auth-token

Description

The auth token is associated with the user’s Console login. Auth tokens never expire. A user can have up to two auth tokens at a time.

Note: The token is always an Oracle-generated string; you can’t change it to a string of your choice.

For more information, see Managing User Credentials <https://docs.cloud.oracle.com/Content/Identity/access/managing-user-credentials.htm>.

Available Commands

create

Description

You must specify a description for the auth token (although it can be an empty string). It does not have to be unique, and you can change it anytime with UpdateAuthToken <https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/auth-token/update.html>.

Every user has permission to create an auth token for their own user ID. An administrator in your organization does not need to write a policy to give users this ability. To compare, administrators who have permission to the tenancy can use this operation to create an auth token for any user, including themselves.

Usage

oci iam auth-token create [OPTIONS]

Required Parameters

The description you assign to the auth token during creation. Does not have to be unique, and it’s changeable.

(For tenancies that support identity domains) You can have an empty description.

The OCID of the user.

Optional Parameters

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export description=<substitute-value-of-description> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/user/create.html#cmdoption-description
    export name=<substitute-value-of-name> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/user/create.html#cmdoption-name
    user_id=$(oci iam user create --description $description --name $name --query data.id --raw-output)
    oci iam auth-token create --description $description --user-id $user_id

delete

Description

Usage

oci iam auth-token delete [OPTIONS]

Required Parameters

The OCID of the auth token.

The OCID of the user.

Optional Parameters

Perform deletion without prompting for confirmation.

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

For optimistic concurrency control. In the PUT or DELETE call for a resource, set the if-match parameter to the value of the etag from a previous GET or POST response for that resource. The resource will be updated or deleted only if the etag you provide matches the resource’s current etag value.

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export description=<substitute-value-of-description> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/user/create.html#cmdoption-description
    export name=<substitute-value-of-name> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/user/create.html#cmdoption-name
    user_id=$(oci iam user create --description $description --name $name --query data.id --raw-output)
    auth_token_id=$(oci iam auth-token create --description $description --user-id $user_id --query data.id --raw-output)
    oci iam auth-token delete --auth-token-id $auth_token_id --user-id $user_id

list

Description

Usage

oci iam auth-token list [OPTIONS]

Required Parameters

The OCID of the user.

Optional Parameters

Fetches all pages of results.

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export description=<substitute-value-of-description> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/user/create.html#cmdoption-description
    export name=<substitute-value-of-name> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/user/create.html#cmdoption-name
    user_id=$(oci iam user create --description $description --name $name --query data.id --raw-output)
    oci iam auth-token list --user-id $user_id

update

Description

Usage

oci iam auth-token update [OPTIONS]

Required Parameters

The OCID of the auth token.

The OCID of the user.

Optional Parameters

The description you assign to the auth token. Does not have to be unique, and it’s changeable.

(For tenancies that support identity domains) You can have an empty description.

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

For optimistic concurrency control. In the PUT or DELETE call for a resource, set the if-match parameter to the value of the etag from a previous GET or POST response for that resource. The resource will be updated or deleted only if the etag you provide matches the resource’s current etag value.

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export description=<substitute-value-of-description> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/user/create.html#cmdoption-description
    export name=<substitute-value-of-name> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/user/create.html#cmdoption-name
    user_id=$(oci iam user create --description $description --name $name --query data.id --raw-output)
    auth_token_id=$(oci iam auth-token create --description $description --user-id $user_id --query data.id --raw-output)
    oci iam auth-token update --auth-token-id $auth_token_id --user-id $user_id

authentication-policy

Description

Available Commands

get

Description

Usage

oci iam authentication-policy get [OPTIONS]

Required Parameters

The OCID of the compartment.

Optional Parameters

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export compartment_id=<substitute-value-of-compartment_id> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/authentication-policy/get.html#cmdoption-compartment-id
    oci iam authentication-policy get --compartment-id $compartment_id

update

Description

Usage

oci iam authentication-policy update [OPTIONS]

Required Parameters

The OCID of the compartment.

Optional Parameters

Perform update without prompting for confirmation.

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

For optimistic concurrency control. In the PUT or DELETE call for a resource, set the if-match parameter to the value of the etag from a previous GET or POST response for that resource. The resource will be updated or deleted only if the etag you provide matches the resource’s current etag value.

This is a complex type whose value must be valid JSON. The value can be provided as a string on the command line or passed in as a file using the file://path/to/file syntax.

The --generate-param-json-input option can be used to generate an example of the JSON which must be provided. We recommend storing this example in a file, modifying it as needed and then passing it back in via the file:// syntax.

This is a complex type whose value must be valid JSON. The value can be provided as a string on the command line or passed in as a file using the file://path/to/file syntax.

The --generate-param-json-input option can be used to generate an example of the JSON which must be provided. We recommend storing this example in a file, modifying it as needed and then passing it back in via the file:// syntax.

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export compartment_id=<substitute-value-of-compartment_id> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/authentication-policy/update.html#cmdoption-compartment-id
    oci iam authentication-policy update --compartment-id $compartment_id

availability-domain

Description

Available Commands

list

Description

Usage

oci iam availability-domain list [OPTIONS]

Optional Parameters

Fetches all pages of results.

The OCID of the compartment (remember that the tenancy is simply the root compartment). If not provided, this parameter will use the tenancy’s OCID (root compartment’s OCID) from the config file.

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    oci iam availability-domain list

bulk-action-resource-type-collection

Description

Available Commands

list

Description

Usage

oci iam bulk-action-resource-type-collection list [OPTIONS]

Required Parameters

The type of bulk action.

Accepted values are:

BULK_DELETE_RESOURCES, BULK_MOVE_RESOURCES

Optional Parameters

Fetches all pages of results. If you provide this option, then you cannot provide the --limit option.

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

The maximum number of items to return in a paginated “List” call.

The value of the opc-next-page response header from the previous “List” call.

When fetching results, the number of results to fetch per call. Only valid when used with --all or --limit, and ignored otherwise.

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export bulk_action_type=<substitute-value-of-bulk_action_type> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/bulk-action-resource-type-collection/list.html#cmdoption-bulk-action-type
    oci iam bulk-action-resource-type-collection list --bulk-action-type $bulk_action_type

compartment

Description

To place a resource in a compartment, simply specify the compartment ID in the “Create” request object when initially creating the resource. For example, to launch an instance into a particular compartment, specify that compartment’s OCID in the LaunchInstance request. You can’t move an existing resource from one compartment to another.

To use any of the API operations, you must be authorized in an IAM policy. If you’re not authorized, talk to an administrator. If you’re an administrator who needs to write policies to give users access, see Get Started with Policies <https://docs.cloud.oracle.com/Content/Identity/policiesgs/get-started-with-policies.htm>.

Warning: Oracle recommends that you avoid using any confidential information when you supply string values using the API.

Available Commands

bulk-delete-resources

Description

Usage

oci iam compartment bulk-delete-resources [OPTIONS]

Required Parameters

The OCID of the compartment.

The resources to be deleted. This is a complex type whose value must be valid JSON. The value can be provided as a string on the command line or passed in as a file using the file://path/to/file syntax.

The --generate-param-json-input option can be used to generate an example of the JSON which must be provided. We recommend storing this example in a file, modifying it as needed and then passing it back in via the file:// syntax.

Optional Parameters

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

The maximum time to wait for the work request to reach the state defined by --wait-for-state. Defaults to 1200 seconds.

This operation asynchronously creates, modifies or deletes a resource and uses a work request to track the progress of the operation. Specify this option to perform the action and then wait until the work request reaches a certain state. Multiple states can be specified, returning on the first state. For example, --wait-for-state SUCCEEDED --wait-for-state FAILED would return on whichever lifecycle state is reached first. If timeout is reached, a return code of 2 is returned. For any other error, a return code of 1 is returned.

Accepted values are:

ACCEPTED, CANCELED, CANCELING, FAILED, IN_PROGRESS, SUCCEEDED

Check every --wait-interval-seconds to see whether the work request to see if it has reached the state defined by --wait-for-state. Defaults to 30 seconds.

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

    oci iam compartment bulk-delete-resources --generate-param-json-input resources > resources.json

Copy the following CLI commands into a file named example.sh. Run the command by typing “bash example.sh” and replacing the example parameters with your own.

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export compartment_id=<substitute-value-of-compartment_id> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/compartment/bulk-delete-resources.html#cmdoption-compartment-id
    oci iam compartment bulk-delete-resources --compartment-id $compartment_id --resources file://resources.json

bulk-move-resources

Description

Usage

oci iam compartment bulk-move-resources [OPTIONS]

Required Parameters

The OCID of the compartment.

The resources to be moved. This is a complex type whose value must be valid JSON. The value can be provided as a string on the command line or passed in as a file using the file://path/to/file syntax.

The --generate-param-json-input option can be used to generate an example of the JSON which must be provided. We recommend storing this example in a file, modifying it as needed and then passing it back in via the file:// syntax.

The OCID <https://docs.cloud.oracle.com/Content/General/Concepts/identifiers.htm> of the destination compartment into which to move the resources.

Optional Parameters

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

The maximum time to wait for the work request to reach the state defined by --wait-for-state. Defaults to 1200 seconds.

