oracle.oci.oci_object_storage_object_actions – Perform actions on an Object resource in Oracle Cloud Infrastructure¶
Note
This plugin is part of the oracle.oci collection (version 5.2.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install oracle.oci
.
To use it in a playbook, specify: oracle.oci.oci_object_storage_object_actions
.
New in version 2.9.0: of oracle.oci
Synopsis¶
Perform actions on an Object resource in Oracle Cloud Infrastructure
For action=copy, creates a request to copy an object within a region or to another region. See Object Names for object naming requirements.
For action=reencrypt, re-encrypts the data encryption keys that encrypt the object and its chunks. By default, when you create a bucket, the Object Storage service manages the master encryption key used to encrypt each object’s data encryption keys. The encryption mechanism that you specify for the bucket applies to the objects it contains. You can alternatively employ one of these encryption strategies for an object: - You can assign a key that you created and control through the Oracle Cloud Infrastructure Vault service. - You can encrypt an object using your own encryption key. The key you supply is known as a customer-provided encryption key (SSE-C).
For action=rename, rename an object in the given Object Storage namespace. See Object Names for object naming requirements.
For action=restore, restores one or more objects specified by the objectName parameter. By default objects will be restored for 24 hours. Duration can be configured using the hours parameter.
For action=update_object_storage_tier, changes the storage tier of the object specified by the objectName parameter.
Requirements¶
The below requirements are needed on the host that executes this module.
python >= 3.6
Python SDK for Oracle Cloud Infrastructure https://oracle-cloud-infrastructure-python-sdk.readthedocs.io
Parameters¶
Parameter | Choices/Defaults | Comments | |
---|---|---|---|
action
string
/ required
|
|
The action to perform on the Object.
|
|
api_user
string
|
The OCID of the user, on whose behalf, OCI APIs are invoked. If not set, then the value of the OCI_USER_ID environment variable, if any, is used. This option is required if the user is not specified through a configuration file (See
config_file_location ). To get the user's OCID, please refer https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm. |
||
api_user_fingerprint
string
|
Fingerprint for the key pair being used. If not set, then the value of the OCI_USER_FINGERPRINT environment variable, if any, is used. This option is required if the key fingerprint is not specified through a configuration file (See
config_file_location ). To get the key pair's fingerprint value please refer https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm. |
||
api_user_key_file
string
|
Full path and filename of the private key (in PEM format). If not set, then the value of the OCI_USER_KEY_FILE variable, if any, is used. This option is required if the private key is not specified through a configuration file (See
config_file_location ). If the key is encrypted with a pass-phrase, the api_user_key_pass_phrase option must also be provided. |
||
api_user_key_pass_phrase
string
|
Passphrase used by the key referenced in
api_user_key_file , if it is encrypted. If not set, then the value of the OCI_USER_KEY_PASS_PHRASE variable, if any, is used. This option is required if the key passphrase is not specified through a configuration file (See config_file_location ). |
||
auth_purpose
string
|
|
The auth purpose which can be used in conjunction with 'auth_type=instance_principal'. The default auth_purpose for instance_principal is None.
|
|
auth_type
string
|
|
The type of authentication to use for making API requests. By default
auth_type="api_key" based authentication is performed and the API key (see api_user_key_file) in your config file will be used. If this 'auth_type' module option is not specified, the value of the OCI_ANSIBLE_AUTH_TYPE, if any, is used. Use auth_type="instance_principal" to use instance principal based authentication when running ansible playbooks within an OCI compute instance. |
|
bucket_name
string
/ required
|
The name of the bucket. Avoid entering confidential information. Example: `my-new-bucket1`
|
||
cert_bundle
string
|
The full path to a CA certificate bundle to be used for SSL verification. This will override the default CA certificate bundle. If not set, then the value of the OCI_ANSIBLE_CERT_BUNDLE variable, if any, is used.
|
||
config_file_location
string
|
Path to configuration file. If not set then the value of the OCI_CONFIG_FILE environment variable, if any, is used. Otherwise, defaults to ~/.oci/config.
|
||
config_profile_name
string
|
The profile to load from the config file referenced by
config_file_location . If not set, then the value of the OCI_CONFIG_PROFILE environment variable, if any, is used. Otherwise, defaults to the "DEFAULT" profile in config_file_location . |
||
destination_bucket
string
|
The destination bucket the object will be copied to.
