[Feature] Add SharePoint/OneDrive connector for external file providers #21

Open
opened 2026-07-09 12:46:25 +02:00 by zemion · 1 comment
Owner

Objective

Implement a SharePoint/OneDrive connector for govoplan-files as an external file provider.

This connector is important for local GovOPlaN deployments that need to integrate with an existing Microsoft 365, OneDrive for Business, SharePoint Online, or SharePoint Server landscape without replacing it.

Scope

  • Owning repository: govoplan-files.
  • Provider keys: sharepoint and/or onedrive depending on the final provider descriptor model.
  • First slice: read-only browse/list and import selected files into managed GovOPlaN storage.
  • Out of scope for the first slice: remote write/delete, upstream ACL management, broad background indexing, and collaborative editing.

Expected behavior

  • Add provider descriptor(s) for SharePoint/OneDrive.
  • Support tenant/site/drive/library/root-folder profile configuration.
  • Support deployment-managed credentials through secret references first; later support OAuth/app registration flows where needed.
  • Provide a redaction-safe profile test that validates endpoint, site/drive access, and base folder/library access.
  • Browse folders and files with pagination and stable remote ids.
  • Import a selected file into managed storage, preserving source provider, site/drive/library id, item id, path, version/ETag where available, checksum/size/MIME type where available, and imported file reference.
  • Enforce connector policy before profile use, browse, import, linked-space creation, and sync.
  • Emit audit events for profile test, browse/access, import, and denial paths.
  • Support local deployment constraints: proxy settings, custom TLS trust where safely configured, sovereign/cloud endpoint differences, and clear failure diagnostics.

Acceptance criteria

  • SharePoint/OneDrive provider appears in /api/v1/files/connectors/providers with implemented capability metadata.
  • Admin/settings UI can define or select a SharePoint/OneDrive connector profile and credential profile.
  • Files UI can browse a configured library/folder and import one file into managed storage.
  • Imported file provenance explains source site/drive/library/path/item/version later.
  • Existing connector policy checks apply consistently to provider, profile, credential, and path/folder rules.
  • Tests cover provider descriptor, credential redaction, profile test, list pagination, import provenance, policy denial, and unavailable dependency behavior.
  • Dev/test documentation explains how to run against a non-production tenant or local/sandbox equivalent without committing real credentials.

Notes

Keep executable file-provider semantics in govoplan-files. govoplan-connectors should keep inventory/catalogue metadata and cross-system diagnostics where useful.

## Objective Implement a SharePoint/OneDrive connector for `govoplan-files` as an external file provider. This connector is important for local GovOPlaN deployments that need to integrate with an existing Microsoft 365, OneDrive for Business, SharePoint Online, or SharePoint Server landscape without replacing it. ## Scope - Owning repository: `govoplan-files`. - Provider keys: `sharepoint` and/or `onedrive` depending on the final provider descriptor model. - First slice: read-only browse/list and import selected files into managed GovOPlaN storage. - Out of scope for the first slice: remote write/delete, upstream ACL management, broad background indexing, and collaborative editing. ## Expected behavior - Add provider descriptor(s) for SharePoint/OneDrive. - Support tenant/site/drive/library/root-folder profile configuration. - Support deployment-managed credentials through secret references first; later support OAuth/app registration flows where needed. - Provide a redaction-safe profile test that validates endpoint, site/drive access, and base folder/library access. - Browse folders and files with pagination and stable remote ids. - Import a selected file into managed storage, preserving source provider, site/drive/library id, item id, path, version/ETag where available, checksum/size/MIME type where available, and imported file reference. - Enforce connector policy before profile use, browse, import, linked-space creation, and sync. - Emit audit events for profile test, browse/access, import, and denial paths. - Support local deployment constraints: proxy settings, custom TLS trust where safely configured, sovereign/cloud endpoint differences, and clear failure diagnostics. ## Acceptance criteria - SharePoint/OneDrive provider appears in `/api/v1/files/connectors/providers` with implemented capability metadata. - Admin/settings UI can define or select a SharePoint/OneDrive connector profile and credential profile. - Files UI can browse a configured library/folder and import one file into managed storage. - Imported file provenance explains source site/drive/library/path/item/version later. - Existing connector policy checks apply consistently to provider, profile, credential, and path/folder rules. - Tests cover provider descriptor, credential redaction, profile test, list pagination, import provenance, policy denial, and unavailable dependency behavior. - Dev/test documentation explains how to run against a non-production tenant or local/sandbox equivalent without committing real credentials. ## Notes Keep executable file-provider semantics in `govoplan-files`. `govoplan-connectors` should keep inventory/catalogue metadata and cross-system diagnostics where useful.
zemion added the
type
feature
priority
p1
status
ready
area/api
module/files
codex/ready
labels 2026-07-09 12:46:25 +02:00
Author
Owner

Codex State: progress

Summary

  • Reserved SharePoint and OneDrive provider keys across backend profile validation, provider descriptors, API schemas, and the WebUI provider selector.
  • Runtime browse/import intentionally remains unsupported until Microsoft Graph/SharePoint auth, paging, site/drive selection, and safe tenant configuration are implemented.

Changed Files

  • src/govoplan_files/backend/storage/connector_providers.py
  • src/govoplan_files/backend/storage/connector_profiles.py
  • src/govoplan_files/backend/schemas.py
  • webui/src/api/files.ts
  • webui/src/features/files/FileConnectorSettingsPanel.tsx
  • tests/test_connector_providers.py

Verification

  • same focused files test suite as above

Next / Blocked

  • Implement Microsoft Graph/SharePoint credential flow, profile test, browse pagination, and import adapter before this can be closed.
## Codex State: progress ### Summary - Reserved SharePoint and OneDrive provider keys across backend profile validation, provider descriptors, API schemas, and the WebUI provider selector. - Runtime browse/import intentionally remains unsupported until Microsoft Graph/SharePoint auth, paging, site/drive selection, and safe tenant configuration are implemented. ### Changed Files - `src/govoplan_files/backend/storage/connector_providers.py` - `src/govoplan_files/backend/storage/connector_profiles.py` - `src/govoplan_files/backend/schemas.py` - `webui/src/api/files.ts` - `webui/src/features/files/FileConnectorSettingsPanel.tsx` - `tests/test_connector_providers.py` ### Verification - `same focused files test suite as above` ### Next / Blocked - Implement Microsoft Graph/SharePoint credential flow, profile test, browse pagination, and import adapter before this can be closed.
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: add-ideas/govoplan-files#21
No description provided.