Feature Requests

Allow looping strategies like matrix, repeat and parallel when invoking a child pipeline as a stage inside a parent pipeline.

Azure Bicep is the recommended and domain language that Azure Team at Microsoft promotes all customers to use. Customers that are not cross-cloud do not commonly use Terraform, among other reasons it is generally behind in getting new API features Azure Services offers (especially preview). Azure PowerShell and Azure CLI both support passing in a Bicep file in-place of an ARM JSON file so this shouldn't be a heavy lift. Bicep modules get published to a registry (e.g., Azure Container Registry) and then projects/repositories that may consume those modules can use a bicep.config file in the root of their repository to define repository paths of the modules (over mapping the whole ACR URI, etc.) and the authentication preferences (e.g., Azure CLI primary then Azure PowerShell, etc.).

It would be valuable to enhance the Trigger Explorer view with the ability to apply filters based on Organization, Project, and specific Pipeline, so users only see triggers relevant to the work they have access to. Currently, triggers from other organizations or projects appear in the list, often resulting in “access denied” errors and making it impractical to manually review large numbers of entries. Adding pipeline-level and project-level filtering would improve usability, ensure compliance with RBAC, and allow users to quickly find and manage triggers pertinent to their active projects.

Enable tag-based RBAC controls for templates and other Harness resources, similar to the existing tag-based RBAC model available for pipelines, to allow granular access control without requiring pre-created resources. Problem Statement: Teams need to grant access to subsets of templates at the same hierarchy level, especially at the account scope, without exposing all templates or requiring platform teams to pre-create them. Current RBAC limitations: Access can only be granted to all templates at a level or to specific existing templates Users cannot create new templates without prior access to a specific template Platform teams must bootstrap empty templates to grant access, creating operational overhead When Terraform manages resource groups, bootstrapping templates outside Terraform causes configuration drift Automating template creation via IDP can also modify resource groups, further increasing drift risk This creates a "chicken-and-egg" problem where users cannot create templates because they lack access, and access cannot be granted without an existing template. Current Workaround Some teams use Policy as Code (OPA) to enforce tag-based governance: Require tags on templates Restrict allowed tag values Map tags to user groups allowed to modify templates While effective, this approach: Moves access control from RBAC to policy enforcement Adds complexity and an additional governance layer Is not consistent with native RBAC behavior Proposed Enhancement: Introduce native tag-based RBAC for templates and other Harness resources, similar to pipelines. Desired Capabilities: Grant permissions based on resource tags rather than specific resource instances Allow users to create templates if they apply permitted tags Restrict modification access to resources with specific tags Apply consistently across Harness services, not just pipelines

Include a project/account level setting to return null in case the reference variable doesn't exist.

When we come to an approve or reject step within our pipeline, we are presented with this pop-out screen (see screenshot) - when I've been testing pipelines, I've been clicking through them quickly and on many occasions I have intended to add a comment and then click 'Reject' and have inadvertently clicked 'Approve' instead (which obviously allows the pipeline to continue and would be very bad within a live environment) - the Approve button is brighter and resembles an 'ok' or 'enter' button whereas the 'Reject' button resembles a 'cancel' button and is less noticeable. Could you perhaps move the buttons above the comment box so that either Approve or Reject button is selected first and then the option to add a comment is opened. Could you also make the Reject button more prominent perhaps by adding a colour (red)?

it's possible to have multi line string for pipeline input? at the moment, the string input allow input as a giant string... but it's pretty hard to read, would be nice if we could have an option to enter multi line string for scenario where it's easier to enter data as a yaml content or just multi line text? entering

We support our internal teams in takeda to create SEI collections. I am wondering why for already delivered SEI collection and Collection admin , we do not provide more autonomy in regards of adding/removing people to and from given SEI collection. That concept of self organization / delegation is very efficient. We receive lots of requests "please add me to this or that collection" and that is painful to manage centrally.

Customers would like the ability to restrict a delegate’s usage to a defined set of projects/pipelines, even when those projects span across multiple orgs. Currently, if a delegate is scoped at the account level, it is technically available for all projects and teams. The only workaround today is to place all projects into a dedicated org and scope the delegate there. This is not feasible when the customer’s setup spans multiple orgs. Sample Use Case: Customer has a team that purchased dedicated hardware for CI builds. This hardware should only be used by specific pipelines/projects owned by that team, but their projects span across multiple orgs, so creating a single org to scope the delegate is not an option. Current Behavior: Delegates scoped at the account level are available to all projects. No way to enforce restrictions using OPA, RBAC, or other policy mechanisms. Requested Behavior: Ability to explicitly restrict which orgs/projects/pipelines can use a delegate, even if the delegate is scoped at the account level.

Customer would like to be able to more granularly monitor their MTKs. They would like to have self-service options for getting the visibility they see from the MTK reports that we can request and share with them. Ideally they would want to be able to see MTKs broken down by flags, by traffic types, and also be able to get notified when they reach their MTK entitlement. Customer implemented pooling to be able to better control their MTKs but they are still seeing higher than anticipated volumes which is leading to a decrease in their trust of the platform and ability to predict what their utilization would be.