datasafe.oracle.com/v1beta1¶
APIVersion: datasafe.oracle.com/v1beta1
This content is generated from the checked-in CRD schemas in config/crd/bases/. If a description is missing or incorrect, fix the source comments or generator inputs and rerun make generate manifests; do not hand-edit config/crd/bases/*.yaml.
Packages¶
No customer-visible package currently exposes datasafe.oracle.com/v1beta1.
Resources¶
AlertPolicy¶
AlertPolicy is the Schema for the alertpolicies API.
Plural:alertpoliciesScope:NamespacedAPIVersion:datasafe.oracle.com/v1beta1Sample: Sample (config/samples/datasafe_v1beta1_alertpolicy.yaml)Packages: Not currently exposed by a customer-visible package.
Spec¶
AlertPolicySpec defines the desired state of AlertPolicy.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
alertPolicyRuleDetails |
The details of the alert policy rule. | list[object] |
No | - | - |
alertPolicyType |
Indicates the Data Safe feature the alert policy belongs to | string |
Yes | - | - |
compartmentId |
The OCID of the compartment where you want to create the alert policy. | string |
Yes | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
description |
The description of the alert policy. | string |
No | - | - |
displayName |
The display name of the alert policy. The name does not have to be unique, and it's changeable. | string |
No | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
severity |
Severity level of the alert raised by this policy. | string |
Yes | - | - |
Spec.alertPolicyRuleDetails[]¶
AlertPolicyRuleDetail defines nested fields for AlertPolicy.AlertPolicyRuleDetail.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
description |
Describes the alert policy rule. | string |
No | - | - |
displayName |
The display name of the alert policy rule. | string |
No | - | - |
expression |
The conditional expression of the alert policy rule which evaluates to boolean value. | string |
Yes | - | - |
Status¶
AlertPolicyStatus defines the observed state of AlertPolicy.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
alertPolicyType |
Indicates the Data Safe feature to which the alert policy belongs. | string |
No | - | - |
compartmentId |
The OCID of the compartment that contains the alert policy. | string |
No | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
description |
The description of the alert policy. | string |
No | - | - |
displayName |
The display name of the alert policy. | string |
No | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
id |
The OCID of the alert policy. | string |
No | - | - |
isUserDefined |
Indicates if the alert policy is user-defined (true) or pre-defined (false). | boolean |
No | - | - |
lifecycleDetails |
Details about the current state of the alert policy. | string |
No | - | - |
lifecycleState |
The current state of the alert. | string |
No | - | - |
severity |
Severity level of the alert raised by this policy. | string |
No | - | - |
status |
- | object |
Yes | - | - |
systemTags |
System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"orcl-cloud": {"free-tier-retained": "true"}} |
map[string, map[string, string]] |
No | - | - |
timeCreated |
Creation date and time of the alert policy, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). | string |
No | - | - |
timeUpdated |
Last date and time the alert policy was updated, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). | string |
No | - | - |
Status.status¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. | object |
No | - | - |
conditions |
- | list[object] |
No | - | - |
createdAt |
- | string (date-time) |
No | - | - |
deletedAt |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
ocid |
- | string |
No | - | - |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. | string |
No | - | - |
reason |
- | string |
No | - | - |
requestedAt |
- | string (date-time) |
No | - | - |
updatedAt |
- | string (date-time) |
No | - | - |
Status.status.async¶
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
current |
- | object |
No | - | - |
Status.status.async.current¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
message |
- | string |
No | - | - |
normalizedClass |
- | string |
Yes | - | attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- | number |
No | - | - |
phase |
- | string |
Yes | - | create, delete, update |
rawOperationType |
- | string |
No | - | - |
rawStatus |
- | string |
No | - | - |
source |
- | string |
Yes | - | lifecycle, none, workrequest |
updatedAt |
- | string (date-time) |
Yes | - | - |
workRequestId |
- | string |
No | - | - |
Status.status.conditions[]¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
lastTransitionTime |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
reason |
- | string |
No | - | - |
status |
- | string |
Yes | - | - |
type |
- | string |
Yes | - | - |
AlertPolicyRule¶
AlertPolicyRule is the Schema for the alertpolicyrules API.
Plural:alertpolicyrulesScope:NamespacedAPIVersion:datasafe.oracle.com/v1beta1Sample: Sample (config/samples/datasafe_v1beta1_alertpolicyrule.yaml)Packages: Not currently exposed by a customer-visible package.
Spec¶
AlertPolicyRuleSpec defines the desired state of AlertPolicyRule.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
description |
Describes the alert policy rule. | string |
No | - | - |
displayName |
The display name of the alert policy rule. | string |
No | - | - |
expression |
The conditional expression of the alert policy rule which evaluates to boolean value. | string |
Yes | - | - |
Status¶
AlertPolicyRuleStatus defines the observed state of AlertPolicyRule.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
description |
Describes the alert policy rule. | string |
No | - | - |
displayName |
The display name of the alert policy rule. | string |
No | - | - |
expression |
The conditional expression of the alert policy rule which evaluates to boolean value. | string |
No | - | - |
key |
The unique key of the alert policy rule. | string |
No | - | - |
lifecycleState |
The current state of the alert policy rule. | string |
No | - | - |
status |
- | object |
Yes | - | - |
timeCreated |
Creation date and time of the alert policy rule, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). | string |
No | - | - |
Status.status¶
Back to AlertPolicyRule status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. | object |
No | - | - |
conditions |
- | list[object] |
No | - | - |
createdAt |
- | string (date-time) |
No | - | - |
deletedAt |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
ocid |
- | string |
No | - | - |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. | string |
No | - | - |
reason |
- | string |
No | - | - |
requestedAt |
- | string (date-time) |
No | - | - |
updatedAt |
- | string (date-time) |
No | - | - |
Status.status.async¶
Back to AlertPolicyRule status
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
current |
- | object |
No | - | - |
Status.status.async.current¶
Back to AlertPolicyRule status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
message |
- | string |
No | - | - |
normalizedClass |
- | string |
Yes | - | attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- | number |
No | - | - |
phase |
- | string |
Yes | - | create, delete, update |
rawOperationType |
- | string |
No | - | - |
rawStatus |
- | string |
No | - | - |
source |
- | string |
Yes | - | lifecycle, none, workrequest |
updatedAt |
- | string (date-time) |
Yes | - | - |
workRequestId |
- | string |
No | - | - |
Status.status.conditions[]¶
Back to AlertPolicyRule status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
lastTransitionTime |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
reason |
- | string |
No | - | - |
status |
- | string |
Yes | - | - |
type |
- | string |
Yes | - | - |
AttributeSet¶
AttributeSet is the Schema for the attributesets API.
Plural:attributesetsScope:NamespacedAPIVersion:datasafe.oracle.com/v1beta1Sample: Sample (config/samples/datasafe_v1beta1_attributeset.yaml)Packages: Not currently exposed by a customer-visible package.
Spec¶
AttributeSetSpec defines the desired state of AttributeSet.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
attributeSetType |
The type of attribute set. | string |
Yes | - | - |
attributeSetValues |
The list of values in an attribute set | list[string] |
Yes | - | - |
compartmentId |
The OCID of the compartment that contains the attribute set. | string |
Yes | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
description |
Description of the attribute set. | string |
No | - | - |
displayName |
The display name of the attribute set. The name is unique and changeable. | string |
Yes | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
Status¶
AttributeSetStatus defines the observed state of AttributeSet.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
attributeSetType |
The type of attribute set. | string |
No | - | - |
attributeSetValues |
The list of values in an attribute set | list[string] |
No | - | - |
compartmentId |
The OCID of the compartment where the attribute set is stored. | string |
No | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
description |
Description of an attribute set. | string |
No | - | - |
displayName |
The display name of an attribute set. The name does not have to be unique, and is changeable. | string |
No | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
id |
The OCID of an attribute set. | string |
No | - | - |
inUse |
Indicates whether the attribute set is in use by other resource. | string |
No | - | - |
isUserDefined |
A boolean flag indicating to list user defined or seeded attribute sets. | boolean |
No | - | - |
lifecycleState |
The current state of an attribute set. | string |
No | - | - |
status |
- | object |
Yes | - | - |
systemTags |
System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"orcl-cloud": {"free-tier-retained": "true"}} |
map[string, map[string, string]] |
No | - | - |
timeCreated |
The date and time an attribute set was created, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). | string |
No | - | - |
timeUpdated |
The date and time an attribute set was updated, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). | string |
No | - | - |
Status.status¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. | object |
No | - | - |
conditions |
- | list[object] |
No | - | - |
createdAt |
- | string (date-time) |
No | - | - |
deletedAt |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
ocid |
- | string |
No | - | - |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. | string |
No | - | - |
reason |
- | string |
No | - | - |
requestedAt |
- | string (date-time) |
No | - | - |
updatedAt |
- | string (date-time) |
No | - | - |
Status.status.async¶
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
current |
- | object |
No | - | - |
Status.status.async.current¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
message |
- | string |
No | - | - |
normalizedClass |
- | string |
Yes | - | attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- | number |
No | - | - |
phase |
- | string |
Yes | - | create, delete, update |
rawOperationType |
- | string |
No | - | - |
rawStatus |
- | string |
No | - | - |
source |
- | string |
Yes | - | lifecycle, none, workrequest |
updatedAt |
- | string (date-time) |
Yes | - | - |
workRequestId |
- | string |
No | - | - |
Status.status.conditions[]¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
lastTransitionTime |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
reason |
- | string |
No | - | - |
status |
- | string |
Yes | - | - |
type |
- | string |
Yes | - | - |
AuditArchiveRetrieval¶
AuditArchiveRetrieval is the Schema for the auditarchiveretrievals API.
Plural:auditarchiveretrievalsScope:NamespacedAPIVersion:datasafe.oracle.com/v1beta1Sample: Sample (config/samples/datasafe_v1beta1_auditarchiveretrieval.yaml)Packages: Not currently exposed by a customer-visible package.
Spec¶
AuditArchiveRetrievalSpec defines the desired state of AuditArchiveRetrieval.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
compartmentId |
The OCID of the compartment that contains the archival retrieval. | string |
Yes | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
description |
Description of the archive retrieval. | string |
No | - | - |
displayName |
The display name of the archive retrieval. The name does not have to be unique, and is changeable. | string |
No | - | - |
endDate |
End month of the archive retrieval, in the format defined by RFC3339. | string |
Yes | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
startDate |
Start month of the archive retrieval, in the format defined by RFC3339. | string |
Yes | - | - |
targetId |
The OCID of the target associated with the archive retrieval. | string |
Yes | - | - |
Status¶
AuditArchiveRetrievalStatus defines the observed state of AuditArchiveRetrieval.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
auditEventCount |
Total count of audit events to be retrieved from the archive for the specified date range. | integer (int64) |
No | - | - |
compartmentId |
The OCID of the compartment that contains archive retrieval. | string |
No | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
description |
Description of the archive retrieval. | string |
No | - | - |
displayName |
The display name of the archive retrieval. The name does not have to be unique, and is changeable. | string |
No | - | - |
endDate |
End month of the archive retrieval, in the format defined by RFC3339. | string |
No | - | - |
errorInfo |
The Error details of a failed archive retrieval. | string |
No | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
id |
The OCID of the archive retrieval. | string |
No | - | - |
lifecycleDetails |
Details about the current state of the archive retrieval. | string |
No | - | - |
lifecycleState |
The current state of the archive retrieval. | string |
No | - | - |
startDate |
Start month of the archive retrieval, in the format defined by RFC3339. | string |
No | - | - |
status |
- | object |
Yes | - | - |
systemTags |
System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"orcl-cloud": {"free-tier-retained": "true"}} |
map[string, map[string, string]] |
No | - | - |
targetId |
The OCID of the target associated with the archive retrieval. | string |
No | - | - |
timeCompleted |
The date time when archive retrieval request was fulfilled, in the format defined by RFC3339. | string |
No | - | - |
timeOfExpiry |
The date time when retrieved archive data will be deleted from Data Safe and unloaded back into archival. | string |
No | - | - |
timeRequested |
The date time when archive retrieval was requested, in the format defined by RFC3339. | string |
No | - | - |
Status.status¶
Back to AuditArchiveRetrieval status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. | object |
No | - | - |
conditions |
- | list[object] |
No | - | - |
createdAt |
- | string (date-time) |
No | - | - |
deletedAt |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
ocid |
- | string |
No | - | - |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. | string |
No | - | - |
reason |
- | string |
No | - | - |
requestedAt |
- | string (date-time) |
No | - | - |
updatedAt |
- | string (date-time) |
No | - | - |
Status.status.async¶
Back to AuditArchiveRetrieval status
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
current |
- | object |
No | - | - |
Status.status.async.current¶
Back to AuditArchiveRetrieval status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
message |
- | string |
No | - | - |
normalizedClass |
- | string |
Yes | - | attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- | number |
No | - | - |
phase |
- | string |
Yes | - | create, delete, update |
rawOperationType |
- | string |
No | - | - |
rawStatus |
- | string |
No | - | - |
source |
- | string |
Yes | - | lifecycle, none, workrequest |
updatedAt |
- | string (date-time) |
Yes | - | - |
workRequestId |
- | string |
No | - | - |
Status.status.conditions[]¶
Back to AuditArchiveRetrieval status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
lastTransitionTime |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
reason |
- | string |
No | - | - |
status |
- | string |
Yes | - | - |
type |
- | string |
Yes | - | - |
AuditProfile¶
AuditProfile is the Schema for the auditprofiles API.
Plural:auditprofilesScope:NamespacedAPIVersion:datasafe.oracle.com/v1beta1Sample: Sample (config/samples/datasafe_v1beta1_auditprofile.yaml)Packages: Not currently exposed by a customer-visible package.
Spec¶
AuditProfileSpec defines the desired state of AuditProfile.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
compartmentId |
The OCID of the compartment where you want to create the audit profile. | string |
Yes | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
description |
The description of the audit profile. | string |
No | - | - |
displayName |
The display name of the audit profile. The name does not have to be unique, and it's updatable. | string |
No | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
isOverrideGlobalPaidUsage |
Indicates whether audit paid usage settings specified at the target database level override both the global and the target database group level paid usage settings. Enabling paid usage continues the collection of audit records beyond the free limit of one million audit records per month per target database, potentially incurring additional charges. For more information, see Data Safe Price List (https://www.oracle.com/cloud/price-list/#data-safe). | boolean |
No | - | - |
isPaidUsageEnabled |
Indicates if you want to continue collecting audit records beyond the free limit of one million audit records per month per target database, potentially incurring additional charges. The default value is inherited from the global settings. You can change at the global level or at the target level. | boolean |
No | - | - |
offlineMonths |
Number of months the audit records will be stored offline in the offline archive. Minimum: 0; Maximum: 72 months. If you have a requirement to store the audit data even longer in the offline archive, please contact the Oracle Support. | integer |
No | - | - |
onlineMonths |
Number of months the audit records will be stored online in the audit repository for immediate reporting and analysis. Minimum: 1; Maximum: 12 months | integer |
No | - | - |
targetId |
The OCID of the target database or target database group for which the audit profile is created. | string |
Yes | - | - |
targetType |
The resource type that is represented by the audit profile. | string |
Yes | - | - |
Status¶
AuditProfileStatus defines the observed state of AuditProfile.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
auditCollectedVolume |
Number of audit records collected in the current calendar month. Audit records for the Data Safe service account are excluded and are not counted towards your monthly free limit. | integer (int64) |
No | - | - |
auditTrails |
Contains the list of available audit trails on the target database. | list[object] |
No | - | - |
compartmentId |
The OCID of the compartment that contains the audit profile. | string |
No | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
description |
The description of the audit profile. | string |
No | - | - |
displayName |
The display name of the audit profile. | string |
No | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
id |
The OCID of the audit profile. | string |
No | - | - |
isOverrideGlobalPaidUsage |
Indicates whether audit paid usage settings specified at the target database level override both the global settings and the target group level paid usage settings. Enabling paid usage continues the collection of audit records beyond the free limit of one million audit records per month per target database, potentially incurring additional charges. For more information, see Data Safe Price List (https://www.oracle.com/cloud/price-list/#data-safe). | boolean |
No | - | - |
isOverrideGlobalRetentionSetting |
Indicates whether audit retention settings like online and offline months set at the target level override both the global settings and the target group level audit retention settings. | boolean |
No | - | - |
isPaidUsageEnabled |
Indicates if you want to continue collecting audit records beyond the free limit of one million audit records per month per target database, potentially incurring additional charges. The default value is inherited from the global settings. You can change at the global level or at the target level. | boolean |
No | - | - |
lifecycleDetails |
Details about the current state of the audit profile in Data Safe. | string |
No | - | - |
lifecycleState |
The current state of the audit profile. | string |
No | - | - |
offlineMonths |
Number of months the audit records will be stored offline in the offline archive. Minimum: 0; Maximum: 72 months. If you have a requirement to store the audit data even longer in the offline archive, please contact the Oracle Support. | integer |
No | - | - |
offlineMonthsSource |
The name or the OCID of the resource from which the offline month retention setting is sourced. For example, a global setting or a target database group OCID. | string |
No | - | - |
onlineMonths |
Number of months the audit records will be stored online in the audit repository for immediate reporting and analysis. Minimum: 1; Maximum: 12 months | integer |
No | - | - |
onlineMonthsSource |
The name or the OCID of the resource from which the online month retention setting is sourced. For example, a global setting or a target database group OCID. | string |
No | - | - |
paidUsageSource |
The name or the OCID of the resource from which the paid usage setting is sourced. For example, a global setting or a target database group OCID. | string |
No | - | - |
status |
- | object |
Yes | - | - |
systemTags |
System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"orcl-cloud": {"free-tier-retained": "true"}} |
map[string, map[string, string]] |
No | - | - |
targetId |
The OCID of the target database or target database group for which the audit profile is created. | string |
No | - | - |
targetType |
The resource type that is represented by the audit profile. | string |
No | - | - |
timeCreated |
The date and time the audit profile was created, in the format defined by RFC3339. | string |
No | - | - |
timeUpdated |
The date and time the audit profile was updated, in the format defined by RFC3339. | string |
No | - | - |
Status.auditTrails[]¶
AuditProfileAuditTrail defines nested fields for AuditProfile.AuditTrail.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
auditCollectionStartTime |
The date from which the audit trail must start collecting data, in the format defined by RFC3339. | string |
No | - | - |
auditProfileId |
The OCID of the parent audit. | string |
No | - | - |
canUpdateLastArchiveTimeOnTarget |
Indicates if the Datasafe updates last archive time on target database. If isAutoPurgeEnabled field is enabled, this field must be true. | boolean |
No | - | - |
compartmentId |
The OCID of the compartment that contains the audit trail and is the same as the compartment of the audit profile resource. | string |
No | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
description |
The description of the audit trail. | string |
No | - | - |
displayName |
The display name of the audit trail. | string |
No | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
id |
The OCID of the audit trail. | string |
No | - | - |
isAutoPurgeEnabled |
Indicates if auto purge is enabled on the target database, which helps delete audit data in the target database every seven days so that the database's audit trail does not become too large. | boolean |
No | - | - |
lifecycleDetails |
Details about the current state of the audit trail in Data Safe. | string |
No | - | - |
lifecycleState |
The current state of the audit trail. | string |
No | - | - |
peerTargetDatabaseKey |
The secondary id assigned for the peer database registered with Data Safe. | integer |
No | - | - |
purgeJobDetails |
The details of the audit trail purge job that ran at the time specified by purgeJobTime". | string |
No | - | - |
purgeJobStatus |
The current status of the audit trail purge job. | string |
No | - | - |
purgeJobTime |
The date and time of the last purge job. The purge job deletes audit data in the target database every seven days so that the database's audit trail does not become too large. In the format defined by RFC3339. | string |
No | - | - |
status |
The current sub-state of the audit trail. | string |
No | - | - |
systemTags |
System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"orcl-cloud": {"free-tier-retained": "true"}} |
map[string, map[string, string]] |
No | - | - |
targetId |
The OCID of the Data Safe target for which the audit trail is created. | string |
No | - | - |
timeCreated |
The date and time the audit trail was created, in the format defined by RFC3339. | string |
No | - | - |
timeLastCollected |
The date and time until when the audit events were collected from the target database by the Data Safe audit trail collection process, in the format defined by RFC3339. | string |
No | - | - |
timeUpdated |
The date and time the audit trail was updated, in the format defined by RFC3339. | string |
No | - | - |
trailLocation |
An audit trail location represents the source of audit records that provides documentary evidence of the sequence of activities in the target database. | string |
No | - | - |
trailSource |
The underlying source of unified audit trail. | string |
No | - | - |
workRequestId |
The OCID of the workrequest for audit trail which collects audit records. | string |
No | - | - |
Status.status¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. | object |
No | - | - |
conditions |
- | list[object] |
No | - | - |
createdAt |
- | string (date-time) |
No | - | - |
deletedAt |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
ocid |
- | string |
No | - | - |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. | string |
No | - | - |
reason |
- | string |
No | - | - |
requestedAt |
- | string (date-time) |
No | - | - |
updatedAt |
- | string (date-time) |
No | - | - |
Status.status.async¶
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
current |
- | object |
No | - | - |
Status.status.async.current¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
message |
- | string |
No | - | - |
normalizedClass |
- | string |
Yes | - | attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- | number |
No | - | - |
phase |
- | string |
Yes | - | create, delete, update |
rawOperationType |
- | string |
No | - | - |
rawStatus |
- | string |
No | - | - |
source |
- | string |
Yes | - | lifecycle, none, workrequest |
updatedAt |
- | string (date-time) |
Yes | - | - |
workRequestId |
- | string |
No | - | - |
Status.status.conditions[]¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
lastTransitionTime |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
reason |
- | string |
No | - | - |
status |
- | string |
Yes | - | - |
type |
- | string |
Yes | - | - |
DataSafePrivateEndpoint¶
DataSafePrivateEndpoint is the Schema for the datasafeprivateendpoints API.
Plural:datasafeprivateendpointsScope:NamespacedAPIVersion:datasafe.oracle.com/v1beta1Sample: Sample (config/samples/datasafe_v1beta1_datasafeprivateendpoint.yaml)Packages: Not currently exposed by a customer-visible package.
Spec¶
DataSafePrivateEndpointSpec defines the desired state of DataSafePrivateEndpoint.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
compartmentId |
The OCID of the compartment. | string |
Yes | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
description |
The description of the private endpoint. | string |
No | - | - |
displayName |
The display name for the private endpoint. The name does not have to be unique, and it's changeable. | string |
Yes | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
nsgIds |
The OCIDs of the network security groups that the private endpoint belongs to. | list[string] |
No | - | - |
privateEndpointIp |
The private IP address of the private endpoint. | string |
No | - | - |
subnetId |
The OCID of the subnet. | string |
Yes | - | - |
vcnId |
The OCID of the VCN. | string |
Yes | - | - |
Status¶
DataSafePrivateEndpointStatus defines the observed state of DataSafePrivateEndpoint.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
compartmentId |
The OCID of the compartment. | string |
No | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
description |
The description of the private endpoint. | string |
No | - | - |
displayName |
The display name of the private endpoint. | string |
No | - | - |
endpointFqdn |
The three-label fully qualified domain name (FQDN) of the private endpoint. The customer VCN's DNS records are updated with this FQDN. | string |
No | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
id |
The OCID of the Data Safe private endpoint. | string |
No | - | - |
lifecycleState |
The current state of the private endpoint. | string |
No | - | - |
nsgIds |
The OCIDs of the network security groups that the private endpoint belongs to. | list[string] |
No | - | - |
privateEndpointId |
The OCID of the underlying private endpoint. | string |
No | - | - |
privateEndpointIp |
The private IP address of the private endpoint. | string |
No | - | - |
status |
- | object |
Yes | - | - |
subnetId |
The OCID of the subnet. | string |
No | - | - |
systemTags |
System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"orcl-cloud": {"free-tier-retained": "true"}} |
map[string, map[string, string]] |
No | - | - |
timeCreated |
The date and time the private endpoint was created, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). | string |
No | - | - |
vcnId |
The OCID of the VCN. | string |
No | - | - |
Status.status¶
Back to DataSafePrivateEndpoint status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. | object |
No | - | - |
conditions |
- | list[object] |
No | - | - |
createdAt |
- | string (date-time) |
No | - | - |
deletedAt |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
ocid |
- | string |
No | - | - |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. | string |
No | - | - |
reason |
- | string |
No | - | - |
requestedAt |
- | string (date-time) |
No | - | - |
updatedAt |
- | string (date-time) |
No | - | - |
Status.status.async¶
Back to DataSafePrivateEndpoint status
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
current |
- | object |
No | - | - |
Status.status.async.current¶
Back to DataSafePrivateEndpoint status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
message |
- | string |
No | - | - |
normalizedClass |
- | string |
Yes | - | attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- | number |
No | - | - |
phase |
- | string |
Yes | - | create, delete, update |
rawOperationType |
- | string |
No | - | - |
rawStatus |
- | string |
No | - | - |
source |
- | string |
Yes | - | lifecycle, none, workrequest |
updatedAt |
- | string (date-time) |
Yes | - | - |
workRequestId |
- | string |
No | - | - |
Status.status.conditions[]¶
Back to DataSafePrivateEndpoint status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
lastTransitionTime |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
reason |
- | string |
No | - | - |
status |
- | string |
Yes | - | - |
type |
- | string |
Yes | - | - |
DiscoveryJob¶
DiscoveryJob is the Schema for the discoveryjobs API.
Plural:discoveryjobsScope:NamespacedAPIVersion:datasafe.oracle.com/v1beta1Sample: Sample (config/samples/datasafe_v1beta1_discoveryjob.yaml)Packages: Not currently exposed by a customer-visible package.
Spec¶
DiscoveryJobSpec defines the desired state of DiscoveryJob.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
compartmentId |
The OCID of the compartment where the discovery job resource should be created. | string |
Yes | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
discoveryType |
The type of the discovery job. It defines the job's scope. NEW identifies new sensitive columns in the target database that are not in the sensitive data model. DELETED identifies columns that are present in the sensitive data model but have been deleted from the target database. MODIFIED identifies columns that are present in the target database as well as the sensitive data model but some of their attributes have been modified. ALL covers all the above three scenarios and reports new, deleted and modified columns. | string |
No | - | - |
displayName |
A user-friendly name for the discovery job. Does not have to be unique, and it is changeable. Avoid entering confidential information. | string |
No | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
isAppDefinedRelationDiscoveryEnabled |
Indicates if the discovery job should identify potential application-level (non-dictionary) referential relationships between columns. Note that data discovery automatically identifies and adds database-level (dictionary-defined) relationships. This option helps identify application-level relationships that are not defined in the database dictionary, which in turn, helps identify additional sensitive columns and preserve referential integrity during data masking. It's disabled by default and should be used only if there is a need to identify application-level relationships. | boolean |
No | - | - |
isIncludeAllSchemas |
Indicates if all the schemas should be scanned by the discovery job. If it is set to true, sensitive data is discovered in all schemas (except for schemas maintained by Oracle). If both attributes are not provided, the configuration from the sensitive data model is used. | boolean |
No | - | - |
isIncludeAllSensitiveTypes |
Indicates if all the existing sensitive types should be used by the discovery job. If it's set to true, the sensitiveTypeIdsForDiscovery attribute is ignored and all sensitive types are used for data discovery. If both attributes are not provided, the configuration from the sensitive data model is used. | boolean |
No | - | - |
isSampleDataCollectionEnabled |
Indicates if the discovery job should collect and store sample data values for the discovered columns. Sample data helps review the discovered columns and ensure that they actually contain sensitive data. As it collects original data from the target database, it's disabled by default and should be used only if it's acceptable to store sample data in Data Safe's repository in Oracle Cloud. Note that sample data values are not collected for columns with the following data types: LONG, LOB, RAW, XMLTYPE and BFILE. | boolean |
No | - | - |
schemasForDiscovery |
The schemas to be scanned by the discovery job. If not provided, the schemasForDiscovery attribute of the sensitive data model is used to get the list of schemas. | list[string] |
No | - | - |
sensitiveDataModelId |
The OCID of the sensitive data model. | string |
Yes | - | - |
sensitiveTypeGroupIdsForDiscovery |
The OCIDs of the sensitive type groups to be used by the discovery job. All the sensitive types present in sensitive type group will be used for discovery. | list[string] |
No | - | - |
sensitiveTypeIdsForDiscovery |
The OCIDs of the sensitive types to be used by the discovery job. If not provided, the sensitiveTypeIdsForDiscovery attribute of the sensitive data model is used to get the list of sensitive types. | list[string] |
No | - | - |
tablesForDiscovery |
The data discovery jobs will scan the tables specified here, including both schemas and tables. In the absence of explicit input, the list of tables is obtained from the tablesForDiscovery attribute of the sensitive data model. | list[object] |
No | - | - |
Spec.tablesForDiscovery[]¶
DiscoveryJobTablesForDiscovery defines nested fields for DiscoveryJob.TablesForDiscovery.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
schemaName |
This contains the name of the schema. | string |
Yes | - | - |
tableNames |
This contains an optional list of the table names. | list[string] |
No | - | - |
Status¶
DiscoveryJobStatus defines the observed state of DiscoveryJob.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
compartmentId |
The OCID of the compartment that contains the discovery job. | string |
No | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
discoveryType |
The type of the discovery job. It defines the job's scope. NEW identifies new sensitive columns in the target database that are not in the sensitive data model. DELETED identifies columns that are present in the sensitive data model but have been deleted from the target database. MODIFIED identifies columns that are present in the target database as well as the sensitive data model but some of their attributes have been modified. ALL covers all the above three scenarios and reports new, deleted and modified columns. | string |
No | - | - |
displayName |
The display name of the discovery job. | string |
No | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
id |
The OCID of the discovery job. | string |
No | - | - |
isAppDefinedRelationDiscoveryEnabled |
Indicates if the discovery job should identify potential application-level (non-dictionary) referential relationships between columns. Note that data discovery automatically identifies and adds database-level (dictionary-defined) relationships. This option helps identify application-level relationships that are not defined in the database dictionary, which in turn, helps identify additional sensitive columns and preserve referential integrity during data masking. It's disabled by default and should be used only if there is a need to identify application-level relationships. | boolean |
No | - | - |
isIncludeAllSchemas |
Indicates if all the schemas in the associated target database are used for data discovery. If it is set to true, sensitive data is discovered in all schemas (except for schemas maintained by Oracle). | boolean |
No | - | - |
isIncludeAllSensitiveTypes |
Indicates if all the existing sensitive types are used for data discovery. If it's set to true, the sensitiveTypeIdsForDiscovery attribute is ignored and all sensitive types are used. | boolean |
No | - | - |
isSampleDataCollectionEnabled |
Indicates if the discovery job should collect and store sample data values for the discovered columns. Sample data helps review the discovered columns and ensure that they actually contain sensitive data. As it collects original data from the target database, it's disabled by default and should be used only if it's acceptable to store sample data in Data Safe's repository in Oracle Cloud. Note that sample data values are not collected for columns with the following data types: LONG, LOB, RAW, XMLTYPE and BFILE. | boolean |
No | - | - |
lifecycleState |
The current state of the discovery job. | string |
No | - | - |
schemasForDiscovery |
The schemas used for data discovery. | list[string] |
No | - | - |
sensitiveDataModelId |
The OCID of the sensitive data model associated with the discovery job. | string |
No | - | - |
sensitiveTypeGroupIdsForDiscovery |
The OCIDs of the sensitive type groups to be used by data discovery jobs. | list[string] |
No | - | - |
sensitiveTypeIdsForDiscovery |
The OCIDs of the sensitive types used for data discovery. | list[string] |
No | - | - |
status |
- | object |
Yes | - | - |
systemTags |
System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"orcl-cloud": {"free-tier-retained": "true"}} |
map[string, map[string, string]] |
No | - | - |
tablesForDiscovery |
The data discovery jobs will scan the tables specified here, including both schemas and tables. | list[object] |
No | - | - |
targetId |
The OCID of the target database associated with the discovery job. | string |
No | - | - |
timeFinished |
The date and time the discovery job finished, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339).. | string |
No | - | - |
timeStarted |
The date and time the discovery job started, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). | string |
No | - | - |
totalColumnsScanned |
The total number of columns scanned by the discovery job. | integer (int64) |
No | - | - |
totalDeletedSensitiveColumns |
The total number of deleted sensitive columns identified by the discovery job. | integer (int64) |
No | - | - |
totalModifiedSensitiveColumns |
The total number of modified sensitive columns identified by the discovery job. | integer (int64) |
No | - | - |
totalNewSensitiveColumns |
The total number of new sensitive columns identified by the discovery job. | integer (int64) |
No | - | - |
totalObjectsScanned |
The total number of objects (tables and editioning views) scanned by the discovery job. | integer (int64) |
No | - | - |
totalSchemasScanned |
The total number of schemas scanned by the discovery job. | integer (int64) |
No | - | - |
Status.status¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. | object |
No | - | - |
conditions |
- | list[object] |
No | - | - |
createdAt |
- | string (date-time) |
No | - | - |
deletedAt |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
ocid |
- | string |
No | - | - |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. | string |
No | - | - |
reason |
- | string |
No | - | - |
requestedAt |
- | string (date-time) |
No | - | - |
updatedAt |
- | string (date-time) |
No | - | - |
Status.status.async¶
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
current |
- | object |
No | - | - |
Status.status.async.current¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
message |
- | string |
No | - | - |
normalizedClass |
- | string |
Yes | - | attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- | number |
No | - | - |
phase |
- | string |
Yes | - | create, delete, update |
rawOperationType |
- | string |
No | - | - |
rawStatus |
- | string |
No | - | - |
source |
- | string |
Yes | - | lifecycle, none, workrequest |
updatedAt |
- | string (date-time) |
Yes | - | - |
workRequestId |
- | string |
No | - | - |
Status.status.conditions[]¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
lastTransitionTime |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
reason |
- | string |
No | - | - |
status |
- | string |
Yes | - | - |
type |
- | string |
Yes | - | - |
Status.tablesForDiscovery[]¶
DiscoveryJobTablesForDiscovery defines nested fields for DiscoveryJob.TablesForDiscovery.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
schemaName |
This contains the name of the schema. | string |
Yes | - | - |
tableNames |
This contains an optional list of the table names. | list[string] |
No | - | - |
LibraryMaskingFormat¶
LibraryMaskingFormat is the Schema for the librarymaskingformats API.
Plural:librarymaskingformatsScope:NamespacedAPIVersion:datasafe.oracle.com/v1beta1Sample: Sample (config/samples/datasafe_v1beta1_librarymaskingformat.yaml)Packages: Not currently exposed by a customer-visible package.
Spec¶
LibraryMaskingFormatSpec defines the desired state of LibraryMaskingFormat.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
compartmentId |
The OCID of the compartment where the library masking format should be created. | string |
Yes | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
description |
The description of the library masking format. | string |
No | - | - |
displayName |
The display name of the library masking format. The name does not have to be unique, and it's changeable. | string |
No | - | - |
formatEntries |
An array of format entries. The combined output of all the format entries is used for masking. | list[object] |
Yes | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
sensitiveTypeIds |
An array of OCIDs of the sensitive types compatible with the library masking format. It helps track the sensitive types for which the library masking format is being created. | list[string] |
No | - | - |
Spec.formatEntries[]¶
Back to LibraryMaskingFormat spec
LibraryMaskingFormatFormatEntry defines nested fields for LibraryMaskingFormat.FormatEntry.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
columnName |
The name of the substitution column. | string |
No | - | - |
description |
The description of the format entry. | string |
No | - | - |
endDate |
The upper bound of the range within which all the original column values fall. The end date must be greater than or equal to the start date. | string |
No | - | - |
endLength |
The maximum number of characters the generated strings should have. It can be any integer greater than zero, but it must be greater than or equal to the start length. | integer |
No | - | - |
endValue |
The upper bound of the range within which random decimal numbers should be generated. It must be greater than or equal to the start value. It supports input of double type. | number |
No | - | - |
fixedNumber |
The constant number to be used for masking. | number |
No | - | - |
fixedString |
The constant string to be used for masking. | string |
No | - | - |
groupingColumns |
One or more reference columns to be used to group column values so that they can be shuffled within their own group. The grouping columns and the column to be masked must belong to the same table. | list[string] |
No | - | - |
jsonData |
- | string |
No | - | - |
length |
The number of characters that should be there in the substring. It should be an integer and greater than zero. | integer |
No | - | - |
libraryMaskingFormatId |
The OCID of the library masking format. | string |
No | - | - |
pattern |
The pattern that should be used to mask data. | string |
No | - | - |
postProcessingFunction |
The post processing function in SCHEMA_NAME.PACKAGE_NAME.FUNCTION_NAME format. It can be a standalone or packaged function, so PACKAGE_NAME is optional. | string |
No | - | - |
randomList |
A comma-separated list of values to be used to replace column values. The list can be of strings, numbers, or dates. The data type of each value in the list must be compatible with the data type of the column. The number of entries in the list cannot be more than 999. | list[string] |
No | - | - |
regularExpression |
The regular expression to be used for masking. For data with characters in the ASCII character set, providing a regular expression is optional. However, it is required if the data contains multi-byte characters. If not provided, an error is returned when a multi-byte character is found. In the case of ASCII characters, if a regular expression is not provided, Deterministic Encryption can encrypt variable-length column values while preserving their original format. If a regular expression is provided, the column values in all the rows must match the regular expression. Deterministic Encryption supports a subset of the regular expression language. It supports encryption of fixed-length strings, and does not support * or + syntax of regular expressions. The encrypted values also match the regular expression, which helps to ensure that the original format is preserved. If an original value does not match the regular expression, Deterministic Encryption might not produce a one-to-one mapping. All non-confirming values are mapped to a single encrypted value, thereby producing a many-to-one mapping. | string |
No | - | - |
replaceWith |
The value that should be used to replace the data matching the regular expression. It can be a fixed string, fixed number or null value. | string |
No | - | - |
schemaName |
The name of the schema that contains the substitution column. | string |
No | - | - |
sqlExpression |
The SQL expression to be used to generate the masked values. It can consist of one or more values, operators, and SQL functions that evaluate to a value. It can also contain substitution columns from the same table. Specify the substitution columns within percent (%) symbols. | string |
No | - | - |
startDate |
The lower bound of the range within which all the original column values fall. The start date must be less than or equal to the end date. | string |
No | - | - |
startLength |
The minimum number of characters the generated strings should have. It can be any integer greater than zero, but it must be less than or equal to the end length. | integer |
No | - | - |
startPosition |
The starting position in the original string from where the substring should be extracted. It can be either a positive or a negative integer. If It's negative, the counting starts from the end of the string. | integer |
No | - | - |
startValue |
The lower bound of the range within which random decimal numbers should be generated. It must be less than or equal to the end value. It supports input of double type. | number |
No | - | - |
tableName |
The name of the table that contains the substitution column. | string |
No | - | - |
type |
- | string |
No | - | - |
userDefinedFunction |
The user-defined function in SCHEMA_NAME.PACKAGE_NAME.FUNCTION_NAME format. It can be a standalone or packaged function, so PACKAGE_NAME is optional. | string |
No | - | - |
Status¶
LibraryMaskingFormatStatus defines the observed state of LibraryMaskingFormat.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
compartmentId |
The OCID of the compartment that contains the library masking format. | string |
No | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
description |
The description of the library masking format. | string |
No | - | - |
displayName |
The display name of the library masking format. | string |
No | - | - |
formatEntries |
An array of format entries. The combined output of all the format entries is used for masking. | list[object] |
No | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
id |
The OCID of the library masking format. | string |
No | - | - |
lifecycleState |
The current state of the library masking format. | string |
No | - | - |
sensitiveTypeIds |
An array of OCIDs of the sensitive types compatible with the library masking format. | list[string] |
No | - | - |
source |
Specifies whether the library masking format is user-defined or predefined. | string |
No | - | - |
status |
- | object |
Yes | - | - |
timeCreated |
The date and time the library masking format was created, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339) | string |
No | - | - |
timeUpdated |
The date and time the library masking format was updated, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339) | string |
No | - | - |
Status.formatEntries[]¶
Back to LibraryMaskingFormat status
LibraryMaskingFormatFormatEntry defines nested fields for LibraryMaskingFormat.FormatEntry.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
columnName |
The name of the substitution column. | string |
No | - | - |
description |
The description of the format entry. | string |
No | - | - |
endDate |
The upper bound of the range within which all the original column values fall. The end date must be greater than or equal to the start date. | string |
No | - | - |
endLength |
The maximum number of characters the generated strings should have. It can be any integer greater than zero, but it must be greater than or equal to the start length. | integer |
No | - | - |
endValue |
The upper bound of the range within which random decimal numbers should be generated. It must be greater than or equal to the start value. It supports input of double type. | number |
No | - | - |
fixedNumber |
The constant number to be used for masking. | number |
No | - | - |
fixedString |
The constant string to be used for masking. | string |
No | - | - |
groupingColumns |
One or more reference columns to be used to group column values so that they can be shuffled within their own group. The grouping columns and the column to be masked must belong to the same table. | list[string] |
No | - | - |
jsonData |
- | string |
No | - | - |
length |
The number of characters that should be there in the substring. It should be an integer and greater than zero. | integer |
No | - | - |
libraryMaskingFormatId |
The OCID of the library masking format. | string |
No | - | - |
pattern |
The pattern that should be used to mask data. | string |
No | - | - |
postProcessingFunction |
The post processing function in SCHEMA_NAME.PACKAGE_NAME.FUNCTION_NAME format. It can be a standalone or packaged function, so PACKAGE_NAME is optional. | string |
No | - | - |
randomList |
A comma-separated list of values to be used to replace column values. The list can be of strings, numbers, or dates. The data type of each value in the list must be compatible with the data type of the column. The number of entries in the list cannot be more than 999. | list[string] |
No | - | - |
regularExpression |
The regular expression to be used for masking. For data with characters in the ASCII character set, providing a regular expression is optional. However, it is required if the data contains multi-byte characters. If not provided, an error is returned when a multi-byte character is found. In the case of ASCII characters, if a regular expression is not provided, Deterministic Encryption can encrypt variable-length column values while preserving their original format. If a regular expression is provided, the column values in all the rows must match the regular expression. Deterministic Encryption supports a subset of the regular expression language. It supports encryption of fixed-length strings, and does not support * or + syntax of regular expressions. The encrypted values also match the regular expression, which helps to ensure that the original format is preserved. If an original value does not match the regular expression, Deterministic Encryption might not produce a one-to-one mapping. All non-confirming values are mapped to a single encrypted value, thereby producing a many-to-one mapping. | string |
No | - | - |
replaceWith |
The value that should be used to replace the data matching the regular expression. It can be a fixed string, fixed number or null value. | string |
No | - | - |
schemaName |
The name of the schema that contains the substitution column. | string |
No | - | - |
sqlExpression |
The SQL expression to be used to generate the masked values. It can consist of one or more values, operators, and SQL functions that evaluate to a value. It can also contain substitution columns from the same table. Specify the substitution columns within percent (%) symbols. | string |
No | - | - |
startDate |
The lower bound of the range within which all the original column values fall. The start date must be less than or equal to the end date. | string |
No | - | - |
startLength |
The minimum number of characters the generated strings should have. It can be any integer greater than zero, but it must be less than or equal to the end length. | integer |
No | - | - |
startPosition |
The starting position in the original string from where the substring should be extracted. It can be either a positive or a negative integer. If It's negative, the counting starts from the end of the string. | integer |
No | - | - |
startValue |
The lower bound of the range within which random decimal numbers should be generated. It must be less than or equal to the end value. It supports input of double type. | number |
No | - | - |
tableName |
The name of the table that contains the substitution column. | string |
No | - | - |
type |
- | string |
No | - | - |
userDefinedFunction |
The user-defined function in SCHEMA_NAME.PACKAGE_NAME.FUNCTION_NAME format. It can be a standalone or packaged function, so PACKAGE_NAME is optional. | string |
No | - | - |
Status.status¶
Back to LibraryMaskingFormat status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. | object |
No | - | - |
conditions |
- | list[object] |
No | - | - |
createdAt |
- | string (date-time) |
No | - | - |
deletedAt |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
ocid |
- | string |
No | - | - |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. | string |
No | - | - |
reason |
- | string |
No | - | - |
requestedAt |
- | string (date-time) |
No | - | - |
updatedAt |
- | string (date-time) |
No | - | - |
Status.status.async¶
Back to LibraryMaskingFormat status
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
current |
- | object |
No | - | - |
Status.status.async.current¶
Back to LibraryMaskingFormat status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
message |
- | string |
No | - | - |
normalizedClass |
- | string |
Yes | - | attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- | number |
No | - | - |
phase |
- | string |
Yes | - | create, delete, update |
rawOperationType |
- | string |
No | - | - |
rawStatus |
- | string |
No | - | - |
source |
- | string |
Yes | - | lifecycle, none, workrequest |
updatedAt |
- | string (date-time) |
Yes | - | - |
workRequestId |
- | string |
No | - | - |
Status.status.conditions[]¶
Back to LibraryMaskingFormat status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
lastTransitionTime |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
reason |
- | string |
No | - | - |
status |
- | string |
Yes | - | - |
type |
- | string |
Yes | - | - |
MaskingColumn¶
MaskingColumn is the Schema for the maskingcolumns API.
Plural:maskingcolumnsScope:NamespacedAPIVersion:datasafe.oracle.com/v1beta1Sample: Sample (config/samples/datasafe_v1beta1_maskingcolumn.yaml)Packages: Not currently exposed by a customer-visible package.