This operation asynchronously creates, modifies or deletes a resource and uses a work request to track the progress of the operation. Specify this option to perform the action and then wait until the work request reaches a certain state. Multiple states can be specified, returning on the first state. For example, --wait-for-state SUCCEEDED --wait-for-state FAILED would return on whichever lifecycle state is reached first. If timeout is reached, a return code of 2 is returned. For any other error, a return code of 1 is returned.

Accepted values are:

ACCEPTED, CANCELED, CANCELING, FAILED, IN_PROGRESS, SUCCEEDED

Check every --wait-interval-seconds to see whether the work request to see if it has reached the state defined by --wait-for-state. Defaults to 30 seconds.

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

    oci iam compartment bulk-move-resources --generate-param-json-input resources > resources.json

Copy the following CLI commands into a file named example.sh. Run the command by typing “bash example.sh” and replacing the example parameters with your own.

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export compartment_id=<substitute-value-of-compartment_id> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/compartment/bulk-move-resources.html#cmdoption-compartment-id
    export target_compartment_id=<substitute-value-of-target_compartment_id> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/compartment/bulk-move-resources.html#cmdoption-target-compartment-id
    oci iam compartment bulk-move-resources --compartment-id $compartment_id --resources file://resources.json --target-compartment-id $target_compartment_id

create

Description

Specify the parent compartment’s OCID as the compartment ID in the request object. Remember that the tenancy is simply the root compartment. For information about OCIDs, see Resource Identifiers <https://docs.cloud.oracle.com/Content/General/Concepts/identifiers.htm>.

You must also specify a name for the compartment, which must be unique across all compartments in your tenancy. You can use this name or the OCID when writing policies that apply to the compartment. For more information about policies, see How Policies Work <https://docs.cloud.oracle.com/Content/Identity/policieshow/how-policies-work.htm>.

You must also specify a description for the compartment (although it can be an empty string). It does not have to be unique, and you can change it anytime with UpdateCompartment <https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/compartment/update.html>.

After you send your request, the new object’s lifecycleState will temporarily be CREATING. Before using the object, first make sure its lifecycleState has changed to ACTIVE.

Usage

oci iam compartment create [OPTIONS]

Required Parameters

The OCID of the parent compartment containing the compartment.

The description you assign to the compartment during creation. Does not have to be unique, and it’s changeable.

The name you assign to the compartment during creation. The name must be unique across all compartments in the parent compartment. Avoid entering confidential information.

Optional Parameters

Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags <https://docs.cloud.oracle.com/Content/General/Concepts/resourcetags.htm>. Example: {“Operations”: {“CostCenter”: “42”}} This is a complex type whose value must be valid JSON. The value can be provided as a string on the command line or passed in as a file using the file://path/to/file syntax.

The --generate-param-json-input option can be used to generate an example of the JSON which must be provided. We recommend storing this example in a file, modifying it as needed and then passing it back in via the file:// syntax.

Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags <https://docs.cloud.oracle.com/Content/General/Concepts/resourcetags.htm>. Example: {“Department”: “Finance”} This is a complex type whose value must be valid JSON. The value can be provided as a string on the command line or passed in as a file using the file://path/to/file syntax.

The --generate-param-json-input option can be used to generate an example of the JSON which must be provided. We recommend storing this example in a file, modifying it as needed and then passing it back in via the file:// syntax.

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

The maximum time to wait for the resource to reach the lifecycle state defined by --wait-for-state. Defaults to 1200 seconds.

This operation creates, modifies or deletes a resource that has a defined lifecycle state. Specify this option to perform the action and then wait until the resource reaches a given lifecycle state. Multiple states can be specified, returning on the first state. For example, --wait-for-state SUCCEEDED --wait-for-state FAILED would return on whichever lifecycle state is reached first. If timeout is reached, a return code of 2 is returned. For any other error, a return code of 1 is returned.

Accepted values are:

ACTIVE, CREATING, DELETED, DELETING, INACTIVE

Check every --wait-interval-seconds to see whether the resource to see if it has reached the lifecycle state defined by --wait-for-state. Defaults to 30 seconds.

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

delete

Description

Usage

oci iam compartment delete [OPTIONS]

Required Parameters

The OCID of the compartment.

Optional Parameters

Perform deletion without prompting for confirmation.

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

For optimistic concurrency control. In the PUT or DELETE call for a resource, set the if-match parameter to the value of the etag from a previous GET or POST response for that resource. The resource will be updated or deleted only if the etag you provide matches the resource’s current etag value.

The maximum time to wait for the work request to reach the state defined by --wait-for-state. Defaults to 1200 seconds.

This operation asynchronously creates, modifies or deletes a resource and uses a work request to track the progress of the operation. Specify this option to perform the action and then wait until the work request reaches a certain state. Multiple states can be specified, returning on the first state. For example, --wait-for-state SUCCEEDED --wait-for-state FAILED would return on whichever lifecycle state is reached first. If timeout is reached, a return code of 2 is returned. For any other error, a return code of 1 is returned.

Accepted values are:

ACCEPTED, CANCELED, CANCELING, FAILED, IN_PROGRESS, SUCCEEDED

Check every --wait-interval-seconds to see whether the work request to see if it has reached the state defined by --wait-for-state. Defaults to 30 seconds.

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export compartment_id=<substitute-value-of-compartment_id> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/compartment/delete.html#cmdoption-compartment-id
    oci iam compartment delete --compartment-id $compartment_id

get

Description

This operation does not return a list of all the resources inside the compartment. There is no single API operation that does that. Compartments can contain multiple types of resources (instances, block storage volumes, etc.). To find out what’s in a compartment, you must call the “List” operation for each resource type and specify the compartment’s OCID as a query parameter in the request. For example, call the ListInstances <https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/compute/instance/list.html> operation in the Cloud Compute Service or the ListVolumes <https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/bv/volume/list.html> operation in Cloud Block Storage.

Usage

oci iam compartment get [OPTIONS]

Required Parameters

The OCID of the compartment.

Optional Parameters

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export compartment_id=<substitute-value-of-compartment_id> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/compartment/get.html#cmdoption-compartment-id
    oci iam compartment get --compartment-id $compartment_id

list

Description

With the exception of the tenancy (root compartment), the ListCompartments operation returns only the first-level child compartments in the parent compartment specified in compartmentId. The list does not include any subcompartments of the child compartments (grandchildren).

The parameter accessLevel specifies whether to return only those compartments for which the requestor has INSPECT permissions on at least one resource directly or indirectly (the resource can be in a subcompartment).

The parameter compartmentIdInSubtree applies only when you perform ListCompartments on the tenancy (root compartment). When set to true, the entire hierarchy of compartments can be returned. To get a full list of all compartments and subcompartments in the tenancy (root compartment), set the parameter compartmentIdInSubtree to true and accessLevel to ANY.

See Where to Get the Tenancy’s OCID and User’s OCID <https://docs.cloud.oracle.com/Content/API/Concepts/apisigningkey.htm#five>.

Usage

oci iam compartment list [OPTIONS]

Optional Parameters

Valid values are ANY and ACCESSIBLE. Default is ANY. Setting this to ACCESSIBLE returns only those compartments for which the user has INSPECT permissions directly or indirectly (permissions can be on a resource in a subcompartment). For the compartments on which the user indirectly has INSPECT permissions, a restricted set of fields is returned.

When set to ANY permissions are not checked.

Accepted values are:

ACCESSIBLE, ANY

Fetches all pages of results. If you provide this option, then you cannot provide the --limit option.

The OCID of the compartment (remember that the tenancy is simply the root compartment). If not provided, this parameter will use the tenancy’s OCID (root compartment’s OCID) from the config file.

Default is false. Can only be set to true when performing ListCompartments on the tenancy (root compartment). When set to true, the hierarchy of compartments is traversed and all compartments and subcompartments in the tenancy are returned depending on the the setting of accessLevel.

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

A filter to only return resources that match the given lifecycle state. The state value is case-insensitive.

Accepted values are:

ACTIVE, CREATING, DELETED, DELETING, INACTIVE

The maximum number of items to return in a paginated “List” call.

A filter to only return resources that match the given name exactly.

The value of the opc-next-page response header from the previous “List” call.

When fetching results, the number of results to fetch per call. Only valid when used with --all or --limit, and ignored otherwise.

The field to sort by. You can provide one sort order (sortOrder). Default order for TIMECREATED is descending. Default order for NAME is ascending. The NAME sort order is case sensitive.

Note: In general, some “List” operations (for example, ListInstances) let you optionally filter by Availability Domain if the scope of the resource type is within a single Availability Domain. If you call one of these “List” operations without specifying an Availability Domain, the resources are grouped by Availability Domain, then sorted.

Accepted values are:

NAME, TIMECREATED

The sort order to use, either ascending (ASC) or descending (DESC). The NAME sort order is case sensitive.

Accepted values are:

ASC, DESC

Include root compartment

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    oci iam compartment list

move

Description

IMPORTANT: After you move a compartment to a new parent compartment, the access policies of the new parent take effect and the policies of the previous parent no longer apply. Ensure that you are aware of the implications for the compartment contents before you move it. For more information, see Moving a Compartment <https://docs.cloud.oracle.com/Content/Identity/compartments/managingcompartments.htm#MoveCompartment>.

Usage

oci iam compartment move [OPTIONS]

Required Parameters

The OCID of the compartment.

