MM-68718: Document Azure Blob Storage as a file storage backend#8976
Merged
Conversation
Adds Azure Blob Storage to the File storage system reference: a new azureblob driver-name option and individual entries for the FileSettings.AzureStorageAccount, AzureContainer, AzurePathPrefix, AzureAccessKey, AzureEndpoint, AzureSSL, and AzureRequestTimeoutMilliseconds settings. Extends the dedicated export filestore list with the matching Export* variants. Calls out the restart-required behaviour when changing file storage settings so admins know Save in System Console isn't enough on its own. ------ AI assisted commit
Contributor
|
Newest code from mattermost has been published to preview environment for Git SHA 08315ba |
agarciamontoro
changed the title
Contributor
|
Newest code from mattermost has been published to preview environment for Git SHA 71cd497 |
Folds the full prereqs, Azure portal/CLI provisioning, System Console walk-through, Test Connection semantics, restart-required warning, verification, optional export backend, and troubleshooting sections into a dedicated configure/azure-blob-storage page. Wires the new page into the configuration-settings toctree and bullet list, and adds a seealso link from the File storage section of environment-configuration-settings so admins can find it from the reference page. ------ AI assisted commit
agarciamontoro
force-pushed
the
MM-67096-azure-blob-storage-docs
branch
from
71cd497 to
eaa2e51
Compare
Contributor
|
Newest code from mattermost has been published to preview environment for Git SHA eaa2e51 |
Combs7th
added
1: Dev Review
Contributor
|
Thank you for the docs, @agarciamontoro! Is there a dev who you can recommend we tag to be the technical reviewer for this one? |
Member
Author
|
Hey, @Combs7th, I'll assign someone as soon as this is ready for review. For now, it's just an info dump of everything in progress, I'm still waiting for some PRs to be merged. Will move the PR to ready for review and assign a dev when it's done, thanks! |
Member
Author
|
This will ship in v11.9, btw, not in v11.8 |
Adds a Migrate existing files from Amazon S3 section to the Azure Blob Storage walk-through. Covers the recommended trickle-then-cutover pattern (long rclone sync, short AzCopy maintenance window), the prerequisites for the migration host, phase-by-phase commands, verification queries (object count parity, sha256 spot-check), the rollback path, and caveats (S3 versioning, sync vs copy, prefix rewrites, cross-region cost, Storage Mover preview status). Updates the migration note under step 4 and the troubleshooting entry for missing pre-cutover files to cross-reference the new section. ------ AI assisted commit
Contributor
|
Newest code from mattermost has been published to preview environment for Git SHA 9c68289 |
Adds the AzureCloud setting documentation (commercial/government/custom) to both the environment configuration reference and the Azure walkthrough, rewrites the AzureEndpoint entry to reflect its new role as the full Blob service URL valid only when AzureCloud is custom, and removes the stale note that said sovereign clouds aren't configured through the endpoint override. Adds ExportAzureCloud to the dedicated export filestore key list. ------ AI assisted commit
Contributor
|
Newest code from mattermost has been published to preview environment for Git SHA b14dc0d |
Restructures Step 3 of the Azure Blob Storage walk-through to cover both shared-key and the new default_credential authentication mode. The default_credential subsection walks an admin through picking the identity source that matches the host (managed identity on Azure VM/App Service/AKS, workload identity, service principal, az login) and granting Storage Blob Data Contributor on the storage account. Updates Step 4 to describe the new "Azure authentication" dropdown in the System Console, including the conditional visibility of the Azure Storage account key field. Adds AuthorizationPermissionMismatch to the troubleshooting table and documents the propagation delay that follows a fresh role assignment. Adds FileSettings.AzureAuthMode to the environment-configuration reference and to the ExportAzure* list under the dedicated export filestore section. ------ AI assisted commit
This was referenced May 26, 2026
Contributor
|
Newest code from mattermost has been published to preview environment for Git SHA ad4a3f4 |
Contributor
|
Newest code from mattermost has been published to preview environment for Git SHA d7490b2 |
Contributor
|
Newest code from mattermost has been published to preview environment for Git SHA 93b6d5d |
lieut-data
reviewed
Jun 1, 2026
lieut-data
left a comment
lieut-data
left a comment
Member
There was a problem hiding this comment.
This is great! A few comments for discussion below.
| Mattermost supports two ways for the server to authenticate to Azure. Pick the one that fits how the server runs: | ||
|
|
||
| - **Shared key**: the server signs each request with the :ref:`Storage Account access key <administration-guide/configure/environment-configuration-settings:azure storage account key>`. Works anywhere Mattermost runs (on-premises, non-Azure cloud, local development) because it does not depend on the host having an Azure identity. The trade-off is that the key is a long-lived secret stored in ``config.json``. | ||
| - **Default credential (Microsoft Entra ID)**: the server obtains a token from Microsoft Entra ID and signs requests with it. No long-lived secret in Mattermost configuration. This is the recommended mode for deployments running on Azure, where the host environment already provides an identity (managed identity on Azure VM / App Service / AKS, workload identity for federated workloads, or a service principal). |
Member
There was a problem hiding this comment.
Out of curiosity, does the Microsoft Entra ID ever rotate while the server is still running? That is, could our ability to read/write disappear mysteriously after some timeout?
Member
Author
There was a problem hiding this comment.
No, it cannot (unless your identity has its access revoked, of course). The SDK handles token refresh transparently. Added a small note in 6fc9817.
|
|
||
| .. note:: | ||
|
|
||
| Treat the shared key as a secret -- anyone with it has full access to the account. Azure provides two keys so you can rotate without downtime: update Mattermost to ``key2``, regenerate ``key1``, then swap on the next rotation cycle. Plan a rotation cadence that matches your organisation's policy. |
Member
There was a problem hiding this comment.
"full access to the account" -- is there a way to generate a shared key with access limited to read/writing the specific resource group? Or is that what we mean by the account?
Member
Author
There was a problem hiding this comment.
This means storage account, which has access to all the containers under it. Added a note in 6fc9817.
| #. ``ManagedIdentityCredential`` -- the platform-provided managed identity. | ||
| #. ``AzureCLICredential`` -- the signed-in ``az`` session, useful for local development. | ||
|
|
||
| Whichever identity the SDK selects, **that** identity needs **Storage Blob Data Contributor** (or a custom role with the equivalent ``read/write/list/delete`` data-plane actions) on the storage account or container. Without it, ``TestConnection`` returns ``AuthorizationPermissionMismatch``. |
Member
There was a problem hiding this comment.
If this process fails on server startup, do we (correctly) refuse to start the server or signal that this has failed in some other, catastrophic way? (Maybe all reads/writes error out?)
Member
Author
There was a problem hiding this comment.
Ah, good catch. It does not refuse to start the server, no... That actually mimics the behaviour for S3 as well, though. I can prioritize a fix for this to land it in v11.9 as well before the whole thing is released. Thoughts, @lieut-data?
Member
There was a problem hiding this comment.
If it's the same as S3, I wouldn't rush any new fix now.
|
|
||
| .. warning:: | ||
|
|
||
| **Restart required.** The Mattermost server caches the file storage backend at startup and does not re-create it when the file storage configuration changes. After saving, restart every Mattermost server in the deployment (``systemctl restart mattermost``, recycle the container, or roll the deployment in your cluster) for the new driver to take effect. **Test Connection** works before the restart because it builds a temporary backend from the submitted form values. |
Member
There was a problem hiding this comment.
As an aside, I've always wondered if we should support an /api/v4/restart endpoint to automate this...
Member
Author
There was a problem hiding this comment.
That's not a bad idea, to be honest. Do you want to file a ticket with the idea for the future?
| .. warning:: | ||
|
|
||
| Switching the file driver does **not** migrate existing files. If you are moving an existing deployment from Amazon S3, see `Migrate existing files from Amazon S3`_ below before changing the driver. For migrations from local disk, copy the directory contents into the Azure container using ``azcopy`` (`docs <https://learn.microsoft.com/en-us/azure/storage/common/storage-use-azcopy-v10>`__). In either case, files uploaded before the switch are unreachable once the driver changes unless they are present at the same key in the destination. | ||
| Step 3: Verify |
| (Optional) Configure the export backend | ||
| --------------------------------------- | ||
|
|
||
| Compliance and data exports can be stored separately from regular file uploads. The **File Storage (Exports)** section directly below **File Storage** in the System Console mirrors the fields above and accepts the same Azure credentials. Customers typically point exports at a different container (or a different account) so the export retention policy can differ from regular uploads. |
Member
There was a problem hiding this comment.
In theory, could I store one on AWS and the other on Azure?
Member
Author
There was a problem hiding this comment.
Yes, definitely, these two are completely independent with a different set of config settings. Added a small note clarifying it in 6fc9817.
Add ExportAzurePresignExpiresSeconds to the dedicated export filestore key list, and generalize the presigned-download note so it reflects that exports can now be downloaded via an Azure Blob Storage SAS URL, not just an Amazon S3 presigned URL. ------ AI assisted commit
Contributor
|
Newest code from mattermost has been published to preview environment for Git SHA 6fc9817 |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In
`@source/administration-guide/configure/environment-configuration-settings.rst`:
- Line 5017: Fix the malformed inline code fence around the Azure presign
setting by replacing the mismatched triple backticks with the correct
double-backtick inline code style so the setting appears as
``ExportAzurePresignExpiresSeconds`` (in the same sentence that mentions
``ExportAmazonS3PresignExpiresSeconds`` and
``ExportAzurePresignExpiresSeconds``), ensuring both config keys use consistent
``inline code`` formatting.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 9f507d4e-57a9-4295-98da-62e03519fb34
📒 Files selected for processing (2)
source/administration-guide/configure/azure-blob-storage.rstsource/administration-guide/configure/environment-configuration-settings.rst
✅ Files skipped from review due to trivial changes (1)
- source/administration-guide/configure/azure-blob-storage.rst
Contributor
|
Newest code from mattermost has been published to preview environment for Git SHA 5b4afb9 |
Contributor
|
Newest code from mattermost has been published to preview environment for Git SHA a5817a1 |
lieut-data
approved these changes
Jun 4, 2026
| #. ``ManagedIdentityCredential`` -- the platform-provided managed identity. | ||
| #. ``AzureCLICredential`` -- the signed-in ``az`` session, useful for local development. | ||
|
|
||
| Whichever identity the SDK selects, **that** identity needs **Storage Blob Data Contributor** (or a custom role with the equivalent ``read/write/list/delete`` data-plane actions) on the storage account or container. Without it, ``TestConnection`` returns ``AuthorizationPermissionMismatch``. |
Member
There was a problem hiding this comment.
