BastionClient

class oci.bastion.BastionClient(config, **kwargs)

Use the Bastion API to provide restricted and time-limited access to target resources that don’t have public endpoints. Bastions let authorized users connect from specific IP addresses to target resources using Secure Shell (SSH) sessions. For more information, see [the Bastion documentation](/iaas/Content/Bastion/home.htm).

Methods

__init__(config, **kwargs) Creates a new service client
change_bastion_compartment(bastion_id, …) Moves a bastion into a different compartment.
create_bastion(create_bastion_details, **kwargs) Creates a new bastion.
create_session(create_session_details, **kwargs) Creates a new session in a bastion.
delete_bastion(bastion_id, **kwargs) Deletes a bastion identified by the bastion ID.
delete_session(session_id, **kwargs) Deletes a session identified by the session ID.
get_bastion(bastion_id, **kwargs) Retrieves a bastion identified by the bastion ID.
get_session(session_id, **kwargs) Retrieves a session identified by the session ID.
get_work_request(work_request_id, **kwargs) Gets the status of the work request with the given ID.
list_bastions(compartment_id, **kwargs) Retrieves a list of BastionSummary objects in a compartment.
list_sessions(bastion_id, **kwargs) Retrieves a list of SessionSummary objects for an existing bastion.
list_work_request_errors(work_request_id, …) Return a (paginated) list of errors for a given work request.
list_work_request_logs(work_request_id, **kwargs) Return a (paginated) list of logs for a given work request.
list_work_requests(compartment_id, **kwargs) Lists the work requests in a compartment.
update_bastion(bastion_id, …) Updates the bastion identified by the bastion ID.
update_session(session_id, …) Updates the session identified by the session ID.
__init__(config, **kwargs)

Creates a new service client

Parameters:
  • config (dict) – Configuration keys and values as per SDK and Tool Configuration. The from_file() method can be used to load configuration from a file. Alternatively, a dict can be passed. You can validate_config the dict using validate_config()
  • service_endpoint (str) – (optional) The endpoint of the service to call using this client. For example https://iaas.us-ashburn-1.oraclecloud.com. If this keyword argument is not provided then it will be derived using the region in the config parameter. You should only provide this keyword argument if you have an explicit need to specify a service endpoint.
  • timeout (float or tuple(float, float)) – (optional) The connection and read timeouts for the client. The default values are connection timeout 10 seconds and read timeout 60 seconds. This keyword argument can be provided as a single float, in which case the value provided is used for both the read and connection timeouts, or as a tuple of two floats. If a tuple is provided then the first value is used as the connection timeout and the second value as the read timeout.
  • signer (AbstractBaseSigner) –

    (optional) The signer to use when signing requests made by the service client. The default is to use a Signer based on the values provided in the config parameter.

    One use case for this parameter is for Instance Principals authentication by passing an instance of InstancePrincipalsSecurityTokenSigner as the value for this keyword argument

  • retry_strategy (obj) –

    (optional) A retry strategy to apply to all calls made by this service client (i.e. at the client level). There is no retry strategy applied by default. Retry strategies can also be applied at the operation level by passing a retry_strategy keyword argument as part of calling the operation. Any value provided at the operation level will override whatever is specified at the client level.

    This should be one of the strategies available in the retry module. A convenience DEFAULT_RETRY_STRATEGY is also available. The specifics of the default retry strategy are described here.

  • circuit_breaker_strategy (obj) – (optional) A circuit breaker strategy to apply to all calls made by this service client (i.e. at the client level). This client uses DEFAULT_CIRCUIT_BREAKER_STRATEGY as default if no circuit breaker strategy is provided. The specifics of circuit breaker strategy are described here.
  • circuit_breaker_callback (function) – (optional) Callback function to receive any exceptions triggerred by the circuit breaker.
  • client_level_realm_specific_endpoint_template_enabled (bool) – (optional) A boolean flag to indicate whether or not this client should be created with realm specific endpoint template enabled or disable. By default, this will be set as None.
  • allow_control_chars – (optional) allow_control_chars is a boolean to indicate whether or not this client should allow control characters in the response object. By default, the client will not allow control characters to be in the response object.
change_bastion_compartment(bastion_id, change_bastion_compartment_details, **kwargs)

Moves a bastion into a different compartment.

