Skip to content

datasafe.oracle.com/v1beta1

Back to API Reference

APIVersion: datasafe.oracle.com/v1beta1

This content is generated from the checked-in CRD schemas in config/crd/bases/. If a description is missing or incorrect, fix the source comments or generator inputs and rerun make generate manifests; do not hand-edit config/crd/bases/*.yaml.

Packages

No customer-visible package currently exposes datasafe.oracle.com/v1beta1.

Resources

Kind Scope Sample Packages
AlertPolicy Namespaced Sample -
AlertPolicyRule Namespaced Sample -
AttributeSet Namespaced Sample -
AuditArchiveRetrieval Namespaced Sample -
AuditProfile Namespaced Sample -
DataSafePrivateEndpoint Namespaced Sample -
DiscoveryJob Namespaced Sample -
LibraryMaskingFormat Namespaced Sample -
MaskingColumn Namespaced Sample -
MaskingPolicy Namespaced Sample -
OnPremConnector Namespaced Sample -
PeerTargetDatabase Namespaced Sample -
ReferentialRelation Namespaced Sample -
ReportDefinition Namespaced Sample -
SdmMaskingPolicyDifference Namespaced Sample -
SecurityAssessment Namespaced Sample -
SecurityPolicy Namespaced Sample -
SecurityPolicyConfig Namespaced Sample -
SecurityPolicyDeployment Namespaced Sample -
SensitiveColumn Namespaced Sample -
SensitiveDataModel Namespaced Sample -
SensitiveType Namespaced Sample -
SensitiveTypeGroup Namespaced Sample -
SensitiveTypesExport Namespaced Sample -
SqlCollection Namespaced Sample -
TargetAlertPolicyAssociation Namespaced Sample -
TargetDatabase Namespaced Sample -
TargetDatabaseGroup Namespaced Sample -
UnifiedAuditPolicy Namespaced Sample -
UserAssessment Namespaced Sample -

AlertPolicy

AlertPolicy is the Schema for the alertpolicies API.

  • Plural: alertpolicies
  • Scope: Namespaced
  • APIVersion: datasafe.oracle.com/v1beta1
  • Sample: Sample (config/samples/datasafe_v1beta1_alertpolicy.yaml)
  • Packages: Not currently exposed by a customer-visible package.

Spec

AlertPolicySpec defines the desired state of AlertPolicy.

Field Description Type Required Default Enum
alertPolicyRuleDetails The details of the alert policy rule. list[object] No - -
alertPolicyType Indicates the Data Safe feature the alert policy belongs to string Yes - -
compartmentId The OCID of the compartment where you want to create the alert policy. string Yes - -
definedTags Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} map[string, map[string, string]] No - -
description The description of the alert policy. string No - -
displayName The display name of the alert policy. The name does not have to be unique, and it's changeable. string No - -
freeformTags Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} map[string, string] No - -
severity Severity level of the alert raised by this policy. string Yes - -

Spec.alertPolicyRuleDetails[]

Back to AlertPolicy spec

AlertPolicyRuleDetail defines nested fields for AlertPolicy.AlertPolicyRuleDetail.

Field Description Type Required Default Enum
description Describes the alert policy rule. string No - -
displayName The display name of the alert policy rule. string No - -
expression The conditional expression of the alert policy rule which evaluates to boolean value. string Yes - -

Status

AlertPolicyStatus defines the observed state of AlertPolicy.

Field Description Type Required Default Enum
alertPolicyType Indicates the Data Safe feature to which the alert policy belongs. string No - -
compartmentId The OCID of the compartment that contains the alert policy. string No - -
definedTags Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} map[string, map[string, string]] No - -
description The description of the alert policy. string No - -
displayName The display name of the alert policy. string No - -
freeformTags Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} map[string, string] No - -
id The OCID of the alert policy. string No - -
isUserDefined Indicates if the alert policy is user-defined (true) or pre-defined (false). boolean No - -
lifecycleDetails Details about the current state of the alert policy. string No - -
lifecycleState The current state of the alert. string No - -
severity Severity level of the alert raised by this policy. string No - -
status - object Yes - -
systemTags System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"orcl-cloud": {"free-tier-retained": "true"}} map[string, map[string, string]] No - -
timeCreated Creation date and time of the alert policy, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). string No - -
timeUpdated Last date and time the alert policy was updated, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). string No - -

Status.status

Back to AlertPolicy status

Field Description Type Required Default Enum
async Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. object No - -
conditions - list[object] No - -
createdAt - string (date-time) No - -
deletedAt - string (date-time) No - -
message - string No - -
ocid - string No - -
opcRequestId OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. string No - -
reason - string No - -
requestedAt - string (date-time) No - -
updatedAt - string (date-time) No - -

Status.status.async

Back to AlertPolicy status

Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.

Field Description Type Required Default Enum
current - object No - -

Status.status.async.current

Back to AlertPolicy status

Field Description Type Required Default Enum
message - string No - -
normalizedClass - string Yes - attention, canceled, failed, pending, succeeded, unknown
percentComplete - number No - -
phase - string Yes - create, delete, update
rawOperationType - string No - -
rawStatus - string No - -
source - string Yes - lifecycle, none, workrequest
updatedAt - string (date-time) Yes - -
workRequestId - string No - -

Status.status.conditions[]

Back to AlertPolicy status

Field Description Type Required Default Enum
lastTransitionTime - string (date-time) No - -
message - string No - -
reason - string No - -
status - string Yes - -
type - string Yes - -

AlertPolicyRule

AlertPolicyRule is the Schema for the alertpolicyrules API.

  • Plural: alertpolicyrules
  • Scope: Namespaced
  • APIVersion: datasafe.oracle.com/v1beta1
  • Sample: Sample (config/samples/datasafe_v1beta1_alertpolicyrule.yaml)
  • Packages: Not currently exposed by a customer-visible package.

Spec

AlertPolicyRuleSpec defines the desired state of AlertPolicyRule.

Field Description Type Required Default Enum
description Describes the alert policy rule. string No - -
displayName The display name of the alert policy rule. string No - -
expression The conditional expression of the alert policy rule which evaluates to boolean value. string Yes - -

Status

AlertPolicyRuleStatus defines the observed state of AlertPolicyRule.

Field Description Type Required Default Enum
description Describes the alert policy rule. string No - -
displayName The display name of the alert policy rule. string No - -
expression The conditional expression of the alert policy rule which evaluates to boolean value. string No - -
key The unique key of the alert policy rule. string No - -
lifecycleState The current state of the alert policy rule. string No - -
status - object Yes - -
timeCreated Creation date and time of the alert policy rule, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). string No - -

Status.status

Back to AlertPolicyRule status

Field Description Type Required Default Enum
async Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. object No - -
conditions - list[object] No - -
createdAt - string (date-time) No - -
deletedAt - string (date-time) No - -
message - string No - -
ocid - string No - -
opcRequestId OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. string No - -
reason - string No - -
requestedAt - string (date-time) No - -
updatedAt - string (date-time) No - -

Status.status.async

Back to AlertPolicyRule status

Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.

Field Description Type Required Default Enum
current - object No - -

Status.status.async.current

Back to AlertPolicyRule status

Field Description Type Required Default Enum
message - string No - -
normalizedClass - string Yes - attention, canceled, failed, pending, succeeded, unknown
percentComplete - number No - -
phase - string Yes - create, delete, update
rawOperationType - string No - -
rawStatus - string No - -
source - string Yes - lifecycle, none, workrequest
updatedAt - string (date-time) Yes - -
workRequestId - string No - -

Status.status.conditions[]

Back to AlertPolicyRule status

Field Description Type Required Default Enum
lastTransitionTime - string (date-time) No - -
message - string No - -
reason - string No - -
status - string Yes - -
type - string Yes - -

AttributeSet

AttributeSet is the Schema for the attributesets API.

  • Plural: attributesets
  • Scope: Namespaced
  • APIVersion: datasafe.oracle.com/v1beta1
  • Sample: Sample (config/samples/datasafe_v1beta1_attributeset.yaml)
  • Packages: Not currently exposed by a customer-visible package.

Spec

AttributeSetSpec defines the desired state of AttributeSet.

Field Description Type Required Default Enum
attributeSetType The type of attribute set. string Yes - -
attributeSetValues The list of values in an attribute set list[string] Yes - -
compartmentId The OCID of the compartment that contains the attribute set. string Yes - -
definedTags Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} map[string, map[string, string]] No - -
description Description of the attribute set. string No - -
displayName The display name of the attribute set. The name is unique and changeable. string Yes - -
freeformTags Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} map[string, string] No - -

Status

AttributeSetStatus defines the observed state of AttributeSet.

Field Description Type Required Default Enum
attributeSetType The type of attribute set. string No - -
attributeSetValues The list of values in an attribute set list[string] No - -
compartmentId The OCID of the compartment where the attribute set is stored. string No - -
definedTags Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} map[string, map[string, string]] No - -
description Description of an attribute set. string No - -
displayName The display name of an attribute set. The name does not have to be unique, and is changeable. string No - -
freeformTags Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} map[string, string] No - -
id The OCID of an attribute set. string No - -
inUse Indicates whether the attribute set is in use by other resource. string No - -
isUserDefined A boolean flag indicating to list user defined or seeded attribute sets. boolean No - -
lifecycleState The current state of an attribute set. string No - -
status - object Yes - -
systemTags System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"orcl-cloud": {"free-tier-retained": "true"}} map[string, map[string, string]] No - -
timeCreated The date and time an attribute set was created, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). string No - -
timeUpdated The date and time an attribute set was updated, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). string No - -

Status.status

Back to AttributeSet status

Field Description Type Required Default Enum
async Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. object No - -
conditions - list[object] No - -
createdAt - string (date-time) No - -
deletedAt - string (date-time) No - -
message - string No - -
ocid - string No - -
opcRequestId OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. string No - -
reason - string No - -
requestedAt - string (date-time) No - -
updatedAt - string (date-time) No - -

Status.status.async

Back to AttributeSet status

Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.

Field Description Type Required Default Enum
current - object No - -

Status.status.async.current

Back to AttributeSet status

Field Description Type Required Default Enum
message - string No - -
normalizedClass - string Yes - attention, canceled, failed, pending, succeeded, unknown
percentComplete - number No - -
phase - string Yes - create, delete, update
rawOperationType - string No - -
rawStatus - string No - -
source - string Yes - lifecycle, none, workrequest
updatedAt - string (date-time) Yes - -
workRequestId - string No - -

Status.status.conditions[]

Back to AttributeSet status

Field Description Type Required Default Enum
lastTransitionTime - string (date-time) No - -
message - string No - -
reason - string No - -
status - string Yes - -
type - string Yes - -

AuditArchiveRetrieval

AuditArchiveRetrieval is the Schema for the auditarchiveretrievals API.

  • Plural: auditarchiveretrievals
  • Scope: Namespaced
  • APIVersion: datasafe.oracle.com/v1beta1
  • Sample: Sample (config/samples/datasafe_v1beta1_auditarchiveretrieval.yaml)
  • Packages: Not currently exposed by a customer-visible package.

Spec

AuditArchiveRetrievalSpec defines the desired state of AuditArchiveRetrieval.

Field Description Type Required Default Enum
compartmentId The OCID of the compartment that contains the archival retrieval. string Yes - -
definedTags Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} map[string, map[string, string]] No - -
description Description of the archive retrieval. string No - -
displayName The display name of the archive retrieval. The name does not have to be unique, and is changeable. string No - -
endDate End month of the archive retrieval, in the format defined by RFC3339. string Yes - -
freeformTags Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} map[string, string] No - -
startDate Start month of the archive retrieval, in the format defined by RFC3339. string Yes - -
targetId The OCID of the target associated with the archive retrieval. string Yes - -

Status

AuditArchiveRetrievalStatus defines the observed state of AuditArchiveRetrieval.

Field Description Type Required Default Enum
auditEventCount Total count of audit events to be retrieved from the archive for the specified date range. integer (int64) No - -
compartmentId The OCID of the compartment that contains archive retrieval. string No - -
definedTags Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} map[string, map[string, string]] No - -
description Description of the archive retrieval. string No - -
displayName The display name of the archive retrieval. The name does not have to be unique, and is changeable. string No - -
endDate End month of the archive retrieval, in the format defined by RFC3339. string No - -
errorInfo The Error details of a failed archive retrieval. string No - -
freeformTags Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} map[string, string] No - -
id The OCID of the archive retrieval. string No - -
lifecycleDetails Details about the current state of the archive retrieval. string No - -
lifecycleState The current state of the archive retrieval. string No - -
startDate Start month of the archive retrieval, in the format defined by RFC3339. string No - -
status - object Yes - -
systemTags System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"orcl-cloud": {"free-tier-retained": "true"}} map[string, map[string, string]] No - -
targetId The OCID of the target associated with the archive retrieval. string No - -
timeCompleted The date time when archive retrieval request was fulfilled, in the format defined by RFC3339. string No - -
timeOfExpiry The date time when retrieved archive data will be deleted from Data Safe and unloaded back into archival. string No - -
timeRequested The date time when archive retrieval was requested, in the format defined by RFC3339. string No - -

Status.status

Back to AuditArchiveRetrieval status

Field Description Type Required Default Enum
async Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. object No - -
conditions - list[object] No - -
createdAt - string (date-time) No - -
deletedAt - string (date-time) No - -
message - string No - -
ocid - string No - -
opcRequestId OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. string No - -
reason - string No - -
requestedAt - string (date-time) No - -
updatedAt - string (date-time) No - -

Status.status.async

Back to AuditArchiveRetrieval status

Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.

Field Description Type Required Default Enum
current - object No - -

Status.status.async.current

Back to AuditArchiveRetrieval status

Field Description Type Required Default Enum
message - string No - -
normalizedClass - string Yes - attention, canceled, failed, pending, succeeded, unknown
percentComplete - number No - -
phase - string Yes - create, delete, update
rawOperationType - string No - -
rawStatus - string No - -
source - string Yes - lifecycle, none, workrequest
updatedAt - string (date-time) Yes - -
workRequestId - string No - -

Status.status.conditions[]

Back to AuditArchiveRetrieval status

Field Description Type Required Default Enum
lastTransitionTime - string (date-time) No - -
message - string No - -
reason - string No - -
status - string Yes - -
type - string Yes - -

AuditProfile

AuditProfile is the Schema for the auditprofiles API.

  • Plural: auditprofiles
  • Scope: Namespaced
  • APIVersion: datasafe.oracle.com/v1beta1
  • Sample: Sample (config/samples/datasafe_v1beta1_auditprofile.yaml)
  • Packages: Not currently exposed by a customer-visible package.

Spec

AuditProfileSpec defines the desired state of AuditProfile.

Field Description Type Required Default Enum
compartmentId The OCID of the compartment where you want to create the audit profile. string Yes - -
definedTags Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} map[string, map[string, string]] No - -
description The description of the audit profile. string No - -
displayName The display name of the audit profile. The name does not have to be unique, and it's updatable. string No - -
freeformTags Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} map[string, string] No - -
isOverrideGlobalPaidUsage Indicates whether audit paid usage settings specified at the target database level override both the global and the target database group level paid usage settings. Enabling paid usage continues the collection of audit records beyond the free limit of one million audit records per month per target database, potentially incurring additional charges. For more information, see Data Safe Price List (https://www.oracle.com/cloud/price-list/#data-safe). boolean No - -
isPaidUsageEnabled Indicates if you want to continue collecting audit records beyond the free limit of one million audit records per month per target database, potentially incurring additional charges. The default value is inherited from the global settings. You can change at the global level or at the target level. boolean No - -
offlineMonths Number of months the audit records will be stored offline in the offline archive. Minimum: 0; Maximum: 72 months. If you have a requirement to store the audit data even longer in the offline archive, please contact the Oracle Support. integer No - -
onlineMonths Number of months the audit records will be stored online in the audit repository for immediate reporting and analysis. Minimum: 1; Maximum: 12 months integer No - -
targetId The OCID of the target database or target database group for which the audit profile is created. string Yes - -
targetType The resource type that is represented by the audit profile. string Yes - -

Status

AuditProfileStatus defines the observed state of AuditProfile.

Field Description Type Required Default Enum
auditCollectedVolume Number of audit records collected in the current calendar month. Audit records for the Data Safe service account are excluded and are not counted towards your monthly free limit. integer (int64) No - -
auditTrails Contains the list of available audit trails on the target database. list[object] No - -
compartmentId The OCID of the compartment that contains the audit profile. string No - -
definedTags Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} map[string, map[string, string]] No - -
description The description of the audit profile. string No - -
displayName The display name of the audit profile. string No - -
freeformTags Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} map[string, string] No - -
id The OCID of the audit profile. string No - -
isOverrideGlobalPaidUsage Indicates whether audit paid usage settings specified at the target database level override both the global settings and the target group level paid usage settings. Enabling paid usage continues the collection of audit records beyond the free limit of one million audit records per month per target database, potentially incurring additional charges. For more information, see Data Safe Price List (https://www.oracle.com/cloud/price-list/#data-safe). boolean No - -
isOverrideGlobalRetentionSetting Indicates whether audit retention settings like online and offline months set at the target level override both the global settings and the target group level audit retention settings. boolean No - -
isPaidUsageEnabled Indicates if you want to continue collecting audit records beyond the free limit of one million audit records per month per target database, potentially incurring additional charges. The default value is inherited from the global settings. You can change at the global level or at the target level. boolean No - -
lifecycleDetails Details about the current state of the audit profile in Data Safe. string No - -
lifecycleState The current state of the audit profile. string No - -
offlineMonths Number of months the audit records will be stored offline in the offline archive. Minimum: 0; Maximum: 72 months. If you have a requirement to store the audit data even longer in the offline archive, please contact the Oracle Support. integer No - -
offlineMonthsSource The name or the OCID of the resource from which the offline month retention setting is sourced. For example, a global setting or a target database group OCID. string No - -
onlineMonths Number of months the audit records will be stored online in the audit repository for immediate reporting and analysis. Minimum: 1; Maximum: 12 months integer No - -
onlineMonthsSource The name or the OCID of the resource from which the online month retention setting is sourced. For example, a global setting or a target database group OCID. string No - -
paidUsageSource The name or the OCID of the resource from which the paid usage setting is sourced. For example, a global setting or a target database group OCID. string No - -
status - object Yes - -
systemTags System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"orcl-cloud": {"free-tier-retained": "true"}} map[string, map[string, string]] No - -
targetId The OCID of the target database or target database group for which the audit profile is created. string No - -
targetType The resource type that is represented by the audit profile. string No - -
timeCreated The date and time the audit profile was created, in the format defined by RFC3339. string No - -
timeUpdated The date and time the audit profile was updated, in the format defined by RFC3339. string No - -

Status.auditTrails[]

Back to AuditProfile status

AuditProfileAuditTrail defines nested fields for AuditProfile.AuditTrail.

Field Description Type Required Default Enum
auditCollectionStartTime The date from which the audit trail must start collecting data, in the format defined by RFC3339. string No - -
auditProfileId The OCID of the parent audit. string No - -
canUpdateLastArchiveTimeOnTarget Indicates if the Datasafe updates last archive time on target database. If isAutoPurgeEnabled field is enabled, this field must be true. boolean No - -
compartmentId The OCID of the compartment that contains the audit trail and is the same as the compartment of the audit profile resource. string No - -
definedTags Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} map[string, map[string, string]] No - -
description The description of the audit trail. string No - -
displayName The display name of the audit trail. string No - -
freeformTags Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} map[string, string] No - -
id The OCID of the audit trail. string No - -
isAutoPurgeEnabled Indicates if auto purge is enabled on the target database, which helps delete audit data in the target database every seven days so that the database's audit trail does not become too large. boolean No - -
lifecycleDetails Details about the current state of the audit trail in Data Safe. string No - -
lifecycleState The current state of the audit trail. string No - -
peerTargetDatabaseKey The secondary id assigned for the peer database registered with Data Safe. integer No - -
purgeJobDetails The details of the audit trail purge job that ran at the time specified by purgeJobTime". string No - -
purgeJobStatus The current status of the audit trail purge job. string No - -
purgeJobTime The date and time of the last purge job. The purge job deletes audit data in the target database every seven days so that the database's audit trail does not become too large. In the format defined by RFC3339. string No - -
status The current sub-state of the audit trail. string No - -
systemTags System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"orcl-cloud": {"free-tier-retained": "true"}} map[string, map[string, string]] No - -
targetId The OCID of the Data Safe target for which the audit trail is created. string No - -
timeCreated The date and time the audit trail was created, in the format defined by RFC3339. string No - -
timeLastCollected The date and time until when the audit events were collected from the target database by the Data Safe audit trail collection process, in the format defined by RFC3339. string No - -
timeUpdated The date and time the audit trail was updated, in the format defined by RFC3339. string No - -
trailLocation An audit trail location represents the source of audit records that provides documentary evidence of the sequence of activities in the target database. string No - -
trailSource The underlying source of unified audit trail. string No - -
workRequestId The OCID of the workrequest for audit trail which collects audit records. string No - -

Status.status

Back to AuditProfile status

Field Description Type Required Default Enum
async Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. object No - -
conditions - list[object] No - -
createdAt - string (date-time) No - -
deletedAt - string (date-time) No - -
message - string No - -
ocid - string No - -
opcRequestId OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. string No - -
reason - string No - -
requestedAt - string (date-time) No - -
updatedAt - string (date-time) No - -

Status.status.async

Back to AuditProfile status

Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.

Field Description Type Required Default Enum
current - object No - -

Status.status.async.current

Back to AuditProfile status

Field Description Type Required Default Enum
message - string No - -
normalizedClass - string Yes - attention, canceled, failed, pending, succeeded, unknown
percentComplete - number No - -
phase - string Yes - create, delete, update
rawOperationType - string No - -
rawStatus - string No - -
source - string Yes - lifecycle, none, workrequest
updatedAt - string (date-time) Yes - -
workRequestId - string No - -

Status.status.conditions[]

Back to AuditProfile status

Field Description Type Required Default Enum
lastTransitionTime - string (date-time) No - -
message - string No - -
reason - string No - -
status - string Yes - -
type - string Yes - -

DataSafePrivateEndpoint

DataSafePrivateEndpoint is the Schema for the datasafeprivateendpoints API.

  • Plural: datasafeprivateendpoints
  • Scope: Namespaced
  • APIVersion: datasafe.oracle.com/v1beta1
  • Sample: Sample (config/samples/datasafe_v1beta1_datasafeprivateendpoint.yaml)
  • Packages: Not currently exposed by a customer-visible package.

Spec

DataSafePrivateEndpointSpec defines the desired state of DataSafePrivateEndpoint.

Field Description Type Required Default Enum
compartmentId The OCID of the compartment. string Yes - -
definedTags Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} map[string, map[string, string]] No - -
description The description of the private endpoint. string No - -
displayName The display name for the private endpoint. The name does not have to be unique, and it's changeable. string Yes - -
freeformTags Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} map[string, string] No - -
nsgIds The OCIDs of the network security groups that the private endpoint belongs to. list[string] No - -
privateEndpointIp The private IP address of the private endpoint. string No - -
subnetId The OCID of the subnet. string Yes - -
vcnId The OCID of the VCN. string Yes - -

Status

DataSafePrivateEndpointStatus defines the observed state of DataSafePrivateEndpoint.

