oci_policy_facts - Retrieve details about a policy or policies attached to a compartment or tenancy in OCI Identity and Access Management service¶
New in version 2.5.
Synopsis¶
- This module retrieves a specific policy or all the policies attached to a specified compartment in OCI Identity and Access Management service.
Requirements¶
The below requirements are needed on the host that executes this module.
- python >= 2.6
- Python SDK for Oracle Cloud Infrastructure https://oracle-cloud-infrastructure-python-sdk.readthedocs.io
Parameters¶
| Parameter | Choices/Defaults | Comments |
|---|---|---|
| api_user |
The OCID of the user, on whose behalf, OCI APIs are invoked. If not set, then the value of the OCI_USER_OCID environment variable, if any, is used. This option is required if the user is not specified through a configuration file (See
config_file_location). To get the user's OCID, please refer https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm. |
|
| api_user_fingerprint |
Fingerprint for the key pair being used. If not set, then the value of the OCI_USER_FINGERPRINT environment variable, if any, is used. This option is required if the key fingerprint is not specified through a configuration file (See
config_file_location). To get the key pair's fingerprint value please refer https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm. |
|
| api_user_key_file |
Full path and filename of the private key (in PEM format). If not set, then the value of the OCI_USER_KEY_FILE variable, if any, is used. This option is required if the private key is not specified through a configuration file (See
config_file_location). If the key is encrypted with a pass-phrase, the api_user_key_pass_phrase option must also be provided. |
|
| api_user_key_pass_phrase |
Passphrase used by the key referenced in
api_user_key_file, if it is encrypted. If not set, then the value of the OCI_USER_KEY_PASS_PHRASE variable, if any, is used. This option is required if the key passphrase is not specified through a configuration file (See config_file_location). |
|
| auth_type |
|
The type of authentication to use for making API requests. By default
auth_type="api_key" based authentication is performed and the API key (see api_user_key_file) in your config file will be used. If this 'auth_type' module option is not specified, the value of the OCI_ANSIBLE_AUTH_TYPE, if any, is used. Use auth_type="instance_principal" to use instance principal based authentication when running ansible playbooks within an OCI compute instance. |
| compartment_id |
The OCID of the compartment (remember that the tenancy is simply the root compartment). Required to list all the policies in a compartment.
|
|
| config_file_location |
Path to configuration file. If not set then the value of the OCI_CONFIG_FILE environment variable, if any, is used. Otherwise, defaults to ~/.oci/config.
|
|
| config_profile_name |
Default: DEFAULT
|
The profile to load from the config file referenced by
config_file_location. If not set, then the value of the OCI_CONFIG_PROFILE environment variable, if any, is used. Otherwise, defaults to the "DEFAULT" profile in config_file_location. |
| name |
Use name along with the other options to return only resources that match the given name exactly.
|
|
| policy_id |
The OCID of the policy. Required when retrieving a specific policy.
aliases: id |
|
| region |
The Oracle Cloud Infrastructure region to use for all OCI API requests. If not set, then the value of the OCI_REGION variable, if any, is used. This option is required if the region is not specified through a configuration file (See
config_file_location). Please refer to https://docs.us-phoenix-1.oraclecloud.com/Content/General/Concepts/regions.htm for more information on OCI regions. |
|
| tenancy |
OCID of your tenancy. If not set, then the value of the OCI_TENANCY variable, if any, is used. This option is required if the tenancy OCID is not specified through a configuration file (See
config_file_location). To get the tenancy OCID, please refer https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm |
Notes¶
Note
- For OCI python sdk configuration, please refer to https://oracle-cloud-infrastructure-python-sdk.readthedocs.io/en/latest/configuration.html
Examples¶
- name: Get all the policies attached to a compartment or tenancy
oci_policy_facts:
compartment_id: 'ocid1.compartment.oc1..xxxxxEXAMPLExxxxx'
- name: Get details of a specific policy
oci_policy_facts:
id: ocid1.policy.oc1..xxxxxEXAMPLExxxxx
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description | |
|---|---|---|---|
|
policies
complex
|
on success |
Information of one or more policies
Sample:
[{'lifecycle_state': 'ACTIVE', 'inactive_status': None, 'statements': ['Allow group GroupAdmins to manage users in compartment Project-A'], 'name': 'mypolicy', 'compartment_id': 'ocid1.compartment.oc1..xxxxxEXAMPLExxxxx', 'time_created': '2017-11-01T14:59:51.728000+00:00', 'version_date': '2017-11-01T00:00:00+00:00', 'id': 'ocid1.policy.oc1..xxxxxEXAMPLExxxxx', 'description': 'GroupAdmins can add/remove users in Project-A compartment'}]
|
|
|
lifecycle_state
string
|
always |
The policy's current state.
Sample:
ACTIVE
|
|
|
inactive_status
int
|
always |
The detailed status of INACTIVE lifecycleState.
Sample:
5
|
|
|
statements
list[string]
|
always |
A list of one or more policy statements written in the policy language.
Sample:
['Allow group GroupAdmins to manage users in compartment Project-A']
|
|
|
name
string
|
always |
The name assigned to the policy during creation.
Sample:
mypolicy
|
|
|
compartment_id
string
|
always |
The OCID of the compartment containing the policy (either the tenancy or another compartment).
Sample:
ocid1.compartment.oc1..xxxxxEXAMPLExxxxx
|
|
|
time_created
datetime
|
always |
Date and time the policy was created, in the format defined by RFC3339.
Sample:
2017-11-01 14:59:51.728000
|
|
|
version_date
datetime
|
always |
The version of the policy. If null or set to an empty string, when a request comes in for authorization, the policy will be evaluated according to the current behavior of the services at that moment. If set to a particular date (YYYY-MM-DD), the policy will be evaluated according to the behavior of the services on that date.
Sample:
2017-11-01 00:00:00
|
|
|
id
string
|
always |
The OCID of the policy.
Sample:
ocid1.policy.oc1..xxxxxEXAMPLExxxxx
|
|
|
description
string
|
always |
The description assigned to the policy.
Sample:
GroupAdmins can add/remove users in Project-A compartment
|
|
Status¶
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
Author¶
- Rohit Chaware (@rohitChaware)
Hint
If you notice any issues in this documentation you can edit this document to improve it.