Parameters:
  • bastion_id (str) – (required) The unique identifier (OCID) of the bastion.
  • change_bastion_compartment_details (oci.bastion.models.ChangeBastionCompartmentDetails) – (required) The compartment information to be updated.
  • if_match (str) – (optional) For optimistic concurrency control. In the PUT or DELETE call for a resource, set the if-match parameter to the value of the etag from a previous GET or POST response for that resource. The resource will be updated or deleted only if the etag you provide matches the resource’s current etag value.
  • opc_request_id (str) – (optional) The client request ID for tracing.
  • retry_strategy (obj) –

    (optional) A retry strategy to apply to this specific operation/call. This will override any retry strategy set at the client-level.

    This should be one of the strategies available in the retry module. This operation will not retry by default, users can also use the convenient DEFAULT_RETRY_STRATEGY provided by the SDK to enable retries for it. The specifics of the default retry strategy are described here.

    To have this operation explicitly not perform any retries, pass an instance of NoneRetryStrategy.

  • allow_control_chars (bool) – (optional) allow_control_chars is a boolean to indicate whether or not this request should allow control characters in the response object. By default, the response will not allow control characters in strings
Returns:

A Response object with data of type None
Return type:

Response
Example:

Click here to see an example of how to use change_bastion_compartment API.

create_bastion(create_bastion_details, **kwargs)

Creates a new bastion. A bastion provides secured, public access to target resources in the cloud that you cannot otherwise reach from the internet. A bastion resides in a public subnet and establishes the network infrastructure needed to connect a user to a target resource in a private subnet.

Parameters:
  • create_bastion_details (oci.bastion.models.CreateBastionDetails) – (required) Details for the new bastion.
  • opc_retry_token (str) – (optional) A token that uniquely identifies a request so it can be retried in case of a timeout or server error without risk of executing that same action again. Retry tokens expire after 24 hours, but can be invalidated before then due to conflicting operations. For example, if a resource has been deleted and purged from the system, then a retry of the original creation request might be rejected.
  • opc_request_id (str) – (optional) The client request ID for tracing.
  • retry_strategy (obj) –

    (optional) A retry strategy to apply to this specific operation/call. This will override any retry strategy set at the client-level.

    This should be one of the strategies available in the retry module. This operation will not retry by default, users can also use the convenient DEFAULT_RETRY_STRATEGY provided by the SDK to enable retries for it. The specifics of the default retry strategy are described here.

    To have this operation explicitly not perform any retries, pass an instance of NoneRetryStrategy.

  • allow_control_chars (bool) – (optional) allow_control_chars is a boolean to indicate whether or not this request should allow control characters in the response object. By default, the response will not allow control characters in strings
Returns:

A Response object with data of type Bastion
Return type:

Response
Example:

Click here to see an example of how to use create_bastion API.

create_session(create_session_details, **kwargs)

Creates a new session in a bastion. A bastion session lets authorized users connect to a target resource for a predetermined amount of time. The Bastion service recognizes two types of sessions, managed SSH sessions and SSH port forwarding sessions. Managed SSH sessions require that the target resource has an OpenSSH server and the Oracle Cloud Agent both running.

Parameters:
  • create_session_details (oci.bastion.models.CreateSessionDetails) – (required) Details for the new session.
  • opc_retry_token (str) – (optional) A token that uniquely identifies a request so it can be retried in case of a timeout or server error without risk of executing that same action again. Retry tokens expire after 24 hours, but can be invalidated before then due to conflicting operations. For example, if a resource has been deleted and purged from the system, then a retry of the original creation request might be rejected.
  • opc_request_id (str) – (optional) The client request ID for tracing.
  • retry_strategy (obj) –

    (optional) A retry strategy to apply to this specific operation/call. This will override any retry strategy set at the client-level.

    This should be one of the strategies available in the retry module. This operation will not retry by default, users can also use the convenient DEFAULT_RETRY_STRATEGY provided by the SDK to enable retries for it. The specifics of the default retry strategy are described here.

