Table: oci_identity_compartment - Query OCI Identity Compartments using SQL
Oracle Cloud Infrastructure Identity and Access Management (IAM) service lets you control who has access to your cloud resources. You can control what type of access a group of users have and to which specific resources. This is achieved through the use of compartments, which are a fundamental component of Oracle Cloud Infrastructure for organizing and isolating your cloud resources.
Table Usage Guide
The oci_identity_compartment
table provides insights into compartments within Oracle Cloud Infrastructure Identity and Access Management (IAM). As a cloud architect or administrator, you can explore compartment-specific details through this table, including compartment names, descriptions, and states. Utilize it to manage and understand your OCI resource organization, such as identifying compartments with specific resources, understanding your compartment hierarchy, and ensuring appropriate resource isolation.
Examples
Basic info
Discover the segments that are in different lifecycle states within your OCI Identity Compartments. This could be useful in assessing the elements within your compartments and understanding their statuses for better resource management.
select name, lifecycle_state, id, compartment_id as parent_compartmentfrom oci.oci_identity_compartment
select name, lifecycle_state, id, compartment_id as parent_compartmentfrom oci_identity_compartment
Details joined with parent compartment
Analyze the settings to understand the relationship between different compartments within an OCI identity compartment hierarchy. This is useful for understanding the structure and dependencies within your OCI environment.
select child.name as name, coalesce(parent.name, 'root') as parent_compartment, child.id as id, coalesce(parent.id, child.tenant_id) as parent_compartment_idfrom oci_identity_compartment child left join oci_identity_compartment parent on (child.compartment_id = parent.id)order by parent.name;
select child.name as name, coalesce(parent.name, 'root') as parent_compartment, child.id as id, coalesce(parent.id, child.tenant_id) as parent_compartment_idfrom oci_identity_compartment as child left join oci_identity_compartment as parent on child.compartment_id = parent.idorder by parent.name;
Full path of the compartments
This query is useful in tracking the full path of active compartments within a system. It aids in system organization and management by allowing users to understand the hierarchical structure of compartments, thereby facilitating easier navigation and data retrieval.
with recursive compartments as ( select name, id, compartment_id, tenant_id, name as path, name as last_name, id as last_id from oci_identity_compartment where lifecycle_state = 'ACTIVE' union all select oci_identity_compartment.name, oci_identity_compartment.id, oci_identity_compartment.compartment_id, oci_identity_compartment.tenant_id, oci_identity_compartment.name || '/' || compartments.path, compartments.last_name, compartments.last_id from oci_identity_compartment join compartments on oci_identity_compartment.id = compartments.compartment_id)select last_id as compartment_id, last_name as name, pathfrom compartmentswhere compartment_id = tenant_idorder by path;
with recursive compartments as ( select name, id, compartment_id, tenant_id, name as path, name as last_name, id as last_id from oci_identity_compartment where lifecycle_state = 'ACTIVE' union all select oci_identity_compartment.name, oci_identity_compartment.id, oci_identity_compartment.compartment_id, oci_identity_compartment.tenant_id, oci_identity_compartment.name || '/' || compartments.path, compartments.last_name, compartments.last_id from oci_identity_compartment join compartments on oci_identity_compartment.id = compartments.compartment_id)select last_id as compartment_id, last_name as name, pathfrom compartmentswhere compartment_id = tenant_idorder by path;
Query examples
- blockstorage_block_volume_age_report
- blockstorage_block_volume_by_compartment
- blockstorage_block_volume_encryption_report
- blockstorage_block_volume_input
- blockstorage_block_volume_storage_by_compartment
- blockstorage_block_volume_unattached_report
- blockstorage_boot_volume_age_report
- blockstorage_boot_volume_by_compartment
- blockstorage_boot_volume_encryption_report
- blockstorage_boot_volume_input
