oracle.oci.oci_audit_event_facts – Fetches details about one or multiple AuditEvent resources in Oracle Cloud Infrastructure¶
Note
This plugin is part of the oracle.oci collection (version 5.3.0).
You might already have this collection installed if you are using the ansible package.
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install oracle.oci.
To use it in a playbook, specify: oracle.oci.oci_audit_event_facts.
New in version 2.9.0: of oracle.oci
Synopsis¶
Fetches details about one or multiple AuditEvent resources in Oracle Cloud Infrastructure
Returns all the audit events processed for the specified compartment within the specified time range.
Requirements¶
The below requirements are needed on the host that executes this module.
python >= 3.6
Python SDK for Oracle Cloud Infrastructure https://oracle-cloud-infrastructure-python-sdk.readthedocs.io
Parameters¶
| Parameter | Choices/Defaults | Comments |
|---|---|---|
|
api_user
string
|
The OCID of the user, on whose behalf, OCI APIs are invoked. If not set, then the value of the OCI_USER_ID environment variable, if any, is used. This option is required if the user is not specified through a configuration file (See
config_file_location). To get the user's OCID, please refer https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm. |
|
|
api_user_fingerprint
string
|
Fingerprint for the key pair being used. If not set, then the value of the OCI_USER_FINGERPRINT environment variable, if any, is used. This option is required if the key fingerprint is not specified through a configuration file (See
config_file_location). To get the key pair's fingerprint value please refer https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm. |
|
|
api_user_key_file
string
|
Full path and filename of the private key (in PEM format). If not set, then the value of the OCI_USER_KEY_FILE variable, if any, is used. This option is required if the private key is not specified through a configuration file (See
config_file_location). If the key is encrypted with a pass-phrase, the api_user_key_pass_phrase option must also be provided. |
|
|
api_user_key_pass_phrase
string
|
Passphrase used by the key referenced in
api_user_key_file, if it is encrypted. If not set, then the value of the OCI_USER_KEY_PASS_PHRASE variable, if any, is used. This option is required if the key passphrase is not specified through a configuration file (See config_file_location). |
|
|
auth_purpose
string
|
|
The auth purpose which can be used in conjunction with 'auth_type=instance_principal'. The default auth_purpose for instance_principal is None.
|
|
auth_type
string
|
|
The type of authentication to use for making API requests. By default
auth_type="api_key" based authentication is performed and the API key (see api_user_key_file) in your config file will be used. If this 'auth_type' module option is not specified, the value of the OCI_ANSIBLE_AUTH_TYPE, if any, is used. Use auth_type="instance_principal" to use instance principal based authentication when running ansible playbooks within an OCI compute instance. |
|
cert_bundle
string
|
The full path to a CA certificate bundle to be used for SSL verification. This will override the default CA certificate bundle. If not set, then the value of the OCI_ANSIBLE_CERT_BUNDLE variable, if any, is used.
|
|
|
compartment_id
string
/ required
|
The OCID of the compartment.
|
|
|
config_file_location
string
|
Path to configuration file. If not set then the value of the OCI_CONFIG_FILE environment variable, if any, is used. Otherwise, defaults to ~/.oci/config.
|
|
|
config_profile_name
string
|
The profile to load from the config file referenced by
config_file_location. If not set, then the value of the OCI_CONFIG_PROFILE environment variable, if any, is used. Otherwise, defaults to the "DEFAULT" profile in config_file_location. |
|
|
end_time
string
/ required
|
Returns events that were processed before this end date and time, expressed in RFC 3339 timestamp format.
For example, a start value of `2017-01-01T00:00:00Z` and an end value of `2017-01-02T00:00:00Z` will retrieve a list of all events processed on January 1, 2017. Similarly, a start value of `2017-01-01T00:00:00Z` and an end value of `2017-02-01T00:00:00Z` will result in a list of all events processed between January 1, 2017 and January 31, 2017. You can specify a value with granularity to the minute. Seconds (and milliseconds, if included) must be set to `0`.
|
|
|
realm_specific_endpoint_template_enabled
boolean
|
|
Enable/Disable realm specific endpoint template for service client. By Default, realm specific endpoint template is disabled. If not set, then the value of the OCI_REALM_SPECIFIC_SERVICE_ENDPOINT_TEMPLATE_ENABLED variable, if any, is used.
|
|
region
string
|
The Oracle Cloud Infrastructure region to use for all OCI API requests. If not set, then the value of the OCI_REGION variable, if any, is used. This option is required if the region is not specified through a configuration file (See
config_file_location). Please refer to https://docs.us-phoenix-1.oraclecloud.com/Content/General/Concepts/regions.htm for more information on OCI regions. |
|
|
start_time
string
/ required
|
Returns events that were processed at or after this start date and time, expressed in RFC 3339 timestamp format.
