fix(sdk): make okta SDK an optional extra to avoid downstream resolution conflicts

2026-05-15 00:33:27 +00:00 · 2026-05-13 16:54:50 +02:00
8 changed files with 41 additions and 10 deletions
@@ -26,6 +26,10 @@ inputs:
    description: 'Whether to enable Poetry dependency caching via actions/setup-python'
    required: false
    default: 'true'
+  extras:
+    description: 'Comma-separated list of project extras to install (e.g. "okta"). Pass "all" to install every extra.'
+    required: false
+    default: ''

 runs:
  using: 'composite'
@@ -87,8 +91,20 @@ runs:
      if: inputs.install-dependencies == 'true'
      shell: bash
      working-directory: ${{ inputs.working-directory }}
+      env:
+        INPUTS_EXTRAS: ${{ inputs.extras }}
      run: |
-        poetry install --no-root
+        if [ "$INPUTS_EXTRAS" = "all" ]; then
+          poetry install --no-root --all-extras
+        elif [ -n "$INPUTS_EXTRAS" ]; then
+          EXTRAS_ARGS=""
+          for extra in ${INPUTS_EXTRAS//,/ }; do
+            EXTRAS_ARGS="$EXTRAS_ARGS -E $extra"
+          done
+          poetry install --no-root $EXTRAS_ARGS
+        else
+          poetry install --no-root
+        fi
        poetry run pip list

    - name: Update Prowler Cloud API Client
@@ -76,6 +76,7 @@ jobs:
        uses: ./.github/actions/setup-python-poetry
        with:
          python-version: ${{ matrix.python-version }}
+          extras: all

      - name: Check Poetry lock file
        if: steps.check-changes.outputs.any_changed == 'true'
@@ -92,6 +92,7 @@ jobs:
        uses: ./.github/actions/setup-python-poetry
        with:
          python-version: '3.12'
+          extras: all

      - name: Security scan with Bandit
        if: steps.check-changes.outputs.any_changed == 'true'
@@ -97,6 +97,7 @@ jobs:
        uses: ./.github/actions/setup-python-poetry
        with:
          python-version: ${{ matrix.python-version }}
+          extras: all

      # AWS Provider
      - name: Check if AWS files changed
@@ -89,7 +89,7 @@ ENV PATH="${HOME}/.local/bin:${PATH}"
 RUN pip install --no-cache-dir --upgrade pip && \
    pip install --no-cache-dir poetry==2.3.4

-RUN poetry install --compile && \
+RUN poetry install --compile --all-extras && \
    rm -rf ~/.cache/pip

 # Install PowerShell modules
@@ -1,4 +1,4 @@
-# This file is automatically @generated by Poetry 2.3.4 and should not be changed by hand.
+# This file is automatically @generated by Poetry 2.3.2 and should not be changed by hand.

