oci_operator_access_control_operator_control
This resource provides the Operator Control resource in Oracle Cloud Infrastructure Operator Access Control service.
Creates an Operator Control.
Example Usage
resource "oci_operator_access_control_operator_control" "test_operator_control" {
#Required
approver_groups_list = var.operator_control_approver_groups_list
compartment_id = var.compartment_id
is_fully_pre_approved = var.operator_control_is_fully_pre_approved
operator_control_name = oci_operator_access_control_operator_control.test_operator_control.name
resource_type = var.operator_control_resource_type
#Optional
approvers_list = var.operator_control_approvers_list
defined_tags = var.operator_control_defined_tags
description = var.operator_control_description
email_id_list = var.operator_control_email_id_list
freeform_tags = var.operator_control_freeform_tags
number_of_approvers = var.operator_control_number_of_approvers
pre_approved_op_action_list = var.operator_control_pre_approved_op_action_list
system_message = var.operator_control_system_message
}
Argument Reference
The following arguments are supported:
approver_groups_list
- (Required) (Updatable) List of user groups who can approve an access request associated with a resource governed by this operator control.approvers_list
- (Optional) (Updatable) List of users who can approve an access request associated with a resource governed by this operator control.compartment_id
- (Required) (Updatable) The OCID of the compartment that contains this operator control.defined_tags
- (Optional) (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace.description
- (Optional) (Updatable) Description of the operator control.email_id_list
- (Optional) (Updatable) List of emailId.freeform_tags
- (Optional) (Updatable) Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only.is_fully_pre_approved
- (Required) (Updatable) Whether all the operator actions have been pre-approved. If yes, all access requests associated with a resource governed by this operator control will be auto-approved.
number_of_approvers
- (Optional) (Updatable) Number of approvers required to approve an access request.operator_control_name
- (Required) (Updatable) Name of the operator control.pre_approved_op_action_list
- (Optional) (Updatable) List of pre-approved operator actions. Access requests associated with a resource governed by this operator control will be auto-approved if the access request only contain operator actions in the pre-approved list.resource_type
- (Required) resourceType for which the OperatorControl is applicablesystem_message
- (Optional) (Updatable) This is the message that will be displayed to the operator users while accessing the system.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
Attributes Reference
The following attributes are exported:
approval_required_op_action_list
- List of operator actions that need explicit approval. Any operator action not in the pre-approved list will require explicit approval. Access requests associated with a resource governed by this operator control will be require explicit approval if the access request contains any operator action in this list.
approver_groups_list
- List of user groups who can approve an access request associated with a target resource under the governance of this operator control.approvers_list
- List of users who can approve an access request associated with a target resource under the governance of this operator control.compartment_id
- The OCID of the compartment that contains the operator control.defined_tags
- Defined tags for this resource. Each key is predefined and scoped to a namespace.description
- Description of operator control.email_id_list
- List of emailId.freeform_tags
- Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only.id
- The OCID of the operator control.is_default_operator_control
- Whether the operator control is a default Operator Control.is_fully_pre_approved
- Whether all the operator actions have been pre-approved. If yes, all access requests associated with a resource governed by this operator control will be auto-approved.last_modified_info
- Description associated with the latest modification of the operator control.number_of_approvers
- Number of approvers required to approve an access request.operator_control_name
- Name of the operator control. The name must be unique.pre_approved_op_action_list
- List of pre-approved operator actions. Access requests associated with a resource governed by this operator control will be automatically approved if the access request only contain operator actions in the pre-approved list.
resource_type
- resourceType for which the OperatorControl is applicablestate
- The current lifecycle state of the operator control.system_message
- System message that would be displayed to the operator users on accessing the target resource under the governance of this operator control.time_of_creation
- Time when the operator control was created expressed in RFC 3339 timestamp format. Example: ‘2020-05-22T21:10:29.600Z’time_of_deletion
- Time when deleted expressed in RFC 3339timestamp format. Example: ‘2020-05-22T21:10:29.600Z’. Note a deleted operator control still stays in the system, so that you can still audit operator actions associated with access requests raised on target resources governed by the deleted operator control.time_of_modification
- Time when the operator control was last modified expressed in RFC 3339 timestamp format. Example: ‘2020-05-22T21:10:29.600Z’
Timeouts
The timeouts
block allows you to specify timeouts for certain operations:
* create
- (Defaults to 20 minutes), when creating the Operator Control
* update
- (Defaults to 20 minutes), when updating the Operator Control
* delete
- (Defaults to 20 minutes), when destroying the Operator Control
Import
OperatorControls can be imported using the id
, e.g.
$ terraform import oci_operator_access_control_operator_control.test_operator_control "id"