Field Description Type Required Default Enum
compartmentId The OCID of the compartment. string No - -
definedTags Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} map[string, map[string, string]] No - -
description The description of the private endpoint. string No - -
displayName The display name of the private endpoint. string No - -
endpointFqdn The three-label fully qualified domain name (FQDN) of the private endpoint. The customer VCN's DNS records are updated with this FQDN. string No - -
freeformTags Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} map[string, string] No - -
id The OCID of the Data Safe private endpoint. string No - -
lifecycleState The current state of the private endpoint. string No - -
nsgIds The OCIDs of the network security groups that the private endpoint belongs to. list[string] No - -
privateEndpointId The OCID of the underlying private endpoint. string No - -
privateEndpointIp The private IP address of the private endpoint. string No - -
status - object Yes - -
subnetId The OCID of the subnet. string No - -
systemTags System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"orcl-cloud": {"free-tier-retained": "true"}} map[string, map[string, string]] No - -
timeCreated The date and time the private endpoint was created, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). string No - -
vcnId The OCID of the VCN. string No - -

Status.status

Back to DataSafePrivateEndpoint status

Field Description Type Required Default Enum
async Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. object No - -
conditions - list[object] No - -
createdAt - string (date-time) No - -
deletedAt - string (date-time) No - -
message - string No - -
ocid - string No - -
opcRequestId OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. string No - -
reason - string No - -
requestedAt - string (date-time) No - -
updatedAt - string (date-time) No - -

Status.status.async

Back to DataSafePrivateEndpoint status

Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.

Field Description Type Required Default Enum
current - object No - -

Status.status.async.current

Back to DataSafePrivateEndpoint status

Field Description Type Required Default Enum
message - string No - -
normalizedClass - string Yes - attention, canceled, failed, pending, succeeded, unknown
percentComplete - number No - -
phase - string Yes - create, delete, update
rawOperationType - string No - -
rawStatus - string No - -
source - string Yes - lifecycle, none, workrequest
updatedAt - string (date-time) Yes - -
workRequestId - string No - -

Status.status.conditions[]

Back to DataSafePrivateEndpoint status

Field Description Type Required Default Enum
lastTransitionTime - string (date-time) No - -
message - string No - -
reason - string No - -
status - string Yes - -
type - string Yes - -

DiscoveryJob

DiscoveryJob is the Schema for the discoveryjobs API.

  • Plural: discoveryjobs
  • Scope: Namespaced
  • APIVersion: datasafe.oracle.com/v1beta1
  • Sample: Sample (config/samples/datasafe_v1beta1_discoveryjob.yaml)
  • Packages: Not currently exposed by a customer-visible package.

Spec

DiscoveryJobSpec defines the desired state of DiscoveryJob.

Field Description Type Required Default Enum
compartmentId The OCID of the compartment where the discovery job resource should be created. string Yes - -
definedTags Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} map[string, map[string, string]] No - -
discoveryType The type of the discovery job. It defines the job's scope. NEW identifies new sensitive columns in the target database that are not in the sensitive data model. DELETED identifies columns that are present in the sensitive data model but have been deleted from the target database. MODIFIED identifies columns that are present in the target database as well as the sensitive data model but some of their attributes have been modified. ALL covers all the above three scenarios and reports new, deleted and modified columns. string No - -
displayName A user-friendly name for the discovery job. Does not have to be unique, and it is changeable. Avoid entering confidential information. string No - -
freeformTags Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} map[string, string] No - -
isAppDefinedRelationDiscoveryEnabled Indicates if the discovery job should identify potential application-level (non-dictionary) referential relationships between columns. Note that data discovery automatically identifies and adds database-level (dictionary-defined) relationships. This option helps identify application-level relationships that are not defined in the database dictionary, which in turn, helps identify additional sensitive columns and preserve referential integrity during data masking. It's disabled by default and should be used only if there is a need to identify application-level relationships. boolean No - -
isIncludeAllSchemas Indicates if all the schemas should be scanned by the discovery job. If it is set to true, sensitive data is discovered in all schemas (except for schemas maintained by Oracle). If both attributes are not provided, the configuration from the sensitive data model is used. boolean No - -
isIncludeAllSensitiveTypes Indicates if all the existing sensitive types should be used by the discovery job. If it's set to true, the sensitiveTypeIdsForDiscovery attribute is ignored and all sensitive types are used for data discovery. If both attributes are not provided, the configuration from the sensitive data model is used. boolean No - -
isSampleDataCollectionEnabled Indicates if the discovery job should collect and store sample data values for the discovered columns. Sample data helps review the discovered columns and ensure that they actually contain sensitive data. As it collects original data from the target database, it's disabled by default and should be used only if it's acceptable to store sample data in Data Safe's repository in Oracle Cloud. Note that sample data values are not collected for columns with the following data types: LONG, LOB, RAW, XMLTYPE and BFILE. boolean No - -
schemasForDiscovery The schemas to be scanned by the discovery job. If not provided, the schemasForDiscovery attribute of the sensitive data model is used to get the list of schemas. list[string] No - -
sensitiveDataModelId The OCID of the sensitive data model. string Yes - -
sensitiveTypeGroupIdsForDiscovery The OCIDs of the sensitive type groups to be used by the discovery job. All the sensitive types present in sensitive type group will be used for discovery. list[string] No - -
sensitiveTypeIdsForDiscovery The OCIDs of the sensitive types to be used by the discovery job. If not provided, the sensitiveTypeIdsForDiscovery attribute of the sensitive data model is used to get the list of sensitive types. list[string] No - -
tablesForDiscovery The data discovery jobs will scan the tables specified here, including both schemas and tables. In the absence of explicit input, the list of tables is obtained from the tablesForDiscovery attribute of the sensitive data model. list[object] No - -

Spec.tablesForDiscovery[]

Back to DiscoveryJob spec

DiscoveryJobTablesForDiscovery defines nested fields for DiscoveryJob.TablesForDiscovery.

Field Description Type Required Default Enum
schemaName This contains the name of the schema. string Yes - -
tableNames This contains an optional list of the table names. list[string] No - -

Status

DiscoveryJobStatus defines the observed state of DiscoveryJob.

Field Description Type Required Default Enum
compartmentId The OCID of the compartment that contains the discovery job. string No - -
definedTags Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} map[string, map[string, string]] No - -
discoveryType The type of the discovery job. It defines the job's scope. NEW identifies new sensitive columns in the target database that are not in the sensitive data model. DELETED identifies columns that are present in the sensitive data model but have been deleted from the target database. MODIFIED identifies columns that are present in the target database as well as the sensitive data model but some of their attributes have been modified. ALL covers all the above three scenarios and reports new, deleted and modified columns. string No - -
displayName The display name of the discovery job. string No - -
freeformTags Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} map[string, string] No - -
id The OCID of the discovery job. string No - -
isAppDefinedRelationDiscoveryEnabled Indicates if the discovery job should identify potential application-level (non-dictionary) referential relationships between columns. Note that data discovery automatically identifies and adds database-level (dictionary-defined) relationships. This option helps identify application-level relationships that are not defined in the database dictionary, which in turn, helps identify additional sensitive columns and preserve referential integrity during data masking. It's disabled by default and should be used only if there is a need to identify application-level relationships. boolean No - -
isIncludeAllSchemas Indicates if all the schemas in the associated target database are used for data discovery. If it is set to true, sensitive data is discovered in all schemas (except for schemas maintained by Oracle). boolean No - -
isIncludeAllSensitiveTypes Indicates if all the existing sensitive types are used for data discovery. If it's set to true, the sensitiveTypeIdsForDiscovery attribute is ignored and all sensitive types are used. boolean No - -
isSampleDataCollectionEnabled Indicates if the discovery job should collect and store sample data values for the discovered columns. Sample data helps review the discovered columns and ensure that they actually contain sensitive data. As it collects original data from the target database, it's disabled by default and should be used only if it's acceptable to store sample data in Data Safe's repository in Oracle Cloud. Note that sample data values are not collected for columns with the following data types: LONG, LOB, RAW, XMLTYPE and BFILE. boolean No - -
lifecycleState The current state of the discovery job. string No - -
schemasForDiscovery The schemas used for data discovery. list[string] No - -
sensitiveDataModelId The OCID of the sensitive data model associated with the discovery job. string No - -
sensitiveTypeGroupIdsForDiscovery The OCIDs of the sensitive type groups to be used by data discovery jobs. list[string] No - -
sensitiveTypeIdsForDiscovery The OCIDs of the sensitive types used for data discovery. list[string] No - -
status - object Yes - -
systemTags System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"orcl-cloud": {"free-tier-retained": "true"}} map[string, map[string, string]] No - -
tablesForDiscovery The data discovery jobs will scan the tables specified here, including both schemas and tables. list[object] No - -
targetId The OCID of the target database associated with the discovery job. string No - -
timeFinished The date and time the discovery job finished, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339).. string No - -
timeStarted The date and time the discovery job started, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). string No - -
totalColumnsScanned The total number of columns scanned by the discovery job. integer (int64) No - -
totalDeletedSensitiveColumns The total number of deleted sensitive columns identified by the discovery job. integer (int64) No - -
totalModifiedSensitiveColumns The total number of modified sensitive columns identified by the discovery job. integer (int64) No - -
totalNewSensitiveColumns The total number of new sensitive columns identified by the discovery job. integer (int64) No - -
totalObjectsScanned The total number of objects (tables and editioning views) scanned by the discovery job. integer (int64) No - -
totalSchemasScanned The total number of schemas scanned by the discovery job. integer (int64) No - -

Status.status

Back to DiscoveryJob status

Field Description Type Required Default Enum
async Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. object No - -
conditions - list[object] No - -
createdAt - string (date-time) No - -
deletedAt - string (date-time) No - -
message - string No - -
ocid - string No - -
opcRequestId OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. string No - -
reason - string No - -
requestedAt - string (date-time) No - -
updatedAt - string (date-time) No - -

Status.status.async

Back to DiscoveryJob status

Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.

Field Description Type Required Default Enum
current - object No - -

Status.status.async.current

Back to DiscoveryJob status

Field Description Type Required Default Enum
message - string No - -
normalizedClass - string Yes - attention, canceled, failed, pending, succeeded, unknown
percentComplete - number No - -
phase - string Yes - create, delete, update
rawOperationType - string No - -
rawStatus - string No - -
source - string Yes - lifecycle, none, workrequest
updatedAt - string (date-time) Yes - -
workRequestId - string No - -

Status.status.conditions[]

Back to DiscoveryJob status

Field Description Type Required Default Enum
lastTransitionTime - string (date-time) No - -
message - string No - -
reason - string No - -
status - string Yes - -
type - string Yes - -

Status.tablesForDiscovery[]

Back to DiscoveryJob status

DiscoveryJobTablesForDiscovery defines nested fields for DiscoveryJob.TablesForDiscovery.

Field Description Type Required Default Enum
schemaName This contains the name of the schema. string Yes - -
tableNames This contains an optional list of the table names. list[string] No - -

LibraryMaskingFormat

LibraryMaskingFormat is the Schema for the librarymaskingformats API.

  • Plural: librarymaskingformats
  • Scope: Namespaced
  • APIVersion: datasafe.oracle.com/v1beta1
  • Sample: Sample (config/samples/datasafe_v1beta1_librarymaskingformat.yaml)
  • Packages: Not currently exposed by a customer-visible package.

Spec

LibraryMaskingFormatSpec defines the desired state of LibraryMaskingFormat.

Field Description Type Required Default Enum
compartmentId The OCID of the compartment where the library masking format should be created. string Yes - -
definedTags Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} map[string, map[string, string]] No - -
description The description of the library masking format. string No - -
displayName The display name of the library masking format. The name does not have to be unique, and it's changeable. string No - -
formatEntries An array of format entries. The combined output of all the format entries is used for masking. list[object] Yes - -
freeformTags Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} map[string, string] No - -
sensitiveTypeIds An array of OCIDs of the sensitive types compatible with the library masking format. It helps track the sensitive types for which the library masking format is being created. list[string] No - -

Spec.formatEntries[]

Back to LibraryMaskingFormat spec

LibraryMaskingFormatFormatEntry defines nested fields for LibraryMaskingFormat.FormatEntry.

Field Description Type Required Default Enum
columnName The name of the substitution column. string No - -
description The description of the format entry. string No - -
endDate The upper bound of the range within which all the original column values fall. The end date must be greater than or equal to the start date. string No - -
endLength The maximum number of characters the generated strings should have. It can be any integer greater than zero, but it must be greater than or equal to the start length. integer No - -
endValue The upper bound of the range within which random decimal numbers should be generated. It must be greater than or equal to the start value. It supports input of double type. number No - -
fixedNumber The constant number to be used for masking. number No - -
fixedString The constant string to be used for masking. string No - -
groupingColumns One or more reference columns to be used to group column values so that they can be shuffled within their own group. The grouping columns and the column to be masked must belong to the same table. list[string] No - -
jsonData - string No - -
length The number of characters that should be there in the substring. It should be an integer and greater than zero. integer No - -
libraryMaskingFormatId The OCID of the library masking format. string No - -
pattern The pattern that should be used to mask data. string No - -
postProcessingFunction The post processing function in SCHEMA_NAME.PACKAGE_NAME.FUNCTION_NAME format. It can be a standalone or packaged function, so PACKAGE_NAME is optional. string No - -
randomList A comma-separated list of values to be used to replace column values. The list can be of strings, numbers, or dates. The data type of each value in the list must be compatible with the data type of the column. The number of entries in the list cannot be more than 999. list[string] No - -
regularExpression The regular expression to be used for masking. For data with characters in the ASCII character set, providing a regular expression is optional. However, it is required if the data contains multi-byte characters. If not provided, an error is returned when a multi-byte character is found. In the case of ASCII characters, if a regular expression is not provided, Deterministic Encryption can encrypt variable-length column values while preserving their original format. If a regular expression is provided, the column values in all the rows must match the regular expression. Deterministic Encryption supports a subset of the regular expression language. It supports encryption of fixed-length strings, and does not support * or + syntax of regular expressions. The encrypted values also match the regular expression, which helps to ensure that the original format is preserved. If an original value does not match the regular expression, Deterministic Encryption might not produce a one-to-one mapping. All non-confirming values are mapped to a single encrypted value, thereby producing a many-to-one mapping. string No - -
replaceWith The value that should be used to replace the data matching the regular expression. It can be a fixed string, fixed number or null value. string No - -
schemaName The name of the schema that contains the substitution column. string No - -
sqlExpression The SQL expression to be used to generate the masked values. It can consist of one or more values, operators, and SQL functions that evaluate to a value. It can also contain substitution columns from the same table. Specify the substitution columns within percent (%) symbols. string No - -
startDate The lower bound of the range within which all the original column values fall. The start date must be less than or equal to the end date. string No - -
startLength The minimum number of characters the generated strings should have. It can be any integer greater than zero, but it must be less than or equal to the end length. integer No - -
startPosition The starting position in the original string from where the substring should be extracted. It can be either a positive or a negative integer. If It's negative, the counting starts from the end of the string. integer No - -
startValue The lower bound of the range within which random decimal numbers should be generated. It must be less than or equal to the end value. It supports input of double type. number No - -
tableName The name of the table that contains the substitution column. string No - -
type - string No - -
userDefinedFunction The user-defined function in SCHEMA_NAME.PACKAGE_NAME.FUNCTION_NAME format. It can be a standalone or packaged function, so PACKAGE_NAME is optional. string No - -

Status

LibraryMaskingFormatStatus defines the observed state of LibraryMaskingFormat.

Field Description Type Required Default Enum
compartmentId The OCID of the compartment that contains the library masking format. string No - -
definedTags Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} map[string, map[string, string]] No - -
description The description of the library masking format. string No - -
displayName The display name of the library masking format. string No - -
formatEntries An array of format entries. The combined output of all the format entries is used for masking. list[object] No - -
freeformTags Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} map[string, string] No - -
id The OCID of the library masking format. string No - -
lifecycleState The current state of the library masking format. string No - -
sensitiveTypeIds An array of OCIDs of the sensitive types compatible with the library masking format. list[string] No - -
source Specifies whether the library masking format is user-defined or predefined. string No - -
status - object Yes - -
timeCreated The date and time the library masking format was created, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339) string No - -
timeUpdated The date and time the library masking format was updated, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339) string No - -

Status.formatEntries[]

Back to LibraryMaskingFormat status

LibraryMaskingFormatFormatEntry defines nested fields for LibraryMaskingFormat.FormatEntry.

Field Description Type Required Default Enum
columnName The name of the substitution column. string No - -
description The description of the format entry. string No - -
endDate The upper bound of the range within which all the original column values fall. The end date must be greater than or equal to the start date. string No - -
endLength The maximum number of characters the generated strings should have. It can be any integer greater than zero, but it must be greater than or equal to the start length. integer No - -
endValue The upper bound of the range within which random decimal numbers should be generated. It must be greater than or equal to the start value. It supports input of double type. number No - -
fixedNumber The constant number to be used for masking. number No - -
fixedString The constant string to be used for masking. string No - -
groupingColumns One or more reference columns to be used to group column values so that they can be shuffled within their own group. The grouping columns and the column to be masked must belong to the same table. list[string] No - -
jsonData - string No - -
length The number of characters that should be there in the substring. It should be an integer and greater than zero. integer No - -
libraryMaskingFormatId The OCID of the library masking format. string No - -
pattern The pattern that should be used to mask data. string No - -
postProcessingFunction The post processing function in SCHEMA_NAME.PACKAGE_NAME.FUNCTION_NAME format. It can be a standalone or packaged function, so PACKAGE_NAME is optional. string No - -
randomList A comma-separated list of values to be used to replace column values. The list can be of strings, numbers, or dates. The data type of each value in the list must be compatible with the data type of the column. The number of entries in the list cannot be more than 999. list[string] No - -
regularExpression The regular expression to be used for masking. For data with characters in the ASCII character set, providing a regular expression is optional. However, it is required if the data contains multi-byte characters. If not provided, an error is returned when a multi-byte character is found. In the case of ASCII characters, if a regular expression is not provided, Deterministic Encryption can encrypt variable-length column values while preserving their original format. If a regular expression is provided, the column values in all the rows must match the regular expression. Deterministic Encryption supports a subset of the regular expression language. It supports encryption of fixed-length strings, and does not support * or + syntax of regular expressions. The encrypted values also match the regular expression, which helps to ensure that the original format is preserved. If an original value does not match the regular expression, Deterministic Encryption might not produce a one-to-one mapping. All non-confirming values are mapped to a single encrypted value, thereby producing a many-to-one mapping. string No - -
replaceWith The value that should be used to replace the data matching the regular expression. It can be a fixed string, fixed number or null value. string No - -
schemaName The name of the schema that contains the substitution column. string No - -
sqlExpression The SQL expression to be used to generate the masked values. It can consist of one or more values, operators, and SQL functions that evaluate to a value. It can also contain substitution columns from the same table. Specify the substitution columns within percent (%) symbols. string No - -
startDate The lower bound of the range within which all the original column values fall. The start date must be less than or equal to the end date. string No - -
startLength The minimum number of characters the generated strings should have. It can be any integer greater than zero, but it must be less than or equal to the end length. integer No - -
startPosition The starting position in the original string from where the substring should be extracted. It can be either a positive or a negative integer. If It's negative, the counting starts from the end of the string. integer No - -
startValue The lower bound of the range within which random decimal numbers should be generated. It must be less than or equal to the end value. It supports input of double type. number No - -
tableName The name of the table that contains the substitution column. string No - -
type - string No - -
userDefinedFunction The user-defined function in SCHEMA_NAME.PACKAGE_NAME.FUNCTION_NAME format. It can be a standalone or packaged function, so PACKAGE_NAME is optional. string No - -

Status.status

Back to LibraryMaskingFormat status

Field Description Type Required Default Enum
async Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. object No - -
conditions - list[object] No - -
createdAt - string (date-time) No - -
deletedAt - string (date-time) No - -
message - string No - -
ocid - string No - -
opcRequestId OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. string No - -
reason - string No - -
requestedAt - string (date-time) No - -
updatedAt - string (date-time) No - -

Status.status.async

Back to LibraryMaskingFormat status

Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.

Field Description Type Required Default Enum
current - object No - -

Status.status.async.current

Back to LibraryMaskingFormat status

Field Description Type Required Default Enum
message - string No - -
normalizedClass - string Yes - attention, canceled, failed, pending, succeeded, unknown
percentComplete - number No - -
phase - string Yes - create, delete, update
rawOperationType - string No - -
rawStatus - string No - -
source - string Yes - lifecycle, none, workrequest
updatedAt - string (date-time) Yes - -
workRequestId - string No - -

Status.status.conditions[]

Back to LibraryMaskingFormat status

Field Description Type Required Default Enum
lastTransitionTime - string (date-time) No - -
message - string No - -
reason - string No - -
status - string Yes - -
type - string Yes - -

MaskingColumn

MaskingColumn is the Schema for the maskingcolumns API.

  • Plural: maskingcolumns
  • Scope: Namespaced
  • APIVersion: datasafe.oracle.com/v1beta1
  • Sample: Sample (config/samples/datasafe_v1beta1_maskingcolumn.yaml)
  • Packages: Not currently exposed by a customer-visible package.

Spec

MaskingColumnSpec defines the desired state of MaskingColumn.

Field Description Type Required Default Enum
columnName The name of the database column. This attribute cannot be updated for an existing masking column. Note that the same name is used for the masking column. There is no separate displayName attribute for the masking column. string Yes - -
isMaskingEnabled Indicates whether data masking is enabled for the masking column. Set it to false if you don't want to mask the column. boolean No - -
maskingColumnGroup The group of the masking column. It's a masking group identifier and can be any string of acceptable length. All the columns in a group are masked together to ensure that the masked data across these columns continue to retain the same logical relationship. For more details, check Group Masking in the Data Safe documentation. string No - -
maskingFormats The masking formats to be assigned to the masking column. You can specify a condition as part of each masking format. It enables you to do conditional masking so that you can mask the column data values differently using different masking formats and the associated conditions. A masking format can have one or more format entries. The combined output of all the format entries is used for masking. It provides the flexibility to define a masking format that can generate different parts of a data value separately and then combine them to get the final data value for masking. list[object] No - -
objectName The name of the object (table or editioning view) that contains the database column. This attribute cannot be updated for an existing masking column. string Yes - -
objectType The type of the object that contains the database column. string No - -
schemaName The name of the schema that contains the database column. This attribute cannot be updated for an existing masking column. string Yes - -
sensitiveTypeId The OCID of the sensitive type to be associated with the masking column. Note that if the maskingFormats attribute isn't provided while creating a masking column, the default masking format associated with the specified sensitive type is assigned to the masking column. string No - -

Spec.maskingFormats[]

Back to MaskingColumn spec

MaskingColumnMaskingFormat defines nested fields for MaskingColumn.MaskingFormat.

Field Description Type Required Default Enum
condition A condition that must be true for applying the masking format. It can be any valid SQL construct that can be used in a SQL predicate. It enables you to do conditional masking so that you can mask the column data values differently using different masking formats and the associated conditions. string No - -
description The description of the masking format. string No - -
formatEntries An array of format entries. The combined output of all the format entries is used for masking the column data values. list[object] Yes - -

Spec.maskingFormats[].formatEntries[]

Back to MaskingColumn spec

MaskingColumnMaskingFormatFormatEntry defines nested fields for MaskingColumn.MaskingFormat.FormatEntry.

