Oracle Cloud Infrastructure v3.10.0 published on Wednesday, Nov 5, 2025 by Pulumi
oci.CloudGuard.getDataMaskRules
Start a Neo task
Explain and create an oci.CloudGuard.getDataMaskRules resource
This data source provides the list of Data Mask Rules in Oracle Cloud Infrastructure Cloud Guard service.
Returns a list of all DataMaskRule resources in the specified compartmentId (OCID) and its subcompartments.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as oci from "@pulumi/oci";
const testDataMaskRules = oci.CloudGuard.getDataMaskRules({
compartmentId: compartmentId,
accessLevel: dataMaskRuleAccessLevel,
dataMaskRuleStatus: dataMaskRuleDataMaskRuleStatus,
displayName: dataMaskRuleDisplayName,
iamGroupId: testGroup.id,
state: dataMaskRuleState,
targetId: testTarget.id,
targetType: dataMaskRuleTargetType,
});
import pulumi
import pulumi_oci as oci
test_data_mask_rules = oci.CloudGuard.get_data_mask_rules(compartment_id=compartment_id,
access_level=data_mask_rule_access_level,
data_mask_rule_status=data_mask_rule_data_mask_rule_status,
display_name=data_mask_rule_display_name,
iam_group_id=test_group["id"],
state=data_mask_rule_state,
target_id=test_target["id"],
target_type=data_mask_rule_target_type)
package main
import (
"github.com/pulumi/pulumi-oci/sdk/v3/go/oci/cloudguard"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := cloudguard.GetDataMaskRules(ctx, &cloudguard.GetDataMaskRulesArgs{
CompartmentId: compartmentId,
AccessLevel: pulumi.StringRef(dataMaskRuleAccessLevel),
DataMaskRuleStatus: pulumi.StringRef(dataMaskRuleDataMaskRuleStatus),
DisplayName: pulumi.StringRef(dataMaskRuleDisplayName),
IamGroupId: pulumi.StringRef(testGroup.Id),
State: pulumi.StringRef(dataMaskRuleState),
TargetId: pulumi.StringRef(testTarget.Id),
TargetType: pulumi.StringRef(dataMaskRuleTargetType),
}, nil)
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Oci = Pulumi.Oci;
return await Deployment.RunAsync(() =>
{
var testDataMaskRules = Oci.CloudGuard.GetDataMaskRules.Invoke(new()
{
CompartmentId = compartmentId,
AccessLevel = dataMaskRuleAccessLevel,
DataMaskRuleStatus = dataMaskRuleDataMaskRuleStatus,
DisplayName = dataMaskRuleDisplayName,
IamGroupId = testGroup.Id,
State = dataMaskRuleState,
TargetId = testTarget.Id,
TargetType = dataMaskRuleTargetType,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.oci.CloudGuard.CloudGuardFunctions;
import com.pulumi.oci.CloudGuard.inputs.GetDataMaskRulesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var testDataMaskRules = CloudGuardFunctions.getDataMaskRules(GetDataMaskRulesArgs.builder()
.compartmentId(compartmentId)
.accessLevel(dataMaskRuleAccessLevel)
.dataMaskRuleStatus(dataMaskRuleDataMaskRuleStatus)
.displayName(dataMaskRuleDisplayName)
.iamGroupId(testGroup.id())
.state(dataMaskRuleState)
.targetId(testTarget.id())
.targetType(dataMaskRuleTargetType)
.build());
}
}
variables:
testDataMaskRules:
fn::invoke:
function: oci:CloudGuard:getDataMaskRules
arguments:
compartmentId: ${compartmentId}
accessLevel: ${dataMaskRuleAccessLevel}
dataMaskRuleStatus: ${dataMaskRuleDataMaskRuleStatus}
displayName: ${dataMaskRuleDisplayName}
iamGroupId: ${testGroup.id}
state: ${dataMaskRuleState}
targetId: ${testTarget.id}
targetType: ${dataMaskRuleTargetType}
Using getDataMaskRules
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getDataMaskRules(args: GetDataMaskRulesArgs, opts?: InvokeOptions): Promise<GetDataMaskRulesResult>
function getDataMaskRulesOutput(args: GetDataMaskRulesOutputArgs, opts?: InvokeOptions): Output<GetDataMaskRulesResult>def get_data_mask_rules(access_level: Optional[str] = None,
compartment_id: Optional[str] = None,
data_mask_rule_status: Optional[str] = None,
display_name: Optional[str] = None,
filters: Optional[Sequence[GetDataMaskRulesFilter]] = None,
iam_group_id: Optional[str] = None,
state: Optional[str] = None,
target_id: Optional[str] = None,
target_type: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetDataMaskRulesResult
def get_data_mask_rules_output(access_level: Optional[pulumi.Input[str]] = None,
compartment_id: Optional[pulumi.Input[str]] = None,
data_mask_rule_status: Optional[pulumi.Input[str]] = None,
display_name: Optional[pulumi.Input[str]] = None,
filters: Optional[pulumi.Input[Sequence[pulumi.Input[GetDataMaskRulesFilterArgs]]]] = None,
iam_group_id: Optional[pulumi.Input[str]] = None,
state: Optional[pulumi.Input[str]] = None,
target_id: Optional[pulumi.Input[str]] = None,
target_type: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetDataMaskRulesResult]func GetDataMaskRules(ctx *Context, args *GetDataMaskRulesArgs, opts ...InvokeOption) (*GetDataMaskRulesResult, error)
func GetDataMaskRulesOutput(ctx *Context, args *GetDataMaskRulesOutputArgs, opts ...InvokeOption) GetDataMaskRulesResultOutput> Note: This function is named GetDataMaskRules in the Go SDK.
