Try SpotterPerform actions on an Object resource in Oracle Cloud Infrastructure
| "added in version" 2.9.0 of oracle.oci"
Authors: Oracle (@oracle)
preview | supported by community
Install with ansible-galaxy collection install oracle.oci:==5.0.0
collections:
- name: oracle.oci
version: 5.0.0Perform actions on an Object resource in Oracle Cloud Infrastructure
For I(action=copy), creates a request to copy an object within a region or to another region. See L(Object Names,https://docs.cloud.oracle.com/Content/Object/Tasks/managingobjects.htm#namerequirements) for object naming requirements.
For I(action=reencrypt), re-encrypts the data encryption keys that encrypt the object and its chunks. By default, when you create a bucket, the Object Storage service manages the master encryption key used to encrypt each object's data encryption keys. The encryption mechanism that you specify for the bucket applies to the objects it contains. You can alternatively employ one of these encryption strategies for an object: - You can assign a key that you created and control through the Oracle Cloud Infrastructure Vault service. - You can encrypt an object using your own encryption key. The key you supply is known as a customer-provided encryption key (SSE-C).
For I(action=rename), rename an object in the given Object Storage namespace. See L(Object Names,https://docs.cloud.oracle.com/Content/Object/Tasks/managingobjects.htm#namerequirements) for object naming requirements.
For I(action=restore), restores one or more objects specified by the objectName parameter. By default objects will be restored for 24 hours. Duration can be configured using the hours parameter.
For I(action=update_object_storage_tier), changes the storage tier of the object specified by the objectName parameter.
- name: Perform action copy on object
oci_object_storage_object_actions:
# required
source_object_name: source_object_name_example
destination_region: us-phoenix-1
destination_namespace: destination_namespace_example
destination_bucket: destination_bucket_example
destination_object_name: destination_object_name_example
namespace_name: namespace_name_example
bucket_name: bucket_name_example
action: copy
# optional
source_object_if_match_e_tag: source_object_if_match_e_tag_example
source_version_id: "ocid1.sourceversion.oc1..xxxxxxEXAMPLExxxxxx"
destination_object_if_match_e_tag: destination_object_if_match_e_tag_example
destination_object_if_none_match_e_tag: destination_object_if_none_match_e_tag_example
destination_object_metadata: null
destination_object_storage_tier: Standard
opc_sse_customer_algorithm: opc_sse_customer_algorithm_example
opc_sse_customer_key: opc_sse_customer_key_example
opc_sse_customer_key_sha256: opc_sse_customer_key_sha256_example
opc_source_sse_customer_algorithm: opc_source_sse_customer_algorithm_example
opc_source_sse_customer_key: opc_source_sse_customer_key_example
opc_source_sse_customer_key_sha256: opc_source_sse_customer_key_sha256_example
opc_sse_kms_key_id: "ocid1.opcssekmskey.oc1..xxxxxxEXAMPLExxxxxx"
- name: Perform action reencrypt on object
oci_object_storage_object_actions:
# required
namespace_name: namespace_name_example
bucket_name: bucket_name_example
object_name: object_name_example
action: reencrypt
# optional
kms_key_id: "ocid1.kmskey.oc1..xxxxxxEXAMPLExxxxxx"
sse_customer_key:
# required
algorithm: AES256
key: key_example
key_sha256: key_sha256_example
source_sse_customer_key:
# required
algorithm: AES256
key: key_example
key_sha256: key_sha256_example
version_id: "ocid1.version.oc1..xxxxxxEXAMPLExxxxxx"
- name: Perform action rename on object
oci_object_storage_object_actions:
# required
source_name: source_name_example
new_name: new_name_example
namespace_name: namespace_name_example
bucket_name: bucket_name_example
action: rename
# optional
src_obj_if_match_e_tag: src_obj_if_match_e_tag_example
new_obj_if_match_e_tag: new_obj_if_match_e_tag_example
new_obj_if_none_match_e_tag: new_obj_if_none_match_e_tag_example
- name: Perform action restore on object
oci_object_storage_object_actions:
# required
namespace_name: namespace_name_example
bucket_name: bucket_name_example
object_name: object_name_example
action: restore
# optional
hours: 56
version_id: "ocid1.version.oc1..xxxxxxEXAMPLExxxxxx"
- name: Perform action update_object_storage_tier on object
oci_object_storage_object_actions:
# required
namespace_name: namespace_name_example
bucket_name: bucket_name_example
object_name: object_name_example
storage_tier: Standard
action: update_object_storage_tier
# optional
version_id: "ocid1.version.oc1..xxxxxxEXAMPLExxxxxx"
wait:
default: true
description: Whether to wait for create or delete operation to complete.
type: bool
hours:
description:
- The number of hours for which this object will be restored. By default objects will
be restored for 24 hours. You can instead configure the duration using the hours
parameter.
