This guide to deploying external files was contributed by the awesome Eric Kintzer, Salesforce Architect at Helix, and Gearset Community Advisor.
Salesforce allows you to associate external files with objects in your org, e.g. a Sales-related document with an Opportunity in Salesforce. In Salesforce Classic, you could do this easily using the Google Docs, Notes, & Attachments related list. In Lightning Experience, however, you need to use the Files Connect feature with external data sources. Salesforce offers support for several external data sources, including Box, Sharepoint, OneDrive, and Google Drive. So how do you use Gearset to deploy these associated external files?
For this article, we'll use Google Drive as the example for deploying external files from a source, such as your dev org, to target orgs.
Prerequisites
In your dev org, follow the instructions for setting up Files Connect as per the Salesforce Files Connect help documentation. And, of course, test that it all works.
Before running the Gearset deployment, you need to have the Files Connect Cloud permission for each target org. Here's how:
Create a permission set, e.g. called "Files Connect", which includes only this permission.
Deploy the permission set to each of your target environments.
Assign the "Files Connect" permission set to yourself as the user running the deployment.
Without these permissions in place, you're likely to hit a deployment error when you deploy the associated file. But once you deploy these permissions to your target environments, you're ready to proceed with the deployments.
Components of the deployment
Now that you're ready to deploy, the following are the metadata components you need to include in your deployment:
The
AuthProvider(e.g.GoogleDrive)The external data source (e.g.
GoogleDrive)The external object (e.g.
items_GoogleDrive__x) corresponding to the external data sourceA permission set (e.g.
GoogleDrive) granting at a minimum these permissions:The external data source
Custom object permission:
Readaccess to the external objectCustom field permission:
Readaccess for every field on the external object
Custom tab (optional) for the external object
Any layouts that don't already have the
Filesrelated list.
Before running the deployment, you may want to exclude your sensitive Google Drive AuthProvider details. The following section explains how to do this.
Keeping your Auth provider details secure
In XML form, your Auth provider for Google Drive will look something like the following. Note the sensitive consumerSecret element:
The Salesforce Metadata API extracts the consumerSecret and exposes it as plain text. This would be a problem if you were deploying it to version control instead of an org, as you would then expose this secret.
One way to avoid this security risk is to temporarily change the consumerSecret before you deploy, replacing the details inside the consumerSecret element with a placeholder. In the example below, the details have been replaced with "get-from-it":
After you've deployed, you can manually add the consumerSecret to the target org(s).
Alternatively, you can exclude AuthProvider altogether from the deployment. In that case, you'd then have to manually configure the AuthProvider object in each target org, making sure it has the same API version name everywhere, such as <AuthProvider xmlns="http://soap.sforce.com/2006/04/metadata> in the example shown above.
Post-deployment
After you've deployed the external files to your target orgs, remember to give all relevant users access to these files by assigning the GoogleDrive permission to them.