Field Description Type Required Default Enum
columnName The name of the substitution column. string No - -
description The description of the format entry. string No - -
endDate The upper bound of the range within which all the original column values fall. The end date must be greater than or equal to the start date. string No - -
endLength The maximum number of characters the generated strings should have. It can be any integer greater than zero, but it must be greater than or equal to the start length. integer No - -
endValue The upper bound of the range within which random decimal numbers should be generated. It must be greater than or equal to the start value. It supports input of double type. number No - -
fixedNumber The constant number to be used for masking. number No - -
fixedString The constant string to be used for masking. string No - -
groupingColumns One or more reference columns to be used to group column values so that they can be shuffled within their own group. The grouping columns and the column to be masked must belong to the same table. list[string] No - -
jsonData - string No - -
length The number of characters that should be there in the substring. It should be an integer and greater than zero. integer No - -
libraryMaskingFormatId The OCID of the library masking format. string No - -
pattern The pattern that should be used to mask data. string No - -
postProcessingFunction The post processing function in SCHEMA_NAME.PACKAGE_NAME.FUNCTION_NAME format. It can be a standalone or packaged function, so PACKAGE_NAME is optional. string No - -
randomList A comma-separated list of values to be used to replace column values. The list can be of strings, numbers, or dates. The data type of each value in the list must be compatible with the data type of the column. The number of entries in the list cannot be more than 999. list[string] No - -
regularExpression The regular expression to be used for masking. For data with characters in the ASCII character set, providing a regular expression is optional. However, it is required if the data contains multi-byte characters. If not provided, an error is returned when a multi-byte character is found. In the case of ASCII characters, if a regular expression is not provided, Deterministic Encryption can encrypt variable-length column values while preserving their original format. If a regular expression is provided, the column values in all the rows must match the regular expression. Deterministic Encryption supports a subset of the regular expression language. It supports encryption of fixed-length strings, and does not support * or + syntax of regular expressions. The encrypted values also match the regular expression, which helps to ensure that the original format is preserved. If an original value does not match the regular expression, Deterministic Encryption might not produce a one-to-one mapping. All non-confirming values are mapped to a single encrypted value, thereby producing a many-to-one mapping. string No - -
replaceWith The value that should be used to replace the data matching the regular expression. It can be a fixed string, fixed number or null value. string No - -
schemaName The name of the schema that contains the substitution column. string No - -
sqlExpression The SQL expression to be used to generate the masked values. It can consist of one or more values, operators, and SQL functions that evaluate to a value. It can also contain substitution columns from the same table. Specify the substitution columns within percent (%) symbols. string No - -
startDate The lower bound of the range within which all the original column values fall. The start date must be less than or equal to the end date. string No - -
startLength The minimum number of characters the generated strings should have. It can be any integer greater than zero, but it must be less than or equal to the end length. integer No - -
startPosition The starting position in the original string from where the substring should be extracted. It can be either a positive or a negative integer. If It's negative, the counting starts from the end of the string. integer No - -
startValue The lower bound of the range within which random decimal numbers should be generated. It must be less than or equal to the end value. It supports input of double type. number No - -
tableName The name of the table that contains the substitution column. string No - -
type - string No - -
userDefinedFunction The user-defined function in SCHEMA_NAME.PACKAGE_NAME.FUNCTION_NAME format. It can be a standalone or packaged function, so PACKAGE_NAME is optional. string No - -

Status

MaskingColumnStatus defines the observed state of MaskingColumn.

Field Description Type Required Default Enum
childColumns An array of child columns that are in referential relationship with the masking column. list[string] No - -
columnName The name of the database column. Note that the same name is used for the masking column. There is no separate displayName attribute for the masking column. string No - -
dataType The data type of the masking column. string No - -
isMaskingEnabled Indicates whether data masking is enabled for the masking column. boolean No - -
key The unique key that identifies the masking column. It's numeric and unique within a masking policy. string No - -
lifecycleDetails Details about the current state of the masking column. string No - -
lifecycleState The current state of the masking column. string No - -
maskingColumnGroup The group of the masking column. All the columns in a group are masked together to ensure that the masked data across these columns continue to retain the same logical relationship. For more details, check Group Masking in the Data Safe documentation. string No - -
maskingFormats An array of masking formats assigned to the masking column. list[object] No - -
maskingPolicyId The OCID of the masking policy that contains the masking column. string No - -
objectName The name of the object (table or editioning view) that contains the database column. string No - -
objectType The type of the object that contains the database column. string No - -
schemaName The name of the schema that contains the database column. string No - -
sensitiveTypeId The OCID of the sensitive type associated with the masking column. string No - -
status - object Yes - -
timeCreated The date and time the masking column was created, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). string No - -
timeUpdated The date and time the masking column was last updated, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). string No - -

Status.maskingFormats[]

Back to MaskingColumn status

MaskingColumnMaskingFormat defines nested fields for MaskingColumn.MaskingFormat.

Field Description Type Required Default Enum
condition A condition that must be true for applying the masking format. It can be any valid SQL construct that can be used in a SQL predicate. It enables you to do conditional masking so that you can mask the column data values differently using different masking formats and the associated conditions. string No - -
description The description of the masking format. string No - -
formatEntries An array of format entries. The combined output of all the format entries is used for masking the column data values. list[object] Yes - -

Status.maskingFormats[].formatEntries[]

Back to MaskingColumn status

MaskingColumnMaskingFormatFormatEntry defines nested fields for MaskingColumn.MaskingFormat.FormatEntry.

Field Description Type Required Default Enum
columnName The name of the substitution column. string No - -
description The description of the format entry. string No - -
endDate The upper bound of the range within which all the original column values fall. The end date must be greater than or equal to the start date. string No - -
endLength The maximum number of characters the generated strings should have. It can be any integer greater than zero, but it must be greater than or equal to the start length. integer No - -
endValue The upper bound of the range within which random decimal numbers should be generated. It must be greater than or equal to the start value. It supports input of double type. number No - -
fixedNumber The constant number to be used for masking. number No - -
fixedString The constant string to be used for masking. string No - -
groupingColumns One or more reference columns to be used to group column values so that they can be shuffled within their own group. The grouping columns and the column to be masked must belong to the same table. list[string] No - -
jsonData - string No - -
length The number of characters that should be there in the substring. It should be an integer and greater than zero. integer No - -
libraryMaskingFormatId The OCID of the library masking format. string No - -
pattern The pattern that should be used to mask data. string No - -
postProcessingFunction The post processing function in SCHEMA_NAME.PACKAGE_NAME.FUNCTION_NAME format. It can be a standalone or packaged function, so PACKAGE_NAME is optional. string No - -
randomList A comma-separated list of values to be used to replace column values. The list can be of strings, numbers, or dates. The data type of each value in the list must be compatible with the data type of the column. The number of entries in the list cannot be more than 999. list[string] No - -
regularExpression The regular expression to be used for masking. For data with characters in the ASCII character set, providing a regular expression is optional. However, it is required if the data contains multi-byte characters. If not provided, an error is returned when a multi-byte character is found. In the case of ASCII characters, if a regular expression is not provided, Deterministic Encryption can encrypt variable-length column values while preserving their original format. If a regular expression is provided, the column values in all the rows must match the regular expression. Deterministic Encryption supports a subset of the regular expression language. It supports encryption of fixed-length strings, and does not support * or + syntax of regular expressions. The encrypted values also match the regular expression, which helps to ensure that the original format is preserved. If an original value does not match the regular expression, Deterministic Encryption might not produce a one-to-one mapping. All non-confirming values are mapped to a single encrypted value, thereby producing a many-to-one mapping. string No - -
replaceWith The value that should be used to replace the data matching the regular expression. It can be a fixed string, fixed number or null value. string No - -
schemaName The name of the schema that contains the substitution column. string No - -
sqlExpression The SQL expression to be used to generate the masked values. It can consist of one or more values, operators, and SQL functions that evaluate to a value. It can also contain substitution columns from the same table. Specify the substitution columns within percent (%) symbols. string No - -
startDate The lower bound of the range within which all the original column values fall. The start date must be less than or equal to the end date. string No - -
startLength The minimum number of characters the generated strings should have. It can be any integer greater than zero, but it must be less than or equal to the end length. integer No - -
startPosition The starting position in the original string from where the substring should be extracted. It can be either a positive or a negative integer. If It's negative, the counting starts from the end of the string. integer No - -
startValue The lower bound of the range within which random decimal numbers should be generated. It must be less than or equal to the end value. It supports input of double type. number No - -
tableName The name of the table that contains the substitution column. string No - -
type - string No - -
userDefinedFunction The user-defined function in SCHEMA_NAME.PACKAGE_NAME.FUNCTION_NAME format. It can be a standalone or packaged function, so PACKAGE_NAME is optional. string No - -

Status.status

Back to MaskingColumn status

Field Description Type Required Default Enum
async Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. object No - -
conditions - list[object] No - -
createdAt - string (date-time) No - -
deletedAt - string (date-time) No - -
message - string No - -
ocid - string No - -
opcRequestId OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. string No - -
reason - string No - -
requestedAt - string (date-time) No - -
updatedAt - string (date-time) No - -

Status.status.async

Back to MaskingColumn status

Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.

Field Description Type Required Default Enum
current - object No - -

Status.status.async.current

Back to MaskingColumn status

Field Description Type Required Default Enum
message - string No - -
normalizedClass - string Yes - attention, canceled, failed, pending, succeeded, unknown
percentComplete - number No - -
phase - string Yes - create, delete, update
rawOperationType - string No - -
rawStatus - string No - -
source - string Yes - lifecycle, none, workrequest
updatedAt - string (date-time) Yes - -
workRequestId - string No - -

Status.status.conditions[]

Back to MaskingColumn status

Field Description Type Required Default Enum
lastTransitionTime - string (date-time) No - -
message - string No - -
reason - string No - -
status - string Yes - -
type - string Yes - -

MaskingPolicy

MaskingPolicy is the Schema for the maskingpolicies API.

  • Plural: maskingpolicies
  • Scope: Namespaced
  • APIVersion: datasafe.oracle.com/v1beta1
  • Sample: Sample (config/samples/datasafe_v1beta1_maskingpolicy.yaml)
  • Packages: Not currently exposed by a customer-visible package.

Spec

MaskingPolicySpec defines the desired state of MaskingPolicy.

Field Description Type Required Default Enum
columnSource MaskingPolicyColumnSource defines nested fields for MaskingPolicy.ColumnSource. object Yes - -
compartmentId The OCID of the compartment where the masking policy should be created. string Yes - -
definedTags Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} map[string, map[string, string]] No - -
description The description of the masking policy. string No - -
displayName The display name of the masking policy. The name does not have to be unique, and it's changeable. string No - -
freeformTags Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} map[string, string] No - -
isDropTempTablesEnabled Indicates if the temporary tables created during a masking operation should be dropped after masking. It's enabled by default. Set this attribute to false to preserve the temporary tables. Masking creates temporary tables that map the original sensitive data values to mask values. By default, these temporary tables are dropped after masking. But, in some cases, you may want to preserve this information to track how masking changed your data. Note that doing so compromises security. These tables must be dropped before the database is available for unprivileged users. boolean No - -
isRedoLoggingEnabled Indicates if redo logging is enabled during a masking operation. It's disabled by default. Set this attribute to true to enable redo logging. By default, masking disables redo logging and flashback logging to purge any original unmasked data from logs. However, in certain circumstances when you only want to test masking, rollback changes, and retry masking, you could enable logging and use a flashback database to retrieve the original unmasked data after it has been masked. boolean No - -
isRefreshStatsEnabled Indicates if statistics gathering is enabled. It's enabled by default. Set this attribute to false to disable statistics gathering. The masking process gathers statistics on masked database tables after masking completes. boolean No - -
parallelDegree Specifies options to enable parallel execution when running data masking. Allowed values are 'NONE' (no parallelism), 'DEFAULT' (the Oracle Database computes the optimum degree of parallelism) or an integer value to be used as the degree of parallelism. Parallel execution helps effectively use multiple CPUs and improve masking performance. Refer to the Oracle Database parallel execution framework when choosing an explicit degree of parallelism. string No - -
postMaskingScript A post-masking script, which can contain SQL and PL/SQL statements. It's executed after the core masking script generated using the masking policy. It's usually used to perform additional transformation or cleanup work after masking. string No - -
preMaskingScript A pre-masking script, which can contain SQL and PL/SQL statements. It's executed before the core masking script generated using the masking policy. It's usually used to perform any preparation or prerequisite work before masking data. string No - -
recompile Specifies how to recompile invalid objects post data masking. Allowed values are 'SERIAL' (recompile in serial), 'PARALLEL' (recompile in parallel), 'NONE' (do not recompile). If it's set to PARALLEL, the value of parallelDegree attribute is used. Use the built-in UTL_RECOMP package to recompile any remaining invalid objects after masking completes. string No - -

Spec.columnSource

Back to MaskingPolicy spec

MaskingPolicyColumnSource defines nested fields for MaskingPolicy.ColumnSource.

Field Description Type Required Default Enum
columnSource - string No - -
jsonData - string No - -
sensitiveDataModelId The OCID of the sensitive data model to be associated as the column source with the masking policy. string No - -
targetId The OCID of the target database to be associated as the column source with the masking policy. string No - -

Status

MaskingPolicyStatus defines the observed state of MaskingPolicy.

Field Description Type Required Default Enum
areTargetCredentialsRequired Specifies whether target database credentials are required to perform masking with this policy boolean No - -
columnSource MaskingPolicyColumnSource defines nested fields for MaskingPolicy.ColumnSource. object No - -
compartmentId The OCID of the compartment that contains the masking policy. string No - -
definedTags Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} map[string, map[string, string]] No - -
description The description of the masking policy. string No - -
displayName The display name of the masking policy. string No - -
freeformTags Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} map[string, string] No - -
id The OCID of the masking policy. string No - -
isDropTempTablesEnabled Indicates if the temporary tables created during a masking operation should be dropped after masking. It's enabled by default. Set this attribute to false to preserve the temporary tables. Masking creates temporary tables that map the original sensitive data values to mask values. By default, these temporary tables are dropped after masking. But, in some cases, you may want to preserve this information to track how masking changed your data. Note that doing so compromises security. These tables must be dropped before the database is available for unprivileged users. boolean No - -
isRedoLoggingEnabled Indicates if redo logging is enabled during a masking operation. It's disabled by default. Set this attribute to true to enable redo logging. By default, masking disables redo logging and flashback logging to purge any original unmasked data from logs. However, in certain circumstances when you only want to test masking, rollback changes, and retry masking, you could enable logging and use a flashback database to retrieve the original unmasked data after it has been masked. boolean No - -
isRefreshStatsEnabled Indicates if statistics gathering is enabled. It's enabled by default. Set this attribute to false to disable statistics gathering. The masking process gathers statistics on masked database tables after masking completes. boolean No - -
lifecycleState The current state of the masking policy. string No - -
parallelDegree Specifies options to enable parallel execution when running data masking. Allowed values are 'NONE' (no parallelism), 'DEFAULT' (the Oracle Database computes the optimum degree of parallelism) or an integer value to be used as the degree of parallelism. Parallel execution helps effectively use multiple CPUs and improve masking performance. Refer to the Oracle Database parallel execution framework when choosing an explicit degree of parallelism. string No - -
postMaskingScript A post-masking script, which can contain SQL and PL/SQL statements. It's executed after the core masking script generated using the masking policy. It's usually used to perform additional transformation or cleanup work after masking. string No - -
preMaskingScript A pre-masking script, which can contain SQL and PL/SQL statements. It's executed before the core masking script generated using the masking policy. It's usually used to perform any preparation or prerequisite work before masking data. string No - -
recompile Specifies how to recompile invalid objects post data masking. Allowed values are 'SERIAL' (recompile in serial), 'PARALLEL' (recompile in parallel), 'NONE' (do not recompile). If it's set to PARALLEL, the value of parallelDegree attribute is used. Use the built-in UTL_RECOMP package to recompile any remaining invalid objects after masking completes. string No - -
status - object Yes - -
timeCreated The date and time the masking policy was created, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). string No - -
timeUpdated The date and time the masking policy was last updated, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339) string No - -

Status.columnSource

Back to MaskingPolicy status

MaskingPolicyColumnSource defines nested fields for MaskingPolicy.ColumnSource.

Field Description Type Required Default Enum
columnSource - string No - -
jsonData - string No - -
sensitiveDataModelId The OCID of the sensitive data model to be associated as the column source with the masking policy. string No - -
targetId The OCID of the target database to be associated as the column source with the masking policy. string No - -

Status.status

Back to MaskingPolicy status

Field Description Type Required Default Enum
async Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. object No - -
conditions - list[object] No - -
createdAt - string (date-time) No - -
deletedAt - string (date-time) No - -
message - string No - -
ocid - string No - -
opcRequestId OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. string No - -
reason - string No - -
requestedAt - string (date-time) No - -
updatedAt - string (date-time) No - -

Status.status.async

Back to MaskingPolicy status

Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.

Field Description Type Required Default Enum
current - object No - -

Status.status.async.current

Back to MaskingPolicy status

Field Description Type Required Default Enum
message - string No - -
normalizedClass - string Yes - attention, canceled, failed, pending, succeeded, unknown
percentComplete - number No - -
phase - string Yes - create, delete, update
rawOperationType - string No - -
rawStatus - string No - -
source - string Yes - lifecycle, none, workrequest
updatedAt - string (date-time) Yes - -
workRequestId - string No - -

Status.status.conditions[]

Back to MaskingPolicy status

Field Description Type Required Default Enum
lastTransitionTime - string (date-time) No - -
message - string No - -
reason - string No - -
status - string Yes - -
type - string Yes - -

OnPremConnector

OnPremConnector is the Schema for the onpremconnectors API.

  • Plural: onpremconnectors
  • Scope: Namespaced
  • APIVersion: datasafe.oracle.com/v1beta1
  • Sample: Sample (config/samples/datasafe_v1beta1_onpremconnector.yaml)
  • Packages: Not currently exposed by a customer-visible package.

Spec

OnPremConnectorSpec defines the desired state of OnPremConnector.

Field Description Type Required Default Enum
compartmentId The OCID of the compartment where you want to create the on-premises connector. string Yes - -
definedTags Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} map[string, map[string, string]] No - -
description The description of the on-premises connector. string No - -
displayName The display name of the on-premises connector. The name does not have to be unique, and it's changeable. string No - -
freeformTags Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} map[string, string] No - -

Status

OnPremConnectorStatus defines the observed state of OnPremConnector.

Field Description Type Required Default Enum
availableVersion Latest available version of the on-premises connector. string No - -
compartmentId The OCID of the compartment that contains the on-premises connector. string No - -
createdVersion Created version of the on-premises connector. string No - -
definedTags Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} map[string, map[string, string]] No - -
description The description of the on-premises connector. string No - -
displayName The display name of the on-premises connector. string No - -
freeformTags Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} map[string, string] No - -
id The OCID of the on-premises connector. string No - -
lifecycleDetails Details about the current state of the on-premises connector. string No - -
lifecycleState The current state of the on-premises connector. string No - -
status - object Yes - -
systemTags System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"orcl-cloud": {"free-tier-retained": "true"}} map[string, map[string, string]] No - -
timeCreated The date and time the on-premises connector was created, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). string No - -

Status.status

Back to OnPremConnector status

Field Description Type Required Default Enum
async Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. object No - -
conditions - list[object] No - -
createdAt - string (date-time) No - -
deletedAt - string (date-time) No - -
message - string No - -
ocid - string No - -
opcRequestId OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. string No - -
reason - string No - -
requestedAt - string (date-time) No - -
updatedAt - string (date-time) No - -

Status.status.async

Back to OnPremConnector status

Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.

Field Description Type Required Default Enum
current - object No - -

Status.status.async.current

Back to OnPremConnector status

Field Description Type Required Default Enum
message - string No - -
normalizedClass - string Yes - attention, canceled, failed, pending, succeeded, unknown
percentComplete - number No - -
phase - string Yes - create, delete, update
rawOperationType - string No - -
rawStatus - string No - -
source - string Yes - lifecycle, none, workrequest
updatedAt - string (date-time) Yes - -
workRequestId - string No - -

Status.status.conditions[]

Back to OnPremConnector status

Field Description Type Required Default Enum
lastTransitionTime - string (date-time) No - -
message - string No - -
reason - string No - -
status - string Yes - -
type - string Yes - -

PeerTargetDatabase

PeerTargetDatabase is the Schema for the peertargetdatabases API.

  • Plural: peertargetdatabases
  • Scope: Namespaced
  • APIVersion: datasafe.oracle.com/v1beta1
  • Sample: Sample (config/samples/datasafe_v1beta1_peertargetdatabase.yaml)
  • Packages: Not currently exposed by a customer-visible package.

Spec

PeerTargetDatabaseSpec defines the desired state of PeerTargetDatabase.

Field Description Type Required Default Enum
databaseDetails PeerTargetDatabaseDatabaseDetails defines nested fields for PeerTargetDatabase.DatabaseDetails. object Yes - -
dataguardAssociationId The OCID of the Data Guard Association resource in which the database being registered is considered as peer database to the primary database. string No - -
description The description of the peer target database in Data Safe. string No - -
displayName The display name of the peer target database in Data Safe. The name is modifiable and does not need to be unique. string No - -
tlsConfig PeerTargetDatabaseTlsConfig defines nested fields for PeerTargetDatabase.TlsConfig. object No - -

Spec.databaseDetails

Back to PeerTargetDatabase spec

PeerTargetDatabaseDatabaseDetails defines nested fields for PeerTargetDatabase.DatabaseDetails.

Field Description Type Required Default Enum
autonomousDatabaseId The OCID of the Autonomous Database registered as a target database in Data Safe. string No - -
databaseType - string No - -
dbSystemId The OCID of the cloud database registered as a target database in Data Safe. string No - -
infrastructureType The infrastructure type the database is running on. string Yes - -
instanceId The OCID of the compute instance on which the database is running. string No - -
ipAddresses The list of database host IP Addresses. Fully qualified domain names can be used if connectionType is 'ONPREM_CONNECTOR'. list[string] No - -
jsonData - string No - -
listenerPort The port number of the database listener. integer No - -
pluggableDatabaseId The OCID of the pluggable database registered as a target database in Data Safe. string No - -
serviceName The service name of the database registered as target database. string No - -
vmClusterId The OCID of the VM cluster in which the database is running. string No - -

Spec.tlsConfig

Back to PeerTargetDatabase spec

PeerTargetDatabaseTlsConfig defines nested fields for PeerTargetDatabase.TlsConfig.

Field Description Type Required Default Enum
certificateStoreType The format of the certificate store. string No - -
keyStoreContent Base64 encoded string of key store file content. string No - -
status Status to represent whether the database connection is TLS enabled or not. string Yes - -
storePassword The password to read the trust store and key store files, if they are password protected. string No - -
trustStoreContent Base64 encoded string of trust store file content. string No - -

Status

PeerTargetDatabaseStatus defines the observed state of PeerTargetDatabase.

