feat(directory): add Lakebase + File providers#416
Open
larsgeorge-db wants to merge 1 commit into
Open
Conversation
Stacks on Phase 3 (#413). Ships two additional concrete providers and generalises the provider abstraction so adding a new transport no longer requires reshaping the manager's factory signature. Providers added: - LakebaseProvider — reads principals from a Postgres / Lakebase table at a caller-supplied FQN (catalog.schema.table or schema.table). Strict identifier validation at construction time; parameterised queries with LIKE/ESCAPE for portable case-insensitive prefix search; user wildcards (%/_) are escaped so a raw % can't dump the directory. Schema is documented in the help block under the Settings tab. - FileProvider — CSV-backed, primarily for tests and demos. Required columns: type, id, display_name (+ optional sub_label). Re-reads on mtime change via a class-level cache so changes propagate without restart. Architecture: - DirectoryProvider factories now take (DirectoryProviderContext, DirectoryProviderConfig). The context carries transport handles (ws_client, db_engine); the config carries every directory setting in one bag and each provider reads only the fields relevant to its type. Adding a future provider is one entry in _PROVIDER_REGISTRY plus an optional _REQUIRED_KEYS row -- no other code changes. - DirectoryStatus exposes lakebase_table + file_path alongside the existing connection_name so the Settings tab can hydrate the right inputs in one round trip. - DirectoryManager caches search results keyed on the config signature, so switching from Lakebase table A to table B invalidates correctly. - Cache invalidates per-provider required-keys are declared centrally; ``configured`` is False whenever any required key for the active provider is missing. Frontend: - settings-directory.tsx: provider Select enables all three options; panel switches between EntraPanel / LakebasePanel / FilePanel on selection. Each panel renders its provider-specific input plus a help block (UC connection setup for Entra, required SQL schema for Lakebase, CSV format example for File). Form state is preserved per-field when toggling providers so users don't lose typed values. Tests (34 new, 67 directory tests in total): - test_lakebase_provider.py (18): FQN validation rejects SQL injection / illegal identifiers; prefix search hits against display_name and id; result shape; type filter; top cap; %/_ wildcard escape; get_user happy/missing/empty; test() probe succeeds and fails; ctx/config validation. - test_file_provider.py (15): CSV parsing happy path, blank rows skipped, blank id rejected, unknown type rejected, missing required columns rejected; case-insensitive prefix; id-column match; top cap; mtime-based cache re-read; test() probe. - test_directory_manager.py (+3): status exposes all per-provider fields; configured=False when required setting absent; manager.test raises "missing required" message when a recognised provider lacks its required setting. - test_entra_id_provider.py (16): unchanged behaviour, migrated to the new (ctx, config) factory signature. Status: - Backend directory + workflow tests: 158 passed. - Frontend type-check clean, lint clean on touched files. - Existing 705-test frontend suite unaffected.
This was referenced May 21, 2026
larsgeorge-db
added a commit
that referenced
this pull request
May 21, 2026
…r scope Documents what shipped under PRs #406 / #407 / #412 / #413 / #416 / #417: - Renames the integration's manager / routes / settings keys in the PRD to match the implementation (Directory layer, /api/directory/*, DIRECTORY_* settings, Settings → Directory tab). - Documents the DirectoryProvider interface and the (DirectoryProviderContext, DirectoryProviderConfig) factory signature so future provider plug-ins know what to implement. - Documents the v1 provider set, which expanded during planning from Entra-only to entra + lakebase + file. The Lakebase table schema and CSV format are included so operators have a single reference. - Preserves story content, the disambiguation rule, both picker modes, storage-compatibility guarantees, and graceful-degradation rules from the PRD body unchanged. - Re-confirms the out-of-scope list (Okta/Ping, service principals, OBO, profile photos, manager hierarchy, role/team Select replacement, CSV bulk import) which the abstraction makes cheap to revisit.
larsgeorge-db
added a commit
that referenced
this pull request
May 21, 2026
…r scope Documents what shipped under PRs #406 / #407 / #412 / #413 / #416 / #417: - Renames the integration's manager / routes / settings keys in the PRD to match the implementation (Directory layer, /api/directory/*, DIRECTORY_* settings, Settings → Directory tab). - Documents the DirectoryProvider interface and the (DirectoryProviderContext, DirectoryProviderConfig) factory signature so future provider plug-ins know what to implement. - Documents the v1 provider set, which expanded during planning from Entra-only to entra + lakebase + file. The Lakebase table schema and CSV format are included so operators have a single reference. - Preserves story content, the disambiguation rule, both picker modes, storage-compatibility guarantees, and graceful-degradation rules from the PRD body unchanged. - Re-confirms the out-of-scope list (Okta/Ping, service principals, OBO, profile photos, manager hierarchy, role/team Select replacement, CSV bulk import) which the abstraction makes cheap to revisit.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Two additional concrete providers + provider-abstraction cleanup. Stacked on #413 — base is `feat/directory-phase3` so the diff here is providers-only. Will rebase onto `main` once the rest of the stack lands.
Plan: #375 · Backend (Phase 1): #406 · Phase 1 frontend: #407 · Phase 2: #412 · Phase 3: #413
Summary
Settings tab UI
Provider Select enables all three options; the panel below switches between `EntraPanel` / `LakebasePanel` / `FilePanel` on selection. Each renders:
Form state is preserved per-field when toggling providers so users don't lose typed values.
Test plan
Notes for reviewers