oracle.oci.oci_operator_access_control_access_request_actions – Perform actions on an AccessRequest resource in Oracle Cloud Infrastructure¶
Note
This plugin is part of the oracle.oci collection (version 5.0.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install oracle.oci
.
To use it in a playbook, specify: oracle.oci.oci_operator_access_control_access_request_actions
.
New in version 2.9.0: of oracle.oci
Synopsis¶
Perform actions on an AccessRequest resource in Oracle Cloud Infrastructure
For action=approve, approves an access request.
For action=interaction_request, posts query for additional information for the given access request.
For action=reject, rejects an access request.
For action=review, reviews the access request.
For action=revoke, revokes an already approved access request.
Requirements¶
The below requirements are needed on the host that executes this module.
python >= 3.6
Python SDK for Oracle Cloud Infrastructure https://oracle-cloud-infrastructure-python-sdk.readthedocs.io
Parameters¶
Parameter | Choices/Defaults | Comments |
---|---|---|
access_request_id
string
/ required
|
unique AccessRequest identifier
aliases: id |
|
action
string
/ required
|
|
The action to perform on the AccessRequest.
|
additional_message
string
|
Message that needs to be displayed to the Ops User.
Applicable only for action=approve.
|
|
api_user
string
|
The OCID of the user, on whose behalf, OCI APIs are invoked. If not set, then the value of the OCI_USER_ID environment variable, if any, is used. This option is required if the user is not specified through a configuration file (See
config_file_location ). To get the user's OCID, please refer https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm. |
|
api_user_fingerprint
string
|
Fingerprint for the key pair being used. If not set, then the value of the OCI_USER_FINGERPRINT environment variable, if any, is used. This option is required if the key fingerprint is not specified through a configuration file (See
config_file_location ). To get the key pair's fingerprint value please refer https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm. |
|
api_user_key_file
string
|
Full path and filename of the private key (in PEM format). If not set, then the value of the OCI_USER_KEY_FILE variable, if any, is used. This option is required if the private key is not specified through a configuration file (See
config_file_location ). If the key is encrypted with a pass-phrase, the api_user_key_pass_phrase option must also be provided. |
|
api_user_key_pass_phrase
string
|
Passphrase used by the key referenced in
api_user_key_file , if it is encrypted. If not set, then the value of the OCI_USER_KEY_PASS_PHRASE variable, if any, is used. This option is required if the key passphrase is not specified through a configuration file (See config_file_location ). |
|
approver_comment
string
|
Comment by the approver during approval.
Applicable only for action=approveaction=rejectaction=reviewaction=revoke.
|
|
audit_type
list
/ elements=string
|
Specifies the type of auditing to be enabled. There are two levels of auditing: command-level and keystroke-level. By default, auditing is enabled at the command level i.e., each command issued by the operator is audited. When keystroke-level is chosen, in addition to command level logging, key strokes are also logged.
Applicable only for action=approve.
|
|
auth_purpose
string
|
|
The auth purpose which can be used in conjunction with 'auth_type=instance_principal'. The default auth_purpose for instance_principal is None.
|
auth_type
string
|
|
The type of authentication to use for making API requests. By default
auth_type="api_key" based authentication is performed and the API key (see api_user_key_file) in your config file will be used. If this 'auth_type' module option is not specified, the value of the OCI_ANSIBLE_AUTH_TYPE, if any, is used. Use auth_type="instance_principal" to use instance principal based authentication when running ansible playbooks within an OCI compute instance. |
cert_bundle
string
|
The full path to a CA certificate bundle to be used for SSL verification. This will override the default CA certificate bundle. If not set, then the value of the OCI_ANSIBLE_CERT_BUNDLE variable, if any, is used.
|
|
config_file_location
string
|
Path to configuration file. If not set then the value of the OCI_CONFIG_FILE environment variable, if any, is used. Otherwise, defaults to ~/.oci/config.
|
|
config_profile_name
string
|
The profile to load from the config file referenced by
config_file_location . If not set, then the value of the OCI_CONFIG_PROFILE environment variable, if any, is used. Otherwise, defaults to the "DEFAULT" profile in config_file_location . |
|
more_info_details
string
|
questions for asking to provide more information to operators.