public static class GetDataMaskRules
{
public static Task<GetDataMaskRulesResult> InvokeAsync(GetDataMaskRulesArgs args, InvokeOptions? opts = null)
public static Output<GetDataMaskRulesResult> Invoke(GetDataMaskRulesInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetDataMaskRulesResult> getDataMaskRules(GetDataMaskRulesArgs args, InvokeOptions options)
public static Output<GetDataMaskRulesResult> getDataMaskRules(GetDataMaskRulesArgs args, InvokeOptions options)
fn::invoke:
function: oci:CloudGuard/getDataMaskRules:getDataMaskRules
arguments:
# arguments dictionaryThe following arguments are supported:
- Compartment
Id string - The OCID of the compartment in which to list resources.
- Access
Level string - Valid values are
RESTRICTEDandACCESSIBLE. Default isRESTRICTED. Setting this toACCESSIBLEreturns only those compartments for which the user has INSPECT permissions directly or indirectly (permissions can be on a resource in a subcompartment). When set toRESTRICTEDpermissions are checked and no partial results are displayed. - Data
Mask stringRule Status - The status of the data mask rule
- Display
Name string - A filter to return only resources that match the entire display name given.
- Filters
List<Get
Data Mask Rules Filter> - Iam
Group stringId - OCID of the IAM group
- State string
- The field lifecycle state. Only one state can be provided. Default value for state is active. If no value is specified state is active.
- Target
Id string - OCID of the target
- Target
Type string - Type of target
- Compartment
Id string - The OCID of the compartment in which to list resources.
- Access
Level string - Valid values are
RESTRICTEDandACCESSIBLE. Default isRESTRICTED. Setting this toACCESSIBLEreturns only those compartments for which the user has INSPECT permissions directly or indirectly (permissions can be on a resource in a subcompartment). When set toRESTRICTEDpermissions are checked and no partial results are displayed. - Data
Mask stringRule Status - The status of the data mask rule
- Display
Name string - A filter to return only resources that match the entire display name given.
- Filters
[]Get
Data Mask Rules Filter - Iam
Group stringId - OCID of the IAM group
- State string
- The field lifecycle state. Only one state can be provided. Default value for state is active. If no value is specified state is active.
- Target
Id string - OCID of the target
- Target
Type string - Type of target
- compartment
Id String - The OCID of the compartment in which to list resources.
- access
Level String - Valid values are
RESTRICTEDandACCESSIBLE. Default isRESTRICTED. Setting this toACCESSIBLEreturns only those compartments for which the user has INSPECT permissions directly or indirectly (permissions can be on a resource in a subcompartment). When set toRESTRICTEDpermissions are checked and no partial results are displayed. - data
Mask StringRule Status - The status of the data mask rule
- display
Name String - A filter to return only resources that match the entire display name given.
- filters
List<Get
Data Mask Rules Filter> - iam
Group StringId - OCID of the IAM group
- state String
- The field lifecycle state. Only one state can be provided. Default value for state is active. If no value is specified state is active.
- target
Id String - OCID of the target
- target
Type String - Type of target
- compartment
Id string - The OCID of the compartment in which to list resources.
- access
Level string - Valid values are
RESTRICTEDandACCESSIBLE. Default isRESTRICTED. Setting this toACCESSIBLEreturns only those compartments for which the user has INSPECT permissions directly or indirectly (permissions can be on a resource in a subcompartment). When set toRESTRICTEDpermissions are checked and no partial results are displayed. - data
Mask stringRule Status - The status of the data mask rule
- display
Name string - A filter to return only resources that match the entire display name given.
- filters
Get
Data Mask Rules Filter[] - iam
Group stringId - OCID of the IAM group
- state string
- The field lifecycle state. Only one state can be provided. Default value for state is active. If no value is specified state is active.
- target
Id string - OCID of the target
- target
Type string - Type of target
- compartment_
id str - The OCID of the compartment in which to list resources.
- access_
level str - Valid values are
RESTRICTEDandACCESSIBLE. Default isRESTRICTED. Setting this toACCESSIBLEreturns only those compartments for which the user has INSPECT permissions directly or indirectly (permissions can be on a resource in a subcompartment). When set toRESTRICTEDpermissions are checked and no partial results are displayed. - data_
mask_ strrule_ status - The status of the data mask rule
- display_
name str - A filter to return only resources that match the entire display name given.
- filters
Sequence[Get
Data Mask Rules Filter] - iam_
group_ strid - OCID of the IAM group
- state str
- The field lifecycle state. Only one state can be provided. Default value for state is active. If no value is specified state is active.
- target_
id str - OCID of the target
- target_
type str - Type of target
- compartment
Id String - The OCID of the compartment in which to list resources.
- access
Level String - Valid values are
RESTRICTEDandACCESSIBLE. Default isRESTRICTED. Setting this toACCESSIBLEreturns only those compartments for which the user has INSPECT permissions directly or indirectly (permissions can be on a resource in a subcompartment). When set toRESTRICTEDpermissions are checked and no partial results are displayed. - data
Mask StringRule Status - The status of the data mask rule
- display
Name String - A filter to return only resources that match the entire display name given.
- filters List<Property Map>
- iam
Group StringId - OCID of the IAM group
- state String
- The field lifecycle state. Only one state can be provided. Default value for state is active. If no value is specified state is active.
- target
Id String - OCID of the target
- target
Type String - Type of target
getDataMaskRules Result
The following output properties are available:
- Compartment
Id string - Compartment OCID where the resource is created
- Data
Mask List<GetRule Collections Data Mask Rules Data Mask Rule Collection> - The list of data_mask_rule_collection.
- Id string
- The provider-assigned unique ID for this managed resource.
- Access
Level string - Data
Mask stringRule Status - The current status of the data mask rule
- Display
Name string - Data mask rule display name
- Filters
List<Get
Data Mask Rules Filter> - Iam
Group stringId - IAM Group ID associated with the data mask rule
- State string
- The current lifecycle state of the data mask rule
- Target
Id string - Target
Type string
- Compartment
Id string - Compartment OCID where the resource is created
- Data
Mask []GetRule Collections Data Mask Rules Data Mask Rule Collection - The list of data_mask_rule_collection.
- Id string
- The provider-assigned unique ID for this managed resource.
- Access
Level string - Data
Mask stringRule Status - The current status of the data mask rule
- Display
Name string - Data mask rule display name
- Filters
[]Get
Data Mask Rules Filter - Iam
Group stringId - IAM Group ID associated with the data mask rule
- State string
- The current lifecycle state of the data mask rule
- Target
Id string - Target
Type string
- compartment
Id String - Compartment OCID where the resource is created
- data
Mask List<GetRule Collections Data Mask Rules Data Mask Rule Collection> - The list of data_mask_rule_collection.
- id String
- The provider-assigned unique ID for this managed resource.
- access
Level String - data
Mask StringRule Status - The current status of the data mask rule
- display
Name String - Data mask rule display name
- filters
List<Get
Data Mask Rules Filter> - iam
Group StringId - IAM Group ID associated with the data mask rule
- state String
- The current lifecycle state of the data mask rule
- target
Id String - target
Type String
- compartment
Id string - Compartment OCID where the resource is created
- data
Mask GetRule Collections Data Mask Rules Data Mask Rule Collection[] - The list of data_mask_rule_collection.
- id string
- The provider-assigned unique ID for this managed resource.
- access
Level string - data
Mask stringRule Status - The current status of the data mask rule
- display
Name string - Data mask rule display name
- filters
Get
Data Mask Rules Filter[] - iam
Group stringId - IAM Group ID associated with the data mask rule
- state string
- The current lifecycle state of the data mask rule
- target
Id string - target
Type string
- compartment_
id str - Compartment OCID where the resource is created
- data_
mask_ Sequence[Getrule_ collections Data Mask Rules Data Mask Rule Collection] - The list of data_mask_rule_collection.
- id str
- The provider-assigned unique ID for this managed resource.
- access_
level str - data_
mask_ strrule_ status - The current status of the data mask rule
- display_
name str - Data mask rule display name
- filters
Sequence[Get
Data Mask Rules Filter] - iam_
group_ strid - IAM Group ID associated with the data mask rule
- state str
- The current lifecycle state of the data mask rule
- target_
id str - target_
type str
- compartment
Id String - Compartment OCID where the resource is created
- data
Mask List<Property Map>Rule Collections - The list of data_mask_rule_collection.
- id String
- The provider-assigned unique ID for this managed resource.
- access
Level String - data
Mask StringRule Status - The current status of the data mask rule
- display
Name String - Data mask rule display name
- filters List<Property Map>
- iam
Group StringId - IAM Group ID associated with the data mask rule
- state String
- The current lifecycle state of the data mask rule
- target
Id String - target
Type String
Supporting Types
GetDataMaskRulesDataMaskRuleCollection
GetDataMaskRulesDataMaskRuleCollectionItem
- Compartment
Id string - The OCID of the compartment in which to list resources.
- Data
Mask List<string>Categories - List of data mask rule categories
- Data
Mask stringRule Status - The status of the data mask rule
- Dictionary<string, string>
- Defined tags for this resource. Each key is predefined and scoped to a namespace. Example:
{"foo-namespace.bar-key": "value"} - Description string
- The data mask rule description
- Display
Name string - A filter to return only resources that match the entire display name given.
- Dictionary<string, string>
- Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only. Example:
{"bar-key": "value"} - Iam
Group stringId - OCID of the IAM group
- Id string
- Unique identifier that can't be changed after creation
- Lifecyle
Details string - Additional details on the substate of the lifecycle state [DEPRECATE]
- State string
- The field lifecycle state. Only one state can be provided. Default value for state is active. If no value is specified state is active.
- Dictionary<string, string>
- System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. System tags can be viewed by users, but can only be created by the system. Example:
{"orcl-cloud.free-tier-retained": "true"} - Target
Selecteds List<GetData Mask Rules Data Mask Rule Collection Item Target Selected> - Specification of how targets are to be selected (select ALL, or select by TargetResourceType or TargetId).
- Time
Created string - The date and time the target was created. Format defined by RFC3339.
- Time
Updated string - The date and time the target was updated. Format defined by RFC3339.
- Compartment
Id string - The OCID of the compartment in which to list resources.
- Data
Mask []stringCategories - List of data mask rule categories
- Data
Mask stringRule Status - The status of the data mask rule
- map[string]string
- Defined tags for this resource. Each key is predefined and scoped to a namespace. Example:
{"foo-namespace.bar-key": "value"} - Description string
- The data mask rule description
- Display
Name string - A filter to return only resources that match the entire display name given.
- map[string]string
- Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only. Example:
{"bar-key": "value"} - Iam
Group stringId - OCID of the IAM group
- Id string
- Unique identifier that can't be changed after creation
- Lifecyle
Details string - Additional details on the substate of the lifecycle state [DEPRECATE]
- State string
- The field lifecycle state. Only one state can be provided. Default value for state is active. If no value is specified state is active.
- map[string]string
- System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. System tags can be viewed by users, but can only be created by the system. Example:
{"orcl-cloud.free-tier-retained": "true"} - Target
Selecteds []GetData Mask Rules Data Mask Rule Collection Item Target Selected - Specification of how targets are to be selected (select ALL, or select by TargetResourceType or TargetId).
- Time
Created string - The date and time the target was created. Format defined by RFC3339.
- Time
Updated string - The date and time the target was updated. Format defined by RFC3339.
- compartment
Id String - The OCID of the compartment in which to list resources.
- data
Mask List<String>Categories - List of data mask rule categories
- data
Mask StringRule Status - The status of the data mask rule
- Map<String,String>
- Defined tags for this resource. Each key is predefined and scoped to a namespace. Example:
{"foo-namespace.bar-key": "value"} - description String
- The data mask rule description
- display
Name String - A filter to return only resources that match the entire display name given.
- Map<String,String>
- Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only. Example:
{"bar-key": "value"} - iam
Group StringId - OCID of the IAM group
- id String
- Unique identifier that can't be changed after creation
- lifecyle
Details String - Additional details on the substate of the lifecycle state [DEPRECATE]
- state String
- The field lifecycle state. Only one state can be provided. Default value for state is active. If no value is specified state is active.
