Try SpotterPerform actions on a TagNamespace resource in Oracle Cloud Infrastructure
| "added in version" 2.9.0 of oracle.oci"
Authors: Oracle (@oracle)
preview | supported by community
Install with ansible-galaxy collection install oracle.oci:==5.0.0
collections:
- name: oracle.oci
version: 5.0.0Perform actions on a TagNamespace resource in Oracle Cloud Infrastructure
For I(action=add_tag_namespace_lock), add a resource lock to a tag namespace.
For I(action=cascade_delete), deletes the specified tag namespace. This operation triggers a process that removes all of the tags defined in the specified tag namespace from all resources in your tenancy and then deletes the tag namespace. After you start the delete operation: * New tag key definitions cannot be created under the namespace. * The state of the tag namespace changes to DELETING. * Tag removal from the resources begins. This process can take up to 48 hours depending on the number of tag definitions in the namespace, the number of resources that are tagged, and the locations of the regions in which those resources reside. After all tags are removed, the state changes to DELETED. You cannot restore a deleted tag namespace. After the deleted tag namespace changes its state to DELETED, you can use the name of the deleted tag namespace again. After you start this operation, you cannot start either the L(DeleteTag,https://docs.cloud.oracle.com/en-us/iaas/api/#/en/identity/20160918/Tag/DeleteTag) or the L(BulkDeleteTags,https://docs.cloud.oracle.com/en-us/iaas/api/#/en/identity/20160918/Tag/BulkDeleteTags) operation until this process completes. To delete a tag namespace, you must first retire it. Use L(UpdateTagNamespace,https://docs.cloud.oracle.com/en- us/iaas/api/#/en/identity/20160918/TagNamespace/UpdateTagNamespace) to retire a tag namespace.
For I(action=change_compartment), moves the specified tag namespace to the specified compartment within the same tenancy. To move the tag namespace, you must have the manage tag-namespaces permission on both compartments. For more information about IAM policies, see L(Details for IAM,https://docs.cloud.oracle.com/Content/Identity/policyreference/iampolicyreference.htm). Moving a tag namespace moves all the tag key definitions contained in the tag namespace.
For I(action=remove_tag_namespace_lock), remove a resource lock from a tag namespace.
- name: Perform action add_tag_namespace_lock on tag_namespace
oci_identity_tag_namespace_actions:
# required
tag_namespace_id: "ocid1.tagnamespace.oc1..xxxxxxEXAMPLExxxxxx"
type: FULL
action: add_tag_namespace_lock
# optional
related_resource_id: "ocid1.relatedresource.oc1..xxxxxxEXAMPLExxxxxx"
msg: msg_example
- name: Perform action cascade_delete on tag_namespace
oci_identity_tag_namespace_actions:
# required
tag_namespace_id: "ocid1.tagnamespace.oc1..xxxxxxEXAMPLExxxxxx"
action: cascade_delete
# optional
is_lock_override: true
- name: Perform action change_compartment on tag_namespace
oci_identity_tag_namespace_actions:
# required
compartment_id: "ocid1.compartment.oc1..xxxxxxEXAMPLExxxxxx"
tag_namespace_id: "ocid1.tagnamespace.oc1..xxxxxxEXAMPLExxxxxx"
action: change_compartment
# optional
is_lock_override: true
- name: Perform action remove_tag_namespace_lock on tag_namespace
oci_identity_tag_namespace_actions:
# required
tag_namespace_id: "ocid1.tagnamespace.oc1..xxxxxxEXAMPLExxxxxx"
type: FULL
action: remove_tag_namespace_lock
msg:
aliases:
- message
description:
- A message added by the creator of the lock. This is typically used to give an indication
of why the resource is locked.
- Applicable only for I(action=add_tag_namespace_lock).
type: str
type:
choices:
- FULL
- DELETE
description:
- Type of the lock.
