APIGOV-32943 — Okta IDP per-scope policy lifecycle, app name templates, and scope exclude list#1049
Merged
Conversation
* APIGOV-31191 validate cache * APIGOV-31191 improvements and unit tests * APIGOV-31191 refactor tests * APIGOV-31191 validate instead of rebuild after 7 days * APIGOV-31191 get scoped resources from cache * APIGOV-31191 update shouldRebuildCache * APIGOV-31191 fix logs * APIGOV-31191 improvements * APIGOV-32372 cache rebuild optimizations (#1023) * APIGOV-32372 rebuild only failed kinds * APIGOV-32372 fix for listener/cache rebuild race condition * APIGOV-32372 merge main * APIGOV-32372 remove else statement Co-authored-by: Copilot <copilot@github.com> * APIGOV-32327 wait for clients to be ready * APIGOV-32372 improvements * APIGOV-32372 fix for unlock on unlocked mutex error * APIGOV-32372 guard against listener potential data race --------- Co-authored-by: Copilot <copilot@github.com> * APIGOV-31191 sequence and resource count pre validation * APIGOV-31191 - remove timeout on harverter event sync * APIGOV-31191 - Cache validation/rebuild refactoring (#1048) * APIGOV-31191 - remove API calls for metadata check for cache validation * APIGOV-31191 - Refactoring and cleanup - Remove entire cache flush. Flush only the kind getting processed and after the API call is successful to avoid cache inconsistency - Cleanup instance count map that should speed up building APIservice cache items - Fixes * APIGOV-31191 - check publishing lock and acquire lock while publishing * APIGOV-31191 - fixes - Fix for endless waitForCacheRebuild - Fix to keep original APIService resource instance in cache when duplicates are added to the cache - Fix to hook cache rebuild on stream client reconnection instead of harvester error and to address job pool status * APIGOV-31191 - updates - remove waitForCacheRebuild and use the error returned from harvester to trigger the job restart * APIGOV-31191 - fallback to count checks if harvester is not reachable * APIGOV-31191 - review comments + lock on harvester event sync * APIGOV-31191 - lock on harvester event sync * APIGOV-31191 - use APIServiceInstance counts to rebuild APIService cache * APIGOV-31191 - use CreateOrUpdateResource for processing APIService * APIGOV-31191 - fix to not make multiple x-agent-details update for APIService * APIGOV-31191 - clean up event listener pauser * APIGOV-31191 - fix client adapter --------- Co-authored-by: Copilot <copilot@github.com> Co-authored-by: Vivek Singh Chauhan <vchauhan@axway.com>
* APIGOV-31452 - send new insights events formats * APIGOV-31452 - updates on access request * APIGOV-31452 - add deep logging for event building * APIGOV-31452 - add missing attribs for service revision id and agent version * APIGOV-31452 - updated metric v3 events * APIGOV-31452 - update for product owner * APIGOV-31452 - fall back to apiserviceinstance by name * APIGOV-31452 - add logging for unmarshaling * APIGOV-31452 - update for embedded shape * APIGOV-31452 - match the actual _embedded.metadata.references shape from the API server * APIGOV-31452 - addition of owner * APIGOV-31452 - add SetReporter builder method to CentralMetricBuilder * APIGOV-31452 - update for published product watch topic * APIGOV-31452 - revert watch topic logic * APIGOV-31452 - get published product owner from embedded * APIGOV-31452 - update unit test coverage * APIGOV-31452 - add api metric for agents explicitly calling * APIGOV-31452 - user id path * APIGOV-31452 - update test coverage * APIGOV-31452 - update sonar fixes * APIGOV-31452 - update embed for x agent details apiservice fetch * APIGOV-31452 - update leg with consumer details * APIGOV-31452 - remove consumer details * APIGOV-31452 - review * APIGOV-31452 - set proxy funcs for on prem agents * APIGOV-31452 - add backwards compatibility for leg * APIGOV-31452 - update product block * APIGOV-31452 - update rev id for on prem * APIGOV-31452 - apiservicerev setter for some on prem agents * APIGOV-31452 - update transaction fields * APIGOV-31452 - update leg direction and proxy * APIGOV-31452 - update proxy * APIGOV-31452 - expose SetLegProxy for controller enrichment * APIGOV-31452 - update on legs * APIGOV-31452 - set owner from man app * APIGOV-31452 - product owner fix * APIGOV-31452 - update source and ip for v7 fixes * APIGOV-31452 - remove flow header * APIGOV-31452 - review * APIGOV-31452 - review and unit test coverage * APIGOV-31452 - update tests and comments * APIGOV-31452 - PR comments and proxy updates * APIGOV-31452 - update based on PR comments * fix mocks * fix rebase error --------- Co-authored-by: Jason Collins <jcollins@axway.com>
jcollins-axway
previously approved these changes
Jul 1, 2026
vivekschauhan
previously approved these changes
Jul 1, 2026
alrosca
previously approved these changes
Jul 1, 2026
3d3c287
jcollins-axway
previously approved these changes
Jul 8, 2026
vivekschauhan
previously approved these changes
Jul 8, 2026
f2c19d1
vivekschauhan
approved these changes
Jul 9, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Automated policy management :
When a credential is provisioned, the agent now creates or updates an Okta authorization policy scoped to the specific access being granted. When a credential is deprovisioned, the agent removes the credential from that policy. If it was the last credential on the policy, the agent automatically cleans up the policy entirely rather than leaving empty policies behind in Okta.
Configurable naming :
Okta app and policy names can now be built from a configurable template using placeholders for the Marketplace application name, owning team, credential name, scope, and OAuth flow. Names are validated at startup and length limits are enforced before anything is sent to Okta.
Team name resolution :
When registering an app in Okta, if the owning team isn't immediately available in the local cache, the agent will look it up from the platform and cache it for future use.
Scope filtering :
Scopes returned by Okta (such as openid, profile, email) can be filtered out from what is shown in the Marketplace UI using a configurable exclude list.