oracle.oci.oci_object_storage_object_actions – Perform actions on an Object resource in Oracle Cloud Infrastructure

Note

This plugin is part of the oracle.oci collection (version 4.14.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install oracle.oci.

To use it in a playbook, specify: oracle.oci.oci_object_storage_object_actions.

New in version 2.9.0: of oracle.oci

Synopsis

  • Perform actions on an Object resource in Oracle Cloud Infrastructure

  • For action=copy, creates a request to copy an object within a region or to another region. See Object Names for object naming requirements.

  • For action=reencrypt, re-encrypts the data encryption keys that encrypt the object and its chunks. By default, when you create a bucket, the Object Storage service manages the master encryption key used to encrypt each object’s data encryption keys. The encryption mechanism that you specify for the bucket applies to the objects it contains. You can alternatively employ one of these encryption strategies for an object: - You can assign a key that you created and control through the Oracle Cloud Infrastructure Vault service. - You can encrypt an object using your own encryption key. The key you supply is known as a customer-provided encryption key (SSE-C).

  • For action=rename, rename an object in the given Object Storage namespace. See Object Names for object naming requirements.

  • For action=restore, restores one or more objects specified by the objectName parameter. By default objects will be restored for 24 hours. Duration can be configured using the hours parameter.

  • For action=update_object_storage_tier, changes the storage tier of the object specified by the objectName parameter.

Requirements

The below requirements are needed on the host that executes this module.