Field Description Type Required Default Enum
databaseDetails PeerTargetDatabaseDatabaseDetails defines nested fields for PeerTargetDatabase.DatabaseDetails. object No - -
databaseUniqueName Unique name of the database associated to the peer target database. string No - -
dataguardAssociationId The OCID of the Data Guard Association resource in which the database associated to the peer target database is considered as peer database to the primary database. string No - -
description The description of the peer target database in Data Safe. string No - -
displayName The display name of the peer target database in Data Safe. string No - -
key The secondary key assigned for the peer target database in Data Safe. integer No - -
lifecycleDetails Details about the current state of the peer target database in Data Safe. string No - -
lifecycleState The current state of the peer target database in Data Safe. string No - -
role Role of the database associated to the peer target database. string No - -
status - object Yes - -
timeCreated The date and time of the peer target database registration in Data Safe. string No - -
tlsConfig PeerTargetDatabaseTlsConfig defines nested fields for PeerTargetDatabase.TlsConfig. object No - -

Status.databaseDetails

Back to PeerTargetDatabase status

PeerTargetDatabaseDatabaseDetails defines nested fields for PeerTargetDatabase.DatabaseDetails.

Field Description Type Required Default Enum
autonomousDatabaseId The OCID of the Autonomous Database registered as a target database in Data Safe. string No - -
databaseType - string No - -
dbSystemId The OCID of the cloud database registered as a target database in Data Safe. string No - -
infrastructureType The infrastructure type the database is running on. string Yes - -
instanceId The OCID of the compute instance on which the database is running. string No - -
ipAddresses The list of database host IP Addresses. Fully qualified domain names can be used if connectionType is 'ONPREM_CONNECTOR'. list[string] No - -
jsonData - string No - -
listenerPort The port number of the database listener. integer No - -
pluggableDatabaseId The OCID of the pluggable database registered as a target database in Data Safe. string No - -
serviceName The service name of the database registered as target database. string No - -
vmClusterId The OCID of the VM cluster in which the database is running. string No - -

Status.status

Back to PeerTargetDatabase status

Field Description Type Required Default Enum
async Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. object No - -
conditions - list[object] No - -
createdAt - string (date-time) No - -
deletedAt - string (date-time) No - -
message - string No - -
ocid - string No - -
opcRequestId OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. string No - -
reason - string No - -
requestedAt - string (date-time) No - -
updatedAt - string (date-time) No - -

Status.status.async

Back to PeerTargetDatabase status

Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.

Field Description Type Required Default Enum
current - object No - -

Status.status.async.current

Back to PeerTargetDatabase status

Field Description Type Required Default Enum
message - string No - -
normalizedClass - string Yes - attention, canceled, failed, pending, succeeded, unknown
percentComplete - number No - -
phase - string Yes - create, delete, update
rawOperationType - string No - -
rawStatus - string No - -
source - string Yes - lifecycle, none, workrequest
updatedAt - string (date-time) Yes - -
workRequestId - string No - -

Status.status.conditions[]

Back to PeerTargetDatabase status

Field Description Type Required Default Enum
lastTransitionTime - string (date-time) No - -
message - string No - -
reason - string No - -
status - string Yes - -
type - string Yes - -

Status.tlsConfig

Back to PeerTargetDatabase status

PeerTargetDatabaseTlsConfig defines nested fields for PeerTargetDatabase.TlsConfig.

Field Description Type Required Default Enum
certificateStoreType The format of the certificate store. string No - -
keyStoreContent Base64 encoded string of key store file content. string No - -
status Status to represent whether the database connection is TLS enabled or not. string Yes - -
storePassword The password to read the trust store and key store files, if they are password protected. string No - -
trustStoreContent Base64 encoded string of trust store file content. string No - -

ReferentialRelation

ReferentialRelation is the Schema for the referentialrelations API.

  • Plural: referentialrelations
  • Scope: Namespaced
  • APIVersion: datasafe.oracle.com/v1beta1
  • Sample: Sample (config/samples/datasafe_v1beta1_referentialrelation.yaml)
  • Packages: Not currently exposed by a customer-visible package.

Spec

ReferentialRelationSpec defines the desired state of ReferentialRelation.

Field Description Type Required Default Enum
child ReferentialRelationChild defines nested fields for ReferentialRelation.Child. object Yes - -
isSensitive Add to sensitive data model if passed true. If false is passed, then the columns will not be added in the sensitive data model as sensitive columns and if sensitive type OCIDs are assigned to the columns, then the sensitive type OCIDs will not be retained. boolean No - -
parent ReferentialRelationParent defines nested fields for ReferentialRelation.Parent. object Yes - -
relationType The type of referential relationship the sensitive column has with its parent. DB_DEFINED indicates that the relationship is defined in the database dictionary. APP_DEFINED indicates that the relationship is defined at the application level and not in the database dictionary. string Yes - -

Spec.child

Back to ReferentialRelation spec

ReferentialRelationChild defines nested fields for ReferentialRelation.Child.

Field Description Type Required Default Enum
appName The application name. string Yes - -
columnGroup Group of columns in referential relation. Order needs to be maintained in the elements of the parent/child array listing. list[string] Yes - -
objectName The database object that contains the columns. string Yes - -
objectType The type of the database object that contains the sensitive column. string Yes - -
schemaName The schema name. string Yes - -
sensitiveTypeIds Sensitive type ocids of each column groups. Order needs to be maintained with the parent column group. For the DB defined referential relations identified during SDM creation, we cannot add sensitive types. Instead use the sensitiveColumn POST API to mark the columns sensitive. list[string] No - -

Spec.parent

Back to ReferentialRelation spec

ReferentialRelationParent defines nested fields for ReferentialRelation.Parent.

Field Description Type Required Default Enum
appName The application name. string Yes - -
columnGroup Group of columns in referential relation. Order needs to be maintained in the elements of the parent/child array listing. list[string] Yes - -
objectName The database object that contains the columns. string Yes - -
objectType The type of the database object that contains the sensitive column. string Yes - -
schemaName The schema name. string Yes - -
sensitiveTypeIds Sensitive type ocids of each column groups. Order needs to be maintained with the parent column group. For the DB defined referential relations identified during SDM creation, we cannot add sensitive types. Instead use the sensitiveColumn POST API to mark the columns sensitive. list[string] No - -

Status

ReferentialRelationStatus defines the observed state of ReferentialRelation.

Field Description Type Required Default Enum
child ReferentialRelationChild defines nested fields for ReferentialRelation.Child. object No - -
isSensitive Determines if the columns present in the referential relation is present in the sensitive data model boolean No - -
key The unique key that identifies the referential relation. It's numeric and unique within a sensitive data model. string No - -
lifecycleState The current state of the referential relation. string No - -
parent ReferentialRelationParent defines nested fields for ReferentialRelation.Parent. object No - -
relationType The type of referential relationship the sensitive column has with its parent. NONE indicates that the sensitive column does not have a parent. DB_DEFINED indicates that the relationship is defined in the database dictionary. APP_DEFINED indicates that the relationship is defined at the application level and not in the database dictionary. string No - -
sensitiveDataModelId The OCID of the sensitive data model that contains the sensitive column. string No - -
status - object Yes - -

Status.child

Back to ReferentialRelation status

ReferentialRelationChild defines nested fields for ReferentialRelation.Child.

Field Description Type Required Default Enum
appName The application name. string Yes - -
columnGroup Group of columns in referential relation. Order needs to be maintained in the elements of the parent/child array listing. list[string] Yes - -
objectName The database object that contains the columns. string Yes - -
objectType The type of the database object that contains the sensitive column. string Yes - -
schemaName The schema name. string Yes - -
sensitiveTypeIds Sensitive type ocids of each column groups. Order needs to be maintained with the parent column group. For the DB defined referential relations identified during SDM creation, we cannot add sensitive types. Instead use the sensitiveColumn POST API to mark the columns sensitive. list[string] No - -

Status.parent

Back to ReferentialRelation status

ReferentialRelationParent defines nested fields for ReferentialRelation.Parent.

Field Description Type Required Default Enum
appName The application name. string Yes - -
columnGroup Group of columns in referential relation. Order needs to be maintained in the elements of the parent/child array listing. list[string] Yes - -
objectName The database object that contains the columns. string Yes - -
objectType The type of the database object that contains the sensitive column. string Yes - -
schemaName The schema name. string Yes - -
sensitiveTypeIds Sensitive type ocids of each column groups. Order needs to be maintained with the parent column group. For the DB defined referential relations identified during SDM creation, we cannot add sensitive types. Instead use the sensitiveColumn POST API to mark the columns sensitive. list[string] No - -

Status.status

Back to ReferentialRelation status

Field Description Type Required Default Enum
async Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. object No - -
conditions - list[object] No - -
createdAt - string (date-time) No - -
deletedAt - string (date-time) No - -
message - string No - -
ocid - string No - -
opcRequestId OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. string No - -
reason - string No - -
requestedAt - string (date-time) No - -
updatedAt - string (date-time) No - -

Status.status.async

Back to ReferentialRelation status

Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.

Field Description Type Required Default Enum
current - object No - -

Status.status.async.current

Back to ReferentialRelation status

Field Description Type Required Default Enum
message - string No - -
normalizedClass - string Yes - attention, canceled, failed, pending, succeeded, unknown
percentComplete - number No - -
phase - string Yes - create, delete, update
rawOperationType - string No - -
rawStatus - string No - -
source - string Yes - lifecycle, none, workrequest
updatedAt - string (date-time) Yes - -
workRequestId - string No - -

Status.status.conditions[]

Back to ReferentialRelation status

Field Description Type Required Default Enum
lastTransitionTime - string (date-time) No - -
message - string No - -
reason - string No - -
status - string Yes - -
type - string Yes - -

ReportDefinition

ReportDefinition is the Schema for the reportdefinitions API.

  • Plural: reportdefinitions
  • Scope: Namespaced
  • APIVersion: datasafe.oracle.com/v1beta1
  • Sample: Sample (config/samples/datasafe_v1beta1_reportdefinition.yaml)
  • Packages: Not currently exposed by a customer-visible package.

Spec

ReportDefinitionSpec defines the desired state of ReportDefinition.

Field Description Type Required Default Enum
columnFilters An array of column filter objects. A column Filter object stores all information about a column filter including field name, an operator, one or more expressions, if the filter is enabled, or if the filter is hidden. list[object] Yes - -
columnInfo An array of column objects in the order (left to right) displayed in the report. A column object stores all information about a column, including the name displayed on the UI, corresponding field name in the data source, data type of the column, and column visibility (if the column is visible to the user). list[object] Yes - -
columnSortings An array of column sorting objects. Each column sorting object stores the column name to be sorted and if the sorting is in ascending order; sorting is done by the first column in the array, then by the second column in the array, etc. list[object] Yes - -
compartmentId The OCID of the compartment containing the report definition. string Yes - -
definedTags Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} map[string, map[string, string]] No - -
description The description of the report definition. string No - -
displayName Specifies the name of the report definition. string Yes - -
freeformTags Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} map[string, string] No - -
parentId The OCID of the parent report definition. string Yes - -
summary An array of report summary objects in the order (left to right) displayed in the report. A report summary object stores all information about summary of report to be displayed, including the name displayed on UI, the display order, corresponding group by and count of values, summary visibility (if the summary is visible to user). list[object] Yes - -

Spec.columnFilters[]

Back to ReportDefinition spec

ReportDefinitionColumnFilter defines nested fields for ReportDefinition.ColumnFilter.

Field Description Type Required Default Enum
expressions An array of expressions based on the operator type. A filter may have one or more expressions. list[string] Yes - -
fieldName Name of the column on which the filter must be applied. string Yes - -
isEnabled Indicates whether the filter is enabled. Values can either be 'true' or 'false'. boolean Yes - -
isHidden Indicates whether the filter is hidden. Values can either be 'true' or 'false'. boolean Yes - -
operator Specifies the type of operator that must be applied for example in, eq etc. string Yes - -

Spec.columnInfo[]

Back to ReportDefinition spec

ReportDefinitionColumnInfo defines nested fields for ReportDefinition.ColumnInfo.

Field Description Type Required Default Enum
applicableOperators An array of operators that can be supported by column fieldName. list[string] No - -
dataType Specifies the data type of the column. string No - -
displayName Name of the column displayed on UI. string Yes - -
displayOrder Specifies the display order of the column. integer Yes - -
fieldName Specifies the corresponding field name in the data source. string Yes - -
isHidden Indicates if the column is hidden. Values can either be 'true' or 'false'. boolean Yes - -
isVirtual Specifies if column is virtual and can only be used as column filter. boolean No - -

Spec.columnSortings[]

Back to ReportDefinition spec

ReportDefinitionColumnSorting defines nested fields for ReportDefinition.ColumnSorting.

Field Description Type Required Default Enum
fieldName Name of the column that must be sorted. string Yes - -
isAscending Indicates if the column must be sorted in ascending order. Values can either be 'true' or 'false'. boolean Yes - -
sortingOrder Indicates the order at which column must be sorted. integer Yes - -

Spec.summary[]

Back to ReportDefinition spec

ReportDefinitionSummary defines nested fields for ReportDefinition.Summary.

Field Description Type Required Default Enum
countOf Name of the key or count of object. string No - -
displayOrder Specifies the order in which the summary must be displayed. integer Yes - -
groupByFieldName A comma-delimited string that specifies the names of the fields by which the records must be aggregated to get the summary. string No - -
isHidden Indicates if the summary is hidden. Values can either be 'true' or 'false'. boolean No - -
name Name of the report summary. string Yes - -
scimFilter Additional scim filters used to get the specific summary. string No - -

Status

ReportDefinitionStatus defines the observed state of ReportDefinition.

Field Description Type Required Default Enum
category Specifies the name of the category that this report belongs to. string No - -
columnFilters An array of columnFilter objects. A columnFilter object stores all information about a column filter including field name, an operator, one or more expressions, if the filter is enabled, or if the filter is hidden. list[object] No - -
columnInfo An array of column objects in the order (left to right) displayed in the report. A column object stores all information about a column, including the name displayed on the UI, corresponding field name in the data source, data type of the column, and column visibility (if the column is visible to the user). list[object] No - -
columnSortings An array of column sorting objects. Each column sorting object stores the column name to be sorted and if the sorting is in ascending order; sorting is done by the first column in the array, then by the second column in the array, etc. list[object] No - -
compartmentId The OCID of the compartment containing the report definition. string No - -
complianceStandards The list of the data protection regulations/standards used in the report that will help demonstrate compliance. list[string] No - -
dataSource Specifies the name of a resource that provides data for the report. For example alerts, events. string No - -
definedTags Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} map[string, map[string, string]] No - -
description A description of the report definition. string No - -
displayName Name of the report definition. string No - -
displayOrder Specifies how the report definitions are ordered in the display. integer No - -
freeformTags Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} map[string, string] No - -
id The OCID of the report definition. string No - -
isSeeded Signifies whether the definition is seeded or user defined. Values can either be 'true' or 'false'. boolean No - -
lifecycleDetails Details about the current state of the report definition in Data Safe. string No - -
lifecycleState The current state of the report. string No - -
parentId The OCID of the parent report definition. In the case of seeded report definition, this is same as definition OCID. string No - -
recordTimeSpan The time span for the records in the report to be scheduled. Allowed period strings - "H","D","M","Y" Each of the above fields potentially introduce constraints. A workRequest is created only when period-value satisfies all the constraints. Constraints introduced: 1. period = H (The allowed range for period-value is [1, 23]) 2. period = D (The allowed range for period-value is [1, 30]) 3. period = M (The allowed range for period-value is [1, 11]) 4. period = Y (The minimum period-value is 1) string No - -
schedule The schedule to generate the report periodically in the specified format: ; Allowed version strings - "v1" v1's version specific schedule - Each of the above fields potentially introduce constraints. A workrequest is created only when clock time satisfies all the constraints. Constraints introduced: 1. seconds = (So, the allowed range for is [0, 59]) 2. minutes = (So, the allowed range for is [0, 59]) 3. hours = (So, the allowed range for is [0, 23]) 4. can be either '' (without quotes or a number between 1(Monday) and 7(Sunday)) No constraint introduced when it is ''. When not, day of week must equal the given value 5. can be either '' (without quotes or a number between 1 and 28) No constraint introduced when it is ''. When not, day of month must equal the given value string No - -
scheduledReportCompartmentId The OCID of the compartment in which the scheduled resource will be created. string No - -
scheduledReportMimeType Specifies the format of the report ( either .xls or .pdf or .json) string No - -
scheduledReportName The name of the report to be scheduled. string No - -
scheduledReportRowLimit Specifies the limit on the number of rows in the report. integer No - -
scimFilter Additional SCIM filters used to define the report. string No - -
status - object Yes - -
summary An array of report summary objects in the order (left to right) displayed in the report. A report summary object stores all information about summary of report to be displayed, including the name displayed on UI, the display order, corresponding group by and count of values, summary visibility (if the summary is visible to user). list[object] No - -
systemTags System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"orcl-cloud": {"free-tier-retained": "true"}} map[string, map[string, string]] No - -
timeCreated Specifies the date and time the report definition was created. string No - -
timeUpdated The date and time the report definition was updated. string No - -

Status.columnFilters[]

Back to ReportDefinition status

ReportDefinitionColumnFilter defines nested fields for ReportDefinition.ColumnFilter.

Field Description Type Required Default Enum
expressions An array of expressions based on the operator type. A filter may have one or more expressions. list[string] Yes - -
fieldName Name of the column on which the filter must be applied. string Yes - -
isEnabled Indicates whether the filter is enabled. Values can either be 'true' or 'false'. boolean Yes - -
isHidden Indicates whether the filter is hidden. Values can either be 'true' or 'false'. boolean Yes - -
operator Specifies the type of operator that must be applied for example in, eq etc. string Yes - -

Status.columnInfo[]

Back to ReportDefinition status

ReportDefinitionColumnInfo defines nested fields for ReportDefinition.ColumnInfo.

Field Description Type Required Default Enum
applicableOperators An array of operators that can be supported by column fieldName. list[string] No - -
dataType Specifies the data type of the column. string No - -
displayName Name of the column displayed on UI. string Yes - -
displayOrder Specifies the display order of the column. integer Yes - -
fieldName Specifies the corresponding field name in the data source. string Yes - -
isHidden Indicates if the column is hidden. Values can either be 'true' or 'false'. boolean Yes - -
isVirtual Specifies if column is virtual and can only be used as column filter. boolean No - -

Status.columnSortings[]

Back to ReportDefinition status

ReportDefinitionColumnSorting defines nested fields for ReportDefinition.ColumnSorting.

Field Description Type Required Default Enum
fieldName Name of the column that must be sorted. string Yes - -
isAscending Indicates if the column must be sorted in ascending order. Values can either be 'true' or 'false'. boolean Yes - -
sortingOrder Indicates the order at which column must be sorted. integer Yes - -

Status.status

Back to ReportDefinition status

Field Description Type Required Default Enum
async Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. object No - -
conditions - list[object] No - -
createdAt - string (date-time) No - -
deletedAt - string (date-time) No - -
message - string No - -
ocid - string No - -
opcRequestId OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. string No - -
reason - string No - -
requestedAt - string (date-time) No - -
updatedAt - string (date-time) No - -

Status.status.async

Back to ReportDefinition status

Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.

Field Description Type Required Default Enum
current - object No - -

Status.status.async.current

Back to ReportDefinition status

Field Description Type Required Default Enum
message - string No - -
normalizedClass - string Yes - attention, canceled, failed, pending, succeeded, unknown
percentComplete - number No - -
phase - string Yes - create, delete, update
rawOperationType - string No - -
rawStatus - string No - -
source - string Yes - lifecycle, none, workrequest
updatedAt - string (date-time) Yes - -
workRequestId - string No - -

Status.status.conditions[]

Back to ReportDefinition status

Field Description Type Required Default Enum
lastTransitionTime - string (date-time) No - -
message - string No - -
reason - string No - -
status - string Yes - -
type - string Yes - -

Status.summary[]

Back to ReportDefinition status

ReportDefinitionSummary defines nested fields for ReportDefinition.Summary.

Field Description Type Required Default Enum
countOf Name of the key or count of object. string No - -
displayOrder Specifies the order in which the summary must be displayed. integer Yes - -
groupByFieldName A comma-delimited string that specifies the names of the fields by which the records must be aggregated to get the summary. string No - -
isHidden Indicates if the summary is hidden. Values can either be 'true' or 'false'. boolean No - -
name Name of the report summary. string Yes - -
scimFilter Additional scim filters used to get the specific summary. string No - -

SdmMaskingPolicyDifference

SdmMaskingPolicyDifference is the Schema for the sdmmaskingpolicydifferences API.

  • Plural: sdmmaskingpolicydifferences
  • Scope: Namespaced
  • APIVersion: datasafe.oracle.com/v1beta1
  • Sample: Sample (config/samples/datasafe_v1beta1_sdmmaskingpolicydifference.yaml)
  • Packages: Not currently exposed by a customer-visible package.

Spec

SdmMaskingPolicyDifferenceSpec defines the desired state of SdmMaskingPolicyDifference.

Field Description Type Required Default Enum
compartmentId The OCID of the compartment where the SDM masking policy difference resource should be created. string Yes - -
definedTags Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} map[string, map[string, string]] No - -
differenceType The type of the SDM masking policy difference. It defines the difference scope. NEW identifies new sensitive columns in the sensitive data model that are not in the masking policy. DELETED identifies columns that are present in the masking policy but have been deleted from the sensitive data model. MODIFIED identifies columns that are present in the sensitive data model as well as the masking policy but some of their attributes have been modified. ALL covers all the above three scenarios and reports new, deleted and modified columns. string No - -
displayName A user-friendly name for the SDM masking policy difference. Does not have to be unique, and it is changeable. Avoid entering confidential information. string No - -
freeformTags Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} map[string, string] No - -
maskingPolicyId The OCID of the masking policy. Note that if the masking policy is not associated with an SDM, CreateSdmMaskingPolicyDifference operation won't be allowed. string Yes - -

Status

SdmMaskingPolicyDifferenceStatus defines the observed state of SdmMaskingPolicyDifference.

Field Description Type Required Default Enum
compartmentId The OCID of the compartment that contains the Sensitive data model and masking policy difference resource. string No - -
definedTags Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} map[string, map[string, string]] No - -
differenceType The type of the SDM masking policy difference. It defines the difference scope. NEW identifies new sensitive columns in the sensitive data model that are not in the masking policy. DELETED identifies columns that are present in the masking policy but have been deleted from the sensitive data model. MODIFIED identifies columns that are present in the sensitive data model as well as the masking policy but some of their attributes have been modified. ALL covers all the above three scenarios and reports new, deleted and modified columns. string No - -
displayName The display name of the SDM masking policy difference. string No - -
freeformTags Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} map[string, string] No - -
id The OCID of the Sensitive data model and masking policy difference resource. string No - -
lifecycleState The current state of the SDM masking policy difference. string No - -
maskingPolicyId The OCID of the masking policy associated with the SDM masking policy difference. string No - -
sensitiveDataModelId The OCID of the sensitive data model associated with the SDM masking policy difference. string No - -
status - object Yes - -
systemTags System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"orcl-cloud": {"free-tier-retained": "true"}} map[string, map[string, string]] No - -
timeCreated The date and time the SDM masking policy difference was created, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). string No - -
timeCreationStarted The date and time the SDM masking policy difference creation started, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). string No - -

Status.status

Back to SdmMaskingPolicyDifference status

Field Description Type Required Default Enum
async Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. object No - -
conditions - list[object] No - -
createdAt - string (date-time) No - -
deletedAt - string (date-time) No - -
message - string No - -
ocid - string No - -
opcRequestId OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. string No - -
reason - string No - -
requestedAt - string (date-time) No - -
updatedAt - string (date-time) No - -

Status.status.async

Back to SdmMaskingPolicyDifference status

Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.

