oracle.oci.oci_operator_access_control_access_request_facts – Fetches details about one or multiple AccessRequest resources in Oracle Cloud Infrastructure¶
Note
This plugin is part of the oracle.oci collection (version 5.2.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install oracle.oci
.
To use it in a playbook, specify: oracle.oci.oci_operator_access_control_access_request_facts
.
New in version 2.9.0: of oracle.oci
Synopsis¶
Fetches details about one or multiple AccessRequest resources in Oracle Cloud Infrastructure
Lists all access requests in the compartment.
If access_request_id is specified, the details of a single AccessRequest will be returned.
Requirements¶
The below requirements are needed on the host that executes this module.
python >= 3.6
Python SDK for Oracle Cloud Infrastructure https://oracle-cloud-infrastructure-python-sdk.readthedocs.io
Parameters¶
Parameter | Choices/Defaults | Comments |
---|---|---|
access_request_id
string
|
unique AccessRequest identifier
Required to get a specific access_request.
aliases: id |
|
api_user
string
|
The OCID of the user, on whose behalf, OCI APIs are invoked. If not set, then the value of the OCI_USER_ID environment variable, if any, is used. This option is required if the user is not specified through a configuration file (See
config_file_location ). To get the user's OCID, please refer https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm. |
|
api_user_fingerprint
string
|
Fingerprint for the key pair being used. If not set, then the value of the OCI_USER_FINGERPRINT environment variable, if any, is used. This option is required if the key fingerprint is not specified through a configuration file (See
config_file_location ). To get the key pair's fingerprint value please refer https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm. |
|
api_user_key_file
string
|
Full path and filename of the private key (in PEM format). If not set, then the value of the OCI_USER_KEY_FILE variable, if any, is used. This option is required if the private key is not specified through a configuration file (See
config_file_location ). If the key is encrypted with a pass-phrase, the api_user_key_pass_phrase option must also be provided. |
|
api_user_key_pass_phrase
string
|
Passphrase used by the key referenced in
api_user_key_file , if it is encrypted. If not set, then the value of the OCI_USER_KEY_PASS_PHRASE variable, if any, is used. This option is required if the key passphrase is not specified through a configuration file (See config_file_location ). |
|
auth_purpose
string
|
|
The auth purpose which can be used in conjunction with 'auth_type=instance_principal'. The default auth_purpose for instance_principal is None.
|
auth_type
string
|
|
The type of authentication to use for making API requests. By default
auth_type="api_key" based authentication is performed and the API key (see api_user_key_file) in your config file will be used. If this 'auth_type' module option is not specified, the value of the OCI_ANSIBLE_AUTH_TYPE, if any, is used. Use auth_type="instance_principal" to use instance principal based authentication when running ansible playbooks within an OCI compute instance. |
cert_bundle
string
|
The full path to a CA certificate bundle to be used for SSL verification. This will override the default CA certificate bundle. If not set, then the value of the OCI_ANSIBLE_CERT_BUNDLE variable, if any, is used.
|
|
compartment_id
string
|
The ID of the compartment in which to list resources.
Required to list multiple access_requests.
|
|
config_file_location
string
|
Path to configuration file. If not set then the value of the OCI_CONFIG_FILE environment variable, if any, is used. Otherwise, defaults to ~/.oci/config.
|
|
config_profile_name
string
|
The profile to load from the config file referenced by
config_file_location . If not set, then the value of the OCI_CONFIG_PROFILE environment variable, if any, is used. Otherwise, defaults to the "DEFAULT" profile in config_file_location . |
|
lifecycle_state
string
|
|
A filter to return only resources whose lifecycleState matches the given AccessRequest lifecycleState.
|
realm_specific_endpoint_template_enabled
boolean
|
|
Enable/Disable realm specific endpoint template for service client. By Default, realm specific endpoint template is disabled. If not set, then the value of the OCI_REALM_SPECIFIC_SERVICE_ENDPOINT_TEMPLATE_ENABLED variable, if any, is used.
|
region
string
|
The Oracle Cloud Infrastructure region to use for all OCI API requests. If not set, then the value of the OCI_REGION variable, if any, is used. This option is required if the region is not specified through a configuration file (See
config_file_location ). Please refer to https://docs.us-phoenix-1.oraclecloud.com/Content/General/Concepts/regions.htm for more information on OCI regions. |
|
resource_name
string
|
A filter to return only resources that match the given ResourceName.