- Applicable only for I(action=restore).
type: int
action:
choices:
- copy
- reencrypt
- rename
- restore
- update_object_storage_tier
description:
- The action to perform on the Object.
required: true
type: str
region:
description:
- The Oracle Cloud Infrastructure region to use for all OCI API requests. If not set,
then the value of the OCI_REGION variable, if any, is used. This option is required
if the region is not specified through a configuration file (See C(config_file_location)).
Please refer to U(https://docs.us-phoenix-1.oraclecloud.com/Content/General/Concepts/regions.htm)
for more information on OCI regions.
type: str
tenancy:
description:
- OCID of your tenancy. If not set, then the value of the OCI_TENANCY variable, if
any, is used. This option is required if the tenancy OCID is not specified through
a configuration file (See C(config_file_location)). To get the tenancy OCID, please
refer U(https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm)
type: str
api_user:
description:
- The OCID of the user, on whose behalf, OCI APIs are invoked. If not set, then the
value of the OCI_USER_ID environment variable, if any, is used. This option is required
if the user is not specified through a configuration file (See C(config_file_location)).
To get the user's OCID, please refer U(https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm).
type: str
new_name:
description:
- The new name of the source object. Avoid entering confidential information.
- Required for I(action=rename).
type: str
auth_type:
choices:
- api_key
- instance_principal
- instance_obo_user
- resource_principal
- security_token
default: api_key
description:
- The type of authentication to use for making API requests. By default C(auth_type="api_key")
based authentication is performed and the API key (see I(api_user_key_file)) in
your config file will be used. If this 'auth_type' module option is not specified,
the value of the OCI_ANSIBLE_AUTH_TYPE, if any, is used. Use C(auth_type="instance_principal")
to use instance principal based authentication when running ansible playbooks within
an OCI compute instance.
type: str
kms_key_id:
description:
- The L(OCID,https://docs.cloud.oracle.com/Content/General/Concepts/identifiers.htm)
of the master encryption key used to call the Vault service to re-encrypt the data
encryption keys associated with the object and its chunks. If the kmsKeyId value
is empty, whether null or an empty string, the API will perform re-encryption by
using the kmsKeyId associated with the bucket or the master encryption key managed
by Oracle, depending on the bucket encryption mechanism.
- Applicable only for I(action=reencrypt).
type: str
version_id:
description:
- VersionId used to identify a particular version of the object
- Applicable only for I(action=reencrypt)I(action=restore)I(action=update_object_storage_tier).
type: str
bucket_name:
description:
- 'The name of the bucket. Avoid entering confidential information. Example: `my-new-bucket1`'
required: true
type: str
cert_bundle:
description:
- The full path to a CA certificate bundle to be used for SSL verification. This will
override the default CA certificate bundle. If not set, then the value of the OCI_ANSIBLE_CERT_BUNDLE
variable, if any, is used.
type: str
object_name:
description:
- 'The name of the object. Avoid entering confidential information. Example: `test/object1.log`'
- Required for I(action=reencrypt), I(action=restore), I(action=update_object_storage_tier).
type: str
source_name:
description:
- The name of the source object to be renamed.
- Required for I(action=rename).
type: str
auth_purpose:
choices:
- service_principal
description:
- The auth purpose which can be used in conjunction with 'auth_type=instance_principal'.
The default auth_purpose for instance_principal is None.
type: str
storage_tier:
choices:
- Standard
- InfrequentAccess
- Archive
description:
- The storage tier that the object should be moved to.
- Required for I(action=update_object_storage_tier).
type: str
wait_timeout:
description: Time, in seconds, to wait when I(wait=yes). Defaults to 1200 for most
of the services but some services might have a longer wait timeout.
type: int
namespace_name:
description:
- The Object Storage namespace used for the request.
required: true
type: str
sse_customer_key:
description:
- ''
- Applicable only for I(action=reencrypt).
suboptions:
algorithm:
choices:
- AES256
description:
- Specifies the encryption algorithm. The only supported value is "AES256".
required: true
type: str
key:
description:
- Specifies the base64-encoded 256-bit encryption key to use to encrypt or decrypt
the object data.
required: true
type: str
key_sha256:
description:
- Specifies the base64-encoded SHA256 hash of the encryption key. This value is
used to check the integrity of the encryption key.
required: true
type: str
type: dict
api_user_key_file:
description:
- Full path and filename of the private key (in PEM format). If not set, then the
value of the OCI_USER_KEY_FILE variable, if any, is used. This option is required
if the private key is not specified through a configuration file (See C(config_file_location)).