Spec¶
MaskingColumnSpec defines the desired state of MaskingColumn.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
columnName |
The name of the database column. This attribute cannot be updated for an existing masking column. Note that the same name is used for the masking column. There is no separate displayName attribute for the masking column. | string |
Yes | - | - |
isMaskingEnabled |
Indicates whether data masking is enabled for the masking column. Set it to false if you don't want to mask the column. | boolean |
No | - | - |
maskingColumnGroup |
The group of the masking column. It's a masking group identifier and can be any string of acceptable length. All the columns in a group are masked together to ensure that the masked data across these columns continue to retain the same logical relationship. For more details, check Group Masking in the Data Safe documentation. | string |
No | - | - |
maskingFormats |
The masking formats to be assigned to the masking column. You can specify a condition as part of each masking format. It enables you to do conditional masking so that you can mask the column data values differently using different masking formats and the associated conditions. A masking format can have one or more format entries. The combined output of all the format entries is used for masking. It provides the flexibility to define a masking format that can generate different parts of a data value separately and then combine them to get the final data value for masking. | list[object] |
No | - | - |
objectName |
The name of the object (table or editioning view) that contains the database column. This attribute cannot be updated for an existing masking column. | string |
Yes | - | - |
objectType |
The type of the object that contains the database column. | string |
No | - | - |
schemaName |
The name of the schema that contains the database column. This attribute cannot be updated for an existing masking column. | string |
Yes | - | - |
sensitiveTypeId |
The OCID of the sensitive type to be associated with the masking column. Note that if the maskingFormats attribute isn't provided while creating a masking column, the default masking format associated with the specified sensitive type is assigned to the masking column. | string |
No | - | - |
Spec.maskingFormats[]¶
MaskingColumnMaskingFormat defines nested fields for MaskingColumn.MaskingFormat.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
condition |
A condition that must be true for applying the masking format. It can be any valid SQL construct that can be used in a SQL predicate. It enables you to do conditional masking so that you can mask the column data values differently using different masking formats and the associated conditions. | string |
No | - | - |
description |
The description of the masking format. | string |
No | - | - |
formatEntries |
An array of format entries. The combined output of all the format entries is used for masking the column data values. | list[object] |
Yes | - | - |
Spec.maskingFormats[].formatEntries[]¶
MaskingColumnMaskingFormatFormatEntry defines nested fields for MaskingColumn.MaskingFormat.FormatEntry.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
columnName |
The name of the substitution column. | string |
No | - | - |
description |
The description of the format entry. | string |
No | - | - |
endDate |
The upper bound of the range within which all the original column values fall. The end date must be greater than or equal to the start date. | string |
No | - | - |
endLength |
The maximum number of characters the generated strings should have. It can be any integer greater than zero, but it must be greater than or equal to the start length. | integer |
No | - | - |
endValue |
The upper bound of the range within which random decimal numbers should be generated. It must be greater than or equal to the start value. It supports input of double type. | number |
No | - | - |
fixedNumber |
The constant number to be used for masking. | number |
No | - | - |
fixedString |
The constant string to be used for masking. | string |
No | - | - |
groupingColumns |
One or more reference columns to be used to group column values so that they can be shuffled within their own group. The grouping columns and the column to be masked must belong to the same table. | list[string] |
No | - | - |
jsonData |
- | string |
No | - | - |
length |
The number of characters that should be there in the substring. It should be an integer and greater than zero. | integer |
No | - | - |
libraryMaskingFormatId |
The OCID of the library masking format. | string |
No | - | - |
pattern |
The pattern that should be used to mask data. | string |
No | - | - |
postProcessingFunction |
The post processing function in SCHEMA_NAME.PACKAGE_NAME.FUNCTION_NAME format. It can be a standalone or packaged function, so PACKAGE_NAME is optional. | string |
No | - | - |
randomList |
A comma-separated list of values to be used to replace column values. The list can be of strings, numbers, or dates. The data type of each value in the list must be compatible with the data type of the column. The number of entries in the list cannot be more than 999. | list[string] |
No | - | - |
regularExpression |
The regular expression to be used for masking. For data with characters in the ASCII character set, providing a regular expression is optional. However, it is required if the data contains multi-byte characters. If not provided, an error is returned when a multi-byte character is found. In the case of ASCII characters, if a regular expression is not provided, Deterministic Encryption can encrypt variable-length column values while preserving their original format. If a regular expression is provided, the column values in all the rows must match the regular expression. Deterministic Encryption supports a subset of the regular expression language. It supports encryption of fixed-length strings, and does not support * or + syntax of regular expressions. The encrypted values also match the regular expression, which helps to ensure that the original format is preserved. If an original value does not match the regular expression, Deterministic Encryption might not produce a one-to-one mapping. All non-confirming values are mapped to a single encrypted value, thereby producing a many-to-one mapping. | string |
No | - | - |
replaceWith |
The value that should be used to replace the data matching the regular expression. It can be a fixed string, fixed number or null value. | string |
No | - | - |
schemaName |
The name of the schema that contains the substitution column. | string |
No | - | - |
sqlExpression |
The SQL expression to be used to generate the masked values. It can consist of one or more values, operators, and SQL functions that evaluate to a value. It can also contain substitution columns from the same table. Specify the substitution columns within percent (%) symbols. | string |
No | - | - |
startDate |
The lower bound of the range within which all the original column values fall. The start date must be less than or equal to the end date. | string |
No | - | - |
startLength |
The minimum number of characters the generated strings should have. It can be any integer greater than zero, but it must be less than or equal to the end length. | integer |
No | - | - |
startPosition |
The starting position in the original string from where the substring should be extracted. It can be either a positive or a negative integer. If It's negative, the counting starts from the end of the string. | integer |
No | - | - |
startValue |
The lower bound of the range within which random decimal numbers should be generated. It must be less than or equal to the end value. It supports input of double type. | number |
No | - | - |
tableName |
The name of the table that contains the substitution column. | string |
No | - | - |
type |
- | string |
No | - | - |
userDefinedFunction |
The user-defined function in SCHEMA_NAME.PACKAGE_NAME.FUNCTION_NAME format. It can be a standalone or packaged function, so PACKAGE_NAME is optional. | string |
No | - | - |
Status¶
MaskingColumnStatus defines the observed state of MaskingColumn.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
childColumns |
An array of child columns that are in referential relationship with the masking column. | list[string] |
No | - | - |
columnName |
The name of the database column. Note that the same name is used for the masking column. There is no separate displayName attribute for the masking column. | string |
No | - | - |
dataType |
The data type of the masking column. | string |
No | - | - |
isMaskingEnabled |
Indicates whether data masking is enabled for the masking column. | boolean |
No | - | - |
key |
The unique key that identifies the masking column. It's numeric and unique within a masking policy. | string |
No | - | - |
lifecycleDetails |
Details about the current state of the masking column. | string |
No | - | - |
lifecycleState |
The current state of the masking column. | string |
No | - | - |
maskingColumnGroup |
The group of the masking column. All the columns in a group are masked together to ensure that the masked data across these columns continue to retain the same logical relationship. For more details, check Group Masking in the Data Safe documentation. | string |
No | - | - |
maskingFormats |
An array of masking formats assigned to the masking column. | list[object] |
No | - | - |
maskingPolicyId |
The OCID of the masking policy that contains the masking column. | string |
No | - | - |
objectName |
The name of the object (table or editioning view) that contains the database column. | string |
No | - | - |
objectType |
The type of the object that contains the database column. | string |
No | - | - |
schemaName |
The name of the schema that contains the database column. | string |
No | - | - |
sensitiveTypeId |
The OCID of the sensitive type associated with the masking column. | string |
No | - | - |
status |
- | object |
Yes | - | - |
timeCreated |
The date and time the masking column was created, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). | string |
No | - | - |
timeUpdated |
The date and time the masking column was last updated, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). | string |
No | - | - |
Status.maskingFormats[]¶
MaskingColumnMaskingFormat defines nested fields for MaskingColumn.MaskingFormat.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
condition |
A condition that must be true for applying the masking format. It can be any valid SQL construct that can be used in a SQL predicate. It enables you to do conditional masking so that you can mask the column data values differently using different masking formats and the associated conditions. | string |
No | - | - |
description |
The description of the masking format. | string |
No | - | - |
formatEntries |
An array of format entries. The combined output of all the format entries is used for masking the column data values. | list[object] |
Yes | - | - |
Status.maskingFormats[].formatEntries[]¶
MaskingColumnMaskingFormatFormatEntry defines nested fields for MaskingColumn.MaskingFormat.FormatEntry.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
columnName |
The name of the substitution column. | string |
No | - | - |
description |
The description of the format entry. | string |
No | - | - |
endDate |
The upper bound of the range within which all the original column values fall. The end date must be greater than or equal to the start date. | string |
No | - | - |
endLength |
The maximum number of characters the generated strings should have. It can be any integer greater than zero, but it must be greater than or equal to the start length. | integer |
No | - | - |
endValue |
The upper bound of the range within which random decimal numbers should be generated. It must be greater than or equal to the start value. It supports input of double type. | number |
No | - | - |
fixedNumber |
The constant number to be used for masking. | number |
No | - | - |
fixedString |
The constant string to be used for masking. | string |
No | - | - |
groupingColumns |
One or more reference columns to be used to group column values so that they can be shuffled within their own group. The grouping columns and the column to be masked must belong to the same table. | list[string] |
No | - | - |
jsonData |
- | string |
No | - | - |
length |
The number of characters that should be there in the substring. It should be an integer and greater than zero. | integer |
No | - | - |
libraryMaskingFormatId |
The OCID of the library masking format. | string |
No | - | - |
pattern |
The pattern that should be used to mask data. | string |
No | - | - |
postProcessingFunction |
The post processing function in SCHEMA_NAME.PACKAGE_NAME.FUNCTION_NAME format. It can be a standalone or packaged function, so PACKAGE_NAME is optional. | string |
No | - | - |
randomList |
A comma-separated list of values to be used to replace column values. The list can be of strings, numbers, or dates. The data type of each value in the list must be compatible with the data type of the column. The number of entries in the list cannot be more than 999. | list[string] |
No | - | - |
regularExpression |
The regular expression to be used for masking. For data with characters in the ASCII character set, providing a regular expression is optional. However, it is required if the data contains multi-byte characters. If not provided, an error is returned when a multi-byte character is found. In the case of ASCII characters, if a regular expression is not provided, Deterministic Encryption can encrypt variable-length column values while preserving their original format. If a regular expression is provided, the column values in all the rows must match the regular expression. Deterministic Encryption supports a subset of the regular expression language. It supports encryption of fixed-length strings, and does not support * or + syntax of regular expressions. The encrypted values also match the regular expression, which helps to ensure that the original format is preserved. If an original value does not match the regular expression, Deterministic Encryption might not produce a one-to-one mapping. All non-confirming values are mapped to a single encrypted value, thereby producing a many-to-one mapping. | string |
No | - | - |
replaceWith |
The value that should be used to replace the data matching the regular expression. It can be a fixed string, fixed number or null value. | string |
No | - | - |
schemaName |
The name of the schema that contains the substitution column. | string |
No | - | - |
sqlExpression |
The SQL expression to be used to generate the masked values. It can consist of one or more values, operators, and SQL functions that evaluate to a value. It can also contain substitution columns from the same table. Specify the substitution columns within percent (%) symbols. | string |
No | - | - |
startDate |
The lower bound of the range within which all the original column values fall. The start date must be less than or equal to the end date. | string |
No | - | - |
startLength |
The minimum number of characters the generated strings should have. It can be any integer greater than zero, but it must be less than or equal to the end length. | integer |
No | - | - |
startPosition |
The starting position in the original string from where the substring should be extracted. It can be either a positive or a negative integer. If It's negative, the counting starts from the end of the string. | integer |
No | - | - |
startValue |
The lower bound of the range within which random decimal numbers should be generated. It must be less than or equal to the end value. It supports input of double type. | number |
No | - | - |
tableName |
The name of the table that contains the substitution column. | string |
No | - | - |
type |
- | string |
No | - | - |
userDefinedFunction |
The user-defined function in SCHEMA_NAME.PACKAGE_NAME.FUNCTION_NAME format. It can be a standalone or packaged function, so PACKAGE_NAME is optional. | string |
No | - | - |
Status.status¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. | object |
No | - | - |
conditions |
- | list[object] |
No | - | - |
createdAt |
- | string (date-time) |
No | - | - |
deletedAt |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
ocid |
- | string |
No | - | - |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. | string |
No | - | - |
reason |
- | string |
No | - | - |
requestedAt |
- | string (date-time) |
No | - | - |
updatedAt |
- | string (date-time) |
No | - | - |
Status.status.async¶
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
current |
- | object |
No | - | - |
Status.status.async.current¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
message |
- | string |
No | - | - |
normalizedClass |
- | string |
Yes | - | attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- | number |
No | - | - |
phase |
- | string |
Yes | - | create, delete, update |
rawOperationType |
- | string |
No | - | - |
rawStatus |
- | string |
No | - | - |
source |
- | string |
Yes | - | lifecycle, none, workrequest |
updatedAt |
- | string (date-time) |
Yes | - | - |
workRequestId |
- | string |
No | - | - |
Status.status.conditions[]¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
lastTransitionTime |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
reason |
- | string |
No | - | - |
status |
- | string |
Yes | - | - |
type |
- | string |
Yes | - | - |
MaskingPolicy¶
MaskingPolicy is the Schema for the maskingpolicies API.
Plural:maskingpoliciesScope:NamespacedAPIVersion:datasafe.oracle.com/v1beta1Sample: Sample (config/samples/datasafe_v1beta1_maskingpolicy.yaml)Packages: Not currently exposed by a customer-visible package.
Spec¶
MaskingPolicySpec defines the desired state of MaskingPolicy.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
columnSource |
MaskingPolicyColumnSource defines nested fields for MaskingPolicy.ColumnSource. | object |
Yes | - | - |
compartmentId |
The OCID of the compartment where the masking policy should be created. | string |
Yes | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
description |
The description of the masking policy. | string |
No | - | - |
displayName |
The display name of the masking policy. The name does not have to be unique, and it's changeable. | string |
No | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
isDropTempTablesEnabled |
Indicates if the temporary tables created during a masking operation should be dropped after masking. It's enabled by default. Set this attribute to false to preserve the temporary tables. Masking creates temporary tables that map the original sensitive data values to mask values. By default, these temporary tables are dropped after masking. But, in some cases, you may want to preserve this information to track how masking changed your data. Note that doing so compromises security. These tables must be dropped before the database is available for unprivileged users. | boolean |
No | - | - |
isRedoLoggingEnabled |
Indicates if redo logging is enabled during a masking operation. It's disabled by default. Set this attribute to true to enable redo logging. By default, masking disables redo logging and flashback logging to purge any original unmasked data from logs. However, in certain circumstances when you only want to test masking, rollback changes, and retry masking, you could enable logging and use a flashback database to retrieve the original unmasked data after it has been masked. | boolean |
No | - | - |
isRefreshStatsEnabled |
Indicates if statistics gathering is enabled. It's enabled by default. Set this attribute to false to disable statistics gathering. The masking process gathers statistics on masked database tables after masking completes. | boolean |
No | - | - |
parallelDegree |
Specifies options to enable parallel execution when running data masking. Allowed values are 'NONE' (no parallelism), 'DEFAULT' (the Oracle Database computes the optimum degree of parallelism) or an integer value to be used as the degree of parallelism. Parallel execution helps effectively use multiple CPUs and improve masking performance. Refer to the Oracle Database parallel execution framework when choosing an explicit degree of parallelism. | string |
No | - | - |
postMaskingScript |
A post-masking script, which can contain SQL and PL/SQL statements. It's executed after the core masking script generated using the masking policy. It's usually used to perform additional transformation or cleanup work after masking. | string |
No | - | - |
preMaskingScript |
A pre-masking script, which can contain SQL and PL/SQL statements. It's executed before the core masking script generated using the masking policy. It's usually used to perform any preparation or prerequisite work before masking data. | string |
No | - | - |
recompile |
Specifies how to recompile invalid objects post data masking. Allowed values are 'SERIAL' (recompile in serial), 'PARALLEL' (recompile in parallel), 'NONE' (do not recompile). If it's set to PARALLEL, the value of parallelDegree attribute is used. Use the built-in UTL_RECOMP package to recompile any remaining invalid objects after masking completes. | string |
No | - | - |
Spec.columnSource¶
MaskingPolicyColumnSource defines nested fields for MaskingPolicy.ColumnSource.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
columnSource |
- | string |
No | - | - |
jsonData |
- | string |
No | - | - |
sensitiveDataModelId |
The OCID of the sensitive data model to be associated as the column source with the masking policy. | string |
No | - | - |
targetId |
The OCID of the target database to be associated as the column source with the masking policy. | string |
No | - | - |
Status¶
MaskingPolicyStatus defines the observed state of MaskingPolicy.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
areTargetCredentialsRequired |
Specifies whether target database credentials are required to perform masking with this policy | boolean |
No | - | - |
columnSource |
MaskingPolicyColumnSource defines nested fields for MaskingPolicy.ColumnSource. | object |
No | - | - |
compartmentId |
The OCID of the compartment that contains the masking policy. | string |
No | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
description |
The description of the masking policy. | string |
No | - | - |
displayName |
The display name of the masking policy. | string |
No | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
id |
The OCID of the masking policy. | string |
No | - | - |
isDropTempTablesEnabled |
Indicates if the temporary tables created during a masking operation should be dropped after masking. It's enabled by default. Set this attribute to false to preserve the temporary tables. Masking creates temporary tables that map the original sensitive data values to mask values. By default, these temporary tables are dropped after masking. But, in some cases, you may want to preserve this information to track how masking changed your data. Note that doing so compromises security. These tables must be dropped before the database is available for unprivileged users. | boolean |
No | - | - |
isRedoLoggingEnabled |
Indicates if redo logging is enabled during a masking operation. It's disabled by default. Set this attribute to true to enable redo logging. By default, masking disables redo logging and flashback logging to purge any original unmasked data from logs. However, in certain circumstances when you only want to test masking, rollback changes, and retry masking, you could enable logging and use a flashback database to retrieve the original unmasked data after it has been masked. | boolean |
No | - | - |
isRefreshStatsEnabled |
Indicates if statistics gathering is enabled. It's enabled by default. Set this attribute to false to disable statistics gathering. The masking process gathers statistics on masked database tables after masking completes. | boolean |
No | - | - |
lifecycleState |
The current state of the masking policy. | string |
No | - | - |
parallelDegree |
Specifies options to enable parallel execution when running data masking. Allowed values are 'NONE' (no parallelism), 'DEFAULT' (the Oracle Database computes the optimum degree of parallelism) or an integer value to be used as the degree of parallelism. Parallel execution helps effectively use multiple CPUs and improve masking performance. Refer to the Oracle Database parallel execution framework when choosing an explicit degree of parallelism. | string |
No | - | - |
postMaskingScript |
A post-masking script, which can contain SQL and PL/SQL statements. It's executed after the core masking script generated using the masking policy. It's usually used to perform additional transformation or cleanup work after masking. | string |
No | - | - |
preMaskingScript |
A pre-masking script, which can contain SQL and PL/SQL statements. It's executed before the core masking script generated using the masking policy. It's usually used to perform any preparation or prerequisite work before masking data. | string |
No | - | - |
recompile |
Specifies how to recompile invalid objects post data masking. Allowed values are 'SERIAL' (recompile in serial), 'PARALLEL' (recompile in parallel), 'NONE' (do not recompile). If it's set to PARALLEL, the value of parallelDegree attribute is used. Use the built-in UTL_RECOMP package to recompile any remaining invalid objects after masking completes. | string |
No | - | - |
status |
- | object |
Yes | - | - |
timeCreated |
The date and time the masking policy was created, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). | string |
No | - | - |
timeUpdated |
The date and time the masking policy was last updated, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339) | string |
No | - | - |
Status.columnSource¶
MaskingPolicyColumnSource defines nested fields for MaskingPolicy.ColumnSource.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
columnSource |
- | string |
No | - | - |
jsonData |
- | string |
No | - | - |
sensitiveDataModelId |
The OCID of the sensitive data model to be associated as the column source with the masking policy. | string |
No | - | - |
targetId |
The OCID of the target database to be associated as the column source with the masking policy. | string |
No | - | - |
Status.status¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. | object |
No | - | - |
conditions |
- | list[object] |
No | - | - |
createdAt |
- | string (date-time) |
No | - | - |
deletedAt |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
ocid |
- | string |
No | - | - |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. | string |
No | - | - |
reason |
- | string |
No | - | - |
requestedAt |
- | string (date-time) |
No | - | - |
updatedAt |
- | string (date-time) |
No | - | - |
Status.status.async¶
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
current |
- | object |
No | - | - |
Status.status.async.current¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
message |
- | string |
No | - | - |
normalizedClass |
- | string |
Yes | - | attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- | number |
No | - | - |
phase |
- | string |
Yes | - | create, delete, update |
rawOperationType |
- | string |
No | - | - |
rawStatus |
- | string |
No | - | - |
source |
- | string |
Yes | - | lifecycle, none, workrequest |
updatedAt |
- | string (date-time) |
Yes | - | - |
workRequestId |
- | string |
No | - | - |
Status.status.conditions[]¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
lastTransitionTime |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
reason |
- | string |
No | - | - |
status |
- | string |
Yes | - | - |
type |
- | string |
Yes | - | - |
OnPremConnector¶
OnPremConnector is the Schema for the onpremconnectors API.
Plural:onpremconnectorsScope:NamespacedAPIVersion:datasafe.oracle.com/v1beta1Sample: Sample (config/samples/datasafe_v1beta1_onpremconnector.yaml)Packages: Not currently exposed by a customer-visible package.
Spec¶
OnPremConnectorSpec defines the desired state of OnPremConnector.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
compartmentId |
The OCID of the compartment where you want to create the on-premises connector. | string |
Yes | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
description |
The description of the on-premises connector. | string |
No | - | - |
displayName |
The display name of the on-premises connector. The name does not have to be unique, and it's changeable. | string |
No | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
Status¶
OnPremConnectorStatus defines the observed state of OnPremConnector.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
availableVersion |
Latest available version of the on-premises connector. | string |
No | - | - |
compartmentId |
The OCID of the compartment that contains the on-premises connector. | string |
No | - | - |
createdVersion |
Created version of the on-premises connector. | string |
No | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
description |
The description of the on-premises connector. | string |
No | - | - |
displayName |
The display name of the on-premises connector. | string |
No | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
id |
The OCID of the on-premises connector. | string |
No | - | - |
lifecycleDetails |
Details about the current state of the on-premises connector. | string |
No | - | - |
lifecycleState |
The current state of the on-premises connector. | string |
No | - | - |
status |
- | object |
Yes | - | - |
systemTags |
System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"orcl-cloud": {"free-tier-retained": "true"}} |
map[string, map[string, string]] |
No | - | - |
timeCreated |
The date and time the on-premises connector was created, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). | string |
No | - | - |
Status.status¶
Back to OnPremConnector status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. | object |
No | - | - |
conditions |
- | list[object] |
No | - | - |
createdAt |
- | string (date-time) |
No | - | - |
deletedAt |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
ocid |
- | string |
No | - | - |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. | string |
No | - | - |
reason |
- | string |
No | - | - |
requestedAt |
- | string (date-time) |
No | - | - |
updatedAt |
- | string (date-time) |
No | - | - |
Status.status.async¶
Back to OnPremConnector status
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
current |
- | object |
No | - | - |
Status.status.async.current¶
Back to OnPremConnector status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
message |
- | string |
No | - | - |
normalizedClass |
- | string |
Yes | - | attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- | number |
No | - | - |
phase |
- | string |
Yes | - | create, delete, update |
rawOperationType |
- | string |
No | - | - |
rawStatus |
- | string |
No | - | - |
source |
- | string |
Yes | - | lifecycle, none, workrequest |
updatedAt |
- | string (date-time) |
Yes | - | - |
workRequestId |
- | string |
No | - | - |
Status.status.conditions[]¶
Back to OnPremConnector status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
lastTransitionTime |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
reason |
- | string |
No | - | - |
status |
- | string |
Yes | - | - |
type |
- | string |
Yes | - | - |
PeerTargetDatabase¶
PeerTargetDatabase is the Schema for the peertargetdatabases API.
Plural:peertargetdatabasesScope:NamespacedAPIVersion:datasafe.oracle.com/v1beta1Sample: Sample (config/samples/datasafe_v1beta1_peertargetdatabase.yaml)Packages: Not currently exposed by a customer-visible package.