Field Description Type Required Default Enum
current - object No - -

Status.status.async.current

Back to SdmMaskingPolicyDifference status

Field Description Type Required Default Enum
message - string No - -
normalizedClass - string Yes - attention, canceled, failed, pending, succeeded, unknown
percentComplete - number No - -
phase - string Yes - create, delete, update
rawOperationType - string No - -
rawStatus - string No - -
source - string Yes - lifecycle, none, workrequest
updatedAt - string (date-time) Yes - -
workRequestId - string No - -

Status.status.conditions[]

Back to SdmMaskingPolicyDifference status

Field Description Type Required Default Enum
lastTransitionTime - string (date-time) No - -
message - string No - -
reason - string No - -
status - string Yes - -
type - string Yes - -

SecurityAssessment

SecurityAssessment is the Schema for the securityassessments API.

  • Plural: securityassessments
  • Scope: Namespaced
  • APIVersion: datasafe.oracle.com/v1beta1
  • Sample: Sample (config/samples/datasafe_v1beta1_securityassessment.yaml)
  • Packages: Not currently exposed by a customer-visible package.

Spec

SecurityAssessmentSpec defines the desired state of SecurityAssessment.

Field Description Type Required Default Enum
baseSecurityAssessmentId The OCID of the security assessment. The assessment should be of type SAVED. It will be required while creating the template baseline assessment for individual targets to fetch the detailed information from an existing security assessment. string No - -
compartmentId The OCID of the compartment that contains the security assessment. string Yes - -
definedTags Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} map[string, map[string, string]] No - -
description Description of the security assessment. string No - -
displayName The display name of the security assessment. string No - -
freeformTags Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} map[string, string] No - -
isAssessmentScheduled Indicates whether the assessment is scheduled to run. boolean No - -
schedule To schedule the assessment for running periodically, specify the schedule in this attribute. Create or schedule one assessment per compartment. If not defined, the assessment runs immediately. Format - ; Allowed version strings - "v1" v1's version specific schedule - Each of the above fields potentially introduce constraints. A workrequest is created only when clock time satisfies all the constraints. Constraints introduced: 1. seconds = (So, the allowed range for is [0, 59]) 2. minutes = (So, the allowed range for is [0, 59]) 3. hours = (So, the allowed range for is [0, 23]) can be either '' (without quotes or a number between 1(Monday) and 7(Sunday)) 4. No constraint introduced when it is ''. When not, day of week must equal the given value can be either '' (without quotes or a number between 1 and 28) 5. No constraint introduced when it is ''. When not, day of month must equal the given value string No - -
targetId The OCID of the target database or target database group on which security assessment is to be run. string No - -
targetType The type of security assessment resource whether it is individual or group resource. For individual target use type TARGET_DATABASE and for group resource use type TARGET_DATABASE_GROUP. If not provided, TARGET_DATABASE would be used as default value. string No - -
templateAssessmentId The OCID of the template assessment. It will be required while creating the template baseline assessment. string No - -
type The type of the security assessment string No - -

Status

SecurityAssessmentStatus defines the observed state of SecurityAssessment.

Field Description Type Required Default Enum
baselineAssessmentId The ocid of a security assessment which is of type TEMPLATE_BASELINE, this will be null or empty when type is TEMPLATE_BASELINE. string No - -
checks The security checks to be evaluated for type template. list[object] No - -
compartmentId The OCID of the compartment that contains the security assessment. string No - -
definedTags Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} map[string, map[string, string]] No - -
description The description of the security assessment. string No - -
displayName The display name of the security assessment. string No - -
freeformTags Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} map[string, string] No - -
id The OCID of the security assessment. string No - -
ignoredAssessmentIds List containing maps as values. Example: {"Operations": [ {"CostCenter": "42"} ] } list[object (preserves unknown fields)] No - -
ignoredTargetIds List containing maps as values. Example: {"Operations": [ {"CostCenter": "42"} ] } list[object (preserves unknown fields)] No - -
ignoredTargets List containing maps as values. Example: {"Operations": [ {"CostCenter": "42"} ] } list[object (preserves unknown fields)] No - -
isAssessmentScheduled Indicates whether the assessment is scheduled to run. boolean No - -
isBaseline Indicates whether or not the security assessment is set as a baseline. This is applicable only for saved security assessments. boolean No - -
isDeviatedFromBaseline Indicates if the assessment has deviated from the baseline. boolean No - -
lastComparedBaselineId The OCID of the baseline against which the latest security assessment was compared. string No - -
lifecycleDetails Details about the current state of the security assessment. string No - -
lifecycleState The current state of the security assessment. string No - -
link The summary of findings for the security assessment string No - -
schedule Schedule to save the assessment periodically in the specified format: ; Allowed version strings - "v1" v1's version specific schedule - Each of the above fields potentially introduce constraints. A workrequest is created only when clock time satisfies all the constraints. Constraints introduced: 1. seconds = (So, the allowed range for is [0, 59]) 2. minutes = (So, the allowed range for is [0, 59]) 3. hours = (So, the allowed range for is [0, 23]) can be either '' (without quotes or a number between 1(Monday) and 7(Sunday)) 4. No constraint introduced when it is ''. When not, day of week must equal the given value can be either '' (without quotes or a number between 1 and 28) 5. No constraint introduced when it is ''. When not, day of month must equal the given value string No - -
scheduleSecurityAssessmentId The OCID of the security assessment that is responsible for creating this scheduled save assessment. string No - -
statistics SecurityAssessmentStatistics defines nested fields for SecurityAssessment.Statistics. object No - -
status - object Yes - -
systemTags System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"orcl-cloud": {"free-tier-retained": "true"}} map[string, map[string, string]] No - -
targetDatabaseGroupId The OCID of the target database group that the group assessment is created for. string No - -
targetIds Array of database target OCIDs. list[string] No - -
targetType Indicates whether the security assessment is for a target database or a target database group. string No - -
targetVersion The version of the target database. string No - -
templateAssessmentId The ocid of a security assessment which is of type TEMPLATE, this will be null or empty when type is TEMPLATE. string No - -
timeCreated The date and time the security assessment was created, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). string No - -
timeLastAssessed The date and time the security assessment was last executed, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). string No - -
timeUpdated The date and time the security assessment was last updated, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). string No - -
triggeredBy Indicates whether the security assessment was created by system or by a user. string No - -
type The type of this security assessment. The possible types are: LATEST: The most up-to-date assessment that is running automatically for a target. It is system generated. SAVED: A saved security assessment. LATEST assessments are always saved in order to maintain the history of runs. A SAVED assessment is also generated by a 'refresh' action (triggered by the user). SAVE_SCHEDULE: The schedule for periodic saves of LATEST assessments. COMPARTMENT: An automatically managed assessment type that stores all details of targets in one compartment. This type keeps an up-to-date assessment of all database risks in one compartment. It is automatically updated when the latest assessment or refresh action is executed. It is also automatically updated when a target is deleted or move to a different compartment. string No - -

Status.checks[]

Back to SecurityAssessment status

SecurityAssessmentCheck defines nested fields for SecurityAssessment.Check.

Field Description Type Required Default Enum
category The category to which the check belongs to. string No - -
key A unique identifier for the check. string No - -
oneline Provides a recommended approach to take to remediate the check reported. string No - -
references Provides information on whether the check is related to a CIS Oracle Database Benchmark recommendation, STIG rule, GDPR Article/Recital or related to the Oracle Recommended Practice. object No - -
remarks The explanation of the issue in this check. It explains the reason for the rule and, if a risk is reported, it may also explain the recommended actions for remediation. string No - -
suggestedSeverity The severity of the check as suggested by Data Safe security assessment. This will be the default severity in the template baseline security assessment. string No - -
title The short title for the check. string No - -

Status.checks[].references

Back to SecurityAssessment status

Provides information on whether the check is related to a CIS Oracle Database Benchmark recommendation, STIG rule, GDPR Article/Recital or related to the Oracle Recommended Practice.

Field Description Type Required Default Enum
cis Relevant section from CIS. string No - -
gdpr Relevant section from GDPR. string No - -
obp Relevant section from OBP. string No - -
orp Relevant section from ORP. string No - -
stig Relevant section from STIG. string No - -

Status.statistics

Back to SecurityAssessment status

SecurityAssessmentStatistics defines nested fields for SecurityAssessment.Statistics.

Field Description Type Required Default Enum
advisory SecurityAssessmentStatisticsAdvisory defines nested fields for SecurityAssessment.Statistics.Advisory. object No - -
deferred SecurityAssessmentStatisticsDeferred defines nested fields for SecurityAssessment.Statistics.Deferred. object No - -
evaluate SecurityAssessmentStatisticsEvaluate defines nested fields for SecurityAssessment.Statistics.Evaluate. object No - -
highRisk SecurityAssessmentStatisticsHighRisk defines nested fields for SecurityAssessment.Statistics.HighRisk. object No - -
lowRisk SecurityAssessmentStatisticsLowRisk defines nested fields for SecurityAssessment.Statistics.LowRisk. object No - -
mediumRisk SecurityAssessmentStatisticsMediumRisk defines nested fields for SecurityAssessment.Statistics.MediumRisk. object No - -
pass SecurityAssessmentStatisticsPass defines nested fields for SecurityAssessment.Statistics.Pass. object No - -
targetsCount The total number of targets in this security assessment. integer No - -

Status.statistics.advisory

Back to SecurityAssessment status

SecurityAssessmentStatisticsAdvisory defines nested fields for SecurityAssessment.Statistics.Advisory.

Field Description Type Required Default Enum
auditingFindingsCount The number of findings in the Auditing category. integer No - -
authorizationControlFindingsCount The number of findings in the Authorization Control category. integer No - -
dataEncryptionFindingsCount The number of findings in the Data Encryption category. integer No - -
dbConfigurationFindingsCount The number of findings in the Database Configuration category. integer No - -
fineGrainedAccessControlFindingsCount The number of findings in the Fine-Grained Access Control category. integer No - -
privilegesAndRolesFindingsCount The number of findings in the Privileges and Roles category. integer No - -
targetsCount The number of targets that contributed to the counts at this risk level. integer No - -
userAccountsFindingsCount The number of findings in the User Accounts category. integer No - -

Status.statistics.deferred

Back to SecurityAssessment status

SecurityAssessmentStatisticsDeferred defines nested fields for SecurityAssessment.Statistics.Deferred.

Field Description Type Required Default Enum
auditingFindingsCount The number of findings in the Auditing category. integer No - -
authorizationControlFindingsCount The number of findings in the Authorization Control category. integer No - -
dataEncryptionFindingsCount The number of findings in the Data Encryption category. integer No - -
dbConfigurationFindingsCount The number of findings in the Database Configuration category. integer No - -
fineGrainedAccessControlFindingsCount The number of findings in the Fine-Grained Access Control category. integer No - -
privilegesAndRolesFindingsCount The number of findings in the Privileges and Roles category. integer No - -
targetsCount The number of targets that contributed to the counts at this risk level. integer No - -
userAccountsFindingsCount The number of findings in the User Accounts category. integer No - -

Status.statistics.evaluate

Back to SecurityAssessment status

SecurityAssessmentStatisticsEvaluate defines nested fields for SecurityAssessment.Statistics.Evaluate.

Field Description Type Required Default Enum
auditingFindingsCount The number of findings in the Auditing category. integer No - -
authorizationControlFindingsCount The number of findings in the Authorization Control category. integer No - -
dataEncryptionFindingsCount The number of findings in the Data Encryption category. integer No - -
dbConfigurationFindingsCount The number of findings in the Database Configuration category. integer No - -
fineGrainedAccessControlFindingsCount The number of findings in the Fine-Grained Access Control category. integer No - -
privilegesAndRolesFindingsCount The number of findings in the Privileges and Roles category. integer No - -
targetsCount The number of targets that contributed to the counts at this risk level. integer No - -
userAccountsFindingsCount The number of findings in the User Accounts category. integer No - -

Status.statistics.highRisk

Back to SecurityAssessment status

SecurityAssessmentStatisticsHighRisk defines nested fields for SecurityAssessment.Statistics.HighRisk.

Field Description Type Required Default Enum
auditingFindingsCount The number of findings in the Auditing category. integer No - -
authorizationControlFindingsCount The number of findings in the Authorization Control category. integer No - -
dataEncryptionFindingsCount The number of findings in the Data Encryption category. integer No - -
dbConfigurationFindingsCount The number of findings in the Database Configuration category. integer No - -
fineGrainedAccessControlFindingsCount The number of findings in the Fine-Grained Access Control category. integer No - -
privilegesAndRolesFindingsCount The number of findings in the Privileges and Roles category. integer No - -
targetsCount The number of targets that contributed to the counts at this risk level. integer No - -
userAccountsFindingsCount The number of findings in the User Accounts category. integer No - -

Status.statistics.lowRisk

Back to SecurityAssessment status

SecurityAssessmentStatisticsLowRisk defines nested fields for SecurityAssessment.Statistics.LowRisk.

Field Description Type Required Default Enum
auditingFindingsCount The number of findings in the Auditing category. integer No - -
authorizationControlFindingsCount The number of findings in the Authorization Control category. integer No - -
dataEncryptionFindingsCount The number of findings in the Data Encryption category. integer No - -
dbConfigurationFindingsCount The number of findings in the Database Configuration category. integer No - -
fineGrainedAccessControlFindingsCount The number of findings in the Fine-Grained Access Control category. integer No - -
privilegesAndRolesFindingsCount The number of findings in the Privileges and Roles category. integer No - -
targetsCount The number of targets that contributed to the counts at this risk level. integer No - -
userAccountsFindingsCount The number of findings in the User Accounts category. integer No - -

Status.statistics.mediumRisk

Back to SecurityAssessment status

SecurityAssessmentStatisticsMediumRisk defines nested fields for SecurityAssessment.Statistics.MediumRisk.

Field Description Type Required Default Enum
auditingFindingsCount The number of findings in the Auditing category. integer No - -
authorizationControlFindingsCount The number of findings in the Authorization Control category. integer No - -
dataEncryptionFindingsCount The number of findings in the Data Encryption category. integer No - -
dbConfigurationFindingsCount The number of findings in the Database Configuration category. integer No - -
fineGrainedAccessControlFindingsCount The number of findings in the Fine-Grained Access Control category. integer No - -
privilegesAndRolesFindingsCount The number of findings in the Privileges and Roles category. integer No - -
targetsCount The number of targets that contributed to the counts at this risk level. integer No - -
userAccountsFindingsCount The number of findings in the User Accounts category. integer No - -

Status.statistics.pass

Back to SecurityAssessment status

SecurityAssessmentStatisticsPass defines nested fields for SecurityAssessment.Statistics.Pass.

Field Description Type Required Default Enum
auditingFindingsCount The number of findings in the Auditing category. integer No - -
authorizationControlFindingsCount The number of findings in the Authorization Control category. integer No - -
dataEncryptionFindingsCount The number of findings in the Data Encryption category. integer No - -
dbConfigurationFindingsCount The number of findings in the Database Configuration category. integer No - -
fineGrainedAccessControlFindingsCount The number of findings in the Fine-Grained Access Control category. integer No - -
privilegesAndRolesFindingsCount The number of findings in the Privileges and Roles category. integer No - -
targetsCount The number of targets that contributed to the counts at this risk level. integer No - -
userAccountsFindingsCount The number of findings in the User Accounts category. integer No - -

Status.status

Back to SecurityAssessment status

Field Description Type Required Default Enum
async Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. object No - -
conditions - list[object] No - -
createdAt - string (date-time) No - -
deletedAt - string (date-time) No - -
message - string No - -
ocid - string No - -
opcRequestId OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. string No - -
reason - string No - -
requestedAt - string (date-time) No - -
updatedAt - string (date-time) No - -

Status.status.async

Back to SecurityAssessment status

Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.

Field Description Type Required Default Enum
current - object No - -

Status.status.async.current

Back to SecurityAssessment status

Field Description Type Required Default Enum
message - string No - -
normalizedClass - string Yes - attention, canceled, failed, pending, succeeded, unknown
percentComplete - number No - -
phase - string Yes - create, delete, update
rawOperationType - string No - -
rawStatus - string No - -
source - string Yes - lifecycle, none, workrequest
updatedAt - string (date-time) Yes - -
workRequestId - string No - -

Status.status.conditions[]

Back to SecurityAssessment status

Field Description Type Required Default Enum
lastTransitionTime - string (date-time) No - -
message - string No - -
reason - string No - -
status - string Yes - -
type - string Yes - -

SecurityPolicy

SecurityPolicy is the Schema for the securitypolicies API.

  • Plural: securitypolicies
  • Scope: Namespaced
  • APIVersion: datasafe.oracle.com/v1beta1
  • Sample: Sample (config/samples/datasafe_v1beta1_securitypolicy.yaml)
  • Packages: Not currently exposed by a customer-visible package.

Spec

SecurityPolicySpec defines the desired state of SecurityPolicy.

Field Description Type Required Default Enum
compartmentId The OCID of the compartment in which to create the security policy. string Yes - -
definedTags Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} map[string, map[string, string]] No - -
description The description of the security policy. string No - -
displayName The display name of the security policy. The name does not have to be unique, and it is changeable. string No - -
freeformTags Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} map[string, string] No - -

Status

SecurityPolicyStatus defines the observed state of SecurityPolicy.

Field Description Type Required Default Enum
compartmentId The OCID of the compartment containing the security policy. string No - -
definedTags Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} map[string, map[string, string]] No - -
description The description of the security policy. string No - -
displayName The display name of the security policy. string No - -
freeformTags Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} map[string, string] No - -
id The OCID of the security policy. string No - -
lifecycleDetails Details about the current state of the security policy in Data Safe. string No - -
lifecycleState The current state of the security policy. string No - -
securityPolicyType The type of the security policy. string No - -
status - object Yes - -
systemTags System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"orcl-cloud": {"free-tier-retained": "true"}} map[string, map[string, string]] No - -
timeCreated The time that the security policy was created, in the format defined by RFC3339. string No - -
timeUpdated The last date and time the security policy was updated, in the format defined by RFC3339. string No - -

Status.status

Back to SecurityPolicy status

Field Description Type Required Default Enum
async Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. object No - -
conditions - list[object] No - -
createdAt - string (date-time) No - -
deletedAt - string (date-time) No - -
message - string No - -
ocid - string No - -
opcRequestId OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. string No - -
reason - string No - -
requestedAt - string (date-time) No - -
updatedAt - string (date-time) No - -

Status.status.async

Back to SecurityPolicy status

Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.

Field Description Type Required Default Enum
current - object No - -

Status.status.async.current

Back to SecurityPolicy status

Field Description Type Required Default Enum
message - string No - -
normalizedClass - string Yes - attention, canceled, failed, pending, succeeded, unknown
percentComplete - number No - -
phase - string Yes - create, delete, update
rawOperationType - string No - -
rawStatus - string No - -
source - string Yes - lifecycle, none, workrequest
updatedAt - string (date-time) Yes - -
workRequestId - string No - -

Status.status.conditions[]

Back to SecurityPolicy status

Field Description Type Required Default Enum
lastTransitionTime - string (date-time) No - -
message - string No - -
reason - string No - -
status - string Yes - -
type - string Yes - -

SecurityPolicyConfig

SecurityPolicyConfig is the Schema for the securitypolicyconfigs API.

  • Plural: securitypolicyconfigs
  • Scope: Namespaced
  • APIVersion: datasafe.oracle.com/v1beta1
  • Sample: Sample (config/samples/datasafe_v1beta1_securitypolicyconfig.yaml)
  • Packages: Not currently exposed by a customer-visible package.

Spec

SecurityPolicyConfigSpec defines the desired state of SecurityPolicyConfig.

Field Description Type Required Default Enum
compartmentId The OCID of the compartment containing the security policy configuration. string Yes - -
definedTags Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} map[string, map[string, string]] No - -
description The description of the security policy. string No - -
displayName The display name of the security policy configuration. The name does not have to be unique, and it is changeable. string No - -
firewallConfig SecurityPolicyConfigFirewallConfig defines nested fields for SecurityPolicyConfig.FirewallConfig. object No - -
freeformTags Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} map[string, string] No - -
securityPolicyId The OCID of the security policy corresponding to the security policy configuration. string Yes - -
unifiedAuditPolicyConfig SecurityPolicyConfigUnifiedAuditPolicyConfig defines nested fields for SecurityPolicyConfig.UnifiedAuditPolicyConfig. object No - -

Spec.firewallConfig

Back to SecurityPolicyConfig spec

SecurityPolicyConfigFirewallConfig defines nested fields for SecurityPolicyConfig.FirewallConfig.

Field Description Type Required Default Enum
excludeJob Specifies whether the firewall should include or exclude the database internal job activities. string No - -
status Specifies whether the firewall is enabled or disabled. string No - -
violationLogAutoPurge Specifies whether Data Safe should automatically purge the violation logs from the database after collecting the violation logs and persisting them in Data Safe. string No - -

Spec.unifiedAuditPolicyConfig

Back to SecurityPolicyConfig spec

SecurityPolicyConfigUnifiedAuditPolicyConfig defines nested fields for SecurityPolicyConfig.UnifiedAuditPolicyConfig.

Field Description Type Required Default Enum
excludeDatasafeUser Specifies whether the Data Safe service account on the target database should be excluded in the unified audit policy. string No - -

Status

SecurityPolicyConfigStatus defines the observed state of SecurityPolicyConfig.

Field Description Type Required Default Enum
compartmentId The OCID of the compartment containing the security policy configuration. string No - -
definedTags Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} map[string, map[string, string]] No - -
description The description of the security policy configuration. string No - -
displayName The display name of the security policy configuration. string No - -
firewallConfig SecurityPolicyConfigFirewallConfig defines nested fields for SecurityPolicyConfig.FirewallConfig. object No - -
freeformTags Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} map[string, string] No - -
id The OCID of the security policy configuration. string No - -
lifecycleDetails Details about the current state of the security policy configuration. string No - -
lifecycleState The current state of the security policy configuration. string No - -
securityPolicyId The OCID of the security policy corresponding to the security policy configuration. string No - -
status - object Yes - -
systemTags System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"orcl-cloud": {"free-tier-retained": "true"}} map[string, map[string, string]] No - -
timeCreated The time the security policy configuration was created, in the format defined by RFC3339. string No - -
timeUpdated The date and time the security policy configuration was last updated, in the format defined by RFC3339. string No - -
unifiedAuditPolicyConfig SecurityPolicyConfigUnifiedAuditPolicyConfig defines nested fields for SecurityPolicyConfig.UnifiedAuditPolicyConfig. object No - -

Status.firewallConfig

Back to SecurityPolicyConfig status

SecurityPolicyConfigFirewallConfig defines nested fields for SecurityPolicyConfig.FirewallConfig.

