The orm-jobs resource type can use the following variables.
Variable
Variable Type
Comments
target.job.operation
String
Use this variable to control access for running specified job types. For example, to limit access to PLAN and APPLY jobs, use the following phrase: where any {target.job.operation = 'PLAN', target.job.operation = 'APPLY'}
target.stack.id
String
Use this variable to limit access to specified stacks. For example, use the following phrase: where any {target.stack.id = ocid1.ormstack.uniqueid1, target.stack.id = ocid1.ormstack.uniqueid2}
Details for Verb + Resource-Type Combinations 🔗
The following tables show the permissions and API operations covered by each verb. The level of access is cumulative as you go from inspect > read > use > manage. For example, a group that can use a resource can also inspect and read that resource. A plus sign (+) in a table cell indicates incremental access compared to the cell directly above it, whereas "no extra" indicates no incremental access..
CreateStack (unless using configuration source providers)
UpdateStack
ChangeStackCompartment
DeleteStack
DetectStateDrift
ListTerraformVersions
CreateStack: When creating stacks that use configuration source providers (configSourceType value GIT_CONFIG_SOURCE), also need read orm-config-source-providers