Applicable only for action=interaction_request.
|
|
realm_specific_endpoint_template_enabled
boolean
|
|
Enable/Disable realm specific endpoint template for service client. By Default, realm specific endpoint template is disabled. If not set, then the value of the OCI_REALM_SPECIFIC_SERVICE_ENDPOINT_TEMPLATE_ENABLED variable, if any, is used.
|
region
string
|
The Oracle Cloud Infrastructure region to use for all OCI API requests. If not set, then the value of the OCI_REGION variable, if any, is used. This option is required if the region is not specified through a configuration file (See
config_file_location ). Please refer to https://docs.us-phoenix-1.oraclecloud.com/Content/General/Concepts/regions.htm for more information on OCI regions. |
|
tenancy
string
|
OCID of your tenancy. If not set, then the value of the OCI_TENANCY variable, if any, is used. This option is required if the tenancy OCID is not specified through a configuration file (See
config_file_location ). To get the tenancy OCID, please refer https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm |
|
time_of_user_creation
string
|
The time when access request is scheduled to be approved in RFC 3339 timestamp format.Example: '2020-05-22T21:10:29.600Z'
Applicable only for action=approve.
|
|
wait
boolean
|
|
Whether to wait for create or delete operation to complete.
|
wait_timeout
integer
|
Time, in seconds, to wait when wait=yes. Defaults to 1200 for most of the services but some services might have a longer wait timeout.
|
Notes¶
Note
For OCI python sdk configuration, please refer to https://oracle-cloud-infrastructure-python-sdk.readthedocs.io/en/latest/configuration.html
Examples¶
- name: Perform action approve on access_request
oci_operator_access_control_access_request_actions:
# required
access_request_id: "ocid1.accessrequest.oc1..xxxxxxEXAMPLExxxxxx"
action: approve
# optional
audit_type: [ "audit_type_example" ]
additional_message: additional_message_example
time_of_user_creation: time_of_user_creation_example
approver_comment: approver_comment_example
- name: Perform action interaction_request on access_request
oci_operator_access_control_access_request_actions:
# required
access_request_id: "ocid1.accessrequest.oc1..xxxxxxEXAMPLExxxxxx"
action: interaction_request
# optional
more_info_details: more_info_details_example
- name: Perform action reject on access_request
oci_operator_access_control_access_request_actions:
# required
access_request_id: "ocid1.accessrequest.oc1..xxxxxxEXAMPLExxxxxx"
action: reject
# optional
approver_comment: approver_comment_example
- name: Perform action review on access_request
oci_operator_access_control_access_request_actions:
# required
access_request_id: "ocid1.accessrequest.oc1..xxxxxxEXAMPLExxxxxx"
action: review
# optional
approver_comment: approver_comment_example
- name: Perform action revoke on access_request
oci_operator_access_control_access_request_actions:
# required
access_request_id: "ocid1.accessrequest.oc1..xxxxxxEXAMPLExxxxxx"
action: revoke
# optional
approver_comment: approver_comment_example
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description | |
---|---|---|---|
access_request
complex
|
on success |
Details of the AccessRequest resource acted upon by the current operation
Sample:
{'access_reason_summary': 'access_reason_summary_example', 'action_requests_list': [], 'approver_comment': 'approver_comment_example', 'audit_type': [], 'closure_comment': 'closure_comment_example', 'compartment_id': 'ocid1.compartment.oc1..xxxxxxEXAMPLExxxxxx', 'defined_tags': {'Operations': {'CostCenter': 'US'}}, 'duration': 56, 'extend_duration': 56, 'freeform_tags': {'Department': 'Finance'}, 'id': 'ocid1.resource.oc1..xxxxxxEXAMPLExxxxxx', 'is_auto_approved': True, 'lifecycle_details': 'lifecycle_details_example', 'lifecycle_state': 'CREATED', 'opctl_additional_message': 'opctl_additional_message_example', 'opctl_id': 'ocid1.opctl.oc1..xxxxxxEXAMPLExxxxxx', 'opctl_name': 'opctl_name_example', 'operator_id': 'ocid1.operator.oc1..xxxxxxEXAMPLExxxxxx', 'reason': 'reason_example', 'request_id': 'ocid1.request.oc1..xxxxxxEXAMPLExxxxxx', 'resource_id': 'ocid1.resource.oc1..xxxxxxEXAMPLExxxxxx', 'resource_name': 'resource_name_example', 'resource_type': 'EXACC', 'severity': 'S1', 'sub_resource_list': [], 'system_message': 'system_message_example', 'time_of_creation': '2013-10-20T19:20:30+01:00', 'time_of_modification': '2013-10-20T19:20:30+01:00', 'time_of_user_creation': '2013-10-20T19:20:30+01:00', 'user_id': 'ocid1.user.oc1..xxxxxxEXAMPLExxxxxx', 'workflow_id': []}
|
|
access_reason_summary
string
|
on success |
Summary comment by the operator creating the access request.
Sample:
access_reason_summary_example
|
|
action_requests_list
list
/ elements=string
|
on success |
List of operator actions for which approval is sought by the operator user.
|
|
approver_comment
string
|
on success |
The last recent Comment entered by the approver of the request.
