oracle.oci.oci_operator_access_control_access_request_facts – Fetches details about one or multiple AccessRequest resources in Oracle Cloud Infrastructure

Note

This plugin is part of the oracle.oci collection (version 4.13.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install oracle.oci.

To use it in a playbook, specify: oracle.oci.oci_operator_access_control_access_request_facts.

New in version 2.9.0: of oracle.oci

Synopsis

  • Fetches details about one or multiple AccessRequest resources in Oracle Cloud Infrastructure

  • Lists all access requests in the compartment.

  • If access_request_id is specified, the details of a single AccessRequest will be returned.

Requirements

The below requirements are needed on the host that executes this module.

Parameters

Parameter Choices/Defaults Comments
access_request_id
string
unique AccessRequest identifier
Required to get a specific access_request.

aliases: id
api_user
string
The OCID of the user, on whose behalf, OCI APIs are invoked. If not set, then the value of the OCI_USER_ID environment variable, if any, is used. This option is required if the user is not specified through a configuration file (See config_file_location). To get the user's OCID, please refer https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm.
api_user_fingerprint
string
Fingerprint for the key pair being used. If not set, then the value of the OCI_USER_FINGERPRINT environment variable, if any, is used. This option is required if the key fingerprint is not specified through a configuration file (See config_file_location). To get the key pair's fingerprint value please refer https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm.
api_user_key_file
string
Full path and filename of the private key (in PEM format). If not set, then the value of the OCI_USER_KEY_FILE variable, if any, is used. This option is required if the private key is not specified through a configuration file (See config_file_location). If the key is encrypted with a pass-phrase, the api_user_key_pass_phrase option must also be provided.
api_user_key_pass_phrase
string
Passphrase used by the key referenced in api_user_key_file, if it is encrypted. If not set, then the value of the OCI_USER_KEY_PASS_PHRASE variable, if any, is used. This option is required if the key passphrase is not specified through a configuration file (See config_file_location).
auth_purpose
string
    Choices:
  • service_principal
The auth purpose which can be used in conjunction with 'auth_type=instance_principal'. The default auth_purpose for instance_principal is None.
auth_type
string
    Choices:
  • api_key ←
  • instance_principal
  • instance_obo_user
  • resource_principal
The type of authentication to use for making API requests. By default auth_type="api_key" based authentication is performed and the API key (see api_user_key_file) in your config file will be used. If this 'auth_type' module option is not specified, the value of the OCI_ANSIBLE_AUTH_TYPE, if any, is used. Use auth_type="instance_principal" to use instance principal based authentication when running ansible playbooks within an OCI compute instance.
cert_bundle
string
The full path to a CA certificate bundle to be used for SSL verification. This will override the default CA certificate bundle. If not set, then the value of the OCI_ANSIBLE_CERT_BUNDLE variable, if any, is used.
compartment_id
string
The ID of the compartment in which to list resources.
Required to list multiple access_requests.
config_file_location
string
Path to configuration file. If not set then the value of the OCI_CONFIG_FILE environment variable, if any, is used. Otherwise, defaults to ~/.oci/config.
config_profile_name
string
The profile to load from the config file referenced by config_file_location. If not set, then the value of the OCI_CONFIG_PROFILE environment variable, if any, is used. Otherwise, defaults to the "DEFAULT" profile in config_file_location.
lifecycle_state
string
    Choices:
  • CREATED
  • APPROVALWAITING
  • PREAPPROVED
  • APPROVED
  • MOREINFO
  • REJECTED
  • DEPLOYED
  • DEPLOYFAILED
  • UNDEPLOYED
  • UNDEPLOYFAILED
  • CLOSEFAILED
  • REVOKEFAILED
  • EXPIRYFAILED
  • REVOKING
  • REVOKED
  • EXTENDING
  • EXTENDED
  • EXTENSIONREJECTED
  • COMPLETING
  • COMPLETED
  • EXPIRED
  • APPROVEDFORFUTURE
  • INREVIEW
A filter to return only resources whose lifecycleState matches the given AccessRequest lifecycleState.
region
string
The Oracle Cloud Infrastructure region to use for all OCI API requests. If not set, then the value of the OCI_REGION variable, if any, is used. This option is required if the region is not specified through a configuration file (See config_file_location). Please refer to https://docs.us-phoenix-1.oraclecloud.com/Content/General/Concepts/regions.htm for more information on OCI regions.
resource_name
string
A filter to return only resources that match the given ResourceName.
resource_type
string
A filter to return only lists of resources that match the entire given service type.
sort_by
string
    Choices:
  • timeCreated
  • displayName
The field to sort by. Only one sort order may be provided. Default order for timeCreated is descending. Default order for displayName is ascending. If no value is specified timeCreated is default.
sort_order
string
    Choices:
  • ASC
  • DESC
The sort order to use, either 'asc' or 'desc'.
tenancy
string
OCID of your tenancy. If not set, then the value of the OCI_TENANCY variable, if any, is used. This option is required if the tenancy OCID is not specified through a configuration file (See config_file_location). To get the tenancy OCID, please refer https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm
time_end
string
Query start time in UTC in ISO 8601 format(inclusive). Example 2019-10-30T00:00:00Z (yyyy-MM-ddThh:mm:ssZ). timeIntervalStart and timeIntervalEnd parameters are used together.
time_start
string
Query start time in UTC in ISO 8601 format(inclusive). Example 2019-10-30T00:00:00Z (yyyy-MM-ddThh:mm:ssZ). timeIntervalStart and timeIntervalEnd parameters are used together.

