delegateaccesscontrol.oracle.com/v1beta1¶
APIVersion: delegateaccesscontrol.oracle.com/v1beta1
This content is generated from the checked-in CRD schemas in config/crd/bases/. If a description is missing or incorrect, fix the source comments or generator inputs and rerun make generate manifests; do not hand-edit config/crd/bases/*.yaml.
Packages¶
No customer-visible package currently exposes delegateaccesscontrol.oracle.com/v1beta1.
Resources¶
| Kind | Scope | Sample | Packages |
|---|---|---|---|
| DelegationControl | Namespaced | Sample | - |
DelegationControl¶
Manage OCI Delegate Access Control delegation controls.
Plural:delegationcontrolsScope:NamespacedAPIVersion:delegateaccesscontrol.oracle.com/v1beta1Sample: Sample (config/samples/delegateaccesscontrol_v1beta1_delegationcontrol.yaml)Packages: Not currently exposed by a customer-visible package.
Spec¶
DelegationControlSpec defines the desired state of DelegationControl.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
compartmentId |
The OCID of the compartment that contains this Delegation Control. | string |
Yes | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm). Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
delegationSubscriptionIds |
List of Delegation Subscription OCID that are allowed for this Delegation Control. The allowed subscriptions will determine the available Service Provider Actions. Only support operators for the allowed subscriptions are allowed to create Delegated Resource Access Request. | list[string] |
Yes | - | - |
description |
Description of the Delegation Control. | string |
No | - | - |
displayName |
Name of the Delegation Control. The name does not need to be unique. | string |
Yes | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm). Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
isAutoApproveDuringMaintenance |
Set to true to allow all Delegated Resource Access Request to be approved automatically during maintenance. | boolean |
No | - | - |
notificationMessageFormat |
The format of the OCI Notification messages for this Delegation Control. | string |
Yes | - | - |
notificationTopicId |
The OCID of the OCI Notification topic to publish messages related to this Delegation Control. | string |
Yes | - | - |
numApprovalsRequired |
number of approvals required. | integer |
No | - | - |
preApprovedServiceProviderActionNames |
List of pre-approved Service Provider Action names. The list of pre-defined Service Provider Actions can be obtained from the ListServiceProviderActions API. Delegated Resource Access Requests associated with a resource governed by this Delegation Control will be automatically approved if the Delegated Resource Access Request only contain Service Provider Actions in the pre-approved list. | list[string] |
No | - | - |
resourceIds |
The OCID of the selected resources that this Delegation Control is applicable to. | list[string] |
Yes | - | - |
resourceType |
Resource type for which the Delegation Control is applicable to. | string |
Yes | - | - |
vaultId |
The OCID of the OCI Vault that will store the secrets containing the SSH keys to access the resource governed by this Delegation Control by Delegate Access Control Service. This property is required when resourceType is CLOUDVMCLUSTER. Delegate Access Control Service will generate the SSH keys and store them as secrets in the OCI Vault. | string |
No | - | - |
vaultKeyId |
The OCID of the Master Encryption Key in the OCI Vault specified by vaultId. This key will be used to encrypt the SSH keys to access the resource governed by this Delegation Control by Delegate Access Control Service. This property is required when resourceType is CLOUDVMCLUSTER. | string |
No | - | - |
Status¶
DelegationControlStatus defines the observed state of DelegationControl.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
compartmentId |
The OCID of the compartment that contains the Delegation Control. | string |
No | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm). Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
delegationSubscriptionIds |
List of Delegation Subscription OCID that are allowed for this Delegation Control. The allowed subscriptions will determine the available Service Provider Actions. Only support operators for the allowed subscriptions are allowed to create Delegated Resource Access Request. | list[string] |
No | - | - |
description |
Description of the Delegation Control. | string |
No | - | - |
displayName |
Name of the Delegation Control. The name does not need to be unique. | string |
No | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm). Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
id |
The OCID of the Delegation Control. | string |
