v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Steampipe logo 
Hub
Plugins
turbot/oci
Overview
161Tables
Versions
PowerpipeMods
GitHub
steampipe plugin install oci

Table: oci_identity_network_source - Query OCI Identity Network Sources using SQL

A Network Source in Oracle Cloud Infrastructure (OCI) Identity service defines a group of IP addresses that are trusted for authenticating users. It is used to limit the IP addresses that can be used to access OCI resources, adding an extra layer of security. Network Sources can be associated with groups and dynamic groups in IAM policies.

Table Usage Guide

The oci_identity_network_source table provides insights into the Network Sources within OCI Identity service. As a security engineer, explore Network Source-specific details through this table, including IP address ranges, virtual source lists, and associated metadata. Utilize it to uncover information about Network Sources, such as those with specific IP ranges, the association with groups or dynamic groups, and the verification of security policies.

Examples

Basic info

Explore which network sources are in different lifecycle states and when they were created. This can help you manage and track your OCI identity network sources effectively.

select
  name,
  id,
  lifecycle_state,
  time_created
from
  oci_identity_network_source;
select
  name,
  id,
  lifecycle_state,
  time_created
from
  oci_identity_network_source;

List inactive network sources

Identify network sources that are currently inactive for potential troubleshooting or resource management purposes.

select
  name,
  id,
  lifecycle_state
from
  oci_identity_network_source
where
  lifecycle_state = 'INACTIVE';
select
  name,
  id,
  lifecycle_state
from
  oci_identity_network_source
where
  lifecycle_state = 'INACTIVE';

List network sources that include public IP addresses

Determine the areas in which network sources include public IP addresses. This is useful for identifying potential security vulnerabilities and ensuring proper network management.

select
  name,
  id,
  public_source_list
from
  oci_identity_network_source
where
  jsonb_array_length(public_source_list) > 0;
select
  name,
  id,
  public_source_list
from
  oci_identity_network_source
where
  json_array_length(public_source_list) > 0;

Get allowed VCN OCIDs and IP range pairs for each network source

Explore the allowed Virtual Cloud Network (VCN) identifiers and their corresponding IP ranges for each network source. This can help in managing and auditing network access within your cloud infrastructure.

select
  name,
  id,
  vsl ->> 'ipRanges' as ip_ranges,
  vsl ->> 'vcnId' as vcn_id
from
  oci_identity_network_source,
  jsonb_array_elements(virtual_source_list) as vsl;
select
  name,
  id,
  json_extract(vsl.value, '$.ipRanges') as ip_ranges,
  json_extract(vsl.value, '$.vcnId') as vcn_id
from
  oci_identity_network_source,
  json_each(virtual_source_list) as vsl;

Schema for oci_identity_network_source

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
defined_tagsjsonbDefined tags for resource. Defined tags are set up in your tenancy by an administrator. Only users granted permission to work with the defined tags can apply them to resources.
descriptiontextThe description you assign to the network source.
freeform_tagsjsonbFree-form tags for resource. This tags can be applied by any user with permissions on the resource.
idtext=The OCID of the network source.
inactive_statusbigintThe detailed status of INACTIVE lifecycleState.
lifecycle_statetext=The network source object's current state.
nametext=The name you assign to the network source during creation.
public_source_listjsonbA list of allowed public IP addresses and CIDR ranges.
servicesjsonbA list of services allowed to make on-behalf-of requests.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
tagsjsonbA map of tags for the resource.
tenant_idtext=, !=, ~~, ~~*, !~~, !~~*The OCID of the Tenant in which the resource is located.
tenant_nametextThe name of the Tenant in which the resource is located.
time_createdtimestamp with time zoneDate and time the etwork source was created.
titletextTitle of the resource.
virtual_source_listjsonbA list of allowed VCN OCID and IP range pairs.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- oci

You can pass the configuration to the command with the --config argument:

steampipe_export_oci --config '<your_config>' oci_identity_network_source