operatoraccesscontrol.oracle.com/v1beta1¶
APIVersion: operatoraccesscontrol.oracle.com/v1beta1
This content is generated from the checked-in CRD schemas in config/crd/bases/. If a description is missing or incorrect, fix the source comments or generator inputs and rerun make generate manifests; do not hand-edit config/crd/bases/*.yaml.
Packages¶
No customer-visible package currently exposes operatoraccesscontrol.oracle.com/v1beta1.
Resources¶
| Kind | Scope | Sample | Packages |
|---|---|---|---|
| OperatorControl | Namespaced | Sample | - |
| OperatorControlAssignment | Namespaced | Sample | - |
OperatorControl¶
OperatorControl is the Schema for the operatorcontrols API.
Plural:operatorcontrolsScope:NamespacedAPIVersion:operatoraccesscontrol.oracle.com/v1beta1Sample: Sample (config/samples/operatoraccesscontrol_v1beta1_operatorcontrol.yaml)Packages: Not currently exposed by a customer-visible package.
Spec¶
OperatorControlSpec defines the desired state of OperatorControl.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
approverGroupsList |
List of user groups who can approve an access request associated with a resource governed by this operator control. | list[string] |
Yes | - | - |
approversList |
List of users who can approve an access request associated with a resource governed by this operator control. | list[string] |
No | - | - |
compartmentId |
The OCID of the compartment that contains this operator control. | string |
Yes | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. | map[string, map[string, string]] |
No | - | - |
description |
Description of the operator control. | string |
No | - | - |
emailIdList |
List of emailId. | list[string] |
No | - | - |
freeformTags |
Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only. | map[string, string] |
No | - | - |
isFullyPreApproved |
Whether all the operator actions have been pre-approved. If yes, all access requests associated with a resource governed by this operator control will be auto-approved. | boolean |
Yes | - | - |
numberOfApprovers |
Number of approvers required to approve an access request. | integer |
No | - | - |
operatorControlName |
Name of the operator control. | string |
Yes | - | - |
preApprovedOpActionList |
List of pre-approved operator actions. Access requests associated with a resource governed by this operator control will be auto-approved if the access request only contain operator actions in the pre-approved list. | list[string] |
No | - | - |
resourceType |
resourceType for which the OperatorControl is applicable | string |
Yes | - | - |
systemMessage |
This is the message that will be displayed to the operator users while accessing the system. | string |
No | - | - |
Status¶
OperatorControlStatus defines the observed state of OperatorControl.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
approvalRequiredOpActionList |
List of operator actions that need explicit approval. Any operator action not in the pre-approved list will require explicit approval. Access requests associated with a resource governed by this operator control will be require explicit approval if the access request contains any operator action in this list. | list[string] |
No | - | - |
approverGroupsList |
List of user groups who can approve an access request associated with a target resource under the governance of this operator control. | list[string] |
No | - | - |
approversList |
List of users who can approve an access request associated with a target resource under the governance of this operator control. | list[string] |
No | - | - |
compartmentId |
The OCID of the compartment that contains the operator control. | string |
No | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. | map[string, map[string, string]] |
No | - | - |
description |
Description of operator control. | string |
No | - | - |
emailIdList |
List of emailId. | list[string] |
No | - | - |
freeformTags |
Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only. | map[string, string] |
No | - | - |
id |
The OCID of the operator control. | string |
No | - | - |
isDefaultOperatorControl |
Whether the operator control is a default Operator Control. | boolean |
No | - | - |
isFullyPreApproved |
Whether all the operator actions have been pre-approved. If yes, all access requests associated with a resource governed by this operator control will be auto-approved. | boolean |
No | - | - |
lastModifiedInfo |
Description associated with the latest modification of the operator control. | string |
No | - | - |
lifecycleState |
The current lifecycle state of the operator control. | string |
No | - | - |
numberOfApprovers |
Number of approvers required to approve an access request. | integer |
No | - | - |
operatorControlName |
Name of the operator control. The name must be unique. | string |
No | - | - |
preApprovedOpActionList |
List of pre-approved operator actions. Access requests associated with a resource governed by this operator control will be automatically approved if the access request only contain operator actions in the pre-approved list. | list[string] |
No | - | - |
resourceType |
resourceType for which the OperatorControl is applicable | string |
No | - | - |
status |
- | object |
Yes | - | - |
systemMessage |
System message that would be displayed to the operator users on accessing the target resource under the governance of this operator control. | string |
No | - | - |
timeOfCreation |
Time when the operator control was created expressed in RFC 3339 (https://tools.ietf.org/html/rfc3339) timestamp format. Example: '2020-05-22T21:10:29.600Z' | string |
No | - | - |
timeOfDeletion |
Time when deleted expressed in RFC 3339 (https://tools.ietf.org/html/rfc3339)timestamp format. Example: '2020-05-22T21:10:29.600Z'. Note a deleted operator control still stays in the system, so that you can still audit operator actions associated with access requests raised on target resources governed by the deleted operator control. | string |
No | - | - |
timeOfModification |
Time when the operator control was last modified expressed in RFC 3339 (https://tools.ietf.org/html/rfc3339) timestamp format. Example: '2020-05-22T21:10:29.600Z' | string |
No | - | - |
Status.status¶
Back to OperatorControl status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. | object |
No | - | - |
conditions |
- | list[object] |
No | - | - |
createdAt |
- | string (date-time) |
No | - | - |
deletedAt |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
ocid |
- | string |
No | - | - |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. | string |
No | - | - |
reason |
- | string |
No | - | - |
requestedAt |
- | string (date-time) |
No | - | - |
updatedAt |
- | string (date-time) |
No | - | - |
Status.status.async¶
Back to OperatorControl status
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
current |
- | object |
No | - | - |
Status.status.async.current¶
Back to OperatorControl status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
message |
- | string |
No | - | - |
normalizedClass |
- | string |
Yes | - | attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- | number |
No | - | - |
phase |
- | string |
Yes | - | create, delete, update |
rawOperationType |
- | string |
No | - | - |
rawStatus |
- | string |
No | - | - |
source |
- | string |
Yes | - | lifecycle, none, workrequest |
updatedAt |
- | string (date-time) |
Yes | - | - |
workRequestId |
- | string |
No | - | - |
Status.status.conditions[]¶
Back to OperatorControl status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
lastTransitionTime |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
reason |
- | string |
No | - | - |
status |
- | string |
Yes | - | - |
type |
- | string |
Yes | - | - |
OperatorControlAssignment¶
OperatorControlAssignment is the Schema for the operatorcontrolassignments API.
Plural:operatorcontrolassignmentsScope:NamespacedAPIVersion:operatoraccesscontrol.oracle.com/v1beta1Sample: Sample (config/samples/operatoraccesscontrol_v1beta1_operatorcontrolassignment.yaml)Packages: Not currently exposed by a customer-visible package.
Spec¶
OperatorControlAssignmentSpec defines the desired state of OperatorControlAssignment.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
comment |
Comment about the assignment of the operator control to this target resource. | string |
No | - | - |
compartmentId |
The OCID of the compartment that contains the operator control assignment. | string |
Yes | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. | map[string, map[string, string]] |
No | - | - |
freeformTags |
Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only. | map[string, string] |
No | - | - |
isAutoApproveDuringMaintenance |
The boolean if true would autoApprove during maintenance. | boolean |
No | - | - |
isEnforcedAlways |
If set, then the target resource is always governed by the operator control. | boolean |
Yes | - | - |
isHypervisorLogForwarded |
If set, then the hypervisor audit logs will be forwarded to the relevant remote syslog server | boolean |
No | - | - |
isLogForwarded |
If set, then the audit logs will be forwarded to the relevant remote logging server | boolean |
No | - | - |
operatorControlId |
The OCID of the operator control that is being assigned to a target resource. | string |
Yes | - | - |
remoteSyslogServerAddress |
The address of the remote syslog server where the audit logs will be forwarded to. Address in host or IP format. | string |
No | - | - |
remoteSyslogServerCACert |
The CA certificate of the remote syslog server. Identity of the remote syslog server will be asserted based on this certificate. | string |
No | - | - |
remoteSyslogServerPort |
The listening port of the remote syslog server. The port range is 0 - 65535. Only TCP supported. | integer |
No | - | - |
resourceCompartmentId |
The OCID of the compartment that contains the target resource. | string |
Yes | - | - |
resourceId |
The OCID of the target resource being brought under the governance of the operator control. | string |
Yes | - | - |
resourceName |
Name of the target resource. | string |
Yes | - | - |
resourceType |
Type of the target resource. | string |
Yes | - | - |
timeAssignmentFrom |
The time at which the target resource will be brought under the governance of the operator control in RFC 3339 (https://tools.ietf.org/html/rfc3339) timestamp format. Example: '2020-05-22T21:10:29.600Z' | string |
No | - | - |
timeAssignmentTo |
The time at which the target resource will leave the governance of the operator control in RFC 3339 (https://tools.ietf.org/html/rfc3339)timestamp format.Example: '2020-05-22T21:10:29.600Z' | string |
No | - | - |
Status¶
