if opaURL == "" {
			return args, nil
		}
	}
	authToken := env.Get(EnvIamOpaAuthToken, "")
	if authToken == "" {
		authToken = env.Get(EnvPolicyOpaAuthToken, kv.Get(AuthToken))
	}

	u, err := xnet.ParseHTTPURL(opaURL)
	if err != nil {
		return args, err
	}
	args = Args{
		URL:         u,
		AuthToken:   authToken,
		Transport:   transport,
		CloseRespFn: closeRespFn,
	}

			Type:        "url",
		},
		config.HelpKV{
			Key:         AuthToken,
			Description: "authorization token for plugin hook endpoint" + defaultHelpPostfix(AuthToken),
			Optional:    true,
			Type:        "string",
			Sensitive:   true,
			Secret:      true,
		},
		config.HelpKV{
			Key:         RolePolicy,

			Key:   URL,
			Value: "",
		},
		config.KV{
			Key:   AuthToken,
			Value: "",
		},
		config.KV{
			Key:   EnableHTTP2,
			Value: "off",
		},
	}
)

// Args for general purpose policy engine configuration.
type Args struct {
	URL         *xnet.URL             `json:"url"`
	AuthToken   string                `json:"authToken"`
	Transport   http.RoundTripper     `json:"-"`

		}

		cfg.HTTP[k] = http.Config{
			HTTPTimeout: httpTimeout,
			Enabled:     true,
			Endpoint:    url,
			AuthToken:   getCfgVal(EnvLoggerWebhookAuthToken, k, kv.Get(AuthToken)),
			ClientCert:  clientCert,
			ClientKey:   clientKey,
			Proxy:       getCfgVal(EnvLoggerWebhookProxy, k, kv.Get(Proxy)),
			BatchSize:   batchSize,
			QueueSize:   queueSize,

	Enabled     bool              `json:"enabled"`
	Name        string            `json:"name"`
	UserAgent   string            `json:"userAgent"`
	Endpoint    *xnet.URL         `json:"endpoint"`
	AuthToken   string            `json:"authToken"`
	ClientCert  string            `json:"clientCert"`
	ClientKey   string            `json:"clientKey"`
	BatchSize   int               `json:"batchSize"`
	QueueSize   int               `json:"queueSize"`

		if k != config.Default {
			clientKeyEnv = clientKeyEnv + config.Default + k
		}

		webhookArgs := target.WebhookArgs{
			Enable:     enabled,
			Endpoint:   *url,
			Transport:  transport,
			AuthToken:  env.Get(authEnv, kv.Get(target.WebhookAuthToken)),
			ClientCert: env.Get(clientCertEnv, kv.Get(target.WebhookClientCert)),
			ClientKey:  env.Get(clientKeyEnv, kv.Get(target.WebhookClientKey)),
		}

		manager, err := NewManager(ctx, ManagerOptions{
			Dialer: ConnectWS(dialer.DialContext,
				dummyNewToken,
				nil),
			Local:        host,
			Hosts:        hosts,
			AuthFn:       dummyNewToken,
			AuthToken:    dummyTokenValidate,
			BlockConnect: ready,
			RoutePath:    RoutePath,
		})
		if err != nil {
			return nil, err
		}
		m := mux.NewRouter()
		m.Handle(RoutePath, manager.Handler(dummyRequestValidate))

		cfg.Compression.MimeTypes = strings.Split(compress.DefaultMimeTypes, config.ValueSeparator)
	case "30":
		// V30 -> V31
		cfg.OpenID = openid.Config{}
		cfg.Policy.OPA = opa.Args{
			URL:       &xnet.URL{},
			AuthToken: "",
		}
	case "31":
		// V31 -> V32
		cfg.Notify.NSQ = make(map[string]target.NSQArgs)
		cfg.Notify.NSQ["1"] = target.NSQArgs{}
	}

	// Move to latest.
	cfg.Version = "33"

				if err != nil {
					iamLogIf(ctx, fmt.Errorf("Unable to initialize AuthZPlugin from legacy OPA config: %w", err))
				} else {
					authZPluginCfg.URL = opaCfg.URL
					authZPluginCfg.AuthToken = opaCfg.AuthToken
					authZPluginCfg.Transport = opaCfg.Transport
					authZPluginCfg.CloseRespFn = opaCfg.CloseRespFn
					authZInit = true
				}
			}
			if authZInit {

		if k != config.Default {
			clientKeyEnv = clientKeyEnv + config.Default + k
		}

		webhookArgs := target.WebhookArgs{
			Enable:     enabled,
			Endpoint:   *url,
			Transport:  transport,
			AuthToken:  env.Get(authEnv, kv.Get(target.WebhookAuthToken)),
			QueueDir:   env.Get(queueDirEnv, kv.Get(target.WebhookQueueDir)),
			QueueLimit: uint64(queueLimit),