Spec¶
PeerTargetDatabaseSpec defines the desired state of PeerTargetDatabase.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
databaseDetails |
PeerTargetDatabaseDatabaseDetails defines nested fields for PeerTargetDatabase.DatabaseDetails. | object |
Yes | - | - |
dataguardAssociationId |
The OCID of the Data Guard Association resource in which the database being registered is considered as peer database to the primary database. | string |
No | - | - |
description |
The description of the peer target database in Data Safe. | string |
No | - | - |
displayName |
The display name of the peer target database in Data Safe. The name is modifiable and does not need to be unique. | string |
No | - | - |
tlsConfig |
PeerTargetDatabaseTlsConfig defines nested fields for PeerTargetDatabase.TlsConfig. | object |
No | - | - |
Spec.databaseDetails¶
Back to PeerTargetDatabase spec
PeerTargetDatabaseDatabaseDetails defines nested fields for PeerTargetDatabase.DatabaseDetails.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
autonomousDatabaseId |
The OCID of the Autonomous Database registered as a target database in Data Safe. | string |
No | - | - |
databaseType |
- | string |
No | - | - |
dbSystemId |
The OCID of the cloud database registered as a target database in Data Safe. | string |
No | - | - |
infrastructureType |
The infrastructure type the database is running on. | string |
Yes | - | - |
instanceId |
The OCID of the compute instance on which the database is running. | string |
No | - | - |
ipAddresses |
The list of database host IP Addresses. Fully qualified domain names can be used if connectionType is 'ONPREM_CONNECTOR'. | list[string] |
No | - | - |
jsonData |
- | string |
No | - | - |
listenerPort |
The port number of the database listener. | integer |
No | - | - |
pluggableDatabaseId |
The OCID of the pluggable database registered as a target database in Data Safe. | string |
No | - | - |
serviceName |
The service name of the database registered as target database. | string |
No | - | - |
vmClusterId |
The OCID of the VM cluster in which the database is running. | string |
No | - | - |
Spec.tlsConfig¶
Back to PeerTargetDatabase spec
PeerTargetDatabaseTlsConfig defines nested fields for PeerTargetDatabase.TlsConfig.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
certificateStoreType |
The format of the certificate store. | string |
No | - | - |
keyStoreContent |
Base64 encoded string of key store file content. | string |
No | - | - |
status |
Status to represent whether the database connection is TLS enabled or not. | string |
Yes | - | - |
storePassword |
The password to read the trust store and key store files, if they are password protected. | string |
No | - | - |
trustStoreContent |
Base64 encoded string of trust store file content. | string |
No | - | - |
Status¶
PeerTargetDatabaseStatus defines the observed state of PeerTargetDatabase.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
databaseDetails |
PeerTargetDatabaseDatabaseDetails defines nested fields for PeerTargetDatabase.DatabaseDetails. | object |
No | - | - |
databaseUniqueName |
Unique name of the database associated to the peer target database. | string |
No | - | - |
dataguardAssociationId |
The OCID of the Data Guard Association resource in which the database associated to the peer target database is considered as peer database to the primary database. | string |
No | - | - |
description |
The description of the peer target database in Data Safe. | string |
No | - | - |
displayName |
The display name of the peer target database in Data Safe. | string |
No | - | - |
key |
The secondary key assigned for the peer target database in Data Safe. | integer |
No | - | - |
lifecycleDetails |
Details about the current state of the peer target database in Data Safe. | string |
No | - | - |
lifecycleState |
The current state of the peer target database in Data Safe. | string |
No | - | - |
role |
Role of the database associated to the peer target database. | string |
No | - | - |
status |
- | object |
Yes | - | - |
timeCreated |
The date and time of the peer target database registration in Data Safe. | string |
No | - | - |
tlsConfig |
PeerTargetDatabaseTlsConfig defines nested fields for PeerTargetDatabase.TlsConfig. | object |
No | - | - |
Status.databaseDetails¶
Back to PeerTargetDatabase status
PeerTargetDatabaseDatabaseDetails defines nested fields for PeerTargetDatabase.DatabaseDetails.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
autonomousDatabaseId |
The OCID of the Autonomous Database registered as a target database in Data Safe. | string |
No | - | - |
databaseType |
- | string |
No | - | - |
dbSystemId |
The OCID of the cloud database registered as a target database in Data Safe. | string |
No | - | - |
infrastructureType |
The infrastructure type the database is running on. | string |
Yes | - | - |
instanceId |
The OCID of the compute instance on which the database is running. | string |
No | - | - |
ipAddresses |
The list of database host IP Addresses. Fully qualified domain names can be used if connectionType is 'ONPREM_CONNECTOR'. | list[string] |
No | - | - |
jsonData |
- | string |
No | - | - |
listenerPort |
The port number of the database listener. | integer |
No | - | - |
pluggableDatabaseId |
The OCID of the pluggable database registered as a target database in Data Safe. | string |
No | - | - |
serviceName |
The service name of the database registered as target database. | string |
No | - | - |
vmClusterId |
The OCID of the VM cluster in which the database is running. | string |
No | - | - |
Status.status¶
Back to PeerTargetDatabase status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. | object |
No | - | - |
conditions |
- | list[object] |
No | - | - |
createdAt |
- | string (date-time) |
No | - | - |
deletedAt |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
ocid |
- | string |
No | - | - |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. | string |
No | - | - |
reason |
- | string |
No | - | - |
requestedAt |
- | string (date-time) |
No | - | - |
updatedAt |
- | string (date-time) |
No | - | - |
Status.status.async¶
Back to PeerTargetDatabase status
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
current |
- | object |
No | - | - |
Status.status.async.current¶
Back to PeerTargetDatabase status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
message |
- | string |
No | - | - |
normalizedClass |
- | string |
Yes | - | attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- | number |
No | - | - |
phase |
- | string |
Yes | - | create, delete, update |
rawOperationType |
- | string |
No | - | - |
rawStatus |
- | string |
No | - | - |
source |
- | string |
Yes | - | lifecycle, none, workrequest |
updatedAt |
- | string (date-time) |
Yes | - | - |
workRequestId |
- | string |
No | - | - |
Status.status.conditions[]¶
Back to PeerTargetDatabase status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
lastTransitionTime |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
reason |
- | string |
No | - | - |
status |
- | string |
Yes | - | - |
type |
- | string |
Yes | - | - |
Status.tlsConfig¶
Back to PeerTargetDatabase status
PeerTargetDatabaseTlsConfig defines nested fields for PeerTargetDatabase.TlsConfig.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
certificateStoreType |
The format of the certificate store. | string |
No | - | - |
keyStoreContent |
Base64 encoded string of key store file content. | string |
No | - | - |
status |
Status to represent whether the database connection is TLS enabled or not. | string |
Yes | - | - |
storePassword |
The password to read the trust store and key store files, if they are password protected. | string |
No | - | - |
trustStoreContent |
Base64 encoded string of trust store file content. | string |
No | - | - |
ReferentialRelation¶
ReferentialRelation is the Schema for the referentialrelations API.
Plural:referentialrelationsScope:NamespacedAPIVersion:datasafe.oracle.com/v1beta1Sample: Sample (config/samples/datasafe_v1beta1_referentialrelation.yaml)Packages: Not currently exposed by a customer-visible package.
Spec¶
ReferentialRelationSpec defines the desired state of ReferentialRelation.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
child |
ReferentialRelationChild defines nested fields for ReferentialRelation.Child. | object |
Yes | - | - |
isSensitive |
Add to sensitive data model if passed true. If false is passed, then the columns will not be added in the sensitive data model as sensitive columns and if sensitive type OCIDs are assigned to the columns, then the sensitive type OCIDs will not be retained. | boolean |
No | - | - |
parent |
ReferentialRelationParent defines nested fields for ReferentialRelation.Parent. | object |
Yes | - | - |
relationType |
The type of referential relationship the sensitive column has with its parent. DB_DEFINED indicates that the relationship is defined in the database dictionary. APP_DEFINED indicates that the relationship is defined at the application level and not in the database dictionary. | string |
Yes | - | - |
Spec.child¶
Back to ReferentialRelation spec
ReferentialRelationChild defines nested fields for ReferentialRelation.Child.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
appName |
The application name. | string |
Yes | - | - |
columnGroup |
Group of columns in referential relation. Order needs to be maintained in the elements of the parent/child array listing. | list[string] |
Yes | - | - |
objectName |
The database object that contains the columns. | string |
Yes | - | - |
objectType |
The type of the database object that contains the sensitive column. | string |
Yes | - | - |
schemaName |
The schema name. | string |
Yes | - | - |
sensitiveTypeIds |
Sensitive type ocids of each column groups. Order needs to be maintained with the parent column group. For the DB defined referential relations identified during SDM creation, we cannot add sensitive types. Instead use the sensitiveColumn POST API to mark the columns sensitive. | list[string] |
No | - | - |
Spec.parent¶
Back to ReferentialRelation spec
ReferentialRelationParent defines nested fields for ReferentialRelation.Parent.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
appName |
The application name. | string |
Yes | - | - |
columnGroup |
Group of columns in referential relation. Order needs to be maintained in the elements of the parent/child array listing. | list[string] |
Yes | - | - |
objectName |
The database object that contains the columns. | string |
Yes | - | - |
objectType |
The type of the database object that contains the sensitive column. | string |
Yes | - | - |
schemaName |
The schema name. | string |
Yes | - | - |
sensitiveTypeIds |
Sensitive type ocids of each column groups. Order needs to be maintained with the parent column group. For the DB defined referential relations identified during SDM creation, we cannot add sensitive types. Instead use the sensitiveColumn POST API to mark the columns sensitive. | list[string] |
No | - | - |
Status¶
ReferentialRelationStatus defines the observed state of ReferentialRelation.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
child |
ReferentialRelationChild defines nested fields for ReferentialRelation.Child. | object |
No | - | - |
isSensitive |
Determines if the columns present in the referential relation is present in the sensitive data model | boolean |
No | - | - |
key |
The unique key that identifies the referential relation. It's numeric and unique within a sensitive data model. | string |
No | - | - |
lifecycleState |
The current state of the referential relation. | string |
No | - | - |
parent |
ReferentialRelationParent defines nested fields for ReferentialRelation.Parent. | object |
No | - | - |
relationType |
The type of referential relationship the sensitive column has with its parent. NONE indicates that the sensitive column does not have a parent. DB_DEFINED indicates that the relationship is defined in the database dictionary. APP_DEFINED indicates that the relationship is defined at the application level and not in the database dictionary. | string |
No | - | - |
sensitiveDataModelId |
The OCID of the sensitive data model that contains the sensitive column. | string |
No | - | - |
status |
- | object |
Yes | - | - |
Status.child¶
Back to ReferentialRelation status
ReferentialRelationChild defines nested fields for ReferentialRelation.Child.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
appName |
The application name. | string |
Yes | - | - |
columnGroup |
Group of columns in referential relation. Order needs to be maintained in the elements of the parent/child array listing. | list[string] |
Yes | - | - |
objectName |
The database object that contains the columns. | string |
Yes | - | - |
objectType |
The type of the database object that contains the sensitive column. | string |
Yes | - | - |
schemaName |
The schema name. | string |
Yes | - | - |
sensitiveTypeIds |
Sensitive type ocids of each column groups. Order needs to be maintained with the parent column group. For the DB defined referential relations identified during SDM creation, we cannot add sensitive types. Instead use the sensitiveColumn POST API to mark the columns sensitive. | list[string] |
No | - | - |
Status.parent¶
Back to ReferentialRelation status
ReferentialRelationParent defines nested fields for ReferentialRelation.Parent.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
appName |
The application name. | string |
Yes | - | - |
columnGroup |
Group of columns in referential relation. Order needs to be maintained in the elements of the parent/child array listing. | list[string] |
Yes | - | - |
objectName |
The database object that contains the columns. | string |
Yes | - | - |
objectType |
The type of the database object that contains the sensitive column. | string |
Yes | - | - |
schemaName |
The schema name. | string |
Yes | - | - |
sensitiveTypeIds |
Sensitive type ocids of each column groups. Order needs to be maintained with the parent column group. For the DB defined referential relations identified during SDM creation, we cannot add sensitive types. Instead use the sensitiveColumn POST API to mark the columns sensitive. | list[string] |
No | - | - |
Status.status¶
Back to ReferentialRelation status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. | object |
No | - | - |
conditions |
- | list[object] |
No | - | - |
createdAt |
- | string (date-time) |
No | - | - |
deletedAt |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
ocid |
- | string |
No | - | - |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. | string |
No | - | - |
reason |
- | string |
No | - | - |
requestedAt |
- | string (date-time) |
No | - | - |
updatedAt |
- | string (date-time) |
No | - | - |
Status.status.async¶
Back to ReferentialRelation status
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
current |
- | object |
No | - | - |
Status.status.async.current¶
Back to ReferentialRelation status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
message |
- | string |
No | - | - |
normalizedClass |
- | string |
Yes | - | attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- | number |
No | - | - |
phase |
- | string |
Yes | - | create, delete, update |
rawOperationType |
- | string |
No | - | - |
rawStatus |
- | string |
No | - | - |
source |
- | string |
Yes | - | lifecycle, none, workrequest |
updatedAt |
- | string (date-time) |
Yes | - | - |
workRequestId |
- | string |
No | - | - |
Status.status.conditions[]¶
Back to ReferentialRelation status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
lastTransitionTime |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
reason |
- | string |
No | - | - |
status |
- | string |
Yes | - | - |
type |
- | string |
Yes | - | - |
ReportDefinition¶
ReportDefinition is the Schema for the reportdefinitions API.
Plural:reportdefinitionsScope:NamespacedAPIVersion:datasafe.oracle.com/v1beta1Sample: Sample (config/samples/datasafe_v1beta1_reportdefinition.yaml)Packages: Not currently exposed by a customer-visible package.
Spec¶
ReportDefinitionSpec defines the desired state of ReportDefinition.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
columnFilters |
An array of column filter objects. A column Filter object stores all information about a column filter including field name, an operator, one or more expressions, if the filter is enabled, or if the filter is hidden. | list[object] |
Yes | - | - |
columnInfo |
An array of column objects in the order (left to right) displayed in the report. A column object stores all information about a column, including the name displayed on the UI, corresponding field name in the data source, data type of the column, and column visibility (if the column is visible to the user). | list[object] |
Yes | - | - |
columnSortings |
An array of column sorting objects. Each column sorting object stores the column name to be sorted and if the sorting is in ascending order; sorting is done by the first column in the array, then by the second column in the array, etc. | list[object] |
Yes | - | - |
compartmentId |
The OCID of the compartment containing the report definition. | string |
Yes | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
description |
The description of the report definition. | string |
No | - | - |
displayName |
Specifies the name of the report definition. | string |
Yes | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
parentId |
The OCID of the parent report definition. | string |
Yes | - | - |
summary |
An array of report summary objects in the order (left to right) displayed in the report. A report summary object stores all information about summary of report to be displayed, including the name displayed on UI, the display order, corresponding group by and count of values, summary visibility (if the summary is visible to user). | list[object] |
Yes | - | - |
Spec.columnFilters[]¶
ReportDefinitionColumnFilter defines nested fields for ReportDefinition.ColumnFilter.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
expressions |
An array of expressions based on the operator type. A filter may have one or more expressions. | list[string] |
Yes | - | - |
fieldName |
Name of the column on which the filter must be applied. | string |
Yes | - | - |
isEnabled |
Indicates whether the filter is enabled. Values can either be 'true' or 'false'. | boolean |
Yes | - | - |
isHidden |
Indicates whether the filter is hidden. Values can either be 'true' or 'false'. | boolean |
Yes | - | - |
operator |
Specifies the type of operator that must be applied for example in, eq etc. | string |
Yes | - | - |
Spec.columnInfo[]¶
ReportDefinitionColumnInfo defines nested fields for ReportDefinition.ColumnInfo.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
applicableOperators |
An array of operators that can be supported by column fieldName. | list[string] |
No | - | - |
dataType |
Specifies the data type of the column. | string |
No | - | - |
displayName |
Name of the column displayed on UI. | string |
Yes | - | - |
displayOrder |
Specifies the display order of the column. | integer |
Yes | - | - |
fieldName |
Specifies the corresponding field name in the data source. | string |
Yes | - | - |
isHidden |
Indicates if the column is hidden. Values can either be 'true' or 'false'. | boolean |
Yes | - | - |
isVirtual |
Specifies if column is virtual and can only be used as column filter. | boolean |
No | - | - |
Spec.columnSortings[]¶
ReportDefinitionColumnSorting defines nested fields for ReportDefinition.ColumnSorting.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
fieldName |
Name of the column that must be sorted. | string |
Yes | - | - |
isAscending |
Indicates if the column must be sorted in ascending order. Values can either be 'true' or 'false'. | boolean |
Yes | - | - |
sortingOrder |
Indicates the order at which column must be sorted. | integer |
Yes | - | - |
Spec.summary[]¶
ReportDefinitionSummary defines nested fields for ReportDefinition.Summary.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
countOf |
Name of the key or count of object. | string |
No | - | - |
displayOrder |
Specifies the order in which the summary must be displayed. | integer |
Yes | - | - |
groupByFieldName |
A comma-delimited string that specifies the names of the fields by which the records must be aggregated to get the summary. | string |
No | - | - |
isHidden |
Indicates if the summary is hidden. Values can either be 'true' or 'false'. | boolean |
No | - | - |
name |
Name of the report summary. | string |
Yes | - | - |
scimFilter |
Additional scim filters used to get the specific summary. | string |
No | - | - |
Status¶
ReportDefinitionStatus defines the observed state of ReportDefinition.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
category |
Specifies the name of the category that this report belongs to. | string |
No | - | - |
columnFilters |
An array of columnFilter objects. A columnFilter object stores all information about a column filter including field name, an operator, one or more expressions, if the filter is enabled, or if the filter is hidden. | list[object] |
No | - | - |
columnInfo |
An array of column objects in the order (left to right) displayed in the report. A column object stores all information about a column, including the name displayed on the UI, corresponding field name in the data source, data type of the column, and column visibility (if the column is visible to the user). | list[object] |
No | - | - |
columnSortings |
An array of column sorting objects. Each column sorting object stores the column name to be sorted and if the sorting is in ascending order; sorting is done by the first column in the array, then by the second column in the array, etc. | list[object] |
No | - | - |
compartmentId |
The OCID of the compartment containing the report definition. | string |
No | - | - |
complianceStandards |
The list of the data protection regulations/standards used in the report that will help demonstrate compliance. | list[string] |
No | - | - |
dataSource |
Specifies the name of a resource that provides data for the report. For example alerts, events. | string |
No | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
description |
A description of the report definition. | string |
No | - | - |
displayName |
Name of the report definition. | string |
No | - | - |
displayOrder |
Specifies how the report definitions are ordered in the display. | integer |
No | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
id |
The OCID of the report definition. | string |
No | - | - |
isSeeded |
Signifies whether the definition is seeded or user defined. Values can either be 'true' or 'false'. | boolean |
No | - | - |
lifecycleDetails |
Details about the current state of the report definition in Data Safe. | string |
No | - | - |
lifecycleState |
The current state of the report. | string |
No | - | - |
parentId |
The OCID of the parent report definition. In the case of seeded report definition, this is same as definition OCID. | string |
No | - | - |
recordTimeSpan |
The time span for the records in the report to be scheduled. |
string |
No | - | - |
schedule |
The schedule to generate the report periodically in the specified format: |
string |
No | - | - |
scheduledReportCompartmentId |
The OCID of the compartment in which the scheduled resource will be created. | string |
No | - | - |
scheduledReportMimeType |
Specifies the format of the report ( either .xls or .pdf or .json) | string |
No | - | - |
scheduledReportName |
The name of the report to be scheduled. | string |
No | - | - |
scheduledReportRowLimit |
Specifies the limit on the number of rows in the report. | integer |
No | - | - |
scimFilter |
Additional SCIM filters used to define the report. | string |
No | - | - |
status |
- | object |
Yes | - | - |
summary |
An array of report summary objects in the order (left to right) displayed in the report. A report summary object stores all information about summary of report to be displayed, including the name displayed on UI, the display order, corresponding group by and count of values, summary visibility (if the summary is visible to user). | list[object] |
No | - | - |
systemTags |
System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"orcl-cloud": {"free-tier-retained": "true"}} |
map[string, map[string, string]] |
No | - | - |
timeCreated |
Specifies the date and time the report definition was created. | string |
No | - | - |
timeUpdated |
The date and time the report definition was updated. | string |
No | - | - |
Status.columnFilters[]¶
Back to ReportDefinition status
ReportDefinitionColumnFilter defines nested fields for ReportDefinition.ColumnFilter.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
expressions |
An array of expressions based on the operator type. A filter may have one or more expressions. | list[string] |
Yes | - | - |
fieldName |
Name of the column on which the filter must be applied. | string |
Yes | - | - |
isEnabled |
Indicates whether the filter is enabled. Values can either be 'true' or 'false'. | boolean |
Yes | - | - |
isHidden |
Indicates whether the filter is hidden. Values can either be 'true' or 'false'. | boolean |
Yes | - | - |
operator |
Specifies the type of operator that must be applied for example in, eq etc. | string |
Yes | - | - |
Status.columnInfo[]¶
Back to ReportDefinition status
ReportDefinitionColumnInfo defines nested fields for ReportDefinition.ColumnInfo.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
applicableOperators |
An array of operators that can be supported by column fieldName. | list[string] |
No | - | - |
dataType |
Specifies the data type of the column. | string |
No | - | - |
displayName |
Name of the column displayed on UI. | string |
Yes | - | - |
displayOrder |
Specifies the display order of the column. | integer |
Yes | - | - |
fieldName |
Specifies the corresponding field name in the data source. | string |
Yes | - | - |
isHidden |
Indicates if the column is hidden. Values can either be 'true' or 'false'. | boolean |
Yes | - | - |
isVirtual |
Specifies if column is virtual and can only be used as column filter. | boolean |
No | - | - |
Status.columnSortings[]¶
Back to ReportDefinition status
ReportDefinitionColumnSorting defines nested fields for ReportDefinition.ColumnSorting.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
fieldName |
Name of the column that must be sorted. | string |
Yes | - | - |
isAscending |
Indicates if the column must be sorted in ascending order. Values can either be 'true' or 'false'. | boolean |
Yes | - | - |
sortingOrder |
Indicates the order at which column must be sorted. | integer |
Yes | - | - |
Status.status¶
Back to ReportDefinition status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. | object |
No | - | - |
conditions |
- | list[object] |
No | - | - |
createdAt |
- | string (date-time) |
No | - | - |
deletedAt |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
ocid |
- | string |
No | - | - |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. | string |
No | - | - |
reason |
- | string |
No | - | - |
requestedAt |
- | string (date-time) |
No | - | - |
updatedAt |
- | string (date-time) |
No | - | - |
Status.status.async¶
Back to ReportDefinition status
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
current |
- | object |
No | - | - |
Status.status.async.current¶
Back to ReportDefinition status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
message |
- | string |
No | - | - |
normalizedClass |
- | string |
Yes | - | attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- | number |
No | - | - |
phase |
- | string |
Yes | - | create, delete, update |
rawOperationType |
- | string |
No | - | - |
rawStatus |
- | string |
No | - | - |
source |
- | string |
Yes | - | lifecycle, none, workrequest |
updatedAt |
- | string (date-time) |
Yes | - | - |
workRequestId |
- | string |
No | - | - |
Status.status.conditions[]¶
Back to ReportDefinition status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
lastTransitionTime |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
reason |
- | string |
No | - | - |
status |
- | string |
Yes | - | - |
type |
- | string |
Yes | - | - |
Status.summary[]¶
Back to ReportDefinition status
ReportDefinitionSummary defines nested fields for ReportDefinition.Summary.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
countOf |
Name of the key or count of object. | string |
No | - | - |
displayOrder |
Specifies the order in which the summary must be displayed. | integer |
Yes | - | - |
groupByFieldName |
A comma-delimited string that specifies the names of the fields by which the records must be aggregated to get the summary. | string |
No | - | - |
isHidden |
Indicates if the summary is hidden. Values can either be 'true' or 'false'. | boolean |
No | - | - |
name |
Name of the report summary. | string |
Yes | - | - |
scimFilter |
Additional scim filters used to get the specific summary. | string |
No | - | - |
SdmMaskingPolicyDifference¶
SdmMaskingPolicyDifference is the Schema for the sdmmaskingpolicydifferences API.
Plural:sdmmaskingpolicydifferencesScope:NamespacedAPIVersion:datasafe.oracle.com/v1beta1Sample: Sample (config/samples/datasafe_v1beta1_sdmmaskingpolicydifference.yaml)Packages: Not currently exposed by a customer-visible package.
Spec¶
SdmMaskingPolicyDifferenceSpec defines the desired state of SdmMaskingPolicyDifference.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
compartmentId |
The OCID of the compartment where the SDM masking policy difference resource should be created. | string |
Yes | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
differenceType |
The type of the SDM masking policy difference. It defines the difference scope. NEW identifies new sensitive columns in the sensitive data model that are not in the masking policy. DELETED identifies columns that are present in the masking policy but have been deleted from the sensitive data model. MODIFIED identifies columns that are present in the sensitive data model as well as the masking policy but some of their attributes have been modified. ALL covers all the above three scenarios and reports new, deleted and modified columns. | string |
No | - | - |
displayName |
A user-friendly name for the SDM masking policy difference. Does not have to be unique, and it is changeable. Avoid entering confidential information. | string |
No | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
maskingPolicyId |
The OCID of the masking policy. Note that if the masking policy is not associated with an SDM, CreateSdmMaskingPolicyDifference operation won't be allowed. | string |
Yes | - | - |
Status¶
SdmMaskingPolicyDifferenceStatus defines the observed state of SdmMaskingPolicyDifference.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
compartmentId |
The OCID of the compartment that contains the Sensitive data model and masking policy difference resource. | string |
No | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
differenceType |
The type of the SDM masking policy difference. It defines the difference scope. NEW identifies new sensitive columns in the sensitive data model that are not in the masking policy. DELETED identifies columns that are present in the masking policy but have been deleted from the sensitive data model. MODIFIED identifies columns that are present in the sensitive data model as well as the masking policy but some of their attributes have been modified. ALL covers all the above three scenarios and reports new, deleted and modified columns. | string |
No | - | - |
displayName |
The display name of the SDM masking policy difference. | string |
No | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
id |
The OCID of the Sensitive data model and masking policy difference resource. | string |
No | - | - |
lifecycleState |
The current state of the SDM masking policy difference. | string |
No | - | - |
maskingPolicyId |
The OCID of the masking policy associated with the SDM masking policy difference. | string |
No | - | - |
sensitiveDataModelId |
The OCID of the sensitive data model associated with the SDM masking policy difference. | string |
No | - | - |
status |
- | object |
Yes | - | - |
systemTags |
System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"orcl-cloud": {"free-tier-retained": "true"}} |
map[string, map[string, string]] |
No | - | - |
timeCreated |
The date and time the SDM masking policy difference was created, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). | string |
No | - | - |
timeCreationStarted |
The date and time the SDM masking policy difference creation started, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). | string |
No | - | - |
Status.status¶
Back to SdmMaskingPolicyDifference status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. | object |
No | - | - |
conditions |
- | list[object] |
No | - | - |
createdAt |
- | string (date-time) |
No | - | - |
deletedAt |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
ocid |
- | string |
No | - | - |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. | string |
No | - | - |
reason |
- | string |
No | - | - |
requestedAt |
- | string (date-time) |
No | - | - |
updatedAt |
- | string (date-time) |
No | - | - |
Status.status.async¶
Back to SdmMaskingPolicyDifference status
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
current |
- | object |
No | - | - |
Status.status.async.current¶
Back to SdmMaskingPolicyDifference status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
message |
- | string |
No | - | - |
normalizedClass |
- | string |
Yes | - | attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- | number |
No | - | - |
phase |
- | string |
Yes | - | create, delete, update |
rawOperationType |
- | string |
No | - | - |
rawStatus |
- | string |
No | - | - |
source |
- | string |
Yes | - | lifecycle, none, workrequest |
updatedAt |
- | string (date-time) |
Yes | - | - |
workRequestId |
- | string |
No | - | - |
Status.status.conditions[]¶
Back to SdmMaskingPolicyDifference status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
lastTransitionTime |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
reason |
- | string |
No | - | - |
status |
- | string |
Yes | - | - |
type |
- | string |
Yes | - | - |
SecurityAssessment¶
SecurityAssessment is the Schema for the securityassessments API.