Parameters

Parameter Choices/Defaults Comments
action
string / required
    Choices:
  • copy
  • reencrypt
  • rename
  • restore
  • update_object_storage_tier
The action to perform on the Object.
api_user
string
The OCID of the user, on whose behalf, OCI APIs are invoked. If not set, then the value of the OCI_USER_ID environment variable, if any, is used. This option is required if the user is not specified through a configuration file (See config_file_location). To get the user's OCID, please refer https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm.
api_user_fingerprint
string
Fingerprint for the key pair being used. If not set, then the value of the OCI_USER_FINGERPRINT environment variable, if any, is used. This option is required if the key fingerprint is not specified through a configuration file (See config_file_location). To get the key pair's fingerprint value please refer https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm.
api_user_key_file
string
Full path and filename of the private key (in PEM format). If not set, then the value of the OCI_USER_KEY_FILE variable, if any, is used. This option is required if the private key is not specified through a configuration file (See config_file_location). If the key is encrypted with a pass-phrase, the api_user_key_pass_phrase option must also be provided.
api_user_key_pass_phrase
string
Passphrase used by the key referenced in api_user_key_file, if it is encrypted. If not set, then the value of the OCI_USER_KEY_PASS_PHRASE variable, if any, is used. This option is required if the key passphrase is not specified through a configuration file (See config_file_location).
auth_purpose
string
    Choices:
  • service_principal
The auth purpose which can be used in conjunction with 'auth_type=instance_principal'. The default auth_purpose for instance_principal is None.
auth_type
string
    Choices:
  • api_key ←
  • instance_principal
  • instance_obo_user
  • resource_principal
The type of authentication to use for making API requests. By default auth_type="api_key" based authentication is performed and the API key (see api_user_key_file) in your config file will be used. If this 'auth_type' module option is not specified, the value of the OCI_ANSIBLE_AUTH_TYPE, if any, is used. Use auth_type="instance_principal" to use instance principal based authentication when running ansible playbooks within an OCI compute instance.
bucket_name
string / required
The name of the bucket. Avoid entering confidential information. Example: `my-new-bucket1`
cert_bundle
string
The full path to a CA certificate bundle to be used for SSL verification. This will override the default CA certificate bundle. If not set, then the value of the OCI_ANSIBLE_CERT_BUNDLE variable, if any, is used.
config_file_location
string
Path to configuration file. If not set then the value of the OCI_CONFIG_FILE environment variable, if any, is used. Otherwise, defaults to ~/.oci/config.
config_profile_name
string
The profile to load from the config file referenced by config_file_location. If not set, then the value of the OCI_CONFIG_PROFILE environment variable, if any, is used. Otherwise, defaults to the "DEFAULT" profile in config_file_location.
destination_bucket
string
The destination bucket the object will be copied to.
Required for action=copy.
destination_namespace
string
The destination Object Storage namespace the object will be copied to.
Required for action=copy.
destination_object_if_match_e_tag
string
The entity tag (ETag) to match against that of the destination object (an object intended to be overwritten). Used to confirm that the destination object stored under a given name is the version of that object storing a specified entity tag.
Applicable only for action=copy.
destination_object_if_none_match_e_tag
string
The entity tag (ETag) to avoid matching. The only valid value is '*', which indicates that the request should fail if the object already exists in the destination bucket.
Applicable only for action=copy.
destination_object_metadata
dictionary
Arbitrary string keys and values for the user-defined metadata for the object. Keys must be in "opc-meta-*" format. Avoid entering confidential information. Metadata key-value pairs entered in this field are assigned to the destination object. If you enter no metadata values, the destination object will inherit any existing metadata values associated with the source object.
Applicable only for action=copy.
destination_object_name
string
The name of the destination object resulting from the copy operation. Avoid entering confidential information.
Required for action=copy.
destination_object_storage_tier
string
    Choices:
  • Standard
  • InfrequentAccess
  • Archive
The storage tier that the object should be stored in. If not specified, the object will be stored in the same storage tier as the bucket.
Applicable only for action=copy.
destination_region
string
The destination region the object will be copied to, for example "us-ashburn-1".
Required for action=copy.
hours
integer
The number of hours for which this object will be restored. By default objects will be restored for 24 hours. You can instead configure the duration using the hours parameter.
Applicable only for action=restore.
kms_key_id
string
The OCID of the master encryption key used to call the Vault service to re-encrypt the data encryption keys associated with the object and its chunks. If the kmsKeyId value is empty, whether null or an empty string, the API will perform re-encryption by using the kmsKeyId associated with the bucket or the master encryption key managed by Oracle, depending on the bucket encryption mechanism.