If it's the same as S3, I wouldn't rush any new fix now.
Member
Author
|
@Combs7th, do you want to take a look at the changes? These are intended for v11.9, so not sure if we want to hold merging this |
Contributor
|
Newest code from mattermost has been published to preview environment for Git SHA ec82542 |
Combs7th
approved these changes
Jun 11, 2026
Contributor
|
Newest code from mattermost has been published to preview environment for Git SHA c4e786a |
amyblais
pushed a commit
that referenced
this pull request
Jun 15, 2026
* MM-68718: Document Azure Blob Storage as a file storage backend (#8976) * Document Azure Blob Storage as a file storage backend Adds Azure Blob Storage to the File storage system reference: a new azureblob driver-name option and individual entries for the FileSettings.AzureStorageAccount, AzureContainer, AzurePathPrefix, AzureAccessKey, AzureEndpoint, AzureSSL, and AzureRequestTimeoutMilliseconds settings. Extends the dedicated export filestore list with the matching Export* variants. Calls out the restart-required behaviour when changing file storage settings so admins know Save in System Console isn't enough on its own. ------ AI assisted commit * Add walk-through page for configuring Azure Blob Storage Folds the full prereqs, Azure portal/CLI provisioning, System Console walk-through, Test Connection semantics, restart-required warning, verification, optional export backend, and troubleshooting sections into a dedicated configure/azure-blob-storage page. Wires the new page into the configuration-settings toctree and bullet list, and adds a seealso link from the File storage section of environment-configuration-settings so admins can find it from the reference page. ------ AI assisted commit * Document migrating existing files from Amazon S3 Adds a Migrate existing files from Amazon S3 section to the Azure Blob Storage walk-through. Covers the recommended trickle-then-cutover pattern (long rclone sync, short AzCopy maintenance window), the prerequisites for the migration host, phase-by-phase commands, verification queries (object count parity, sha256 spot-check), the rollback path, and caveats (S3 versioning, sync vs copy, prefix rewrites, cross-region cost, Storage Mover preview status). Updates the migration note under step 4 and the troubleshooting entry for missing pre-cutover files to cross-reference the new section. ------ AI assisted commit * Document AzureCloud and the updated AzureEndpoint semantics Adds the AzureCloud setting documentation (commercial/government/custom) to both the environment configuration reference and the Azure walkthrough, rewrites the AzureEndpoint entry to reflect its new role as the full Blob service URL valid only when AzureCloud is custom, and removes the stale note that said sovereign clouds aren't configured through the endpoint override. Adds ExportAzureCloud to the dedicated export filestore key list. ------ AI assisted commit * Document DefaultAzureCredential authentication mode Restructures Step 3 of the Azure Blob Storage walk-through to cover both shared-key and the new default_credential authentication mode. The default_credential subsection walks an admin through picking the identity source that matches the host (managed identity on Azure VM/App Service/AKS, workload identity, service principal, az login) and granting Storage Blob Data Contributor on the storage account. Updates Step 4 to describe the new "Azure authentication" dropdown in the System Console, including the conditional visibility of the Azure Storage account key field. Adds AuthorizationPermissionMismatch to the troubleshooting table and documents the propagation delay that follows a fresh role assignment. Adds FileSettings.AzureAuthMode to the environment-configuration reference and to the ExportAzure* list under the dedicated export filestore section. ------ AI assisted commit * Simplify the docs * Update source/administration-guide/configure/azure-blob-storage.rst Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * Document Azure SAS support for presigned export downloads Add ExportAzurePresignExpiresSeconds to the dedicated export filestore key list, and generalize the presigned-download note so it reflects that exports can now be downloaded via an Azure Blob Storage SAS URL, not just an Amazon S3 presigned URL. ------ AI assisted commit * Address review comments * Add missing new line * Fix malformed quotes --------- Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * docs: clarify ID attribute case sensitivity for AD/LDAP and SAML (#9020) Add notes to the AD/LDAP ID attribute, AD/LDAP Group ID attribute, and SAML ID attribute settings explaining that values are matched verbatim with no case normalization. Under PostgreSQL's default case-sensitive collation, a change in casing is treated as a new user or unlinked group, so the identity provider must return these attributes with consistent casing. Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Co-authored-by: Katie Wiersgalla <39744472+wiersgallak@users.noreply.github.com> * docs: add Edit Attachments permission documentation Document the new Edit Attachments permission introduced in Mattermost v11.8.0, which controls whether users can add or remove file attachments when editing posts. Co-authored-by: Combs7th <Combs7th@users.noreply.github.com> Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * Update authentication-configuration-settings.rst * Update authentication-configuration-settings.rst * Update authentication-configuration-settings.rst * Update authentication-configuration-settings.rst * Update azure-blob-storage.rst * Update azure-blob-storage.rst * Remove unintended configure file changes --------- Co-authored-by: Alejandro García Montoro <alejandro.garciamontoro@gmail.com> Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> Co-authored-by: Wayne Wollesen <50209602+ewwollesen@users.noreply.github.com> Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Co-authored-by: Katie Wiersgalla <39744472+wiersgallak@users.noreply.github.com> Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com>
amyblais
pushed a commit
that referenced
this pull request
Jun 16, 2026
* MM-68718: Document Azure Blob Storage as a file storage backend (#8976) * Document Azure Blob Storage as a file storage backend Adds Azure Blob Storage to the File storage system reference: a new azureblob driver-name option and individual entries for the FileSettings.AzureStorageAccount, AzureContainer, AzurePathPrefix, AzureAccessKey, AzureEndpoint, AzureSSL, and AzureRequestTimeoutMilliseconds settings. Extends the dedicated export filestore list with the matching Export* variants. Calls out the restart-required behaviour when changing file storage settings so admins know Save in System Console isn't enough on its own. ------ AI assisted commit * Add walk-through page for configuring Azure Blob Storage Folds the full prereqs, Azure portal/CLI provisioning, System Console walk-through, Test Connection semantics, restart-required warning, verification, optional export backend, and troubleshooting sections into a dedicated configure/azure-blob-storage page. Wires the new page into the configuration-settings toctree and bullet list, and adds a seealso link from the File storage section of environment-configuration-settings so admins can find it from the reference page. ------ AI assisted commit * Document migrating existing files from Amazon S3 Adds a Migrate existing files from Amazon S3 section to the Azure Blob Storage walk-through. Covers the recommended trickle-then-cutover pattern (long rclone sync, short AzCopy maintenance window), the prerequisites for the migration host, phase-by-phase commands, verification queries (object count parity, sha256 spot-check), the rollback path, and caveats (S3 versioning, sync vs copy, prefix rewrites, cross-region cost, Storage Mover preview status). Updates the migration note under step 4 and the troubleshooting entry for missing pre-cutover files to cross-reference the new section. ------ AI assisted commit * Document AzureCloud and the updated AzureEndpoint semantics Adds the AzureCloud setting documentation (commercial/government/custom) to both the environment configuration reference and the Azure walkthrough, rewrites the AzureEndpoint entry to reflect its new role as the full Blob service URL valid only when AzureCloud is custom, and removes the stale note that said sovereign clouds aren't configured through the endpoint override. Adds ExportAzureCloud to the dedicated export filestore key list. ------ AI assisted commit * Document DefaultAzureCredential authentication mode Restructures Step 3 of the Azure Blob Storage walk-through to cover both shared-key and the new default_credential authentication mode. The default_credential subsection walks an admin through picking the identity source that matches the host (managed identity on Azure VM/App Service/AKS, workload identity, service principal, az login) and granting Storage Blob Data Contributor on the storage account. Updates Step 4 to describe the new "Azure authentication" dropdown in the System Console, including the conditional visibility of the Azure Storage account key field. Adds AuthorizationPermissionMismatch to the troubleshooting table and documents the propagation delay that follows a fresh role assignment. Adds FileSettings.AzureAuthMode to the environment-configuration reference and to the ExportAzure* list under the dedicated export filestore section. ------ AI assisted commit * Simplify the docs * Update source/administration-guide/configure/azure-blob-storage.rst Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * Document Azure SAS support for presigned export downloads Add ExportAzurePresignExpiresSeconds to the dedicated export filestore key list, and generalize the presigned-download note so it reflects that exports can now be downloaded via an Azure Blob Storage SAS URL, not just an Amazon S3 presigned URL. ------ AI assisted commit * Address review comments * Add missing new line * Fix malformed quotes --------- Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * docs: clarify ID attribute case sensitivity for AD/LDAP and SAML (#9020) Add notes to the AD/LDAP ID attribute, AD/LDAP Group ID attribute, and SAML ID attribute settings explaining that values are matched verbatim with no case normalization. Under PostgreSQL's default case-sensitive collation, a change in casing is treated as a new user or unlinked group, so the identity provider must return these attributes with consistent casing. Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Co-authored-by: Katie Wiersgalla <39744472+wiersgallak@users.noreply.github.com> * docs: document User Attributes Display Name and Name (v11.8) Explain that from Mattermost v11.8 user attributes have both a Display Name (user/admin-facing label) and a Name (internal canonical identifier used in ABAC policy expressions and API references). Refs mattermost/mattermost#36247, mattermost/mattermost#36363 Co-authored-by: Combs7th <Combs7th@users.noreply.github.com> * Remove unintended configure changes * Update source/administration-guide/manage/admin/user-attributes.rst Co-authored-by: Maria A Nunez <maria.nunez@mattermost.com> * Update user-attributes.rst * Update user-attributes.rst * Update source/administration-guide/manage/admin/user-attributes.rst Co-authored-by: Maria A Nunez <maria.nunez@mattermost.com> * Update source/administration-guide/manage/admin/user-attributes.rst Co-authored-by: Maria A Nunez <maria.nunez@mattermost.com> * Update user-attributes.rst --------- Co-authored-by: Alejandro García Montoro <alejandro.garciamontoro@gmail.com> Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> Co-authored-by: Wayne Wollesen <50209602+ewwollesen@users.noreply.github.com> Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Co-authored-by: Katie Wiersgalla <39744472+wiersgallak@users.noreply.github.com> Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com> Co-authored-by: Combs7th <Combs7th@users.noreply.github.com> Co-authored-by: Maria A Nunez <maria.nunez@mattermost.com>