OperatorControlAssignmentStatus defines the observed state of OperatorControlAssignment.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
assignerId |
The OCID of the user who created this operator control assignment. | string |
No | - | - |
comment |
Comment about the assignment of the operator control to this target resource. | string |
No | - | - |
compartmentId |
The OCID of the comparment that contains the operator control assignment. | string |
No | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. | map[string, map[string, string]] |
No | - | - |
detachmentDescription |
description containing reason for releasing of OperatorControl. | string |
No | - | - |
errorCode |
The code identifying the error occurred during Assignment operation. | integer |
No | - | - |
errorMessage |
The message describing the error occurred during Assignment operation. | string |
No | - | - |
freeformTags |
Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only. | map[string, string] |
No | - | - |
id |
The OCID of the operator control assignment. | string |
No | - | - |
isAutoApproveDuringMaintenance |
The boolean if true would autoApprove during maintenance. | boolean |
No | - | - |
isDefaultAssignment |
Whether the assignment is a default assignment. | boolean |
No | - | - |
isEnforcedAlways |
If set, then the target resource is always governed by the operator control. | boolean |
No | - | - |
isHypervisorLogForwarded |
If set, then the hypervisor audit logs will be forwarded to the relevant remote syslog server | boolean |
No | - | - |
isLogForwarded |
If set indicates that the audit logs are being forwarded to the relevant remote logging server | boolean |
No | - | - |
lifecycleDetails |
More in detail about the lifeCycleState. | string |
No | - | - |
lifecycleState |
The current lifcycle state of the OperatorControl. | string |
No | - | - |
opControlName |
Name of the operator control name associated. | string |
No | - | - |
operatorControlId |
The OCID of the operator control. | string |
No | - | - |
remoteSyslogServerAddress |
The address of the remote syslog server where the audit logs are being forwarded to. Address in host or IP format. | string |
No | - | - |
remoteSyslogServerCACert |
The CA certificate of the remote syslog server. | string |
No | - | - |
remoteSyslogServerPort |
The listening port of the remote syslog server. The port range is 0 - 65535. Only TCP supported. | integer |
No | - | - |
resourceCompartmentId |
The OCID of the compartment that contains the target resource. | string |
No | - | - |
resourceId |
The OCID of the target resource. | string |
No | - | - |
resourceName |
Name of the target resource. | string |
No | - | - |
resourceType |
resourceType for which the OperatorControlAssignment is applicable | string |
No | - | - |
status |
- | object |
Yes | - | - |
timeAssignmentFrom |
The time at which the target resource will be brought under the governance of the operator control expressed in RFC 3339 (https://tools.ietf.org/html/rfc3339) timestamp format. Example: '2020-05-22T21:10:29.600Z' | string |
No | - | - |
timeAssignmentTo |
The time at which the target resource will leave the governance of the operator control expressed in RFC 3339 (https://tools.ietf.org/html/rfc3339) timestamp format. Example: '2020-05-22T21:10:29.600Z' | string |
No | - | - |
timeOfAssignment |
Time when the operator control assignment is created in RFC 3339 (https://tools.ietf.org/html/rfc3339) timestamp format. Example: '2020-05-22T21:10:29.600Z' | string |
No | - | - |
timeOfDeletion |
Time on which the operator control assignment was deleted in RFC 3339 (https://tools.ietf.org/html/rfc3339)timestamp format.Example: '2020-05-22T21:10:29.600Z' | string |
No | - | - |
unassignerId |
User id who released the operatorControl. | string |
No | - | - |
Status.status¶
Back to OperatorControlAssignment status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. | object |
No | - | - |
conditions |
- | list[object] |
No | - | - |
createdAt |
- | string (date-time) |
No | - | - |
deletedAt |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
ocid |
- | string |
No | - | - |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. | string |
No | - | - |
reason |
- | string |
No | - | - |
requestedAt |
- | string (date-time) |
No | - | - |
updatedAt |
- | string (date-time) |
No | - | - |
Status.status.async¶
Back to OperatorControlAssignment status
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
current |
- | object |
No | - | - |
Status.status.async.current¶
Back to OperatorControlAssignment status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
message |
- | string |
No | - | - |
normalizedClass |
- | string |
Yes | - | attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- | number |
No | - | - |
phase |
- | string |
Yes | - | create, delete, update |
rawOperationType |
- | string |
No | - | - |
rawStatus |
- | string |
No | - | - |
source |
- | string |
Yes | - | lifecycle, none, workrequest |
updatedAt |
- | string (date-time) |
Yes | - | - |
workRequestId |
- | string |
No | - | - |
Status.status.conditions[]¶
Back to OperatorControlAssignment status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
lastTransitionTime |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
reason |
- | string |
No | - | - |
status |
- | string |
Yes | - | - |
type |
- | string |
Yes | - | - |