oci-cli icon indicating copy to clipboard operation
oci-cli copied to clipboard
verified publisher icon oracle

list-groups and list-users does not but should include group membership OCID

Open jeliker opened this issue 4 years ago • 9 comments

Expected result

oci iam group list-users or oci iam user list-groups should include group membership OCIDs in results as it is available in the underlying API call ListUserGroupMemberships

Actual result

oci iam group list-users or oci iam user list-groups does not include group membership OCIDs in results

Rationale

API ListUserGroupMemberships returns group OCID, user OCID, and membership OCID whether provided groupId or userId for input. I expect these commands to also include membership OCIDs

group list-users (is missing group membership OCID)

oci iam group list-users --group-id $GROUP_ID
{
  "data": [
    {
      "capabilities": {
        "can-use-api-keys": false,
        "can-use-auth-tokens": true,
        "can-use-console-password": true,
        "can-use-customer-secret-keys": false,
        "can-use-o-auth2-client-credentials": true,
        "can-use-smtp-credentials": false
      },
      "compartment-id": "ocid1.tenancy.oc1..aaaaaaaac6bgzprtzmhay3mpvkm6h7dspkxgugadnyvxg653y5g2fd3meivq",
      "defined-tags": {
        "Oracle-Tags": {
          "CreatedBy": "oracleidentitycloudservice/[email protected]",
          "CreatedOn": "2021-08-16T15:53:10.934Z"
        }
      },
      "description": "DBA",
      "email": null,
      "email-verified": false,
      "external-identifier": null,
      "freeform-tags": {},
      "id": "ocid1.user.oc1..aaaaaaaaa4dghxghhzbdosba4ldkiwoo7aqusmpiu3l4h54lp26pbi5hi7wq",
      "identity-provider-id": null,
      "inactive-status": null,
      "is-mfa-activated": false,
      "last-successful-login-time": "2021-08-17T16:37:52.243000+00:00",
      "lifecycle-state": "ACTIVE",
      "name": "[email protected]",
      "previous-successful-login-time": null,
      "time-created": "2021-08-16T15:53:11.098000+00:00"
    }
  ]
}

user list-groups (is missing group membership OCID)

oci iam user list-groups --user-id $USER_ID
{
  "data": [
    {
      "compartment-id": "ocid1.tenancy.oc1..aaaaaaaac6bgzprtzmhay3mpvkm6h7dspkxgugadnyvxg653y5g2fd3meivq",
      "defined-tags": {
        "Oracle-Tags": {
          "CreatedBy": "oracleidentitycloudservice/[email protected]",
          "CreatedOn": "2021-08-16T15:53:10.921Z"
        }
      },
      "description": "DBAs",
      "freeform-tags": {},
      "id": "ocid1.group.oc1..aaaaaaaa6sycaw4bomtp6et3fx7goryc2ouxd4ex5xex654apyhknhkeasfq",
      "inactive-status": null,
      "lifecycle-state": "ACTIVE",
      "name": "DBAGroup",
      "time-created": "2021-08-16T15:53:10.965000+00:00"
    }
  ]
}

See output from ListUserGroupMemberships for comparison

ListUserGroupMemberships by group (includes group membership OCID)

