Table: oci_identity_network_source - Query OCI Identity Network Sources using SQL
A Network Source in Oracle Cloud Infrastructure (OCI) Identity service defines a group of IP addresses that are trusted for authenticating users. It is used to limit the IP addresses that can be used to access OCI resources, adding an extra layer of security. Network Sources can be associated with groups and dynamic groups in IAM policies.
Table Usage Guide
The oci_identity_network_source table provides insights into the Network Sources within OCI Identity service. As a security engineer, explore Network Source-specific details through this table, including IP address ranges, virtual source lists, and associated metadata. Utilize it to uncover information about Network Sources, such as those with specific IP ranges, the association with groups or dynamic groups, and the verification of security policies.
Examples
Basic info
Explore which network sources are in different lifecycle states and when they were created. This can help you manage and track your OCI identity network sources effectively.
select name, id, lifecycle_state, time_createdfrom oci_identity_network_source;select name, id, lifecycle_state, time_createdfrom oci_identity_network_source;List inactive network sources
Identify network sources that are currently inactive for potential troubleshooting or resource management purposes.
select name, id, lifecycle_statefrom oci_identity_network_sourcewhere lifecycle_state = 'INACTIVE';select name, id, lifecycle_statefrom oci_identity_network_sourcewhere lifecycle_state = 'INACTIVE';List network sources that include public IP addresses
Determine the areas in which network sources include public IP addresses. This is useful for identifying potential security vulnerabilities and ensuring proper network management.
select name, id, public_source_listfrom oci_identity_network_sourcewhere jsonb_array_length(public_source_list) > 0;select name, id, public_source_listfrom oci_identity_network_sourcewhere json_array_length(public_source_list) > 0;Get allowed VCN OCIDs and IP range pairs for each network source
Explore the allowed Virtual Cloud Network (VCN) identifiers and their corresponding IP ranges for each network source. This can help in managing and auditing network access within your cloud infrastructure.
select name, id, vsl ->> 'ipRanges' as ip_ranges, vsl ->> 'vcnId' as vcn_idfrom oci_identity_network_source, jsonb_array_elements(virtual_source_list) as vsl;select name, id, json_extract(vsl.value, '$.ipRanges') as ip_ranges, json_extract(vsl.value, '$.vcnId') as vcn_idfrom oci_identity_network_source, json_each(virtual_source_list) as vsl;Schema for oci_identity_network_source
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form. | |
| defined_tags | jsonb | Defined tags for resource. Defined tags are set up in your tenancy by an administrator. Only users granted permission to work with the defined tags can apply them to resources. | |
| description | text | The description you assign to the network source. | |
| freeform_tags | jsonb | Free-form tags for resource. This tags can be applied by any user with permissions on the resource. | |
| id | text | = | The OCID of the network source. |
| inactive_status | bigint | The detailed status of INACTIVE lifecycleState. | |
| lifecycle_state | text | = | The network source object's current state. |
| name | text | = | The name you assign to the network source during creation. |
| public_source_list | jsonb | A list of allowed public IP addresses and CIDR ranges. | |
| services | jsonb | A list of services allowed to make on-behalf-of requests. | |
| sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
| sp_ctx | jsonb | Steampipe context in JSON form. | |
| tags | jsonb | A map of tags for the resource. | |
| tenant_id | text | =, !=, ~~, ~~*, !~~, !~~* | The OCID of the Tenant in which the resource is located. |
| tenant_name | text | The name of the Tenant in which the resource is located. | |
| time_created | timestamp with time zone | Date and time the etwork source was created. | |
| title | text | Title of the resource. | |
| virtual_source_list | jsonb | A list of allowed VCN OCID and IP range pairs. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- ociYou can pass the configuration to the command with the --config argument:
steampipe_export_oci --config '<your_config>' oci_identity_network_source