Problem
In specific versions of Terraform Enterprise, Open Policy Agent (OPA) policy evaluations fail for large workspaces that are configured to use the agent execution mode.
Prerequisites
This issue affects Terraform Enterprise versions v202309-1 through v202311-1.
Cause
A regression introduced in version v202309-1 causes OPA policy evaluations to run on the main Terraform Enterprise host instead of the designated agent. This misdirection of workload can lead to excessive resource consumption on the host, resulting in evaluation failures for large workspaces.
Solution
The recommended solution is to upgrade your Terraform Enterprise instance to a version where this regression has been fixed.
- Upgrade to Terraform Enterprise
v202312-1or a more recent version.
Outcome
After the upgrade, OPA policy evaluations will correctly execute on the designated agent. This restores the intended behavior, alleviates resource pressure on the host, and ensures that policy checks for large workspaces complete successfully.