Examples

- name: Get a specific access_request
  oci_operator_access_control_access_request_facts:
    # required
    access_request_id: "ocid1.accessrequest.oc1..xxxxxxEXAMPLExxxxxx"

- name: List access_requests
  oci_operator_access_control_access_request_facts:
    # required
    compartment_id: "ocid1.compartment.oc1..xxxxxxEXAMPLExxxxxx"

    # optional
    resource_name: resource_name_example
    resource_type: resource_type_example
    lifecycle_state: CREATED
    time_start: 2013-10-20T19:20:30+01:00
    time_end: 2013-10-20T19:20:30+01:00
    sort_order: ASC
    sort_by: timeCreated

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
access_requests
complex
on success
List of AccessRequest resources

Sample:
[{'access_reason_summary': 'access_reason_summary_example', 'action_requests_list': [], 'approver_comment': 'approver_comment_example', 'audit_type': [], 'closure_comment': 'closure_comment_example', 'compartment_id': 'ocid1.compartment.oc1..xxxxxxEXAMPLExxxxxx', 'defined_tags': {'Operations': {'CostCenter': 'US'}}, 'duration': 56, 'extend_duration': 56, 'freeform_tags': {'Department': 'Finance'}, 'id': 'ocid1.resource.oc1..xxxxxxEXAMPLExxxxxx', 'is_auto_approved': True, 'lifecycle_details': 'lifecycle_details_example', 'lifecycle_state': 'CREATED', 'opctl_additional_message': 'opctl_additional_message_example', 'opctl_id': 'ocid1.opctl.oc1..xxxxxxEXAMPLExxxxxx', 'opctl_name': 'opctl_name_example', 'operator_id': 'ocid1.operator.oc1..xxxxxxEXAMPLExxxxxx', 'reason': 'reason_example', 'request_id': 'ocid1.request.oc1..xxxxxxEXAMPLExxxxxx', 'resource_id': 'ocid1.resource.oc1..xxxxxxEXAMPLExxxxxx', 'resource_name': 'resource_name_example', 'resource_type': 'EXACC', 'severity': 'S1', 'system_message': 'system_message_example', 'time_of_creation': '2013-10-20T19:20:30+01:00', 'time_of_modification': '2013-10-20T19:20:30+01:00', 'time_of_user_creation': '2013-10-20T19:20:30+01:00', 'user_id': 'ocid1.user.oc1..xxxxxxEXAMPLExxxxxx', 'workflow_id': []}]
 
access_reason_summary
string
on success
Summary comment by the operator creating the access request.

