Try SpotterManage an AuthToken resource in Oracle Cloud Infrastructure
| "added in version" 2.9.0 of oracle.oci"
Authors: Oracle (@oracle)
preview | supported by community
Install with ansible-galaxy collection install oracle.oci:==5.0.0
collections:
- name: oracle.oci
version: 5.0.0This module allows the user to create, update and delete an AuthToken resource in Oracle Cloud Infrastructure
For I(state=present), creates a new auth token for the specified user. For information about what auth tokens are for, see L(Managing User Credentials,https://docs.cloud.oracle.com/Content/Identity/access/managing-user-credentials.htm).
You must specify a *description* for the auth token (although it can be an empty string). It does not have to be unique, and you can change it anytime with L(UpdateAuthToken,https://docs.cloud.oracle.com/en-us/iaas/api/#/en/identity/20160918/AuthToken/UpdateAuthToken).
Every user has permission to create an auth token for *their own user ID*. An administrator in your organization does not need to write a policy to give users this ability. To compare, administrators who have permission to the tenancy can use this operation to create an auth token for any user, including themselves.
- name: Create auth_token
oci_identity_auth_token:
# required
description: description_example
user_id: "ocid1.user.oc1..xxxxxxEXAMPLExxxxxx"
- name: Update auth_token
oci_identity_auth_token:
# required
user_id: "ocid1.user.oc1..xxxxxxEXAMPLExxxxxx"
auth_token_id: "ocid1.authtoken.oc1..xxxxxxEXAMPLExxxxxx"
# optional
description: description_example
- name: Delete auth_token
oci_identity_auth_token:
# required
user_id: "ocid1.user.oc1..xxxxxxEXAMPLExxxxxx"
auth_token_id: "ocid1.authtoken.oc1..xxxxxxEXAMPLExxxxxx"
state: absent
wait:
default: true
description: Whether to wait for create or delete operation to complete.
type: bool
state:
choices:
- present
- absent
default: present
description:
- The state of the AuthToken.
- Use I(state=present) to create or update an AuthToken.
- Use I(state=absent) to delete an AuthToken.
required: false
type: str
key_by:
description: The list of attributes of this resource which should be used to uniquely
identify an instance of the resource. By default, all the attributes of a resource
are used to uniquely identify a resource.
elements: str
type: list
region:
description:
- The Oracle Cloud Infrastructure region to use for all OCI API requests. If not set,
then the value of the OCI_REGION variable, if any, is used. This option is required
if the region is not specified through a configuration file (See C(config_file_location)).
Please refer to U(https://docs.us-phoenix-1.oraclecloud.com/Content/General/Concepts/regions.htm)
for more information on OCI regions.
type: str
tenancy:
description:
- OCID of your tenancy. If not set, then the value of the OCI_TENANCY variable, if
any, is used. This option is required if the tenancy OCID is not specified through
a configuration file (See C(config_file_location)). To get the tenancy OCID, please
refer U(https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm)
type: str
user_id:
description:
- The OCID of the user.
required: true
type: str
api_user:
description:
- The OCID of the user, on whose behalf, OCI APIs are invoked. If not set, then the
value of the OCI_USER_ID environment variable, if any, is used. This option is required
if the user is not specified through a configuration file (See C(config_file_location)).
To get the user's OCID, please refer U(https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm).
type: str
auth_type:
choices:
- api_key
- instance_principal
- instance_obo_user
- resource_principal
- security_token
default: api_key
description:
- The type of authentication to use for making API requests. By default C(auth_type="api_key")
based authentication is performed and the API key (see I(api_user_key_file)) in
your config file will be used. If this 'auth_type' module option is not specified,
the value of the OCI_ANSIBLE_AUTH_TYPE, if any, is used. Use C(auth_type="instance_principal")
to use instance principal based authentication when running ansible playbooks within
an OCI compute instance.
type: str
cert_bundle:
description:
- The full path to a CA certificate bundle to be used for SSL verification. This will
override the default CA certificate bundle. If not set, then the value of the OCI_ANSIBLE_CERT_BUNDLE
variable, if any, is used.
type: str
description:
description:
- The description you assign to the auth token during creation. Does not have to be
unique, and it's changeable.
- (For tenancies that support identity domains) You can have an empty description.
- Required for create using I(state=present).
- This parameter is updatable.
type: str
auth_purpose:
choices:
- service_principal
description:
- The auth purpose which can be used in conjunction with 'auth_type=instance_principal'.