For example, a start value of `2017-01-15T11:30:00Z` will retrieve a list of all events processed since 30 minutes after the 11th hour of January 15, 2017, in Coordinated Universal Time (UTC). You can specify a value with granularity to the minute. Seconds (and milliseconds, if included) must be set to `0`.
|
|
|
tenancy
string
|
OCID of your tenancy. If not set, then the value of the OCI_TENANCY variable, if any, is used. This option is required if the tenancy OCID is not specified through a configuration file (See
config_file_location). To get the tenancy OCID, please refer https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm |
Notes¶
Note
For OCI python sdk configuration, please refer to https://oracle-cloud-infrastructure-python-sdk.readthedocs.io/en/latest/configuration.html
Examples¶
- name: List audit_events
oci_audit_event_facts:
# required
compartment_id: "ocid1.compartment.oc1..xxxxxxEXAMPLExxxxxx"
start_time: 2013-10-20T19:20:30+01:00
end_time: 2013-10-20T19:20:30+01:00
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description | |||
|---|---|---|---|---|---|
|
audit_events
complex
|
on success |
List of AuditEvent resources
Sample:
[{'cloud_events_version': 'cloud_events_version_example', 'content_type': 'content_type_example', 'data': {'additional_details': {}, 'availability_domain': 'Uocm:PHX-AD-1', 'compartment_id': 'ocid1.compartment.oc1..xxxxxxEXAMPLExxxxxx', 'compartment_name': 'compartment_name_example', 'defined_tags': {'Operations': {'CostCenter': 'US'}}, 'event_grouping_id': 'ocid1.eventgrouping.oc1..xxxxxxEXAMPLExxxxxx', 'event_name': 'event_name_example', 'freeform_tags': {'Department': 'Finance'}, 'identity': {'auth_type': 'auth_type_example', 'caller_id': 'ocid1.caller.oc1..xxxxxxEXAMPLExxxxxx', 'caller_name': 'caller_name_example', 'console_session_id': 'ocid1.consolesession.oc1..xxxxxxEXAMPLExxxxxx', 'credentials': 'credentials_example', 'ip_address': 'ip_address_example', 'principal_id': 'ocid1.principal.oc1..xxxxxxEXAMPLExxxxxx', 'principal_name': 'principal_name_example', 'tenant_id': 'ocid1.tenant.oc1..xxxxxxEXAMPLExxxxxx', 'user_agent': 'user_agent_example'}, 'request': {'action': 'action_example', 'headers': {}, 'id': 'ocid1.resource.oc1..xxxxxxEXAMPLExxxxxx', 'parameters': {}, 'path': 'path_example'}, 'resource_id': 'ocid1.resource.oc1..xxxxxxEXAMPLExxxxxx', 'resource_name': 'resource_name_example', 'response': {'headers': {}, 'message': 'message_example', 'payload': {}, 'response_time': '2013-10-20T19:20:30+01:00', 'status': 'status_example'}, 'state_change': {'current': {}, 'previous': {}}}, 'event_id': 'ocid1.event.oc1..xxxxxxEXAMPLExxxxxx', 'event_time': '2013-10-20T19:20:30+01:00', 'event_type': 'event_type_example', 'event_type_version': 'event_type_version_example', 'source': 'source_example'}]
|
|||
|
cloud_events_version
string
|
on success |
The version of the CloudEvents specification. The structure of the envelope follows the CloudEvents industry standard format hosted by the L(Cloud Native Computing Foundation ( CNCF),https://www.cncf.io/).
Audit uses version 0.1 specification of the CloudEvents event envelope.
Example: `0.1`
Sample:
cloud_events_version_example
|
|||
|
content_type
string
|
on success |
The content type of the data contained in `data`.
Example: `application/json`
Sample:
content_type_example
|
|||
|
data
complex
|
on success |
|
|||
|
additional_details
dictionary
|
on success |
A container object for attribues unique to the resource emitting the event.
Example:
" -----
{
\"imageId\": \"ocid1.image.oc1.phx.<unique_ID>\",
\"shape\": \"VM.Standard1.1\",
\"type\": \"CustomerVmi\"
}
-----"
|
|||
|
availability_domain
string
|
on success |
The availability domain where the resource resides.
Sample:
Uocm:PHX-AD-1
|
|||
|
compartment_id
string
|
on success |
The OCID of the compartment of the resource emitting the event.
Sample:
ocid1.compartment.oc1..xxxxxxEXAMPLExxxxxx
|
|||
|
compartment_name
string
|
on success |
The name of the compartment. This value is the friendly name associated with compartmentId. This value can change, but the service logs the value that appeared at the time of the audit event.
Example: `CompartmentA`
Sample:
compartment_name_example
|
|||
|
defined_tags
dictionary
|
on success |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags.