Required for action=copy.
|
||
destination_namespace
string
|
The destination Object Storage namespace the object will be copied to.
Required for action=copy.
|
||
destination_object_if_match_e_tag
string
|
The entity tag (ETag) to match against that of the destination object (an object intended to be overwritten). Used to confirm that the destination object stored under a given name is the version of that object storing a specified entity tag.
Applicable only for action=copy.
|
||
destination_object_if_none_match_e_tag
string
|
The entity tag (ETag) to avoid matching. The only valid value is '*', which indicates that the request should fail if the object already exists in the destination bucket.
Applicable only for action=copy.
|
||
destination_object_metadata
dictionary
|
Arbitrary string keys and values for the user-defined metadata for the object. Keys must be in "opc-meta-*" format. Avoid entering confidential information. Metadata key-value pairs entered in this field are assigned to the destination object. If you enter no metadata values, the destination object will inherit any existing metadata values associated with the source object.
Applicable only for action=copy.
|
||
destination_object_name
string
|
The name of the destination object resulting from the copy operation. Avoid entering confidential information.
Required for action=copy.
|
||
destination_object_storage_tier
string
|
|
The storage tier that the object should be stored in. If not specified, the object will be stored in the same storage tier as the bucket.
Applicable only for action=copy.
|
|
destination_region
string
|
The destination region the object will be copied to, for example "us-ashburn-1".
Required for action=copy.
|
||
hours
integer
|
The number of hours for which this object will be restored. By default objects will be restored for 24 hours. You can instead configure the duration using the hours parameter.
Applicable only for action=restore.
|
||
kms_key_id
string
|
The OCID of the master encryption key used to call the Vault service to re-encrypt the data encryption keys associated with the object and its chunks. If the kmsKeyId value is empty, whether null or an empty string, the API will perform re-encryption by using the kmsKeyId associated with the bucket or the master encryption key managed by Oracle, depending on the bucket encryption mechanism.
Applicable only for action=reencrypt.
|
||
namespace_name
string
/ required
|
The Object Storage namespace used for the request.
|
||
new_name
string
|
The new name of the source object. Avoid entering confidential information.
Required for action=rename.
|
||
new_obj_if_match_e_tag
string
|
The if-match entity tag (ETag) of the new object.
Applicable only for action=rename.
|
||
new_obj_if_none_match_e_tag
string
|
The if-none-match entity tag (ETag) of the new object. The only valid value is '*', which indicates request should fail if the new object already exists.
Applicable only for action=rename.
|
||
object_name
string
|
The name of the object. Avoid entering confidential information. Example: `test/object1.log`
Required for action=reencrypt, action=restore, action=update_object_storage_tier.
|
||
opc_source_sse_customer_algorithm
string
|
The optional header that specifies "AES256" as the encryption algorithm to use to decrypt the source object. For more information, see Using Your Own Keys for Server-Side Encryption.
Applicable only for action=copy.
|
||
opc_source_sse_customer_key
string
|
The optional header that specifies the base64-encoded 256-bit encryption key to use to decrypt the source object. For more information, see Using Your Own Keys for Server-Side Encryption.
Applicable only for action=copy.
|
||
opc_source_sse_customer_key_sha256
string
|
The optional header that specifies the base64-encoded SHA256 hash of the encryption key used to decrypt the source object. This value is used to check the integrity of the encryption key. For more information, see Using Your Own Keys for Server-Side Encryption.
Applicable only for action=copy.
|
||
opc_sse_customer_algorithm
string
|
The optional header that specifies "AES256" as the encryption algorithm. For more information, see Using Your Own Keys for Server-Side Encryption.
Applicable only for action=copy.
|
||
opc_sse_customer_key
string
|
The optional header that specifies the base64-encoded 256-bit encryption key to use to encrypt or decrypt the data. For more information, see Using Your Own Keys for Server-Side Encryption.
