Try SpotterFetches details about one or multiple IpSecConnectionTunnel resources in Oracle Cloud Infrastructure
| "added in version" 2.9.0 of oracle.oci"
Authors: Oracle (@oracle)
preview | supported by community
Install with ansible-galaxy collection install oracle.oci:==5.0.0
collections:
- name: oracle.oci
version: 5.0.0Fetches details about one or multiple IpSecConnectionTunnel resources in Oracle Cloud Infrastructure
Lists the tunnel information for the specified IPSec connection.
If I(tunnel_id) is specified, the details of a single IpSecConnectionTunnel will be returned.
- name: Get a specific ip_sec_connection_tunnel
oci_network_ip_sec_connection_tunnel_facts:
# required
tunnel_id: "ocid1.tunnel.oc1..xxxxxxEXAMPLExxxxxx"
ipsc_id: "ocid1.ipsc.oc1..xxxxxxEXAMPLExxxxxx"
- name: List ip_sec_connection_tunnels
oci_network_ip_sec_connection_tunnel_facts:
# required
ipsc_id: "ocid1.ipsc.oc1..xxxxxxEXAMPLExxxxxx"
region:
description:
- The Oracle Cloud Infrastructure region to use for all OCI API requests. If not set,
then the value of the OCI_REGION variable, if any, is used. This option is required
if the region is not specified through a configuration file (See C(config_file_location)).
Please refer to U(https://docs.us-phoenix-1.oraclecloud.com/Content/General/Concepts/regions.htm)
for more information on OCI regions.
type: str
ipsc_id:
description:
- The L(OCID,https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm)
of the IPSec connection.
required: true
type: str
tenancy:
description:
- OCID of your tenancy. If not set, then the value of the OCI_TENANCY variable, if
any, is used. This option is required if the tenancy OCID is not specified through
a configuration file (See C(config_file_location)). To get the tenancy OCID, please
refer U(https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm)
type: str
api_user:
description:
- The OCID of the user, on whose behalf, OCI APIs are invoked. If not set, then the
value of the OCI_USER_ID environment variable, if any, is used. This option is required
if the user is not specified through a configuration file (See C(config_file_location)).
To get the user's OCID, please refer U(https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm).
type: str
auth_type:
choices:
- api_key
- instance_principal
- instance_obo_user
- resource_principal
- security_token
default: api_key
description:
- The type of authentication to use for making API requests. By default C(auth_type="api_key")
based authentication is performed and the API key (see I(api_user_key_file)) in
your config file will be used. If this 'auth_type' module option is not specified,
the value of the OCI_ANSIBLE_AUTH_TYPE, if any, is used. Use C(auth_type="instance_principal")
to use instance principal based authentication when running ansible playbooks within
an OCI compute instance.
type: str
tunnel_id:
aliases:
- id
description:
- The L(OCID,https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm)
of the tunnel.
- Required to get a specific ip_sec_connection_tunnel.
type: str
cert_bundle:
description:
- The full path to a CA certificate bundle to be used for SSL verification. This will
override the default CA certificate bundle. If not set, then the value of the OCI_ANSIBLE_CERT_BUNDLE
variable, if any, is used.
type: str
auth_purpose:
choices:
- service_principal
description:
- The auth purpose which can be used in conjunction with 'auth_type=instance_principal'.
The default auth_purpose for instance_principal is None.
type: str
display_name:
description: Use I(display_name) along with the other options to return only resources
that match the given display name exactly.
type: str
api_user_key_file:
description:
- Full path and filename of the private key (in PEM format). If not set, then the
value of the OCI_USER_KEY_FILE variable, if any, is used. This option is required
if the private key is not specified through a configuration file (See C(config_file_location)).
If the key is encrypted with a pass-phrase, the C(api_user_key_pass_phrase) option
must also be provided.
type: str
config_profile_name:
description:
- The profile to load from the config file referenced by C(config_file_location).
If not set, then the value of the OCI_CONFIG_PROFILE environment variable, if any,
is used. Otherwise, defaults to the "DEFAULT" profile in C(config_file_location).
type: str
api_user_fingerprint:
description:
- Fingerprint for the key pair being used. If not set, then the value of the OCI_USER_FINGERPRINT
environment variable, if any, is used. This option is required if the key fingerprint
is not specified through a configuration file (See C(config_file_location)). To
get the key pair's fingerprint value please refer U(https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm).
type: str
config_file_location:
description:
- Path to configuration file. If not set then the value of the OCI_CONFIG_FILE environment
variable, if any, is used. Otherwise, defaults to ~/.oci/config.
type: str
api_user_key_pass_phrase:
description:
- Passphrase used by the key referenced in C(api_user_key_file), if it is encrypted.
