[Feature] Add S3-compatible object-storage connector for external file providers #20

Closed
opened 2026-07-09 12:40:27 +02:00 by zemion · 1 comment
Owner

Objective

Implement an S3-compatible object-storage connector for govoplan-files as an external file provider.

This is not the managed-file blob storage backend. It is a connector profile that lets users/admins browse an external S3-compatible bucket or prefix, select objects, and import/freeze them as managed GovOPlaN files with provenance.

Scope

  • Owning repository: govoplan-files.
  • Provider key: s3 or s3-compatible.
  • Support AWS S3-compatible APIs, with MinIO as the development/test target.
  • Fit into the existing connector profile, credential, policy, linked-space, browse/import, sync, and audit model.

Expected behavior

  • Add provider descriptor for S3-compatible object storage.
  • Support endpoint URL, region, bucket, base prefix, path-style/virtual-host style option where needed, and TLS verification configuration where safe.
  • Support secret references or encrypted stored credentials for access key / secret key; do not expose secret values in API responses.
  • Add profile test/health check that validates bucket/prefix access without leaking object metadata unnecessarily.
  • Browse prefixes and objects with pagination/continuation tokens.
  • Import one selected object into managed storage, preserving provider, bucket, key, version/ETag where available, checksum/size/MIME type where available, and imported file reference.
  • Enforce connector policy before profile use, browse, import, linked-space creation, and sync.
  • Emit connector audit events for test, browse/access, import, and denial paths.
  • Add a Docker/MinIO smoke fixture comparable to the existing WebDAV/Nextcloud/SMB connector test bed.

Acceptance criteria

  • S3 provider appears in /api/v1/files/connectors/providers with implemented capability metadata.
  • Admin/settings UI can create or select an S3 connector profile and credential profile.
  • Files UI can browse a bucket/prefix and import an object into managed storage.
  • Imported files include enough provenance to explain source bucket/key/version/ETag later.
  • Existing connector policy checks apply consistently to S3 provider, profile, credential, and path/prefix.
  • Tests cover provider descriptor, credential redaction, profile test, list pagination, import provenance, policy denial, and unavailable dependency behavior.
  • Dev smoke can run against a local MinIO container without real cloud credentials.

Notes

govoplan-connectors should keep the catalogue/inventory entry shape, but executable file-provider behavior belongs in govoplan-files unless S3 grows into remote-write, lifecycle administration, background indexing, or archive-management behavior beyond on-demand browse/import.

## Objective Implement an S3-compatible object-storage connector for `govoplan-files` as an external file provider. This is **not** the managed-file blob storage backend. It is a connector profile that lets users/admins browse an external S3-compatible bucket or prefix, select objects, and import/freeze them as managed GovOPlaN files with provenance. ## Scope - Owning repository: `govoplan-files`. - Provider key: `s3` or `s3-compatible`. - Support AWS S3-compatible APIs, with MinIO as the development/test target. - Fit into the existing connector profile, credential, policy, linked-space, browse/import, sync, and audit model. ## Expected behavior - Add provider descriptor for S3-compatible object storage. - Support endpoint URL, region, bucket, base prefix, path-style/virtual-host style option where needed, and TLS verification configuration where safe. - Support secret references or encrypted stored credentials for access key / secret key; do not expose secret values in API responses. - Add profile test/health check that validates bucket/prefix access without leaking object metadata unnecessarily. - Browse prefixes and objects with pagination/continuation tokens. - Import one selected object into managed storage, preserving provider, bucket, key, version/ETag where available, checksum/size/MIME type where available, and imported file reference. - Enforce connector policy before profile use, browse, import, linked-space creation, and sync. - Emit connector audit events for test, browse/access, import, and denial paths. - Add a Docker/MinIO smoke fixture comparable to the existing WebDAV/Nextcloud/SMB connector test bed. ## Acceptance criteria - S3 provider appears in `/api/v1/files/connectors/providers` with implemented capability metadata. - Admin/settings UI can create or select an S3 connector profile and credential profile. - Files UI can browse a bucket/prefix and import an object into managed storage. - Imported files include enough provenance to explain source bucket/key/version/ETag later. - Existing connector policy checks apply consistently to S3 provider, profile, credential, and path/prefix. - Tests cover provider descriptor, credential redaction, profile test, list pagination, import provenance, policy denial, and unavailable dependency behavior. - Dev smoke can run against a local MinIO container without real cloud credentials. ## Notes `govoplan-connectors` should keep the catalogue/inventory entry shape, but executable file-provider behavior belongs in `govoplan-files` unless S3 grows into remote-write, lifecycle administration, background indexing, or archive-management behavior beyond on-demand browse/import.
zemion added the
type
feature
status
ready
priority
p2
area/api
module/files
codex/ready
labels 2026-07-09 12:40:27 +02:00
Author
Owner

