Aodh Sample Policy Configuration File

Warning

JSON formatted policy file is deprecated since Aodh 12.0.0 (Wallaby). This oslopolicy-convert-json-to-yaml tool will migrate your existing JSON-formatted policy file to YAML in a backward-compatible way.

The following is an overview of all available policies in Aodh. For a sample configuration file, refer to policy.yaml.

aodh

context_is_admin
Default:

role:admin

(no description provided)

segregation
Default:

rule:context_is_admin

(no description provided)

admin_or_owner
Default:

rule:context_is_admin or project_id:%(project_id)s

(no description provided)

default
Default:

rule:context_is_admin or project_id:%(project_id)s

(no description provided)

telemetry:get_alarm
Default:

(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)

Operations:
  • GET /v2/alarms/{alarm_id}

Scope Types:
  • system

  • project

Get an alarm.

telemetry:get_alarms
Default:

(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)

Operations:
  • GET /v2/alarms

Scope Types:
  • system

  • project

Get all alarms, based on the query provided.

telemetry:get_alarms:all_projects
Default:

role:reader and system_scope:all

Operations:
  • GET /v2/alarms

Scope Types:
  • system

  • project

Get alarms of all projects.

telemetry:query_alarm
Default:

(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)

Operations:
  • POST /v2/query/alarms

Scope Types:
  • system

  • project

Get all alarms, based on the query provided.

telemetry:create_alarm
Default:

(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)

Operations:
  • POST /v2/alarms

Scope Types:
  • system

  • project

Create a new alarm.

telemetry:change_alarm
Default:

(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)

Operations:
  • PUT /v2/alarms/{alarm_id}

Scope Types:
  • system

  • project

Modify this alarm.

telemetry:delete_alarm
Default:

(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)

Operations:
  • DELETE /v2/alarms/{alarm_id}

Scope Types:
  • system

  • project

Delete this alarm.

telemetry:get_alarm_state
Default:

(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)

Operations:
  • GET /v2/alarms/{alarm_id}/state

Scope Types:
  • system

  • project

Get the state of this alarm.

telemetry:change_alarm_state
Default:

(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)

Operations:
  • PUT /v2/alarms/{alarm_id}/state

Scope Types:
  • system

  • project

Set the state of this alarm.

telemetry:alarm_history
Default:

(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)

Operations:
  • GET /v2/alarms/{alarm_id}/history

Scope Types:
  • system

  • project

Assembles the alarm history requested.

telemetry:query_alarm_history
Default:

(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)

Operations:
  • POST /v2/query/alarms/history

Scope Types:
  • system

  • project

Define query for retrieving AlarmChange data.

telemetry:update_quotas
Default:

role:admin and system_scope:all

Operations:
  • POST /v2/quotas

Scope Types:
  • system

Update resources quotas for project.

telemetry:delete_quotas
Default:

role:admin and system_scope:all

Operations:
  • DELETE /v2/quotas/{project_id}

Scope Types:
  • system

Delete resources quotas for project.