amyblais
added a commit
that referenced
this pull request
Jun 16, 2026
* Update conf.py * MM-67771: Update Report a Problem default behavior docs (#8845) * MM-67771: Update Report a Problem docs to reflect email flow Update the "Default link" description to reflect the new behavior: licensed servers now open an email to Mattermost support, and free edition directs to the troubleshooting forums. Also fix typo in REPORTAPROBLMEMAIL env var name. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Update site-configuration-settings.rst --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Co-authored-by: Eric Sethna <14333569+esethna@users.noreply.github.com> Co-authored-by: Amy Blais <29708087+amyblais@users.noreply.github.com> * [MM-67856] docs: add /mobile-logs slash command (#8913) * docs: add /mobile-logs slash command Document the new /mobile-logs command introduced in mattermost/mattermost#35658, which toggles the attach_app_logs preference to enable attaching mobile app logs as a file in the Mattermost mobile client (v2.38+) for debugging. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * docs: refine /mobile-logs admonition and wording - Elevate security/audit note to .. important:: - Use bold instead of italics for the error message - Clarify the attachment applies to any message the user sends Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * address reviews * docs: refine mobile troubleshooting formatting * improve description --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Added docs for deletion summary feature (#8933) * Added docs for deletion summary feature * Review fixes * Added docs (#8934) * v11.8.0 Changelog (#8987) * docs: add changelog for v11.8.0 * Update mattermost-v11-changelog.md * Update mattermost-v11-changelog.md * Update mattermost-v11-changelog.md * Update mattermost-v11-changelog.md * Update mattermost-v11-changelog.md * Update mattermost-v11-changelog.md * Update mattermost-v11-changelog.md * Update mattermost-v11-changelog.md * Update mattermost-v11-changelog.md * Update mattermost-v11-changelog.md * Update mattermost-v11-changelog.md * Update mattermost-v11-changelog.md * Update mattermost-v11-changelog.md * Update source/product-overview/mattermost-v11-changelog.md Co-authored-by: Jesse Hallam <jesse.hallam@gmail.com> * Update mattermost-v11-changelog.md * Update mattermost-v11-changelog.md * Update mattermost-v11-changelog.md * Update mattermost-v11-changelog.md * Update mattermost-v11-changelog.md * Update mattermost-v11-changelog.md * Update mattermost-v11-changelog.md * Update mattermost-v11-changelog.md * Update mattermost-v11-changelog.md * Update mattermost-v11-changelog.md * Add attribute value masking information to 11.8.0 changelog docs (#8999) * Update mattermost-v11-changelog.md * Update mattermost-v11-changelog.md * Update mattermost-v11-changelog.md * Update mattermost-v11-changelog.md * Update mattermost-v11-changelog.md * Update source/product-overview/mattermost-v11-changelog.md Co-authored-by: Maria A Nunez <maria.nunez@mattermost.com> * Update mattermost-v11-changelog.md * Update mattermost-v11-changelog.md * Update mattermost-v11-changelog.md * Update mattermost-v11-changelog.md * Update mattermost-v11-changelog.md * Update mattermost-v11-changelog.md * Update mattermost-v11-changelog.md * Update mattermost-v11-changelog.md * Update mattermost-v11-changelog.md * Update mattermost-v11-changelog.md * Update mattermost-v11-changelog.md * Update mattermost-v11-changelog.md * Update mattermost-v11-changelog.md * Update mattermost-v11-changelog.md --------- Co-authored-by: Changelog Bot <changelog-bot@mattermost.com> Co-authored-by: Amy Blais <29708087+amyblais@users.noreply.github.com> Co-authored-by: Jesse Hallam <jesse.hallam@gmail.com> Co-authored-by: Pablo Vélez <pablovv2012@gmail.com> Co-authored-by: Maria A Nunez <maria.nunez@mattermost.com> * v11.8 Upgrade Notes (#8983) * Update docs for v11.8 (June 16th) release - Add v11.8 row to server releases table (released 2026-06-16, support ends 2026-09-15) - Bump latest release download URLs to 11.8.0 in deploy-rhel.rst and deploy-tar.rst - Add v11.8 to compatibility list for Desktop App v6.2 (ESR) - Update release policy gantt chart: mark v11.5 as done, add v11.9 - Add Mattermost Enterprise Edition v11.8.0 entry to open source components Refs #8981 Co-authored-by: Amy Blais <amyblais@users.noreply.github.com> * Update mattermost-desktop-releases.md * Update open-source-components.rst * Update ui-ada-changelog.rst * Update important-upgrade-notes.rst * Update important-upgrade-notes.rst * Update important-upgrade-notes.rst * Update important-upgrade-notes.rst * Update important-upgrade-notes.rst * Update important-upgrade-notes.rst * Update source/product-overview/ui-ada-changelog.rst Co-authored-by: Guillermo Vayá <guivaya@gmail.com> * Update important-upgrade-notes.rst * Update ui-ada-changelog.rst --------- Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com> Co-authored-by: Amy Blais <amyblais@users.noreply.github.com> Co-authored-by: Guillermo Vayá <guivaya@gmail.com> * Update version-archive.rst (#9026) * Add Edit Attachments permission