Codex State: done

Summary

  • Added S3-compatible provider descriptor, backend validation, profile/UI provider keys, and optional govoplan-files[s3] dependency.
  • Implemented S3 bucket listing, prefix/object browsing, continuation-token plumbing, and object import/sync download path with bucket/key/version/ETag/checksum provenance.
  • Added MinIO to the local connector compose stack and optional S3 smoke support.

Changed Files

  • pyproject.toml
  • src/govoplan_files/backend/storage/connector_providers.py
  • src/govoplan_files/backend/storage/connector_profiles.py
  • src/govoplan_files/backend/storage/connector_browse.py
  • src/govoplan_files/backend/storage/connector_imports.py
  • src/govoplan_files/backend/schemas.py
  • src/govoplan_files/backend/router.py
  • webui/src/api/files.ts
  • webui/src/features/files/FileConnectorSettingsPanel.tsx
  • dev/connectors/docker-compose.yml
  • dev/connectors/smoke.py
  • dev/connectors/README.md
  • tests/test_connector_providers.py

Verification

  • PYTHONPATH=/mnt/DATA/git/govoplan-core/src:/mnt/DATA/git/govoplan-files/src /mnt/DATA/git/govoplan/.venv/bin/python -m unittest tests.test_connector_providers tests.test_transfer_helpers tests.test_router_contract tests.test_access_provider
  • PYTHONPATH=/mnt/DATA/git/govoplan-core/src:/mnt/DATA/git/govoplan-files/src /mnt/DATA/git/govoplan/.venv/bin/python -m compileall -q src/govoplan_files tests dev/connectors/smoke.py
  • git diff --check
## Codex State: done ### Summary - Added S3-compatible provider descriptor, backend validation, profile/UI provider keys, and optional `govoplan-files[s3]` dependency. - Implemented S3 bucket listing, prefix/object browsing, continuation-token plumbing, and object import/sync download path with bucket/key/version/ETag/checksum provenance. - Added MinIO to the local connector compose stack and optional S3 smoke support. ### Changed Files - `pyproject.toml` - `src/govoplan_files/backend/storage/connector_providers.py` - `src/govoplan_files/backend/storage/connector_profiles.py` - `src/govoplan_files/backend/storage/connector_browse.py` - `src/govoplan_files/backend/storage/connector_imports.py` - `src/govoplan_files/backend/schemas.py` - `src/govoplan_files/backend/router.py` - `webui/src/api/files.ts` - `webui/src/features/files/FileConnectorSettingsPanel.tsx` - `dev/connectors/docker-compose.yml` - `dev/connectors/smoke.py` - `dev/connectors/README.md` - `tests/test_connector_providers.py` ### Verification - `PYTHONPATH=/mnt/DATA/git/govoplan-core/src:/mnt/DATA/git/govoplan-files/src /mnt/DATA/git/govoplan/.venv/bin/python -m unittest tests.test_connector_providers tests.test_transfer_helpers tests.test_router_contract tests.test_access_provider` - `PYTHONPATH=/mnt/DATA/git/govoplan-core/src:/mnt/DATA/git/govoplan-files/src /mnt/DATA/git/govoplan/.venv/bin/python -m compileall -q src/govoplan_files tests dev/connectors/smoke.py` - `git diff --check`
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: add-ideas/govoplan-files#20
No description provided.