The OCID <https://docs.cloud.oracle.com/Content/General/Concepts/identifiers.htm> of the destination compartment into which to move the compartment.

Optional Parameters

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

For optimistic concurrency control. In the PUT or DELETE call for a resource, set the if-match parameter to the value of the etag from a previous GET or POST response for that resource. The resource will be updated or deleted only if the etag you provide matches the resource’s current etag value.

The maximum time to wait for the work request to reach the state defined by --wait-for-state. Defaults to 1200 seconds.

This operation asynchronously creates, modifies or deletes a resource and uses a work request to track the progress of the operation. Specify this option to perform the action and then wait until the work request reaches a certain state. Multiple states can be specified, returning on the first state. For example, --wait-for-state SUCCEEDED --wait-for-state FAILED would return on whichever lifecycle state is reached first. If timeout is reached, a return code of 2 is returned. For any other error, a return code of 1 is returned.

Accepted values are:

ACCEPTED, CANCELED, CANCELING, FAILED, IN_PROGRESS, SUCCEEDED

Check every --wait-interval-seconds to see whether the work request to see if it has reached the state defined by --wait-for-state. Defaults to 30 seconds.

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export compartment_id=<substitute-value-of-compartment_id> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/compartment/move.html#cmdoption-compartment-id
    export target_compartment_id=<substitute-value-of-target_compartment_id> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/compartment/move.html#cmdoption-target-compartment-id
    oci iam compartment move --compartment-id $compartment_id --target-compartment-id $target_compartment_id

recover

Description

Usage

oci iam compartment recover [OPTIONS]

Required Parameters

The OCID of the compartment.

Optional Parameters

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

For optimistic concurrency control. In the PUT or DELETE call for a resource, set the if-match parameter to the value of the etag from a previous GET or POST response for that resource. The resource will be updated or deleted only if the etag you provide matches the resource’s current etag value.

The maximum time to wait for the resource to reach the lifecycle state defined by --wait-for-state. Defaults to 1200 seconds.

This operation creates, modifies or deletes a resource that has a defined lifecycle state. Specify this option to perform the action and then wait until the resource reaches a given lifecycle state. Multiple states can be specified, returning on the first state. For example, --wait-for-state SUCCEEDED --wait-for-state FAILED would return on whichever lifecycle state is reached first. If timeout is reached, a return code of 2 is returned. For any other error, a return code of 1 is returned.

Accepted values are:

ACTIVE, CREATING, DELETED, DELETING, INACTIVE

Check every --wait-interval-seconds to see whether the resource to see if it has reached the lifecycle state defined by --wait-for-state. Defaults to 30 seconds.

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export compartment_id=<substitute-value-of-compartment_id> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/compartment/recover.html#cmdoption-compartment-id
    oci iam compartment recover --compartment-id $compartment_id

update

Description

Usage

oci iam compartment update [OPTIONS]

Required Parameters

The OCID of the compartment.

Optional Parameters

Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags <https://docs.cloud.oracle.com/Content/General/Concepts/resourcetags.htm>. Example: {“Operations”: {“CostCenter”: “42”}} This is a complex type whose value must be valid JSON. The value can be provided as a string on the command line or passed in as a file using the file://path/to/file syntax.

The --generate-param-json-input option can be used to generate an example of the JSON which must be provided. We recommend storing this example in a file, modifying it as needed and then passing it back in via the file:// syntax.

The description you assign to the compartment. Does not have to be unique, and it’s changeable.

Perform update without prompting for confirmation.

Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags <https://docs.cloud.oracle.com/Content/General/Concepts/resourcetags.htm>. Example: {“Department”: “Finance”} This is a complex type whose value must be valid JSON. The value can be provided as a string on the command line or passed in as a file using the file://path/to/file syntax.

The --generate-param-json-input option can be used to generate an example of the JSON which must be provided. We recommend storing this example in a file, modifying it as needed and then passing it back in via the file:// syntax.

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

For optimistic concurrency control. In the PUT or DELETE call for a resource, set the if-match parameter to the value of the etag from a previous GET or POST response for that resource. The resource will be updated or deleted only if the etag you provide matches the resource’s current etag value.

The maximum time to wait for the resource to reach the lifecycle state defined by --wait-for-state. Defaults to 1200 seconds.

The new name you assign to the compartment. The name must be unique across all compartments in the parent compartment. Avoid entering confidential information.

This operation creates, modifies or deletes a resource that has a defined lifecycle state. Specify this option to perform the action and then wait until the resource reaches a given lifecycle state. Multiple states can be specified, returning on the first state. For example, --wait-for-state SUCCEEDED --wait-for-state FAILED would return on whichever lifecycle state is reached first. If timeout is reached, a return code of 2 is returned. For any other error, a return code of 1 is returned.

Accepted values are:

ACTIVE, CREATING, DELETED, DELETING, INACTIVE

Check every --wait-interval-seconds to see whether the resource to see if it has reached the lifecycle state defined by --wait-for-state. Defaults to 30 seconds.

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export compartment_id=<substitute-value-of-compartment_id> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/compartment/update.html#cmdoption-compartment-id
    oci iam compartment update --compartment-id $compartment_id

customer-secret-key

Description

Note: The secret key is always an Oracle-generated string; you can’t change it to a string of your choice.

For more information, see Managing User Credentials <https://docs.cloud.oracle.com/Content/Identity/access/managing-user-credentials.htm>.

Available Commands

create

Description

You must specify a description for the secret key (although it can be an empty string). It does not have to be unique, and you can change it anytime with UpdateCustomerSecretKey <https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/customer-secret-key/update.html>.

Every user has permission to create a secret key for their own user ID. An administrator in your organization does not need to write a policy to give users this ability. To compare, administrators who have permission to the tenancy can use this operation to create a secret key for any user, including themselves.

Usage

oci iam customer-secret-key create [OPTIONS]

Required Parameters

The name you assign to the secret key during creation. Does not have to be unique, and it’s changeable.

The OCID of the user.

Optional Parameters

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export description=<substitute-value-of-description> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/user/create.html#cmdoption-description
    export name=<substitute-value-of-name> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/user/create.html#cmdoption-name
    export display_name=<substitute-value-of-display_name> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/customer-secret-key/create.html#cmdoption-display-name
    user_id=$(oci iam user create --description $description --name $name --query data.id --raw-output)
    oci iam customer-secret-key create --display-name $display_name --user-id $user_id

delete

Description

Usage

oci iam customer-secret-key delete [OPTIONS]

Required Parameters

The access token of the secret key.

The OCID of the user.

Optional Parameters

Perform deletion without prompting for confirmation.

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

For optimistic concurrency control. In the PUT or DELETE call for a resource, set the if-match parameter to the value of the etag from a previous GET or POST response for that resource. The resource will be updated or deleted only if the etag you provide matches the resource’s current etag value.

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export description=<substitute-value-of-description> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/user/create.html#cmdoption-description
    export name=<substitute-value-of-name> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/user/create.html#cmdoption-name
    export display_name=<substitute-value-of-display_name> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/customer-secret-key/create.html#cmdoption-display-name
    user_id=$(oci iam user create --description $description --name $name --query data.id --raw-output)
    customer_secret_key_id=$(oci iam customer-secret-key create --display-name $display_name --user-id $user_id --query data.id --raw-output)
    oci iam customer-secret-key delete --customer-secret-key-id $customer_secret_key_id --user-id $user_id

list

Description

Usage

oci iam customer-secret-key list [OPTIONS]

Required Parameters

The OCID of the user.

Optional Parameters

Fetches all pages of results.

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export description=<substitute-value-of-description> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/user/create.html#cmdoption-description
    export name=<substitute-value-of-name> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/user/create.html#cmdoption-name
    user_id=$(oci iam user create --description $description --name $name --query data.id --raw-output)
    oci iam customer-secret-key list --user-id $user_id

update

Description

Usage

oci iam customer-secret-key update [OPTIONS]

Required Parameters

The access token of the secret key.

The OCID of the user.

Optional Parameters

The description you assign to the secret key. Does not have to be unique, and it’s changeable.

(For tenancies that support identity domains) You can have an empty description.

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

For optimistic concurrency control. In the PUT or DELETE call for a resource, set the if-match parameter to the value of the etag from a previous GET or POST response for that resource. The resource will be updated or deleted only if the etag you provide matches the resource’s current etag value.

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export description=<substitute-value-of-description> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/user/create.html#cmdoption-description
    export name=<substitute-value-of-name> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/user/create.html#cmdoption-name
    export display_name=<substitute-value-of-display_name> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/customer-secret-key/create.html#cmdoption-display-name
    user_id=$(oci iam user create --description $description --name $name --query data.id --raw-output)
    customer_secret_key_id=$(oci iam customer-secret-key create --display-name $display_name --user-id $user_id --query data.id --raw-output)
    oci iam customer-secret-key update --customer-secret-key-id $customer_secret_key_id --user-id $user_id

db-token

Description

Available Commands

get

Description

When running this command inside the Cloud Shell, it will by default use the delegation token for the IAM user to request the db-token. Outside of the cloud shell, this command will default to use the API-key in the default profile in the default OCI configuration.

