You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/Associating policy with AAP resources.md
+10-9Lines changed: 10 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -33,25 +33,27 @@ allowed := {
33
33
1.**Package Declaration**: Defines the namespace for your policy
34
34
2.**Rules**: Define the policy logic and return a decision object
35
35
36
+
Note that these components comprise the OPA policy name, which is formatted as `{package}/{rule}`. You will enter the OPA policy name when configuring enforcement points.
37
+
36
38
## Associating Policies with AAP Resources
37
39
38
40
### Available Enforcement Points
39
41
40
-
You can associate policies with the following AAP resources:
42
+
You can create an enforcement point by associating a policy with the following AAP resources:
41
43
42
-
1.**Organization Level**
44
+
1.**Organizations**
43
45
- Affects all job templates within an Organization
44
46
- Provides broad control over automation within organizational boundaries
45
47
46
-
2.**Inventory Level**
48
+
2.**Inventories**
47
49
- Affects all jobs using a specified Inventory
48
50
- Controls access to specific infrastructure resources
49
51
50
-
3.**Job Template Level**
52
+
3.**Job Templates**
51
53
- Affects jobs launched from a specific Job Template
52
54
- Provides granular control over specific automation tasks
53
55
54
-
### How to Associate Policies
56
+
### How to Associate a Policy with a Resource
55
57
56
58
#### 1. Job Template Level
57
59
@@ -102,15 +104,14 @@ Policy evaluation is integrated into the job lifecycle as a dedicated phase call
102
104
3.**Policy Evaluation**:
103
105
- AAP sends the collected policies to the configured OPA server for evaluation
104
106
- Each policy is evaluated against the job context
105
-
-If any policy evaluation:
107
+
-The job will be blocked if any policy evaluation:
106
108
- Returns `"allowed": false`, or
107
109
- Fails to evaluate
108
-
The job will be blocked
109
110
110
111
4.**Job State Transition**:
111
112
- If all policies allow the job:
112
-
-Job proceeds to playbook execution
113
+
-The job proceeds to playbook execution
113
114
- If any policy blocks the job:
114
-
-Job transitions to "Error" state
115
+
-The job transitions to "Error" state
115
116
- Playbook execution is prevented
116
117
- Error messages from policy violations are recorded
0 commit comments