Example: `{"Operations": {"CostCenter": "42"}}`
Sample:
{'Operations': {'CostCenter': 'US'}}
|
|||
|
event_grouping_id
string
|
on success |
This value links multiple audit events that are part of the same API operation. For example, a long running API operations that emit an event at the start and the end of an operation would use the same value in this field for both events.
Sample:
ocid1.eventgrouping.oc1..xxxxxxEXAMPLExxxxxx
|
|||
|
event_name
string
|
on success |
Name of the API operation that generated this event.
Example: `GetInstance`
Sample:
event_name_example
|
|||
|
freeform_tags
dictionary
|
on success |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. Exists for cross-compatibility only. For more information, see Resource Tags.
Example: `{"Department": "Finance"}`
Sample:
{'Department': 'Finance'}
|
|||
|
identity
complex
|
on success |
|
|||
|
auth_type
string
|
on success |
The type of authentication used.
Example: `natv`
Sample:
auth_type_example
|
|||
|
caller_id
string
|
on success |
The OCID of the caller. The caller that made a request on behalf of the prinicpal.
Sample:
ocid1.caller.oc1..xxxxxxEXAMPLExxxxxx
|
|||
|
caller_name
string
|
on success |
The name of the user or service. This value is the friendly name associated with `callerId`.
Sample:
caller_name_example
|
|||
|
console_session_id
string
|
on success |
This value identifies any Console session associated with this request.
Sample:
ocid1.consolesession.oc1..xxxxxxEXAMPLExxxxxx
|
|||
|
credentials
string
|
on success |
The credential ID of the user. This value is extracted from the HTTP 'Authorization' request header. It consists of the tenantId, userId, and user fingerprint, all delimited by a slash (/).
Sample:
credentials_example
|
|||
|
ip_address
string
|
on success |
The IP address of the source of the request.
Example: `172.24.80.88`
Sample:
ip_address_example
|
|||
|
principal_id
string
|
on success |
The OCID of the principal.
Sample:
ocid1.principal.oc1..xxxxxxEXAMPLExxxxxx
|
|||
|
principal_name
string
|
on success |
The name of the user or service. This value is the friendly name associated with `principalId`.
Example: `ExampleName`
Sample:
principal_name_example
|
|||
|
tenant_id
string
|
on success |
The OCID of the tenant.
Sample:
ocid1.tenant.oc1..xxxxxxEXAMPLExxxxxx
|
|||
|
user_agent
string
|
on success |
The user agent of the client that made the request.
Example: `Jersey/2.23 (HttpUrlConnection 1.8.0_212)`
Sample:
user_agent_example
|
|||
|
request
complex
|
on success |
|
|||
|
action
string
|
on success |
The HTTP method of the request.
Example: `GET`
Sample:
action_example
|
|||
|
headers
dictionary
|
on success |
The HTTP header fields and values in the request.
Example:
" -----
{
\"opc-principal\": [
\"{\\\"tenantId\\\":\\\"ocid1.tenancy.oc1..<unique_ID>\\\",\\\"subjectId\\\":\\\"ocid1.user.oc1.
.<unique_ID>\\\",\\\"claims\\\":[{\\\"key\\\":\\\"pstype\\\",\\\"value\\\":\\\"natv\\ ",\\\"issuer\\\":\\\"authService.oracle.com\\\"},{\\\"key\\\":\\\"h_host\\\",\\\"value\\
\":\\\"iaas.r2.oracleiaas.com\\\",\\\"issuer\\\":\\\"h\\\"},{\\\"key\\\":\\\"h_opc-
request-id\\\",\\\"value\\\":\\\"<unique_ID>\\\",\\\"issuer\\\":\\\"h\\\"},{\\\"key\\ ":\\\"ptype\\\",\\\"value\\\":\\\"user\\\",\\\"issuer\\\":\\\"authService.oracle.com\\\
"},{\\\"key\\\":\\\"h_date\\\",\\\"value\\\":\\\"Wed, 18 Sep 2019 00:10:58 UTC\\\",\\\"issu
er\\\":\\\"h\\\"},{\\\"key\\\":\\\"h_accept\\\",\\\"value\\\":\\\"application/json\\\
",\\\"issuer\\\":\\\"h\\\"},{\\\"key\\\":\\\"authorization\\\",\\\"value\\\":\\\"Sign
ature headers=\\\\\\\"date (request-target) host accept opc-request-id\\\\\\\",keyId=\\\\\\\"ocid
1.tenancy.oc1..<unique_ID>/ocid1.user.oc1..<unique_ID>/8c:b4:5f:18:e7:ec:db:08:b8:fa:d2:2a:7d:11:76:ac\\\\\\\",
algorithm=\\\\\\\"rsa-pss-sha256\\\\\\\",signature=\\\\\\\"<unique_ID>\\\\\\\",version=\ \\\\\"1\\\\\\\"\\\",\\\"issuer\\\":\\\"h\\\"},{\\\"key\\\":\\\"h_(request-
target)\\\",\\\"value\\\":\\\"get
/20160918/instances/ocid1.instance.oc1.phx.<unique_ID>\\\",\\\"issuer\\\":\\\"h\\\"}]}\"
],
\"Accept\": [
\"application/json\"
],
\"X-Oracle-Auth-Client-CN\": [
\"splat-proxy-se-02302.node.ad2.r2\"
],
\"X-Forwarded-Host\": [
\"compute-api.svc.ad1.r2\"
],
\"Connection\": [
\"close\"
],
\"User-Agent\": [
\"Jersey/2.23 (HttpUrlConnection 1.8.0_212)\"
],
\"X-Forwarded-For\": [
\"172.24.80.88\"
],
\"X-Real-IP\": [
\"172.24.80.88\"
],
\"oci-original-url\": [
\"https://iaas.r2.oracleiaas.com/20160918/instances/ocid1.instance.oc1.phx.<unique_ID>\"
],
\"opc-request-id\": [
\"<unique_ID>\"
],
\"Date\": [
\"Wed, 18 Sep 2019 00:10:58 UTC\"
]
}
-----"
|
|||
|
id
string
|
on success |
The opc-request-id of the request.