In order to use a temporary security token, use –auth security-token. Instead of using the default (API-key), this will use the existing valid security token for the user. If one doesn’t exist, OCI CLI will open a browser window to allow the user to authenticate with IAM. For more detail, please visit https://docs.oracle.com/en-us/iaas/Content/API/Concepts/sdk_authentication_methods.htm

Usage

oci iam db-token get [OPTIONS]

Optional Parameters

Provide the directory where you would like to store token and private/public key. Default is ~/.oci/db-token

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

If a scope isn’t provided, the default will be the tenancy scope. Adding scope allows you to constrain access by the db-token autonomous databases in one or more compartments.

Example scope values:

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

domain

Description

Available Commands

activate

Description

After you send the request, the lifecycleDetails of the identity domain is set to ACTIVATING. When the operation completes, the lifecycleDetails is set to null and the lifecycleState of the identity domain is set to ACTIVE.

To track the progress of the request, submitting an HTTP GET on the /iamWorkRequests/{iamWorkRequestsId} endpoint retrieves the operation’s status.

Usage

oci iam domain activate [OPTIONS]

Required Parameters

The OCID of the identity domain.

Optional Parameters

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

For optimistic concurrency control. In the PUT or DELETE call for a resource, set the if-match parameter to the value of the etag from a previous GET or POST response for that resource. The resource will be updated or deleted only if the etag you provide matches the resource’s current etag value.

The maximum time to wait for the work request to reach the state defined by --wait-for-state. Defaults to 1200 seconds.

This operation asynchronously creates, modifies or deletes a resource and uses a work request to track the progress of the operation. Specify this option to perform the action and then wait until the work request reaches a certain state. Multiple states can be specified, returning on the first state. For example, --wait-for-state SUCCEEDED --wait-for-state FAILED would return on whichever lifecycle state is reached first. If timeout is reached, a return code of 2 is returned. For any other error, a return code of 1 is returned.

Accepted values are:

ACCEPTED, CANCELED, CANCELING, FAILED, IN_PROGRESS, SUCCEEDED

Check every --wait-interval-seconds to see whether the work request to see if it has reached the state defined by --wait-for-state. Defaults to 30 seconds.

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export compartment_id=<substitute-value-of-compartment_id> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/domain/create.html#cmdoption-compartment-id
    export description=<substitute-value-of-description> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/domain/create.html#cmdoption-description
    export display_name=<substitute-value-of-display_name> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/domain/create.html#cmdoption-display-name
    export home_region=<substitute-value-of-home_region> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/domain/create.html#cmdoption-home-region
    export license_type=<substitute-value-of-license_type> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/domain/create.html#cmdoption-license-type
    domain_id=$(oci iam domain create --compartment-id $compartment_id --description $description --display-name $display_name --home-region $home_region --license-type $license_type --query data.id --raw-output)
    oci iam domain activate --domain-id $domain_id

change-compartment

Description

To track the progress of the request, submitting an HTTP GET on the /iamWorkRequests/{iamWorkRequestsId} endpoint retrieves the operation’s status.

Usage

oci iam domain change-compartment [OPTIONS]

Required Parameters

The OCID <https://docs.cloud.oracle.com/Content/General/Concepts/identifiers.htm> of the destination compartment into which to move the identity domain.

The OCID of the identity domain.

Optional Parameters

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

For optimistic concurrency control. In the PUT or DELETE call for a resource, set the if-match parameter to the value of the etag from a previous GET or POST response for that resource. The resource will be updated or deleted only if the etag you provide matches the resource’s current etag value.

The maximum time to wait for the work request to reach the state defined by --wait-for-state. Defaults to 1200 seconds.

This operation asynchronously creates, modifies or deletes a resource and uses a work request to track the progress of the operation. Specify this option to perform the action and then wait until the work request reaches a certain state. Multiple states can be specified, returning on the first state. For example, --wait-for-state SUCCEEDED --wait-for-state FAILED would return on whichever lifecycle state is reached first. If timeout is reached, a return code of 2 is returned. For any other error, a return code of 1 is returned.

Accepted values are:

ACCEPTED, CANCELED, CANCELING, FAILED, IN_PROGRESS, SUCCEEDED

Check every --wait-interval-seconds to see whether the work request to see if it has reached the state defined by --wait-for-state. Defaults to 30 seconds.

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export compartment_id=<substitute-value-of-compartment_id> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/domain/create.html#cmdoption-compartment-id
    export description=<substitute-value-of-description> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/domain/create.html#cmdoption-description
    export display_name=<substitute-value-of-display_name> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/domain/create.html#cmdoption-display-name
    export home_region=<substitute-value-of-home_region> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/domain/create.html#cmdoption-home-region
    export license_type=<substitute-value-of-license_type> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/domain/create.html#cmdoption-license-type
    domain_id=$(oci iam domain create --compartment-id $compartment_id --description $description --display-name $display_name --home-region $home_region --license-type $license_type --query data.id --raw-output)
    oci iam domain change-compartment --compartment-id $compartment_id --domain-id $domain_id

change-domain-license-type

Description

After you send your request, the lifecycleDetails of this identity domain is set to UPDATING. When the update of the identity domain completes, then the lifecycleDetails is set to null.

To track the progress of the request, submitting an HTTP GET on the /iamWorkRequests/{iamWorkRequestsId} endpoint retrieves the operation’s status.

Usage

oci iam domain change-domain-license-type [OPTIONS]

Required Parameters

The OCID of the identity domain.

Optional Parameters

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

For optimistic concurrency control. In the PUT or DELETE call for a resource, set the if-match parameter to the value of the etag from a previous GET or POST response for that resource. The resource will be updated or deleted only if the etag you provide matches the resource’s current etag value.

The license type of the identity domain.

The maximum time to wait for the work request to reach the state defined by --wait-for-state. Defaults to 1200 seconds.

This operation asynchronously creates, modifies or deletes a resource and uses a work request to track the progress of the operation. Specify this option to perform the action and then wait until the work request reaches a certain state. Multiple states can be specified, returning on the first state. For example, --wait-for-state SUCCEEDED --wait-for-state FAILED would return on whichever lifecycle state is reached first. If timeout is reached, a return code of 2 is returned. For any other error, a return code of 1 is returned.

Accepted values are:

ACCEPTED, CANCELED, CANCELING, FAILED, IN_PROGRESS, SUCCEEDED

Check every --wait-interval-seconds to see whether the work request to see if it has reached the state defined by --wait-for-state. Defaults to 30 seconds.

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export compartment_id=<substitute-value-of-compartment_id> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/domain/create.html#cmdoption-compartment-id
    export description=<substitute-value-of-description> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/domain/create.html#cmdoption-description
    export display_name=<substitute-value-of-display_name> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/domain/create.html#cmdoption-display-name
    export home_region=<substitute-value-of-home_region> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/domain/create.html#cmdoption-home-region
    export license_type=<substitute-value-of-license_type> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/domain/create.html#cmdoption-license-type
    domain_id=$(oci iam domain create --compartment-id $compartment_id --description $description --display-name $display_name --home-region $home_region --license-type $license_type --query data.id --raw-output)
    oci iam domain change-domain-license-type --domain-id $domain_id

create

Description

To track the progress of the request, submitting an HTTP GET on the /iamWorkRequests/{iamWorkRequestsId} endpoint retrieves the operation’s status.

After creating an identity domain, first make sure its lifecycleState changes from CREATING to ACTIVE before you use it.

Usage

oci iam domain create [OPTIONS]

Required Parameters

The OCID of the compartment where the identity domain is created.

The identity domain description. You can have an empty description.

The mutable display name of the identity domain.

The region’s name identifier. See Regions and Availability Domains <https://docs.cloud.oracle.com/Content/General/Concepts/regions.htm> for the full list of supported region names.

Example:

us-phoenix-1

The license type of the identity domain.

Optional Parameters

The administrator’s email address.

The administrator’s first name.

The administrator’s last name.

The administrator’s user name.

Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags <https://docs.cloud.oracle.com/Content/General/Concepts/resourcetags.htm>. Example: {“Operations”: {“CostCenter”: “42”}} This is a complex type whose value must be valid JSON. The value can be provided as a string on the command line or passed in as a file using the file://path/to/file syntax.

The --generate-param-json-input option can be used to generate an example of the JSON which must be provided. We recommend storing this example in a file, modifying it as needed and then passing it back in via the file:// syntax.

Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags <https://docs.cloud.oracle.com/Content/General/Concepts/resourcetags.htm>. Example: {“Department”: “Finance”} This is a complex type whose value must be valid JSON. The value can be provided as a string on the command line or passed in as a file using the file://path/to/file syntax.

The --generate-param-json-input option can be used to generate an example of the JSON which must be provided. We recommend storing this example in a file, modifying it as needed and then passing it back in via the file:// syntax.

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

Indicates whether the identity domain is hidden on the sign-in screen or not.

Indicates whether or not the administrator user created in the IDCS stripe would like to receive notifications like a welcome email. This field is required only if admin information is provided. This field is otherwise optional.

Optional field to indicate whether users in the identity domain are required to have a primary email address or not. The default is true.

The maximum time to wait for the work request to reach the state defined by --wait-for-state. Defaults to 1200 seconds.