- blockstorage_boot_volume_storage_by_compartment
- blockstorage_boot_volume_unattached_report
- compartment_count
- compartment_table
- compute_instance_age_report
- compute_instance_by_compartment
- compute_instance_input
- database_autonomous_database_input
- database_autonomous_db_age_report
- database_autonomous_db_by_compartment
- filestorage_filesystem_age_report
- filestorage_filesystem_by_compartment
- filestorage_filesystem_input
- key_vault_input
- kms_key_age_report
- kms_key_by_compartment
- kms_key_input
- kms_vault_age_report
- kms_vault_by_compartment
- mysql_backup_age_report
- mysql_backup_by_compartment
- mysql_backup_storage_by_compartment
- mysql_db_system_age_report
- mysql_db_system_by_compartment
- mysql_db_system_input
- mysql_db_system_storage_by_compartment
- nosql_table_age_report
- nosql_table_by_compartment
- nosql_table_input
- objectstorage_bucket_age_report
- objectstorage_bucket_by_compartment
- objectstorage_bucket_encryption_report
- objectstorage_bucket_input
- objectstorage_bucket_lifecycle_report
- objectstorage_bucket_public_access_report
- oci_vcn_by_compartment
- oci_vcn_security_group_unrestricted_ingress_rdp_count
- oci_vcn_security_group_unrestricted_ingress_ssh_count
- oci_vcn_security_groups_by_compartment
- oci_vcn_security_list_by_compartment
- oci_vcn_security_list_unrestricted_ingress_rdp_count
- oci_vcn_security_list_unrestricted_ingress_ssh_count
- oci_vcn_subnet_by_compartment
- ons_notification_topic_age_report
- ons_notification_topic_by_compartment
- ons_notification_topic_input
- ons_subscription_age_report
- ons_subscription_by_compartment
- vcn_input
- vcn_network_security_group_input
- vcn_security_list_input
- vcn_subnet_input
Control examples
- 2.1 Ensure no security lists allow ingress from 0.0.0.0/0 to port 22
- 2.1 Ensure no security lists allow ingress from 0.0.0.0/0 to port 22
- 2.1 Ensure no security lists allow ingress from 0.0.0.0/0 to port 22
- 2.2 Ensure no security lists allow ingress from 0.0.0.0/0 to port 3389
- 2.2 Ensure no security lists allow ingress from 0.0.0.0/0 to port 3389
- 2.2 Ensure no security lists allow ingress from 0.0.0.0/0 to port 3389
- 2.3 Ensure no network security groups allow ingress from 0.0.0.0/0 to port 22
- 2.3 Ensure no network security groups allow ingress from 0.0.0.0/0 to port 22
- 2.3 Ensure no network security groups allow ingress from 0.0.0.0/0 to port 22
- 2.4 Ensure no network security groups allow ingress from 0.0.0.0/0 to port 3389
- 2.4 Ensure no network security groups allow ingress from 0.0.0.0/0 to port 3389
- 2.4 Ensure no network security groups allow ingress from 0.0.0.0/0 to port 3389
- 2.5 Ensure the default security list of every VCN restricts all traffic except ICMP
- 2.5 Ensure the default security list of every VCN restricts all traffic except ICMP
- 2.5 Ensure the default security list of every VCN restricts all traffic except ICMP
- 2.8 Ensure Oracle Autonomous Shared Databases (ADB) access is restricted to allowed sources or deployed within a Virtual Cloud Network
- 2.8 Ensure Oracle Autonomous Shared Databases (ADB) access is restricted to allowed sources or deployed within a Virtual Cloud Network
- 3.1 Ensure Compute Instance Legacy Metadata service endpoint is disabled
- 3.10 Ensure a notification is configured for changes to route tables
- 3.10 Ensure a notification is configured for changes to route tables
- 3.11 Ensure a notification is configured for security list changes
- 3.11 Ensure a notification is configured for security list changes
- 3.12 Ensure a notification is configured for network security group changes
- 3.12 Ensure a notification is configured for network security group changes
- 3.13 Ensure a notification is configured for changes to network gateways
- 3.13 Ensure a notification is configured for changes to network gateways
- 3.14 Ensure VCN flow logging is enabled for all subnets
- 3.14 Ensure VCN flow logging is enabled for all subnets
- 3.16 Ensure customer created Customer Managed Key (CMK) is rotated at least annually
- 3.16 Ensure customer created Customer Managed Key (CMK) is rotated at least annually
- 3.3 Create at least one notification topic and subscription to receive monitoring alerts
- 3.3 Create at least one notification topic and subscription to receive monitoring alerts
- 3.3 Ensure In-transit Encryption is enabled on Compute Instance
- 3.4 Ensure a notification is configured for Identity Provider changes