Sample:
ocid1.resource.oc1..xxxxxxEXAMPLExxxxxx
|
|||
|
parameters
dictionary
|
on success |
The parameters supplied by the caller during this operation.
|
|||
|
path
string
|
on success |
The full path of the API request.
Example: `/20160918/instances/ocid1.instance.oc1.phx.<unique_ID>`
Sample:
path_example
|
|||
|
resource_id
string
|
on success |
An OCID or some other ID for the resource emitting the event.
Sample:
ocid1.resource.oc1..xxxxxxEXAMPLExxxxxx
|
|||
|
resource_name
string
|
on success |
The name of the resource emitting the event.
Sample:
resource_name_example
|
|||
|
response
complex
|
on success |
|
|||
|
headers
dictionary
|
on success |
The headers of the response.
Example:
" -----
{
\"ETag\": [
\"<unique_ID>\"
],
\"Connection\": [
\"close\"
],
\"Content-Length\": [
\"1828\"
],
\"opc-request-id\": [
\"<unique_ID>\"
],
\"Date\": [
\"Wed, 18 Sep 2019 00:10:59 GMT\"
],
\"Content-Type\": [
\"application/json\"
]
}
-----"
|
|||
|
message
string
|
on success |
A friendly description of what happened during the operation. Use this for troubleshooting.
Sample:
message_example
|
|||
|
payload
dictionary
|
on success |
This value is included for backward compatibility with the Audit version 1 schema, where it contained metadata of interest from the response payload.
Example:
" -----
{
\"resourceName\": \"my_instance\",
\"id\": \"ocid1.instance.oc1.phx.<unique_ID>\"
}
-----"
|
|||
|
response_time
string
|
on success |
The time of the response to the audited request, expressed in RFC 3339 timestamp format.
Example: `2019-09-18T00:10:59.278Z`
Sample:
2013-10-20T19:20:30+01:00
|
|||
|
status
string
|
on success |
The status code of the response.
Example: `200`
Sample:
status_example
|
|||
|
state_change
complex
|
on success |
|
|||
|
current
dictionary
|
on success |
Provides the current state of fields that may have changed during an operation. To determine how the current operation changed a resource, compare the information in this attribute to `previous`.
|
|||
|
previous
dictionary
|
on success |
Provides the previous state of fields that may have changed during an operation. To determine how the current operation changed a resource, compare the information in this attribute to `current`.
|
|||
|
event_id
string
|
on success |
The GUID of the event.
Sample:
ocid1.event.oc1..xxxxxxEXAMPLExxxxxx
|
|||
|
event_time
string
|
on success |
The time the event occurred, expressed in RFC 3339 timestamp format.
Example: `2019-09-18T00:10:59.252Z`
Sample:
2013-10-20T19:20:30+01:00
|
|||
|
event_type
string
|
on success |
The type of event that happened.
The service that produces the event can also add, remove, or change the meaning of a field. A service implementing these type changes would publish a new version of an `eventType` and revise the `eventTypeVersion` field.
Example: `com.oraclecloud.ComputeApi.GetInstance`
Sample:
event_type_example
|
|||
|
event_type_version
string
|
on success |
The version of the event type. This version applies to the payload of the event, not the envelope. Use `cloudEventsVersion` to determine the version of the envelope.
Example: `2.0`
Sample:
event_type_version_example
|
|||
|
source
string
|
on success |
The source of the event.
Example: `ComputeApi`
Sample:
source_example
|
|||
Authors¶
Oracle (@oracle)