Connector template retrieval endpoints

[galvana]

ENG-2132

Description Of Changes

Adds endpoints to retrieve the SaaS config and dataset yaml files for any registered SaaS connector (standard or custom)

Steps to Confirm

1. Call GET /api/v1/connector-templates/{connector_template_type}/config using a connector type such as stripe
2. Verify the SaaS config is returned in YAML format
3. Call GET /api/v1/connector-templates/{connector_template_type}/dataset using a connector type such as stripe
4. Verify the dataset is returned in YAML format

Pre-Merge Checklist

• Issue requirements met
• All CI pipelines succeeded
• CHANGELOG.md updated
  • Add a db-migration This indicates that a change includes a database migration label to the entry if your change includes a DB migration
  • Add a high-risk This issue suggests changes that have a high-probability of breaking existing code label to the entry if your change includes a high-risk change (i.e. potential for performance impact or unexpected regression) that should be flagged
  • Updates unreleased work already in Changelog, no new entry necessary
• UX feedback:
  • All UX related changes have been reviewed by a designer
  • No UX review needed
• Followup issues:
  • Followup issues created
  • No followup issues
• Database migrations:
  • Ensure that your downrev is up to date with the latest revision on main
  • Ensure that your downgrade() migration is correct and works
    • If a downgrade migration is not possible for this change, please call this out in the PR description!
  • No migrations
• Documentation:
  • Documentation complete, PR opened in fidesdocs
  • Documentation issue created in fidesdocs
  • If there are any new client scopes created as part of the pull request, remember to update public-facing documentation that references our scope registry
  • No documentation updates required

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

2 Skipped Deployments

Project	Deployment	Preview	Comments	Updated (UTC)
fides-plus-nightly	Ignored	Preview		Dec 2, 2025 9:48pm
fides-privacy-center	Ignored			Dec 2, 2025 9:48pm

[greptile-apps]

Greptile Overview

Greptile Summary

Adds two new read-only endpoints to retrieve SaaS connector template configurations (config and dataset YAML files) by connector key. The implementation properly delegates to the existing ConnectorRegistry service layer and includes comprehensive test coverage.

• Added GET /api/v1/connector_template/{key}/config endpoint to retrieve SaaS config YAML
• Added GET /api/v1/connector_template/{key}/dataset endpoint to retrieve dataset YAML
• Both endpoints return raw YAML with proper content-type headers (text/yaml)
• New CONNECTOR_TEMPLATE_READ scope protects both endpoints
• Works with both file-based (standard) and custom connector templates
• Test coverage includes authentication, authorization, error handling, and success scenarios

Confidence Score: 5/5

• Safe to merge - straightforward read-only endpoints with proper authorization and comprehensive tests
• Clean implementation following established patterns: endpoints delegate to service layer per custom instructions, proper scope-based authorization, comprehensive test coverage including edge cases, no complex logic or risky changes
• No files require special attention

Important Files Changed

File Analysis

Filename	Score	Overview
src/fides/api/api/v1/endpoints/saas_config_endpoints.py	5/5	Adds two new GET endpoints to retrieve config and dataset YAML for connector templates, properly delegating to service layer
tests/ops/api/v1/endpoints/test_saas_config_endpoints.py	5/5	Comprehensive test coverage for both endpoints including auth, scope validation, error cases, and success scenarios for both file-based and custom templates

_{4 files reviewed, no comments}

_{Edit Code Review Agent Settings | Greptile}

[codecov]

Codecov Report

❌ Patch coverage is 97.36842% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 87.27%. Comparing base (947023d) to head (65675a5).
⚠️ Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
...i/api/v1/endpoints/connector_template_endpoints.py	95.91%	2 Missing ⚠️

❌ Your patch status has failed because the patch coverage (97.36%) is below the target coverage (100.00%). You can increase the patch coverage or adjust the target coverage.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #6868      +/-   ##
==========================================
+ Coverage   87.25%   87.27%   +0.01%     
==========================================
  Files         529      530       +1     
  Lines       34801    34857      +56     
  Branches     4032     4035       +3     
==========================================
+ Hits        30367    30422      +55     
- Misses       3552     3553       +1     
  Partials      882      882              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[vercel]

Deployment failed with the following error:

You must set up Two-Factor Authentication before accessing this team.

View Documentation: https://vercel.com/docs/two-factor-authentication

[galvana]

I would prefer connector-template with a dash, but we're already using underscore for the register endpoint

[tvandort]

You beat me to it I was just about to ask about this. Do we have a style guide for which we prefer?

[tvandort]

I think we should change the string template for the route for Swagger purposes, otherwise this all looks good to me.

[tvandort]

Suggested change

	CONNECTOR_TEMPLATE_CONFIG = "/connector_template/{key}/config"
	CONNECTOR_TEMPLATE_DATASET = "/connector_template/{key}/dataset"
	CONNECTOR_TEMPLATE_CONFIG = "/connector_template/{connector_template_identifier}/config"
	CONNECTOR_TEMPLATE_DATASET = "/connector_template/{connector_template_identifier}/dataset"

I think we should change these to reflect where a caller can find the ID. Key is mysterious to me.

[galvana]

I reused saas_connector_type from the /system/{fides_key}/connection/instantiate/{saas_connector_type} endpoint

[tvandort]

Oh, and one question, we added scopes for this endpoint, what roles does that scope apply to?