Feature Requests

In the Hashicorp vault connector, we have a mechanism to cache the JWT token to avoid generating the token call for every request. The validity of the cache token is one percent less than the actual value set for the token expriy on the vault end. There is a limitation in Vault end, where a token generated by one replica can't be used on another replica. Due to this, if, in any condition, the delegate has a cache token for replica B and makes a call to replica A, it fails. We need a mechanism from the Harness end to invalidate the cache on the delegates for this vault.

User plan is to use different role for different applications for different environments. so if they have 100 apps we will be creating 100*4 (we have 4 environments) connectors and it going to be maintenance overhead. As of now, they see there no way to pass role as a parameter for AWS connector so they needed ability to parameterize cross-account role in AWS connector

Microsoft Entra ID only supports HTTP-Redirect binding for SAML logout, but Harness currently doesn't support for the HTTP-Redirect binding in Single Logout (SLO), which results in an error after the sign-out process. Please enable this feature

Is it possible for harness to consume rejected request response messages and provide meaningful feedback in the ui for the user instead of timing out?

Currently we can't configure terminationGracePeriodSeconds in our delegates when installed using Harness Delegate helm chart. We need a longer configurable shutdown time (some of our jobs last up to 1 hour). See https://github.com/harness/delegate-helm-chart/blob/main/harness-delegate-ng/templates/deployment.yaml#L71 In addition to that, there should be an option to set a custom lifecycle hook. We use linkerd and need to call its shutdown endpoint using an API call once the delegate finished handling its tasks. lifecycle: preStop: exec: command: - /bin/sh - -c - | echo "Starting preStop hook: waiting for harness delegate to finish its tasks..." So to sum it up: Configureable terminationGracePeriodSeconds Allow configuring a lifecycle hook. Make sure http://127.0.0.1:3460/api/health is still responsive after the pod gets a TERM signal and return something like: {"status":"SUCCESS","data":"task-in-progress","metaData":null,"correlationId":null} I've seen this metric: io_harness_custom_metric_tasks_currently_executing under /api/metrics but it won't be as convenient to consume. Or any other solution that will tell us that a task is still running post TERM signal.

Moniepoint would like to integrate multiple sign-in options, but we seem to only be able to integrate one. Moniepoint is currently using JumpCloud SSO with SAML, and this setup doesn't allow for password-based login in addition to the SSO. Moniepoint does not want to change the current SSO setup to OAuth.

Please add task_id to delegate metrics for io_harness_custom_metric_task_execution_time . This will help which task taking more time etc and help troubleshoot the issue with task_id then finding the pipeline etc.

Problem Statement Currently, personal API tokens created by users in their profile settings can only be deleted by the token owner. This creates a security control gap where administrators have no ability to revoke a user’s API access in scenarios where immediate token revocation is necessary (e.g., compromised accounts, departing employees, security incidents, policy violations). Current State Service account tokens: RBAC controls exist for deletion User profile tokens: Only the user can delete their own tokens No admin override capability exists Requested Functionality Enable account administrators and authorized service accounts to delete user API tokens created at the user profile level. Specific Requirements: Admin users should be able to delete any regular user’s API tokens Service accounts with appropriate account-level permissions should be able to delete regular user’s API tokens Should maintain audit trail of token deletions (who deleted, when, which token) Use Cases Security Incident Response: Immediately revoke tokens for compromised accounts Offboarding: Ensure complete access revocation when users leave Compliance: Enforce token rotation policies Policy Enforcement: Revoke tokens that violate security policies

I need a way to prevent the platform from assigning arbitrary tasks to a delegate. It would be helpful if the platform could restrict delegate usage to specific tasks by either assigning users to it via RBAC or requiring a delegate selector to be specified. This would ensure that delegates are only used for their intended purposes and not for unrelated tasks.

I have pipeline which run my automation of test cases and i wanted to leverage Harness Email notification to send an email to recipient for test automation report.