|
|
resource_type
string
|
A filter to return only lists of resources that match the entire given service type.
|
|
sort_by
string
|
|
The field to sort by. Only one sort order may be provided. Default order for timeCreated is descending. Default order for displayName is ascending. If no value is specified timeCreated is default.
|
sort_order
string
|
|
The sort order to use, either 'asc' or 'desc'.
|
tenancy
string
|
OCID of your tenancy. If not set, then the value of the OCI_TENANCY variable, if any, is used. This option is required if the tenancy OCID is not specified through a configuration file (See
config_file_location ). To get the tenancy OCID, please refer https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm |
|
time_end
string
|
Query start time in UTC in ISO 8601 format(inclusive). Example 2019-10-30T00:00:00Z (yyyy-MM-ddThh:mm:ssZ). timeIntervalStart and timeIntervalEnd parameters are used together.
|
|
time_start
string
|
Query start time in UTC in ISO 8601 format(inclusive). Example 2019-10-30T00:00:00Z (yyyy-MM-ddThh:mm:ssZ). timeIntervalStart and timeIntervalEnd parameters are used together.
|
Notes¶
Note
For OCI python sdk configuration, please refer to https://oracle-cloud-infrastructure-python-sdk.readthedocs.io/en/latest/configuration.html
Examples¶
- name: Get a specific access_request
oci_operator_access_control_access_request_facts:
# required
access_request_id: "ocid1.accessrequest.oc1..xxxxxxEXAMPLExxxxxx"
- name: List access_requests
oci_operator_access_control_access_request_facts:
# required
compartment_id: "ocid1.compartment.oc1..xxxxxxEXAMPLExxxxxx"
# optional
resource_name: resource_name_example
resource_type: resource_type_example
lifecycle_state: CREATED
time_start: 2013-10-20T19:20:30+01:00
time_end: 2013-10-20T19:20:30+01:00
sort_order: ASC
sort_by: timeCreated
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description | |
---|---|---|---|
access_requests
complex
|
on success |
List of AccessRequest resources
Sample:
[{'access_reason_summary': 'access_reason_summary_example', 'action_requests_list': [], 'approver_comment': 'approver_comment_example', 'audit_type': [], 'closure_comment': 'closure_comment_example', 'compartment_id': 'ocid1.compartment.oc1..xxxxxxEXAMPLExxxxxx', 'defined_tags': {'Operations': {'CostCenter': 'US'}}, 'duration': 56, 'extend_duration': 56, 'freeform_tags': {'Department': 'Finance'}, 'id': 'ocid1.resource.oc1..xxxxxxEXAMPLExxxxxx', 'is_auto_approved': True, 'lifecycle_details': 'lifecycle_details_example', 'lifecycle_state': 'CREATED', 'opctl_additional_message': 'opctl_additional_message_example', 'opctl_id': 'ocid1.opctl.oc1..xxxxxxEXAMPLExxxxxx', 'opctl_name': 'opctl_name_example', 'operator_id': 'ocid1.operator.oc1..xxxxxxEXAMPLExxxxxx', 'reason': 'reason_example', 'request_id': 'ocid1.request.oc1..xxxxxxEXAMPLExxxxxx', 'resource_id': 'ocid1.resource.oc1..xxxxxxEXAMPLExxxxxx', 'resource_name': 'resource_name_example', 'resource_type': 'EXACC', 'severity': 'S1', 'sub_resource_list': [], 'system_message': 'system_message_example', 'time_of_creation': '2013-10-20T19:20:30+01:00', 'time_of_modification': '2013-10-20T19:20:30+01:00', 'time_of_user_creation': '2013-10-20T19:20:30+01:00', 'user_id': 'ocid1.user.oc1..xxxxxxEXAMPLExxxxxx', 'workflow_id': []}]
|
|
access_reason_summary
string
|
on success |
Summary comment by the operator creating the access request.
Sample:
access_reason_summary_example
|
|
action_requests_list
list
/ elements=string
|
on success |
List of operator actions for which approval is sought by the operator user.
Returned for get operation
|
|
approver_comment
string
|
on success |
The last recent Comment entered by the approver of the request.
Returned for get operation
Sample:
approver_comment_example
|
|
audit_type
list
/ elements=string
|
on success |
Specifies the type of auditing to be enabled. There are two levels of auditing: command-level and keystroke-level. By default, auditing is enabled at the command level i.e., each command issued by the operator is audited. When keystroke-level is chosen, in addition to command level logging, key strokes are also logged.
