oci_policy_facts – Retrieve details about a policy or policies attached to a compartment or tenancy in OCI Identity and Access Management service

New in version 2.5.

Synopsis

  • This module retrieves a specific policy or all the policies attached to a specified compartment in OCI Identity and Access Management service.

Requirements

The below requirements are needed on the host that executes this module.

Parameters

Parameter Choices/Defaults Comments
api_user
string
The OCID of the user, on whose behalf, OCI APIs are invoked. If not set, then the value of the OCI_USER_OCID environment variable, if any, is used. This option is required if the user is not specified through a configuration file (See config_file_location). To get the user's OCID, please refer https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm.
api_user_fingerprint
string
Fingerprint for the key pair being used. If not set, then the value of the OCI_USER_FINGERPRINT environment variable, if any, is used. This option is required if the key fingerprint is not specified through a configuration file (See config_file_location). To get the key pair's fingerprint value please refer https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm.
api_user_key_file
string
Full path and filename of the private key (in PEM format). If not set, then the value of the OCI_USER_KEY_FILE variable, if any, is used. This option is required if the private key is not specified through a configuration file (See config_file_location). If the key is encrypted with a pass-phrase, the api_user_key_pass_phrase option must also be provided.
api_user_key_pass_phrase
string
Passphrase used by the key referenced in api_user_key_file, if it is encrypted. If not set, then the value of the OCI_USER_KEY_PASS_PHRASE variable, if any, is used. This option is required if the key passphrase is not specified through a configuration file (See config_file_location).
auth_type
string
    Choices:
  • api_key ←
  • instance_principal
The type of authentication to use for making API requests. By default auth_type="api_key" based authentication is performed and the API key (see api_user_key_file) in your config file will be used. If this 'auth_type' module option is not specified, the value of the OCI_ANSIBLE_AUTH_TYPE, if any, is used. Use auth_type="instance_principal" to use instance principal based authentication when running ansible playbooks within an OCI compute instance.
compartment_id
-
The OCID of the compartment (remember that the tenancy is simply the root compartment). Required to list all the policies in a compartment.
config_file_location
string
Path to configuration file. If not set then the value of the OCI_CONFIG_FILE environment variable, if any, is used. Otherwise, defaults to ~/.oci/config.
config_profile_name
string
The profile to load from the config file referenced by config_file_location. If not set, then the value of the OCI_CONFIG_PROFILE environment variable, if any, is used. Otherwise, defaults to the "DEFAULT" profile in config_file_location.
name
string
Use name along with the other options to return only resources that match the given name exactly.
policy_id
-
The OCID of the policy. Required when retrieving a specific policy.

aliases: id
region
string
The Oracle Cloud Infrastructure region to use for all OCI API requests. If not set, then the value of the OCI_REGION variable, if any, is used. This option is required if the region is not specified through a configuration file (See config_file_location). Please refer to https://docs.us-phoenix-1.oraclecloud.com/Content/General/Concepts/regions.htm for more information on OCI regions.
tenancy
string
OCID of your tenancy. If not set, then the value of the OCI_TENANCY variable, if any, is used. This option is required if the tenancy OCID is not specified through a configuration file (See config_file_location). To get the tenancy OCID, please refer https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm

Examples

- name: Get all the policies attached to a compartment or tenancy
  oci_policy_facts:
    compartment_id: 'ocid1.compartment.oc1..xxxxxEXAMPLExxxxx'

- name: Get details of a specific policy
  oci_policy_facts:
    id: ocid1.policy.oc1..xxxxxEXAMPLExxxxx

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
policies
complex
on success
Information of one or more policies

Sample:
[{'lifecycle_state': 'ACTIVE', 'inactive_status': None, 'statements': ['Allow group GroupAdmins to manage users in compartment Project-A'], 'name': 'mypolicy', 'compartment_id': 'ocid1.compartment.oc1..xxxxxEXAMPLExxxxx', 'time_created': '2017-11-01T14:59:51.728000+00:00', 'version_date': '2017-11-01T00:00:00+00:00', 'id': 'ocid1.policy.oc1..xxxxxEXAMPLExxxxx', 'description': 'GroupAdmins can add/remove users in Project-A compartment'}]
  compartment_id
string
always
The OCID of the compartment containing the policy (either the tenancy or another compartment).

Sample:
ocid1.compartment.oc1..xxxxxEXAMPLExxxxx
  description
string
always
The description assigned to the policy.

Sample:
GroupAdmins can add/remove users in Project-A compartment
  id
string
always
The OCID of the policy.

Sample:
ocid1.policy.oc1..xxxxxEXAMPLExxxxx
  inactive_status
integer
always
The detailed status of INACTIVE lifecycleState.

Sample:
5
  lifecycle_state
string
always
The policy's current state.

Sample:
ACTIVE
  name
string
always
The name assigned to the policy during creation.

Sample:
mypolicy
  statements
list[string]
always
A list of one or more policy statements written in the policy language.

Sample:
['Allow group GroupAdmins to manage users in compartment Project-A']
  time_created
datetime
always
Date and time the policy was created, in the format defined by RFC3339.

Sample:
2017-11-01 14:59:51.728000
  version_date
datetime
always
The version of the policy. If null or set to an empty string, when a request comes in for authorization, the policy will be evaluated according to the current behavior of the services at that moment. If set to a particular date (YYYY-MM-DD), the policy will be evaluated according to the behavior of the services on that date.

Sample:
2017-11-01 00:00:00


Status

  • This module is not guaranteed to have a backwards compatible interface. [preview]
  • This module is maintained by the Ansible Community. [community]

Authors

  • Rohit Chaware (@rohitChaware)

Hint

If you notice any issues in this documentation you can edit this document to improve it.