Allow delegate tokens to span projects
long-term
B
Blue Parrot
In an effort to maintain less delegate resources, we would like the option to use a delegate across multiple projects while still using a delegate token. At this time a delegate will only allow one token so it can only be aligned to ne project. We would like the delegate to leverage tokens from multiple projects.
Log In
Prateek Mittal
long-term
Prateek Mittal
pending feedback
B
Blue Parrot
Having the delegate at the org or account level won't work for us. The delegates run as a an 'identity' and that identity can only be used by a project, or small number of projects. With delegate token at project level we're limited to just one delegate per project. If moved to org level there would be separation of duties conflicts across projects under that org.
Prateek Mittal
Blue Parrot: To support the above ask, you can use the delegate selectors to select the specific delegate. That way you can have the delegate at the account level but segregating them at the usage level by using delegate selectors - https://developer.harness.io/docs/platform/delegates/manage-delegates/select-delegates-with-selectors/
Please let me know if this doesn't solve your use case and we should further discuss on the use case.
B
Blue Parrot
Prateek Mittal Delegate selectors do not give us any level of security though correct? In my case, I want project A and B to use delegate X, but I do not want project C to use delegate X. Project A, B, and C are under the same org. If I have a delegate at account level, all 3 projects could use it. With a delegate token, only one project can use it.
Prateek Mittal
Blue Parrot: Thanks for the clarification. We do have a feature request to restrict the usage of an entity (delegate) to a certain scope (OrgA + Project A + Project B). This particular feature is currently in design process. Would you be okay to discuss this design and provide feedback if any.
Regards,
Prateek
B
Blue Parrot
Prateek Mittal Yes, happy to discuss this design.
Prateek Mittal
Hi Chad,
To solve the above use case, you can create a delegate at the org or account level and use it in the underlying projects. Delegate availability then becomes subject to Harness implicit Project, Org, and Account hierarchy.
Please let me know if this solve your use case.
Thanks,
Prateek
R
Rubber Scallop
Prateek Mittal Hi Prateek, was curious if Chad's response above helps.
Prateek Mittal
under review