oci raw-request --target-uri "https://identity.us-phoenix-1.oraclecloud.com/20160918/userGroupMemberships/?compartmentId=${TENANCY_ID}&groupId=${GROUP_ID}" --http-method GET
{
  "data": [
    {
      "compartmentId": "ocid1.tenancy.oc1..aaaaaaaac6b6hg653y5g2fd3gzprtzmhay3mpv7dspkxgugadnyvxkmmeivq",
      "description": "GRP_MBR:ocid1.group.oc1..aaaaaaaa6sycaw4bomtp6et3fx7goryc2ouxd4ex5xex654apyhknhkeasfq-ocid1.user.oc1..aaaaaaaaa4dghxghhzbdosba4ldkiwoo7aqusmpiu3l4h54lp26pbi5hi7wq",
      "groupId": "ocid1.group.oc1..aaaaaaaa6sycaw4bomtp6et3fx7goryc2ouxd4ex5xex654apyhknhkeasfq",
      "id": "ocid1.groupmembership.oc1..aaaz7dmjal2eufaaaa6366lcpbzjxv3uvykyizrbalqixdabpygpf5ed2ija",
      "lifecycleState": "ACTIVE",
      "timeCreated": "2021-08-17T17:33:35.437Z",
      "userId": "ocid1.user.oc1..aaaaaaaaa4dghxghhzbdosba4ldkiwoo7aqusmpiu3l4h54lp26pbi5hi7wq"
    }
  ],
  "headers": {
    "Cache-Control": "no-cache, no-store, must-revalidate",
    "Content-Length": "1239",
    "Content-Type": "application/json",
    "Date": "Fri, 10 Sep 2021 13:39:54 GMT",
    "Pragma": "no-cache",
    "X-Content-Type-Options": "nosniff",
    "opc-limit": "100",
    "opc-request-id": "8C4A4DF558A0DA60B8B564C/CCCE5F64BB0643A/DDE74ED0E8E86AA104F688B06A2FDE055007156484CF4198E305071119"
  },
  "status": "200 OK"
}

ListUserGroupMemberships by user (includes group membership OCID)

oci raw-request --target-uri "https://identity.us-phoenix-1.oraclecloud.com/20160918/userGroupMemberships/?compartmentId=${TENANCY_ID}&groupId=${GROUP_ID}" --http-method GET
{
  "data": [
    {
      "compartmentId": "ocid1.tenancy.oc1..aaaaaaaac6b6hg653y5g2fd3gzprtzmhay3mpv7dspkxgugadnyvxkmmeivq",
      "description": "GRP_MBR:ocid1.group.oc1..aaaaaaaa6sycaw4bomtp6et3fx7goryc2ouxd4ex5xex654apyhknhkeasfq-ocid1.user.oc1..aaaaaaaaa4dghxghhzbdosba4ldkiwoo7aqusmpiu3l4h54lp26pbi5hi7wq",
      "groupId": "ocid1.group.oc1..aaaaaaaa6sycaw4bomtp6et3fx7goryc2ouxd4ex5xex654apyhknhkeasfq",
      "id": "ocid1.groupmembership.oc1..aaaz7dmjal2eufaaaa6366lcpbzjxv3uvykyizrbalqixdabpygpf5ed2ija",
      "lifecycleState": "ACTIVE",
      "timeCreated": "2021-08-17T17:33:35.437Z",
      "userId": "ocid1.user.oc1..aaaaaaaaa4dghxghhzbdosba4ldkiwoo7aqusmpiu3l4h54lp26pbi5hi7wq"
    }
  ],
  "headers": {
    "Cache-Control": "no-cache, no-store, must-revalidate",
    "Content-Length": "1239",
    "Content-Type": "application/json",
    "Date": "Fri, 10 Sep 2021 13:39:54 GMT",
    "Pragma": "no-cache",
    "X-Content-Type-Options": "nosniff",
    "opc-limit": "100",
    "opc-request-id": "8C4A4DF558104F688B06A2A04564DDE74ED0E8E8C/CCCE5F60071564BB0643A/6AAFDE055DA60B8B84CF4198E305071119"
  },
  "status": "200 OK"
}

References

  • ListUserGroupMemberships API documentation https://docs.oracle.com/en-us/iaas/api/#/en/identity/20160918/UserGroupMembership/ListUserGroupMemberships

jeliker avatar Sep 10 '21 14:09 jeliker

+1 on this. When I list users, I would like for it to include any groups that user is assigned as part of the response.

12pfiesterc avatar Aug 05 '22 18:08 12pfiesterc

+1

auriben avatar Sep 21 '22 20:09 auriben