Project Policy Validation with OPA and ansible-policy
Enhancing Compliance and Automation in Ansible with ansible-policy Utility
Introduction
There’s a new Ansible feature in town, and I’m thrilled to announce the Ansible Policy utility, which can directly interact with the Open Policy Agent (OPA). If you’re familiar with Kubernetes, you might already know OPA’s popularity for specifying rules and validating projects against them.
This utility is particularly beneficial for organizations that need to ensure their projects comply with specific policies. For instance, in this example, I’ll validate my playbook against a policy that restricts AWS EC2 machine allocation to the US East 1 and US East 2 regions. As you’ll see, my playbook isn’t compliant, as specified on lines 15 and 29, because it attempts to allocate machines in different regions.
By flagging non-compliance, we prevent the execution of configurations that don’t meet our standards. So, why haven’t you heard about Ansible Policy? Because it’s a new prototype implementation that allows you to define and set OPA rules within your application using the Ansible Policy utility.