Returned for get operation
|
|
closure_comment
string
|
on success |
The comment entered by the operator while closing the request.
Returned for get operation
Sample:
closure_comment_example
|
|
compartment_id
string
|
on success |
The OCID of the compartment that contains the access request.
Sample:
ocid1.compartment.oc1..xxxxxxEXAMPLExxxxxx
|
|
defined_tags
dictionary
|
on success |
Defined tags for this resource. Each key is predefined and scoped to a namespace.
Sample:
{'Operations': {'CostCenter': 'US'}}
|
|
duration
integer
|
on success |
Duration in hours for which access is sought on the target resource.
Sample:
56
|
|
extend_duration
integer
|
on success |
Duration in hours for which extension access is sought on the target resource.
Sample:
56
|
|
freeform_tags
dictionary
|
on success |
Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only.
Sample:
{'Department': 'Finance'}
|
|
id
string
|
on success |
The OCID of the access request.
Sample:
ocid1.resource.oc1..xxxxxxEXAMPLExxxxxx
|
|
is_auto_approved
boolean
|
on success |
Whether the access request was automatically approved.
Sample:
True
|
|
lifecycle_details
string
|
on success |
more in detail about the lifeCycleState.
Sample:
lifecycle_details_example
|
|
lifecycle_state
string
|
on success |
The current state of the AccessRequest.
Sample:
CREATED
|
|
opctl_additional_message
string
|
on success |
Additional message specific to the access request that can be specified by the approver at the time of approval.
Returned for get operation
Sample:
opctl_additional_message_example
|
|
opctl_id
string
|
on success |
The OCID of the operator control governing the target resource.
Returned for get operation
Sample:
ocid1.opctl.oc1..xxxxxxEXAMPLExxxxxx
|
|
opctl_name
string
|
on success |
Name of the Operator control governing the target resource.
Returned for get operation
Sample:
opctl_name_example
|
|
operator_id
string
|
on success |
A unique identifier associated with the operator who raised the request. This identifier can not be used directly to identify the operator. You need to provide this identifier if you would like Oracle to provide additional information about the operator action within Oracle tenancy.
Returned for get operation
Sample:
ocid1.operator.oc1..xxxxxxEXAMPLExxxxxx
|
|
reason
string
|
on success |
Summary reason for which the operator is requesting access on the target resource.
Returned for get operation
Sample:
reason_example
|
|
request_id
string
|
on success |
This is an automatic identifier generated by the system which is easier for human comprehension.
Sample:
ocid1.request.oc1..xxxxxxEXAMPLExxxxxx
|
|
resource_id
string
|
on success |
The OCID of the target resource associated with the access request. The operator raises an access request to get approval to access the target resource.
Sample:
ocid1.resource.oc1..xxxxxxEXAMPLExxxxxx
|
|
resource_name
string
|
on success |
The name of the target resource.
Sample:
resource_name_example
|
|
resource_type
string
|
on success |
resourceType for which the AccessRequest is applicable
Sample:
EXACC
|
|
severity
string
|
on success |
Priority assigned to the access request by the operator
Sample:
S1
|
|
sub_resource_list
list
/ elements=string
|
on success |
The subresources requested for approval.
|
|
system_message
string
|
on success |
System message that will be displayed to the operator at login to the target resource.
Returned for get operation
Sample:
system_message_example
|
|
time_of_creation
string
|
on success |
Time when the access request was created in RFC 3339timestamp format. Example: '2020-05-22T21:10:29.600Z'
Sample:
2013-10-20T19:20:30+01:00
|
|
time_of_modification
string
|
on success |
Time when the access request was last modified in RFC 3339timestamp format. Example: '2020-05-22T21:10:29.600Z'
Sample:
2013-10-20T19:20:30+01:00
|
|
time_of_user_creation
string
|
on success |
The time when access request is scheduled to be approved in RFC 3339 timestamp format.Example: '2020-05-22T21:10:29.600Z'
Sample:
2013-10-20T19:20:30+01:00
|
|
user_id
string
|
on success |
The OCID of the user that last modified the access request.
Returned for get operation
Sample:
ocid1.user.oc1..xxxxxxEXAMPLExxxxxx
|
|
workflow_id
list
/ elements=string
|
on success |
The OCID of the workflow associated with the access request. This is needed if you want to contact Oracle Support for a stuck access request or for an access request that encounters an internal error.
Returned for get operation
|
Authors¶
Oracle (@oracle)