Sample:
access_reason_summary_example
 
action_requests_list
list / elements=string
on success
List of operator actions for which approval is sought by the operator user.
Returned for get operation
 
approver_comment
string
on success
The last recent Comment entered by the approver of the request.
Returned for get operation

Sample:
approver_comment_example
 
audit_type
list / elements=string
on success
Specifies the type of auditing to be enabled. There are two levels of auditing: command-level and keystroke-level. By default, auditing is enabled at the command level i.e., each command issued by the operator is audited. When keystroke-level is chosen, in addition to command level logging, key strokes are also logged.
Returned for get operation
 
closure_comment
string
on success
The comment entered by the operator while closing the request.
Returned for get operation

Sample:
closure_comment_example
 
compartment_id
string
on success
The OCID of the compartment that contains the access request.

Sample:
ocid1.compartment.oc1..xxxxxxEXAMPLExxxxxx
 
defined_tags
dictionary
on success
Defined tags for this resource. Each key is predefined and scoped to a namespace.

Sample:
{'Operations': {'CostCenter': 'US'}}
 
duration
integer
on success
Duration in hours for which access is sought on the target resource.

Sample:
56
 
extend_duration
integer
on success
Duration in hours for which extension access is sought on the target resource.

Sample:
56
 
freeform_tags
dictionary
on success
Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only.

Sample:
{'Department': 'Finance'}
 
id
string
on success
The OCID of the access request.

Sample:
ocid1.resource.oc1..xxxxxxEXAMPLExxxxxx
 
is_auto_approved
boolean
on success
Whether the access request was automatically approved.

Sample:
True
 
lifecycle_details
string
on success
more in detail about the lifeCycleState.

Sample:
lifecycle_details_example
 
lifecycle_state
string
on success
The current state of the AccessRequest.

Sample:
CREATED
 
opctl_additional_message
string
on success
Additional message specific to the access request that can be specified by the approver at the time of approval.
Returned for get operation

Sample:
opctl_additional_message_example
 
opctl_id
string
on success
The OCID of the operator control governing the target resource.
Returned for get operation

Sample:
ocid1.opctl.oc1..xxxxxxEXAMPLExxxxxx
 
opctl_name
string
on success
Name of the Operator control governing the target resource.
Returned for get operation

Sample:
opctl_name_example
 
operator_id
string
on success
A unique identifier associated with the operator who raised the request. This identifier can not be used directly to identify the operator. You need to provide this identifier if you would like Oracle to provide additional information about the operator action within Oracle tenancy.
Returned for get operation

Sample:
ocid1.operator.oc1..xxxxxxEXAMPLExxxxxx
 
reason
string
on success
Summary reason for which the operator is requesting access on the target resource.
Returned for get operation

Sample:
reason_example
 
request_id
string
on success
This is an automatic identifier generated by the system which is easier for human comprehension.

Sample:
ocid1.request.oc1..xxxxxxEXAMPLExxxxxx
 
resource_id
string
on success
The OCID of the target resource associated with the access request. The operator raises an access request to get approval to access the target resource.

Sample:
ocid1.resource.oc1..xxxxxxEXAMPLExxxxxx
 
resource_name
string
on success
The name of the target resource.

Sample:
resource_name_example
 
resource_type
string
on success
resourceType for which the AccessRequest is applicable

Sample:
EXACC
 
severity
string
on success
Priority assigned to the access request by the operator

Sample:
S1
 
system_message
string
on success
System message that will be displayed to the operator at login to the target resource.
Returned for get operation

Sample:
system_message_example
 
time_of_creation
string
on success
Time when the access request was created in RFC 3339timestamp format. Example: '2020-05-22T21:10:29.600Z'

Sample:
2013-10-20T19:20:30+01:00
 
time_of_modification
string
on success
Time when the access request was last modified in RFC 3339timestamp format. Example: '2020-05-22T21:10:29.600Z'

Sample:
2013-10-20T19:20:30+01:00
 
time_of_user_creation
string
on success
The time when access request is scheduled to be approved in RFC 3339 timestamp format.Example: '2020-05-22T21:10:29.600Z'

Sample:
2013-10-20T19:20:30+01:00
 
user_id
string
on success
The OCID of the user that last modified the access request.
Returned for get operation

Sample:
ocid1.user.oc1..xxxxxxEXAMPLExxxxxx
 
workflow_id
list / elements=string
on success
The OCID of the workflow associated with the access request. This is needed if you want to contact Oracle Support for a stuck access request or for an access request that encounters an internal error.
Returned for get operation


Authors

  • Oracle (@oracle)