Loading deploy/ansible/roles/auth/defaults/main.yml +8 −3 Original line number Diff line number Diff line Loading @@ -22,11 +22,16 @@ image_pull: true auth_enabled: false # Default rego template (override this to use your own) auth_policy_template: policy.rego.j2 auth_policy_restricted_paths: [] opa_policy_template: policy.rego.j2 # Paths to apply security restrictions to opa_policy_restricted_paths: [] # Whitelist access based on the server's hostname opa_policy_server_host: "{{ ansible_host }}" # Logging level for the OPA server opa_log_level: debug opa_log_level: info # Settings for the opa image opa_image_prefix: "{{ image_prefix }}" Loading deploy/ansible/roles/auth/tasks/auth_install.yml +1 −1 Original line number Diff line number Diff line Loading @@ -11,7 +11,7 @@ - name: Write rego policy file template: src: "{{ auth_policy_template }}" src: "{{ opa_policy_template }}" dest: /esg/config/auth/policy.rego - name: Write auth service settings Loading deploy/ansible/roles/auth/templates/policy.rego.j2 +1 −1 Original line number Diff line number Diff line Loading @@ -25,7 +25,7 @@ allowed_hosts := { } # Check requested path against restricted paths {% for restricted_path in auth_policy_restricted_paths %} {% for restricted_path in opa_policy_restricted_paths %} violation["{{ restricted_path['name'] }}"] { regex.match("{{ restricted_path['path'] }}", resource_path) not has_group("{{ restricted_path['group'] }}") Loading Loading
deploy/ansible/roles/auth/defaults/main.yml +8 −3 Original line number Diff line number Diff line Loading @@ -22,11 +22,16 @@ image_pull: true auth_enabled: false # Default rego template (override this to use your own) auth_policy_template: policy.rego.j2 auth_policy_restricted_paths: [] opa_policy_template: policy.rego.j2 # Paths to apply security restrictions to opa_policy_restricted_paths: [] # Whitelist access based on the server's hostname opa_policy_server_host: "{{ ansible_host }}" # Logging level for the OPA server opa_log_level: debug opa_log_level: info # Settings for the opa image opa_image_prefix: "{{ image_prefix }}" Loading
deploy/ansible/roles/auth/tasks/auth_install.yml +1 −1 Original line number Diff line number Diff line Loading @@ -11,7 +11,7 @@ - name: Write rego policy file template: src: "{{ auth_policy_template }}" src: "{{ opa_policy_template }}" dest: /esg/config/auth/policy.rego - name: Write auth service settings Loading
deploy/ansible/roles/auth/templates/policy.rego.j2 +1 −1 Original line number Diff line number Diff line Loading @@ -25,7 +25,7 @@ allowed_hosts := { } # Check requested path against restricted paths {% for restricted_path in auth_policy_restricted_paths %} {% for restricted_path in opa_policy_restricted_paths %} violation["{{ restricted_path['name'] }}"] { regex.match("{{ restricted_path['path'] }}", resource_path) not has_group("{{ restricted_path['group'] }}") Loading
