ansible-role-openpolicyagent
============================

The `ansible-role-openpolicyagent` ansible role installs and configures `Open Policy Agent <https://www.openpolicyagent.org/>`_.

Requirements
------------

The role doesn't require any extra python requiremnets to use.

To run `molecule` on the other hand, you might need to do the following.

```
$ pip install -r molecule/requirements.txt
```

Role Variables
--------------

| Variable                                                | Default                                                                                      | Description                                      |
|:--------------------------------------------------------|:--------------------------------------------------------------------------------------------:|:-------------------------------------------------|
| `openpolicyagent_version`                               | `v0.14.2`                                                                                    | OPA version                                      |
| `openpolicyagent_home`                                  | `/opt/opa`                                                                                   | OPA home directory                               |
| `openpolicyagent_bin`                                   | `/opt/opa/bin`                                                                               | OPA binary path                                  |
| `openpolicyagent_name`                                  | `opa`                                                                                        | OPA name of file to download                     |
| `openpolicyagent_user`                                  | `opa`                                                                                        | OPA user to create and use                       |
| `openpolicyagent_group`                                 | `opa`                                                                                        | OPA group to create and use                      |
| `openpolicyagent_base_url`                              | `Link <https://github.com/open-policy-agent/opa/releases/download>`_                         | OPA download base URL                            |
| `openpolicyagent_url`                                   | `Link <https://github.com/open-policy-agent/opa/releases/download/v0.14.2/opa_linux_amd64>`_ | OPA download URL                                 |
| `openpolicyagent_config_path`                           | `/etc/opa`                                                                                   | OPA configuration base path                      |
| `openpolicyagent_config_d_path`                         | `/etc/opa/opa.d/`                                                                            | OPA config.d path                                |
| `openpolicyagent_config_file`                           | `/etc/opa/config.yml`                                                                        | OPA configuration file path                      |
| `*_openpolicyagent_services`                            | `[]`                                                                                         | OPA Services                                     |
| `*_openpolicyagent_labels`                              | `{}`                                                                                         | OPA Labels                                       |
| `*_openpolicyagent_bundles`                             | `[]`                                                                                         | OPA Bundles                                      |
| `*_openpolicyagent_plugins`                             | `{}`                                                                                         | OPA Plugins                                      |
| `openpolicyagent_config_default_decision`               | `/system/main`                                                                               | OPA Default Decision configuration               |
| `openpolicyagent_config_default_authorization_decision` | `/system/authz/allow`                                                                        | OPA Default Authorization Decision configuration |
| `openpolicyagent_config_decision_logs`                  | `{}`                                                                                         | OPA Decision Logs configuration                  |
| `openpolicyagent_config_status`                         | `{}`                                                                                         | OPA Status configuration                         |
| `openpolicyagent_config_discovery`                      | `{}`                                                                                         | OPA Discovery configuration                      |

License
-------

BSD 2 Clause