documentation (#9024) * MM-68718: Document Azure Blob Storage as a file storage backend (#8976) * Document Azure Blob Storage as a file storage backend Adds Azure Blob Storage to the File storage system reference: a new azureblob driver-name option and individual entries for the FileSettings.AzureStorageAccount, AzureContainer, AzurePathPrefix, AzureAccessKey, AzureEndpoint, AzureSSL, and AzureRequestTimeoutMilliseconds settings. Extends the dedicated export filestore list with the matching Export* variants. Calls out the restart-required behaviour when changing file storage settings so admins know Save in System Console isn't enough on its own. ------ AI assisted commit * Add walk-through page for configuring Azure Blob Storage Folds the full prereqs, Azure portal/CLI provisioning, System Console walk-through, Test Connection semantics, restart-required warning, verification, optional export backend, and troubleshooting sections into a dedicated configure/azure-blob-storage page. Wires the new page into the configuration-settings toctree and bullet list, and adds a seealso link from the File storage section of environment-configuration-settings so admins can find it from the reference page. ------ AI assisted commit * Document migrating existing files from Amazon S3 Adds a Migrate existing files from Amazon S3 section to the Azure Blob Storage walk-through. Covers the recommended trickle-then-cutover pattern (long rclone sync, short AzCopy maintenance window), the prerequisites for the migration host, phase-by-phase commands, verification queries (object count parity, sha256 spot-check), the rollback path, and caveats (S3 versioning, sync vs copy, prefix rewrites, cross-region cost, Storage Mover preview status). Updates the migration note under step 4 and the troubleshooting entry for missing pre-cutover files to cross-reference the new section. ------ AI assisted commit * Document AzureCloud and the updated AzureEndpoint semantics Adds the AzureCloud setting documentation (commercial/government/custom) to both the environment configuration reference and the Azure walkthrough, rewrites the AzureEndpoint entry to reflect its new role as the full Blob service URL valid only when AzureCloud is custom, and removes the stale note that said sovereign clouds aren't configured through the endpoint override. Adds ExportAzureCloud to the dedicated export filestore key list. ------ AI assisted commit * Document DefaultAzureCredential authentication mode Restructures Step 3 of the Azure Blob Storage walk-through to cover both shared-key and the new default_credential authentication mode. The default_credential subsection walks an admin through picking the identity source that matches the host (managed identity on Azure VM/App Service/AKS, workload identity, service principal, az login) and granting Storage Blob Data Contributor on the storage account. Updates Step 4 to describe the new "Azure authentication" dropdown in the System Console, including the conditional visibility of the Azure Storage account key field. Adds AuthorizationPermissionMismatch to the troubleshooting table and documents the propagation delay that follows a fresh role assignment. Adds FileSettings.AzureAuthMode to the environment-configuration reference and to the ExportAzure* list under the dedicated export filestore section. ------ AI assisted commit * Simplify the docs * Update source/administration-guide/configure/azure-blob-storage.rst Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * Document Azure SAS support for presigned export downloads Add ExportAzurePresignExpiresSeconds to the dedicated export filestore key list, and generalize the presigned-download note so it reflects that exports can now be downloaded via an Azure Blob Storage SAS URL, not just an Amazon S3 presigned URL. ------ AI assisted commit * Address review comments * Add missing new line * Fix malformed quotes --------- Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * docs: clarify ID attribute case sensitivity for AD/LDAP and SAML (#9020) Add notes to the AD/LDAP ID attribute, AD/LDAP Group ID attribute, and SAML ID attribute settings explaining that values are matched verbatim with no case normalization. Under PostgreSQL's default case-sensitive collation, a change in casing is treated as a new user or unlinked group, so the identity provider must return these attributes with consistent casing. Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Co-authored-by: Katie Wiersgalla <39744472+wiersgallak@users.noreply.github.com> * docs: add Edit Attachments permission documentation Document the new Edit Attachments permission introduced in Mattermost v11.8.0, which controls whether users can add or remove file attachments when editing posts. Co-authored-by: Combs7th <Combs7th@users.noreply.github.com> Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * Update authentication-configuration-settings.rst * Update authentication-configuration-settings.rst * Update authentication-configuration-settings.rst * Update authentication-configuration-settings.rst * Update azure-blob-storage.rst * Update azure-blob-storage.rst * Remove unintended configure file changes --------- Co-authored-by: Alejandro García Montoro <alejandro.garciamontoro@gmail.com> Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> Co-authored-by: Wayne Wollesen <50209602+ewwollesen@users.noreply.github.com> Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Co-authored-by: Katie Wiersgalla <39744472+wiersgallak@users.noreply.github.com> Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com> * Update mattermost-v11-changelog.md * Document v11.8 classification markings and banners (#9035) * Remove CJK search feature flag mention now that it defaults to true (#9029) * Remove CJK search feature flag mention now that it defaults to true * Clarify CJK search defaults to true on v11.9, flag-gated on v11.5-v11.8 * Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * Document v11.8 classification markings and banners Add an end-user Classification markings section to display-channel-banners.rst and an admin Classification Markings section to site-configuration-settings.rst, covering global and channel-level classification banners in the web and desktop apps. Classification markings are informational only and don't control access. Co-authored-by: Combs7th <Combs7th@users.noreply.github.com> * Removing unintended commits --------- Co-authored-by: Jesse Hallam <jesse.hallam@gmail.