Git-Based Infrastructure Changes Do Not Trigger OPA Policy Re-Evaluation
this fiscal quarter
G
Ginger orange Raccoon
Description:
Currently, when infrastructure definitions are backed by Git, any changes made directly in the Git repository do not trigger OPA policy re-evaluation. As a result, policy violations introduced after the initial creation can go undetected.
This contrasts with inline (UI-based) changes, which do correctly trigger OPA policy checks and reflect updates in the OPA console.
Current Limitation:
- Git-backed infra is only evaluated at creation time.
- Subsequent Git commits are not re-evaluated unless manually imported.
- OPA console does not reflect changes made via Git unless the user re-imports the entity.
Impact:
This presents a governance gap where policy violations may bypass checks if changes are made exclusively through Git.
Enhancement Request:
Support automatic re-evaluation of OPA policies when Git-based infrastructure definitions are updated, similar to how inline changes are currently handled. This would ensure consistent policy enforcement regardless of how the configuration is managed.
Log In
a
abhijit.pujare
updated the status to
this fiscal quarter
Shylaja Sundararajan
Looping in abhijit.pujare
Gaurav Soni
Shylaja Sundararajan
Do we have any updates for Lloyds? This one seems to be the top priority for them.
a
abhijit.pujare
Gaurav Soni: I am working with Sreeja Satheesh on this and she has shared an update with them. Thanks
Shylaja Sundararajan
updated the status to
under review