Multi-integration ownership for deletion / reconciliation
K
Kevin Puventhiranathan
Problem
Today, automaticPort only allows automatic deletion during reconciliation by the integration that originally created an entity (the entity’s “owner”). If an entity was created by Port Internal or a legacy integration (e.g., the legacy GitHub app) and is later updated or maintained by a different integration (e.g., an Ocean-based LDAP/entitlements integration or GitHub Ocean), the maintaining integration cannot delete the entity when it stops reporting it.
This results in:
- Orphaned entities that cannot be cleaned up automatically
- Customers being forced to delete and recreate large numbers of entities (users, GitHub entities, etc.) solely to transfer ownership
- Increased operational risk and complexity during migrations (e.g., legacy GitHub app → GitHub Ocean, or custom scripts → Ocean integrations)
Requested solution
- Support multi-integration ownership for deletion, or provide a safe ownership transition mechanism. For example: Allow a configurable list of integrations to be authorized to delete an entity (or entities of a given blueprint/kind), even if they did not originally create it
- Provide a supported way to transfer or extend ownership from one integration/user-agent to another (e.g., from Port Internal or a legacy GitHub app to an Ocean integration) without requiring delete-and-recreate
Benefits
- Safe, non-destructive migrations between integrations (legacy → Ocean)
- Cleaner catalogs with fewer orphaned entities
- Better alignment with real-world “source of truth” changes (e.g., moving user management to LDAP, or project ownership to GitHub/Snyk Ocean)