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com> Co-authored-by: Combs7th <Combs7th@users.noreply.github.com> * Update mattermost-v11-changelog.md * Document plugin-provided metrics at the standard /metrics endpoint (#9038) * Remove CJK search feature flag mention now that it defaults to true (#9029) * Remove CJK search feature flag mention now that it defaults to true * Clarify CJK search defaults to true on v11.9, flag-gated on v11.5-v11.8 * Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * Document plugin-provided metrics via standard /metrics endpoint Add documentation for the AggregatePluginMetrics feature flag (v11.8.0), which exposes plugin-provided Prometheus metrics through the standard Mattermost /metrics endpoint with a plugin_id label. Co-authored-by: Combs7th <Combs7th@users.noreply.github.com> * Removing unintended commits --------- Co-authored-by: Jesse Hallam <jesse.hallam@gmail.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com> Co-authored-by: Combs7th <Combs7th@users.noreply.github.com> * Update docs for System Statistics label (#8915) Align the docs with the admin console rename from Site Statistics to System Statistics so navigation and delegated-admin guidance match the UI. Preserve the legacy reporting settings anchor so existing deep links continue to resolve. Made-with: Cursor Co-authored-by: Amy Blais <29708087+amyblais@users.noreply.github.com> * Update mattermost-v11-changelog.md * Document User Attributes Display Name and Name (v11.8) (#9025) * MM-68718: Document Azure Blob Storage as a file storage backend (#8976) * Document Azure Blob Storage as a file storage backend Adds Azure Blob Storage to the File storage system reference: a new azureblob driver-name option and individual entries for the FileSettings.AzureStorageAccount, AzureContainer, AzurePathPrefix, AzureAccessKey, AzureEndpoint, AzureSSL, and AzureRequestTimeoutMilliseconds settings. Extends the dedicated export filestore list with the matching Export* variants. Calls out the restart-required behaviour when changing file storage settings so admins know Save in System Console isn't enough on its own. ------ AI assisted commit * Add walk-through page for configuring Azure Blob Storage Folds the full prereqs, Azure portal/CLI provisioning, System Console walk-through, Test Connection semantics, restart-required warning, verification, optional export backend, and troubleshooting sections into a dedicated configure/azure-blob-storage page. Wires the new page into the configuration-settings toctree and bullet list, and adds a seealso link from the File storage section of environment-configuration-settings so admins can find it from the reference page. ------ AI assisted commit * Document migrating existing files from Amazon S3 Adds a Migrate existing files from Amazon S3 section to the Azure Blob Storage walk-through. Covers the recommended trickle-then-cutover pattern (long rclone sync, short AzCopy maintenance window), the prerequisites for the migration host, phase-by-phase commands, verification queries (object count parity, sha256 spot-check), the rollback path, and caveats (S3 versioning, sync vs copy, prefix rewrites, cross-region cost, Storage Mover preview status). Updates the migration note under step 4 and the troubleshooting entry for missing pre-cutover files to cross-reference the new section. ------ AI assisted commit * Document AzureCloud and the updated AzureEndpoint semantics Adds the AzureCloud setting documentation (commercial/government/custom) to both the environment configuration reference and the Azure walkthrough, rewrites the AzureEndpoint entry to reflect its new role as the full Blob service URL valid only when AzureCloud is custom, and removes the stale note that said sovereign clouds aren't configured through the endpoint override. Adds ExportAzureCloud to the dedicated export filestore key list. ------ AI assisted commit * Document DefaultAzureCredential authentication mode Restructures Step 3 of the Azure Blob Storage walk-through to cover both shared-key and the new default_credential authentication mode. The default_credential subsection walks an admin through picking the identity source that matches the host (managed identity on Azure VM/App Service/AKS, workload identity, service principal, az login) and granting Storage Blob Data Contributor on the storage account. Updates Step 4 to describe the new "Azure authentication" dropdown in the System Console, including the conditional visibility of the Azure Storage account key field. Adds AuthorizationPermissionMismatch to the troubleshooting table and documents the propagation delay that follows a fresh role assignment. Adds FileSettings.AzureAuthMode to the environment-configuration reference and to the ExportAzure* list under the dedicated export filestore section. ------ AI assisted commit * Simplify the docs * Update source/administration-guide/configure/azure-blob-storage.rst Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * Document Azure SAS support