If not set, then the value of the OCI_USER_KEY_PASS_PHRASE variable, if any, is
used. This option is required if the key passphrase is not specified through a configuration
file (See C(config_file_location)).
type: str
realm_specific_endpoint_template_enabled:
description:
- Enable/Disable realm specific endpoint template for service client. By Default,
realm specific endpoint template is disabled. If not set, then the value of the
OCI_REALM_SPECIFIC_SERVICE_ENDPOINT_TEMPLATE_ENABLED variable, if any, is used.
type: bool
ip_sec_connection_tunnels:
contains:
bgp_session_info:
contains:
bgp_ipv6_state:
description:
- The state of the BGP IPv6 session.
returned: on success
sample: UP
type: str
bgp_state:
description:
- The state of the BGP session.
returned: on success
sample: UP
type: str
customer_bgp_asn:
description:
- If the tunnel's `routing` attribute is set to `BGP` (see L(IPSecConnectionTunnel,https://docs.cloud.oracle.com/en-us/iaas/api/#/en/iaas/latest/IPSecConnectionTunnel/)),
this ASN is required and used for the tunnel's BGP session. This is the
ASN of the network on the CPE end of the BGP session. Can be a 2-byte
or 4-byte ASN. Uses "asplain" format.
- If the tunnel uses static routing, the `customerBgpAsn` must be null.
- 'Example: `12345` (2-byte) or `1587232876` (4-byte)'
returned: on success
sample: customer_bgp_asn_example
type: str
customer_interface_ip:
description:
- The IP address for the CPE end of the inside tunnel interface.
- If the tunnel's `routing` attribute is set to `BGP` (see L(IPSecConnectionTunnel,https://docs.cloud.oracle.com/en-us/iaas/api/#/en/iaas/latest/IPSecConnectionTunnel/)),
this IP address is required and used for the tunnel's BGP session.
- If `routing` is instead set to `STATIC`, this IP address is optional.
You can set this IP address so you can troubleshoot or monitor the tunnel.
- The value must be a /30 or /31.
- 'Example: `10.0.0.5/31`'
returned: on success
sample: customer_interface_ip_example
type: str
customer_interface_ipv6:
description:
- The IPv6 address for the CPE end of the inside tunnel interface. This
IP address is optional.
- If the tunnel's `routing` attribute is set to `BGP` (see L(IPSecConnectionTunnel,https://docs.cloud.oracle.com/en-us/iaas/api/#/en/iaas/latest/IPSecConnectionTunnel/)),
this IP address is used for the tunnel's BGP session.
- If `routing` is instead set to `STATIC`, you can set this IP address to
troubleshoot or monitor the tunnel.
- Only subnet masks from /64 up to /127 are allowed.
- 'Example: `2001:db8::1/64`'
returned: on success
sample: customer_interface_ipv6_example
type: str
oracle_bgp_asn:
description:
- The Oracle BGP ASN.
returned: on success
sample: oracle_bgp_asn_example
type: str
oracle_interface_ip:
description:
- The IP address for the Oracle end of the inside tunnel interface.
- If the tunnel's `routing` attribute is set to `BGP` (see L(IPSecConnectionTunnel,https://docs.cloud.oracle.com/en-us/iaas/api/#/en/iaas/latest/IPSecConnectionTunnel/)),
this IP address is required and used for the tunnel's BGP session.
- If `routing` is instead set to `STATIC`, this IP address is optional.
You can set this IP address so you can troubleshoot or monitor the tunnel.
- The value must be a /30 or /31.
- 'Example: `10.0.0.4/31`'
returned: on success
sample: oracle_interface_ip_example
type: str
oracle_interface_ipv6:
description:
- The IPv6 address for the Oracle end of the inside tunnel interface. This
IP address is optional.
- If the tunnel's `routing` attribute is set to `BGP` (see L(IPSecConnectionTunnel,https://docs.cloud.oracle.com/en-us/iaas/api/#/en/iaas/latest/IPSecConnectionTunnel/)),
this IP address is used for the tunnel's BGP session.
- If `routing` is instead set to `STATIC`, you can set this IP address to
troubleshoot or monitor the tunnel.
- Only subnet masks from /64 up to /127 are allowed.
- 'Example: `2001:db8::1/64`'
returned: on success
sample: oracle_interface_ipv6_example
type: str
description:
- ''
returned: on success
type: complex
compartment_id:
description:
- The L(OCID,https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm)
of the compartment containing the tunnel.
returned: on success
sample: ocid1.compartment.oc1..xxxxxxEXAMPLExxxxxx
type: str
cpe_ip:
description:
- The IP address of the CPE device's VPN headend.