This operation asynchronously creates, modifies or deletes a resource and uses a work request to track the progress of the operation. Specify this option to perform the action and then wait until the work request reaches a certain state. Multiple states can be specified, returning on the first state. For example, --wait-for-state SUCCEEDED --wait-for-state FAILED would return on whichever lifecycle state is reached first. If timeout is reached, a return code of 2 is returned. For any other error, a return code of 1 is returned.

Accepted values are:

ACCEPTED, CANCELED, CANCELING, FAILED, IN_PROGRESS, SUCCEEDED

Check every --wait-interval-seconds to see whether the work request to see if it has reached the state defined by --wait-for-state. Defaults to 30 seconds.

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export compartment_id=<substitute-value-of-compartment_id> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/domain/create.html#cmdoption-compartment-id
    export description=<substitute-value-of-description> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/domain/create.html#cmdoption-description
    export display_name=<substitute-value-of-display_name> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/domain/create.html#cmdoption-display-name
    export home_region=<substitute-value-of-home_region> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/domain/create.html#cmdoption-home-region
    export license_type=<substitute-value-of-license_type> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/domain/create.html#cmdoption-license-type
    oci iam domain create --compartment-id $compartment_id --description $description --display-name $display_name --home-region $home_region --license-type $license_type

deactivate

Description

After you send your request, the lifecycleDetails of this identity domain is set to DEACTIVATING. When the operation completes, then the lifecycleDetails is set to null and the lifecycleState is set to INACTIVE.

To track the progress of the request, submitting an HTTP GET on the /iamWorkRequests/{iamWorkRequestsId} endpoint retrieves the operation’s status.

Usage

oci iam domain deactivate [OPTIONS]

Required Parameters

The OCID of the identity domain.

Optional Parameters

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

For optimistic concurrency control. In the PUT or DELETE call for a resource, set the if-match parameter to the value of the etag from a previous GET or POST response for that resource. The resource will be updated or deleted only if the etag you provide matches the resource’s current etag value.

The maximum time to wait for the work request to reach the state defined by --wait-for-state. Defaults to 1200 seconds.

This operation asynchronously creates, modifies or deletes a resource and uses a work request to track the progress of the operation. Specify this option to perform the action and then wait until the work request reaches a certain state. Multiple states can be specified, returning on the first state. For example, --wait-for-state SUCCEEDED --wait-for-state FAILED would return on whichever lifecycle state is reached first. If timeout is reached, a return code of 2 is returned. For any other error, a return code of 1 is returned.

Accepted values are:

ACCEPTED, CANCELED, CANCELING, FAILED, IN_PROGRESS, SUCCEEDED

Check every --wait-interval-seconds to see whether the work request to see if it has reached the state defined by --wait-for-state. Defaults to 30 seconds.

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export compartment_id=<substitute-value-of-compartment_id> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/domain/create.html#cmdoption-compartment-id
    export description=<substitute-value-of-description> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/domain/create.html#cmdoption-description
    export display_name=<substitute-value-of-display_name> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/domain/create.html#cmdoption-display-name
    export home_region=<substitute-value-of-home_region> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/domain/create.html#cmdoption-home-region
    export license_type=<substitute-value-of-license_type> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/domain/create.html#cmdoption-license-type
    domain_id=$(oci iam domain create --compartment-id $compartment_id --description $description --display-name $display_name --home-region $home_region --license-type $license_type --query data.id --raw-output)
    oci iam domain deactivate --domain-id $domain_id

delete

Description

To track the progress of the request, submitting an HTTP GET on the /iamWorkRequests/{iamWorkRequestsId} endpoint retrieves the operation’s status.

Usage

oci iam domain delete [OPTIONS]

Required Parameters

The OCID of the identity domain.

Optional Parameters

Perform deletion without prompting for confirmation.

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

For optimistic concurrency control. In the PUT or DELETE call for a resource, set the if-match parameter to the value of the etag from a previous GET or POST response for that resource. The resource will be updated or deleted only if the etag you provide matches the resource’s current etag value.

The maximum time to wait for the work request to reach the state defined by --wait-for-state. Defaults to 1200 seconds.

This operation asynchronously creates, modifies or deletes a resource and uses a work request to track the progress of the operation. Specify this option to perform the action and then wait until the work request reaches a certain state. Multiple states can be specified, returning on the first state. For example, --wait-for-state SUCCEEDED --wait-for-state FAILED would return on whichever lifecycle state is reached first. If timeout is reached, a return code of 2 is returned. For any other error, a return code of 1 is returned.

Accepted values are:

ACCEPTED, CANCELED, CANCELING, FAILED, IN_PROGRESS, SUCCEEDED

Check every --wait-interval-seconds to see whether the work request to see if it has reached the state defined by --wait-for-state. Defaults to 30 seconds.

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export compartment_id=<substitute-value-of-compartment_id> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/domain/create.html#cmdoption-compartment-id
    export description=<substitute-value-of-description> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/domain/create.html#cmdoption-description
    export display_name=<substitute-value-of-display_name> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/domain/create.html#cmdoption-display-name
    export home_region=<substitute-value-of-home_region> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/domain/create.html#cmdoption-home-region
    export license_type=<substitute-value-of-license_type> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/domain/create.html#cmdoption-license-type
    domain_id=$(oci iam domain create --compartment-id $compartment_id --description $description --display-name $display_name --home-region $home_region --license-type $license_type --query data.id --raw-output)
    oci iam domain delete --domain-id $domain_id

enable-replication-to-region

Description

After you send the request, the state of the identity domain in the replica region is set to ENABLING_REPLICATION. When the operation completes, the state is set to REPLICATION_ENABLED.

To track the progress of the request, submitting an HTTP GET on the /iamWorkRequests/{iamWorkRequestsId} endpoint retrieves the operation’s status.

Usage

oci iam domain enable-replication-to-region [OPTIONS]

Required Parameters

The OCID of the identity domain.

Optional Parameters

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

For optimistic concurrency control. In the PUT or DELETE call for a resource, set the if-match parameter to the value of the etag from a previous GET or POST response for that resource. The resource will be updated or deleted only if the etag you provide matches the resource’s current etag value.

The maximum time to wait for the work request to reach the state defined by --wait-for-state. Defaults to 1200 seconds.

A region to which you want identity domain replication to occur. See Regions and Availability Domains <https://docs.cloud.oracle.com/Content/General/Concepts/regions.htm> for the full list of supported region names.

Example:

us-phoenix-1

This operation asynchronously creates, modifies or deletes a resource and uses a work request to track the progress of the operation. Specify this option to perform the action and then wait until the work request reaches a certain state. Multiple states can be specified, returning on the first state. For example, --wait-for-state SUCCEEDED --wait-for-state FAILED would return on whichever lifecycle state is reached first. If timeout is reached, a return code of 2 is returned. For any other error, a return code of 1 is returned.

Accepted values are:

ACCEPTED, CANCELED, CANCELING, FAILED, IN_PROGRESS, SUCCEEDED

Check every --wait-interval-seconds to see whether the work request to see if it has reached the state defined by --wait-for-state. Defaults to 30 seconds.

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export compartment_id=<substitute-value-of-compartment_id> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/domain/create.html#cmdoption-compartment-id
    export description=<substitute-value-of-description> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/domain/create.html#cmdoption-description
    export display_name=<substitute-value-of-display_name> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/domain/create.html#cmdoption-display-name
    export home_region=<substitute-value-of-home_region> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/domain/create.html#cmdoption-home-region
    export license_type=<substitute-value-of-license_type> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/domain/create.html#cmdoption-license-type
    domain_id=$(oci iam domain create --compartment-id $compartment_id --description $description --display-name $display_name --home-region $home_region --license-type $license_type --query data.id --raw-output)
    oci iam domain enable-replication-to-region --domain-id $domain_id

get

Description

Usage

oci iam domain get [OPTIONS]

Required Parameters

The OCID of the identity domain.

Optional Parameters

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export compartment_id=<substitute-value-of-compartment_id> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/domain/create.html#cmdoption-compartment-id
    export description=<substitute-value-of-description> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/domain/create.html#cmdoption-description
    export display_name=<substitute-value-of-display_name> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/domain/create.html#cmdoption-display-name
    export home_region=<substitute-value-of-home_region> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/domain/create.html#cmdoption-home-region
    export license_type=<substitute-value-of-license_type> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/domain/create.html#cmdoption-license-type
    domain_id=$(oci iam domain create --compartment-id $compartment_id --description $description --display-name $display_name --home-region $home_region --license-type $license_type --query data.id --raw-output)
    oci iam domain get --domain-id $domain_id

list

Description

Usage

oci iam domain list [OPTIONS]

Required Parameters

The OCID of the compartment (remember that the tenancy is simply the root compartment).

Optional Parameters

Fetches all pages of results. If you provide this option, then you cannot provide the --limit option.

The mutable display name of the identity domain.

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

The region-specific identity domain URL.

Indicates whether or not the identity domain is visible at the sign-in screen.

The license type of the identity domain.

A filter to only return resources that match the given lifecycle state. The state value is case-insensitive.

Accepted values are:

ACTIVE, CREATING, DELETING, INACTIVE

The maximum number of items to return in a paginated “List” call.

A filter to only return resources that match the given name exactly.

The value of the opc-next-page response header from the previous “List” call.

When fetching results, the number of results to fetch per call. Only valid when used with --all or --limit, and ignored otherwise.