Field Description Type Required Default Enum
excludeJob Specifies whether the firewall should include or exclude the database internal job activities. string No - -
status Specifies whether the firewall is enabled or disabled. string No - -
violationLogAutoPurge Specifies whether Data Safe should automatically purge the violation logs from the database after collecting the violation logs and persisting them in Data Safe. string No - -

Status.status

Back to SecurityPolicyConfig status

Field Description Type Required Default Enum
async Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. object No - -
conditions - list[object] No - -
createdAt - string (date-time) No - -
deletedAt - string (date-time) No - -
message - string No - -
ocid - string No - -
opcRequestId OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. string No - -
reason - string No - -
requestedAt - string (date-time) No - -
updatedAt - string (date-time) No - -

Status.status.async

Back to SecurityPolicyConfig status

Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.

Field Description Type Required Default Enum
current - object No - -

Status.status.async.current

Back to SecurityPolicyConfig status

Field Description Type Required Default Enum
message - string No - -
normalizedClass - string Yes - attention, canceled, failed, pending, succeeded, unknown
percentComplete - number No - -
phase - string Yes - create, delete, update
rawOperationType - string No - -
rawStatus - string No - -
source - string Yes - lifecycle, none, workrequest
updatedAt - string (date-time) Yes - -
workRequestId - string No - -

Status.status.conditions[]

Back to SecurityPolicyConfig status

Field Description Type Required Default Enum
lastTransitionTime - string (date-time) No - -
message - string No - -
reason - string No - -
status - string Yes - -
type - string Yes - -

Status.unifiedAuditPolicyConfig

Back to SecurityPolicyConfig status

SecurityPolicyConfigUnifiedAuditPolicyConfig defines nested fields for SecurityPolicyConfig.UnifiedAuditPolicyConfig.

Field Description Type Required Default Enum
excludeDatasafeUser Specifies whether the Data Safe service account on the target database should be excluded in the unified audit policy. string No - -

SecurityPolicyDeployment

SecurityPolicyDeployment is the Schema for the securitypolicydeployments API.

  • Plural: securitypolicydeployments
  • Scope: Namespaced
  • APIVersion: datasafe.oracle.com/v1beta1
  • Sample: Sample (config/samples/datasafe_v1beta1_securitypolicydeployment.yaml)
  • Packages: Not currently exposed by a customer-visible package.

Spec

SecurityPolicyDeploymentSpec defines the desired state of SecurityPolicyDeployment.

Field Description Type Required Default Enum
compartmentId The OCID of the compartment in which to create the unified audit policy. string Yes - -
definedTags Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} map[string, map[string, string]] No - -
description The description of the security policy. string No - -
displayName The display name of the security policy deployment. The name does not have to be unique, and it is changeable. string No - -
freeformTags Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} map[string, string] No - -
securityPolicyId The OCID of the security policy corresponding to the security policy deployment. string Yes - -
targetId The OCID of the target where the security policy is deployed. string Yes - -
targetType Indicates whether the security policy deployment is for a target database or a target database group. string Yes - -

Status

SecurityPolicyDeploymentStatus defines the observed state of SecurityPolicyDeployment.

Field Description Type Required Default Enum
compartmentId The OCID of the compartment containing the security policy deployment. string No - -
definedTags Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} map[string, map[string, string]] No - -
description The description of the security policy deployment. string No - -
displayName The display name of the security policy deployment. string No - -
freeformTags Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} map[string, string] No - -
id The OCID of the security policy deployment. string No - -
lifecycleDetails Details about the current state of the security policy deployment in Data Safe. string No - -
lifecycleState The current state of the security policy deployment. string No - -
securityPolicyId The OCID of the security policy corresponding to the security policy deployment. string No - -
status - object Yes - -
systemTags System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"orcl-cloud": {"free-tier-retained": "true"}} map[string, map[string, string]] No - -
targetId The OCID of the target/target group where the security policy is deployed. string No - -
targetType Indicates whether the security policy deployment is for a target database or a target database group. string No - -
timeCreated The time that the security policy deployment was created, in the format defined by RFC3339. string No - -
timeDeployed The last date and time the security policy was deployed, in the format defined by RFC3339. string No - -
timeUpdated The last date and time the security policy deployment was updated, in the format defined by RFC3339. string No - -

Status.status

Back to SecurityPolicyDeployment status

Field Description Type Required Default Enum
async Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. object No - -
conditions - list[object] No - -
createdAt - string (date-time) No - -
deletedAt - string (date-time) No - -
message - string No - -
ocid - string No - -
opcRequestId OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. string No - -
reason - string No - -
requestedAt - string (date-time) No - -
updatedAt - string (date-time) No - -

Status.status.async

Back to SecurityPolicyDeployment status

Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.

Field Description Type Required Default Enum
current - object No - -

Status.status.async.current

Back to SecurityPolicyDeployment status

Field Description Type Required Default Enum
message - string No - -
normalizedClass - string Yes - attention, canceled, failed, pending, succeeded, unknown
percentComplete - number No - -
phase - string Yes - create, delete, update
rawOperationType - string No - -
rawStatus - string No - -
source - string Yes - lifecycle, none, workrequest
updatedAt - string (date-time) Yes - -
workRequestId - string No - -

Status.status.conditions[]

Back to SecurityPolicyDeployment status

Field Description Type Required Default Enum
lastTransitionTime - string (date-time) No - -
message - string No - -
reason - string No - -
status - string Yes - -
type - string Yes - -

SensitiveColumn

SensitiveColumn is the Schema for the sensitivecolumns API.

  • Plural: sensitivecolumns
  • Scope: Namespaced
  • APIVersion: datasafe.oracle.com/v1beta1
  • Sample: Sample (config/samples/datasafe_v1beta1_sensitivecolumn.yaml)
  • Packages: Not currently exposed by a customer-visible package.

Spec

SensitiveColumnSpec defines the desired state of SensitiveColumn.

Field Description Type Required Default Enum
appDefinedChildColumnKeys Unique keys identifying the columns that are application-level (non-dictionary) children of the sensitive column. This attribute can be used to establish relationship between columns in a sensitive data model. Note that the child columns must be added to the sensitive data model before their keys can be specified here. If this attribute is provided, the parentColumnKeys and relationType attributes of the child columns are automatically updated to reflect the relationship. list[string] No - -
appName The name of the application associated with the sensitive column. It's useful when the application name is different from the schema name. Otherwise, it can be ignored. If this attribute is not provided, it's automatically populated with the value provided for the schemaName attribute. string No - -
columnName The name of the sensitive column. string Yes - -
dataType The data type of the sensitive column. string No - -
dbDefinedChildColumnKeys Unique keys identifying the columns that are database-level (dictionary-defined) children of the sensitive column. This attribute can be used to establish relationship between columns in a sensitive data model. Note that the child columns must be added to the sensitive data model before their keys can be specified here. If this attribute is provided, the parentColumnKeys and relationType attributes of the child columns are automatically updated to reflect the relationship. list[string] No - -
objectName The database object that contains the sensitive column. string Yes - -
objectType The type of the database object that contains the sensitive column. string No - -
parentColumnKeys Unique keys identifying the columns that are parents of the sensitive column. At present, it accepts only one parent column key. This attribute can be used to establish relationship between columns in a sensitive data model. Note that the parent column must be added to the sensitive data model before its key can be specified here. If this attribute is provided, the appDefinedChildColumnKeys or dbDefinedChildColumnKeys attribute of the parent column is automatically updated to reflect the relationship. list[string] No - -
relationType The type of referential relationship the sensitive column has with its parent. NONE indicates that the sensitive column does not have a parent. DB_DEFINED indicates that the relationship is defined in the database dictionary. APP_DEFINED indicates that the relationship is defined at the application level and not in the database dictionary. string No - -
schemaName The database schema that contains the sensitive column. string Yes - -
sensitiveTypeId The OCID of the sensitive type to be associated with the sensitive column. string No - -
status The status of the sensitive column. VALID means the column is considered sensitive. INVALID means the column is not considered sensitive. Tracking invalid columns in a sensitive data model helps ensure that an incremental data discovery job does not identify these columns as sensitive. string No - -

Status

SensitiveColumnStatus defines the observed state of SensitiveColumn.

Field Description Type Required Default Enum
appDefinedChildColumnKeys Unique keys identifying the columns that are application-level (non-dictionary) children of the sensitive column. list[string] No - -
appName The name of the application associated with the sensitive column. It's useful when the application name is different from the schema name. Otherwise, it can be ignored. string No - -
columnGroups The composite key groups to which the sensitive column belongs. If the column is part of a composite key, it's assigned a column group. It helps identify and manage referential relationships that involve composite keys. list[string] No - -
columnName The name of the sensitive column. string No - -
confidenceLevel The confidence level of the sensitive column associated with the sensitive type. The confidence level of the discovered sensitive columns can be either HIGH, MEDIUM or LOW. The confidence level will be NONE for manually added sensitive columns. string No - -
confidenceLevelDetails List containing maps as values. Example: {"Operations": [ {"CostCenter": "42"} ] } list[object (preserves unknown fields)] No - -
dataType The data type of the sensitive column. string No - -
dbDefinedChildColumnKeys Unique keys identifying the columns that are database-level (dictionary-defined) children of the sensitive column. list[string] No - -
estimatedDataValueCount The estimated number of data values the column has in the associated database. integer (int64) No - -
key The unique key that identifies the sensitive column. It's numeric and unique within a sensitive data model. string No - -
lifecycleDetails Details about the current state of the sensitive column. string No - -
lifecycleState The current state of the sensitive column. string No - -
objectName The database object that contains the sensitive column. string No - -
objectType The type of the database object that contains the sensitive column. string No - -
parentColumnKeys Unique keys identifying the columns that are parents of the sensitive column. At present, it tracks a single parent only. list[string] No - -
relationType The type of referential relationship the sensitive column has with its parent. NONE indicates that the sensitive column does not have a parent. DB_DEFINED indicates that the relationship is defined in the database dictionary. APP_DEFINED indicates that the relationship is defined at the application level and not in the database dictionary. string No - -
sampleDataValues Original data values collected for the sensitive column from the associated database. Sample data helps review the column and ensure that it actually contains sensitive data. Note that sample data is retrieved by a data discovery job only if the isSampleDataCollectionEnabled attribute is set to true. At present, only one data value is collected per sensitive column. list[string] No - -
schemaName The database schema that contains the sensitive column. string No - -
sdkStatus The status of the sensitive column. VALID means the column is considered sensitive. INVALID means the column is not considered sensitive. Tracking invalid columns in a sensitive data model helps ensure that an incremental data discovery job does not identify these columns as sensitive again. This uses a distinct JSON name so it can coexist with the OSOK status envelope. string No - -
sensitiveDataModelId The OCID of the sensitive data model that contains the sensitive column. string No - -
sensitiveTypeId The OCID of the sensitive type associated with the sensitive column. string No - -
source The source of the sensitive column. DISCOVERY indicates that the column was added to the sensitive data model using a data discovery job. MANUAL indicates that the column was added manually. string No - -
status - object Yes - -
timeCreated The date and time, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339), the sensitive column was created in the sensitive data model. string No - -
timeUpdated The date and time, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339), the sensitive column was last updated in the sensitive data model. string No - -

Status.status

Back to SensitiveColumn status

Field Description Type Required Default Enum
async Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. object No - -
conditions - list[object] No - -
createdAt - string (date-time) No - -
deletedAt - string (date-time) No - -
message - string No - -
ocid - string No - -
opcRequestId OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. string No - -
reason - string No - -
requestedAt - string (date-time) No - -
updatedAt - string (date-time) No - -

Status.status.async

Back to SensitiveColumn status

Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.

Field Description Type Required Default Enum
current - object No - -

Status.status.async.current

Back to SensitiveColumn status

Field Description Type Required Default Enum
message - string No - -
normalizedClass - string Yes - attention, canceled, failed, pending, succeeded, unknown
percentComplete - number No - -
phase - string Yes - create, delete, update
rawOperationType - string No - -
rawStatus - string No - -
source - string Yes - lifecycle, none, workrequest
updatedAt - string (date-time) Yes - -
workRequestId - string No - -

Status.status.conditions[]

Back to SensitiveColumn status

Field Description Type Required Default Enum
lastTransitionTime - string (date-time) No - -
message - string No - -
reason - string No - -
status - string Yes - -
type - string Yes - -

SensitiveDataModel

SensitiveDataModel is the Schema for the sensitivedatamodels API.

  • Plural: sensitivedatamodels
  • Scope: Namespaced
  • APIVersion: datasafe.oracle.com/v1beta1
  • Sample: Sample (config/samples/datasafe_v1beta1_sensitivedatamodel.yaml)
  • Packages: Not currently exposed by a customer-visible package.

Spec

SensitiveDataModelSpec defines the desired state of SensitiveDataModel.

Field Description Type Required Default Enum
appSuiteName The application suite name identifying a collection of applications. It's useful only if maintaining a sensitive data model for a suite of applications. string No - -
compartmentId The OCID of the compartment where the sensitive data model should be created. string Yes - -
definedTags Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} map[string, map[string, string]] No - -
description The description of the sensitive data model. string No - -
displayName The display name of the sensitive data model. The name does not have to be unique, and it's changeable. string No - -
freeformTags Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} map[string, string] No - -
isAppDefinedRelationDiscoveryEnabled Indicates if data discovery jobs should identify potential application-level (non-dictionary) referential relationships between columns. Note that data discovery automatically identifies and adds database-level (dictionary-defined) relationships. This option helps identify application-level relationships that are not defined in the database dictionary, which in turn, helps identify additional sensitive columns and preserve referential integrity during data masking. It's disabled by default and should be used only if there is a need to identify application-level relationships. boolean No - -
isIncludeAllSchemas Indicates if all the schemas in the associated target database should be scanned by data discovery jobs. If it is set to true, sensitive data is discovered in all schemas (except for schemas maintained by Oracle). boolean No - -
isIncludeAllSensitiveTypes Indicates if all the existing sensitive types should be used by data discovery jobs. If it's set to true, the sensitiveTypeIdsForDiscovery attribute is ignored and all sensitive types are used for data discovery. boolean No - -
isSampleDataCollectionEnabled Indicates if data discovery jobs should collect and store sample data values for the discovered columns. Sample data helps review the discovered columns and ensure that they actually contain sensitive data. As it collects original data from the target database, it's disabled by default and should be used only if it's acceptable to store sample data in Data Safe's repository in Oracle Cloud. Note that sample data values are not collected for columns with the following data types: LONG, LOB, RAW, XMLTYPE and BFILE. boolean No - -
schemasForDiscovery The schemas to be scanned by data discovery jobs. list[string] No - -
sensitiveTypeGroupIdsForDiscovery The OCIDs of the sensitive type groups to be used by data discovery jobs. All the sensitive types present in sensitive type group will be used for discovery. list[string] No - -
sensitiveTypeIdsForDiscovery The OCIDs of the sensitive types to be used by data discovery jobs. If OCID of a sensitive category is provided, all its child sensitive types are used for data discovery. list[string] No - -
tablesForDiscovery The data discovery jobs will scan the tables specified here, including both schemas and tables. For instance, the input could be in the format: [{schemaName: "HR", tableName: ["T1", "T2"]}, {schemaName: "OE", tableName : ["T3", "T4"]}]. list[object] No - -
targetId The OCID of the reference target database to be associated with the sensitive data model. All operations such as performing data discovery and adding columns manually are done in the context of the associated target database. string Yes - -

Spec.tablesForDiscovery[]

Back to SensitiveDataModel spec

SensitiveDataModelTablesForDiscovery defines nested fields for SensitiveDataModel.TablesForDiscovery.

Field Description Type Required Default Enum
schemaName This contains the name of the schema. string Yes - -
tableNames This contains an optional list of the table names. list[string] No - -

Status

SensitiveDataModelStatus defines the observed state of SensitiveDataModel.

Field Description Type Required Default Enum
appSuiteName The application suite name identifying a collection of applications. The default value is GENERIC. It's useful only if maintaining a sensitive data model for a suite of applications. string No - -
compartmentId The OCID of the compartment that contains the sensitive data model. string No - -
definedTags Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} map[string, map[string, string]] No - -
description The description of the sensitive data model. string No - -
displayName The display name of the sensitive data model. string No - -
freeformTags Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} map[string, string] No - -
id The OCID of the sensitive data model. string No - -
isAppDefinedRelationDiscoveryEnabled Indicates if data discovery jobs should identify potential application-level (non-dictionary) referential relationships between columns. Note that data discovery automatically identifies and adds database-level (dictionary-defined) relationships. This option helps identify application-level relationships that are not defined in the database dictionary, which in turn, helps identify additional sensitive columns and preserve referential integrity during data masking. It's disabled by default and should be used only if there is a need to identify application-level relationships. boolean No - -
isIncludeAllSchemas Indicates if all the schemas in the associated target database should be scanned by data discovery jobs. If it is set to true, sensitive data is discovered in all schemas (except for schemas maintained by Oracle). boolean No - -
isIncludeAllSensitiveTypes Indicates if all the existing sensitive types should be used by data discovery jobs.If it's set to true, the sensitiveTypeIdsForDiscovery attribute is ignored and all sensitive types are used for data discovery. boolean No - -
isSampleDataCollectionEnabled Indicates if data discovery jobs should collect and store sample data values for the discovered columns. Sample data helps review the discovered columns and ensure that they actually contain sensitive data. As it collects original data from the target database, it's disabled by default and should be used only if it's acceptable to store sample data in Data Safe's repository in Oracle Cloud. Note that sample data values are not collected for columns with the following data types: LONG, LOB, RAW, XMLTYPE and BFILE. boolean No - -
lifecycleState The current state of the sensitive data model. string No - -
schemasForDiscovery The schemas to be scanned by data discovery jobs. list[string] No - -
sensitiveTypeGroupIdsForDiscovery The OCIDs of the sensitive type groups to be used by data discovery jobs. list[string] No - -
sensitiveTypeIdsForDiscovery The OCIDs of the sensitive types to be used by data discovery jobs. list[string] No - -
status - object Yes - -
systemTags System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"orcl-cloud": {"free-tier-retained": "true"}} map[string, map[string, string]] No - -
tablesForDiscovery The data discovery jobs will scan the tables specified here, including both schemas and tables. For instance, the input could be in the format: [{schemaName: "HR", tableName: ["T1", "T2"]}, {schemaName: "OE", tableName : ["T3", "T4"]}]. list[object] No - -
targetId The OCID of the reference target database associated with the sensitive data model. All operations such as performing data discovery and adding columns manually are done in the context of the associated target database. string No - -
timeCreated The date and time the sensitive data model was created, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). string No - -
timeUpdated The date and time the sensitive data model was last updated, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). string No - -

Status.status

Back to SensitiveDataModel status

Field Description Type Required Default Enum
async Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. object No - -
conditions - list[object] No - -
createdAt - string (date-time) No - -
deletedAt - string (date-time) No - -
message - string No - -
ocid - string No - -
opcRequestId OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. string No - -
reason - string No - -
requestedAt - string (date-time) No - -
updatedAt - string (date-time) No - -

Status.status.async

Back to SensitiveDataModel status

Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.

Field Description Type Required Default Enum
current - object No - -

Status.status.async.current

Back to SensitiveDataModel status

Field Description Type Required Default Enum
message - string No - -
normalizedClass - string Yes - attention, canceled, failed, pending, succeeded, unknown
percentComplete - number No - -
phase - string Yes - create, delete, update
rawOperationType - string No - -
rawStatus - string No - -
source - string Yes - lifecycle, none, workrequest
updatedAt - string (date-time) Yes - -
workRequestId - string No - -

Status.status.conditions[]

Back to SensitiveDataModel status

Field Description Type Required Default Enum
lastTransitionTime - string (date-time) No - -
message - string No - -
reason - string No - -
status - string Yes - -
type - string Yes - -

Status.tablesForDiscovery[]

Back to SensitiveDataModel status

SensitiveDataModelTablesForDiscovery defines nested fields for SensitiveDataModel.TablesForDiscovery.

Field Description Type Required Default Enum
schemaName This contains the name of the schema. string Yes - -
tableNames This contains an optional list of the table names. list[string] No - -

SensitiveType

SensitiveType is the Schema for the sensitivetypes API.

  • Plural: sensitivetypes
  • Scope: Namespaced
  • APIVersion: datasafe.oracle.com/v1beta1
  • Sample: Sample (config/samples/datasafe_v1beta1_sensitivetype.yaml)
  • Packages: Not currently exposed by a customer-visible package.

Spec

SensitiveTypeSpec defines the desired state of SensitiveType.

Field Description Type Required Default Enum
commentPattern A regular expression to be used by data discovery for matching column comments. string No - -
compartmentId The OCID of the compartment where the sensitive type should be created. string Yes - -
dataPattern A regular expression to be used by data discovery for matching column data values. string No - -
defaultMaskingFormatId The OCID of the library masking format that should be used to mask the sensitive columns associated with the sensitive type. string No - -
definedTags Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} map[string, map[string, string]] No - -
description The description of the sensitive type. string No - -
displayName The display name of the sensitive type. The name does not have to be unique, and it's changeable. string No - -
entityType - string No - -
freeformTags Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} map[string, string] No - -
jsonData - string No - -
namePattern A regular expression to be used by data discovery for matching column names. string No - -
parentCategoryId The OCID of the parent sensitive category. string No - -
searchType The search type indicating how the column name, comment and data patterns should be used by data discovery. Learn more (https://docs.oracle.com/en/cloud/paas/data-safe/udscs/sensitive-types.html#GUID-1D1AD98E-B93F-4FF2-80AE-CB7D8A14F6CC). string No - -
shortName The short name of the sensitive type. string No - -

Status

SensitiveTypeStatus defines the observed state of SensitiveType.

Field Description Type Required Default Enum
commentPattern A regular expression to be used by data discovery for matching column comments. string No - -
compartmentId The OCID of the compartment that contains the sensitive type. string No - -
dataPattern A regular expression to be used by data discovery for matching column data values. string No - -
defaultMaskingFormatId The OCID of the library masking format that should be used to mask the sensitive columns associated with the sensitive type. string No - -
definedTags Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} map[string, map[string, string]] No - -
description The description of the sensitive type. string No - -
displayName The display name of the sensitive type. string No - -
entityType - string No - -
freeformTags Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} map[string, string] No - -
id The OCID of the sensitive type. string No - -
isCommon Specifies whether the sensitive type is common. Common sensitive types belong to library sensitive types which are frequently used to perform sensitive data discovery. boolean No - -
jsonData - string No - -
lifecycleState The current state of the sensitive type. string No - -
namePattern A regular expression to be used by data discovery for matching column names. string No - -
parentCategoryId The OCID of the parent sensitive category. string No - -
searchType The search type indicating how the column name, comment and data patterns should be used by data discovery. Learn more (https://docs.oracle.com/en/cloud/paas/data-safe/udscs/sensitive-types.html#GUID-1D1AD98E-B93F-4FF2-80AE-CB7D8A14F6CC). string No - -
shortName The short name of the sensitive type. string No - -
source Specifies whether the sensitive type is user-defined or predefined. string No - -
status - object Yes - -
systemTags System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"orcl-cloud": {"free-tier-retained": "true"}} map[string, map[string, string]] No - -
timeCreated The date and time the sensitive type was created, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). string No - -
timeUpdated The date and time the sensitive type was last updated, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). string No - -

Status.status

Back to SensitiveType status

Field Description Type Required Default Enum
async Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. object No - -
conditions - list[object] No - -
createdAt - string (date-time) No - -
deletedAt - string (date-time) No - -
message - string No - -
ocid - string No - -
opcRequestId OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. string No - -
reason - string No - -
requestedAt - string (date-time) No - -
updatedAt - string (date-time) No - -

Status.status.async

Back to SensitiveType status

Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.

