oci_customer_secret_key - Create, update and delete Customer Secret Keys for the specified user in OCI.¶
New in version 2.5.
Synopsis¶
- This module allows the user to create, update and delete Customer Secret Keys in OCI. A CustomerSecretKey is an Oracle-provided key for using the Object Storage Service’s Amazon S3 compatible API. A user can have up to two secret keys at a time. Note: The secret key is always an Oracle-generated string; you can’t change it to a string of your choice.
Requirements¶
The below requirements are needed on the host that executes this module.
- python >= 2.6
- Python SDK for Oracle Cloud Infrastructure https://oracle-cloud-infrastructure-python-sdk.readthedocs.io
Parameters¶
Parameter | Choices/Defaults | Comments |
---|---|---|
api_user |
The OCID of the user, on whose behalf, OCI APIs are invoked. If not set, then the value of the OCI_USER_OCID environment variable, if any, is used. This option is required if the user is not specified through a configuration file (See
config_file_location ). To get the user's OCID, please refer https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm. |
|
api_user_fingerprint |
Fingerprint for the key pair being used. If not set, then the value of the OCI_USER_FINGERPRINT environment variable, if any, is used. This option is required if the key fingerprint is not specified through a configuration file (See
config_file_location ). To get the key pair's fingerprint value please refer https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm. |
|
api_user_key_file |
Full path and filename of the private key (in PEM format). If not set, then the value of the OCI_USER_KEY_FILE variable, if any, is used. This option is required if the private key is not specified through a configuration file (See
config_file_location ). If the key is encrypted with a pass-phrase, the api_user_key_pass_phrase option must also be provided. |
|
api_user_key_pass_phrase |
Passphrase used by the key referenced in
api_user_key_file , if it is encrypted. If not set, then the value of the OCI_USER_KEY_PASS_PHRASE variable, if any, is used. This option is required if the key passphrase is not specified through a configuration file (See config_file_location ). |
|
auth_type |
|
The type of authentication to use for making API requests. By default
auth_type="api_key" based authentication is performed and the API key (see api_user_key_file) in your config file will be used. If this 'auth_type' module option is not specified, the value of the OCI_ANSIBLE_AUTH_TYPE, if any, is used. Use auth_type="instance_principal" to use instance principal based authentication when running ansible playbooks within an OCI compute instance. |
config_file_location |
Path to configuration file. If not set then the value of the OCI_CONFIG_FILE environment variable, if any, is used. Otherwise, defaults to ~/.oci/config.
|
|
config_profile_name |
Default: DEFAULT
|
The profile to load from the config file referenced by
config_file_location . If not set, then the value of the OCI_CONFIG_PROFILE environment variable, if any, is used. Otherwise, defaults to the "DEFAULT" profile in config_file_location . |
customer_secret_key_id |
The OCID of the Customer Secret Key. Required when the secret keys's description needs to be updated with state=present and for deleting a secret key with state=absent
aliases: id |
|
display_name |
The display name you assign to the secret key. Does not have to be unique, and it's changeable. Required when creating a customer secret key. The length of the description must be between 1 and 200 characters.
aliases: name |
|
force_create
bool |
|
Whether to attempt non-idempotent creation of a resource. By default, create resource is an idempotent operation, and doesn't create the resource if it already exists. Setting this option to true, forcefully creates a copy of the resource, even if it already exists.This option is mutually exclusive with key_by.
|
key_by |
The list of comma-separated attributes of this resource which should be used to uniquely identify an instance of the resource. By default, all the attributes of a resource except freeform_tags are used to uniquely identify a resource.
|
|
region |
The Oracle Cloud Infrastructure region to use for all OCI API requests. If not set, then the value of the OCI_REGION variable, if any, is used. This option is required if the region is not specified through a configuration file (See
config_file_location ). Please refer to https://docs.us-phoenix-1.oraclecloud.com/Content/General/Concepts/regions.htm for more information on OCI regions. |
|
state |
|
The state of the customer secret key that must be asserted to. When state=present, and the secret key doesn't exist, the secret key is created. When state=absent, the secret key is deleted.
|
tenancy |
OCID of your tenancy. If not set, then the value of the OCI_TENANCY variable, if any, is used. This option is required if the tenancy OCID is not specified through a configuration file (See
config_file_location ). To get the tenancy OCID, please refer https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm |
|
user_id
required |
The OCID of the user.
|
Notes¶
Note
- For OCI python sdk configuration, please refer to https://oracle-cloud-infrastructure-python-sdk.readthedocs.io/en/latest/configuration.html
Examples¶
- name: Create a new customer secret key
oci_customer_secret_key:
user_id: "ocid1.user.oc1..xxxxxEXAMPLExxxxx"
name: "my first customer secret key"
- name: Update a customer secret key's display name
oci_customer_secret_key:
id: "ocid1.credential.oc1..xxxxxEXAMPLExxxxx"
user_id: "ocid1.user.oc1..xxxxxEXAMPLExxxxx"
name: "customer secret key #1"
- name: Delete a customer secret key
oci_customer_secret_key:
id: "ocid1.credential.oc1..xxxxxEXAMPLExxxxx"
user_id: "ocid1.user.oc1..xxxxxEXAMPLExxxxx"
state: "absent"
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
oci_customer_secret_key
dict
|
On success |
Details of the Customer Secret Key. The "key" attribute is returned only during creation of the customer secret key.
Sample:
{'lifecycle_state': 'ACTIVE', 'inactive_status': 'None', 'display_name': 'My first customer secret key description 900', 'time_created': '2018-01-08T05:20:23.353000+00:00', 'key': 'wtUboLOGc3p8t0LG6d/wVJF+fwj0R700bW87LK41+kU=', 'user_id': 'ocid1.user.oc1..xxxxxEXAMPLExxxxx', 'time_expires': 'None', 'id': 'ocid1.credential.oc1..xxxxxEXAMPLExxxxx'}
|
Status¶
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
Author¶
- Sivakumar Thyagarajan (@sivakumart)
Hint
If you notice any issues in this documentation you can edit this document to improve it.