    To have this operation explicitly not perform any retries, pass an instance of NoneRetryStrategy.

  • allow_control_chars (bool) – (optional) allow_control_chars is a boolean to indicate whether or not this request should allow control characters in the response object. By default, the response will not allow control characters in strings
Returns:

A Response object with data of type Session
Return type:

Response
Example:

Click here to see an example of how to use create_session API.

delete_bastion(bastion_id, **kwargs)

Deletes a bastion identified by the bastion ID.

Parameters:
  • bastion_id (str) – (required) The unique identifier (OCID) of the bastion.
  • if_match (str) – (optional) For optimistic concurrency control. In the PUT or DELETE call for a resource, set the if-match parameter to the value of the etag from a previous GET or POST response for that resource. The resource will be updated or deleted only if the etag you provide matches the resource’s current etag value.
  • opc_request_id (str) – (optional) The client request ID for tracing.
  • retry_strategy (obj) –

    (optional) A retry strategy to apply to this specific operation/call. This will override any retry strategy set at the client-level.

    This should be one of the strategies available in the retry module. This operation will not retry by default, users can also use the convenient DEFAULT_RETRY_STRATEGY provided by the SDK to enable retries for it. The specifics of the default retry strategy are described here.

    To have this operation explicitly not perform any retries, pass an instance of NoneRetryStrategy.

  • allow_control_chars (bool) – (optional) allow_control_chars is a boolean to indicate whether or not this request should allow control characters in the response object. By default, the response will not allow control characters in strings
Returns:

A Response object with data of type None
Return type:

Response
Example:

Click here to see an example of how to use delete_bastion API.

delete_session(session_id, **kwargs)

Deletes a session identified by the session ID.

Parameters:
  • session_id (str) – (required) The unique identifier (OCID) of the session.
  • if_match (str) – (optional) For optimistic concurrency control. In the PUT or DELETE call for a resource, set the if-match parameter to the value of the etag from a previous GET or POST response for that resource. The resource will be updated or deleted only if the etag you provide matches the resource’s current etag value.
  • opc_request_id (str) – (optional) The client request ID for tracing.
  • retry_strategy (obj) –

    (optional) A retry strategy to apply to this specific operation/call. This will override any retry strategy set at the client-level.

    This should be one of the strategies available in the retry module. This operation will not retry by default, users can also use the convenient DEFAULT_RETRY_STRATEGY provided by the SDK to enable retries for it. The specifics of the default retry strategy are described here.

    To have this operation explicitly not perform any retries, pass an instance of NoneRetryStrategy.

  • allow_control_chars (bool) – (optional) allow_control_chars is a boolean to indicate whether or not this request should allow control characters in the response object. By default, the response will not allow control characters in strings
Returns:

A Response object with data of type None
Return type:

Response
Example:

Click here to see an example of how to use delete_session API.

get_bastion(bastion_id, **kwargs)

Retrieves a bastion identified by the bastion ID. A bastion provides secured, public access to target resources in the cloud that you cannot otherwise reach from the internet.

Parameters:
  • bastion_id (str) – (required) The unique identifier (OCID) of the bastion.
  • opc_request_id (str) – (optional) The client request ID for tracing.
  • retry_strategy (obj) –

    (optional) A retry strategy to apply to this specific operation/call. This will override any retry strategy set at the client-level.

    This should be one of the strategies available in the retry module. This operation uses DEFAULT_RETRY_STRATEGY as default if no retry strategy is provided. The specifics of the default retry strategy are described here.

    To have this operation explicitly not perform any retries, pass an instance of NoneRetryStrategy.

  • allow_control_chars (bool) – (optional) allow_control_chars is a boolean to indicate whether or not this request should allow control characters in the response object. By default, the response will not allow control characters in strings
Returns:

A Response object with data of type Bastion
Return type:

Response
Example:

Click here to see an example of how to use get_bastion API.

get_session(session_id, **kwargs)

Retrieves a session identified by the session ID. A bastion session lets authorized users connect to a target resource for a predetermined amount of time.