- 3.4 Ensure a notification is configured for Identity Provider changes
- 3.5 Ensure a notification is configured for IdP group mapping changes
- 3.5 Ensure a notification is configured for IdP group mapping changes
- 3.6 Ensure a notification is configured for IAM group changes
- 3.6 Ensure a notification is configured for IAM group changes
- 3.7 Ensure a notification is configured for IAM policy changes
- 3.7 Ensure a notification is configured for IAM policy changes
- 3.8 Ensure a notification is configured for user changes
- 3.8 Ensure a notification is configured for user changes
- 3.9 Ensure a notification is configured for VCN changes
- 3.9 Ensure a notification is configured for VCN changes
- 4.1 Ensure no Object Storage buckets are publicly visible
- 4.1.1 Ensure no Object Storage buckets are publicly visible
- 4.1.2 Ensure Object Storage Buckets are encrypted with a Customer Managed Key
- 4.1.3 Ensure Versioning is Enabled for Object Storage Buckets
- 4.10 Ensure a notification is configured for security list changes
- 4.11 Ensure a notification is configured for network security group changes
- 4.12 Ensure a notification is configured for changes to network gateways
- 4.13 Ensure VCN flow logging is enabled for all subnets
- 4.15 Ensure a notification is configured for Oracle Cloud Guard problems detected
- 4.16 Ensure customer created Customer Managed Key (CMK) is rotated at least annually
- 4.2 Create at least one notification topic and subscription to receive monitoring alerts
- 4.2.1 Ensure Block Volumes are encrypted with Customer Managed Keys (CMK)
- 4.2.2 Ensure boot volumes are encrypted with Customer Managed Key (CMK)
- 4.3 Ensure a notification is configured for Identity Provider changes
- 4.3.1 Ensure File Storage Systems are encrypted with Customer Managed Keys (CMK)
- 4.4 Ensure a notification is configured for IdP group mapping changes
- 4.5 Ensure a notification is configured for IAM group changes
- 4.6 Ensure a notification is configured for IAM policy changes
- 4.7 Ensure a notification is configured for user changes
- 4.8 Ensure a notification is configured for VCN changes
- 4.9 Ensure a notification is configured for changes to route tables
- 5.1 Create at least one compartment in your tenancy to store cloud resources
- 5.1 Create at least one compartment in your tenancy to store cloud resources
- 5.1.1 Ensure no Object Storage buckets are publicly visible
- 5.1.2 Ensure Object Storage Buckets are encrypted with a Customer Managed Key
- 5.1.3 Ensure Versioning is Enabled for Object Storage Buckets
- 5.2.1 Ensure Block Volumes are encrypted with Customer Managed Keys (CMK)
- 5.2.2 Ensure boot volumes are encrypted with Customer Managed Key (CMK)
- 5.3.1 Ensure File Storage Systems are encrypted with Customer Managed Keys (CMK)
- 6.1 Create at least one compartment in your tenancy to store cloud resources
Schema for oci_identity_compartment
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. | |
compartment_id | text | The OCID of the compartment in Tenant in which the resource is located. | |
defined_tags | jsonb | Defined tags for resource. Defined tags are set up in your tenancy by an administrator. Only users granted permission to work with the defined tags can apply them to resources. | |
description | text | The description you assign to the compartment. | |
freeform_tags | jsonb | Free-form tags for resource. This tags can be applied by any user with permissions on the resource. | |
id | text | = | The OCID of the compartment. |
inactive_status | bigint | The detailed status of INACTIVE lifecycleState | |
is_accessible | boolean | Indicates whether or not the compartment is accessible for the user making the request. | |
lifecycle_state | text | = | The compartment's current state. |
name | text | = | The name assigned to the compartment during creation |
tags | jsonb | A map of tags for the resource. | |
tenant_id | text | The OCID of the Tenant in which the resource is located. | |
tenant_name | text | The name of the Tenant in which the resource is located. | |
time_created | timestamp with time zone | Date and time the user was created. | |
title | text | Title of the resource. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- oci
You can pass the configuration to the command with the --config
argument:
steampipe_export_oci --config '<your_config>' oci_identity_compartment