Document separated connector credentials

2026-07-08 15:22:20 +02:00
parent b8cb5c908f
commit cad2fe13f8

@@ -7,7 +7,11 @@ objects:
WebDAV server, Nextcloud account, Seafile server, or SMB share. Profiles are WebDAV server, Nextcloud account, Seafile server, or SMB share. Profiles are
administered in settings at system or tenant scope, with the same administered in settings at system or tenant scope, with the same
inheritance and limit semantics used by mail-server profiles. inheritance and limit semantics used by mail-server profiles.
2. A linked file space binds one concrete remote folder or library path from an 2. A governed credential profile defines reusable authentication material for
one provider or for any compatible provider. Credentials are administered
separately from connection profiles and can carry their own allow/deny
policy.
3. A linked file space binds one concrete remote folder or library path from an
allowed profile to a user or group. Linked spaces appear beside "My files" allowed profile to a user or group. Linked spaces appear beside "My files"
and group file spaces in the files module. and group file spaces in the files module.
@@ -22,11 +26,19 @@ Connection profile:
- endpoint URL and optional base path - endpoint URL and optional base path
- scope: `system` or `tenant` for administered profiles; user/group profiles - scope: `system` or `tenant` for administered profiles; user/group profiles
may be allowed later only when policy explicitly permits them may be allowed later only when policy explicitly permits them
- credential mode: anonymous, environment reference, secret reference, or a - optional credential profile id
future encrypted secret store
- capabilities: browse, sync, import, optional write when a provider supports it - capabilities: browse, sync, import, optional write when a provider supports it
- profile-local policy for allow/deny rules - profile-local policy for allow/deny rules
Credential profile:
- provider: a specific provider or any provider
- scope: `system` or `tenant` for administered credentials
- credential mode: anonymous, environment reference, secret reference, or
encrypted stored password/token
- username and redacted secret configuration
- credential-local policy for allow/deny rules
Connector policy: Connector policy:
- system policy is the baseline - system policy is the baseline
@@ -34,7 +46,8 @@ Connector policy:
lower-level relaxation lower-level relaxation
- future user/group policy may narrow tenant policy for self-service links - future user/group policy may narrow tenant policy for self-service links
- policies can allow or block providers, profile ids, endpoint URLs, external - policies can allow or block providers, profile ids, endpoint URLs, external
path prefixes, credential inheritance, and local linked-space creation path prefixes, credential ids, credential inheritance, and local linked-space
creation
Linked connector space: Linked connector space:
@@ -73,14 +86,17 @@ Implemented:
- provider descriptors for Seafile, Nextcloud, WebDAV, and SMB - provider descriptors for Seafile, Nextcloud, WebDAV, and SMB
- database-backed connector profiles with system and tenant scope - database-backed connector profiles with system and tenant scope
- encrypted stored password/token support for database profiles - database-backed connector credentials with system and tenant scope
- encrypted stored password/token support for database credentials
- JSON/environment-defined connector profiles with system, tenant, user, group, - JSON/environment-defined connector profiles with system, tenant, user, group,
and campaign visibility and campaign visibility
- connector allow/deny policy enforcement before browse/import/sync - connector allow/deny policy enforcement before browse/import/sync, including
provider, connection profile, credential profile, and path checks
- read-only browse endpoints - read-only browse endpoints
- import and sync into managed files with provenance and revision metadata - import and sync into managed files with provenance and revision metadata
- audit events for connector import, sync, and access - audit events for connector import, sync, and access
- settings/admin UI sections for system and tenant file connections - settings/admin UI sections for system and tenant file connections and
credentials
- linked connector-space rows owned by users or groups - linked connector-space rows owned by users or groups
- file-space API responses that include linked connector spaces - file-space API responses that include linked connector spaces
- Files UI entry point to create linked connector spaces from a browsed remote - Files UI entry point to create linked connector spaces from a browsed remote
@@ -101,8 +117,9 @@ Missing:
1. Persist governed connector profiles and policies. 1. Persist governed connector profiles and policies.
- `file_connector_profiles` exists for system and tenant profiles. - `file_connector_profiles` exists for system and tenant profiles.
- `file_connector_credentials` exists for system and tenant credentials.
- Environment JSON profiles remain bootstrap/compatibility profiles. - Environment JSON profiles remain bootstrap/compatibility profiles.
- Profile CRUD endpoints exist for database-backed profiles. - Profile and credential CRUD endpoints exist for database-backed records.
- Remaining: `file_connector_policies` plus effective policy/explain output. - Remaining: `file_connector_policies` plus effective policy/explain output.
2. Add linked connector spaces. 2. Add linked connector spaces.