Applicable only for action=copy.
|
||
opc_sse_customer_key_sha256
string
|
The optional header that specifies the base64-encoded SHA256 hash of the encryption key. This value is used to check the integrity of the encryption key. For more information, see Using Your Own Keys for Server-Side Encryption.
Applicable only for action=copy.
|
||
opc_sse_kms_key_id
string
|
The OCID of a master encryption key used to call the Key Management service to generate a data encryption key or to encrypt or decrypt a data encryption key.
Applicable only for action=copy.
|
||
realm_specific_endpoint_template_enabled
boolean
|
|
Enable/Disable realm specific endpoint template for service client. By Default, realm specific endpoint template is disabled. If not set, then the value of the OCI_REALM_SPECIFIC_SERVICE_ENDPOINT_TEMPLATE_ENABLED variable, if any, is used.
|
|
region
string
|
The Oracle Cloud Infrastructure region to use for all OCI API requests. If not set, then the value of the OCI_REGION variable, if any, is used. This option is required if the region is not specified through a configuration file (See
config_file_location ). Please refer to https://docs.us-phoenix-1.oraclecloud.com/Content/General/Concepts/regions.htm for more information on OCI regions. |
||
source_name
string
|
The name of the source object to be renamed.
Required for action=rename.
|
||
source_object_if_match_e_tag
string
|
The entity tag (ETag) to match against that of the source object. Used to confirm that the source object with a given name is the version of that object storing a specified ETag.
Applicable only for action=copy.
|
||
source_object_name
string
|
The name of the object to be copied.
Required for action=copy.
|
||
source_sse_customer_key
dictionary
|
Applicable only for action=reencrypt.
|
||
algorithm
string
/ required
|
|
Specifies the encryption algorithm. The only supported value is "AES256".
|
|
key
string
/ required
|
Specifies the base64-encoded 256-bit encryption key to use to encrypt or decrypt the object data.
|
||
key_sha256
string
/ required
|
Specifies the base64-encoded SHA256 hash of the encryption key. This value is used to check the integrity of the encryption key.
|
||
source_version_id
string
|
VersionId of the object to copy. If not provided then current version is copied by default.
Applicable only for action=copy.
|
||
src_obj_if_match_e_tag
string
|
The if-match entity tag (ETag) of the source object.
Applicable only for action=rename.
|
||
sse_customer_key
dictionary
|
Applicable only for action=reencrypt.
|
||
algorithm
string
/ required
|
|
Specifies the encryption algorithm. The only supported value is "AES256".
|
|
key
string
/ required
|
Specifies the base64-encoded 256-bit encryption key to use to encrypt or decrypt the object data.
|
||
key_sha256
string
/ required
|
Specifies the base64-encoded SHA256 hash of the encryption key. This value is used to check the integrity of the encryption key.
|
||
storage_tier
string
|
|
The storage tier that the object should be moved to.
Required for action=update_object_storage_tier.
|
|
tenancy
string
|
OCID of your tenancy. If not set, then the value of the OCI_TENANCY variable, if any, is used. This option is required if the tenancy OCID is not specified through a configuration file (See
config_file_location ). To get the tenancy OCID, please refer https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm |
||
version_id
string
|
VersionId used to identify a particular version of the object
Applicable only for action=reencryptaction=restoreaction=update_object_storage_tier.
|
||
wait
boolean
|
|
Whether to wait for create or delete operation to complete.
|
|
wait_timeout
integer
|
Time, in seconds, to wait when wait=yes. Defaults to 1200 for most of the services but some services might have a longer wait timeout.