If the key is encrypted with a pass-phrase, the C(api_user_key_pass_phrase) option
must also be provided.
type: str
source_version_id:
description:
- VersionId of the object to copy. If not provided then current version is copied
by default.
- Applicable only for I(action=copy).
type: str
destination_bucket:
description:
- The destination bucket the object will be copied to.
- Required for I(action=copy).
type: str
destination_region:
description:
- The destination region the object will be copied to, for example "us-ashburn-1".
- Required for I(action=copy).
type: str
opc_sse_kms_key_id:
description:
- The L(OCID,https://docs.cloud.oracle.com/Content/General/Concepts/identifiers.htm)
of a master encryption key used to call the Key Management service to generate a
data encryption key or to encrypt or decrypt a data encryption key.
- Applicable only for I(action=copy).
type: str
source_object_name:
description:
- The name of the object to be copied.
- Required for I(action=copy).
type: str
config_profile_name:
description:
- The profile to load from the config file referenced by C(config_file_location).
If not set, then the value of the OCI_CONFIG_PROFILE environment variable, if any,
is used. Otherwise, defaults to the "DEFAULT" profile in C(config_file_location).
type: str
api_user_fingerprint:
description:
- Fingerprint for the key pair being used. If not set, then the value of the OCI_USER_FINGERPRINT
environment variable, if any, is used. This option is required if the key fingerprint
is not specified through a configuration file (See C(config_file_location)). To
get the key pair's fingerprint value please refer U(https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm).
type: str
config_file_location:
description:
- Path to configuration file. If not set then the value of the OCI_CONFIG_FILE environment
variable, if any, is used. Otherwise, defaults to ~/.oci/config.
type: str
opc_sse_customer_key:
description:
- The optional header that specifies the base64-encoded 256-bit encryption key to
use to encrypt or decrypt the data. For more information, see L(Using Your Own Keys
for Server-Side Encryption,https://docs.cloud.oracle.com/Content/Object/Tasks/usingyourencryptionkeys.htm).
- Applicable only for I(action=copy).
type: str
destination_namespace:
description:
- The destination Object Storage namespace the object will be copied to.
- Required for I(action=copy).
type: str
new_obj_if_match_e_tag:
description:
- The if-match entity tag (ETag) of the new object.
- Applicable only for I(action=rename).
type: str
src_obj_if_match_e_tag:
description:
- The if-match entity tag (ETag) of the source object.
- Applicable only for I(action=rename).
type: str
destination_object_name:
description:
- The name of the destination object resulting from the copy operation. Avoid entering
confidential information.
- Required for I(action=copy).
type: str
source_sse_customer_key:
description:
- ''
- Applicable only for I(action=reencrypt).
suboptions:
algorithm:
choices:
- AES256
description:
- Specifies the encryption algorithm. The only supported value is "AES256".
required: true
type: str
key:
description:
- Specifies the base64-encoded 256-bit encryption key to use to encrypt or decrypt
the object data.
required: true
type: str
key_sha256:
description:
- Specifies the base64-encoded SHA256 hash of the encryption key. This value is
used to check the integrity of the encryption key.
required: true
type: str
type: dict
api_user_key_pass_phrase:
description:
- Passphrase used by the key referenced in C(api_user_key_file), if it is encrypted.
If not set, then the value of the OCI_USER_KEY_PASS_PHRASE variable, if any, is
used. This option is required if the key passphrase is not specified through a configuration
file (See C(config_file_location)).
type: str
opc_sse_customer_algorithm:
description:
- The optional header that specifies "AES256" as the encryption algorithm. For more
information, see L(Using Your Own Keys for Server-Side Encryption,https://docs.cloud.oracle.com/Content/Object/Tasks/usingyourencryptionkeys.htm).
- Applicable only for I(action=copy).
type: str
destination_object_metadata:
description:
- Arbitrary string keys and values for the user-defined metadata for the object. Keys
must be in "opc-meta-*" format. Avoid entering confidential information. Metadata
key-value pairs entered in this field are assigned to the destination object. If
you enter no metadata values, the destination object will inherit any existing metadata
values associated with the source object.
- Applicable only for I(action=copy).
type: dict
new_obj_if_none_match_e_tag:
description:
- The if-none-match entity tag (ETag) of the new object. The only valid value is '*',
which indicates request should fail if the new object already exists.