Parameters:
  • session_id (str) – (required) The unique identifier (OCID) of the session.
  • opc_request_id (str) – (optional) The client request ID for tracing.
  • retry_strategy (obj) –

    (optional) A retry strategy to apply to this specific operation/call. This will override any retry strategy set at the client-level.

    This should be one of the strategies available in the retry module. This operation uses DEFAULT_RETRY_STRATEGY as default if no retry strategy is provided. The specifics of the default retry strategy are described here.

    To have this operation explicitly not perform any retries, pass an instance of NoneRetryStrategy.

  • allow_control_chars (bool) – (optional) allow_control_chars is a boolean to indicate whether or not this request should allow control characters in the response object. By default, the response will not allow control characters in strings
Returns:

A Response object with data of type Session
Return type:

Response
Example:

Click here to see an example of how to use get_session API.

get_work_request(work_request_id, **kwargs)

Gets the status of the work request with the given ID.

Parameters:
  • work_request_id (str) – (required) The unique identifier (OCID) of the asynchronous request.
  • opc_request_id (str) – (optional) The client request ID for tracing.
  • retry_strategy (obj) –

    (optional) A retry strategy to apply to this specific operation/call. This will override any retry strategy set at the client-level.

    This should be one of the strategies available in the retry module. This operation will not retry by default, users can also use the convenient DEFAULT_RETRY_STRATEGY provided by the SDK to enable retries for it. The specifics of the default retry strategy are described here.

    To have this operation explicitly not perform any retries, pass an instance of NoneRetryStrategy.

  • allow_control_chars (bool) – (optional) allow_control_chars is a boolean to indicate whether or not this request should allow control characters in the response object. By default, the response will not allow control characters in strings
Returns:

A Response object with data of type WorkRequest
Return type:

Response
Example:

Click here to see an example of how to use get_work_request API.

list_bastions(compartment_id, **kwargs)

Retrieves a list of BastionSummary objects in a compartment. Bastions provide secured, public access to target resources in the cloud that you cannot otherwise reach from the internet.

Parameters:
  • compartment_id (str) – (required) The unique identifier (OCID) of the compartment in which to list resources.
  • opc_request_id (str) – (optional) The client request ID for tracing.
  • bastion_lifecycle_state (str) –

    (optional) A filter to return only resources their lifecycleState matches the given lifecycleState.

    Allowed values are: “CREATING”, “UPDATING”, “ACTIVE”, “DELETING”, “DELETED”, “FAILED”

  • bastion_id (str) – (optional) The unique identifier (OCID) of the bastion in which to list resources.
  • name (str) – (optional) A filter to return only resources that match the entire name given.
  • limit (int) – (optional) The maximum number of items to return.
  • page (str) – (optional) The page token representing the page at which to start retrieving results. This is usually retrieved from a previous list call.
  • sort_order (str) –

    (optional) The sort order to use, either ‘asc’ or ‘desc’.

    Allowed values are: “ASC”, “DESC”

  • sort_by (str) –

    (optional) The field to sort by. Only one sort order may be provided. Default order for timeCreated is descending. Default order for name is ascending. If no value is specified timeCreated is default.

    Allowed values are: “timeCreated”, “name”

  • retry_strategy (obj) –

    (optional) A retry strategy to apply to this specific operation/call. This will override any retry strategy set at the client-level.

    This should be one of the strategies available in the retry module. This operation will not retry by default, users can also use the convenient DEFAULT_RETRY_STRATEGY provided by the SDK to enable retries for it. The specifics of the default retry strategy are described here.

    To have this operation explicitly not perform any retries, pass an instance of NoneRetryStrategy.

  • allow_control_chars (bool) – (optional) allow_control_chars is a boolean to indicate whether or not this request should allow control characters in the response object. By default, the response will not allow control characters in strings
Returns:

A Response object with data of type list of BastionSummary
Return type:

Response
Example:

Click here to see an example of how to use list_bastions API.

list_sessions(bastion_id, **kwargs)

Retrieves a list of SessionSummary objects for an existing bastion. Bastion sessions let authorized users connect to a target resource for a predetermined amount of time.