|
Notes¶
Note
For OCI python sdk configuration, please refer to https://oracle-cloud-infrastructure-python-sdk.readthedocs.io/en/latest/configuration.html
Examples¶
- name: Perform action copy on object
oci_object_storage_object_actions:
# required
source_object_name: source_object_name_example
destination_region: us-phoenix-1
destination_namespace: destination_namespace_example
destination_bucket: destination_bucket_example
destination_object_name: destination_object_name_example
namespace_name: namespace_name_example
bucket_name: bucket_name_example
action: copy
# optional
source_object_if_match_e_tag: source_object_if_match_e_tag_example
source_version_id: "ocid1.sourceversion.oc1..xxxxxxEXAMPLExxxxxx"
destination_object_if_match_e_tag: destination_object_if_match_e_tag_example
destination_object_if_none_match_e_tag: destination_object_if_none_match_e_tag_example
destination_object_metadata: null
destination_object_storage_tier: Standard
opc_sse_customer_algorithm: opc_sse_customer_algorithm_example
opc_sse_customer_key: opc_sse_customer_key_example
opc_sse_customer_key_sha256: opc_sse_customer_key_sha256_example
opc_source_sse_customer_algorithm: opc_source_sse_customer_algorithm_example
opc_source_sse_customer_key: opc_source_sse_customer_key_example
opc_source_sse_customer_key_sha256: opc_source_sse_customer_key_sha256_example
opc_sse_kms_key_id: "ocid1.opcssekmskey.oc1..xxxxxxEXAMPLExxxxxx"
- name: Perform action reencrypt on object
oci_object_storage_object_actions:
# required
namespace_name: namespace_name_example
bucket_name: bucket_name_example
object_name: object_name_example
action: reencrypt
# optional
kms_key_id: "ocid1.kmskey.oc1..xxxxxxEXAMPLExxxxxx"
sse_customer_key:
# required
algorithm: AES256
key: key_example
key_sha256: key_sha256_example
source_sse_customer_key:
# required
algorithm: AES256
key: key_example
key_sha256: key_sha256_example
version_id: "ocid1.version.oc1..xxxxxxEXAMPLExxxxxx"
- name: Perform action rename on object
oci_object_storage_object_actions:
# required
source_name: source_name_example
new_name: new_name_example
namespace_name: namespace_name_example
bucket_name: bucket_name_example
action: rename
# optional
src_obj_if_match_e_tag: src_obj_if_match_e_tag_example
new_obj_if_match_e_tag: new_obj_if_match_e_tag_example
new_obj_if_none_match_e_tag: new_obj_if_none_match_e_tag_example
- name: Perform action restore on object
oci_object_storage_object_actions:
# required
namespace_name: namespace_name_example
bucket_name: bucket_name_example
object_name: object_name_example
action: restore
# optional
hours: 56
version_id: "ocid1.version.oc1..xxxxxxEXAMPLExxxxxx"
- name: Perform action update_object_storage_tier on object
oci_object_storage_object_actions:
# required
namespace_name: namespace_name_example
bucket_name: bucket_name_example
object_name: object_name_example
storage_tier: Standard
action: update_object_storage_tier
# optional
version_id: "ocid1.version.oc1..xxxxxxEXAMPLExxxxxx"
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description | |
---|---|---|---|
object
complex
|
on success |
Details of the Object resource acted upon by the current operation
Sample:
{'archival_state': 'Archived', 'etag': 'etag_example', 'headers': {'Content-Length': '37', 'opc-meta-key1': 'value1'}, 'md5': 'md5_example', 'name': 'name_example', 'size': 56, 'storage_tier': 'Standard', 'time_created': '2013-10-20T19:20:30+01:00', 'time_modified': '2013-10-20T19:20:30+01:00'}
|
|
archival_state
string
|
on success |
Archival state of an object. This field is set only for objects in Archive tier.
Sample:
Archived
|
|
etag
string
|
on success |
The current entity tag (ETag) for the object.
Sample:
etag_example
|
|
headers
dictionary
|
on success |
response headers for the object
Sample:
{'Content-Length': '37', 'opc-meta-key1': 'value1'}
|
|
md5
string
|
on success |
Base64-encoded MD5 hash of the object data.
Sample:
md5_example
|
|
name
string
|
on success |
The name of the object. Avoid entering confidential information. Example: test/object1.log
Sample:
name_example
|
|
size
integer
|
on success |
Size of the object in bytes.
Sample:
56
|
|
storage_tier
string
|
on success |
The storage tier that the object is stored in.
Sample:
Standard
|
|
time_created
string
|
on success |
The date and time the object was created, as described in RFC 2616.
Sample:
2013-10-20T19:20:30+01:00
|
|
time_modified
string
|
on success |
The date and time the object was modified, as described in RFC 2616, section 14.29.
Sample:
2013-10-20T19:20:30+01:00
|
Authors¶
Oracle (@oracle)