directly.
- Mirroring complete OpenProject project state into GovOPlaN by default.
- Storing OpenProject tokens outside the platform secret contract.
Profile Fields
Candidate profile payload:
base_urlapi_version, defaultv3credential_refverify_tlstimeout_secondsallowed_project_idsdefault_project_idwebhook_secret_ref, optionalpoll_interval_seconds, optional
Health Check
The connection test should:
- Normalize and validate
base_url. - Resolve the credential reference.
- Call the OpenProject API root or a small read-only endpoint.
- Record API version, authenticated principal where available, latency, response status, and safe capability hints.
- Redact token, Authorization headers, cookies, and any server-provided secret fields from diagnostics.
Candidate Capabilities
connectors.openproject.profileTesterconnectors.openproject.projectsconnectors.openproject.workPackages.readconnectors.openproject.workPackages.writeconnectors.openproject.webhooksconnectors.openproject.externalReferences
Domain modules request these through core-mediated capabilities. For example,
govoplan-tasks can publish a task as an OpenProject work package without
importing OpenProject client code.
Data Boundary Decision
OpenProject should be referenced live by default, not mirrored wholesale into GovOPlaN. The connector stores stable external references and safe metadata:
- profile id and connector type
- project id and work-package id
- external URL
- remote version, ETag, or lock version where available
- last-seen timestamp and safe status/type labels
- GovOPlaN trace id for publish or synchronization jobs
GovOPlaN should import only the subset needed by a requesting domain module, for example a work-package title/status for display, a link-back reference for a task, or evidence that a publish operation succeeded. Full project state, comments, attachments, membership lists, and custom fields remain remote unless a future domain module explicitly owns that synchronization. This keeps cases, tasks, workflow, and reporting decoupled from OpenProject while still allowing link-out, link-back, selected publish, and selected read views.
Runtime Events
openproject.profile_testedopenproject.project_seenopenproject.work_package_seenopenproject.work_package_publishedopenproject.webhook_receivedopenproject.sync_failed
Events should carry GovOPlaN ids, external ids, safe diagnostics, and trace context. They must not contain credentials or raw personal data beyond what the requesting domain module is authorized to process.
Webhook And Polling Strategy
OpenProject supports API and webhook administration. The connector should allow both:
- Webhook-first when an operator registers a webhook for selected project/work package events.
- Polling fallback for installations where webhooks cannot be exposed.
The first implementation can start with manual test plus read-only project/work package lookup, then add publishing, then webhook/polling synchronization.
First Implementation Slice
- Add connector type metadata for
openproject. - Add connection profile CRUD using secret references.
- Add a read-only test endpoint.
- Add project/work-package lookup DTOs.
- Add external-reference storage for linked OpenProject work packages.
- Add a WebUI profile page with last-test diagnostics.
- Add tests for redaction, unavailable connector behavior, and optional module capability discovery.
Minimum DTOs
Profile summary:
{
"id": "openproject-main",
"connector_type": "openproject",
"name": "OpenProject",
"base_url": "https://openproject.example",
"state": "tested",
"last_test_at": "2026-07-09T10:00:00Z",
"last_test_status": "success"
}
External reference:
{
"connector_type": "openproject",
"profile_id": "openproject-main",
"object_type": "work_package",
"external_id": "1234",
"external_url": "https://openproject.example/work_packages/1234",
"version": "etag-or-lock-version",
"metadata": {
"project_id": "42"
}
}
Diagnostics must be redacted and should include only endpoint, version, authenticated principal label where safe, latency, status code, and capability hints.
First Tests To Add
- profile create/update rejects plaintext token fields
- profile test redacts Authorization, cookies, and token-like response fields
- lookup capabilities are absent when the connector module is disabled
- a task/workflow/case module can detect OpenProject capabilities without importing connector internals
- external-reference round-trip stores profile id, object type, external id, version/ETag, URL, and safe metadata
Reference Sources
- OpenProject API v3 documentation: https://www.openproject.org/docs/api/
- OpenProject API introduction: https://www.openproject.org/docs/api/introduction/
- OpenProject API and webhooks administration: https://www.openproject.org/docs/system-admin-guide/api-and-webhooks/