Parameters:
  • bastion_id (str) – (required) The unique identifier (OCID) of the bastion in which to list sessions.
  • opc_request_id (str) – (optional) The client request ID for tracing.
  • display_name (str) – (optional) A filter to return only resources that match the entire display name given.
  • session_lifecycle_state (str) –

    (optional) A filter to return only resources their lifecycleState matches the given lifecycleState.

    Allowed values are: “CREATING”, “ACTIVE”, “DELETING”, “DELETED”, “FAILED”

  • session_id (str) – (optional) The unique identifier (OCID) of the session in which to list resources.
  • limit (int) – (optional) The maximum number of items to return.
  • page (str) – (optional) The page token representing the page at which to start retrieving results. This is usually retrieved from a previous list call.
  • sort_order (str) –

    (optional) The sort order to use, either ‘asc’ or ‘desc’.

    Allowed values are: “ASC”, “DESC”

  • sort_by (str) –

    (optional) The field to sort by. Only one sort order may be provided. Default order for timeCreated is descending. Default order for displayName is ascending. If no value is specified timeCreated is default.

    Allowed values are: “timeCreated”, “displayName”

  • retry_strategy (obj) –

    (optional) A retry strategy to apply to this specific operation/call. This will override any retry strategy set at the client-level.

    This should be one of the strategies available in the retry module. This operation will not retry by default, users can also use the convenient DEFAULT_RETRY_STRATEGY provided by the SDK to enable retries for it. The specifics of the default retry strategy are described here.

    To have this operation explicitly not perform any retries, pass an instance of NoneRetryStrategy.

  • allow_control_chars (bool) – (optional) allow_control_chars is a boolean to indicate whether or not this request should allow control characters in the response object. By default, the response will not allow control characters in strings
Returns:

A Response object with data of type list of SessionSummary
Return type:

Response
Example:

Click here to see an example of how to use list_sessions API.

list_work_request_errors(work_request_id, **kwargs)

Return a (paginated) list of errors for a given work request.

Parameters:
  • work_request_id (str) – (required) The unique identifier (OCID) of the asynchronous request.
  • opc_request_id (str) – (optional) The client request ID for tracing.
  • page (str) – (optional) The page token representing the page at which to start retrieving results. This is usually retrieved from a previous list call.
  • limit (int) – (optional) The maximum number of items to return.
  • retry_strategy (obj) –

    (optional) A retry strategy to apply to this specific operation/call. This will override any retry strategy set at the client-level.

    This should be one of the strategies available in the retry module. This operation will not retry by default, users can also use the convenient DEFAULT_RETRY_STRATEGY provided by the SDK to enable retries for it. The specifics of the default retry strategy are described here.

    To have this operation explicitly not perform any retries, pass an instance of NoneRetryStrategy.

  • allow_control_chars (bool) – (optional) allow_control_chars is a boolean to indicate whether or not this request should allow control characters in the response object. By default, the response will not allow control characters in strings
Returns:

A Response object with data of type list of WorkRequestError
Return type:

Response
Example:

Click here to see an example of how to use list_work_request_errors API.

list_work_request_logs(work_request_id, **kwargs)

Return a (paginated) list of logs for a given work request.

Parameters:
  • work_request_id (str) – (required) The unique identifier (OCID) of the asynchronous request.
  • opc_request_id (str) – (optional) The client request ID for tracing.
  • page (str) – (optional) The page token representing the page at which to start retrieving results. This is usually retrieved from a previous list call.
  • limit (int) – (optional) The maximum number of items to return.
  • retry_strategy (obj) –

    (optional) A retry strategy to apply to this specific operation/call. This will override any retry strategy set at the client-level.

    This should be one of the strategies available in the retry module. This operation will not retry by default, users can also use the convenient DEFAULT_RETRY_STRATEGY provided by the SDK to enable retries for it. The specifics of the default retry strategy are described here.

    To have this operation explicitly not perform any retries, pass an instance of NoneRetryStrategy.