The default auth_purpose for instance_principal is None.
type: str
force_create:
default: false
description: Whether to attempt non-idempotent creation of a resource. By default,
create resource is an idempotent operation, and doesn't create the resource if it
already exists. Setting this option to true, forcefully creates a copy of the resource,
even if it already exists.This option is mutually exclusive with I(key_by).
type: bool
wait_timeout:
description: Time, in seconds, to wait when I(wait=yes). Defaults to 1200 for most
of the services but some services might have a longer wait timeout.
type: int
auth_token_id:
aliases:
- id
description:
- The OCID of the auth token.
- Required for update using I(state=present).
- Required for delete using I(state=absent).
type: str
api_user_key_file:
description:
- Full path and filename of the private key (in PEM format). If not set, then the
value of the OCI_USER_KEY_FILE variable, if any, is used. This option is required
if the private key is not specified through a configuration file (See C(config_file_location)).
If the key is encrypted with a pass-phrase, the C(api_user_key_pass_phrase) option
must also be provided.
type: str
config_profile_name:
description:
- The profile to load from the config file referenced by C(config_file_location).
If not set, then the value of the OCI_CONFIG_PROFILE environment variable, if any,
is used. Otherwise, defaults to the "DEFAULT" profile in C(config_file_location).
type: str
api_user_fingerprint:
description:
- Fingerprint for the key pair being used. If not set, then the value of the OCI_USER_FINGERPRINT
environment variable, if any, is used. This option is required if the key fingerprint
is not specified through a configuration file (See C(config_file_location)). To
get the key pair's fingerprint value please refer U(https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm).
type: str
config_file_location:
description:
- Path to configuration file. If not set then the value of the OCI_CONFIG_FILE environment
variable, if any, is used. Otherwise, defaults to ~/.oci/config.
type: str
api_user_key_pass_phrase:
description:
- Passphrase used by the key referenced in C(api_user_key_file), if it is encrypted.
If not set, then the value of the OCI_USER_KEY_PASS_PHRASE variable, if any, is
used. This option is required if the key passphrase is not specified through a configuration
file (See C(config_file_location)).
type: str
realm_specific_endpoint_template_enabled:
description:
- Enable/Disable realm specific endpoint template for service client. By Default,
realm specific endpoint template is disabled. If not set, then the value of the
OCI_REALM_SPECIFIC_SERVICE_ENDPOINT_TEMPLATE_ENABLED variable, if any, is used.
type: bool
auth_token:
contains:
description:
description:
- The description you assign to the auth token. Does not have to be unique,
and it's changeable.
- (For tenancies that support identity domains) You can have an empty description.
returned: on success
sample: description_example
type: str
id:
description:
- The OCID of the auth token.
returned: on success
sample: ocid1.resource.oc1..xxxxxxEXAMPLExxxxxx
type: str
inactive_status:
description:
- The detailed status of INACTIVE lifecycleState.
returned: on success
sample: 56
type: int
lifecycle_state:
description:
- The token's current state. After creating an auth token, make sure its `lifecycleState`
changes from CREATING to ACTIVE before using it.
returned: on success
sample: CREATING
type: str
time_created:
description:
- Date and time the `AuthToken` object was created, in the format defined by
RFC3339.
- 'Example: `2016-08-25T21:10:29.600Z`'
returned: on success
sample: '2013-10-20T19:20:30+01:00'
type: str
time_expires:
description:
- Date and time when this auth token will expire, in the format defined by RFC3339.
Null if it never expires.
- 'Example: `2016-08-25T21:10:29.600Z`'
returned: on success
sample: '2013-10-20T19:20:30+01:00'
type: str
token:
description:
- The auth token. The value is available only in the response for `CreateAuthToken`,
and not for `ListAuthTokens` or `UpdateAuthToken`.
returned: on success
sample: token_example
type: str
user_id:
description:
- The OCID of the user the auth token belongs to.
returned: on success
sample: ocid1.user.oc1..xxxxxxEXAMPLExxxxxx
type: str
description:
- Details of the AuthToken resource acted upon by the current operation
returned: on success
sample:
description: description_example
id: ocid1.resource.oc1..xxxxxxEXAMPLExxxxxx
inactive_status: 56
lifecycle_state: CREATING
time_created: '2013-10-20T19:20:30+01:00'
time_expires: '2013-10-20T19:20:30+01:00'
token: token_example
user_id: ocid1.user.oc1..xxxxxxEXAMPLExxxxxx
type: complex