- Required for I(action=add_tag_namespace_lock), I(action=remove_tag_namespace_lock).
type: str
wait:
default: true
description: Whether to wait for create or delete operation to complete.
type: bool
action:
choices:
- add_tag_namespace_lock
- cascade_delete
- change_compartment
- remove_tag_namespace_lock
description:
- The action to perform on the TagNamespace.
required: true
type: str
region:
description:
- The Oracle Cloud Infrastructure region to use for all OCI API requests. If not set,
then the value of the OCI_REGION variable, if any, is used. This option is required
if the region is not specified through a configuration file (See C(config_file_location)).
Please refer to U(https://docs.us-phoenix-1.oraclecloud.com/Content/General/Concepts/regions.htm)
for more information on OCI regions.
type: str
tenancy:
description:
- OCID of your tenancy. If not set, then the value of the OCI_TENANCY variable, if
any, is used. This option is required if the tenancy OCID is not specified through
a configuration file (See C(config_file_location)). To get the tenancy OCID, please
refer U(https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm)
type: str
api_user:
description:
- The OCID of the user, on whose behalf, OCI APIs are invoked. If not set, then the
value of the OCI_USER_ID environment variable, if any, is used. This option is required
if the user is not specified through a configuration file (See C(config_file_location)).
To get the user's OCID, please refer U(https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm).
type: str
auth_type:
choices:
- api_key
- instance_principal
- instance_obo_user
- resource_principal
- security_token
default: api_key
description:
- The type of authentication to use for making API requests. By default C(auth_type="api_key")
based authentication is performed and the API key (see I(api_user_key_file)) in
your config file will be used. If this 'auth_type' module option is not specified,
the value of the OCI_ANSIBLE_AUTH_TYPE, if any, is used. Use C(auth_type="instance_principal")
to use instance principal based authentication when running ansible playbooks within
an OCI compute instance.
type: str
cert_bundle:
description:
- The full path to a CA certificate bundle to be used for SSL verification. This will
override the default CA certificate bundle. If not set, then the value of the OCI_ANSIBLE_CERT_BUNDLE
variable, if any, is used.
type: str
auth_purpose:
choices:
- service_principal
description:
- The auth purpose which can be used in conjunction with 'auth_type=instance_principal'.
The default auth_purpose for instance_principal is None.
type: str
wait_timeout:
description: Time, in seconds, to wait when I(wait=yes). Defaults to 1200 for most
of the services but some services might have a longer wait timeout.
type: int
compartment_id:
description:
- The Oracle Cloud ID (OCID) of the destination compartment.
- Required for I(action=change_compartment).
type: str
is_lock_override:
description:
- Whether to override locks (if any exist).
- Applicable only for I(action=cascade_delete)I(action=change_compartment).
type: bool
tag_namespace_id:
aliases:
- id
description:
- The OCID of the tag namespace.
required: true
type: str
api_user_key_file:
description:
- Full path and filename of the private key (in PEM format). If not set, then the
value of the OCI_USER_KEY_FILE variable, if any, is used. This option is required
if the private key is not specified through a configuration file (See C(config_file_location)).
If the key is encrypted with a pass-phrase, the C(api_user_key_pass_phrase) option
must also be provided.
type: str
config_profile_name:
description:
- The profile to load from the config file referenced by C(config_file_location).
If not set, then the value of the OCI_CONFIG_PROFILE environment variable, if any,
is used. Otherwise, defaults to the "DEFAULT" profile in C(config_file_location).
type: str
related_resource_id:
description:
- The ID of the resource that is locking this resource. Indicates that deleting this
resource will remove the lock.
- Applicable only for I(action=add_tag_namespace_lock).
type: str
api_user_fingerprint:
description:
- Fingerprint for the key pair being used. If not set, then the value of the OCI_USER_FINGERPRINT
environment variable, if any, is used. This option is required if the key fingerprint
is not specified through a configuration file (See C(config_file_location)). To
get the key pair's fingerprint value please refer U(https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm).
type: str
config_file_location:
description:
- Path to configuration file. If not set then the value of the OCI_CONFIG_FILE environment
variable, if any, is used. Otherwise, defaults to ~/.oci/config.
type: str
api_user_key_pass_phrase:
description:
- Passphrase used by the key referenced in C(api_user_key_file), if it is encrypted.
