Cloud Storage
- Jon Cameron
- ChrisC
Google (Drive)
Google Drive can be used as a substitute for the filesystem dropbox. Through the browse-everything interface, collection managers can pick and ingest files from their own "My Drive" or a Shared Drive. Enabling a connection to Google Drive requires the creation of an OAuth 2.0 Client ID through the Google API dashboard.
Steps to Enable
Follow the steps at https://developers.google.com/identity/protocols/oauth2 to create an OAuth 2.0 Client ID for your Avalon instance
First you need a Google Developer Account
Add an OAuth 2.0 credential, take note of the id and secret
Use the Client ID and secret in your Avalon site's settings.yml (see Upgrading Avalon 7.2 to Avalon 7.3 for config details)
Add these configs to Avalon. You can share a Redis instance with Avalon or use a separate one.
dropbox:
google_drive:
client_id: <oauth id>
client_secret: <oauth secret>
# redis_token_store_url: redis://host:port # if different from Avalon's RedisOnce configured, restart the app
Google Drive will now appear as a source in the "Open Dropbox" file picker in Avalon
For instructions, see Connecting to Google Drive
Batch ingest does not work with Google Drive. Use the filesystem or S3 (AWS, MinIO, HCP) adapters for batch ingest.
Microsoft (Sharepoint and OneDrive)
This provider will allow browse-everything to access Sharepoint on behalf of a specific user. It routes through the /me/joinedTeams and /me/drives Graph API endpoints, so will list Teams that the user belongs to and the user's personal drives at the top level. Within each Team, it will expand to list any child drives or files that the user has permission to access.
Get access on behalf of a user - Microsoft Graph
Steps to Enable
Register in the Entra Admin center to receive client_id, client_secret, and tenant_id.
If using .default endpoint as your scope, you must register API permissions for your application. Minimum permissions:
Files.Read
Files.Read.All
Files.Read.Selected
offline_access
openid
profile
Team.ReadBasic.All
User.Read
Use the Client ID and secret in your Avalon site's settings.yml
Add these configs to Avalon:
dropbox:
sharepoint:
# Client id and secret generated for the application by Entra Admin Center
# when registering the app
client_id: 5673bf4e-58c2-4ca4-94da-d64456cabf90
client_secret: 7m78Q~PtEHlDCQjNigBJIerMcDOwn1n79xxkEbgM
# Tenant (organization) id found in Entra Admin Center
tenant_id: 1113be34-aed1-4d00-ab4b-cdd02510be91
# Redirect URI assigned in Entra. For Avalon, should be base host name
# with /browse/connect, e.x. 'http://example.com/browse/connect'
redirect_uri: https://avalon-dev.dlib.indiana.edu/browse/connect
# offline_access is needed for refresh tokens to be issued
# .default allows setting permissions through Entra admin dashboard
scope: offline_access https://graph.microsoft.com/.default
# The Sites endpoint returns all sites that a user has access to.
# Provide search/filter terms here to limit the results returned.
filter_terms: ['O365-', '[Sec]', '[Sec-E]']