Description:
Currently, when infrastructure definitions are backed by Git, any changes made directly in the Git repository do not trigger OPA policy re-evaluation. As a result, policy violations introduced after the initial creation can go undetected.
This contrasts with inline (UI-based) changes, which do correctly trigger OPA policy checks and reflect updates in the OPA console.
Current Limitation:
  • Git-backed infra is only evaluated at creation time.
  • Subsequent Git commits are not re-evaluated unless manually imported.
  • OPA console does not reflect changes made via Git unless the user re-imports the entity.
Impact:
This presents a governance gap where policy violations may bypass checks if changes are made exclusively through Git.
Enhancement Request:
Support automatic re-evaluation of OPA policies when Git-based infrastructure definitions are updated, similar to how inline changes are currently handled. This would ensure consistent policy enforcement regardless of how the configuration is managed.
Created by Pedro Mastelaro
·