policy.yaml¶
Use the policy.yaml
file to define additional access controls that will be
applied to Aodh:
#"context_is_admin": "role:admin"
#"segregation": "rule:context_is_admin"
#"admin_or_owner": "rule:context_is_admin or project_id:%(project_id)s"
#"default": "rule:context_is_admin or project_id:%(project_id)s"
# Get an alarm.
# GET /v2/alarms/{alarm_id}
#"telemetry:get_alarm": "rule:context_is_admin or project_id:%(project_id)s"
# Get all alarms, based on the query provided.
# GET /v2/alarms
#"telemetry:get_alarms": "rule:context_is_admin or project_id:%(project_id)s"
# Get alarms of all projects.
# GET /v2/alarms
#"telemetry:get_alarms:all_projects": "rule:context_is_admin"
# Get all alarms, based on the query provided.
# POST /v2/query/alarms
#"telemetry:query_alarm": "rule:context_is_admin or project_id:%(project_id)s"
# Create a new alarm.
# POST /v2/alarms
#"telemetry:create_alarm": ""
# Modify this alarm.
# PUT /v2/alarms/{alarm_id}
#"telemetry:change_alarm": "rule:context_is_admin or project_id:%(project_id)s"
# Delete this alarm.
# DELETE /v2/alarms/{alarm_id}
#"telemetry:delete_alarm": "rule:context_is_admin or project_id:%(project_id)s"
# Get the state of this alarm.
# GET /v2/alarms/{alarm_id}/state
#"telemetry:get_alarm_state": "rule:context_is_admin or project_id:%(project_id)s"
# Set the state of this alarm.
# PUT /v2/alarms/{alarm_id}/state
#"telemetry:change_alarm_state": "rule:context_is_admin or project_id:%(project_id)s"
# Assembles the alarm history requested.
# GET /v2/alarms/{alarm_id}/history
#"telemetry:alarm_history": "rule:context_is_admin or project_id:%(project_id)s"
# Define query for retrieving AlarmChange data.
# POST /v2/query/alarms/history
#"telemetry:query_alarm_history": "rule:context_is_admin or project_id:%(project_id)s"
# Update resources quotas for project.
# POST /v2/quotas
#"telemetry:update_quotas": "rule:context_is_admin"
# Delete resources quotas for project.
# DELETE /v2/quotas/{project_id}
#"telemetry:delete_quotas": "rule:context_is_admin"