Plural:securityassessmentsScope:NamespacedAPIVersion:datasafe.oracle.com/v1beta1Sample: Sample (config/samples/datasafe_v1beta1_securityassessment.yaml)Packages: Not currently exposed by a customer-visible package.
Spec¶
SecurityAssessmentSpec defines the desired state of SecurityAssessment.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
baseSecurityAssessmentId |
The OCID of the security assessment. The assessment should be of type SAVED. It will be required while creating the template baseline assessment for individual targets to fetch the detailed information from an existing security assessment. | string |
No | - | - |
compartmentId |
The OCID of the compartment that contains the security assessment. | string |
Yes | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
description |
Description of the security assessment. | string |
No | - | - |
displayName |
The display name of the security assessment. | string |
No | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
isAssessmentScheduled |
Indicates whether the assessment is scheduled to run. | boolean |
No | - | - |
schedule |
To schedule the assessment for running periodically, specify the schedule in this attribute. Create or schedule one assessment per compartment. If not defined, the assessment runs immediately. Format - |
string |
No | - | - |
targetId |
The OCID of the target database or target database group on which security assessment is to be run. | string |
No | - | - |
targetType |
The type of security assessment resource whether it is individual or group resource. For individual target use type TARGET_DATABASE and for group resource use type TARGET_DATABASE_GROUP. If not provided, TARGET_DATABASE would be used as default value. | string |
No | - | - |
templateAssessmentId |
The OCID of the template assessment. It will be required while creating the template baseline assessment. | string |
No | - | - |
type |
The type of the security assessment | string |
No | - | - |
Status¶
SecurityAssessmentStatus defines the observed state of SecurityAssessment.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
baselineAssessmentId |
The ocid of a security assessment which is of type TEMPLATE_BASELINE, this will be null or empty when type is TEMPLATE_BASELINE. | string |
No | - | - |
checks |
The security checks to be evaluated for type template. | list[object] |
No | - | - |
compartmentId |
The OCID of the compartment that contains the security assessment. | string |
No | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
description |
The description of the security assessment. | string |
No | - | - |
displayName |
The display name of the security assessment. | string |
No | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
id |
The OCID of the security assessment. | string |
No | - | - |
ignoredAssessmentIds |
List containing maps as values. Example: {"Operations": [ {"CostCenter": "42"} ] } |
list[object (preserves unknown fields)] |
No | - | - |
ignoredTargetIds |
List containing maps as values. Example: {"Operations": [ {"CostCenter": "42"} ] } |
list[object (preserves unknown fields)] |
No | - | - |
ignoredTargets |
List containing maps as values. Example: {"Operations": [ {"CostCenter": "42"} ] } |
list[object (preserves unknown fields)] |
No | - | - |
isAssessmentScheduled |
Indicates whether the assessment is scheduled to run. | boolean |
No | - | - |
isBaseline |
Indicates whether or not the security assessment is set as a baseline. This is applicable only for saved security assessments. | boolean |
No | - | - |
isDeviatedFromBaseline |
Indicates if the assessment has deviated from the baseline. | boolean |
No | - | - |
lastComparedBaselineId |
The OCID of the baseline against which the latest security assessment was compared. | string |
No | - | - |
lifecycleDetails |
Details about the current state of the security assessment. | string |
No | - | - |
lifecycleState |
The current state of the security assessment. | string |
No | - | - |
link |
The summary of findings for the security assessment | string |
No | - | - |
schedule |
Schedule to save the assessment periodically in the specified format: |
string |
No | - | - |
scheduleSecurityAssessmentId |
The OCID of the security assessment that is responsible for creating this scheduled save assessment. | string |
No | - | - |
statistics |
SecurityAssessmentStatistics defines nested fields for SecurityAssessment.Statistics. | object |
No | - | - |
status |
- | object |
Yes | - | - |
systemTags |
System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"orcl-cloud": {"free-tier-retained": "true"}} |
map[string, map[string, string]] |
No | - | - |
targetDatabaseGroupId |
The OCID of the target database group that the group assessment is created for. | string |
No | - | - |
targetIds |
Array of database target OCIDs. | list[string] |
No | - | - |
targetType |
Indicates whether the security assessment is for a target database or a target database group. | string |
No | - | - |
targetVersion |
The version of the target database. | string |
No | - | - |
templateAssessmentId |
The ocid of a security assessment which is of type TEMPLATE, this will be null or empty when type is TEMPLATE. | string |
No | - | - |
timeCreated |
The date and time the security assessment was created, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). | string |
No | - | - |
timeLastAssessed |
The date and time the security assessment was last executed, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). | string |
No | - | - |
timeUpdated |
The date and time the security assessment was last updated, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). | string |
No | - | - |
triggeredBy |
Indicates whether the security assessment was created by system or by a user. | string |
No | - | - |
type |
The type of this security assessment. The possible types are: LATEST: The most up-to-date assessment that is running automatically for a target. It is system generated. SAVED: A saved security assessment. LATEST assessments are always saved in order to maintain the history of runs. A SAVED assessment is also generated by a 'refresh' action (triggered by the user). SAVE_SCHEDULE: The schedule for periodic saves of LATEST assessments. COMPARTMENT: An automatically managed assessment type that stores all details of targets in one compartment. This type keeps an up-to-date assessment of all database risks in one compartment. It is automatically updated when the latest assessment or refresh action is executed. It is also automatically updated when a target is deleted or move to a different compartment. | string |
No | - | - |
Status.checks[]¶
Back to SecurityAssessment status
SecurityAssessmentCheck defines nested fields for SecurityAssessment.Check.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
category |
The category to which the check belongs to. | string |
No | - | - |
key |
A unique identifier for the check. | string |
No | - | - |
oneline |
Provides a recommended approach to take to remediate the check reported. | string |
No | - | - |
references |
Provides information on whether the check is related to a CIS Oracle Database Benchmark recommendation, STIG rule, GDPR Article/Recital or related to the Oracle Recommended Practice. | object |
No | - | - |
remarks |
The explanation of the issue in this check. It explains the reason for the rule and, if a risk is reported, it may also explain the recommended actions for remediation. | string |
No | - | - |
suggestedSeverity |
The severity of the check as suggested by Data Safe security assessment. This will be the default severity in the template baseline security assessment. | string |
No | - | - |
title |
The short title for the check. | string |
No | - | - |
Status.checks[].references¶
Back to SecurityAssessment status
Provides information on whether the check is related to a CIS Oracle Database Benchmark recommendation, STIG rule, GDPR Article/Recital or related to the Oracle Recommended Practice.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
cis |
Relevant section from CIS. | string |
No | - | - |
gdpr |
Relevant section from GDPR. | string |
No | - | - |
obp |
Relevant section from OBP. | string |
No | - | - |
orp |
Relevant section from ORP. | string |
No | - | - |
stig |
Relevant section from STIG. | string |
No | - | - |
Status.statistics¶
Back to SecurityAssessment status
SecurityAssessmentStatistics defines nested fields for SecurityAssessment.Statistics.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
advisory |
SecurityAssessmentStatisticsAdvisory defines nested fields for SecurityAssessment.Statistics.Advisory. | object |
No | - | - |
deferred |
SecurityAssessmentStatisticsDeferred defines nested fields for SecurityAssessment.Statistics.Deferred. | object |
No | - | - |
evaluate |
SecurityAssessmentStatisticsEvaluate defines nested fields for SecurityAssessment.Statistics.Evaluate. | object |
No | - | - |
highRisk |
SecurityAssessmentStatisticsHighRisk defines nested fields for SecurityAssessment.Statistics.HighRisk. | object |
No | - | - |
lowRisk |
SecurityAssessmentStatisticsLowRisk defines nested fields for SecurityAssessment.Statistics.LowRisk. | object |
No | - | - |
mediumRisk |
SecurityAssessmentStatisticsMediumRisk defines nested fields for SecurityAssessment.Statistics.MediumRisk. | object |
No | - | - |
pass |
SecurityAssessmentStatisticsPass defines nested fields for SecurityAssessment.Statistics.Pass. | object |
No | - | - |
targetsCount |
The total number of targets in this security assessment. | integer |
No | - | - |
Status.statistics.advisory¶
Back to SecurityAssessment status
SecurityAssessmentStatisticsAdvisory defines nested fields for SecurityAssessment.Statistics.Advisory.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
auditingFindingsCount |
The number of findings in the Auditing category. | integer |
No | - | - |
authorizationControlFindingsCount |
The number of findings in the Authorization Control category. | integer |
No | - | - |
dataEncryptionFindingsCount |
The number of findings in the Data Encryption category. | integer |
No | - | - |
dbConfigurationFindingsCount |
The number of findings in the Database Configuration category. | integer |
No | - | - |
fineGrainedAccessControlFindingsCount |
The number of findings in the Fine-Grained Access Control category. | integer |
No | - | - |
privilegesAndRolesFindingsCount |
The number of findings in the Privileges and Roles category. | integer |
No | - | - |
targetsCount |
The number of targets that contributed to the counts at this risk level. | integer |
No | - | - |
userAccountsFindingsCount |
The number of findings in the User Accounts category. | integer |
No | - | - |
Status.statistics.deferred¶
Back to SecurityAssessment status
SecurityAssessmentStatisticsDeferred defines nested fields for SecurityAssessment.Statistics.Deferred.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
auditingFindingsCount |
The number of findings in the Auditing category. | integer |
No | - | - |
authorizationControlFindingsCount |
The number of findings in the Authorization Control category. | integer |
No | - | - |
dataEncryptionFindingsCount |
The number of findings in the Data Encryption category. | integer |
No | - | - |
dbConfigurationFindingsCount |
The number of findings in the Database Configuration category. | integer |
No | - | - |
fineGrainedAccessControlFindingsCount |
The number of findings in the Fine-Grained Access Control category. | integer |
No | - | - |
privilegesAndRolesFindingsCount |
The number of findings in the Privileges and Roles category. | integer |
No | - | - |
targetsCount |
The number of targets that contributed to the counts at this risk level. | integer |
No | - | - |
userAccountsFindingsCount |
The number of findings in the User Accounts category. | integer |
No | - | - |
Status.statistics.evaluate¶
Back to SecurityAssessment status
SecurityAssessmentStatisticsEvaluate defines nested fields for SecurityAssessment.Statistics.Evaluate.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
auditingFindingsCount |
The number of findings in the Auditing category. | integer |
No | - | - |
authorizationControlFindingsCount |
The number of findings in the Authorization Control category. | integer |
No | - | - |
dataEncryptionFindingsCount |
The number of findings in the Data Encryption category. | integer |
No | - | - |
dbConfigurationFindingsCount |
The number of findings in the Database Configuration category. | integer |
No | - | - |
fineGrainedAccessControlFindingsCount |
The number of findings in the Fine-Grained Access Control category. | integer |
No | - | - |
privilegesAndRolesFindingsCount |
The number of findings in the Privileges and Roles category. | integer |
No | - | - |
targetsCount |
The number of targets that contributed to the counts at this risk level. | integer |
No | - | - |
userAccountsFindingsCount |
The number of findings in the User Accounts category. | integer |
No | - | - |
Status.statistics.highRisk¶
Back to SecurityAssessment status
SecurityAssessmentStatisticsHighRisk defines nested fields for SecurityAssessment.Statistics.HighRisk.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
auditingFindingsCount |
The number of findings in the Auditing category. | integer |
No | - | - |
authorizationControlFindingsCount |
The number of findings in the Authorization Control category. | integer |
No | - | - |
dataEncryptionFindingsCount |
The number of findings in the Data Encryption category. | integer |
No | - | - |
dbConfigurationFindingsCount |
The number of findings in the Database Configuration category. | integer |
No | - | - |
fineGrainedAccessControlFindingsCount |
The number of findings in the Fine-Grained Access Control category. | integer |
No | - | - |
privilegesAndRolesFindingsCount |
The number of findings in the Privileges and Roles category. | integer |
No | - | - |
targetsCount |
The number of targets that contributed to the counts at this risk level. | integer |
No | - | - |
userAccountsFindingsCount |
The number of findings in the User Accounts category. | integer |
No | - | - |
Status.statistics.lowRisk¶
Back to SecurityAssessment status
SecurityAssessmentStatisticsLowRisk defines nested fields for SecurityAssessment.Statistics.LowRisk.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
auditingFindingsCount |
The number of findings in the Auditing category. | integer |
No | - | - |
authorizationControlFindingsCount |
The number of findings in the Authorization Control category. | integer |
No | - | - |
dataEncryptionFindingsCount |
The number of findings in the Data Encryption category. | integer |
No | - | - |
dbConfigurationFindingsCount |
The number of findings in the Database Configuration category. | integer |
No | - | - |
fineGrainedAccessControlFindingsCount |
The number of findings in the Fine-Grained Access Control category. | integer |
No | - | - |
privilegesAndRolesFindingsCount |
The number of findings in the Privileges and Roles category. | integer |
No | - | - |
targetsCount |
The number of targets that contributed to the counts at this risk level. | integer |
No | - | - |
userAccountsFindingsCount |
The number of findings in the User Accounts category. | integer |
No | - | - |
Status.statistics.mediumRisk¶
Back to SecurityAssessment status
SecurityAssessmentStatisticsMediumRisk defines nested fields for SecurityAssessment.Statistics.MediumRisk.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
auditingFindingsCount |
The number of findings in the Auditing category. | integer |
No | - | - |
authorizationControlFindingsCount |
The number of findings in the Authorization Control category. | integer |
No | - | - |
dataEncryptionFindingsCount |
The number of findings in the Data Encryption category. | integer |
No | - | - |
dbConfigurationFindingsCount |
The number of findings in the Database Configuration category. | integer |
No | - | - |
fineGrainedAccessControlFindingsCount |
The number of findings in the Fine-Grained Access Control category. | integer |
No | - | - |
privilegesAndRolesFindingsCount |
The number of findings in the Privileges and Roles category. | integer |
No | - | - |
targetsCount |
The number of targets that contributed to the counts at this risk level. | integer |
No | - | - |
userAccountsFindingsCount |
The number of findings in the User Accounts category. | integer |
No | - | - |
Status.statistics.pass¶
Back to SecurityAssessment status
SecurityAssessmentStatisticsPass defines nested fields for SecurityAssessment.Statistics.Pass.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
auditingFindingsCount |
The number of findings in the Auditing category. | integer |
No | - | - |
authorizationControlFindingsCount |
The number of findings in the Authorization Control category. | integer |
No | - | - |
dataEncryptionFindingsCount |
The number of findings in the Data Encryption category. | integer |
No | - | - |
dbConfigurationFindingsCount |
The number of findings in the Database Configuration category. | integer |
No | - | - |
fineGrainedAccessControlFindingsCount |
The number of findings in the Fine-Grained Access Control category. | integer |
No | - | - |
privilegesAndRolesFindingsCount |
The number of findings in the Privileges and Roles category. | integer |
No | - | - |
targetsCount |
The number of targets that contributed to the counts at this risk level. | integer |
No | - | - |
userAccountsFindingsCount |
The number of findings in the User Accounts category. | integer |
No | - | - |
Status.status¶
Back to SecurityAssessment status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. | object |
No | - | - |
conditions |
- | list[object] |
No | - | - |
createdAt |
- | string (date-time) |
No | - | - |
deletedAt |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
ocid |
- | string |
No | - | - |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. | string |
No | - | - |
reason |
- | string |
No | - | - |
requestedAt |
- | string (date-time) |
No | - | - |
updatedAt |
- | string (date-time) |
No | - | - |
Status.status.async¶
Back to SecurityAssessment status
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
current |
- | object |
No | - | - |
Status.status.async.current¶
Back to SecurityAssessment status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
message |
- | string |
No | - | - |
normalizedClass |
- | string |
Yes | - | attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- | number |
No | - | - |
phase |
- | string |
Yes | - | create, delete, update |
rawOperationType |
- | string |
No | - | - |
rawStatus |
- | string |
No | - | - |
source |
- | string |
Yes | - | lifecycle, none, workrequest |
updatedAt |
- | string (date-time) |
Yes | - | - |
workRequestId |
- | string |
No | - | - |
Status.status.conditions[]¶
Back to SecurityAssessment status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
lastTransitionTime |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
reason |
- | string |
No | - | - |
status |
- | string |
Yes | - | - |
type |
- | string |
Yes | - | - |
SecurityPolicy¶
SecurityPolicy is the Schema for the securitypolicies API.
Plural:securitypoliciesScope:NamespacedAPIVersion:datasafe.oracle.com/v1beta1Sample: Sample (config/samples/datasafe_v1beta1_securitypolicy.yaml)Packages: Not currently exposed by a customer-visible package.
Spec¶
SecurityPolicySpec defines the desired state of SecurityPolicy.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
compartmentId |
The OCID of the compartment in which to create the security policy. | string |
Yes | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
description |
The description of the security policy. | string |
No | - | - |
displayName |
The display name of the security policy. The name does not have to be unique, and it is changeable. | string |
No | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
Status¶
SecurityPolicyStatus defines the observed state of SecurityPolicy.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
compartmentId |
The OCID of the compartment containing the security policy. | string |
No | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
description |
The description of the security policy. | string |
No | - | - |
displayName |
The display name of the security policy. | string |
No | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
id |
The OCID of the security policy. | string |
No | - | - |
lifecycleDetails |
Details about the current state of the security policy in Data Safe. | string |
No | - | - |
lifecycleState |
The current state of the security policy. | string |
No | - | - |
securityPolicyType |
The type of the security policy. | string |
No | - | - |
status |
- | object |
Yes | - | - |
systemTags |
System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"orcl-cloud": {"free-tier-retained": "true"}} |
map[string, map[string, string]] |
No | - | - |
timeCreated |
The time that the security policy was created, in the format defined by RFC3339. | string |
No | - | - |
timeUpdated |
The last date and time the security policy was updated, in the format defined by RFC3339. | string |
No | - | - |
Status.status¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. | object |
No | - | - |
conditions |
- | list[object] |
No | - | - |
createdAt |
- | string (date-time) |
No | - | - |
deletedAt |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
ocid |
- | string |
No | - | - |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. | string |
No | - | - |
reason |
- | string |
No | - | - |
requestedAt |
- | string (date-time) |
No | - | - |
updatedAt |
- | string (date-time) |
No | - | - |
Status.status.async¶
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
current |
- | object |
No | - | - |
Status.status.async.current¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
message |
- | string |
No | - | - |
normalizedClass |
- | string |
Yes | - | attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- | number |
No | - | - |
phase |
- | string |
Yes | - | create, delete, update |
rawOperationType |
- | string |
No | - | - |
rawStatus |
- | string |
No | - | - |
source |
- | string |
Yes | - | lifecycle, none, workrequest |
updatedAt |
- | string (date-time) |
Yes | - | - |
workRequestId |
- | string |
No | - | - |
Status.status.conditions[]¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
lastTransitionTime |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
reason |
- | string |
No | - | - |
status |
- | string |
Yes | - | - |
type |
- | string |
Yes | - | - |
SecurityPolicyConfig¶
SecurityPolicyConfig is the Schema for the securitypolicyconfigs API.
Plural:securitypolicyconfigsScope:NamespacedAPIVersion:datasafe.oracle.com/v1beta1Sample: Sample (config/samples/datasafe_v1beta1_securitypolicyconfig.yaml)Packages: Not currently exposed by a customer-visible package.
Spec¶
SecurityPolicyConfigSpec defines the desired state of SecurityPolicyConfig.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
compartmentId |
The OCID of the compartment containing the security policy configuration. | string |
Yes | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
description |
The description of the security policy. | string |
No | - | - |
displayName |
The display name of the security policy configuration. The name does not have to be unique, and it is changeable. | string |
No | - | - |
firewallConfig |
SecurityPolicyConfigFirewallConfig defines nested fields for SecurityPolicyConfig.FirewallConfig. | object |
No | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
securityPolicyId |
The OCID of the security policy corresponding to the security policy configuration. | string |
Yes | - | - |
unifiedAuditPolicyConfig |
SecurityPolicyConfigUnifiedAuditPolicyConfig defines nested fields for SecurityPolicyConfig.UnifiedAuditPolicyConfig. | object |
No | - | - |
Spec.firewallConfig¶
Back to SecurityPolicyConfig spec
SecurityPolicyConfigFirewallConfig defines nested fields for SecurityPolicyConfig.FirewallConfig.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
excludeJob |
Specifies whether the firewall should include or exclude the database internal job activities. | string |
No | - | - |
status |
Specifies whether the firewall is enabled or disabled. | string |
No | - | - |
violationLogAutoPurge |
Specifies whether Data Safe should automatically purge the violation logs from the database after collecting the violation logs and persisting them in Data Safe. | string |
No | - | - |
Spec.unifiedAuditPolicyConfig¶
Back to SecurityPolicyConfig spec
SecurityPolicyConfigUnifiedAuditPolicyConfig defines nested fields for SecurityPolicyConfig.UnifiedAuditPolicyConfig.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
excludeDatasafeUser |
Specifies whether the Data Safe service account on the target database should be excluded in the unified audit policy. | string |
No | - | - |
Status¶
SecurityPolicyConfigStatus defines the observed state of SecurityPolicyConfig.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
compartmentId |
The OCID of the compartment containing the security policy configuration. | string |
No | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
description |
The description of the security policy configuration. | string |
No | - | - |
displayName |
The display name of the security policy configuration. | string |
No | - | - |
firewallConfig |
SecurityPolicyConfigFirewallConfig defines nested fields for SecurityPolicyConfig.FirewallConfig. | object |
No | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
id |
The OCID of the security policy configuration. | string |
No | - | - |
lifecycleDetails |
Details about the current state of the security policy configuration. | string |
No | - | - |
lifecycleState |
The current state of the security policy configuration. | string |
No | - | - |
securityPolicyId |
The OCID of the security policy corresponding to the security policy configuration. | string |
No | - | - |
status |
- | object |
Yes | - | - |
systemTags |
System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"orcl-cloud": {"free-tier-retained": "true"}} |
map[string, map[string, string]] |
No | - | - |
timeCreated |
The time the security policy configuration was created, in the format defined by RFC3339. | string |
No | - | - |
timeUpdated |
The date and time the security policy configuration was last updated, in the format defined by RFC3339. | string |
No | - | - |
unifiedAuditPolicyConfig |
SecurityPolicyConfigUnifiedAuditPolicyConfig defines nested fields for SecurityPolicyConfig.UnifiedAuditPolicyConfig. | object |
No | - | - |
Status.firewallConfig¶
Back to SecurityPolicyConfig status
SecurityPolicyConfigFirewallConfig defines nested fields for SecurityPolicyConfig.FirewallConfig.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
excludeJob |
Specifies whether the firewall should include or exclude the database internal job activities. | string |
No | - | - |
status |
Specifies whether the firewall is enabled or disabled. | string |
No | - | - |
violationLogAutoPurge |
Specifies whether Data Safe should automatically purge the violation logs from the database after collecting the violation logs and persisting them in Data Safe. | string |
No | - | - |
Status.status¶
Back to SecurityPolicyConfig status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. | object |
No | - | - |
conditions |
- | list[object] |
No | - | - |
createdAt |
- | string (date-time) |
No | - | - |
deletedAt |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
ocid |
- | string |
No | - | - |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. | string |
No | - | - |
reason |
- | string |
No | - | - |
requestedAt |
- | string (date-time) |
No | - | - |
updatedAt |
- | string (date-time) |
No | - | - |
Status.status.async¶
Back to SecurityPolicyConfig status
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
current |
- | object |
No | - | - |
Status.status.async.current¶
Back to SecurityPolicyConfig status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
message |
- | string |
No | - | - |
normalizedClass |
- | string |
Yes | - | attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- | number |
No | - | - |
phase |
- | string |
Yes | - | create, delete, update |
rawOperationType |
- | string |
No | - | - |
rawStatus |
- | string |
No | - | - |
source |
- | string |
Yes | - | lifecycle, none, workrequest |
updatedAt |
- | string (date-time) |
Yes | - | - |
workRequestId |
- | string |
No | - | - |
Status.status.conditions[]¶
Back to SecurityPolicyConfig status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
lastTransitionTime |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
reason |
- | string |
No | - | - |
status |
- | string |
Yes | - | - |
type |
- | string |
Yes | - | - |
Status.unifiedAuditPolicyConfig¶
Back to SecurityPolicyConfig status
SecurityPolicyConfigUnifiedAuditPolicyConfig defines nested fields for SecurityPolicyConfig.UnifiedAuditPolicyConfig.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
excludeDatasafeUser |
Specifies whether the Data Safe service account on the target database should be excluded in the unified audit policy. | string |
No | - | - |
SecurityPolicyDeployment¶
SecurityPolicyDeployment is the Schema for the securitypolicydeployments API.