Applicable only for action=reencrypt.
namespace_name
string / required
The Object Storage namespace used for the request.
new_name
string
The new name of the source object. Avoid entering confidential information.
Required for action=rename.
new_obj_if_match_e_tag
string
The if-match entity tag (ETag) of the new object.
Applicable only for action=rename.
new_obj_if_none_match_e_tag
string
The if-none-match entity tag (ETag) of the new object. The only valid value is '*', which indicates request should fail if the new object already exists.
Applicable only for action=rename.
object_name
string
The name of the object. Avoid entering confidential information. Example: `test/object1.log`
Required for action=reencrypt, action=restore, action=update_object_storage_tier.
opc_source_sse_customer_algorithm
string
The optional header that specifies "AES256" as the encryption algorithm to use to decrypt the source object. For more information, see Using Your Own Keys for Server-Side Encryption.
Applicable only for action=copy.
opc_source_sse_customer_key
string
The optional header that specifies the base64-encoded 256-bit encryption key to use to decrypt the source object. For more information, see Using Your Own Keys for Server-Side Encryption.
Applicable only for action=copy.
opc_source_sse_customer_key_sha256
string
The optional header that specifies the base64-encoded SHA256 hash of the encryption key used to decrypt the source object. This value is used to check the integrity of the encryption key. For more information, see Using Your Own Keys for Server-Side Encryption.
Applicable only for action=copy.
opc_sse_customer_algorithm
string
The optional header that specifies "AES256" as the encryption algorithm. For more information, see Using Your Own Keys for Server-Side Encryption.
Applicable only for action=copy.
opc_sse_customer_key
string
The optional header that specifies the base64-encoded 256-bit encryption key to use to encrypt or decrypt the data. For more information, see Using Your Own Keys for Server-Side Encryption.
Applicable only for action=copy.
opc_sse_customer_key_sha256
string
The optional header that specifies the base64-encoded SHA256 hash of the encryption key. This value is used to check the integrity of the encryption key. For more information, see Using Your Own Keys for Server-Side Encryption.
Applicable only for action=copy.
opc_sse_kms_key_id
string
The OCID of a master encryption key used to call the Key Management service to generate a data encryption key or to encrypt or decrypt a data encryption key.
Applicable only for action=copy.
region
string
The Oracle Cloud Infrastructure region to use for all OCI API requests. If not set, then the value of the OCI_REGION variable, if any, is used. This option is required if the region is not specified through a configuration file (See config_file_location). Please refer to https://docs.us-phoenix-1.oraclecloud.com/Content/General/Concepts/regions.htm for more information on OCI regions.
source_name
string
The name of the source object to be renamed.
Required for action=rename.
source_object_if_match_e_tag
string
The entity tag (ETag) to match against that of the source object. Used to confirm that the source object with a given name is the version of that object storing a specified ETag.
Applicable only for action=copy.
source_object_name
string
The name of the object to be copied.
Required for action=copy.
source_sse_customer_key
dictionary
Applicable only for action=reencrypt.
algorithm
string / required
    Choices:
  • AES256
Specifies the encryption algorithm. The only supported value is "AES256".
key
string / required
Specifies the base64-encoded 256-bit encryption key to use to encrypt or decrypt the object data.
key_sha256
string / required
Specifies the base64-encoded SHA256 hash of the encryption key. This value is used to check the integrity of the encryption key.
source_version_id
string
VersionId of the object to copy. If not provided then current version is copied by default.
Applicable only for action=copy.
src_obj_if_match_e_tag
string
The if-match entity tag (ETag) of the source object.
Applicable only for action=rename.
sse_customer_key
dictionary
Applicable only for action=reencrypt.
algorithm
string / required
    Choices:
  • AES256
Specifies the encryption algorithm. The only supported value is "AES256".
key
string / required
Specifies the base64-encoded 256-bit encryption key to use to encrypt or decrypt the object data.
key_sha256
string / required
Specifies the base64-encoded SHA256 hash of the encryption key. This value is used to check the integrity of the encryption key.
storage_tier
string
    Choices:
  • Standard
  • InfrequentAccess
  • Archive
The storage tier that the object should be moved to.
Required for action=update_object_storage_tier.
tenancy
string
OCID of your tenancy. If not set, then the value of the OCI_TENANCY variable, if any, is used. This option is required if the tenancy OCID is not specified through a configuration file (See config_file_location). To get the tenancy OCID, please refer https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm
version_id
string
VersionId used to identify a particular version of the object
Applicable only for action=reencryptaction=restoreaction=update_object_storage_tier.
wait
boolean
    Choices:
  • no
  • yes ←
Whether to wait for create or delete operation to complete.
wait_timeout
integer
Time, in seconds, to wait when wait=yes. Defaults to 1200 for most of the services but some services might have a longer wait timeout.

