That’s an interesting question. I don’t believe there is any direct integration with opa or any policy as code frameworks.
Two ways I can think of you could integrate it into your process flow though.
-
Using a ci/cd pipeline as part of your project repository. For example using github actions or gitlab ci, you can setup a job to run opa on merge requests to your active branch.
-
Write a callback plugin to run opa. This could run opa at the start of your playbook execution, failing the job if the opa policy fails. This may be a great fit if you want to evaluate it at runtime to consider outside information. It may not be a great fit if you only need it to run for changes to your playbook/roles since it would add to your execution time. There may be other plugins I haven’t come accross yet as well, something you could integrate at project sync time.
In any case, i’m curious to see what others thoughts are on this as well. Certainly an interesting use case, and something I would also find valuable.