Getting the policies that apply to a compartment (including inherited ones)

October 2, 2023 | 2 minute read
Christopher Johnson
Director, Cloud Engineering
Text Size 100%:


The actual question was:

Hi team, Is there a way to get a report for the current policies in a specific compartment (including inherited ones)?

And I said:

Yes. You can use the API or CLI to retrieve the policies from a compartment and then, since policies only inherit from their parent, just repeat for each parent compartment up the tree. It's under 100 lines of code - probably something in the order of 50 (minus comments) and more like 10-20 once you cut out all the boiler plate.

And yes, they actually did ask me for the code - assuming I'd whip it up. Which yes, of course I did.

The only thing of note in this code (besides that it's almost exactly 50 lines and definitely under 20 lines to do the work!) is that I didn't take any care to have the result be consistent each time it's run. If you were going to use this as some sort of input to an auditing tool you'd probably not use to write it and instead would write these into a formatted file of some sort. That way you could run it at any time and diff it against a previous run to see what changed.

But that is, as they say, left as an exercise for the reader!

Christopher Johnson

Director, Cloud Engineering

Former child, Admiral of the bathtub navy, noted author and mixed medium artist (best book report, Ms Russel's 4th grade class, and macaroni & finger paint respectively), Time Person of the Year (2006), Olympic hopeful (and I keep hoping), Grammy Award winner (grandma always said I was the best), and dog owner.

Previous Post

IAM Policy for Moving a Secondary Private IP Address to a Different VNIC in OCI

Amit Chakraborty | 2 min read

Next Post

Extending SaaS by AI/ML - Blog Series

Rekha Mathew | 1 min read