Sample:
approver_comment_example
|
|
audit_type
list
/ elements=string
|
on success |
Specifies the type of auditing to be enabled. There are two levels of auditing: command-level and keystroke-level. By default, auditing is enabled at the command level i.e., each command issued by the operator is audited. When keystroke-level is chosen, in addition to command level logging, key strokes are also logged.
|
|
closure_comment
string
|
on success |
The comment entered by the operator while closing the request.
Sample:
closure_comment_example
|
|
compartment_id
string
|
on success |
The OCID of the compartment that contains the access request.
Sample:
ocid1.compartment.oc1..xxxxxxEXAMPLExxxxxx
|
|
defined_tags
dictionary
|
on success |
Defined tags for this resource. Each key is predefined and scoped to a namespace.
Sample:
{'Operations': {'CostCenter': 'US'}}
|
|
duration
integer
|
on success |
Duration in hours for which access is sought on the target resource.
Sample:
56
|
|
extend_duration
integer
|
on success |
Duration in hours for which extension access is sought on the target resource.
Sample:
56
|
|
freeform_tags
dictionary
|
on success |
Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only.
Sample:
{'Department': 'Finance'}
|
|
id
string
|
on success |
The OCID of the access request.
Sample:
ocid1.resource.oc1..xxxxxxEXAMPLExxxxxx
|
|
is_auto_approved
boolean
|
on success |
Whether the access request was automatically approved.
Sample:
True
|
|
lifecycle_details
string
|
on success |
more in detail about the lifeCycleState.
Sample:
lifecycle_details_example
|
|
lifecycle_state
string
|
on success |
The current state of the AccessRequest.
Sample:
CREATED
|
|
opctl_additional_message
string
|
on success |
Additional message specific to the access request that can be specified by the approver at the time of approval.
Sample:
opctl_additional_message_example
|
|
opctl_id
string
|
on success |
The OCID of the operator control governing the target resource.
Sample:
ocid1.opctl.oc1..xxxxxxEXAMPLExxxxxx
|
|
opctl_name
string
|
on success |
Name of the Operator control governing the target resource.
Sample:
opctl_name_example
|
|
operator_id
string
|
on success |
A unique identifier associated with the operator who raised the request. This identifier can not be used directly to identify the operator. You need to provide this identifier if you would like Oracle to provide additional information about the operator action within Oracle tenancy.
Sample:
ocid1.operator.oc1..xxxxxxEXAMPLExxxxxx
|
|
reason
string
|
on success |
Summary reason for which the operator is requesting access on the target resource.
Sample:
reason_example
|
|
request_id
string
|
on success |
This is an automatic identifier generated by the system which is easier for human comprehension.
Sample:
ocid1.request.oc1..xxxxxxEXAMPLExxxxxx
|
|
resource_id
string
|
on success |
The OCID of the target resource associated with the access request. The operator raises an access request to get approval to access the target resource.
Sample:
ocid1.resource.oc1..xxxxxxEXAMPLExxxxxx
|
|
resource_name
string
|
on success |
The name of the target resource.
Sample:
resource_name_example
|
|
resource_type
string
|
on success |
resourceType for which the AccessRequest is applicable
Sample:
EXACC
|
|
severity
string
|
on success |
Priority assigned to the access request by the operator
Sample:
S1
|
|
sub_resource_list
list
/ elements=string
|
on success |
The subresources requested for approval.
|
|
system_message
string
|
on success |
System message that will be displayed to the operator at login to the target resource.
Sample:
system_message_example
|
|
time_of_creation
string
|
on success |
Time when the access request was created in RFC 3339timestamp format. Example: '2020-05-22T21:10:29.600Z'
Sample:
2013-10-20T19:20:30+01:00
|
|
time_of_modification
string
|
on success |
Time when the access request was last modified in RFC 3339timestamp format. Example: '2020-05-22T21:10:29.600Z'
Sample:
2013-10-20T19:20:30+01:00
|
|
time_of_user_creation
string
|
on success |
The time when access request is scheduled to be approved in RFC 3339 timestamp format.Example: '2020-05-22T21:10:29.600Z'
Sample:
2013-10-20T19:20:30+01:00
|
|
user_id
string
|
on success |
The OCID of the user that last modified the access request.
Sample:
ocid1.user.oc1..xxxxxxEXAMPLExxxxxx
|
|
workflow_id
list
/ elements=string
|
on success |
The OCID of the workflow associated with the access request. This is needed if you want to contact Oracle Support for a stuck access request or for an access request that encounters an internal error.
|
Authors¶
Oracle (@oracle)