The field to sort by. You can provide one sort order (sortOrder). Default order for TIMECREATED is descending. Default order for NAME is ascending. The NAME sort order is case sensitive.

Note: In general, some “List” operations (for example, ListInstances) let you optionally filter by Availability Domain if the scope of the resource type is within a single Availability Domain. If you call one of these “List” operations without specifying an Availability Domain, the resources are grouped by Availability Domain, then sorted.

Accepted values are:

NAME, TIMECREATED

The sort order to use, either ascending (ASC) or descending (DESC). The NAME sort order is case sensitive.

Accepted values are:

ASC, DESC

The identity domain type.

The region-agnostic identity domain URL.

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export compartment_id=<substitute-value-of-compartment_id> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/domain/list.html#cmdoption-compartment-id
    oci iam domain list --compartment-id $compartment_id

list-license-types

Description

If currentLicenseTypeName is provided, then the request returns license types that the identity domain with the specified license type name can change to. Otherwise, the request returns all valid license types currently supported.

Usage

oci iam domain list-license-types [OPTIONS]

Optional Parameters

Fetches all pages of results.

The license type of the identity domain.

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    oci iam domain list-license-types

update

Description

To track the progress of the request, submitting an HTTP GET on the /iamWorkRequests/{iamWorkRequestsId} endpoint retrieves the operation’s status.

Usage

oci iam domain update [OPTIONS]

Required Parameters

The OCID of the identity domain.

Optional Parameters

Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags <https://docs.cloud.oracle.com/Content/General/Concepts/resourcetags.htm>. Example: {“Operations”: {“CostCenter”: “42”}} This is a complex type whose value must be valid JSON. The value can be provided as a string on the command line or passed in as a file using the file://path/to/file syntax.

The --generate-param-json-input option can be used to generate an example of the JSON which must be provided. We recommend storing this example in a file, modifying it as needed and then passing it back in via the file:// syntax.

The identity domain description. You can have an empty description.

The mutable display name of the identity domain.

Perform update without prompting for confirmation.

Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags <https://docs.cloud.oracle.com/Content/General/Concepts/resourcetags.htm>. Example: {“Department”: “Finance”} This is a complex type whose value must be valid JSON. The value can be provided as a string on the command line or passed in as a file using the file://path/to/file syntax.

The --generate-param-json-input option can be used to generate an example of the JSON which must be provided. We recommend storing this example in a file, modifying it as needed and then passing it back in via the file:// syntax.

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

For optimistic concurrency control. In the PUT or DELETE call for a resource, set the if-match parameter to the value of the etag from a previous GET or POST response for that resource. The resource will be updated or deleted only if the etag you provide matches the resource’s current etag value.

Indicates whether the identity domain is hidden on the sign-in screen or not.

The maximum time to wait for the work request to reach the state defined by --wait-for-state. Defaults to 1200 seconds.

This operation asynchronously creates, modifies or deletes a resource and uses a work request to track the progress of the operation. Specify this option to perform the action and then wait until the work request reaches a certain state. Multiple states can be specified, returning on the first state. For example, --wait-for-state SUCCEEDED --wait-for-state FAILED would return on whichever lifecycle state is reached first. If timeout is reached, a return code of 2 is returned. For any other error, a return code of 1 is returned.

Accepted values are:

ACCEPTED, CANCELED, CANCELING, FAILED, IN_PROGRESS, SUCCEEDED

Check every --wait-interval-seconds to see whether the work request to see if it has reached the state defined by --wait-for-state. Defaults to 30 seconds.

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export compartment_id=<substitute-value-of-compartment_id> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/domain/create.html#cmdoption-compartment-id
    export description=<substitute-value-of-description> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/domain/create.html#cmdoption-description
    export display_name=<substitute-value-of-display_name> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/domain/create.html#cmdoption-display-name
    export home_region=<substitute-value-of-home_region> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/domain/create.html#cmdoption-home-region
    export license_type=<substitute-value-of-license_type> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/domain/create.html#cmdoption-license-type
    domain_id=$(oci iam domain create --compartment-id $compartment_id --description $description --display-name $display_name --home-region $home_region --license-type $license_type --query data.id --raw-output)
    oci iam domain update --domain-id $domain_id

dynamic-group

Description

This works like regular user/group membership. But in that case, the membership is a static relationship, whereas in a dynamic group, the membership of an instance certificate to a dynamic group is determined during runtime. For more information, see Managing Dynamic Groups <https://docs.cloud.oracle.com/Content/Identity/dynamicgroups/managingdynamicgroups.htm>.

Warning: Oracle recommends that you avoid using any confidential information when you supply string values using the API.

Available Commands

create

Description

You must specify your tenancy’s OCID as the compartment ID in the request object (remember that the tenancy is simply the root compartment). Notice that IAM resources (users, groups, compartments, and some policies) reside within the tenancy itself, unlike cloud resources such as compute instances, which typically reside within compartments inside the tenancy. For information about OCIDs, see Resource Identifiers <https://docs.cloud.oracle.com/Content/General/Concepts/identifiers.htm>.

You must also specify a name for the dynamic group, which must be unique across all dynamic groups in your tenancy, and cannot be changed. Note that this name has to be also unique across all groups in your tenancy. You can use this name or the OCID when writing policies that apply to the dynamic group. For more information about policies, see How Policies Work <https://docs.cloud.oracle.com/Content/Identity/policieshow/how-policies-work.htm>.

You must also specify a description for the dynamic group (although it can be an empty string). It does not have to be unique, and you can change it anytime with UpdateDynamicGroup <https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/dynamic-group/update.html>.

After you send your request, the new object’s lifecycleState will temporarily be CREATING. Before using the object, first make sure its lifecycleState has changed to ACTIVE.

Usage

oci iam dynamic-group create [OPTIONS]

Required Parameters

The description you assign to the group during creation. Does not have to be unique, and it’s changeable.

(For tenancies that support identity domains) You can have an empty description.

The matching rule to dynamically match an instance certificate to this dynamic group. For rule syntax, see Managing Dynamic Groups <https://docs.cloud.oracle.com/Content/Identity/dynamicgroups/managingdynamicgroups.htm>.

The name you assign to the group during creation. The name must be unique across all groups in the tenancy and cannot be changed.

Optional Parameters

The OCID of the tenancy containing the group. If not provided, this parameter will use the tenancy’s OCID (root compartment’s OCID) from the config file.

Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags <https://docs.cloud.oracle.com/Content/General/Concepts/resourcetags.htm>. Example: {“Operations”: {“CostCenter”: “42”}} This is a complex type whose value must be valid JSON. The value can be provided as a string on the command line or passed in as a file using the file://path/to/file syntax.

The --generate-param-json-input option can be used to generate an example of the JSON which must be provided. We recommend storing this example in a file, modifying it as needed and then passing it back in via the file:// syntax.

Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags <https://docs.cloud.oracle.com/Content/General/Concepts/resourcetags.htm>. Example: {“Department”: “Finance”} This is a complex type whose value must be valid JSON. The value can be provided as a string on the command line or passed in as a file using the file://path/to/file syntax.

The --generate-param-json-input option can be used to generate an example of the JSON which must be provided. We recommend storing this example in a file, modifying it as needed and then passing it back in via the file:// syntax.

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

The maximum time to wait for the resource to reach the lifecycle state defined by --wait-for-state. Defaults to 1200 seconds.

This operation creates, modifies or deletes a resource that has a defined lifecycle state. Specify this option to perform the action and then wait until the resource reaches a given lifecycle state. Multiple states can be specified, returning on the first state. For example, --wait-for-state SUCCEEDED --wait-for-state FAILED would return on whichever lifecycle state is reached first. If timeout is reached, a return code of 2 is returned. For any other error, a return code of 1 is returned.

Accepted values are:

ACTIVE, CREATING, DELETED, DELETING, INACTIVE

Check every --wait-interval-seconds to see whether the resource to see if it has reached the lifecycle state defined by --wait-for-state. Defaults to 30 seconds.

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export description=<substitute-value-of-description> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/dynamic-group/create.html#cmdoption-description
    export matching_rule=<substitute-value-of-matching_rule> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/dynamic-group/create.html#cmdoption-matching-rule
    export name=<substitute-value-of-name> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/dynamic-group/create.html#cmdoption-name
    oci iam dynamic-group create --description $description --matching-rule $matching_rule --name $name

delete

Description

Usage

oci iam dynamic-group delete [OPTIONS]

Required Parameters

The OCID of the dynamic group.

Optional Parameters

Perform deletion without prompting for confirmation.

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

For optimistic concurrency control. In the PUT or DELETE call for a resource, set the if-match parameter to the value of the etag from a previous GET or POST response for that resource. The resource will be updated or deleted only if the etag you provide matches the resource’s current etag value.

The maximum time to wait for the resource to reach the lifecycle state defined by --wait-for-state. Defaults to 1200 seconds.

This operation creates, modifies or deletes a resource that has a defined lifecycle state. Specify this option to perform the action and then wait until the resource reaches a given lifecycle state. Multiple states can be specified, returning on the first state. For example, --wait-for-state SUCCEEDED --wait-for-state FAILED would return on whichever lifecycle state is reached first. If timeout is reached, a return code of 2 is returned. For any other error, a return code of 1 is returned.

