Can I import a configured provider?

[klou]

Your environment

TbSync version: 2.22 Thunderbird version: 78.11.0

My usage case is with the Google-4-TbSync extension, to hook into my company's Google Workspace. I'd like to pre-configure and deploy a provider to all users, as we're all on the same Workspace.

I see that there's an <TB Profile>\TbSync\accounts68.json that contains all of the necessary information - API key and secrets. If I were to package this file and deploy it to all profiles (with the extension), would that be sufficient to configure the provider?

Is that file randomly or dynamically named?

[jobisoft]

This is currently not supported. I cannot not guarantee, that manipulating the json file will not have unwanted side effects.

[jobisoft]

The JSON files will no longer be used in the upcoming WebExtension release of TbSync (Thunderbird Beta only for now, will not push that to TB91 users).

We need to find other ways to do this. What kind of information do you need to preconfigure? I think the only way is to prepare a custom XPI file which includes the information, which you can distribute pre-installed with your Installations.

The optimal way would be to use Enterprise policies to manipulate the local storage of the provider (prefill some values), but this is currently not possible. I will think about this more. We have one year from now to find a proper solution.

[klou]

Ideally, it'd be nice if this information would be stored and manipulated via about:config, but I don't want to make assumptions about the amount of work necessary make this happen.

Side notes about TB91:

• In TB78, policies.json utilize the "Preferences (deprecated)" policy from FF. I haven't checked the sources for TB91, but the current "Preferences" policy is what's necessary to make changes to extensions.* keys. For TB78, autoconfig.js works for these preferences.
• (For my particular use case) Google Contacts integration may be built in to TB91? I haven't tested this yet.

[jobisoft]

Pure WebExtension Add-ons no longer have access to about:config.

I just learned about managed storage. Enterprise IT admins, who can control Windows Registry Keys and files at specific locations of deployed installations, can prepare a JSON file with key value pairs and the add-on can read those.

• https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Native_manifests#managed_storage_manifests
• https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Native_manifests#manifest_location

I think this is the future.

[jobisoft]

Google Contacts integration may be built in to TB91? I haven't tested this yet.

CardDAV support has been added, but Google is not providing all features via CardDAV. For example: groups are not supported.

[klou]

I just learned about managed storage. Enterprise IT admins, who can control Windows Registry Keys and files at specific locations of deployed installations, can prepare a JSON file with key value pairs and the add-on can read those.

Yikes, it's good to know that this is possible, but given how scattered individual Addon documentation is (no offense intended), this is going to be difficult for admins to parse through.

I guess it'll be like MCD/Autoconfig. As long as you know the secret handshake ...

CardDAV support has been added, but Google is not providing all features via CardDAV.

Thanks for this. Reading bullet points on the Release Notes is nice, but in these cases, I definitely want more details. But this diverges from the topic ...

[jobisoft]

We also have https://enterprise.thunderbird.net/ where the managed storage should be listed. I will poke a few people. I will definitely try this and give a step-by-step instructions on how to use it.

For general discussions, we have a couple of mailing lists: https://thunderbird.topicbox.com

[jobisoft]

https://thunderbird.topicbox.com/groups

is probably better to get an overview

[jobisoft]

I tested the general concept and it works: https://github.com/thundernest/enterprise-docs/issues/5

I think deploying the config file (as described in the linked issue) should be no issue for you?

Since you need this for the google provider, I will get Marco on board.

[klou]

Now that I've wrapped my head around it (MacOS/Linux deploys the JSON itself, Windows needs a HKLM/HKCU REG pointer and then the JSON), I think this would work for me. Your doc explains it better than the FF Dev page does.

The missing component would be the Add-on's ability to merge or use such configurations as a default or template.

Currently, I do it with a logon script that parses User Profiles + TB profiles, and copies the file in place if it doesn't already exist. Obviously, I would prefer to offload this to built-in functionality (and it has problems with edge cases, requires an existing TB profile at runtime, etc.).

[jobisoft]

Yes, I have talked with Marco about it already. I think the google add-on should check if management has provided the values needed for one or more default accounts and auto create them upon start, if it does not exist. I imagine Marco wants to wait with implementing this until the new TbSync interface is ready around the end of this year.

I think your existing logon script could be adjusted to create the needed JSON file.

[klou]

I have no problem creating the JSON file manually, or deploying it to a global location (HKLM). I'd just prefer to avoid mucking about within a user's profile if I can avoid it, so would like to eliminate the user-context logon script on the assumption that all users for this machine would be affected by this configuration.

I don't know the TbSync innards, but are you sure that the merging defaults should be handled by the individual Provider component? Or should it be global to TbSync?

[jobisoft]

I have no problem creating the JSON file manually, or deploying it to a global location (HKLM). I'd just prefer to avoid mucking about within a user's profile if I can avoid it, so would like to eliminate the user-context logon script on the assumption that all users for this machine would be affected by this configuration.

You can use two HKLM locations (I do not know the correct names), either local machine or current user, so you could set up a user specific JSON file or a global JSON file. The user specific JSON files would still need to be generated somehow. I assume you can do that when creating the user in the AD (or even dynamically with some powershell vodoo?). But it should be possible without messing with the profile itself.

I don't know the TbSync innards, but are you sure that the merging defaults should be handled by the individual Provider component? Or should it be global to TbSync?

The new TbSync will be reduced to a pure display UI / manager. The idea is that all providers can also interact directly with Thunderbird and could be used by the account creation wizard to do autodiscovery of resources right there. You can still use the TbSync manager to setup accounts, but when you are in your address book, it should also be possible to setup a google address book right there. So the providers will be more independent. But this is still not finalized and could change.

[klou]

A far simpler solution for pre-populating managed storage looks like it's already built into policies.json: https://extensionworkshop.com/documentation/enterprise/adding-policy-support-to-your-extension/#how-to-add

I haven't tried it for either TB/FF, but perhaps something like:

{
  "policies": {
    "3rdparty": {
      "Extensions": {
        "favourite-colour-examples@mozilla.org": {
          "colour": "management now thinks it should be red!!!"
        }
      }
    }
  }
}

[klou]

I just tried this -- preconfiguring policies.json to populate the managed storage works on FF91, but not (yet) TB78.13. When I get around to testing TB91, will post back with results.

[jobisoft]

I tested the policies.json approach in TB91 and it worked. That is much better!

I copied the example extension from the Firefox repository to our own and added a usage description with the new approach. https://github.com/thundernest/sample-extensions/tree/master/managedStorage

Being able to do this with the standard enterprise policies will make it much more simple to be used. You can either use the distributions directory or the Windows Group Policies to deploy the json file. Perfect.

I will update our policies repository shortly. There is already some work ongoing: https://github.com/thundernest/policy-templates/pull/1

I will ping our enterprise manager on this again.