- Map<String,String>
- System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. System tags can be viewed by users, but can only be created by the system. Example:
{"orcl-cloud.free-tier-retained": "true"} - target
Selecteds List<GetData Mask Rules Data Mask Rule Collection Item Target Selected> - Specification of how targets are to be selected (select ALL, or select by TargetResourceType or TargetId).
- time
Created String - The date and time the target was created. Format defined by RFC3339.
- time
Updated String - The date and time the target was updated. Format defined by RFC3339.
- compartment
Id string - The OCID of the compartment in which to list resources.
- data
Mask string[]Categories - List of data mask rule categories
- data
Mask stringRule Status - The status of the data mask rule
- {[key: string]: string}
- Defined tags for this resource. Each key is predefined and scoped to a namespace. Example:
{"foo-namespace.bar-key": "value"} - description string
- The data mask rule description
- display
Name string - A filter to return only resources that match the entire display name given.
- {[key: string]: string}
- Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only. Example:
{"bar-key": "value"} - iam
Group stringId - OCID of the IAM group
- id string
- Unique identifier that can't be changed after creation
- lifecyle
Details string - Additional details on the substate of the lifecycle state [DEPRECATE]
- state string
- The field lifecycle state. Only one state can be provided. Default value for state is active. If no value is specified state is active.
- {[key: string]: string}
- System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. System tags can be viewed by users, but can only be created by the system. Example:
{"orcl-cloud.free-tier-retained": "true"} - target
Selecteds GetData Mask Rules Data Mask Rule Collection Item Target Selected[] - Specification of how targets are to be selected (select ALL, or select by TargetResourceType or TargetId).
- time
Created string - The date and time the target was created. Format defined by RFC3339.
- time
Updated string - The date and time the target was updated. Format defined by RFC3339.
- compartment_
id str - The OCID of the compartment in which to list resources.
- data_
mask_ Sequence[str]categories - List of data mask rule categories
- data_
mask_ strrule_ status - The status of the data mask rule
- Mapping[str, str]
- Defined tags for this resource. Each key is predefined and scoped to a namespace. Example:
{"foo-namespace.bar-key": "value"} - description str
- The data mask rule description
- display_
name str - A filter to return only resources that match the entire display name given.
- Mapping[str, str]
- Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only. Example:
{"bar-key": "value"} - iam_
group_ strid - OCID of the IAM group
- id str
- Unique identifier that can't be changed after creation
- lifecyle_
details str - Additional details on the substate of the lifecycle state [DEPRECATE]
- state str
- The field lifecycle state. Only one state can be provided. Default value for state is active. If no value is specified state is active.
- Mapping[str, str]
- System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. System tags can be viewed by users, but can only be created by the system. Example:
{"orcl-cloud.free-tier-retained": "true"} - target_
selecteds Sequence[GetData Mask Rules Data Mask Rule Collection Item Target Selected] - Specification of how targets are to be selected (select ALL, or select by TargetResourceType or TargetId).
- time_
created str - The date and time the target was created. Format defined by RFC3339.
- time_
updated str - The date and time the target was updated. Format defined by RFC3339.
- compartment
Id String - The OCID of the compartment in which to list resources.
- data
Mask List<String>Categories - List of data mask rule categories
- data
Mask StringRule Status - The status of the data mask rule
- Map<String>
- Defined tags for this resource. Each key is predefined and scoped to a namespace. Example:
{"foo-namespace.bar-key": "value"} - description String
- The data mask rule description
- display
Name String - A filter to return only resources that match the entire display name given.
- Map<String>
- Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only. Example:
{"bar-key": "value"} - iam
Group StringId - OCID of the IAM group
- id String
- Unique identifier that can't be changed after creation
- lifecyle
Details String - Additional details on the substate of the lifecycle state [DEPRECATE]
- state String
- The field lifecycle state. Only one state can be provided. Default value for state is active. If no value is specified state is active.
- Map<String>
- System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. System tags can be viewed by users, but can only be created by the system. Example:
{"orcl-cloud.free-tier-retained": "true"} - target
Selecteds List<Property Map> - Specification of how targets are to be selected (select ALL, or select by TargetResourceType or TargetId).
- time
Created String - The date and time the target was created. Format defined by RFC3339.
- time
Updated String - The date and time the target was updated. Format defined by RFC3339.
GetDataMaskRulesDataMaskRuleCollectionItemTargetSelected
GetDataMaskRulesFilter
Package Details
- Repository
- oci pulumi/pulumi-oci
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
ociTerraform Provider.