If not set, then the value of the OCI_USER_KEY_PASS_PHRASE variable, if any, is
used. This option is required if the key passphrase is not specified through a configuration
file (See C(config_file_location)).
type: str
realm_specific_endpoint_template_enabled:
description:
- Enable/Disable realm specific endpoint template for service client. By Default,
realm specific endpoint template is disabled. If not set, then the value of the
OCI_REALM_SPECIFIC_SERVICE_ENDPOINT_TEMPLATE_ENABLED variable, if any, is used.
type: bool
tag_namespace:
contains:
compartment_id:
description:
- The OCID of the compartment that contains the tag namespace.
returned: on success
sample: ocid1.compartment.oc1..xxxxxxEXAMPLExxxxxx
type: str
defined_tags:
description:
- 'Defined tags for this resource. Each key is predefined and scoped to a namespace.
For more information, see L(Resource Tags,https://docs.cloud.oracle.com/Content/General/Concepts/resourcetags.htm).
Example: `{"Operations": {"CostCenter": "42"}}`'
returned: on success
sample:
Operations:
CostCenter: US
type: dict
description:
description:
- The description you assign to the tag namespace.
returned: on success
sample: description_example
type: str
freeform_tags:
description:
- 'Free-form tags for this resource. Each tag is a simple key-value pair with
no predefined name, type, or namespace. For more information, see L(Resource
Tags,https://docs.cloud.oracle.com/Content/General/Concepts/resourcetags.htm).
Example: `{"Department": "Finance"}`'
returned: on success
sample:
Department: Finance
type: dict
id:
description:
- The OCID of the tag namespace.
returned: on success
sample: ocid1.resource.oc1..xxxxxxEXAMPLExxxxxx
type: str
is_retired:
description:
- Whether the tag namespace is retired. See L(Retiring Key Definitions and Namespace
Definitions,https://docs.cloud.oracle.com/Content/Tagging/Tasks/managingtagsandtagnamespaces.htm#retiringkeys).
returned: on success
sample: true
type: bool
lifecycle_state:
description:
- The tagnamespace's current state. After creating a tagnamespace, make sure
its `lifecycleState` is ACTIVE before using it. After retiring a tagnamespace,
make sure its `lifecycleState` is INACTIVE before using it.
returned: on success
sample: ACTIVE
type: str
locks:
contains:
is_active:
description:
- Indicates if the lock is active or not. For example, if there are mutliple
FULL locks, the first-created FULL lock will be effective.
returned: on success
sample: true
type: bool
message:
description:
- A message added by the creator of the lock. This is typically used to
give an indication of why the resource is locked.
returned: on success
sample: message_example
type: str
related_resource_id:
description:
- The ID of the resource that is locking this resource. Indicates that deleting
this resource will remove the lock.
returned: on success
sample: ocid1.relatedresource.oc1..xxxxxxEXAMPLExxxxxx
type: str
time_created:
description:
- When the lock was created.
returned: on success
sample: '2013-10-20T19:20:30+01:00'
type: str
type:
description:
- Type of the lock.
returned: on success
sample: FULL
type: str
description:
- Locks associated with this resource.
returned: on success
type: complex
name:
description:
- The name of the tag namespace. It must be unique across all tag namespaces
in the tenancy and cannot be changed.
returned: on success
sample: name_example
type: str
time_created:
description:
- 'Date and time the tagNamespace was created, in the format defined by RFC3339.
Example: `2016-08-25T21:10:29.600Z`'
returned: on success
sample: '2013-10-20T19:20:30+01:00'
type: str
description:
- Details of the TagNamespace resource acted upon by the current operation
returned: on success
sample:
compartment_id: ocid1.compartment.oc1..xxxxxxEXAMPLExxxxxx
defined_tags:
Operations:
CostCenter: US
description: description_example
freeform_tags:
Department: Finance
id: ocid1.resource.oc1..xxxxxxEXAMPLExxxxxx
is_retired: true
lifecycle_state: ACTIVE
locks:
- is_active: true
message: message_example
related_resource_id: ocid1.relatedresource.oc1..xxxxxxEXAMPLExxxxxx
time_created: '2013-10-20T19:20:30+01:00'
type: FULL
name: name_example
time_created: '2013-10-20T19:20:30+01:00'
type: complex