Currently, the Harness Policy Engine supports enforcement for various entity types like Pipelines, Connectors, and Environments. However, foundational entities such as Projects, User Groups, and Resource Groups are not yet OPA-bindable. This prevents platform administrators from enforcing standards (like naming conventions or required metadata) at the earliest point of creation.

Use Case:

Large-scale organizations need to maintain strict governance to avoid platform sprawl. For example, a customer may want a policy that blocks the creation of any Project whose identifier doesn't start with a specific department code, or a User Group that doesn't follow a [Dept]-[Team]-[Role] format.

Requested Capability:

Entity Support: Add Project, User Group, and Resource Group to the available entity types in Policy Sets.

Event Support: Enable the "On Save" event for these entities to allow for "Block" actions during creation or updates.

Input Payload: Expose the relevant entity fields (e.g., input.project.name, input.usergroup.identifier, input.resourcegroup.tags) to the Rego execution context.

Impact:

This will allow customers to automate platform-wide governance and naming standards, reducing manual cleanup and ensuring audit compliance across the Harness Account.