Examples

- name: Perform action copy on object
  oci_object_storage_object_actions:
    # required
    source_object_name: source_object_name_example
    destination_region: us-phoenix-1
    destination_namespace: destination_namespace_example
    destination_bucket: destination_bucket_example
    destination_object_name: destination_object_name_example
    namespace_name: namespace_name_example
    bucket_name: bucket_name_example
    action: copy

    # optional
    source_object_if_match_e_tag: source_object_if_match_e_tag_example
    source_version_id: "ocid1.sourceversion.oc1..xxxxxxEXAMPLExxxxxx"
    destination_object_if_match_e_tag: destination_object_if_match_e_tag_example
    destination_object_if_none_match_e_tag: destination_object_if_none_match_e_tag_example
    destination_object_metadata: null
    destination_object_storage_tier: Standard
    opc_sse_customer_algorithm: opc_sse_customer_algorithm_example
    opc_sse_customer_key: opc_sse_customer_key_example
    opc_sse_customer_key_sha256: opc_sse_customer_key_sha256_example
    opc_source_sse_customer_algorithm: opc_source_sse_customer_algorithm_example
    opc_source_sse_customer_key: opc_source_sse_customer_key_example
    opc_source_sse_customer_key_sha256: opc_source_sse_customer_key_sha256_example
    opc_sse_kms_key_id: "ocid1.opcssekmskey.oc1..xxxxxxEXAMPLExxxxxx"

- name: Perform action reencrypt on object
  oci_object_storage_object_actions:
    # required
    namespace_name: namespace_name_example
    bucket_name: bucket_name_example
    object_name: object_name_example
    action: reencrypt

    # optional
    kms_key_id: "ocid1.kmskey.oc1..xxxxxxEXAMPLExxxxxx"
    sse_customer_key:
      # required
      algorithm: AES256
      key: key_example
      key_sha256: key_sha256_example
    source_sse_customer_key:
      # required
      algorithm: AES256
      key: key_example
      key_sha256: key_sha256_example
    version_id: "ocid1.version.oc1..xxxxxxEXAMPLExxxxxx"

- name: Perform action rename on object
  oci_object_storage_object_actions:
    # required
    source_name: source_name_example
    new_name: new_name_example
    namespace_name: namespace_name_example
    bucket_name: bucket_name_example
    action: rename

    # optional
    src_obj_if_match_e_tag: src_obj_if_match_e_tag_example
    new_obj_if_match_e_tag: new_obj_if_match_e_tag_example
    new_obj_if_none_match_e_tag: new_obj_if_none_match_e_tag_example

- name: Perform action restore on object
  oci_object_storage_object_actions:
    # required
    namespace_name: namespace_name_example
    bucket_name: bucket_name_example
    object_name: object_name_example
    action: restore

    # optional
    hours: 56
    version_id: "ocid1.version.oc1..xxxxxxEXAMPLExxxxxx"

- name: Perform action update_object_storage_tier on object
  oci_object_storage_object_actions:
    # required
    namespace_name: namespace_name_example
    bucket_name: bucket_name_example
    object_name: object_name_example
    storage_tier: Standard
    action: update_object_storage_tier

    # optional
    version_id: "ocid1.version.oc1..xxxxxxEXAMPLExxxxxx"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
object
complex
on success
Details of the Object resource acted upon by the current operation

Sample:
{'archival_state': 'Archived', 'etag': 'etag_example', 'headers': {'Content-Length': '37', 'opc-meta-key1': 'value1'}, 'md5': 'md5_example', 'name': 'name_example', 'size': 56, 'storage_tier': 'Standard', 'time_created': '2013-10-20T19:20:30+01:00', 'time_modified': '2013-10-20T19:20:30+01:00'}
 
archival_state
string
on success
Archival state of an object. This field is set only for objects in Archive tier.

Sample:
Archived
 
etag
string
on success
The current entity tag (ETag) for the object.

Sample:
etag_example
 
headers
dictionary
on success
response headers for the object

Sample:
{'Content-Length': '37', 'opc-meta-key1': 'value1'}
 
md5
string
on success
Base64-encoded MD5 hash of the object data.

Sample:
md5_example
 
name
string
on success
The name of the object. Avoid entering confidential information. Example: test/object1.log

Sample:
name_example
 
size
integer
on success
Size of the object in bytes.

Sample:
56
 
storage_tier
string
on success
The storage tier that the object is stored in.

Sample:
Standard
 
time_created
string
on success
The date and time the object was created, as described in RFC 2616.

Sample:
2013-10-20T19:20:30+01:00
 
time_modified
string
on success
The date and time the object was modified, as described in RFC 2616, section 14.29.

Sample:
2013-10-20T19:20:30+01:00


Authors

  • Oracle (@oracle)