Uploaded image for project: 'Ansible Automation Platform RFEs'
  1. Ansible Automation Platform RFEs
  2. AAPRFE-2545

Expand Open Policy Agent (OPA) inputs to include playbook

XMLWordPrintable

    • False
    • Hide

      None

      Show
      None
    • False

      What is the nature and description of the request?

      The ability to enforce policies is currently limited to specific API endpoints for some content.

      The list can be found here:

      https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/configuring_automation_execution/controller-pac#pac-inputs-outputs_controller-pac

      This request is to add additional API endpoints as well as the ability to parse a playbook, similar to how this is done here:

      https://github.com/ansible/ansible-policy/blob/main/examples/check_project/policies/check_become.yml

       

      Why does the customer need this? (List the business requirements here)

      There is no method currently that prevents job execution based on the playbook's contents. This RFE would provide a more complete ability to comply with company standards and to prevent malicious behavior.

       

      How would you like to achieve this? (List the functional requirements here)

      Add additional API endpoints and include the playbook as inputs for Open Policy Enforcement.

       

      List any affected known dependencies: Doc, UI etc..

      https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/configuring_automation_execution/controller-pac

       

      Github Link if any

      https://github.com/ansible/ansible-policy

       

              rhn-support-ebock Emily Bock
              jbird@redhat.com Jeffrey Bird
              Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: