hayderimran7/oci-cli-query-examples.md

## oci-cli-query-examples.md

      
    Raw
  

              oci-cli-query-examples.md
            
          
    "geting all policies in given tenancy with no freeform tags

policies=$(oci --profile BOAT-OC1 iam policy list --all -c $C --query 'data[?length("freeform-tags")==`0`].name'| jq -r "@sh" )
find number of total policies in compartment

oci --profile BOAT-OC1 iam policy list --all -c $C --query 'data.length(@)'
get list of all compartments

oci --profile BOAT-OC1 iam compartment list -c $C --compartment-id-in-subtree TRUE --all --query 'data[].id' | jq -r "@sh" 

  
## policies_example.sh
#!/usr/local/bin/bash


C="set root tenancy ocid here"

pol_count=0

# Get all policies with no tags in tenancy
echo "geting all policies in given tenancy :"
policies=$(oci --profile BOAT-OC1 iam policy list --all -c $C --query 'data[?length("freeform-tags")==`0`].name'| jq -r "@sh" )
declare -a pol_arr="($policies)"
policies_id=$(oci --profile BOAT-OC1 iam policy list --all -c $C --query 'data[?length("freeform-tags")==`0`].id'| jq -r "@sh" )
declare -a pol_id_arr="($policies_id)"
pol_count=$((`oci --profile BOAT-OC1 iam policy list --all -c $C --query 'data.length(@)'`))

echo "  getting all policies in compartments and sub-compartments:"
# Get all compartments and find policies
comps=$(oci --profile BOAT-OC1 iam compartment list -c $C --compartment-id-in-subtree TRUE --all --query 'data[].id' | jq -r "@sh" | xargs )
for comp in $(echo "$comps"); do
  if oci --profile BOAT-OC1 iam policy list -c $comp &> /dev/null; then
    comp_name=$(oci --profile BOAT-OC1 iam compartment get -c $comp --query 'data.name')
    c_pol=$(oci --profile BOAT-OC1 iam policy list -c $comp --query 'data[?length("freeform-tags")==`0`].name' 2>/dev/null | jq -r "@sh" | xargs ) || "NONE"
    echo "      Compartment $comp_name has policies: $c_pol"
    if [ ! -z "$c_pol" ]; then
      c_pol_id=$(oci --profile BOAT-OC1 iam policy list -c $comp --query 'data[?length("freeform-tags")==`0`].id' 2>/dev/null | jq -r "@sh" )
      declare -a c_pol_id_arr="($c_pol_id)"
      pol_id_arr+=(${c_pol_id_arr[@]})
      policies_id+=" $c_pol_id"
      c_pol_name=$(oci --profile BOAT-OC1 iam policy list -c $comp --query 'data[?length("freeform-tags")==`0`].name' 2>/dev/null | jq -r "@sh" )
      declare -a c_pol_name_arr="($c_pol_name)"
      pol_arr+=(${c_pol_name_arr[@]})
      pol_count=$((`oci --profile BOAT-OC1 iam policy list -c $comp --query 'data.length(@)'`+pol_count))
    fi
  fi
done
echo "total policies are $pol_count"
echo "total policies with no tags: ${#pol_arr[@]}"
echo "policies with no tags are:"
printf '%s\n' "${pol_arr[@]}" | jq -R . | jq -s .
#echo "deleting the policies with no tags"
#for pol in "${policies_id}"; do
#  oci --profile BOAT-OC1 iam policy --policy-id $pol
#done
	#!/usr/local/bin/bash


	C="set root tenancy ocid here"

	pol_count=0

	# Get all policies with no tags in tenancy
	echo "geting all policies in given tenancy :"
	policies=$(oci --profile BOAT-OC1 iam policy list --all -c $C --query 'data[?length("freeform-tags")==`0`].name'\| jq -r "@sh" )
	declare -a pol_arr="($policies)"
	policies_id=$(oci --profile BOAT-OC1 iam policy list --all -c $C --query 'data[?length("freeform-tags")==`0`].id'\| jq -r "@sh" )
	declare -a pol_id_arr="($policies_id)"
	pol_count=$((`oci --profile BOAT-OC1 iam policy list --all -c $C --query 'data.length(@)'`))

	echo " getting all policies in compartments and sub-compartments:"
	# Get all compartments and find policies
	comps=$(oci --profile BOAT-OC1 iam compartment list -c $C --compartment-id-in-subtree TRUE --all --query 'data[].id' \| jq -r "@sh" \| xargs )
	for comp in $(echo "$comps"); do
	if oci --profile BOAT-OC1 iam policy list -c $comp &> /dev/null; then
	comp_name=$(oci --profile BOAT-OC1 iam compartment get -c $comp --query 'data.name')
	c_pol=$(oci --profile BOAT-OC1 iam policy list -c $comp --query 'data[?length("freeform-tags")==`0`].name' 2>/dev/null \| jq -r "@sh" \| xargs ) \|\| "NONE"
	echo " Compartment $comp_name has policies: $c_pol"
	if [ ! -z "$c_pol" ]; then
	c_pol_id=$(oci --profile BOAT-OC1 iam policy list -c $comp --query 'data[?length("freeform-tags")==`0`].id' 2>/dev/null \| jq -r "@sh" )
	declare -a c_pol_id_arr="($c_pol_id)"
	pol_id_arr+=(${c_pol_id_arr[@]})
	policies_id+=" $c_pol_id"
	c_pol_name=$(oci --profile BOAT-OC1 iam policy list -c $comp --query 'data[?length("freeform-tags")==`0`].name' 2>/dev/null \| jq -r "@sh" )
	declare -a c_pol_name_arr="($c_pol_name)"
	pol_arr+=(${c_pol_name_arr[@]})
	pol_count=$((`oci --profile BOAT-OC1 iam policy list -c $comp --query 'data.length(@)'`+pol_count))
	fi
	fi
	done
	echo "total policies are $pol_count"
	echo "total policies with no tags: ${#pol_arr[@]}"
	echo "policies with no tags are:"
	printf '%s\n' "${pol_arr[@]}" \| jq -R . \| jq -s .
	#echo "deleting the policies with no tags"
	#for pol in "${policies_id}"; do
	# oci --profile BOAT-OC1 iam policy --policy-id $pol
	#done