oracle / oracle.oci / 2.38.0 / module / oci_identity_auth_token Manage an AuthToken resource in Oracle Cloud Infrastructure | "added in version" 2.9.0 of oracle.oci" Authors: Oracle (@oracle) preview | supported by communityoracle.oci.oci_identity_auth_token (2.38.0) — module
Install with ansible-galaxy collection install oracle.oci:==2.38.0
collections: - name: oracle.oci version: 2.38.0
This module allows the user to create, update and delete an AuthToken resource in Oracle Cloud Infrastructure
For I(state=present), creates a new auth token for the specified user. For information about what auth tokens are for, see L(Managing User Credentials,https://docs.cloud.oracle.com/Content/Identity/Tasks/managingcredentials.htm).
You must specify a *description* for the auth token (although it can be an empty string). It does not have to be unique, and you can change it anytime with L(UpdateAuthToken,https://docs.cloud.oracle.com/en-us/iaas/api/#/en/identity/20160918/AuthToken/UpdateAuthToken).
Every user has permission to create an auth token for *their own user ID*. An administrator in your organization does not need to write a policy to give users this ability. To compare, administrators who have permission to the tenancy can use this operation to create an auth token for any user, including themselves.
- name: Create auth_token oci_identity_auth_token: # required description: description_example user_id: "ocid1.user.oc1..xxxxxxEXAMPLExxxxxx"
- name: Update auth_token oci_identity_auth_token: # required user_id: "ocid1.user.oc1..xxxxxxEXAMPLExxxxxx" auth_token_id: "ocid1.authtoken.oc1..xxxxxxEXAMPLExxxxxx" # optional description: description_example
- name: Delete auth_token oci_identity_auth_token: # required user_id: "ocid1.user.oc1..xxxxxxEXAMPLExxxxxx" auth_token_id: "ocid1.authtoken.oc1..xxxxxxEXAMPLExxxxxx" state: absent
wait: default: true description: Whether to wait for create or delete operation to complete. type: bool state: choices: - present - absent default: present description: - The state of the AuthToken. - Use I(state=present) to create or update an AuthToken. - Use I(state=absent) to delete an AuthToken. required: false type: str key_by: description: The list of attributes of this resource which should be used to uniquely identify an instance of the resource. By default, all the attributes of a resource are used to uniquely identify a resource. elements: str type: list region: description: - The Oracle Cloud Infrastructure region to use for all OCI API requests. If not set, then the value of the OCI_REGION variable, if any, is used. This option is required if the region is not specified through a configuration file (See C(config_file_location)). Please refer to U(https://docs.us-phoenix-1.oraclecloud.com/Content/General/Concepts/regions.htm) for more information on OCI regions. type: str tenancy: description: - OCID of your tenancy. If not set, then the value of the OCI_TENANCY variable, if any, is used. This option is required if the tenancy OCID is not specified through a configuration file (See C(config_file_location)). To get the tenancy OCID, please refer U(https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm) type: str user_id: description: - The OCID of the user. required: true type: str api_user: description: - The OCID of the user, on whose behalf, OCI APIs are invoked. If not set, then the value of the OCI_USER_ID environment variable, if any, is used. This option is required if the user is not specified through a configuration file (See C(config_file_location)). To get the user's OCID, please refer U(https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm). type: str auth_type: choices: - api_key - instance_principal - instance_obo_user - resource_principal default: api_key description: - The type of authentication to use for making API requests. By default C(auth_type="api_key") based authentication is performed and the API key (see I(api_user_key_file)) in your config file will be used. If this 'auth_type' module option is not specified, the value of the OCI_ANSIBLE_AUTH_TYPE, if any, is used. Use C(auth_type="instance_principal") to use instance principal based authentication when running ansible playbooks within an OCI compute instance. type: str description: description: - The description you assign to the auth token during creation. Does not have to be unique, and it's changeable. - Required for create using I(state=present). - This parameter is updatable. type: str force_create: default: false description: Whether to attempt non-idempotent creation of a resource. By default, create resource is an idempotent operation, and doesn't create the resource if it already exists. Setting this option to true, forcefully creates a copy of the resource, even if it already exists.This option is mutually exclusive with I(key_by). type: bool wait_timeout: description: Time, in seconds, to wait when I(wait=yes). Defaults to 1200 for most of the services but some services might have a longer wait timeout. type: int auth_token_id: aliases: - id description: - The OCID of the auth token. - Required for update using I(state=present). - Required for delete using I(state=absent). type: str api_user_key_file: description: - Full path and filename of the private key (in PEM format). If not set, then the value of the OCI_USER_KEY_FILE variable, if any, is used. This option is required if the private key is not specified through a configuration file (See C(config_file_location)). If the key is encrypted with a pass-phrase, the C(api_user_key_pass_phrase) option must also be provided. type: str config_profile_name: description: - The profile to load from the config file referenced by C(config_file_location). If not set, then the value of the OCI_CONFIG_PROFILE environment variable, if any, is used. Otherwise, defaults to the "DEFAULT" profile in C(config_file_location). type: str api_user_fingerprint: description: - Fingerprint for the key pair being used. If not set, then the value of the OCI_USER_FINGERPRINT environment variable, if any, is used. This option is required if the key fingerprint is not specified through a configuration file (See C(config_file_location)). To get the key pair's fingerprint value please refer U(https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm). type: str config_file_location: description: - Path to configuration file. If not set then the value of the OCI_CONFIG_FILE environment variable, if any, is used. Otherwise, defaults to ~/.oci/config. type: str api_user_key_pass_phrase: description: - Passphrase used by the key referenced in C(api_user_key_file), if it is encrypted. If not set, then the value of the OCI_USER_KEY_PASS_PHRASE variable, if any, is used. This option is required if the key passphrase is not specified through a configuration file (See C(config_file_location)). type: str
auth_token: contains: description: description: - The description you assign to the auth token. Does not have to be unique, and it's changeable. returned: on success sample: description_example type: str id: description: - The OCID of the auth token. returned: on success sample: ocid1.resource.oc1..xxxxxxEXAMPLExxxxxx type: str inactive_status: description: - The detailed status of INACTIVE lifecycleState. returned: on success sample: 56 type: int lifecycle_state: description: - The token's current state. After creating an auth token, make sure its `lifecycleState` changes from CREATING to ACTIVE before using it. returned: on success sample: CREATING type: str time_created: description: - Date and time the `AuthToken` object was created, in the format defined by RFC3339. - 'Example: `2016-08-25T21:10:29.600Z`' returned: on success sample: '2013-10-20T19:20:30+01:00' type: str time_expires: description: - Date and time when this auth token will expire, in the format defined by RFC3339. Null if it never expires. - 'Example: `2016-08-25T21:10:29.600Z`' returned: on success sample: '2013-10-20T19:20:30+01:00' type: str token: description: - The auth token. The value is available only in the response for `CreateAuthToken`, and not for `ListAuthTokens` or `UpdateAuthToken`. returned: on success sample: token_example type: str user_id: description: - The OCID of the user the auth token belongs to. returned: on success sample: ocid1.user.oc1..xxxxxxEXAMPLExxxxxx type: str description: - Details of the AuthToken resource acted upon by the current operation returned: on success sample: description: description_example id: ocid1.resource.oc1..xxxxxxEXAMPLExxxxxx inactive_status: 56 lifecycle_state: CREATING time_created: '2013-10-20T19:20:30+01:00' time_expires: '2013-10-20T19:20:30+01:00' token: token_example user_id: ocid1.user.oc1..xxxxxxEXAMPLExxxxxx type: complex