Field Description Type Required Default Enum
current - object No - -

Status.status.async.current

Back to SensitiveType status

Field Description Type Required Default Enum
message - string No - -
normalizedClass - string Yes - attention, canceled, failed, pending, succeeded, unknown
percentComplete - number No - -
phase - string Yes - create, delete, update
rawOperationType - string No - -
rawStatus - string No - -
source - string Yes - lifecycle, none, workrequest
updatedAt - string (date-time) Yes - -
workRequestId - string No - -

Status.status.conditions[]

Back to SensitiveType status

Field Description Type Required Default Enum
lastTransitionTime - string (date-time) No - -
message - string No - -
reason - string No - -
status - string Yes - -
type - string Yes - -

SensitiveTypeGroup

SensitiveTypeGroup is the Schema for the sensitivetypegroups API.

  • Plural: sensitivetypegroups
  • Scope: Namespaced
  • APIVersion: datasafe.oracle.com/v1beta1
  • Sample: Sample (config/samples/datasafe_v1beta1_sensitivetypegroup.yaml)
  • Packages: Not currently exposed by a customer-visible package.

Spec

SensitiveTypeGroupSpec defines the desired state of SensitiveTypeGroup.

Field Description Type Required Default Enum
compartmentId The OCID of the compartment where the sensitive type group should be created. string Yes - -
definedTags Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} map[string, map[string, string]] No - -
description The description of the sensitive type group. string No - -
displayName The display name of the sensitive type group. The name does not have to be unique. string No - -
freeformTags Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} map[string, string] No - -

Status

SensitiveTypeGroupStatus defines the observed state of SensitiveTypeGroup.

Field Description Type Required Default Enum
compartmentId The OCID of the compartment that contains the sensitive type group. string No - -
definedTags Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} map[string, map[string, string]] No - -
description The description of the sensitive type group. string No - -
displayName The display name of the sensitive type group. string No - -
freeformTags Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} map[string, string] No - -
id The OCID of the sensitive type group. string No - -
lifecycleState The current state of the sensitive type group. string No - -
sensitiveTypeCount The number of sensitive types in the specified sensitive type group. integer No - -
status - object Yes - -
systemTags System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"orcl-cloud": {"free-tier-retained": "true"}} map[string, map[string, string]] No - -
timeCreated The date and time the sensitive type group was created, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). string No - -
timeUpdated The date and time the sensitive type group was last updated, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). string No - -

Status.status

Back to SensitiveTypeGroup status

Field Description Type Required Default Enum
async Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. object No - -
conditions - list[object] No - -
createdAt - string (date-time) No - -
deletedAt - string (date-time) No - -
message - string No - -
ocid - string No - -
opcRequestId OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. string No - -
reason - string No - -
requestedAt - string (date-time) No - -
updatedAt - string (date-time) No - -

Status.status.async

Back to SensitiveTypeGroup status

Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.

Field Description Type Required Default Enum
current - object No - -

Status.status.async.current

Back to SensitiveTypeGroup status

Field Description Type Required Default Enum
message - string No - -
normalizedClass - string Yes - attention, canceled, failed, pending, succeeded, unknown
percentComplete - number No - -
phase - string Yes - create, delete, update
rawOperationType - string No - -
rawStatus - string No - -
source - string Yes - lifecycle, none, workrequest
updatedAt - string (date-time) Yes - -
workRequestId - string No - -

Status.status.conditions[]

Back to SensitiveTypeGroup status

Field Description Type Required Default Enum
lastTransitionTime - string (date-time) No - -
message - string No - -
reason - string No - -
status - string Yes - -
type - string Yes - -

SensitiveTypesExport

SensitiveTypesExport is the Schema for the sensitivetypesexports API.

  • Plural: sensitivetypesexports
  • Scope: Namespaced
  • APIVersion: datasafe.oracle.com/v1beta1
  • Sample: Sample (config/samples/datasafe_v1beta1_sensitivetypesexport.yaml)
  • Packages: Not currently exposed by a customer-visible package.

Spec

SensitiveTypesExportSpec defines the desired state of SensitiveTypesExport.

Field Description Type Required Default Enum
compartmentId The OCID of the compartment where the sensitive types export should be created. string Yes - -
definedTags Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} map[string, map[string, string]] No - -
description The description of the sensitive types export. string No - -
displayName The display name of the sensitive types export. The name does not have to be unique, and it's changeable. string No - -
freeformTags Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} map[string, string] No - -
isIncludeAllSensitiveTypes Indicates if all the existing user-defined sensitive types are used for export. If it's set to true, the sensitiveTypeIdsForExport attribute is ignored and all user-defined sensitive types are used. boolean No - -
sensitiveTypeIdsForExport The OCIDs of the sensitive types used to create sensitive types export. list[string] No - -

Status

SensitiveTypesExportStatus defines the observed state of SensitiveTypesExport.

Field Description Type Required Default Enum
compartmentId The OCID of the compartment that contains the sensitive types export. string No - -
definedTags Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} map[string, map[string, string]] No - -
description The description of the sensitive types export. string No - -
displayName The display name of the sensitive types export. string No - -
freeformTags Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} map[string, string] No - -
id The OCID of the sensitive types export. string No - -
isIncludeAllSensitiveTypes Indicates if all the existing user-defined sensitive types are used for export. If it's set to true, the sensitiveTypeIdsForExport attribute is ignored and all user-defined sensitive types are exported. boolean No - -
lifecycleState The current state of the sensitive types export. string No - -
sensitiveTypeIdsForExport The OCIDs of the sensitive types used to create sensitive types export. list[string] No - -
status - object Yes - -
systemTags System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"orcl-cloud": {"free-tier-retained": "true"}} map[string, map[string, string]] No - -
timeCreated The date and time the sensitive types export was created, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). string No - -
timeUpdated The date and time the sensitive types export was last updated, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). string No - -

Status.status

Back to SensitiveTypesExport status

Field Description Type Required Default Enum
async Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. object No - -
conditions - list[object] No - -
createdAt - string (date-time) No - -
deletedAt - string (date-time) No - -
message - string No - -
ocid - string No - -
opcRequestId OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. string No - -
reason - string No - -
requestedAt - string (date-time) No - -
updatedAt - string (date-time) No - -

Status.status.async

Back to SensitiveTypesExport status

Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.

Field Description Type Required Default Enum
current - object No - -

Status.status.async.current

Back to SensitiveTypesExport status

Field Description Type Required Default Enum
message - string No - -
normalizedClass - string Yes - attention, canceled, failed, pending, succeeded, unknown
percentComplete - number No - -
phase - string Yes - create, delete, update
rawOperationType - string No - -
rawStatus - string No - -
source - string Yes - lifecycle, none, workrequest
updatedAt - string (date-time) Yes - -
workRequestId - string No - -

Status.status.conditions[]

Back to SensitiveTypesExport status

Field Description Type Required Default Enum
lastTransitionTime - string (date-time) No - -
message - string No - -
reason - string No - -
status - string Yes - -
type - string Yes - -

SqlCollection

SqlCollection is the Schema for the sqlcollections API.

  • Plural: sqlcollections
  • Scope: Namespaced
  • APIVersion: datasafe.oracle.com/v1beta1
  • Sample: Sample (config/samples/datasafe_v1beta1_sqlcollection.yaml)
  • Packages: Not currently exposed by a customer-visible package.

Spec

SqlCollectionSpec defines the desired state of SqlCollection.

Field Description Type Required Default Enum
compartmentId The OCID of the compartment containing the SQL collection. string Yes - -
dbUserName The database user name. string Yes - -
definedTags Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} map[string, map[string, string]] No - -
description The description of the SQL collection. string No - -
displayName The display name of the SQL collection. The name does not have to be unique, and it is changeable. string No - -
freeformTags Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} map[string, string] No - -
sqlLevel Specifies the level of SQL that will be collected. USER_ISSUED_SQL - User issued SQL statements only. ALL_SQL - Includes all SQL statements including SQL statement issued inside PL/SQL units. string No - -
status Specifies if the SqlCollection has to be started after creation. Enabled indicates that the SqlCollection will be started after creation. string No - -
targetId The OCID of the target corresponding to the security policy deployment. string Yes - -

Status

SqlCollectionStatus defines the observed state of SqlCollection.

Field Description Type Required Default Enum
compartmentId The OCID of the compartment containing the SQL collection. string No - -
dbUserName The database user name. string No - -
definedTags Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} map[string, map[string, string]] No - -
description The description of the SQL collection. string No - -
displayName The display name of the SQL collection. string No - -
freeformTags Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} map[string, string] No - -
id The OCID of the SQL collection. string No - -
lifecycleDetails Details about the current state of the SQL collection in Data Safe. string No - -
lifecycleState The current state of the SQL collection. string No - -
sdkStatus Specifies if the status of the SqlCollection. Enabled indicates that the collecting is in progress. This uses a distinct JSON name so it can coexist with the OSOK status envelope. string No - -
sqlLevel Specifies the level of SQL that will be collected. USER_ISSUED_SQL - User issued SQL statements only. ALL_SQL - Includes all SQL statements including SQL statement issued inside PL/SQL units. string No - -
status - object Yes - -
systemTags System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"orcl-cloud": {"free-tier-retained": "true"}} map[string, map[string, string]] No - -
targetId The OCID of the target corresponding to the security policy deployment. string No - -
timeCreated The time that the SQL collection was created, in the format defined by RFC3339. string No - -
timeLastStarted The timestamp of the most recent SqlCollection start operation, in the format defined by RFC3339. string No - -
timeLastStopped The timestamp of the most recent SqlCollection stop operation, in the format defined by RFC3339. string No - -
timeUpdated The last date and time the SQL collection was updated, in the format defined by RFC3339. string No - -

Status.status

Back to SqlCollection status

Field Description Type Required Default Enum
async Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. object No - -
conditions - list[object] No - -
createdAt - string (date-time) No - -
deletedAt - string (date-time) No - -
message - string No - -
ocid - string No - -
opcRequestId OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. string No - -
reason - string No - -
requestedAt - string (date-time) No - -
updatedAt - string (date-time) No - -

Status.status.async

Back to SqlCollection status

Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.

Field Description Type Required Default Enum
current - object No - -

Status.status.async.current

Back to SqlCollection status

Field Description Type Required Default Enum
message - string No - -
normalizedClass - string Yes - attention, canceled, failed, pending, succeeded, unknown
percentComplete - number No - -
phase - string Yes - create, delete, update
rawOperationType - string No - -
rawStatus - string No - -
source - string Yes - lifecycle, none, workrequest
updatedAt - string (date-time) Yes - -
workRequestId - string No - -

Status.status.conditions[]

Back to SqlCollection status

Field Description Type Required Default Enum
lastTransitionTime - string (date-time) No - -
message - string No - -
reason - string No - -
status - string Yes - -
type - string Yes - -

TargetAlertPolicyAssociation

TargetAlertPolicyAssociation is the Schema for the targetalertpolicyassociations API.

  • Plural: targetalertpolicyassociations
  • Scope: Namespaced
  • APIVersion: datasafe.oracle.com/v1beta1
  • Sample: Sample (config/samples/datasafe_v1beta1_targetalertpolicyassociation.yaml)
  • Packages: Not currently exposed by a customer-visible package.

Spec

TargetAlertPolicyAssociationSpec defines the desired state of TargetAlertPolicyAssociation.

Field Description Type Required Default Enum
compartmentId The OCID of the compartment where the target-alert policy association is created. string Yes - -
definedTags Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} map[string, map[string, string]] No - -
description Describes the target-alert policy association. string No - -
displayName The display name of the target-alert policy association. string No - -
freeformTags Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} map[string, string] No - -
isEnabled Indicates if the target-alert policy association is enabled or disabled by user. boolean Yes - -
policyId The OCID of the alert policy. string Yes - -
targetId The OCID of the target. string Yes - -

Status

TargetAlertPolicyAssociationStatus defines the observed state of TargetAlertPolicyAssociation.

Field Description Type Required Default Enum
compartmentId The OCID of the compartment that contains the policy. string No - -
definedTags Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} map[string, map[string, string]] No - -
description Describes the target-alert policy association. string No - -
displayName The display name of the target-alert policy association. string No - -
freeformTags Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} map[string, string] No - -
id The OCID of the target-alert policy association. string No - -
isEnabled Indicates if the target-alert policy association is enabled or disabled by user. boolean No - -
lifecycleDetails Details about the current state of the target-alert policy association. string No - -
lifecycleState The current state of the target-alert policy association. string No - -
policyId The OCID of the alert policy. string No - -
status - object Yes - -
systemTags System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"orcl-cloud": {"free-tier-retained": "true"}} map[string, map[string, string]] No - -
targetId The OCID of the target on which alert policy is to be applied. string No - -
timeCreated Creation date and time of the alert policy, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). string No - -
timeUpdated Last date and time the alert policy was updated, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). string No - -

Status.status

Back to TargetAlertPolicyAssociation status

Field Description Type Required Default Enum
async Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. object No - -
conditions - list[object] No - -
createdAt - string (date-time) No - -
deletedAt - string (date-time) No - -
message - string No - -
ocid - string No - -
opcRequestId OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. string No - -
reason - string No - -
requestedAt - string (date-time) No - -
updatedAt - string (date-time) No - -

Status.status.async

Back to TargetAlertPolicyAssociation status

Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.

Field Description Type Required Default Enum
current - object No - -

Status.status.async.current

Back to TargetAlertPolicyAssociation status

Field Description Type Required Default Enum
message - string No - -
normalizedClass - string Yes - attention, canceled, failed, pending, succeeded, unknown
percentComplete - number No - -
phase - string Yes - create, delete, update
rawOperationType - string No - -
rawStatus - string No - -
source - string Yes - lifecycle, none, workrequest
updatedAt - string (date-time) Yes - -
workRequestId - string No - -

Status.status.conditions[]

Back to TargetAlertPolicyAssociation status

Field Description Type Required Default Enum
lastTransitionTime - string (date-time) No - -
message - string No - -
reason - string No - -
status - string Yes - -
type - string Yes - -

TargetDatabase

TargetDatabase is the Schema for the targetdatabases API.

  • Plural: targetdatabases
  • Scope: Namespaced
  • APIVersion: datasafe.oracle.com/v1beta1
  • Sample: Sample (config/samples/datasafe_v1beta1_targetdatabase.yaml)
  • Packages: Not currently exposed by a customer-visible package.

Spec

TargetDatabaseSpec defines the desired state of TargetDatabase.

Field Description Type Required Default Enum
compartmentId The OCID of the compartment in which to create the Data Safe target database. string Yes - -
connectionOption TargetDatabaseConnectionOption defines nested fields for TargetDatabase.ConnectionOption. object No - -
credentials TargetDatabaseCredentials defines nested fields for TargetDatabase.Credentials. object No - -
databaseDetails TargetDatabaseDatabaseDetails defines nested fields for TargetDatabase.DatabaseDetails. object Yes - -
definedTags Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} map[string, map[string, string]] No - -
description The description of the target database in Data Safe. string No - -
displayName The display name of the target database in Data Safe. The name is modifiable and does not need to be unique. string No - -
freeformTags Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} map[string, string] No - -
peerTargetDatabaseDetails The details of the database to be registered as a peer target database. list[object] No - -
tlsConfig TargetDatabaseTlsConfig defines nested fields for TargetDatabase.TlsConfig. object No - -

Spec.connectionOption

Back to TargetDatabase spec

TargetDatabaseConnectionOption defines nested fields for TargetDatabase.ConnectionOption.

Field Description Type Required Default Enum
connectionType - string No - -
datasafePrivateEndpointId The OCID of the Data Safe private endpoint. string No - -
jsonData - string No - -
onPremConnectorId The OCID of the on-premises connector. string No - -

Spec.credentials

Back to TargetDatabase spec

TargetDatabaseCredentials defines nested fields for TargetDatabase.Credentials.

Field Description Type Required Default Enum
password The password of the database user. string Yes - -
userName The database user name. string Yes - -

Spec.databaseDetails

Back to TargetDatabase spec

TargetDatabaseDatabaseDetails defines nested fields for TargetDatabase.DatabaseDetails.

Field Description Type Required Default Enum
autonomousDatabaseId The OCID of the Autonomous Database registered as a target database in Data Safe. string No - -
databaseType - string No - -
dbSystemId The OCID of the cloud database registered as a target database in Data Safe. string No - -
infrastructureType The infrastructure type the database is running on. string Yes - -
instanceId The OCID of the compute instance on which the database is running. string No - -
ipAddresses The list of database host IP Addresses. Fully qualified domain names can be used if connectionType is 'ONPREM_CONNECTOR'. list[string] No - -
jsonData - string No - -
listenerPort The port number of the database listener. integer No - -
pluggableDatabaseId The OCID of the pluggable database registered as a target database in Data Safe. string No - -
serviceName The service name of the database registered as target database. string No - -
vmClusterId The OCID of the VM cluster in which the database is running. string No - -

Spec.peerTargetDatabaseDetails[]

Back to TargetDatabase spec

TargetDatabasePeerTargetDatabaseDetail defines nested fields for TargetDatabase.PeerTargetDatabaseDetail.

Field Description Type Required Default Enum
databaseDetails TargetDatabasePeerTargetDatabaseDetailDatabaseDetails defines nested fields for TargetDatabase.PeerTargetDatabaseDetail.DatabaseDetails. object Yes - -
dataguardAssociationId The OCID of the Data Guard Association resource in which the database being registered is considered as peer database to the primary database. string No - -
description The description of the peer target database in Data Safe. string No - -
displayName The display name of the peer target database in Data Safe. The name is modifiable and does not need to be unique. string No - -
tlsConfig TargetDatabasePeerTargetDatabaseDetailTlsConfig defines nested fields for TargetDatabase.PeerTargetDatabaseDetail.TlsConfig. object No - -

Spec.peerTargetDatabaseDetails[].databaseDetails

Back to TargetDatabase spec

TargetDatabasePeerTargetDatabaseDetailDatabaseDetails defines nested fields for TargetDatabase.PeerTargetDatabaseDetail.DatabaseDetails.

Field Description Type Required Default Enum
autonomousDatabaseId The OCID of the Autonomous Database registered as a target database in Data Safe. string No - -
databaseType - string No - -
dbSystemId The OCID of the cloud database registered as a target database in Data Safe. string No - -
infrastructureType The infrastructure type the database is running on. string Yes - -
instanceId The OCID of the compute instance on which the database is running. string No - -
ipAddresses The list of database host IP Addresses. Fully qualified domain names can be used if connectionType is 'ONPREM_CONNECTOR'. list[string] No - -
jsonData - string No - -
listenerPort The port number of the database listener. integer No - -
pluggableDatabaseId The OCID of the pluggable database registered as a target database in Data Safe. string No - -
serviceName The service name of the database registered as target database. string No - -
vmClusterId The OCID of the VM cluster in which the database is running. string No - -

Spec.peerTargetDatabaseDetails[].tlsConfig

Back to TargetDatabase spec

TargetDatabasePeerTargetDatabaseDetailTlsConfig defines nested fields for TargetDatabase.PeerTargetDatabaseDetail.TlsConfig.

Field Description Type Required Default Enum
certificateStoreType The format of the certificate store. string No - -
keyStoreContent Base64 encoded string of key store file content. string No - -
status Status to represent whether the database connection is TLS enabled or not. string Yes - -
storePassword The password to read the trust store and key store files, if they are password protected. string No - -
trustStoreContent Base64 encoded string of trust store file content. string No - -

Spec.tlsConfig

Back to TargetDatabase spec

TargetDatabaseTlsConfig defines nested fields for TargetDatabase.TlsConfig.

Field Description Type Required Default Enum
certificateStoreType The format of the certificate store. string No - -
keyStoreContent Base64 encoded string of key store file content. string No - -
status Status to represent whether the database connection is TLS enabled or not. string Yes - -
storePassword The password to read the trust store and key store files, if they are password protected. string No - -
trustStoreContent Base64 encoded string of trust store file content. string No - -

Status

TargetDatabaseStatus defines the observed state of TargetDatabase.

Field Description Type Required Default Enum
associatedResourceIds The OCIDs of associated resources like database, Data Safe private endpoint etc. list[string] No - -
compartmentId The OCID of the compartment which contains the Data Safe target database. string No - -
connectionOption TargetDatabaseConnectionOption defines nested fields for TargetDatabase.ConnectionOption. object No - -
credentials TargetDatabaseCredentialsObservedState defines nested fields for TargetDatabase.Credentials. object No - -
databaseDetails TargetDatabaseDatabaseDetails defines nested fields for TargetDatabase.DatabaseDetails. object No - -
databaseType The database type. string No - -
definedTags Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} map[string, map[string, string]] No - -
description The description of the target database in Data Safe. string No - -
displayName The display name of the target database in Data Safe. string No - -
freeformTags Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} map[string, string] No - -
id The OCID of the Data Safe target database. string No - -
infrastructureType The infrastructure type the database is running on. string No - -
lifecycleDetails Details about the current state of the target database in Data Safe. string No - -
lifecycleState The current state of the target database in Data Safe. string No - -
peerTargetDatabases The OCIDs of associated resources like database, Data Safe private endpoint, etc. list[object] No - -
status - object Yes - -
systemTags System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"orcl-cloud": {"free-tier-retained": "true"}} map[string, map[string, string]] No - -
timeCreated The date and time of the target database registration and creation in Data Safe. string No - -
timeUpdated The date and time of the target database update in Data Safe. string No - -
tlsConfig TargetDatabaseTlsConfig defines nested fields for TargetDatabase.TlsConfig. object No - -

Status.connectionOption

Back to TargetDatabase status

TargetDatabaseConnectionOption defines nested fields for TargetDatabase.ConnectionOption.

Field Description Type Required Default Enum
connectionType - string No - -
datasafePrivateEndpointId The OCID of the Data Safe private endpoint. string No - -
jsonData - string No - -
onPremConnectorId The OCID of the on-premises connector. string No - -

Status.credentials

Back to TargetDatabase status

TargetDatabaseCredentialsObservedState defines nested fields for TargetDatabase.Credentials.

Field Description Type Required Default Enum
userName The database user name. string No - -

Status.databaseDetails

Back to TargetDatabase status

TargetDatabaseDatabaseDetails defines nested fields for TargetDatabase.DatabaseDetails.

Field Description Type Required Default Enum
autonomousDatabaseId The OCID of the Autonomous Database registered as a target database in Data Safe. string No - -
databaseType - string No - -
dbSystemId The OCID of the cloud database registered as a target database in Data Safe. string No - -
infrastructureType The infrastructure type the database is running on. string Yes - -
instanceId The OCID of the compute instance on which the database is running. string No - -
ipAddresses The list of database host IP Addresses. Fully qualified domain names can be used if connectionType is 'ONPREM_CONNECTOR'. list[string] No - -
jsonData - string No - -
listenerPort The port number of the database listener. integer No - -
pluggableDatabaseId The OCID of the pluggable database registered as a target database in Data Safe. string No - -
serviceName The service name of the database registered as target database. string No - -
vmClusterId The OCID of the VM cluster in which the database is running. string No - -

Status.peerTargetDatabases[]

Back to TargetDatabase status

TargetDatabasePeerTargetDatabase defines nested fields for TargetDatabase.PeerTargetDatabase.

