policy.yaml

Use the policy.yaml file to define additional access controls that will be applied to Aodh:

#
#"context_is_admin": "role:admin"

#
#"segregation": "rule:context_is_admin"

#
#"admin_or_owner": "rule:context_is_admin or project_id:%(project_id)s"

#
#"default": "rule:context_is_admin or project_id:%(project_id)s"

# Get an alarm.
# GET  /v2/alarms/{alarm_id}
#"telemetry:get_alarm": "rule:context_is_admin or project_id:%(project_id)s"

# Get all alarms, based on the query provided.
# GET  /v2/alarms
#"telemetry:get_alarms": "rule:context_is_admin or project_id:%(project_id)s"

# Get alarms of all projects.
# GET  /v2/alarms
#"telemetry:get_alarms:all_projects": "rule:context_is_admin"

# Get all alarms, based on the query provided.
# POST  /v2/query/alarms
#"telemetry:query_alarm": "rule:context_is_admin or project_id:%(project_id)s"

# Create a new alarm.
# POST  /v2/alarms
#"telemetry:create_alarm": ""

# Modify this alarm.
# PUT  /v2/alarms/{alarm_id}
#"telemetry:change_alarm": "rule:context_is_admin or project_id:%(project_id)s"

# Delete this alarm.
# DELETE  /v2/alarms/{alarm_id}
#"telemetry:delete_alarm": "rule:context_is_admin or project_id:%(project_id)s"

# Get the state of this alarm.
# GET  /v2/alarms/{alarm_id}/state
#"telemetry:get_alarm_state": "rule:context_is_admin or project_id:%(project_id)s"

# Set the state of this alarm.
# PUT  /v2/alarms/{alarm_id}/state
#"telemetry:change_alarm_state": "rule:context_is_admin or project_id:%(project_id)s"

# Assembles the alarm history requested.
# GET  /v2/alarms/{alarm_id}/history
#"telemetry:alarm_history": "rule:context_is_admin or project_id:%(project_id)s"

# Define query for retrieving AlarmChange data.
# POST  /v2/query/alarms/history
#"telemetry:query_alarm_history": "rule:context_is_admin or project_id:%(project_id)s"

# Update resources quotas for project.
# POST  /v2/quotas
#"telemetry:update_quotas": "rule:context_is_admin"

# Delete resources quotas for project.
# DELETE  /v2/quotas/{project_id}
#"telemetry:delete_quotas": "rule:context_is_admin"