This part of the documentation covers various aspects of Bosun administration.
Bosun currently supports two types of authentication when authentication is enabled:
The two intended uses of these methods is user authentication and api authentication respectively. Authorization is a new feature in Bosun 0.6.0. Even when authorization is enabled, Bosun should still be run inside a trusted network.
The authentication feature gets enabled when you define the AuthConf section of the system configuration. Authentication tokens can be set up via the UI by setting AuthDisabled before authentication is enabled.
AuthDisabled makes it so the authentication feature is enabled but authentication itself is not enabled. With
AuthDisabled set to true anonymous users can create auth tokens via Bosun’s user interface.
When the authentication feature is enabled, you should see a Manage Auth Tokens menu item under your username in Bosun’s UI in the upper right corner. You will be able to see this if
AuthDisabled is true or if you have the
Manage Tokens Permission set for your user.
From there you can create new auth tokens in two steps as show in the following images. Note that once you retrieve a token from the second screen, you will not be able to view the token itself again. You will still be able to see the name, description, permissions set, and the last time it was used.
Permissions provide the ability to certain things with both, and Roles are a collection of permissions for convenience. A user could have no role and an arbitrary collection of permissions.
|View Dashboard||Admin, Writer, Reader||Can view dashboard and alert state data, metrics, and graphs|
|View Config||Admin, Writer, Reader||Can view bosun configuration page|
|View Annotations||Admin, Writer, Reader||Can view annotations on graph page|
|Put Data||Admin, Writer||Can put and index OpenTSDB data and metadata|
|Actions||Admin, Writer||Can acknowledge and close alerts|
|Run Tests||Admin, Writer||Can execute expressions, graphs, and rule tests|
|Save Config||Admin, Writer||Can alter and save bosun rule config|
|Silence||Admin, Writer||Can add and manage silences|
|Manage Tokens||Admin||Can manage authorization tokens|
|Set Username||Admin||Allows external services to set a different username in api requests|