- 'Example: `203.0.113.22`'
returned: on success
sample: cpe_ip_example
type: str
display_name:
description:
- A user-friendly name. Does not have to be unique, and it's changeable. Avoid
entering confidential information.
returned: on success
sample: display_name_example
type: str
dpd_mode:
description:
- Dead peer detection (DPD) mode set on the Oracle side of the connection. This
mode sets whether Oracle can only respond to a request from the CPE device
to start DPD, or both respond to and initiate requests.
returned: on success
sample: INITIATE_AND_RESPOND
type: str
dpd_timeout_in_sec:
description:
- DPD timeout in seconds.
returned: on success
sample: 56
type: int
encryption_domain_config:
contains:
cpe_traffic_selector:
description:
- Lists IPv4 or IPv6-enabled subnets in your on-premises network.
returned: on success
sample: []
type: list
oracle_traffic_selector:
description:
- Lists IPv4 or IPv6-enabled subnets in your Oracle tenancy.
returned: on success
sample: []
type: list
description:
- ''
returned: on success
type: complex
id:
description:
- The L(OCID,https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm)
of the tunnel.
returned: on success
sample: ocid1.resource.oc1..xxxxxxEXAMPLExxxxxx
type: str
ike_version:
description:
- Internet Key Exchange protocol version.
returned: on success
sample: V1
type: str
lifecycle_state:
description:
- The tunnel's lifecycle state.
returned: on success
sample: PROVISIONING
type: str
nat_translation_enabled:
description:
- By default (the `AUTO` setting), IKE sends packets with a source and destination
port set to 500, and when it detects that the port used to forward packets
has changed (most likely because a NAT device is between the CPE device and
the Oracle VPN headend) it will try to negotiate the use of NAT-T.
- The `ENABLED` option sets the IKE protocol to use port 4500 instead of 500
and forces encapsulating traffic with the ESP protocol inside UDP packets.
- The `DISABLED` option directs IKE to completely refuse to negotiate NAT-T
even if it senses there may be a NAT device in use.
- .
returned: on success
sample: ENABLED
type: str
oracle_can_initiate:
description:
- Indicates whether Oracle can only respond to a request to start an IPSec tunnel
from the CPE device, or both respond to and initiate requests.
returned: on success
sample: INITIATOR_OR_RESPONDER
type: str
phase_one_details:
contains:
custom_authentication_algorithm:
description:
- The proposed custom authentication algorithm.
returned: on success
sample: custom_authentication_algorithm_example
type: str
custom_dh_group:
description:
- The proposed custom Diffie-Hellman group.
returned: on success
sample: custom_dh_group_example
type: str
custom_encryption_algorithm:
description:
- The proposed custom encryption algorithm.
returned: on success
sample: custom_encryption_algorithm_example
type: str
is_custom_phase_one_config:
description:
- Indicates whether custom phase one configuration is enabled. If this option
is not enabled, default settings are proposed.
returned: on success
sample: true
type: bool
is_ike_established:
description:
- Indicates whether IKE phase one is established.
returned: on success
sample: true
type: bool
lifetime:
description:
- The total configured lifetime of the IKE security association.
returned: on success
sample: 56
type: int
negotiated_authentication_algorithm:
description:
- The negotiated authentication algorithm.
returned: on success
sample: negotiated_authentication_algorithm_example
type: str
negotiated_dh_group:
description:
- The negotiated Diffie-Hellman group.
returned: on success
sample: negotiated_dh_group_example
type: str
negotiated_encryption_algorithm:
description:
- The negotiated encryption algorithm.
returned: on success
sample: negotiated_encryption_algorithm_example
type: str
remaining_lifetime:
description:
- The remaining lifetime before the key is refreshed.
returned: on success
sample: 56
type: int
remaining_lifetime_last_retrieved:
description:
- The date and time we retrieved the remaining lifetime, in the format defined
by L(RFC3339,https://tools.ietf.org/html/rfc3339).
- 'Example: `2016-08-25T21:10:29.600Z`'
returned: on success
sample: '2013-10-20T19:20:30+01:00'
type: str
description:
- ''
returned: on success
type: complex
phase_two_details:
contains:
custom_authentication_algorithm:
description:
- Phase two authentication algorithm proposed during tunnel negotiation.
returned: on success
sample: custom_authentication_algorithm_example
type: str
custom_encryption_algorithm:
description:
- The proposed custom phase two encryption algorithm.
returned: on success
sample: custom_encryption_algorithm_example
type: str
dh_group:
description:
- The proposed Diffie-Hellman group.
returned: on success
sample: dh_group_example
type: str
is_custom_phase_two_config:
description:
- Indicates whether custom phase two configuration is enabled. If this option
is not enabled, default settings are proposed.
returned: on success
sample: true
type: bool
is_esp_established:
description:
- Indicates that ESP phase two is established.
returned: on success
sample: true
type: bool
is_pfs_enabled:
description:
- Indicates that PFS (perfect forward secrecy) is enabled.