  • allow_control_chars (bool) – (optional) allow_control_chars is a boolean to indicate whether or not this request should allow control characters in the response object. By default, the response will not allow control characters in strings
Returns:

A Response object with data of type list of WorkRequestLogEntry
Return type:

Response
Example:

Click here to see an example of how to use list_work_request_logs API.

list_work_requests(compartment_id, **kwargs)

Lists the work requests in a compartment.

Parameters:
  • compartment_id (str) – (required) The unique identifier (OCID) of the compartment in which to list resources.
  • opc_request_id (str) – (optional) The client request ID for tracing.
  • page (str) – (optional) The page token representing the page at which to start retrieving results. This is usually retrieved from a previous list call.
  • limit (int) – (optional) The maximum number of items to return.
  • retry_strategy (obj) –

    (optional) A retry strategy to apply to this specific operation/call. This will override any retry strategy set at the client-level.

    This should be one of the strategies available in the retry module. This operation will not retry by default, users can also use the convenient DEFAULT_RETRY_STRATEGY provided by the SDK to enable retries for it. The specifics of the default retry strategy are described here.

    To have this operation explicitly not perform any retries, pass an instance of NoneRetryStrategy.

  • allow_control_chars (bool) – (optional) allow_control_chars is a boolean to indicate whether or not this request should allow control characters in the response object. By default, the response will not allow control characters in strings
Returns:

A Response object with data of type list of WorkRequestSummary
Return type:

Response
Example:

Click here to see an example of how to use list_work_requests API.

update_bastion(bastion_id, update_bastion_details, **kwargs)

Updates the bastion identified by the bastion ID. A bastion provides secured, public access to target resources in the cloud that you cannot otherwise reach from the internet.

Parameters:
  • bastion_id (str) – (required) The unique identifier (OCID) of the bastion.
  • update_bastion_details (oci.bastion.models.UpdateBastionDetails) – (required) The bastion information to be updated.
  • if_match (str) – (optional) For optimistic concurrency control. In the PUT or DELETE call for a resource, set the if-match parameter to the value of the etag from a previous GET or POST response for that resource. The resource will be updated or deleted only if the etag you provide matches the resource’s current etag value.
  • opc_request_id (str) – (optional) The client request ID for tracing.
  • retry_strategy (obj) –

    (optional) A retry strategy to apply to this specific operation/call. This will override any retry strategy set at the client-level.

    This should be one of the strategies available in the retry module. This operation uses DEFAULT_RETRY_STRATEGY as default if no retry strategy is provided. The specifics of the default retry strategy are described here.

    To have this operation explicitly not perform any retries, pass an instance of NoneRetryStrategy.

  • allow_control_chars (bool) – (optional) allow_control_chars is a boolean to indicate whether or not this request should allow control characters in the response object. By default, the response will not allow control characters in strings
Returns:

A Response object with data of type None
Return type:

Response
Example:

Click here to see an example of how to use update_bastion API.

update_session(session_id, update_session_details, **kwargs)

Updates the session identified by the session ID. A bastion session lets authorized users connect to a target resource for a predetermined amount of time.

Parameters:
  • session_id (str) – (required) The unique identifier (OCID) of the session.
  • update_session_details (oci.bastion.models.UpdateSessionDetails) – (required) The session information to be updated.
  • if_match (str) – (optional) For optimistic concurrency control. In the PUT or DELETE call for a resource, set the if-match parameter to the value of the etag from a previous GET or POST response for that resource. The resource will be updated or deleted only if the etag you provide matches the resource’s current etag value.
  • opc_request_id (str) – (optional) The client request ID for tracing.
  • retry_strategy (obj) –

    (optional) A retry strategy to apply to this specific operation/call. This will override any retry strategy set at the client-level.

    This should be one of the strategies available in the retry module. This operation uses DEFAULT_RETRY_STRATEGY as default if no retry strategy is provided. The specifics of the default retry strategy are described here.

    To have this operation explicitly not perform any retries, pass an instance of NoneRetryStrategy.

  • allow_control_chars (bool) – (optional) allow_control_chars is a boolean to indicate whether or not this request should allow control characters in the response object. By default, the response will not allow control characters in strings
Returns:

A Response object with data of type Session
Return type:

Response
Example:

Click here to see an example of how to use update_session API.