- Applicable only for I(action=rename).
type: str
opc_source_sse_customer_key:
description:
- The optional header that specifies the base64-encoded 256-bit encryption key to
use to decrypt the source object. For more information, see L(Using Your Own Keys
for Server-Side Encryption,https://docs.cloud.oracle.com/Content/Object/Tasks/usingyourencryptionkeys.htm).
- Applicable only for I(action=copy).
type: str
opc_sse_customer_key_sha256:
description:
- The optional header that specifies the base64-encoded SHA256 hash of the encryption
key. This value is used to check the integrity of the encryption key. For more information,
see L(Using Your Own Keys for Server-Side Encryption,https://docs.cloud.oracle.com/Content/Object/Tasks/usingyourencryptionkeys.htm).
- Applicable only for I(action=copy).
type: str
source_object_if_match_e_tag:
description:
- The entity tag (ETag) to match against that of the source object. Used to confirm
that the source object with a given name is the version of that object storing a
specified ETag.
- Applicable only for I(action=copy).
type: str
destination_object_storage_tier:
choices:
- Standard
- InfrequentAccess
- Archive
description:
- The storage tier that the object should be stored in. If not specified, the object
will be stored in the same storage tier as the bucket.
- Applicable only for I(action=copy).
type: str
destination_object_if_match_e_tag:
description:
- The entity tag (ETag) to match against that of the destination object (an object
intended to be overwritten). Used to confirm that the destination object stored
under a given name is the version of that object storing a specified entity tag.
- Applicable only for I(action=copy).
type: str
opc_source_sse_customer_algorithm:
description:
- The optional header that specifies "AES256" as the encryption algorithm to use to
decrypt the source object. For more information, see L(Using Your Own Keys for Server-Side
Encryption,https://docs.cloud.oracle.com/Content/Object/Tasks/usingyourencryptionkeys.htm).
- Applicable only for I(action=copy).
type: str
opc_source_sse_customer_key_sha256:
description:
- The optional header that specifies the base64-encoded SHA256 hash of the encryption
key used to decrypt the source object. This value is used to check the integrity
of the encryption key. For more information, see L(Using Your Own Keys for Server-Side
Encryption,https://docs.cloud.oracle.com/Content/Object/Tasks/usingyourencryptionkeys.htm).
- Applicable only for I(action=copy).
type: str
destination_object_if_none_match_e_tag:
description:
- The entity tag (ETag) to avoid matching. The only valid value is '*', which indicates
that the request should fail if the object already exists in the destination bucket.
- Applicable only for I(action=copy).
type: str
realm_specific_endpoint_template_enabled:
description:
- Enable/Disable realm specific endpoint template for service client. By Default,
realm specific endpoint template is disabled. If not set, then the value of the
OCI_REALM_SPECIFIC_SERVICE_ENDPOINT_TEMPLATE_ENABLED variable, if any, is used.
type: bool
object:
contains:
archival_state:
description:
- Archival state of an object. This field is set only for objects in Archive
tier.
returned: on success
sample: Archived
type: str
etag:
description:
- The current entity tag (ETag) for the object.
returned: on success
sample: etag_example
type: str
headers:
description:
- response headers for the object
returned: on success
sample:
Content-Length: '37'
opc-meta-key1: value1
type: dict
md5:
description:
- Base64-encoded MD5 hash of the object data.
returned: on success
sample: md5_example
type: str
name:
description:
- 'The name of the object. Avoid entering confidential information. Example:
test/object1.log'
returned: on success
sample: name_example
type: str
size:
description:
- Size of the object in bytes.
returned: on success
sample: 56
type: int
storage_tier:
description:
- The storage tier that the object is stored in.
returned: on success
sample: Standard
type: str
time_created:
description:
- The date and time the object was created, as described in L(RFC 2616,https://tools.ietf.org/html/rfc2616#section-14.29).
returned: on success
sample: '2013-10-20T19:20:30+01:00'
type: str
time_modified:
description:
- The date and time the object was modified, as described in L(RFC 2616,https://tools.ietf.org/rfc/rfc2616),
section 14.29.
returned: on success
sample: '2013-10-20T19:20:30+01:00'
type: str
description:
- Details of the Object resource acted upon by the current operation
returned: on success
sample:
archival_state: Archived
etag: etag_example
headers:
Content-Length: '37'
opc-meta-key1: value1
md5: md5_example
name: name_example
size: 56
storage_tier: Standard
time_created: '2013-10-20T19:20:30+01:00'
time_modified: '2013-10-20T19:20:30+01:00'
type: complex