Advertisement
fkeles

create-tag-dyn-grp-policy-add-tag.sh

May 17th, 2023
156
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 4.72 KB | Source Code | 0 0
  1. ## create tag namespace
  2. ubuntu@FAKELES-7310:~/$ oci raw-request --http-method POST --target-uri https://identity.<region>.oraclecloud.com/20160918/tagNamespaces --request-body '{"compartmentId" : "ocid1.tenancy.oc1..<tenancy-id>","name" : "UseOCIResourceViewsOnAutonomous","description" : "Allow Autonomous database instances with this tag to use resource views"}'
  3. {
  4.   "data": {
  5.     "compartmentId": "ocid1.tenancy.oc1..<tenancy-id>",
  6.     "definedTags": {
  7.       "Oracle-Tags": {
  8.         "CreatedBy": "default/<my-email>@oracle.com",
  9.         "CreatedOn": "2023-05-16T18:29:29.505Z"
  10.       }
  11.     },
  12.     "description": "Allow Autonomous database instances with this tag to use resource views",
  13.     "freeformTags": {},
  14.     "id": "ocid1.tagnamespace.oc1..<tagnamespace-id>",
  15.     "isRetired": false,
  16.     "lifecycleState": "ACTIVE",
  17.     "locks": [],
  18.     "name": "UseOCIResourceViewsOnAutonomous",
  19.     "systemTags": {},
  20.     "timeCreated": "2023-05-16T18:29:29.624Z"
  21.   },
  22.   "headers": {
  23.     "Content-Length": "568",
  24.     "Content-Type": "application/json",
  25.     "Date": "Tue, 16 May 2023 18:29:29 GMT",
  26.     "ETag": "655553e5ae32aad0c311a7ecc0c663298be5d1af",
  27.     "Location": "https://tagging-control-plane.svc.ad1.<region>/20160918/tagNamespaces/ocid1.tagnamespace.oc1..<tagnamespace-id>",
  28.     "X-Content-Type-Options": "nosniff",
  29.     "opc-request-id": "3B18208D05D24C8C8D53479868ED7F1E/08847CD0B5018368B03C8AABBD3CC700/E02FA1EB97EAE2D330EA75457FEEC9FC"
  30.   },
  31.   "status": "200 OK"
  32. }
  33.  
  34. ## create tag key
  35. ubuntu@FAKELES-7310:~/py-projects$ oci raw-request --http-method POST --target-uri https://identity.<region>.oraclecloud.com/20160918/tagNamespaces/ocid1.tagnamespace.oc1..<tagnamespace-id>/tags --request-body '{"name" : "Allowed","description" : "Allow using resource views","type" : "string","validator": {"validatorType": "ENUM","values": ["True","False"]}}'
  36. {
  37.   "data": {
  38.     "compartmentId": "ocid1.tenancy.oc1..<tenancy-id>",
  39.     "definedTags": {
  40.       "Oracle-Tags": {
  41.         "CreatedBy": "default/<my-email>@oracle.com",
  42.         "CreatedOn": "2023-05-16T18:31:21.630Z"
  43.       }
  44.     },
  45.     "description": "Allow running commands",
  46.     "freeformTags": {},
  47.     "id": "ocid1.tagdefinition.oc1..<tagdefinition-id>",
  48.     "isCostTracking": false,
  49.     "isRetired": false,
  50.     "lifecycleState": "ACTIVE",
  51.     "locks": [],
  52.     "name": "Allowed",
  53.     "systemTags": {},
  54.     "tagNamespaceId": "ocid1.tagnamespace.oc1..<tagnamespace-id>",
  55.     "tagNamespaceName": "UseOCIResourceViewsOnAutonomous",
  56.     "timeCreated": "2023-05-16T18:31:21.693Z",
  57.     "validator": {
  58.       "validatorType": "ENUM",
  59.       "values": [
  60.         "True",
  61.         "False"
  62.       ]
  63.     }
  64.   },
  65.   "headers": {
  66.     "Content-Length": "739",
  67.     "Content-Type": "application/json",
  68.     "Date": "Tue, 16 May 2023 18:31:21 GMT",
  69.     "ETag": "1c8289ccec78729d558f95e4509c8ddfc6a03fc1",
  70.     "Location": "https://tagging-control-plane.svc.ad2.<region>/20160918/tagNamespaces/ocid1.tagnamespace.oc1..<tagnamespace-id>/tags/ocid1.tagdefinition.oc1..<tagdefinition-id>",
  71.     "X-Content-Type-Options": "nosniff",
  72.     "opc-request-id": "69C16ADDD731431F946C113DAC1B5B45/26F6295599052BF19DB0CBDE7EED1D09/D1702FE635E03D742EFD62A95CCCBE84"
  73.   },
  74.   "status": "200 OK"
  75. }
  76.  
  77. ## get autonomous database
  78. oci db autonomous-database get --autonomous-database-id ocid1.autonomousdatabase.oc1.<region>.<autonomousdatabase-id>
  79.  
  80. ## update and add tags
  81. oci db autonomous-database update --autonomous-database-id ocid1.autonomousdatabase.oc1.<region>.<autonomousdatabase-id> --defined-tags '{"Oracle-Tags": {"CreatedBy": "default/<my-email>@oracle.com","CreatedOn": "2023-04-05T12:50:56.061Z"},"Schedule": {"WeekDay": "0,0,0,0,0,*,*,*,*,*,*,*,*,*,*,*,*,0,0,0,0,0,0,0","Weekend": "0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0"},"UseOCIResourceViewsOnAutonomous":{"Allowed": "True"}}'
  82.  
  83. ## create dynamic group
  84. oci iam dynamic-group create --compartment-id ocid1.tenancy.oc1..<tenancy-id> --description "Allow autonomous database instances with specific tags to use resource views " --name UseOCIResourceViewsDynamicGroup --matching-rule "tag.UseOCIResourceViewsOnAutonomous.Allowed.value='True'"
  85.  
  86. ## update policy
  87. oci iam policy update --policy-id ocid1.policy.oc1..<policy-id> --statements '["Define tenancy usage-report as ocid1.tenancy.oc1..aaaaaaaaned4fkpkisbwjlr56u7cj63lf3wffbilvqknstgtvzub7vhqkggq","existing statement 1","existing statement 2","Endorse dynamic-group UseOCIResourceViewsDynamicGroup to read objects in tenancy usage-report","Allow dynamic-group UseOCIResourceViewsDynamicGroup to read buckets in tenancy","Allow dynamic-group UseOCIResourceViewsDynamicGroup to read autonomous-database in tenancy","Allow dynamic-group UseOCIResourceViewsDynamicGroup to read usage-budgets in tenancy"]' --version-date ''
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement