Ansible role to install and configure Open Policy Agent (OPA).
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

4.8 KiB


The ansible-role-openpolicyagent ansible role installs and configures Open Policy Agent.


The role doesn't require any extra python requiremnets to use.

To run molecule on the other hand, you might need to do the following.

$ pip install -r molecule/requirements.txt

Role Variables

Variable Default Description
openpolicyagent_version v0.14.2 OPA version
openpolicyagent_home /opt/opa OPA home directory
openpolicyagent_bin /opt/opa/bin OPA binary path
openpolicyagent_name opa OPA name of file to download
openpolicyagent_user opa OPA user to create and use
openpolicyagent_group opa OPA group to create and use
openpolicyagent_base_url Link OPA download base URL
openpolicyagent_url Link OPA download URL
openpolicyagent_config_path /etc/opa OPA configuration base path
openpolicyagent_config_d_path /etc/opa/opa.d/ OPA config.d path
openpolicyagent_config_file /etc/opa/config.yml OPA configuration file path
*_openpolicyagent_services [] OPA Services
*_openpolicyagent_labels {} OPA Labels
*_openpolicyagent_bundles [] OPA Bundles
*_openpolicyagent_plugins {} OPA Plugins
openpolicyagent_config_default_decision /system/main OPA Default Decision configuration
openpolicyagent_config_default_authorization_decision /system/authz/allow OPA Default Authorization Decision configuration
openpolicyagent_config_decision_logs {} OPA Decision Logs configuration
openpolicyagent_config_status {} OPA Status configuration
openpolicyagent_config_discovery {} OPA Discovery configuration


BSD 2 Clause