Aetos Sample Policy Configuration File

The following is an overview of all available policies in Aetos. For a sample configuration file, refer to policy.yaml.

aetos

segregation
Default:

rule:context_is_admin

(no description provided)

telemetry:admin_delete_metrics
Default:

role:admin and project_id:%(project_id)s

Operations:

  • POST /api/v1/admin/tsdb/delete_series

Scope Types:

  • project

Delete metrics.

telemetry:admin_snapshot
Default:

role:admin and project_id:%(project_id)s

Operations:

  • POST /api/v1/admin/tsdb/snapshot

Scope Types:

  • project

Take snapshot of the database.

telemetry:admin_clean_tombstones
Default:

role:admin and project_id:%(project_id)s

Operations:

  • POST /api/v1/admin/tsdb/clean_tombstones

Scope Types:

  • project

Clean tombstones.

telemetry:query
Default:

role:reader and project_id:%(project_id)s

Operations:

  • GET /api/v1/query

Scope Types:

  • project

Prometheus Query endpoint with tenancy enforced.

telemetry:query:all_projects
Default:

(role:admin and project_id:%(project_id)s) or (role:service)

Operations:

  • GET /api/v1/query

Scope Types:

  • project

Prometheus Query endpoint without tenancy enforced.

telemetry:label
Default:

role:reader and project_id:%(project_id)s

Operations:

  • GET /api/v1/label

Scope Types:

  • project

Prometheus label endpoint with tenancy enforced.

telemetry:label:all_projects
Default:

(role:admin and project_id:%(project_id)s) or (role:service)

Operations:

  • GET /api/v1/label

Scope Types:

  • project

Prometheus label endpoint without tenancy enforced.

telemetry:labels
Default:

role:reader and project_id:%(project_id)s

Operations:

  • GET /api/v1/labels

Scope Types:

  • project

Prometheus labels endpoint with tenancy enforced.

telemetry:labels:all_projects
Default:

(role:admin and project_id:%(project_id)s) or (role:service)

Operations:

  • GET /api/v1/labels

Scope Types:

  • project

Prometheus labels endpoint without tenancy enforced.

telemetry:series
Default:

role:reader and project_id:%(project_id)s

Operations:

  • GET /api/v1/series

Scope Types:

  • project

Prometheus series endpoint with tenancy enforced.

telemetry:series:all_projects
Default:

(role:admin and project_id:%(project_id)s) or (role:service)

Operations:

  • GET /api/v1/series

Scope Types:

  • project

Prometheus series endpoint without tenancy enforced.

telemetry:targets
Default:

(role:admin and project_id:%(project_id)s) or (role:service)

Operations:

  • GET /api/v1/targets

Scope Types:

  • project

Prometheus targets endpoint.

telemetry:status
Default:

(role:admin and project_id:%(project_id)s) or (role:service)

Operations:

  • GET /api/v1/status

Scope Types:

  • project

Prometheus status endpoint.