Accepted values are:

ACTIVE, CREATING, DELETED, DELETING, INACTIVE

Check every --wait-interval-seconds to see whether the resource to see if it has reached the lifecycle state defined by --wait-for-state. Defaults to 30 seconds.

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export description=<substitute-value-of-description> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/dynamic-group/create.html#cmdoption-description
    export matching_rule=<substitute-value-of-matching_rule> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/dynamic-group/create.html#cmdoption-matching-rule
    export name=<substitute-value-of-name> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/dynamic-group/create.html#cmdoption-name
    dynamic_group_id=$(oci iam dynamic-group create --description $description --matching-rule $matching_rule --name $name --query data.id --raw-output)
    oci iam dynamic-group delete --dynamic-group-id $dynamic_group_id

get

Description

Usage

oci iam dynamic-group get [OPTIONS]

Required Parameters

The OCID of the dynamic group.

Optional Parameters

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export description=<substitute-value-of-description> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/dynamic-group/create.html#cmdoption-description
    export matching_rule=<substitute-value-of-matching_rule> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/dynamic-group/create.html#cmdoption-matching-rule
    export name=<substitute-value-of-name> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/dynamic-group/create.html#cmdoption-name
    dynamic_group_id=$(oci iam dynamic-group create --description $description --matching-rule $matching_rule --name $name --query data.id --raw-output)
    oci iam dynamic-group get --dynamic-group-id $dynamic_group_id

list

Description

Usage

oci iam dynamic-group list [OPTIONS]

Optional Parameters

Fetches all pages of results. If you provide this option, then you cannot provide the --limit option.

The OCID of the compartment (remember that the tenancy is simply the root compartment). If not provided, this parameter will use the tenancy’s OCID (root compartment’s OCID) from the config file.

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

A filter to only return resources that match the given lifecycle state. The state value is case-insensitive.

Accepted values are:

ACTIVE, CREATING, DELETED, DELETING, INACTIVE

The maximum number of items to return in a paginated “List” call.

A filter to only return resources that match the given name exactly.

The value of the opc-next-page response header from the previous “List” call.

When fetching results, the number of results to fetch per call. Only valid when used with --all or --limit, and ignored otherwise.

The field to sort by. You can provide one sort order (sortOrder). Default order for TIMECREATED is descending. Default order for NAME is ascending. The NAME sort order is case sensitive.

Note: In general, some “List” operations (for example, ListInstances) let you optionally filter by Availability Domain if the scope of the resource type is within a single Availability Domain. If you call one of these “List” operations without specifying an Availability Domain, the resources are grouped by Availability Domain, then sorted.

Accepted values are:

NAME, TIMECREATED

The sort order to use, either ascending (ASC) or descending (DESC). The NAME sort order is case sensitive.

Accepted values are:

ASC, DESC

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    oci iam dynamic-group list

update

Description

Usage

oci iam dynamic-group update [OPTIONS]

Required Parameters

The OCID of the dynamic group.

Optional Parameters

Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags <https://docs.cloud.oracle.com/Content/General/Concepts/resourcetags.htm>. Example: {“Operations”: {“CostCenter”: “42”}} This is a complex type whose value must be valid JSON. The value can be provided as a string on the command line or passed in as a file using the file://path/to/file syntax.

The --generate-param-json-input option can be used to generate an example of the JSON which must be provided. We recommend storing this example in a file, modifying it as needed and then passing it back in via the file:// syntax.

The description you assign to the dynamic group. Does not have to be unique, and it’s changeable.

(For tenancies that support identity domains) You can have an empty description.

Perform update without prompting for confirmation.

Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags <https://docs.cloud.oracle.com/Content/General/Concepts/resourcetags.htm>. Example: {“Department”: “Finance”} This is a complex type whose value must be valid JSON. The value can be provided as a string on the command line or passed in as a file using the file://path/to/file syntax.

The --generate-param-json-input option can be used to generate an example of the JSON which must be provided. We recommend storing this example in a file, modifying it as needed and then passing it back in via the file:// syntax.

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

For optimistic concurrency control. In the PUT or DELETE call for a resource, set the if-match parameter to the value of the etag from a previous GET or POST response for that resource. The resource will be updated or deleted only if the etag you provide matches the resource’s current etag value.

The matching rule to dynamically match an instance certificate to this dynamic group. For rule syntax, see Managing Dynamic Groups <https://docs.cloud.oracle.com/Content/Identity/dynamicgroups/managingdynamicgroups.htm>.

The maximum time to wait for the resource to reach the lifecycle state defined by --wait-for-state. Defaults to 1200 seconds.

This operation creates, modifies or deletes a resource that has a defined lifecycle state. Specify this option to perform the action and then wait until the resource reaches a given lifecycle state. Multiple states can be specified, returning on the first state. For example, --wait-for-state SUCCEEDED --wait-for-state FAILED would return on whichever lifecycle state is reached first. If timeout is reached, a return code of 2 is returned. For any other error, a return code of 1 is returned.

Accepted values are:

ACTIVE, CREATING, DELETED, DELETING, INACTIVE

Check every --wait-interval-seconds to see whether the resource to see if it has reached the lifecycle state defined by --wait-for-state. Defaults to 30 seconds.

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export description=<substitute-value-of-description> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/dynamic-group/create.html#cmdoption-description
    export matching_rule=<substitute-value-of-matching_rule> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/dynamic-group/create.html#cmdoption-matching-rule
    export name=<substitute-value-of-name> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/dynamic-group/create.html#cmdoption-name
    dynamic_group_id=$(oci iam dynamic-group create --description $description --matching-rule $matching_rule --name $name --query data.id --raw-output)
    oci iam dynamic-group update --dynamic-group-id $dynamic_group_id

fault-domain

Description

Available Commands

list

Description

Usage

oci iam fault-domain list [OPTIONS]

Required Parameters

The name of the availabilityDomain.

The OCID of the compartment (remember that the tenancy is simply the root compartment).

Optional Parameters

Fetches all pages of results.

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export availability_domain=<substitute-value-of-availability_domain> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/fault-domain/list.html#cmdoption-availability-domain
    export compartment_id=<substitute-value-of-compartment_id> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/fault-domain/list.html#cmdoption-compartment-id
    oci iam fault-domain list --availability-domain $availability_domain --compartment-id $compartment_id

group

Description

If you’re federating with an identity provider (IdP), you need to create mappings between the groups defined in the IdP and groups you define in the IAM service. For more information, see Identity Providers and Federation <https://docs.cloud.oracle.com/Content/Identity/Concepts/federation.htm>. Also see IdentityProvider <https://docs.cloud.oracle.com/api/#/en/identity/20160918/IdentityProvider/> and IdpGroupMapping <https://docs.cloud.oracle.com/api/#/en/identity/20160918/IdpGroupMapping/>.

To use any of the API operations, you must be authorized in an IAM policy. If you’re not authorized, talk to an administrator. If you’re an administrator who needs to write policies to give users access, see Get Started with Policies <https://docs.cloud.oracle.com/Content/Identity/policiesgs/get-started-with-policies.htm>.

Warning: Oracle recommends that you avoid using any confidential information when you supply string values using the API.

Available Commands

add-user

Description

Usage

oci iam group add-user [OPTIONS]

Required Parameters

The OCID of the group.

The OCID of the user.

Optional Parameters

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export description=<substitute-value-of-description> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/user/create.html#cmdoption-description
    export name=<substitute-value-of-name> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/user/create.html#cmdoption-name
    group_id=$(oci iam group create --description $description --name $name --query data.id --raw-output)
    user_id=$(oci iam user create --description $description --name $name --query data.id --raw-output)
    oci iam group add-user --group-id $group_id --user-id $user_id

create

Description

You must specify your tenancy’s OCID as the compartment ID in the request object (remember that the tenancy is simply the root compartment). Notice that IAM resources (users, groups, compartments, and some policies) reside within the tenancy itself, unlike cloud resources such as compute instances, which typically reside within compartments inside the tenancy. For information about OCIDs, see Resource Identifiers <https://docs.cloud.oracle.com/Content/General/Concepts/identifiers.htm>.

You must also specify a name for the group, which must be unique across all groups in your tenancy and cannot be changed. You can use this name or the OCID when writing policies that apply to the group. For more information about policies, see How Policies Work <https://docs.cloud.oracle.com/Content/Identity/policieshow/how-policies-work.htm>.

You must also specify a description for the group (although it can be an empty string). It does not have to be unique, and you can change it anytime with UpdateGroup <https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/group/update.html>.

After you send your request, the new object’s lifecycleState will temporarily be CREATING. Before using the object, first make sure its lifecycleState has changed to ACTIVE.

After creating the group, you need to put users in it and write policies for it. See AddUserToGroup <https://docs.cloud.oracle.com/api/#/en/identity/20160918/UserGroupMembership/AddUserToGroup> and CreatePolicy <https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/policy/create.html>.

Usage

oci iam group create [OPTIONS]

Required Parameters

The description you assign to the group during creation. Does not have to be unique, and it’s changeable.

(For tenancies that support identity domains) You can have an empty description.

The name you assign to the group during creation. The name must be unique across all groups in the tenancy and cannot be changed.

Optional Parameters

The OCID of the tenancy containing the group. If not provided, this parameter will use the tenancy’s OCID (root compartment’s OCID) from the config file.

Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags <https://docs.cloud.oracle.com/Content/General/Concepts/resourcetags.htm>. Example: {“Operations”: {“CostCenter”: “42”}} This is a complex type whose value must be valid JSON. The value can be provided as a string on the command line or passed in as a file using the file://path/to/file syntax.

The --generate-param-json-input option can be used to generate an example of the JSON which must be provided. We recommend storing this example in a file, modifying it as needed and then passing it back in via the file:// syntax.

Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags <https://docs.cloud.oracle.com/Content/General/Concepts/resourcetags.htm>. Example: {“Department”: “Finance”} This is a complex type whose value must be valid JSON. The value can be provided as a string on the command line or passed in as a file using the file://path/to/file syntax.

The --generate-param-json-input option can be used to generate an example of the JSON which must be provided. We recommend storing this example in a file, modifying it as needed and then passing it back in via the file:// syntax.

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

The maximum time to wait for the resource to reach the lifecycle state defined by --wait-for-state. Defaults to 1200 seconds.

This operation creates, modifies or deletes a resource that has a defined lifecycle state. Specify this option to perform the action and then wait until the resource reaches a given lifecycle state. Multiple states can be specified, returning on the first state. For example, --wait-for-state SUCCEEDED --wait-for-state FAILED would return on whichever lifecycle state is reached first. If timeout is reached, a return code of 2 is returned. For any other error, a return code of 1 is returned.

Accepted values are:

ACTIVE, CREATING, DELETED, DELETING, INACTIVE

Check every --wait-interval-seconds to see whether the resource to see if it has reached the lifecycle state defined by --wait-for-state. Defaults to 30 seconds.

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export description=<substitute-value-of-description> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/group/create.html#cmdoption-description
    export name=<substitute-value-of-name> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/group/create.html#cmdoption-name
    oci iam group create --description $description --name $name

delete

Description

Usage

oci iam group delete [OPTIONS]

Required Parameters

The OCID of the group.

Optional Parameters

Perform deletion without prompting for confirmation.

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

For optimistic concurrency control. In the PUT or DELETE call for a resource, set the if-match parameter to the value of the etag from a previous GET or POST response for that resource. The resource will be updated or deleted only if the etag you provide matches the resource’s current etag value.

The maximum time to wait for the resource to reach the lifecycle state defined by --wait-for-state. Defaults to 1200 seconds.

This operation creates, modifies or deletes a resource that has a defined lifecycle state. Specify this option to perform the action and then wait until the resource reaches a given lifecycle state. Multiple states can be specified, returning on the first state. For example, --wait-for-state SUCCEEDED --wait-for-state FAILED would return on whichever lifecycle state is reached first. If timeout is reached, a return code of 2 is returned. For any other error, a return code of 1 is returned.

Accepted values are:

ACTIVE, CREATING, DELETED, DELETING, INACTIVE

Check every --wait-interval-seconds to see whether the resource to see if it has reached the lifecycle state defined by --wait-for-state. Defaults to 30 seconds.

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export description=<substitute-value-of-description> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/group/create.html#cmdoption-description
    export name=<substitute-value-of-name> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/group/create.html#cmdoption-name
    group_id=$(oci iam group create --description $description --name $name --query data.id --raw-output)
    oci iam group delete --group-id $group_id

get

Description

This operation does not return a list of all the users in the group. To do that, use ListUserGroupMemberships <https://docs.cloud.oracle.com/api/#/en/identity/20160918/UserGroupMembership/ListUserGroupMemberships> and provide the group’s OCID as a query parameter in the request.

Usage

oci iam group get [OPTIONS]

Required Parameters

The OCID of the group.

Optional Parameters

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export description=<substitute-value-of-description> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/group/create.html#cmdoption-description
    export name=<substitute-value-of-name> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/group/create.html#cmdoption-name
    group_id=$(oci iam group create --description $description --name $name --query data.id --raw-output)
    oci iam group get --group-id $group_id

list

Description

Usage

oci iam group list [OPTIONS]

Optional Parameters

Fetches all pages of results. If you provide this option, then you cannot provide the --limit option.

The OCID of the compartment (remember that the tenancy is simply the root compartment). If not provided, this parameter will use the tenancy’s OCID (root compartment’s OCID) from the config file.

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

A filter to only return resources that match the given lifecycle state. The state value is case-insensitive.

Accepted values are:

ACTIVE, CREATING, DELETED, DELETING, INACTIVE

The maximum number of items to return in a paginated “List” call.

A filter to only return resources that match the given name exactly.

The value of the opc-next-page response header from the previous “List” call.

When fetching results, the number of results to fetch per call. Only valid when used with --all or --limit, and ignored otherwise.

The field to sort by. You can provide one sort order (sortOrder). Default order for TIMECREATED is descending. Default order for NAME is ascending. The NAME sort order is case sensitive.

Note: In general, some “List” operations (for example, ListInstances) let you optionally filter by Availability Domain if the scope of the resource type is within a single Availability Domain. If you call one of these “List” operations without specifying an Availability Domain, the resources are grouped by Availability Domain, then sorted.

Accepted values are:

NAME, TIMECREATED

The sort order to use, either ascending (ASC) or descending (DESC). The NAME sort order is case sensitive.

Accepted values are:

ASC, DESC

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    oci iam group list

list-users

Description

Usage

oci iam group list-users [OPTIONS]

Required Parameters

The OCID of the user.

Optional Parameters

Fetches all pages of results. If you provide this option, then you cannot provide the --limit option.

The OCID of the compartment (remember that the tenancy is simply the root compartment). If not provided, this parameter will use the tenancy’s OCID (root compartment’s OCID) from the config file.

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

The maximum number of items to return in a paginated “List” call.

The value of the opc-next-page response header from the previous “List” call.

When fetching results, the number of results to fetch per call. Only valid when used with --all or --limit, and ignored otherwise.

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export description=<substitute-value-of-description> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/group/create.html#cmdoption-description
    export name=<substitute-value-of-name> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/group/create.html#cmdoption-name
    group_id=$(oci iam group create --description $description --name $name --query data.id --raw-output)
    oci iam group list-users --group-id $group_id

remove-user

Description

Usage

oci iam group remove-user [OPTIONS]

Required Parameters

The OCID of the group.

The OCID of the user.

Optional Parameters

The OCID of the compartment (remember that the tenancy is simply the root compartment). If not provided, this parameter will use the tenancy’s OCID (root compartment’s OCID) from the config file.

Perform removal without prompting for confirmation.

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export description=<substitute-value-of-description> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/user/create.html#cmdoption-description
    export name=<substitute-value-of-name> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/user/create.html#cmdoption-name
    group_id=$(oci iam group create --description $description --name $name --query data.id --raw-output)
    user_id=$(oci iam user create --description $description --name $name --query data.id --raw-output)
    oci iam group remove-user --group-id $group_id --user-id $user_id

update

Description

Usage

oci iam group update [OPTIONS]

Required Parameters

The OCID of the group.

Optional Parameters

Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags <https://docs.cloud.oracle.com/Content/General/Concepts/resourcetags.htm>. Example: {“Operations”: {“CostCenter”: “42”}} This is a complex type whose value must be valid JSON. The value can be provided as a string on the command line or passed in as a file using the file://path/to/file syntax.

The --generate-param-json-input option can be used to generate an example of the JSON which must be provided. We recommend storing this example in a file, modifying it as needed and then passing it back in via the file:// syntax.

The description you assign to the group. Does not have to be unique, and it’s changeable.

(For tenancies that support identity domains) You can have an empty description.

Perform update without prompting for confirmation.

Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags <https://docs.cloud.oracle.com/Content/General/Concepts/resourcetags.htm>. Example: {“Department”: “Finance”} This is a complex type whose value must be valid JSON. The value can be provided as a string on the command line or passed in as a file using the file://path/to/file syntax.

The --generate-param-json-input option can be used to generate an example of the JSON which must be provided. We recommend storing this example in a file, modifying it as needed and then passing it back in via the file:// syntax.

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

For optimistic concurrency control. In the PUT or DELETE call for a resource, set the if-match parameter to the value of the etag from a previous GET or POST response for that resource. The resource will be updated or deleted only if the etag you provide matches the resource’s current etag value.

The maximum time to wait for the resource to reach the lifecycle state defined by --wait-for-state. Defaults to 1200 seconds.

This operation creates, modifies or deletes a resource that has a defined lifecycle state. Specify this option to perform the action and then wait until the resource reaches a given lifecycle state. Multiple states can be specified, returning on the first state. For example, --wait-for-state SUCCEEDED --wait-for-state FAILED would return on whichever lifecycle state is reached first. If timeout is reached, a return code of 2 is returned. For any other error, a return code of 1 is returned.

Accepted values are:

ACTIVE, CREATING, DELETED, DELETING, INACTIVE

Check every --wait-interval-seconds to see whether the resource to see if it has reached the lifecycle state defined by --wait-for-state. Defaults to 30 seconds.

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export description=<substitute-value-of-description> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/group/create.html#cmdoption-description
    export name=<substitute-value-of-name> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/iam/group/create.html#cmdoption-name
    group_id=$(oci iam group create --description $description --name $name --query data.id --raw-output)
    oci iam group update --group-id $group_id

iam-work-request

Description

Available Commands

get

Description

Usage

oci iam iam-work-request get [OPTIONS]

Required Parameters