Description

Integration of Ansible Automation Platform with Open Policy Agent (OPA).

Customer Explanation

We want to ensure all our ansible playbooks are met with audit requirements and also it has a valid ticket and approvals in place before executing the actual playbook.

Use case – 1:
Ticket_validation.yml --> this validates a change ticket, status, start date and end date, approvals.
User_role --> It contains the actual user role.

So, when ever someone runs a job template, we need to make sure Ticket_validation.yml is executed and validated all change related information. With out Ticket_validation.yml playbook , no one should be able to run any job templates.

Use case – 2:
Audit.yml --> It will contain all allowed opa polices like http version, rpm versions.
When even a user runs a playbook we should be able to validate their code and make sure it contains only the allowed versions. Otherwise playbook should fail.

Define the value or impact to you or the business
unable to define global policies for ansible jobs that are executed via AAP.