Field Description Type Required Default Enum
databaseDetails TargetDatabasePeerTargetDatabaseDatabaseDetails defines nested fields for TargetDatabase.PeerTargetDatabase.DatabaseDetails. object No - -
databaseUniqueName Unique name of the database associated to the peer target database. string No - -
dataguardAssociationId The OCID of the Data Guard Association resource in which the database associated to the peer target database is considered as peer database to the primary database. string No - -
description The description of the peer target database in Data Safe. string No - -
displayName The display name of the peer target database in Data Safe. string No - -
key The secondary key assigned for the peer target database in Data Safe. integer No - -
lifecycleDetails Details about the current state of the peer target database in Data Safe. string No - -
lifecycleState The current state of the peer target database in Data Safe. string No - -
role Role of the database associated to the peer target database. string No - -
timeCreated The date and time of the peer target database registration in Data Safe. string No - -
tlsConfig TargetDatabasePeerTargetDatabaseTlsConfig defines nested fields for TargetDatabase.PeerTargetDatabase.TlsConfig. object No - -

Status.peerTargetDatabases[].databaseDetails

Back to TargetDatabase status

TargetDatabasePeerTargetDatabaseDatabaseDetails defines nested fields for TargetDatabase.PeerTargetDatabase.DatabaseDetails.

Field Description Type Required Default Enum
autonomousDatabaseId The OCID of the Autonomous Database registered as a target database in Data Safe. string No - -
databaseType - string No - -
dbSystemId The OCID of the cloud database registered as a target database in Data Safe. string No - -
infrastructureType The infrastructure type the database is running on. string No - -
instanceId The OCID of the compute instance on which the database is running. string No - -
ipAddresses The list of database host IP Addresses. Fully qualified domain names can be used if connectionType is 'ONPREM_CONNECTOR'. list[string] No - -
jsonData - string No - -
listenerPort The port number of the database listener. integer No - -
pluggableDatabaseId The OCID of the pluggable database registered as a target database in Data Safe. string No - -
serviceName The service name of the database registered as target database. string No - -
vmClusterId The OCID of the VM cluster in which the database is running. string No - -

Status.peerTargetDatabases[].tlsConfig

Back to TargetDatabase status

TargetDatabasePeerTargetDatabaseTlsConfig defines nested fields for TargetDatabase.PeerTargetDatabase.TlsConfig.

Field Description Type Required Default Enum
certificateStoreType The format of the certificate store. string No - -
keyStoreContent Base64 encoded string of key store file content. string No - -
status Status to represent whether the database connection is TLS enabled or not. string No - -
storePassword The password to read the trust store and key store files, if they are password protected. string No - -
trustStoreContent Base64 encoded string of trust store file content. string No - -

Status.status

Back to TargetDatabase status

Field Description Type Required Default Enum
async Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. object No - -
conditions - list[object] No - -
createdAt - string (date-time) No - -
deletedAt - string (date-time) No - -
message - string No - -
ocid - string No - -
opcRequestId OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. string No - -
reason - string No - -
requestedAt - string (date-time) No - -
updatedAt - string (date-time) No - -

Status.status.async

Back to TargetDatabase status

Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.

Field Description Type Required Default Enum
current - object No - -

Status.status.async.current

Back to TargetDatabase status

Field Description Type Required Default Enum
message - string No - -
normalizedClass - string Yes - attention, canceled, failed, pending, succeeded, unknown
percentComplete - number No - -
phase - string Yes - create, delete, update
rawOperationType - string No - -
rawStatus - string No - -
source - string Yes - lifecycle, none, workrequest
updatedAt - string (date-time) Yes - -
workRequestId - string No - -

Status.status.conditions[]

Back to TargetDatabase status

Field Description Type Required Default Enum
lastTransitionTime - string (date-time) No - -
message - string No - -
reason - string No - -
status - string Yes - -
type - string Yes - -

Status.tlsConfig

Back to TargetDatabase status

TargetDatabaseTlsConfig defines nested fields for TargetDatabase.TlsConfig.

Field Description Type Required Default Enum
certificateStoreType The format of the certificate store. string No - -
keyStoreContent Base64 encoded string of key store file content. string No - -
status Status to represent whether the database connection is TLS enabled or not. string Yes - -
storePassword The password to read the trust store and key store files, if they are password protected. string No - -
trustStoreContent Base64 encoded string of trust store file content. string No - -

TargetDatabaseGroup

TargetDatabaseGroup is the Schema for the targetdatabasegroups API.

  • Plural: targetdatabasegroups
  • Scope: Namespaced
  • APIVersion: datasafe.oracle.com/v1beta1
  • Sample: Sample (config/samples/datasafe_v1beta1_targetdatabasegroup.yaml)
  • Packages: Not currently exposed by a customer-visible package.

Spec

TargetDatabaseGroupSpec defines the desired state of TargetDatabaseGroup.

Field Description Type Required Default Enum
compartmentId The OCID of the compartment to create the target database group. string Yes - -
definedTags Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} map[string, map[string, string]] No - -
description Description of the target database group (optional). string No - -
displayName The name of the target database group. string Yes - -
freeformTags Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} map[string, string] No - -
matchingCriteria TargetDatabaseGroupMatchingCriteria defines nested fields for TargetDatabaseGroup.MatchingCriteria. object Yes - -

Spec.matchingCriteria

Back to TargetDatabaseGroup spec

TargetDatabaseGroupMatchingCriteria defines nested fields for TargetDatabaseGroup.MatchingCriteria.

Field Description Type Required Default Enum
exclude TargetDatabaseGroupMatchingCriteriaExclude defines nested fields for TargetDatabaseGroup.MatchingCriteria.Exclude. object No - -
include TargetDatabaseGroupMatchingCriteriaInclude defines nested fields for TargetDatabaseGroup.MatchingCriteria.Include. object Yes - -

Spec.matchingCriteria.exclude

Back to TargetDatabaseGroup spec

TargetDatabaseGroupMatchingCriteriaExclude defines nested fields for TargetDatabaseGroup.MatchingCriteria.Exclude.

Field Description Type Required Default Enum
targetDatabaseIds The list of target database OCIDS, that should be excluded from the target database group (even if they match some of the other criteria). list[string] Yes - -

Spec.matchingCriteria.include

Back to TargetDatabaseGroup spec

TargetDatabaseGroupMatchingCriteriaInclude defines nested fields for TargetDatabaseGroup.MatchingCriteria.Include.

Field Description Type Required Default Enum
compartments List of compartment objects, each containing the OCID of the compartment and a boolean value that indicates whether the target databases in the compartments and sub-compartments should also be included in the target database group. list[object] No - -
definedTags Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} map[string, map[string, string]] No - -
freeformTags Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} map[string, string] No - -
targetDatabaseIds The list of target database OCIDs to be included in the target database group. list[string] No - -

Spec.matchingCriteria.include.compartments[]

Back to TargetDatabaseGroup spec

TargetDatabaseGroupMatchingCriteriaIncludeCompartment defines nested fields for TargetDatabaseGroup.MatchingCriteria.Include.Compartment.

Field Description Type Required Default Enum
id The OCID of the compartment for including target databases to the target database group. All target databases in the compartment will be members of the target database group. string Yes - -
isIncludeSubtree This indicates whether the target databases of sub-compartments should also be included in the target database group. By default, this parameter is set to false. boolean No - -

Status

TargetDatabaseGroupStatus defines the observed state of TargetDatabaseGroup.

Field Description Type Required Default Enum
compartmentId The OCID for the compartment containing the target database group. string No - -
definedTags Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} map[string, map[string, string]] No - -
description Description of the target database group. string No - -
displayName The name of the target database group. string No - -
freeformTags Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} map[string, string] No - -
id The OCID of the specified target database group. string No - -
lifecycleDetails Details for the lifecycle status of the target database group. string No - -
lifecycleState The lifecycle status of the target database group. string No - -
matchingCriteria TargetDatabaseGroupMatchingCriteria defines nested fields for TargetDatabaseGroup.MatchingCriteria. object No - -
membershipCount The number of target databases in the specified target database group. integer No - -
membershipUpdateTime Time when the members of the target database group were last changed, i.e. the list was refreshed, a target database was added or removed. string No - -
status - object Yes - -
systemTags System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"orcl-cloud": {"free-tier-retained": "true"}} map[string, map[string, string]] No - -
timeCreated Time when the target database group was created. string No - -
timeUpdated Time when the target database group was last updated. string No - -

Status.matchingCriteria

Back to TargetDatabaseGroup status

TargetDatabaseGroupMatchingCriteria defines nested fields for TargetDatabaseGroup.MatchingCriteria.

Field Description Type Required Default Enum
exclude TargetDatabaseGroupMatchingCriteriaExclude defines nested fields for TargetDatabaseGroup.MatchingCriteria.Exclude. object No - -
include TargetDatabaseGroupMatchingCriteriaInclude defines nested fields for TargetDatabaseGroup.MatchingCriteria.Include. object Yes - -

Status.matchingCriteria.exclude

Back to TargetDatabaseGroup status

TargetDatabaseGroupMatchingCriteriaExclude defines nested fields for TargetDatabaseGroup.MatchingCriteria.Exclude.

Field Description Type Required Default Enum
targetDatabaseIds The list of target database OCIDS, that should be excluded from the target database group (even if they match some of the other criteria). list[string] Yes - -

Status.matchingCriteria.include

Back to TargetDatabaseGroup status

TargetDatabaseGroupMatchingCriteriaInclude defines nested fields for TargetDatabaseGroup.MatchingCriteria.Include.

Field Description Type Required Default Enum
compartments List of compartment objects, each containing the OCID of the compartment and a boolean value that indicates whether the target databases in the compartments and sub-compartments should also be included in the target database group. list[object] No - -
definedTags Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} map[string, map[string, string]] No - -
freeformTags Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} map[string, string] No - -
targetDatabaseIds The list of target database OCIDs to be included in the target database group. list[string] No - -

Status.matchingCriteria.include.compartments[]

Back to TargetDatabaseGroup status

TargetDatabaseGroupMatchingCriteriaIncludeCompartment defines nested fields for TargetDatabaseGroup.MatchingCriteria.Include.Compartment.

Field Description Type Required Default Enum
id The OCID of the compartment for including target databases to the target database group. All target databases in the compartment will be members of the target database group. string Yes - -
isIncludeSubtree This indicates whether the target databases of sub-compartments should also be included in the target database group. By default, this parameter is set to false. boolean No - -

Status.status

Back to TargetDatabaseGroup status

Field Description Type Required Default Enum
async Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. object No - -
conditions - list[object] No - -
createdAt - string (date-time) No - -
deletedAt - string (date-time) No - -
message - string No - -
ocid - string No - -
opcRequestId OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. string No - -
reason - string No - -
requestedAt - string (date-time) No - -
updatedAt - string (date-time) No - -

Status.status.async

Back to TargetDatabaseGroup status

Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.

Field Description Type Required Default Enum
current - object No - -

Status.status.async.current

Back to TargetDatabaseGroup status

Field Description Type Required Default Enum
message - string No - -
normalizedClass - string Yes - attention, canceled, failed, pending, succeeded, unknown
percentComplete - number No - -
phase - string Yes - create, delete, update
rawOperationType - string No - -
rawStatus - string No - -
source - string Yes - lifecycle, none, workrequest
updatedAt - string (date-time) Yes - -
workRequestId - string No - -

Status.status.conditions[]

Back to TargetDatabaseGroup status

Field Description Type Required Default Enum
lastTransitionTime - string (date-time) No - -
message - string No - -
reason - string No - -
status - string Yes - -
type - string Yes - -

UnifiedAuditPolicy

UnifiedAuditPolicy is the Schema for the unifiedauditpolicies API.

  • Plural: unifiedauditpolicies
  • Scope: Namespaced
  • APIVersion: datasafe.oracle.com/v1beta1
  • Sample: Sample (config/samples/datasafe_v1beta1_unifiedauditpolicy.yaml)
  • Packages: Not currently exposed by a customer-visible package.

Spec

UnifiedAuditPolicySpec defines the desired state of UnifiedAuditPolicy.

Field Description Type Required Default Enum
compartmentId The OCID of the compartment in which to create the unified audit policy. string Yes - -
conditions Lists the audit policy provisioning conditions. list[object] Yes - -
definedTags Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} map[string, map[string, string]] No - -
description The description of the unified audit policy in Data Safe. string No - -
displayName The display name of the unified audit policy in Data Safe. The name is modifiable and does not need to be unique. string No - -
freeformTags Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} map[string, string] No - -
securityPolicyId The OCID of the security policy corresponding to the unified audit policy. string Yes - -
status Indicates whether the unified audit policy has been enabled or disabled. string Yes - -
unifiedAuditPolicyDefinitionId The OCID of the associated unified audit policy definition. string Yes - -

Spec.conditions[]

Back to UnifiedAuditPolicy spec

UnifiedAuditPolicyCondition defines nested fields for UnifiedAuditPolicy.Condition.

Field Description Type Required Default Enum
attributeSetId The OCID of the attribute set. string No - -
entitySelection Specifies whether to include or exclude the specified users or roles. string Yes - -
entityType - string No - -
jsonData - string No - -
operationStatus The operation status that the policy must be enabled for. string Yes - -
roleNames List of roles that the policy must be enabled for. list[string] No - -
userNames The list of users that the unified audit policy is enabled for. list[string] No - -

Status

UnifiedAuditPolicyStatus defines the observed state of UnifiedAuditPolicy.

Field Description Type Required Default Enum
compartmentId The OCID of the compartment containing the unified audit policy. string No - -
conditions Lists the audit policy provisioning conditions. list[object] No - -
definedTags Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} map[string, map[string, string]] No - -
description The description of the unified audit policy. string No - -
displayName The display name of the unified audit policy. string No - -
enabledEntities Indicates on whom the audit policy is enabled. string No - -
freeformTags Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} map[string, string] No - -
id The OCID of the unified audit policy. string No - -
isSeeded Indicates whether the unified audit policy is seeded or not. boolean No - -
lifecycleDetails The details of the current state of the unified audit policy in Data Safe. string No - -
lifecycleState The current state of the unified audit policy. string No - -
sdkStatus Indicates whether the policy has been enabled or disabled. This uses a distinct JSON name so it can coexist with the OSOK status envelope. string No - -
securityPolicyId The OCID of the security policy corresponding to the unified audit policy. string No - -
status - object Yes - -
systemTags System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"orcl-cloud": {"free-tier-retained": "true"}} map[string, map[string, string]] No - -
timeCreated The time the the unified audit policy was created, in the format defined by RFC3339. string No - -
timeUpdated The last date and time the unified audit policy was updated, in the format defined by RFC3339. string No - -
unifiedAuditPolicyDefinitionId The OCID of the associated unified audit policy definition. string No - -

Status.conditions[]

Back to UnifiedAuditPolicy status

UnifiedAuditPolicyCondition defines nested fields for UnifiedAuditPolicy.Condition.

Field Description Type Required Default Enum
attributeSetId The OCID of the attribute set. string No - -
entitySelection Specifies whether to include or exclude the specified users or roles. string Yes - -
entityType - string No - -
jsonData - string No - -
operationStatus The operation status that the policy must be enabled for. string Yes - -
roleNames List of roles that the policy must be enabled for. list[string] No - -
userNames The list of users that the unified audit policy is enabled for. list[string] No - -

Status.status

Back to UnifiedAuditPolicy status

Field Description Type Required Default Enum
async Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. object No - -
conditions - list[object] No - -
createdAt - string (date-time) No - -
deletedAt - string (date-time) No - -
message - string No - -
ocid - string No - -
opcRequestId OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. string No - -
reason - string No - -
requestedAt - string (date-time) No - -
updatedAt - string (date-time) No - -

Status.status.async

Back to UnifiedAuditPolicy status

Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.

Field Description Type Required Default Enum
current - object No - -

Status.status.async.current

Back to UnifiedAuditPolicy status

Field Description Type Required Default Enum
message - string No - -
normalizedClass - string Yes - attention, canceled, failed, pending, succeeded, unknown
percentComplete - number No - -
phase - string Yes - create, delete, update
rawOperationType - string No - -
rawStatus - string No - -
source - string Yes - lifecycle, none, workrequest
updatedAt - string (date-time) Yes - -
workRequestId - string No - -

Status.status.conditions[]

Back to UnifiedAuditPolicy status

Field Description Type Required Default Enum
lastTransitionTime - string (date-time) No - -
message - string No - -
reason - string No - -
status - string Yes - -
type - string Yes - -

UserAssessment

UserAssessment is the Schema for the userassessments API.

  • Plural: userassessments
  • Scope: Namespaced
  • APIVersion: datasafe.oracle.com/v1beta1
  • Sample: Sample (config/samples/datasafe_v1beta1_userassessment.yaml)
  • Packages: Not currently exposed by a customer-visible package.

Spec

UserAssessmentSpec defines the desired state of UserAssessment.

Field Description Type Required Default Enum
compartmentId The OCID of the compartment that contains the user assessment. string Yes - -
definedTags Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} map[string, map[string, string]] No - -
description The description of the user assessment. string No - -
displayName The display name of the user assessment. string No - -
freeformTags Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} map[string, string] No - -
isAssessmentScheduled Indicates whether the assessment is scheduled to run. boolean No - -
schedule To schedule the assessment for saving periodically, specify the schedule in this attribute. Create or schedule one assessment per compartment. If not defined, the assessment runs immediately. Format - ; Allowed version strings - "v1" v1's version specific schedule - Each of the above fields potentially introduce constraints. A workrequest is created only when clock time satisfies all the constraints. Constraints introduced: 1. seconds = (So, the allowed range for is [0, 59]) 2. minutes = (So, the allowed range for is [0, 59]) 3. hours = (So, the allowed range for is [0, 23]) can be either '' (without quotes or a number between 1(Monday) and 7(Sunday)) 4. No constraint introduced when it is ''. When not, day of week must equal the given value can be either '' (without quotes or a number between 1 and 28) 5. No constraint introduced when it is ''. When not, day of month must equal the given value string No - -
targetId The OCID of the target database or target database group on which user assessment is to be run. string Yes - -
targetType The type of user assessment resource whether it is individual or group resource. For individual target use type TARGET_DATABASE and for group resource use type TARGET_DATABASE_GROUP. If not provided, TARGET_DATABASE would be used as default value. string No - -

Status

UserAssessmentStatus defines the observed state of UserAssessment.

Field Description Type Required Default Enum
compartmentId The OCID of the compartment that contains the user assessment. string No - -
definedTags Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Operations": {"CostCenter": "42"}} map[string, map[string, string]] No - -
description The description of the user assessment. string No - -
displayName The display name of the user assessment. string No - -
freeformTags Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm) Example: {"Department": "Finance"} map[string, string] No - -
id The OCID of the user assessment. string No - -
ignoredAssessmentIds List containing maps as values. Example: {"Operations": [ {"CostCenter": "42"} ] } list[object (preserves unknown fields)] No - -
ignoredTargets List containing maps as values. Example: {"Operations": [ {"CostCenter": "42"} ] } list[object (preserves unknown fields)] No - -
isAssessmentScheduled Indicates whether the assessment is scheduled to run. boolean No - -
isBaseline Indicates if the user assessment is set as a baseline. This is applicable only to saved user assessments. boolean No - -
isDeviatedFromBaseline Indicates if the user assessment deviates from the baseline. boolean No - -
lastComparedBaselineId The OCID of the last user assessment baseline against which the latest assessment was compared. string No - -
lifecycleDetails Details about the current state of the user assessment. string No - -
lifecycleState The current state of the user assessment. string No - -
schedule Schedule of the assessment that runs periodically in this specified format: ; Allowed version strings - "v1" v1's version specific schedule - Each of the above fields potentially introduce constraints. A workrequest is created only when clock time satisfies all the constraints. Constraints introduced: 1. seconds = (So, the allowed range for is [0, 59]) 2. minutes = (So, the allowed range for is [0, 59]) 3. hours = (So, the allowed range for is [0, 23]) can be either '' (without quotes or a number between 1(Monday) and 7(Sunday)) 4. No constraint introduced when it is ''. When not, day of week must equal the given value can be either '' (without quotes or a number between 1 and 28) 5. No constraint introduced when it is ''. When not, day of month must equal the given value string No - -
scheduleAssessmentId The OCID of the user assessment that is responsible for creating this scheduled save assessment. string No - -
statistics Map that contains maps of values. Example: {"Operations": {"CostCenter": "42"}} map[string, map[string, string]] No - -
status - object Yes - -
systemTags System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"orcl-cloud": {"free-tier-retained": "true"}} map[string, map[string, string]] No - -
targetDatabaseGroupId The OCID of target database group. string No - -
targetIds Array of database target OCIDs. list[string] No - -
targetType Indicates whether the user assessment is for a target database or a target database group. string No - -
timeCreated The date and time the user assessment was created, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). string No - -
timeLastAssessed The date and time the user assessment was last executed, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). string No - -
timeUpdated The date and time the user assessment was last updated, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). string No - -
triggeredBy Indicates whether the user assessment was created by the system or the user. string No - -
type The type of the user assessment. The possible types are: LATEST: The latest assessment that was executed for a target. It can either be system generated as part of the scheduled assessments or user driven by refreshing the latest assessment. SAVED: A saved user assessment. All user assessments are saved in the user assessment history. SAVE_SCHEDULE: The schedule to periodically save the LATEST assessment of a target database. COMPARTMENT: An automatic managed assessment type that stores all details of the targets in one compartment. This will keep an up-to-date status of all potential risks identified in the compartment. It also keeps track of user count and target count for each profile available on the targets in a given compartment. It is automatically updated once the latest assessment or refresh action is executed, as well as when a target is deleted or moved to a different compartment. string No - -

Status.status

Back to UserAssessment status

Field Description Type Required Default Enum
async Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. object No - -
conditions - list[object] No - -
createdAt - string (date-time) No - -
deletedAt - string (date-time) No - -
message - string No - -
ocid - string No - -
opcRequestId OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. string No - -
reason - string No - -
requestedAt - string (date-time) No - -
updatedAt - string (date-time) No - -

Status.status.async

Back to UserAssessment status

Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.

Field Description Type Required Default Enum
current - object No - -

Status.status.async.current

Back to UserAssessment status

Field Description Type Required Default Enum
message - string No - -
normalizedClass - string Yes - attention, canceled, failed, pending, succeeded, unknown
percentComplete - number No - -
phase - string Yes - create, delete, update
rawOperationType - string No - -
rawStatus - string No - -
source - string Yes - lifecycle, none, workrequest
updatedAt - string (date-time) Yes - -
workRequestId - string No - -

Status.status.conditions[]

Back to UserAssessment status

Field Description Type Required Default Enum
lastTransitionTime - string (date-time) No - -
message - string No - -
reason - string No - -
status - string Yes - -
type - string Yes - -