 [[package]]
 name = "about-time"
@@ -16,9 +16,10 @@ files = [
 name = "aenum"
 version = "3.1.17"
 description = "Advanced Enumerations (compatible with Python's stdlib Enum), NamedTuples, and NamedConstants"
-optional = false
+optional = true
 python-versions = "*"
 groups = ["main"]
+markers = "extra == \"okta\""
 files = [
    {file = "aenum-3.1.17-py2-none-any.whl", hash = "sha256:0dad0421b2fbe30e3fb623b2a0a23eff823407df53829d6a72595e7f76f3d872"},
    {file = "aenum-3.1.17-py3-none-any.whl", hash = "sha256:8b883a37a04e74cc838ac442bdd28c266eae5bbf13e1342c7ef123ed25230139"},
@@ -3161,9 +3162,10 @@ referencing = ">=0.31.0"
 name = "jwcrypto"
 version = "1.5.7"
 description = "Implementation of JOSE Web standards"
-optional = false
+optional = true
 python-versions = ">=3.8"
 groups = ["main"]
+markers = "extra == \"okta\""
 files = [
    {file = "jwcrypto-1.5.7-py3-none-any.whl", hash = "sha256:729463fefe28b6de5cf1ebfda3e94f1a1b41d2799148ef98a01cb9678ebe2bb0"},
    {file = "jwcrypto-1.5.7.tar.gz", hash = "sha256:70204d7cca406eda8c82352e3c41ba2d946610dafd19e54403f0a1f4f18633c6"},
@@ -4145,9 +4147,10 @@ adk = ["docstring-parser (>=0.16) ; python_version >= \"3.10\" and python_versio
 name = "okta"
 version = "3.4.2"
 description = "Python SDK for the Okta Management API"
-optional = false
+optional = true
 python-versions = ">=3.10"
 groups = ["main"]
+markers = "extra == \"okta\""
 files = [
    {file = "okta-3.4.2-py3-none-any.whl", hash = "sha256:b67bcff31de65223c5848894a202153236d0c99e3a8541a54bf7065f81676637"},
    {file = "okta-3.4.2.tar.gz", hash = "sha256:b05201056f3f028c5d2d16394f9b47024a689080f5a993c11d4d80f0e1b5ba1e"},
@@ -4814,9 +4817,10 @@ files = [
 name = "pycryptodomex"
 version = "3.23.0"
 description = "Cryptographic library for Python"
-optional = false
+optional = true
 python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,!=3.5.*,!=3.6.*,>=2.7"
 groups = ["main"]
+markers = "extra == \"okta\""
 files = [
    {file = "pycryptodomex-3.23.0-cp27-cp27m-macosx_10_9_x86_64.whl", hash = "sha256:add243d204e125f189819db65eed55e6b4713f70a7e9576c043178656529cec7"},
    {file = "pycryptodomex-3.23.0-cp27-cp27m-manylinux2010_i686.whl", hash = "sha256:1c6d919fc8429e5cb228ba8c0d4d03d202a560b421c14867a65f6042990adc8e"},
@@ -5021,9 +5025,10 @@ typing-extensions = ">=4.14.1"
 name = "pydash"
 version = "8.0.6"
 description = "The kitchen sink of Python utility libraries for doing \"stuff\" in a functional way. Based on the Lo-Dash Javascript library."
-optional = false
+optional = true
 python-versions = ">=3.9"
 groups = ["main"]
+markers = "extra == \"okta\""
 files = [
    {file = "pydash-8.0.6-py3-none-any.whl", hash = "sha256:ee70a81a5b292c007f28f03a4ee8e75c1f5d7576df5457b836ec7ab2839cc5d0"},
    {file = "pydash-8.0.6.tar.gz", hash = "sha256:b2821547e9723f69cf3a986be4db64de41730be149b2641947ecd12e1e11025a"},
@@ -6603,6 +6608,7 @@ files = [
    {file = "xmltodict-1.0.4-py3-none-any.whl", hash = "sha256:a4a00d300b0e1c59fc2bfccb53d7b2e88c32f200df138a0dd2229f842497026a"},
    {file = "xmltodict-1.0.4.tar.gz", hash = "sha256:6d94c9f834dd9e44514162799d344d815a3a4faec913717a9ecbfa5be1bb8e61"},
 ]
+markers = {main = "extra == \"okta\""}

 [package.extras]
 test = ["pytest", "pytest-cov"]
@@ -6882,7 +6888,10 @@ files = [
    {file = "zstd-1.5.7.2.tar.gz", hash = "sha256:6d8684c69009be49e1b18ec251a5eb0d7e24f93624990a8a124a1da66a92fc8a"},
 ]

+[extras]
+okta = ["okta"]
+
 [metadata]
 lock-version = "2.1"
 python-versions = ">=3.10,<3.13"
-content-hash = "96359a9bfe4031fb0747c22eb4b00f2a008e3fb6d07189fa0fe6ee3875b1f913"
+content-hash = "95bcc1e65c79519df1fa78351a85986d1891d08f615fc7afaed754f268a0c944"
@@ -14,6 +14,7 @@ All notable changes to the **Prowler SDK** are documented in this file.
 ### 🔄 Changed

 - `entra_emergency_access_exclusion` check for M365 provider now scopes the exclusion requirement to enabled Conditional Access policies with a `Block` grant control instead of every enabled policy, focusing on the lockout-relevant policy set [(#10849)](https://github.com/prowler-cloud/prowler/pull/10849)
+- `okta` SDK dependency moved to a new `okta` optional extra; install with `pip install prowler[okta]` (or `poetry install --all-extras`) to use the Okta provider. Prevents resolution conflicts with downstream consumers pinning the legacy `okta<1.0.0` package

 ---

@@ -59,7 +59,6 @@ dependencies = [
  "microsoft-kiota-abstractions==1.9.2",
  "msgraph-sdk==1.55.0",
  "numpy==2.0.2",
-  "okta==3.4.2",
  "openstacksdk==4.2.0",
  "pandas==2.2.3",
  "py-ocsf-models==0.8.1",
@@ -98,6 +97,9 @@ readme = "README.md"
 requires-python = ">=3.10,<3.13"
 version = "5.27.0"

+[project.optional-dependencies]
+okta = ["okta==3.4.2"]
+
 [project.scripts]
 prowler = "prowler.__main__:prowler"