for presigned export downloads Add ExportAzurePresignExpiresSeconds to the dedicated export filestore key list, and generalize the presigned-download note so it reflects that exports can now be downloaded via an Azure Blob Storage SAS URL, not just an Amazon S3 presigned URL. ------ AI assisted commit * Address review comments * Add missing new line * Fix malformed quotes --------- Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * docs: clarify ID attribute case sensitivity for AD/LDAP and SAML (#9020) Add notes to the AD/LDAP ID attribute, AD/LDAP Group ID attribute, and SAML ID attribute settings explaining that values are matched verbatim with no case normalization. Under PostgreSQL's default case-sensitive collation, a change in casing is treated as a new user or unlinked group, so the identity provider must return these attributes with consistent casing. Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Co-authored-by: Katie Wiersgalla <39744472+wiersgallak@users.noreply.github.com> * docs: document User Attributes Display Name and Name (v11.8) Explain that from Mattermost v11.8 user attributes have both a Display Name (user/admin-facing label) and a Name (internal canonical identifier used in ABAC policy expressions and API references). Refs mattermost/mattermost#36247, mattermost/mattermost#36363 Co-authored-by: Combs7th <Combs7th@users.noreply.github.com> * Remove unintended configure changes * Update source/administration-guide/manage/admin/user-attributes.rst Co-authored-by: Maria A Nunez <maria.nunez@mattermost.com> * Update user-attributes.rst * Update user-attributes.rst * Update source/administration-guide/manage/admin/user-attributes.rst Co-authored-by: Maria A Nunez <maria.nunez@mattermost.com> * Update source/administration-guide/manage/admin/user-attributes.rst Co-authored-by: Maria A Nunez <maria.nunez@mattermost.com> * Update user-attributes.rst --------- Co-authored-by: Alejandro García Montoro <alejandro.garciamontoro@gmail.com> Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> Co-authored-by: Wayne Wollesen <50209602+ewwollesen@users.noreply.github.com> Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Co-authored-by: Katie Wiersgalla <39744472+wiersgallak@users.noreply.github.com> Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com> Co-authored-by: Combs7th <Combs7th@users.noreply.github.com> Co-authored-by: Maria A Nunez <maria.nunez@mattermost.com> * Document channel category sorting GA and default category behavior (v11.8) (#9037) * Remove CJK search feature flag mention now that it defaults to true (#9029) * Remove CJK search feature flag mention now that it defaults to true * Clarify CJK search defaults to true on v11.9, flag-gated on v11.5-v11.8 * Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * Document channel category sorting GA and default category behavior (v11.8) Documents that, from Mattermost v11.8.0, channel category sorting is enabled by default (TeamSettings.EnableChannelCategorySorting). Channel admins can set a Default category (optional) when creating or editing a channel, and members who join see the channel under that sidebar category. - Adds the Channel category sorting setting under Site Configuration > Users and Teams in site-configuration-settings.rst. - Notes graduation to GA on the legacy experimental settings entry. - Updates the end-user create-channels and rename-channels guides. Co-authored-by: Combs7th <Combs7th@users.noreply.github.com> * Removing unintended commits * Update sidebar guide to GA wording for channel category sorting Aligns the customize-your-channel-sidebar note with the v11.8 default-on messaging by referencing the new Site Configuration setting instead of the experimental settings anchor. Co-authored-by: Combs7th <Combs7th@users.noreply.github.com> --------- Co-authored-by: Jesse Hallam <jesse.hallam@gmail.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com> Co-authored-by: Combs7th <Combs7th@users.noreply.github.com> * Update mattermost-v11-changelog.md * Update ui-ada-changelog.rst --------- Co-authored-by: Vishal <vish@mattermost.com> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Co-authored-by: Eric Sethna <14333569+esethna@users.noreply.github.com> Co-authored-by: Guillermo Vayá <guivaya@gmail.com> Co-authored-by: Harshil Sharma <18575143+harshilsharma63@users.noreply.github.com> Co-authored-by: changelog-automation-docs[bot] <278388344+changelog-automation-docs[bot]@users.noreply.github.com> Co-authored-by: Changelog Bot <changelog-bot@mattermost.com> Co-authored-by: Jesse Hallam <jesse.hallam@gmail.com> Co-authored-by: Pablo Vélez <pablovv2012@gmail.com> Co-authored-by: Maria A Nunez <maria.nunez@mattermost.com> Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com> Co-authored-by: Amy Blais <amyblais@users.noreply.github.com> Co-authored-by: Combs7th <147677911+Combs7th@users.noreply.github.com> Co-authored-by: Alejandro García Montoro <alejandro.garciamontoro@gmail.com> Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> Co-authored-by: Wayne Wollesen <50209602+ewwollesen@users.noreply.github.com> Co-authored-by: Katie Wiersgalla <39744472+wiersgallak@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> Co-authored-by: Combs7th <Combs7th@users.noreply.github.com>
Merged
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Documents the new Azure Blob Storage filestore backend. Two layers:
Reference (
source/administration-guide/configure/environment-configuration-settings.rst):azureblobdriver-name option.ExportAzure*keys.seealsopointer from the File storage section to the walk-through page below.Walk-through (
source/administration-guide/configure/azure-blob-storage.rst, new):Ticket Link
Fixes https://mattermost.atlassian.net/browse/MM-68718