Plural:securitypolicydeploymentsScope:NamespacedAPIVersion:datasafe.oracle.com/v1beta1Sample: Sample (config/samples/datasafe_v1beta1_securitypolicydeployment.yaml)Packages: Not currently exposed by a customer-visible package.
Spec¶
SecurityPolicyDeploymentSpec defines the desired state of SecurityPolicyDeployment.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
compartmentId |
The OCID of the compartment in which to create the unified audit policy. | string |
Yes | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
description |
The description of the security policy. | string |
No | - | - |
displayName |
The display name of the security policy deployment. The name does not have to be unique, and it is changeable. | string |
No | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
securityPolicyId |
The OCID of the security policy corresponding to the security policy deployment. | string |
Yes | - | - |
targetId |
The OCID of the target where the security policy is deployed. | string |
Yes | - | - |
targetType |
Indicates whether the security policy deployment is for a target database or a target database group. | string |
Yes | - | - |
Status¶
SecurityPolicyDeploymentStatus defines the observed state of SecurityPolicyDeployment.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
compartmentId |
The OCID of the compartment containing the security policy deployment. | string |
No | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
description |
The description of the security policy deployment. | string |
No | - | - |
displayName |
The display name of the security policy deployment. | string |
No | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
id |
The OCID of the security policy deployment. | string |
No | - | - |
lifecycleDetails |
Details about the current state of the security policy deployment in Data Safe. | string |
No | - | - |
lifecycleState |
The current state of the security policy deployment. | string |
No | - | - |
securityPolicyId |
The OCID of the security policy corresponding to the security policy deployment. | string |
No | - | - |
status |
- | object |
Yes | - | - |
systemTags |
System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"orcl-cloud": {"free-tier-retained": "true"}} |
map[string, map[string, string]] |
No | - | - |
targetId |
The OCID of the target/target group where the security policy is deployed. | string |
No | - | - |
targetType |
Indicates whether the security policy deployment is for a target database or a target database group. | string |
No | - | - |
timeCreated |
The time that the security policy deployment was created, in the format defined by RFC3339. | string |
No | - | - |
timeDeployed |
The last date and time the security policy was deployed, in the format defined by RFC3339. | string |
No | - | - |
timeUpdated |
The last date and time the security policy deployment was updated, in the format defined by RFC3339. | string |
No | - | - |
Status.status¶
Back to SecurityPolicyDeployment status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. | object |
No | - | - |
conditions |
- | list[object] |
No | - | - |
createdAt |
- | string (date-time) |
No | - | - |
deletedAt |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
ocid |
- | string |
No | - | - |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. | string |
No | - | - |
reason |
- | string |
No | - | - |
requestedAt |
- | string (date-time) |
No | - | - |
updatedAt |
- | string (date-time) |
No | - | - |
Status.status.async¶
Back to SecurityPolicyDeployment status
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
current |
- | object |
No | - | - |
Status.status.async.current¶
Back to SecurityPolicyDeployment status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
message |
- | string |
No | - | - |
normalizedClass |
- | string |
Yes | - | attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- | number |
No | - | - |
phase |
- | string |
Yes | - | create, delete, update |
rawOperationType |
- | string |
No | - | - |
rawStatus |
- | string |
No | - | - |
source |
- | string |
Yes | - | lifecycle, none, workrequest |
updatedAt |
- | string (date-time) |
Yes | - | - |
workRequestId |
- | string |
No | - | - |
Status.status.conditions[]¶
Back to SecurityPolicyDeployment status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
lastTransitionTime |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
reason |
- | string |
No | - | - |
status |
- | string |
Yes | - | - |
type |
- | string |
Yes | - | - |
SensitiveColumn¶
SensitiveColumn is the Schema for the sensitivecolumns API.
Plural:sensitivecolumnsScope:NamespacedAPIVersion:datasafe.oracle.com/v1beta1Sample: Sample (config/samples/datasafe_v1beta1_sensitivecolumn.yaml)Packages: Not currently exposed by a customer-visible package.
Spec¶
SensitiveColumnSpec defines the desired state of SensitiveColumn.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
appDefinedChildColumnKeys |
Unique keys identifying the columns that are application-level (non-dictionary) children of the sensitive column. This attribute can be used to establish relationship between columns in a sensitive data model. Note that the child columns must be added to the sensitive data model before their keys can be specified here. If this attribute is provided, the parentColumnKeys and relationType attributes of the child columns are automatically updated to reflect the relationship. | list[string] |
No | - | - |
appName |
The name of the application associated with the sensitive column. It's useful when the application name is different from the schema name. Otherwise, it can be ignored. If this attribute is not provided, it's automatically populated with the value provided for the schemaName attribute. | string |
No | - | - |
columnName |
The name of the sensitive column. | string |
Yes | - | - |
dataType |
The data type of the sensitive column. | string |
No | - | - |
dbDefinedChildColumnKeys |
Unique keys identifying the columns that are database-level (dictionary-defined) children of the sensitive column. This attribute can be used to establish relationship between columns in a sensitive data model. Note that the child columns must be added to the sensitive data model before their keys can be specified here. If this attribute is provided, the parentColumnKeys and relationType attributes of the child columns are automatically updated to reflect the relationship. | list[string] |
No | - | - |
objectName |
The database object that contains the sensitive column. | string |
Yes | - | - |
objectType |
The type of the database object that contains the sensitive column. | string |
No | - | - |
parentColumnKeys |
Unique keys identifying the columns that are parents of the sensitive column. At present, it accepts only one parent column key. This attribute can be used to establish relationship between columns in a sensitive data model. Note that the parent column must be added to the sensitive data model before its key can be specified here. If this attribute is provided, the appDefinedChildColumnKeys or dbDefinedChildColumnKeys attribute of the parent column is automatically updated to reflect the relationship. | list[string] |
No | - | - |
relationType |
The type of referential relationship the sensitive column has with its parent. NONE indicates that the sensitive column does not have a parent. DB_DEFINED indicates that the relationship is defined in the database dictionary. APP_DEFINED indicates that the relationship is defined at the application level and not in the database dictionary. | string |
No | - | - |
schemaName |
The database schema that contains the sensitive column. | string |
Yes | - | - |
sensitiveTypeId |
The OCID of the sensitive type to be associated with the sensitive column. | string |
No | - | - |
status |
The status of the sensitive column. VALID means the column is considered sensitive. INVALID means the column is not considered sensitive. Tracking invalid columns in a sensitive data model helps ensure that an incremental data discovery job does not identify these columns as sensitive. | string |
No | - | - |
Status¶
SensitiveColumnStatus defines the observed state of SensitiveColumn.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
appDefinedChildColumnKeys |
Unique keys identifying the columns that are application-level (non-dictionary) children of the sensitive column. | list[string] |
No | - | - |
appName |
The name of the application associated with the sensitive column. It's useful when the application name is different from the schema name. Otherwise, it can be ignored. | string |
No | - | - |
columnGroups |
The composite key groups to which the sensitive column belongs. If the column is part of a composite key, it's assigned a column group. It helps identify and manage referential relationships that involve composite keys. | list[string] |
No | - | - |
columnName |
The name of the sensitive column. | string |
No | - | - |
confidenceLevel |
The confidence level of the sensitive column associated with the sensitive type. The confidence level of the discovered sensitive columns can be either HIGH, MEDIUM or LOW. The confidence level will be NONE for manually added sensitive columns. | string |
No | - | - |
confidenceLevelDetails |
List containing maps as values. Example: {"Operations": [ {"CostCenter": "42"} ] } |
list[object (preserves unknown fields)] |
No | - | - |
dataType |
The data type of the sensitive column. | string |
No | - | - |
dbDefinedChildColumnKeys |
Unique keys identifying the columns that are database-level (dictionary-defined) children of the sensitive column. | list[string] |
No | - | - |
estimatedDataValueCount |
The estimated number of data values the column has in the associated database. | integer (int64) |
No | - | - |
key |
The unique key that identifies the sensitive column. It's numeric and unique within a sensitive data model. | string |
No | - | - |
lifecycleDetails |
Details about the current state of the sensitive column. | string |
No | - | - |
lifecycleState |
The current state of the sensitive column. | string |
No | - | - |
objectName |
The database object that contains the sensitive column. | string |
No | - | - |
objectType |
The type of the database object that contains the sensitive column. | string |
No | - | - |
parentColumnKeys |
Unique keys identifying the columns that are parents of the sensitive column. At present, it tracks a single parent only. | list[string] |
No | - | - |
relationType |
The type of referential relationship the sensitive column has with its parent. NONE indicates that the sensitive column does not have a parent. DB_DEFINED indicates that the relationship is defined in the database dictionary. APP_DEFINED indicates that the relationship is defined at the application level and not in the database dictionary. | string |
No | - | - |
sampleDataValues |
Original data values collected for the sensitive column from the associated database. Sample data helps review the column and ensure that it actually contains sensitive data. Note that sample data is retrieved by a data discovery job only if the isSampleDataCollectionEnabled attribute is set to true. At present, only one data value is collected per sensitive column. | list[string] |
No | - | - |
schemaName |
The database schema that contains the sensitive column. | string |
No | - | - |
sdkStatus |
The status of the sensitive column. VALID means the column is considered sensitive. INVALID means the column is not considered sensitive. Tracking invalid columns in a sensitive data model helps ensure that an incremental data discovery job does not identify these columns as sensitive again. This uses a distinct JSON name so it can coexist with the OSOK status envelope. | string |
No | - | - |
sensitiveDataModelId |
The OCID of the sensitive data model that contains the sensitive column. | string |
No | - | - |
sensitiveTypeId |
The OCID of the sensitive type associated with the sensitive column. | string |
No | - | - |
source |
The source of the sensitive column. DISCOVERY indicates that the column was added to the sensitive data model using a data discovery job. MANUAL indicates that the column was added manually. | string |
No | - | - |
status |
- | object |
Yes | - | - |
timeCreated |
The date and time, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339), the sensitive column was created in the sensitive data model. | string |
No | - | - |
timeUpdated |
The date and time, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339), the sensitive column was last updated in the sensitive data model. | string |
No | - | - |
Status.status¶
Back to SensitiveColumn status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. | object |
No | - | - |
conditions |
- | list[object] |
No | - | - |
createdAt |
- | string (date-time) |
No | - | - |
deletedAt |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
ocid |
- | string |
No | - | - |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. | string |
No | - | - |
reason |
- | string |
No | - | - |
requestedAt |
- | string (date-time) |
No | - | - |
updatedAt |
- | string (date-time) |
No | - | - |
Status.status.async¶
Back to SensitiveColumn status
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
current |
- | object |
No | - | - |
Status.status.async.current¶
Back to SensitiveColumn status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
message |
- | string |
No | - | - |
normalizedClass |
- | string |
Yes | - | attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- | number |
No | - | - |
phase |
- | string |
Yes | - | create, delete, update |
rawOperationType |
- | string |
No | - | - |
rawStatus |
- | string |
No | - | - |
source |
- | string |
Yes | - | lifecycle, none, workrequest |
updatedAt |
- | string (date-time) |
Yes | - | - |
workRequestId |
- | string |
No | - | - |
Status.status.conditions[]¶
Back to SensitiveColumn status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
lastTransitionTime |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
reason |
- | string |
No | - | - |
status |
- | string |
Yes | - | - |
type |
- | string |
Yes | - | - |
SensitiveDataModel¶
SensitiveDataModel is the Schema for the sensitivedatamodels API.
Plural:sensitivedatamodelsScope:NamespacedAPIVersion:datasafe.oracle.com/v1beta1Sample: Sample (config/samples/datasafe_v1beta1_sensitivedatamodel.yaml)Packages: Not currently exposed by a customer-visible package.
Spec¶
SensitiveDataModelSpec defines the desired state of SensitiveDataModel.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
appSuiteName |
The application suite name identifying a collection of applications. It's useful only if maintaining a sensitive data model for a suite of applications. | string |
No | - | - |
compartmentId |
The OCID of the compartment where the sensitive data model should be created. | string |
Yes | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
description |
The description of the sensitive data model. | string |
No | - | - |
displayName |
The display name of the sensitive data model. The name does not have to be unique, and it's changeable. | string |
No | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
isAppDefinedRelationDiscoveryEnabled |
Indicates if data discovery jobs should identify potential application-level (non-dictionary) referential relationships between columns. Note that data discovery automatically identifies and adds database-level (dictionary-defined) relationships. This option helps identify application-level relationships that are not defined in the database dictionary, which in turn, helps identify additional sensitive columns and preserve referential integrity during data masking. It's disabled by default and should be used only if there is a need to identify application-level relationships. | boolean |
No | - | - |
isIncludeAllSchemas |
Indicates if all the schemas in the associated target database should be scanned by data discovery jobs. If it is set to true, sensitive data is discovered in all schemas (except for schemas maintained by Oracle). | boolean |
No | - | - |
isIncludeAllSensitiveTypes |
Indicates if all the existing sensitive types should be used by data discovery jobs. If it's set to true, the sensitiveTypeIdsForDiscovery attribute is ignored and all sensitive types are used for data discovery. | boolean |
No | - | - |
isSampleDataCollectionEnabled |
Indicates if data discovery jobs should collect and store sample data values for the discovered columns. Sample data helps review the discovered columns and ensure that they actually contain sensitive data. As it collects original data from the target database, it's disabled by default and should be used only if it's acceptable to store sample data in Data Safe's repository in Oracle Cloud. Note that sample data values are not collected for columns with the following data types: LONG, LOB, RAW, XMLTYPE and BFILE. | boolean |
No | - | - |
schemasForDiscovery |
The schemas to be scanned by data discovery jobs. | list[string] |
No | - | - |
sensitiveTypeGroupIdsForDiscovery |
The OCIDs of the sensitive type groups to be used by data discovery jobs. All the sensitive types present in sensitive type group will be used for discovery. | list[string] |
No | - | - |
sensitiveTypeIdsForDiscovery |
The OCIDs of the sensitive types to be used by data discovery jobs. If OCID of a sensitive category is provided, all its child sensitive types are used for data discovery. | list[string] |
No | - | - |
tablesForDiscovery |
The data discovery jobs will scan the tables specified here, including both schemas and tables. For instance, the input could be in the format: [{schemaName: "HR", tableName: ["T1", "T2"]}, {schemaName: "OE", tableName : ["T3", "T4"]}]. | list[object] |
No | - | - |
targetId |
The OCID of the reference target database to be associated with the sensitive data model. All operations such as performing data discovery and adding columns manually are done in the context of the associated target database. | string |
Yes | - | - |
Spec.tablesForDiscovery[]¶
Back to SensitiveDataModel spec
SensitiveDataModelTablesForDiscovery defines nested fields for SensitiveDataModel.TablesForDiscovery.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
schemaName |
This contains the name of the schema. | string |
Yes | - | - |
tableNames |
This contains an optional list of the table names. | list[string] |
No | - | - |
Status¶
SensitiveDataModelStatus defines the observed state of SensitiveDataModel.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
appSuiteName |
The application suite name identifying a collection of applications. The default value is GENERIC. It's useful only if maintaining a sensitive data model for a suite of applications. | string |
No | - | - |
compartmentId |
The OCID of the compartment that contains the sensitive data model. | string |
No | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
description |
The description of the sensitive data model. | string |
No | - | - |
displayName |
The display name of the sensitive data model. | string |
No | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
id |
The OCID of the sensitive data model. | string |
No | - | - |
isAppDefinedRelationDiscoveryEnabled |
Indicates if data discovery jobs should identify potential application-level (non-dictionary) referential relationships between columns. Note that data discovery automatically identifies and adds database-level (dictionary-defined) relationships. This option helps identify application-level relationships that are not defined in the database dictionary, which in turn, helps identify additional sensitive columns and preserve referential integrity during data masking. It's disabled by default and should be used only if there is a need to identify application-level relationships. | boolean |
No | - | - |
isIncludeAllSchemas |
Indicates if all the schemas in the associated target database should be scanned by data discovery jobs. If it is set to true, sensitive data is discovered in all schemas (except for schemas maintained by Oracle). | boolean |
No | - | - |
isIncludeAllSensitiveTypes |
Indicates if all the existing sensitive types should be used by data discovery jobs.If it's set to true, the sensitiveTypeIdsForDiscovery attribute is ignored and all sensitive types are used for data discovery. | boolean |
No | - | - |
isSampleDataCollectionEnabled |
Indicates if data discovery jobs should collect and store sample data values for the discovered columns. Sample data helps review the discovered columns and ensure that they actually contain sensitive data. As it collects original data from the target database, it's disabled by default and should be used only if it's acceptable to store sample data in Data Safe's repository in Oracle Cloud. Note that sample data values are not collected for columns with the following data types: LONG, LOB, RAW, XMLTYPE and BFILE. | boolean |
No | - | - |
lifecycleState |
The current state of the sensitive data model. | string |
No | - | - |
schemasForDiscovery |
The schemas to be scanned by data discovery jobs. | list[string] |
No | - | - |
sensitiveTypeGroupIdsForDiscovery |
The OCIDs of the sensitive type groups to be used by data discovery jobs. | list[string] |
No | - | - |
sensitiveTypeIdsForDiscovery |
The OCIDs of the sensitive types to be used by data discovery jobs. | list[string] |
No | - | - |
status |
- | object |
Yes | - | - |
systemTags |
System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"orcl-cloud": {"free-tier-retained": "true"}} |
map[string, map[string, string]] |
No | - | - |
tablesForDiscovery |
The data discovery jobs will scan the tables specified here, including both schemas and tables. For instance, the input could be in the format: [{schemaName: "HR", tableName: ["T1", "T2"]}, {schemaName: "OE", tableName : ["T3", "T4"]}]. | list[object] |
No | - | - |
targetId |
The OCID of the reference target database associated with the sensitive data model. All operations such as performing data discovery and adding columns manually are done in the context of the associated target database. | string |
No | - | - |
timeCreated |
The date and time the sensitive data model was created, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). | string |
No | - | - |
timeUpdated |
The date and time the sensitive data model was last updated, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). | string |
No | - | - |
Status.status¶
Back to SensitiveDataModel status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. | object |
No | - | - |
conditions |
- | list[object] |
No | - | - |
createdAt |
- | string (date-time) |
No | - | - |
deletedAt |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
ocid |
- | string |
No | - | - |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. | string |
No | - | - |
reason |
- | string |
No | - | - |
requestedAt |
- | string (date-time) |
No | - | - |
updatedAt |
- | string (date-time) |
No | - | - |
Status.status.async¶
Back to SensitiveDataModel status
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
current |
- | object |
No | - | - |
Status.status.async.current¶
Back to SensitiveDataModel status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
message |
- | string |
No | - | - |
normalizedClass |
- | string |
Yes | - | attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- | number |
No | - | - |
phase |
- | string |
Yes | - | create, delete, update |
rawOperationType |
- | string |
No | - | - |
rawStatus |
- | string |
No | - | - |
source |
- | string |
Yes | - | lifecycle, none, workrequest |
updatedAt |
- | string (date-time) |
Yes | - | - |
workRequestId |
- | string |
No | - | - |
Status.status.conditions[]¶
Back to SensitiveDataModel status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
lastTransitionTime |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
reason |
- | string |
No | - | - |
status |
- | string |
Yes | - | - |
type |
- | string |
Yes | - | - |
Status.tablesForDiscovery[]¶
Back to SensitiveDataModel status
SensitiveDataModelTablesForDiscovery defines nested fields for SensitiveDataModel.TablesForDiscovery.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
schemaName |
This contains the name of the schema. | string |
Yes | - | - |
tableNames |
This contains an optional list of the table names. | list[string] |
No | - | - |
SensitiveType¶
SensitiveType is the Schema for the sensitivetypes API.
Plural:sensitivetypesScope:NamespacedAPIVersion:datasafe.oracle.com/v1beta1Sample: Sample (config/samples/datasafe_v1beta1_sensitivetype.yaml)Packages: Not currently exposed by a customer-visible package.
Spec¶
SensitiveTypeSpec defines the desired state of SensitiveType.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
commentPattern |
A regular expression to be used by data discovery for matching column comments. | string |
No | - | - |
compartmentId |
The OCID of the compartment where the sensitive type should be created. | string |
Yes | - | - |
dataPattern |
A regular expression to be used by data discovery for matching column data values. | string |
No | - | - |
defaultMaskingFormatId |
The OCID of the library masking format that should be used to mask the sensitive columns associated with the sensitive type. | string |
No | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
description |
The description of the sensitive type. | string |
No | - | - |
displayName |
The display name of the sensitive type. The name does not have to be unique, and it's changeable. | string |
No | - | - |
entityType |
- | string |
No | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
jsonData |
- | string |
No | - | - |
namePattern |
A regular expression to be used by data discovery for matching column names. | string |
No | - | - |
parentCategoryId |
The OCID of the parent sensitive category. | string |
No | - | - |
searchType |
The search type indicating how the column name, comment and data patterns should be used by data discovery. Learn more (https://docs.oracle.com/en/cloud/paas/data-safe/udscs/sensitive-types.html#GUID-1D1AD98E-B93F-4FF2-80AE-CB7D8A14F6CC). | string |
No | - | - |
shortName |
The short name of the sensitive type. | string |
No | - | - |
Status¶
SensitiveTypeStatus defines the observed state of SensitiveType.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
commentPattern |
A regular expression to be used by data discovery for matching column comments. | string |
No | - | - |
compartmentId |
The OCID of the compartment that contains the sensitive type. | string |
No | - | - |
dataPattern |
A regular expression to be used by data discovery for matching column data values. | string |
No | - | - |
defaultMaskingFormatId |
The OCID of the library masking format that should be used to mask the sensitive columns associated with the sensitive type. | string |
No | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
description |
The description of the sensitive type. | string |
No | - | - |
displayName |
The display name of the sensitive type. | string |
No | - | - |
entityType |
- | string |
No | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
id |
The OCID of the sensitive type. | string |
No | - | - |
isCommon |
Specifies whether the sensitive type is common. Common sensitive types belong to library sensitive types which are frequently used to perform sensitive data discovery. | boolean |
No | - | - |
jsonData |
- | string |
No | - | - |
lifecycleState |
The current state of the sensitive type. | string |
No | - | - |
namePattern |
A regular expression to be used by data discovery for matching column names. | string |
No | - | - |
parentCategoryId |
The OCID of the parent sensitive category. | string |
No | - | - |
searchType |
The search type indicating how the column name, comment and data patterns should be used by data discovery. Learn more (https://docs.oracle.com/en/cloud/paas/data-safe/udscs/sensitive-types.html#GUID-1D1AD98E-B93F-4FF2-80AE-CB7D8A14F6CC). | string |
No | - | - |
shortName |
The short name of the sensitive type. | string |
No | - | - |
source |
Specifies whether the sensitive type is user-defined or predefined. | string |
No | - | - |
status |
- | object |
Yes | - | - |
systemTags |
System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"orcl-cloud": {"free-tier-retained": "true"}} |
map[string, map[string, string]] |
No | - | - |
timeCreated |
The date and time the sensitive type was created, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). | string |
No | - | - |
timeUpdated |
The date and time the sensitive type was last updated, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). | string |
No | - | - |
Status.status¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. | object |
No | - | - |
conditions |
- | list[object] |
No | - | - |
createdAt |
- | string (date-time) |
No | - | - |
deletedAt |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
ocid |
- | string |
No | - | - |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. | string |
No | - | - |
reason |
- | string |
No | - | - |
requestedAt |
- | string (date-time) |
No | - | - |
updatedAt |
- | string (date-time) |
No | - | - |
Status.status.async¶
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
current |
- | object |
No | - | - |
Status.status.async.current¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
message |
- | string |
No | - | - |
normalizedClass |
- | string |
Yes | - | attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- | number |
No | - | - |
phase |
- | string |
Yes | - | create, delete, update |
rawOperationType |
- | string |
No | - | - |
rawStatus |
- | string |
No | - | - |
source |
- | string |
Yes | - | lifecycle, none, workrequest |
updatedAt |
- | string (date-time) |
Yes | - | - |
workRequestId |
- | string |
No | - | - |
Status.status.conditions[]¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
lastTransitionTime |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
reason |
- | string |
No | - | - |
status |
- | string |
Yes | - | - |
type |
- | string |
Yes | - | - |
SensitiveTypeGroup¶
SensitiveTypeGroup is the Schema for the sensitivetypegroups API.
Plural:sensitivetypegroupsScope:NamespacedAPIVersion:datasafe.oracle.com/v1beta1Sample: Sample (config/samples/datasafe_v1beta1_sensitivetypegroup.yaml)Packages: Not currently exposed by a customer-visible package.
Spec¶
SensitiveTypeGroupSpec defines the desired state of SensitiveTypeGroup.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
compartmentId |
The OCID of the compartment where the sensitive type group should be created. | string |
Yes | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
description |
The description of the sensitive type group. | string |
No | - | - |
displayName |
The display name of the sensitive type group. The name does not have to be unique. | string |
No | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
Status¶
SensitiveTypeGroupStatus defines the observed state of SensitiveTypeGroup.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
compartmentId |
The OCID of the compartment that contains the sensitive type group. | string |
No | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
description |
The description of the sensitive type group. | string |
No | - | - |
displayName |
The display name of the sensitive type group. | string |
No | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
id |
The OCID of the sensitive type group. | string |
No | - | - |
lifecycleState |
The current state of the sensitive type group. | string |
No | - | - |
sensitiveTypeCount |
The number of sensitive types in the specified sensitive type group. | integer |
No | - | - |
status |
- | object |
Yes | - | - |
systemTags |
System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"orcl-cloud": {"free-tier-retained": "true"}} |
map[string, map[string, string]] |
No | - | - |
timeCreated |
The date and time the sensitive type group was created, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). | string |
No | - | - |
timeUpdated |
The date and time the sensitive type group was last updated, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). | string |
No | - | - |
Status.status¶
Back to SensitiveTypeGroup status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. | object |
No | - | - |
conditions |
- | list[object] |
No | - | - |
createdAt |
- | string (date-time) |
No | - | - |
deletedAt |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
ocid |
- | string |
No | - | - |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. | string |
No | - | - |
reason |
- | string |
No | - | - |
requestedAt |
- | string (date-time) |
No | - | - |
updatedAt |
- | string (date-time) |
No | - | - |
Status.status.async¶
Back to SensitiveTypeGroup status
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
current |
- | object |
No | - | - |
Status.status.async.current¶
Back to SensitiveTypeGroup status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
message |
- | string |
No | - | - |
normalizedClass |
- | string |
Yes | - | attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- | number |
No | - | - |
phase |
- | string |
Yes | - | create, delete, update |
rawOperationType |
- | string |
No | - | - |
rawStatus |
- | string |
No | - | - |
source |
- | string |
Yes | - | lifecycle, none, workrequest |
updatedAt |
- | string (date-time) |
Yes | - | - |
workRequestId |
- | string |
No | - | - |
Status.status.conditions[]¶
Back to SensitiveTypeGroup status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
lastTransitionTime |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
reason |
- | string |
No | - | - |
status |
- | string |
Yes | - | - |
type |
- | string |
Yes | - | - |
SensitiveTypesExport¶
SensitiveTypesExport is the Schema for the sensitivetypesexports API.
Plural:sensitivetypesexportsScope:NamespacedAPIVersion:datasafe.oracle.com/v1beta1Sample: Sample (config/samples/datasafe_v1beta1_sensitivetypesexport.yaml)Packages: Not currently exposed by a customer-visible package.
Spec¶
SensitiveTypesExportSpec defines the desired state of SensitiveTypesExport.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
compartmentId |
The OCID of the compartment where the sensitive types export should be created. | string |
Yes | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
description |
The description of the sensitive types export. | string |
No | - | - |
displayName |
The display name of the sensitive types export. The name does not have to be unique, and it's changeable. | string |
No | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
isIncludeAllSensitiveTypes |
Indicates if all the existing user-defined sensitive types are used for export. If it's set to true, the sensitiveTypeIdsForExport attribute is ignored and all user-defined sensitive types are used. | boolean |
No | - | - |
sensitiveTypeIdsForExport |
The OCIDs of the sensitive types used to create sensitive types export. | list[string] |
No | - | - |
Status¶
SensitiveTypesExportStatus defines the observed state of SensitiveTypesExport.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
compartmentId |
The OCID of the compartment that contains the sensitive types export. | string |
No | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
description |
The description of the sensitive types export. | string |
No | - | - |
displayName |
The display name of the sensitive types export. | string |
No | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
id |
The OCID of the sensitive types export. | string |
No | - | - |
isIncludeAllSensitiveTypes |
Indicates if all the existing user-defined sensitive types are used for export. If it's set to true, the sensitiveTypeIdsForExport attribute is ignored and all user-defined sensitive types are exported. | boolean |
No | - | - |
lifecycleState |
The current state of the sensitive types export. | string |
No | - | - |
sensitiveTypeIdsForExport |
The OCIDs of the sensitive types used to create sensitive types export. | list[string] |
No | - | - |
status |
- | object |
Yes | - | - |
systemTags |
System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"orcl-cloud": {"free-tier-retained": "true"}} |
map[string, map[string, string]] |
No | - | - |
timeCreated |
The date and time the sensitive types export was created, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). | string |
No | - | - |
timeUpdated |
The date and time the sensitive types export was last updated, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). | string |
No | - | - |
Status.status¶
Back to SensitiveTypesExport status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. | object |
No | - | - |
conditions |
- | list[object] |
No | - | - |
createdAt |
- | string (date-time) |
No | - | - |
deletedAt |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
ocid |
- | string |
No | - | - |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. | string |
No | - | - |
reason |
- | string |
No | - | - |
requestedAt |
- | string (date-time) |
No | - | - |
updatedAt |
- | string (date-time) |
No | - | - |
Status.status.async¶
Back to SensitiveTypesExport status
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
current |
- | object |
No | - | - |
Status.status.async.current¶
Back to SensitiveTypesExport status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
message |
- | string |
No | - | - |
normalizedClass |
- | string |
Yes | - | attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- | number |
No | - | - |
phase |
- | string |
Yes | - | create, delete, update |
rawOperationType |
- | string |
No | - | - |
rawStatus |
- | string |
No | - | - |
source |
- | string |
Yes | - | lifecycle, none, workrequest |
updatedAt |
- | string (date-time) |
Yes | - | - |
workRequestId |
- | string |
No | - | - |
Status.status.conditions[]¶
Back to SensitiveTypesExport status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
lastTransitionTime |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
reason |
- | string |
No | - | - |
status |
- | string |
Yes | - | - |
type |
- | string |
Yes | - | - |
SqlCollection¶
SqlCollection is the Schema for the sqlcollections API.
Plural:sqlcollectionsScope:NamespacedAPIVersion:datasafe.oracle.com/v1beta1Sample: Sample (config/samples/datasafe_v1beta1_sqlcollection.yaml)Packages: Not currently exposed by a customer-visible package.
Spec¶
SqlCollectionSpec defines the desired state of SqlCollection.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
compartmentId |
The OCID of the compartment containing the SQL collection. | string |
Yes | - | - |
dbUserName |
The database user name. | string |
Yes | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
description |
The description of the SQL collection. | string |
No | - | - |
displayName |
The display name of the SQL collection. The name does not have to be unique, and it is changeable. | string |
No | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
sqlLevel |
Specifies the level of SQL that will be collected. USER_ISSUED_SQL - User issued SQL statements only. ALL_SQL - Includes all SQL statements including SQL statement issued inside PL/SQL units. | string |
No | - | - |
status |
Specifies if the SqlCollection has to be started after creation. Enabled indicates that the SqlCollection will be started after creation. | string |
No | - | - |
targetId |
The OCID of the target corresponding to the security policy deployment. | string |
Yes | - | - |
Status¶
SqlCollectionStatus defines the observed state of SqlCollection.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
compartmentId |
The OCID of the compartment containing the SQL collection. | string |
No | - | - |
dbUserName |
The database user name. | string |
No | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
description |
The description of the SQL collection. | string |
No | - | - |
displayName |
The display name of the SQL collection. | string |
No | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
id |
The OCID of the SQL collection. | string |
No | - | - |
lifecycleDetails |
Details about the current state of the SQL collection in Data Safe. | string |
No | - | - |
lifecycleState |
The current state of the SQL collection. | string |
No | - | - |
sdkStatus |
Specifies if the status of the SqlCollection. Enabled indicates that the collecting is in progress. This uses a distinct JSON name so it can coexist with the OSOK status envelope. | string |
No | - | - |
sqlLevel |
Specifies the level of SQL that will be collected. USER_ISSUED_SQL - User issued SQL statements only. ALL_SQL - Includes all SQL statements including SQL statement issued inside PL/SQL units. | string |
No | - | - |
status |
- | object |
Yes | - | - |
systemTags |
System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"orcl-cloud": {"free-tier-retained": "true"}} |
map[string, map[string, string]] |
No | - | - |
targetId |
The OCID of the target corresponding to the security policy deployment. | string |
No | - | - |
timeCreated |
The time that the SQL collection was created, in the format defined by RFC3339. | string |
No | - | - |
timeLastStarted |
The timestamp of the most recent SqlCollection start operation, in the format defined by RFC3339. | string |
No | - | - |
timeLastStopped |
The timestamp of the most recent SqlCollection stop operation, in the format defined by RFC3339. | string |
No | - | - |
timeUpdated |
The last date and time the SQL collection was updated, in the format defined by RFC3339. | string |
No | - | - |
Status.status¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. | object |
No | - | - |
conditions |
- | list[object] |
No | - | - |
createdAt |
- | string (date-time) |
No | - | - |
deletedAt |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
ocid |
- | string |
No | - | - |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. | string |
No | - | - |
reason |
- | string |
No | - | - |
requestedAt |
- | string (date-time) |
No | - | - |
updatedAt |
- | string (date-time) |
No | - | - |
Status.status.async¶
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
current |
- | object |
No | - | - |
Status.status.async.current¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
message |
- | string |
No | - | - |
normalizedClass |
- | string |
Yes | - | attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- | number |
No | - | - |
phase |
- | string |
Yes | - | create, delete, update |
rawOperationType |
- | string |
No | - | - |
rawStatus |
- | string |
No | - | - |
source |
- | string |
Yes | - | lifecycle, none, workrequest |
updatedAt |
- | string (date-time) |
Yes | - | - |
workRequestId |
- | string |
No | - | - |
Status.status.conditions[]¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
lastTransitionTime |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
reason |
- | string |
No | - | - |
status |
- | string |
Yes | - | - |
type |
- | string |
Yes | - | - |
TargetAlertPolicyAssociation¶
TargetAlertPolicyAssociation is the Schema for the targetalertpolicyassociations API.
Plural:targetalertpolicyassociationsScope:NamespacedAPIVersion:datasafe.oracle.com/v1beta1Sample: Sample (config/samples/datasafe_v1beta1_targetalertpolicyassociation.yaml)Packages: Not currently exposed by a customer-visible package.
Spec¶
TargetAlertPolicyAssociationSpec defines the desired state of TargetAlertPolicyAssociation.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
compartmentId |
The OCID of the compartment where the target-alert policy association is created. | string |
Yes | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
description |
Describes the target-alert policy association. | string |
No | - | - |
displayName |
The display name of the target-alert policy association. | string |
No | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
isEnabled |
Indicates if the target-alert policy association is enabled or disabled by user. | boolean |
Yes | - | - |
policyId |
The OCID of the alert policy. | string |
Yes | - | - |
targetId |
The OCID of the target. | string |
Yes | - | - |
Status¶
TargetAlertPolicyAssociationStatus defines the observed state of TargetAlertPolicyAssociation.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
compartmentId |
The OCID of the compartment that contains the policy. | string |
No | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
description |
Describes the target-alert policy association. | string |
No | - | - |
displayName |
The display name of the target-alert policy association. | string |
No | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
id |
The OCID of the target-alert policy association. | string |
No | - | - |
isEnabled |
Indicates if the target-alert policy association is enabled or disabled by user. | boolean |
No | - | - |
lifecycleDetails |
Details about the current state of the target-alert policy association. | string |
No | - | - |
lifecycleState |
The current state of the target-alert policy association. | string |
No | - | - |
policyId |
The OCID of the alert policy. | string |
No | - | - |
status |
- | object |
Yes | - | - |
systemTags |
System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"orcl-cloud": {"free-tier-retained": "true"}} |
map[string, map[string, string]] |
No | - | - |
targetId |
The OCID of the target on which alert policy is to be applied. | string |
No | - | - |
timeCreated |
Creation date and time of the alert policy, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). | string |
No | - | - |
timeUpdated |
Last date and time the alert policy was updated, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). | string |
No | - | - |
Status.status¶
Back to TargetAlertPolicyAssociation status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. | object |
No | - | - |
conditions |
- | list[object] |
No | - | - |
createdAt |
- | string (date-time) |
No | - | - |
deletedAt |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
ocid |
- | string |
No | - | - |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. | string |
No | - | - |
reason |
- | string |
No | - | - |
requestedAt |
- | string (date-time) |
No | - | - |
updatedAt |
- | string (date-time) |
No | - | - |
Status.status.async¶
Back to TargetAlertPolicyAssociation status
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
current |
- | object |
No | - | - |
Status.status.async.current¶
Back to TargetAlertPolicyAssociation status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
message |
- | string |
No | - | - |
normalizedClass |
- | string |
Yes | - | attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- | number |
No | - | - |
phase |
- | string |
Yes | - | create, delete, update |
rawOperationType |
- | string |
No | - | - |
rawStatus |
- | string |
No | - | - |
source |
- | string |
Yes | - | lifecycle, none, workrequest |
updatedAt |
- | string (date-time) |
Yes | - | - |
workRequestId |
- | string |
No | - | - |
Status.status.conditions[]¶
Back to TargetAlertPolicyAssociation status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
lastTransitionTime |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
reason |
- | string |
No | - | - |
status |
- | string |
Yes | - | - |
type |
- | string |
Yes | - | - |
TargetDatabase¶
TargetDatabase is the Schema for the targetdatabases API.
Plural:targetdatabasesScope:NamespacedAPIVersion:datasafe.oracle.com/v1beta1Sample: Sample (config/samples/datasafe_v1beta1_targetdatabase.yaml)Packages: Not currently exposed by a customer-visible package.
Spec¶
TargetDatabaseSpec defines the desired state of TargetDatabase.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
compartmentId |
The OCID of the compartment in which to create the Data Safe target database. | string |
Yes | - | - |
connectionOption |
TargetDatabaseConnectionOption defines nested fields for TargetDatabase.ConnectionOption. | object |
No | - | - |
credentials |
TargetDatabaseCredentials defines nested fields for TargetDatabase.Credentials. | object |
No | - | - |
databaseDetails |
TargetDatabaseDatabaseDetails defines nested fields for TargetDatabase.DatabaseDetails. | object |
Yes | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
description |
The description of the target database in Data Safe. | string |
No | - | - |
displayName |
The display name of the target database in Data Safe. The name is modifiable and does not need to be unique. | string |
No | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
peerTargetDatabaseDetails |
The details of the database to be registered as a peer target database. | list[object] |
No | - | - |
tlsConfig |
TargetDatabaseTlsConfig defines nested fields for TargetDatabase.TlsConfig. | object |
No | - | - |
Spec.connectionOption¶
TargetDatabaseConnectionOption defines nested fields for TargetDatabase.ConnectionOption.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
connectionType |
- | string |
No | - | - |
datasafePrivateEndpointId |
The OCID of the Data Safe private endpoint. | string |
No | - | - |
jsonData |
- | string |
No | - | - |
onPremConnectorId |
The OCID of the on-premises connector. | string |
No | - | - |
Spec.credentials¶
TargetDatabaseCredentials defines nested fields for TargetDatabase.Credentials.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
password |
The password of the database user. | string |
Yes | - | - |
userName |
The database user name. | string |
Yes | - | - |
Spec.databaseDetails¶
TargetDatabaseDatabaseDetails defines nested fields for TargetDatabase.DatabaseDetails.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
autonomousDatabaseId |
The OCID of the Autonomous Database registered as a target database in Data Safe. | string |
No | - | - |
databaseType |
- | string |
No | - | - |
dbSystemId |
The OCID of the cloud database registered as a target database in Data Safe. | string |
No | - | - |
infrastructureType |
The infrastructure type the database is running on. | string |
Yes | - | - |
instanceId |
The OCID of the compute instance on which the database is running. | string |
No | - | - |
ipAddresses |
The list of database host IP Addresses. Fully qualified domain names can be used if connectionType is 'ONPREM_CONNECTOR'. | list[string] |
No | - | - |
jsonData |
- | string |
No | - | - |
listenerPort |
The port number of the database listener. | integer |
No | - | - |
pluggableDatabaseId |
The OCID of the pluggable database registered as a target database in Data Safe. | string |
No | - | - |
serviceName |
The service name of the database registered as target database. | string |
No | - | - |
vmClusterId |
The OCID of the VM cluster in which the database is running. | string |
No | - | - |
Spec.peerTargetDatabaseDetails[]¶
TargetDatabasePeerTargetDatabaseDetail defines nested fields for TargetDatabase.PeerTargetDatabaseDetail.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
databaseDetails |
TargetDatabasePeerTargetDatabaseDetailDatabaseDetails defines nested fields for TargetDatabase.PeerTargetDatabaseDetail.DatabaseDetails. | object |
Yes | - | - |
dataguardAssociationId |
The OCID of the Data Guard Association resource in which the database being registered is considered as peer database to the primary database. | string |
No | - | - |
description |
The description of the peer target database in Data Safe. | string |
No | - | - |
displayName |
The display name of the peer target database in Data Safe. The name is modifiable and does not need to be unique. | string |
No | - | - |
tlsConfig |
TargetDatabasePeerTargetDatabaseDetailTlsConfig defines nested fields for TargetDatabase.PeerTargetDatabaseDetail.TlsConfig. | object |
No | - | - |
Spec.peerTargetDatabaseDetails[].databaseDetails¶
TargetDatabasePeerTargetDatabaseDetailDatabaseDetails defines nested fields for TargetDatabase.PeerTargetDatabaseDetail.DatabaseDetails.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
autonomousDatabaseId |
The OCID of the Autonomous Database registered as a target database in Data Safe. | string |
No | - | - |
databaseType |
- | string |
No | - | - |
dbSystemId |
The OCID of the cloud database registered as a target database in Data Safe. | string |
No | - | - |
infrastructureType |
The infrastructure type the database is running on. | string |
Yes | - | - |
instanceId |
The OCID of the compute instance on which the database is running. | string |
No | - | - |
ipAddresses |
The list of database host IP Addresses. Fully qualified domain names can be used if connectionType is 'ONPREM_CONNECTOR'. | list[string] |
No | - | - |
jsonData |
- | string |
No | - | - |
listenerPort |
The port number of the database listener. | integer |
No | - | - |
pluggableDatabaseId |
The OCID of the pluggable database registered as a target database in Data Safe. | string |
No | - | - |
serviceName |
The service name of the database registered as target database. | string |
No | - | - |
vmClusterId |
The OCID of the VM cluster in which the database is running. | string |
No | - | - |
Spec.peerTargetDatabaseDetails[].tlsConfig¶
TargetDatabasePeerTargetDatabaseDetailTlsConfig defines nested fields for TargetDatabase.PeerTargetDatabaseDetail.TlsConfig.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
certificateStoreType |
The format of the certificate store. | string |
No | - | - |
keyStoreContent |
Base64 encoded string of key store file content. | string |
No | - | - |
status |
Status to represent whether the database connection is TLS enabled or not. | string |
Yes | - | - |
storePassword |
The password to read the trust store and key store files, if they are password protected. | string |
No | - | - |
trustStoreContent |
Base64 encoded string of trust store file content. | string |
No | - | - |
Spec.tlsConfig¶
TargetDatabaseTlsConfig defines nested fields for TargetDatabase.TlsConfig.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
certificateStoreType |
The format of the certificate store. | string |
No | - | - |
keyStoreContent |
Base64 encoded string of key store file content. | string |
No | - | - |
status |
Status to represent whether the database connection is TLS enabled or not. | string |
Yes | - | - |
storePassword |
The password to read the trust store and key store files, if they are password protected. | string |
No | - | - |
trustStoreContent |
Base64 encoded string of trust store file content. | string |
No | - | - |
Status¶
TargetDatabaseStatus defines the observed state of TargetDatabase.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
associatedResourceIds |
The OCIDs of associated resources like database, Data Safe private endpoint etc. | list[string] |
No | - | - |
compartmentId |
The OCID of the compartment which contains the Data Safe target database. | string |
No | - | - |
connectionOption |
TargetDatabaseConnectionOption defines nested fields for TargetDatabase.ConnectionOption. | object |
No | - | - |
credentials |
TargetDatabaseCredentialsObservedState defines nested fields for TargetDatabase.Credentials. | object |
No | - | - |
databaseDetails |
TargetDatabaseDatabaseDetails defines nested fields for TargetDatabase.DatabaseDetails. | object |
No | - | - |
databaseType |
The database type. | string |
No | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
description |
The description of the target database in Data Safe. | string |
No | - | - |
displayName |
The display name of the target database in Data Safe. | string |
No | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
id |
The OCID of the Data Safe target database. | string |
No | - | - |
infrastructureType |
The infrastructure type the database is running on. | string |
No | - | - |
lifecycleDetails |
Details about the current state of the target database in Data Safe. | string |
No | - | - |
lifecycleState |
The current state of the target database in Data Safe. | string |
No | - | - |
peerTargetDatabases |
The OCIDs of associated resources like database, Data Safe private endpoint, etc. | list[object] |
No | - | - |
status |
- | object |
Yes | - | - |
systemTags |
System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"orcl-cloud": {"free-tier-retained": "true"}} |
map[string, map[string, string]] |
No | - | - |
timeCreated |
The date and time of the target database registration and creation in Data Safe. | string |
No | - | - |
timeUpdated |
The date and time of the target database update in Data Safe. | string |
No | - | - |
tlsConfig |
TargetDatabaseTlsConfig defines nested fields for TargetDatabase.TlsConfig. | object |
No | - | - |
Status.connectionOption¶
TargetDatabaseConnectionOption defines nested fields for TargetDatabase.ConnectionOption.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
connectionType |
- | string |
No | - | - |
datasafePrivateEndpointId |
The OCID of the Data Safe private endpoint. | string |
No | - | - |
jsonData |
- | string |
No | - | - |
onPremConnectorId |
The OCID of the on-premises connector. | string |
No | - | - |
Status.credentials¶
TargetDatabaseCredentialsObservedState defines nested fields for TargetDatabase.Credentials.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
userName |
The database user name. | string |
No | - | - |
Status.databaseDetails¶
TargetDatabaseDatabaseDetails defines nested fields for TargetDatabase.DatabaseDetails.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
autonomousDatabaseId |
The OCID of the Autonomous Database registered as a target database in Data Safe. | string |
No | - | - |
databaseType |
- | string |
No | - | - |
dbSystemId |
The OCID of the cloud database registered as a target database in Data Safe. | string |
No | - | - |
infrastructureType |
The infrastructure type the database is running on. | string |
Yes | - | - |
instanceId |
The OCID of the compute instance on which the database is running. | string |
No | - | - |
ipAddresses |
The list of database host IP Addresses. Fully qualified domain names can be used if connectionType is 'ONPREM_CONNECTOR'. | list[string] |
No | - | - |
jsonData |
- | string |
No | - | - |
listenerPort |
The port number of the database listener. | integer |
No | - | - |
pluggableDatabaseId |
The OCID of the pluggable database registered as a target database in Data Safe. | string |
No | - | - |
serviceName |
The service name of the database registered as target database. | string |
No | - | - |
vmClusterId |
The OCID of the VM cluster in which the database is running. | string |
No | - | - |
Status.peerTargetDatabases[]¶
TargetDatabasePeerTargetDatabase defines nested fields for TargetDatabase.PeerTargetDatabase.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
databaseDetails |
TargetDatabasePeerTargetDatabaseDatabaseDetails defines nested fields for TargetDatabase.PeerTargetDatabase.DatabaseDetails. | object |
No | - | - |
databaseUniqueName |
Unique name of the database associated to the peer target database. | string |
No | - | - |
dataguardAssociationId |
The OCID of the Data Guard Association resource in which the database associated to the peer target database is considered as peer database to the primary database. | string |
No | - | - |
description |
The description of the peer target database in Data Safe. | string |
No | - | - |
displayName |
The display name of the peer target database in Data Safe. | string |
No | - | - |
key |
The secondary key assigned for the peer target database in Data Safe. | integer |
No | - | - |
lifecycleDetails |
Details about the current state of the peer target database in Data Safe. | string |
No | - | - |
lifecycleState |
The current state of the peer target database in Data Safe. | string |
No | - | - |
role |
Role of the database associated to the peer target database. | string |
No | - | - |
timeCreated |
The date and time of the peer target database registration in Data Safe. | string |
No | - | - |
tlsConfig |
TargetDatabasePeerTargetDatabaseTlsConfig defines nested fields for TargetDatabase.PeerTargetDatabase.TlsConfig. | object |
No | - | - |
Status.peerTargetDatabases[].databaseDetails¶
TargetDatabasePeerTargetDatabaseDatabaseDetails defines nested fields for TargetDatabase.PeerTargetDatabase.DatabaseDetails.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
autonomousDatabaseId |
The OCID of the Autonomous Database registered as a target database in Data Safe. | string |
No | - | - |
databaseType |
- | string |
No | - | - |
dbSystemId |
The OCID of the cloud database registered as a target database in Data Safe. | string |
No | - | - |
infrastructureType |
The infrastructure type the database is running on. | string |
No | - | - |
instanceId |
The OCID of the compute instance on which the database is running. | string |
No | - | - |
ipAddresses |
The list of database host IP Addresses. Fully qualified domain names can be used if connectionType is 'ONPREM_CONNECTOR'. | list[string] |
No | - | - |
jsonData |
- | string |
No | - | - |
listenerPort |
The port number of the database listener. | integer |
No | - | - |
pluggableDatabaseId |
The OCID of the pluggable database registered as a target database in Data Safe. | string |
No | - | - |
serviceName |
The service name of the database registered as target database. | string |
No | - | - |
vmClusterId |
The OCID of the VM cluster in which the database is running. | string |
No | - | - |
Status.peerTargetDatabases[].tlsConfig¶
TargetDatabasePeerTargetDatabaseTlsConfig defines nested fields for TargetDatabase.PeerTargetDatabase.TlsConfig.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
certificateStoreType |
The format of the certificate store. | string |
No | - | - |
keyStoreContent |
Base64 encoded string of key store file content. | string |
No | - | - |
status |
Status to represent whether the database connection is TLS enabled or not. | string |
No | - | - |
storePassword |
The password to read the trust store and key store files, if they are password protected. | string |
No | - | - |
trustStoreContent |
Base64 encoded string of trust store file content. | string |
No | - | - |
Status.status¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. | object |
No | - | - |
conditions |
- | list[object] |
No | - | - |
createdAt |
- | string (date-time) |
No | - | - |
deletedAt |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
ocid |
- | string |
No | - | - |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. | string |
No | - | - |
reason |
- | string |
No | - | - |
requestedAt |
- | string (date-time) |
No | - | - |
updatedAt |
- | string (date-time) |
No | - | - |
Status.status.async¶
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
current |
- | object |
No | - | - |
Status.status.async.current¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
message |
- | string |
No | - | - |
normalizedClass |
- | string |
Yes | - | attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- | number |
No | - | - |
phase |
- | string |
Yes | - | create, delete, update |
rawOperationType |
- | string |
No | - | - |
rawStatus |
- | string |
No | - | - |
source |
- | string |
Yes | - | lifecycle, none, workrequest |
updatedAt |
- | string (date-time) |
Yes | - | - |
workRequestId |
- | string |
No | - | - |
Status.status.conditions[]¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
lastTransitionTime |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
reason |
- | string |
No | - | - |
status |
- | string |
Yes | - | - |
type |
- | string |
Yes | - | - |
Status.tlsConfig¶
TargetDatabaseTlsConfig defines nested fields for TargetDatabase.TlsConfig.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
certificateStoreType |
The format of the certificate store. | string |
No | - | - |
keyStoreContent |
Base64 encoded string of key store file content. | string |
No | - | - |
status |
Status to represent whether the database connection is TLS enabled or not. | string |
Yes | - | - |
storePassword |
The password to read the trust store and key store files, if they are password protected. | string |
No | - | - |
trustStoreContent |
Base64 encoded string of trust store file content. | string |
No | - | - |
TargetDatabaseGroup¶
TargetDatabaseGroup is the Schema for the targetdatabasegroups API.
Plural:targetdatabasegroupsScope:NamespacedAPIVersion:datasafe.oracle.com/v1beta1Sample: Sample (config/samples/datasafe_v1beta1_targetdatabasegroup.yaml)Packages: Not currently exposed by a customer-visible package.
Spec¶
TargetDatabaseGroupSpec defines the desired state of TargetDatabaseGroup.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
compartmentId |
The OCID of the compartment to create the target database group. | string |
Yes | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
description |
Description of the target database group (optional). | string |
No | - | - |
displayName |
The name of the target database group. | string |
Yes | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
matchingCriteria |
TargetDatabaseGroupMatchingCriteria defines nested fields for TargetDatabaseGroup.MatchingCriteria. | object |
Yes | - | - |
Spec.matchingCriteria¶
Back to TargetDatabaseGroup spec
TargetDatabaseGroupMatchingCriteria defines nested fields for TargetDatabaseGroup.MatchingCriteria.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
exclude |
TargetDatabaseGroupMatchingCriteriaExclude defines nested fields for TargetDatabaseGroup.MatchingCriteria.Exclude. | object |
No | - | - |
include |
TargetDatabaseGroupMatchingCriteriaInclude defines nested fields for TargetDatabaseGroup.MatchingCriteria.Include. | object |
Yes | - | - |
Spec.matchingCriteria.exclude¶
Back to TargetDatabaseGroup spec
TargetDatabaseGroupMatchingCriteriaExclude defines nested fields for TargetDatabaseGroup.MatchingCriteria.Exclude.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
targetDatabaseIds |
The list of target database OCIDS, that should be excluded from the target database group (even if they match some of the other criteria). | list[string] |
Yes | - | - |
Spec.matchingCriteria.include¶
Back to TargetDatabaseGroup spec
TargetDatabaseGroupMatchingCriteriaInclude defines nested fields for TargetDatabaseGroup.MatchingCriteria.Include.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
compartments |
List of compartment objects, each containing the OCID of the compartment and a boolean value that indicates whether the target databases in the compartments and sub-compartments should also be included in the target database group. | list[object] |
No | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
targetDatabaseIds |
The list of target database OCIDs to be included in the target database group. | list[string] |
No | - | - |
Spec.matchingCriteria.include.compartments[]¶
Back to TargetDatabaseGroup spec
TargetDatabaseGroupMatchingCriteriaIncludeCompartment defines nested fields for TargetDatabaseGroup.MatchingCriteria.Include.Compartment.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
id |
The OCID of the compartment for including target databases to the target database group. All target databases in the compartment will be members of the target database group. | string |
Yes | - | - |
isIncludeSubtree |
This indicates whether the target databases of sub-compartments should also be included in the target database group. By default, this parameter is set to false. | boolean |
No | - | - |
Status¶
TargetDatabaseGroupStatus defines the observed state of TargetDatabaseGroup.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
compartmentId |
The OCID for the compartment containing the target database group. | string |
No | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
description |
Description of the target database group. | string |
No | - | - |
displayName |
The name of the target database group. | string |
No | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
id |
The OCID of the specified target database group. | string |
No | - | - |
lifecycleDetails |
Details for the lifecycle status of the target database group. | string |
No | - | - |
lifecycleState |
The lifecycle status of the target database group. | string |
No | - | - |
matchingCriteria |
TargetDatabaseGroupMatchingCriteria defines nested fields for TargetDatabaseGroup.MatchingCriteria. | object |
No | - | - |
membershipCount |
The number of target databases in the specified target database group. | integer |
No | - | - |
membershipUpdateTime |
Time when the members of the target database group were last changed, i.e. the list was refreshed, a target database was added or removed. | string |
No | - | - |
status |
- | object |
Yes | - | - |
systemTags |
System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"orcl-cloud": {"free-tier-retained": "true"}} |
map[string, map[string, string]] |
No | - | - |
timeCreated |
Time when the target database group was created. | string |
No | - | - |
timeUpdated |
Time when the target database group was last updated. | string |
No | - | - |
Status.matchingCriteria¶
Back to TargetDatabaseGroup status
TargetDatabaseGroupMatchingCriteria defines nested fields for TargetDatabaseGroup.MatchingCriteria.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
exclude |
TargetDatabaseGroupMatchingCriteriaExclude defines nested fields for TargetDatabaseGroup.MatchingCriteria.Exclude. | object |
No | - | - |
include |
TargetDatabaseGroupMatchingCriteriaInclude defines nested fields for TargetDatabaseGroup.MatchingCriteria.Include. | object |
Yes | - | - |
Status.matchingCriteria.exclude¶
Back to TargetDatabaseGroup status
TargetDatabaseGroupMatchingCriteriaExclude defines nested fields for TargetDatabaseGroup.MatchingCriteria.Exclude.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
targetDatabaseIds |
The list of target database OCIDS, that should be excluded from the target database group (even if they match some of the other criteria). | list[string] |
Yes | - | - |
Status.matchingCriteria.include¶
Back to TargetDatabaseGroup status
TargetDatabaseGroupMatchingCriteriaInclude defines nested fields for TargetDatabaseGroup.MatchingCriteria.Include.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
compartments |
List of compartment objects, each containing the OCID of the compartment and a boolean value that indicates whether the target databases in the compartments and sub-compartments should also be included in the target database group. | list[object] |
No | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
targetDatabaseIds |
The list of target database OCIDs to be included in the target database group. | list[string] |
No | - | - |
Status.matchingCriteria.include.compartments[]¶
Back to TargetDatabaseGroup status
TargetDatabaseGroupMatchingCriteriaIncludeCompartment defines nested fields for TargetDatabaseGroup.MatchingCriteria.Include.Compartment.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
id |
The OCID of the compartment for including target databases to the target database group. All target databases in the compartment will be members of the target database group. | string |
Yes | - | - |
isIncludeSubtree |
This indicates whether the target databases of sub-compartments should also be included in the target database group. By default, this parameter is set to false. | boolean |
No | - | - |
Status.status¶
Back to TargetDatabaseGroup status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. | object |
No | - | - |
conditions |
- | list[object] |
No | - | - |
createdAt |
- | string (date-time) |
No | - | - |
deletedAt |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
ocid |
- | string |
No | - | - |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. | string |
No | - | - |
reason |
- | string |
No | - | - |
requestedAt |
- | string (date-time) |
No | - | - |
updatedAt |
- | string (date-time) |
No | - | - |
Status.status.async¶
Back to TargetDatabaseGroup status
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
current |
- | object |
No | - | - |
Status.status.async.current¶
Back to TargetDatabaseGroup status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
message |
- | string |
No | - | - |
normalizedClass |
- | string |
Yes | - | attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- | number |
No | - | - |
phase |
- | string |
Yes | - | create, delete, update |
rawOperationType |
- | string |
No | - | - |
rawStatus |
- | string |
No | - | - |
source |
- | string |
Yes | - | lifecycle, none, workrequest |
updatedAt |
- | string (date-time) |
Yes | - | - |
workRequestId |
- | string |
No | - | - |
Status.status.conditions[]¶
Back to TargetDatabaseGroup status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
lastTransitionTime |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
reason |
- | string |
No | - | - |
status |
- | string |
Yes | - | - |
type |
- | string |
Yes | - | - |
UnifiedAuditPolicy¶
UnifiedAuditPolicy is the Schema for the unifiedauditpolicies API.
Plural:unifiedauditpoliciesScope:NamespacedAPIVersion:datasafe.oracle.com/v1beta1Sample: Sample (config/samples/datasafe_v1beta1_unifiedauditpolicy.yaml)Packages: Not currently exposed by a customer-visible package.
Spec¶
UnifiedAuditPolicySpec defines the desired state of UnifiedAuditPolicy.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
compartmentId |
The OCID of the compartment in which to create the unified audit policy. | string |
Yes | - | - |
conditions |
Lists the audit policy provisioning conditions. | list[object] |
Yes | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
description |
The description of the unified audit policy in Data Safe. | string |
No | - | - |
displayName |
The display name of the unified audit policy in Data Safe. The name is modifiable and does not need to be unique. | string |
No | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
securityPolicyId |
The OCID of the security policy corresponding to the unified audit policy. | string |
Yes | - | - |
status |
Indicates whether the unified audit policy has been enabled or disabled. | string |
Yes | - | - |
unifiedAuditPolicyDefinitionId |
The OCID of the associated unified audit policy definition. | string |
Yes | - | - |
Spec.conditions[]¶
Back to UnifiedAuditPolicy spec
UnifiedAuditPolicyCondition defines nested fields for UnifiedAuditPolicy.Condition.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
attributeSetId |
The OCID of the attribute set. | string |
No | - | - |
entitySelection |
Specifies whether to include or exclude the specified users or roles. | string |
Yes | - | - |
entityType |
- | string |
No | - | - |
jsonData |
- | string |
No | - | - |
operationStatus |
The operation status that the policy must be enabled for. | string |
Yes | - | - |
roleNames |
List of roles that the policy must be enabled for. | list[string] |
No | - | - |
userNames |
The list of users that the unified audit policy is enabled for. | list[string] |
No | - | - |
Status¶
UnifiedAuditPolicyStatus defines the observed state of UnifiedAuditPolicy.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
compartmentId |
The OCID of the compartment containing the unified audit policy. | string |
No | - | - |
conditions |
Lists the audit policy provisioning conditions. | list[object] |
No | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
description |
The description of the unified audit policy. | string |
No | - | - |
displayName |
The display name of the unified audit policy. | string |
No | - | - |
enabledEntities |
Indicates on whom the audit policy is enabled. | string |
No | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
id |
The OCID of the unified audit policy. | string |
No | - | - |
isSeeded |
Indicates whether the unified audit policy is seeded or not. | boolean |
No | - | - |
lifecycleDetails |
The details of the current state of the unified audit policy in Data Safe. | string |
No | - | - |
lifecycleState |
The current state of the unified audit policy. | string |
No | - | - |
sdkStatus |
Indicates whether the policy has been enabled or disabled. This uses a distinct JSON name so it can coexist with the OSOK status envelope. | string |
No | - | - |
securityPolicyId |
The OCID of the security policy corresponding to the unified audit policy. | string |
No | - | - |
status |
- | object |
Yes | - | - |
systemTags |
System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"orcl-cloud": {"free-tier-retained": "true"}} |
map[string, map[string, string]] |
No | - | - |
timeCreated |
The time the the unified audit policy was created, in the format defined by RFC3339. | string |
No | - | - |
timeUpdated |
The last date and time the unified audit policy was updated, in the format defined by RFC3339. | string |
No | - | - |
unifiedAuditPolicyDefinitionId |
The OCID of the associated unified audit policy definition. | string |
No | - | - |
Status.conditions[]¶
Back to UnifiedAuditPolicy status
UnifiedAuditPolicyCondition defines nested fields for UnifiedAuditPolicy.Condition.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
attributeSetId |
The OCID of the attribute set. | string |
No | - | - |
entitySelection |
Specifies whether to include or exclude the specified users or roles. | string |
Yes | - | - |
entityType |
- | string |
No | - | - |
jsonData |
- | string |
No | - | - |
operationStatus |
The operation status that the policy must be enabled for. | string |
Yes | - | - |
roleNames |
List of roles that the policy must be enabled for. | list[string] |
No | - | - |
userNames |
The list of users that the unified audit policy is enabled for. | list[string] |
No | - | - |
Status.status¶
Back to UnifiedAuditPolicy status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. | object |
No | - | - |
conditions |
- | list[object] |
No | - | - |
createdAt |
- | string (date-time) |
No | - | - |
deletedAt |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
ocid |
- | string |
No | - | - |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. | string |
No | - | - |
reason |
- | string |
No | - | - |
requestedAt |
- | string (date-time) |
No | - | - |
updatedAt |
- | string (date-time) |
No | - | - |
Status.status.async¶
Back to UnifiedAuditPolicy status
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
current |
- | object |
No | - | - |
Status.status.async.current¶
Back to UnifiedAuditPolicy status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
message |
- | string |
No | - | - |
normalizedClass |
- | string |
Yes | - | attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- | number |
No | - | - |
phase |
- | string |
Yes | - | create, delete, update |
rawOperationType |
- | string |
No | - | - |
rawStatus |
- | string |
No | - | - |
source |
- | string |
Yes | - | lifecycle, none, workrequest |
updatedAt |
- | string (date-time) |
Yes | - | - |
workRequestId |
- | string |
No | - | - |
Status.status.conditions[]¶
Back to UnifiedAuditPolicy status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
lastTransitionTime |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
reason |
- | string |
No | - | - |
status |
- | string |
Yes | - | - |
type |
- | string |
Yes | - | - |
UserAssessment¶
UserAssessment is the Schema for the userassessments API.
Plural:userassessmentsScope:NamespacedAPIVersion:datasafe.oracle.com/v1beta1Sample: Sample (config/samples/datasafe_v1beta1_userassessment.yaml)Packages: Not currently exposed by a customer-visible package.
Spec¶
UserAssessmentSpec defines the desired state of UserAssessment.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
compartmentId |
The OCID of the compartment that contains the user assessment. | string |
Yes | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
description |
The description of the user assessment. | string |
No | - | - |
displayName |
The display name of the user assessment. | string |
No | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
isAssessmentScheduled |
Indicates whether the assessment is scheduled to run. | boolean |
No | - | - |
schedule |
To schedule the assessment for saving periodically, specify the schedule in this attribute. Create or schedule one assessment per compartment. If not defined, the assessment runs immediately. Format - |
string |
No | - | - |
targetId |
The OCID of the target database or target database group on which user assessment is to be run. | string |
Yes | - | - |
targetType |
The type of user assessment resource whether it is individual or group resource. For individual target use type TARGET_DATABASE and for group resource use type TARGET_DATABASE_GROUP. If not provided, TARGET_DATABASE would be used as default value. | string |
No | - | - |
Status¶
UserAssessmentStatus defines the observed state of UserAssessment.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
compartmentId |
The OCID of the compartment that contains the user assessment. | string |
No | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
description |
The description of the user assessment. | string |
No | - | - |
displayName |
The display name of the user assessment. | string |
No | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
id |
The OCID of the user assessment. | string |
No | - | - |
ignoredAssessmentIds |
List containing maps as values. Example: {"Operations": [ {"CostCenter": "42"} ] } |
list[object (preserves unknown fields)] |
No | - | - |
ignoredTargets |
List containing maps as values. Example: {"Operations": [ {"CostCenter": "42"} ] } |
list[object (preserves unknown fields)] |
No | - | - |
isAssessmentScheduled |
Indicates whether the assessment is scheduled to run. | boolean |
No | - | - |
isBaseline |
Indicates if the user assessment is set as a baseline. This is applicable only to saved user assessments. | boolean |
No | - | - |
isDeviatedFromBaseline |
Indicates if the user assessment deviates from the baseline. | boolean |
No | - | - |
lastComparedBaselineId |
The OCID of the last user assessment baseline against which the latest assessment was compared. | string |
No | - | - |
lifecycleDetails |
Details about the current state of the user assessment. | string |
No | - | - |
lifecycleState |
The current state of the user assessment. | string |
No | - | - |
schedule |
Schedule of the assessment that runs periodically in this specified format: |
string |
No | - | - |
scheduleAssessmentId |
The OCID of the user assessment that is responsible for creating this scheduled save assessment. | string |
No | - | - |
statistics |
Map that contains maps of values. Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
status |
- | object |
Yes | - | - |
systemTags |
System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"orcl-cloud": {"free-tier-retained": "true"}} |
map[string, map[string, string]] |
No | - | - |
targetDatabaseGroupId |
The OCID of target database group. | string |
No | - | - |
targetIds |
Array of database target OCIDs. | list[string] |
No | - | - |
targetType |
Indicates whether the user assessment is for a target database or a target database group. | string |
No | - | - |
timeCreated |
The date and time the user assessment was created, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). | string |
No | - | - |
timeLastAssessed |
The date and time the user assessment was last executed, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). | string |
No | - | - |
timeUpdated |
The date and time the user assessment was last updated, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). | string |
No | - | - |
triggeredBy |
Indicates whether the user assessment was created by the system or the user. | string |
No | - | - |
type |
The type of the user assessment. The possible types are: LATEST: The latest assessment that was executed for a target. It can either be system generated as part of the scheduled assessments or user driven by refreshing the latest assessment. SAVED: A saved user assessment. All user assessments are saved in the user assessment history. SAVE_SCHEDULE: The schedule to periodically save the LATEST assessment of a target database. COMPARTMENT: An automatic managed assessment type that stores all details of the targets in one compartment. This will keep an up-to-date status of all potential risks identified in the compartment. It also keeps track of user count and target count for each profile available on the targets in a given compartment. It is automatically updated once the latest assessment or refresh action is executed, as well as when a target is deleted or moved to a different compartment. | string |
No | - | - |
Status.status¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. | object |
No | - | - |
conditions |
- | list[object] |
No | - | - |
createdAt |
- | string (date-time) |
No | - | - |
deletedAt |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
ocid |
- | string |
No | - | - |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. | string |
No | - | - |
reason |
- | string |
No | - | - |
requestedAt |
- | string (date-time) |
No | - | - |
updatedAt |
- | string (date-time) |
No | - | - |
Status.status.async¶
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
current |
- | object |
No | - | - |
Status.status.async.current¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
message |
- | string |
No | - | - |
normalizedClass |
- | string |
Yes | - | attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- | number |
No | - | - |
phase |
- | string |
Yes | - | create, delete, update |
rawOperationType |
- | string |
No | - | - |
rawStatus |
- | string |
No | - | - |
source |
- | string |
Yes | - | lifecycle, none, workrequest |
updatedAt |
- | string (date-time) |
Yes | - | - |
workRequestId |
- | string |
No | - | - |
Status.status.conditions[]¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
lastTransitionTime |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
reason |
- | string |
No | - | - |
status |
- | string |
Yes | - | - |
type |
- | string |
Yes | - | - |