No | - | - |
isAutoApproveDuringMaintenance |
Set to true to allow all Delegated Resource Access Request to be approved automatically during maintenance. | boolean |
No | - | - |
lifecycleState |
The current lifecycle state of the Delegation Control. | string |
No | - | - |
lifecycleStateDetails |
Description of the current lifecycle state in more detail. | string |
No | - | - |
notificationMessageFormat |
The format of the OCI Notification messages for this Delegation Control. | string |
No | - | - |
notificationTopicId |
The OCID of the OCI Notification topic to publish messages related to this Delegation Control. | string |
No | - | - |
numApprovalsRequired |
number of approvals required. | integer |
No | - | - |
preApprovedServiceProviderActionNames |
List of pre-approved Service Provider Action names. The list of pre-defined Service Provider Actions can be obtained from the ListServiceProviderActions API. Delegated Resource Access Requests associated with a resource governed by this Delegation Control will be automatically approved if the Delegated Resource Access Request only contain Service Provider Actions in the pre-approved list. | list[string] |
No | - | - |
resourceIds |
The OCID of the selected resources that this Delegation Control is applicable to. | list[string] |
No | - | - |
resourceType |
Resource type for which the Delegation Control is applicable to. | string |
No | - | - |
status |
- | object |
Yes | - | - |
systemTags |
System tags for this resource. Each key is predefined and scoped to a namespace. Example: {"orcl-cloud": {"free-tier-retained": "true"}} |
map[string, map[string, string]] |
No | - | - |
timeCreated |
Time when the Delegation Control was created expressed in RFC 3339 (https://tools.ietf.org/html/rfc3339) timestamp format, e.g. '2020-05-22T21:10:29.600Z' | string |
No | - | - |
timeDeleted |
Time when the Delegation Control was deleted expressed in RFC 3339 (https://tools.ietf.org/html/rfc3339)timestamp format, e.g. '2020-05-22T21:10:29.600Z'. Note a deleted Delegation Control still stays in the system, so that you can still audit Service Provider Actions associated with Delegated Resource Access Requests raised on target resources governed by the deleted Delegation Control. | string |
No | - | - |
timeUpdated |
Time when the Delegation Control was last modified expressed in RFC 3339 (https://tools.ietf.org/html/rfc3339) timestamp format, e.g. '2020-05-22T21:10:29.600Z' | string |
No | - | - |
vaultId |
The OCID of the OCI Vault that will store the secrets containing the SSH keys to access the resource governed by this Delegation Control by Delegate Access Control Service. This property is required when resourceType is CLOUDVMCLUSTER. Delegate Access Control Service will generate the SSH keys and store them as secrets in the OCI Vault. | string |
No | - | - |
vaultKeyId |
The OCID of the Master Encryption Key in the OCI Vault specified by vaultId. This key will be used to encrypt the SSH keys to access the resource governed by this Delegation Control by Delegate Access Control Service. This property is required when resourceType is CLOUDVMCLUSTER. | string |
No | - | - |
Status.status¶
Back to DelegationControl status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. | object |
No | - | - |
conditions |
- | list[object] |
No | - | - |
createdAt |
- | string (date-time) |
No | - | - |
deletedAt |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
ocid |
- | string |
No | - | - |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. | string |
No | - | - |
reason |
- | string |
No | - | - |
requestedAt |
- | string (date-time) |
No | - | - |
updatedAt |
- | string (date-time) |
No | - | - |
Status.status.async¶
Back to DelegationControl status
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
current |
- | object |
No | - | - |
Status.status.async.current¶
Back to DelegationControl status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
message |
- | string |
No | - | - |
normalizedClass |
- | string |
Yes | - | attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- | number |
No | - | - |
phase |
- | string |
Yes | - | create, delete, update |
rawOperationType |
- | string |
No | - | - |
rawStatus |
- | string |
No | - | - |
source |
- | string |
Yes | - | lifecycle, none, workrequest |
updatedAt |
- | string (date-time) |
Yes | - | - |
workRequestId |
- | string |
No | - | - |
Status.status.conditions[]¶
Back to DelegationControl status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
lastTransitionTime |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
reason |
- | string |
No | - | - |
status |
- | string |
Yes | - | - |
type |
- | string |
Yes | - | - |