Prerequisites to use the CD3 Toolkit
Before using the CD3 Toolkit to create or export resources in OCI, make sure that the required IAM policies are in place.
βAt a minimum, users or instance principals must have read access to the tenancy.
Minimum Policy Requirement
Allow group <group_name> to read all resources in tenancy
π Sample IAM Policies to Manage Specific Services
To allow creation and export of specific OCI services using the toolkit, apply the following sample scoped policy:
Sample Policy for Specific OCI Services
Allow group <group_name> to manage all-resources in tenancy where any {target.resource = 'instance-family', target.resource = 'object-family', target.resource = 'volume-family', target.resource = 'virtual-network-family', target.resource = 'database-family', target.resource = 'dns', target.resource = 'file-family'}
π Additional IAM Policies for Jenkins Integrations
These permissions enable Jenkins to interact with OCI DevOps and Object Storage for CD3 automation
Additional policies needed when using toolkit with Jenkins
Allow group <group_name> to read devops-project in tenancy
Allow group <group_name> to manage devops-repository-family in tenancy
Allow group <group_name> to read buckets in tenancy
Allow group <group_name>to manage objects in tenancy
Replace <group_name> with the actual IAM group in your tenancy.