steampipe plugin install oci

Table: oci_identity_domain - Query OCI Identity Service Groups using SQL

Oracle Cloud Infrastructure (OCI) Identity and Access Management (IAM) service lets you control who has access to your cloud resources. An identity domain is used to manage users and groups, integration standards, external identities, and secure application integration through Oracle Single Sign-on (SSO) configuration.

Table Usage Guide

The oci_identity_domain table provides insights into the groups within OCI Identity and Access Management (IAM). As a security analyst, you can explore domain-specific details through this table, including the type of domain, license type, replica regions, and other associated metadata. Use it to discover information about domains.

Examples

Basic info

Explore which identity domain have been created in your OCI environment, along with their lifecycle states, to understand their current status and when they were established. This could be useful for auditing purposes or for maintaining an overview of your security settings.

select
display_name,
id,
description,
lifecycle_state,
time_created
from
oci_identity_domain;
select
display_name,
id,
description,
lifecycle_state,
time_created
from
oci_identity_domain;

List of Identity Domains that are not in Active state

Discover the segments that consist of identity domain not currently in an active state. This is beneficial in identifying and managing inactive domains within your Oracle Cloud Infrastructure.

select
display_name,
id,
lifecycle_state
from
oci_identity_domain
where
lifecycle_state <> 'ACTIVE';
select
display_name,
id,
lifecycle_state
from
oci_identity_domain
where
lifecycle_state <> 'ACTIVE';

List of Identity Domains without application tag key

Determine the areas in which identity domains lack an application tag key. This is useful for identifying potential gaps in your tagging strategy, helping to ensure all domains are properly categorized and managed.

select
display_name,
id
from
oci_identity_domain
where
not tags :: JSONB ? 'application';
select
display_name,
id
from
oci_identity_domain
where
json_extract(tags, '$.application') is null;

Get replication details for the domains

Discover the domains that have multiple replicas. This query can be used to get an overview of the replication status of identity domains, helping in effective management and maintenance, for security assessments and ensuring that replication aligns with the organization's security policies, to verify that data replication meets regulatory requirements, especially in cases where data sovereignty and regional compliance are important, to confirm that replicas are available and in the expected state across designated regions.

select
display_name,
id,
r ->> 'region' as replica_region,
r ->> 'state' as replication_state,
r ->> 'url' as replication_url
from
oci_identity_domain,
jsonb_array_elements(replica_regions) as r;
select
display_name,
id,
json_extract(r.value, '$.region') as replica_region,
json_extract(r.value, '$.state') as replication_state,
json_extract(r.value, '$.url') as replication_url
from
oci_identity_domain,
json_each(replica_regions) as r;

Schema for oci_identity_domain

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
compartment_idtextThe OCID of the Tenant in which the resource is located.
defined_tagsjsonbDefined tags for resource. Defined tags are set up in your tenancy by an administrator. Only users granted permission to work with the defined tags can apply them to resources.
descriptiontextThe identity domain description. You can have an empty description.
display_nametext=The mutable display name of the identity domain.
freeform_tagsjsonbFree-form tags for resource. This tags can be applied by any user with permissions on the resource.
home_regiontextThe home region for the identity domain.
home_region_urltext=Region-specific identity domain URL.
idtext=The OCID of the identity domain.
is_hidden_on_loginboolean=Indicates whether the identity domain is hidden on the sign-in screen or not.
license_typetext=The license type of the identity domain.
lifecycle_detailstextAny additional details about the current state of the identity domain.
lifecycle_statetext=The domain's current state.
replica_regionsjsonbThe regions where replicas of the identity domain exist.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
tagsjsonbA map of tags for the resource.
tenant_nametextThe name of the Tenant in which the resource is located.
time_createdtimestamp with time zoneDate and time the identity domain was created, in the format defined by RFC3339.
titletextTitle of the resource.
typetext=The type of the identity domain.
urltext=Region-agnostic identity domain URL.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- oci

You can pass the configuration to the command with the --config argument:

steampipe_export_oci --config '<your_config>' oci_identity_domain