returned: on success
sample: true
type: bool
lifetime:
description:
- The total configured lifetime of the IKE security association.
returned: on success
sample: 56
type: int
negotiated_authentication_algorithm:
description:
- The negotiated phase two authentication algorithm.
returned: on success
sample: negotiated_authentication_algorithm_example
type: str
negotiated_dh_group:
description:
- The negotiated Diffie-Hellman group.
returned: on success
sample: negotiated_dh_group_example
type: str
negotiated_encryption_algorithm:
description:
- The negotiated encryption algorithm.
returned: on success
sample: negotiated_encryption_algorithm_example
type: str
remaining_lifetime:
description:
- The remaining lifetime before the key is refreshed.
returned: on success
sample: 56
type: int
remaining_lifetime_last_retrieved:
description:
- The date and time the remaining lifetime was last retrieved, in the format
defined by L(RFC3339,https://tools.ietf.org/html/rfc3339).
- 'Example: `2016-08-25T21:10:29.600Z`'
returned: on success
sample: '2013-10-20T19:20:30+01:00'
type: str
description:
- ''
returned: on success
type: complex
routing:
description:
- The type of routing used for this tunnel (BGP dynamic routing, static routing,
or policy-based routing).
returned: on success
sample: BGP
type: str
status:
description:
- The status of the tunnel based on IPSec protocol characteristics.
returned: on success
sample: UP
type: str
time_created:
description:
- The date and time the IPSec tunnel was created, in the format defined by L(RFC3339,https://tools.ietf.org/html/rfc3339).
- 'Example: `2016-08-25T21:10:29.600Z`'
returned: on success
sample: '2013-10-20T19:20:30+01:00'
type: str
time_status_updated:
description:
- When the status of the IPSec tunnel last changed, in the format defined by
L(RFC3339,https://tools.ietf.org/html/rfc3339).
- 'Example: `2016-08-25T21:10:29.600Z`'
returned: on success
sample: '2013-10-20T19:20:30+01:00'
type: str
vpn_ip:
description:
- The IP address of the Oracle VPN headend for the connection.
- 'Example: `203.0.113.21`'
returned: on success
sample: vpn_ip_example
type: str
description:
- List of IpSecConnectionTunnel resources
returned: on success
sample:
- bgp_session_info:
bgp_ipv6_state: UP
bgp_state: UP
customer_bgp_asn: customer_bgp_asn_example
customer_interface_ip: customer_interface_ip_example
customer_interface_ipv6: customer_interface_ipv6_example
oracle_bgp_asn: oracle_bgp_asn_example
oracle_interface_ip: oracle_interface_ip_example
oracle_interface_ipv6: oracle_interface_ipv6_example
compartment_id: ocid1.compartment.oc1..xxxxxxEXAMPLExxxxxx
cpe_ip: cpe_ip_example
display_name: display_name_example
dpd_mode: INITIATE_AND_RESPOND
dpd_timeout_in_sec: 56
encryption_domain_config:
cpe_traffic_selector: []
oracle_traffic_selector: []
id: ocid1.resource.oc1..xxxxxxEXAMPLExxxxxx
ike_version: V1
lifecycle_state: PROVISIONING
nat_translation_enabled: ENABLED
oracle_can_initiate: INITIATOR_OR_RESPONDER
phase_one_details:
custom_authentication_algorithm: custom_authentication_algorithm_example
custom_dh_group: custom_dh_group_example
custom_encryption_algorithm: custom_encryption_algorithm_example
is_custom_phase_one_config: true
is_ike_established: true
lifetime: 56
negotiated_authentication_algorithm: negotiated_authentication_algorithm_example
negotiated_dh_group: negotiated_dh_group_example
negotiated_encryption_algorithm: negotiated_encryption_algorithm_example
remaining_lifetime: 56
remaining_lifetime_last_retrieved: '2013-10-20T19:20:30+01:00'
phase_two_details:
custom_authentication_algorithm: custom_authentication_algorithm_example
custom_encryption_algorithm: custom_encryption_algorithm_example
dh_group: dh_group_example
is_custom_phase_two_config: true
is_esp_established: true
is_pfs_enabled: true
lifetime: 56
negotiated_authentication_algorithm: negotiated_authentication_algorithm_example
negotiated_dh_group: negotiated_dh_group_example
negotiated_encryption_algorithm: negotiated_encryption_algorithm_example
remaining_lifetime: 56
remaining_lifetime_last_retrieved: '2013-10-20T19:20:30+01:00'
routing: BGP
status: UP
time_created: '2013-10-20T19:20:30+01:00'
time_status_updated: '2013-10-20T19:20:30+01:00'
vpn_ip: vpn_ip_example
type: complex