create
******


Description
===========

Creates a new policy in the specified compartment (either the tenancy
or another of your compartments). If you're new to policies, see
Getting Started with Policies.

You must specify a *name* for the policy, which must be unique across
all policies in your tenancy and cannot be changed.

You must also specify a *description* for the policy (although it can
be an empty string). It does not have to be unique, and you can change
it anytime with UpdatePolicy.

You must specify one or more policy statements in the statements
array. For information about writing policies, see How Policies Work
and Common Policies.

After you send your request, the new object's *lifecycleState* will
temporarily be CREATING. Before using the object, first make sure its
*lifecycleState* has changed to ACTIVE.

New policies take effect typically within 10 seconds.


Usage
=====

   oci iam policy create [OPTIONS]


Options
=======


--compartment-id, -c [text]
---------------------------

The OCID of the compartment containing the policy (either the tenancy
or another compartment). [required]


--name [text]
-------------

The name you assign to the policy during creation. The name must be
unique across all policies in the tenancy and cannot be changed.
[required]


--statements [complex type]
---------------------------

An array of policy statements written in the policy language. See How
Policies Work and Common Policies. This is a complex type whose value
must be valid JSON. The value can be provided as a string on the
command line or passed in as a file using the file://path/to/file
syntax.

The --generate-param-json-input option can be used to generate an
example of the JSON which must be provided. We recommend storing this
example in a file, modifying it as needed and then passing it back in
via the file:// syntax.

   [required] This must be provided in JSON format. See API reference
   for additional help.

Example: '["statement 1","statement 2"]'


--description [text]
--------------------

The description you assign to the policy during creation. Does not
have to be unique, and it's changeable. [required]


--version-date [text]
---------------------

The version of the policy. If null or set to an empty string, when a
request comes in for authorization, the policy will be evaluated
according to the current behavior of the services at that moment. If
set to a particular date (YYYY-MM-DD), the policy will be evaluated
according to the behavior of the services on that date.

The following datetime formats are supported:


UTC with milliseconds
~~~~~~~~~~~~~~~~~~~~~

Format: YYYY-MM-DDTHH:mm:ss.sssTZD

Example: 2017-09-15T20:30:00.123Z


UTC without milliseconds
~~~~~~~~~~~~~~~~~~~~~~~~

Format: YYYY-MM-DDTHH:mm:ssTZD

Example: 2017-09-15T20:30:00Z


UTC with minute precision
~~~~~~~~~~~~~~~~~~~~~~~~~

Format: YYYY-MM-DDTHH:mmTZD

Example: 2017-09-15T20:30Z


Timezone with milliseconds
~~~~~~~~~~~~~~~~~~~~~~~~~~

Format: YYYY-MM-DDTHH:mm:ssTZD

Example: 2017-09-15T12:30:00.456-08:00, 2017-09-15T12:30:00.456-0800


Timezone without milliseconds
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Format: YYYY-MM-DDTHH:mm:ssTZD

Example: 2017-09-15T12:30:00-08:00, 2017-09-15T12:30:00-0800


Timezone with minute precision
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Format: YYYY-MM-DDTHH:mmTZD

Example: 2017-09-15T12:30-08:00, 2017-09-15T12:30-0800


Date Only
~~~~~~~~~

This date will be taken as midnight UTC of that day

Format: YYYY-MM-DD

Example: 2017-09-15


Epoch seconds
~~~~~~~~~~~~~

Example: 1412195400


--freeform-tags [complex type]
------------------------------

Free-form tags for this resource. Each tag is a simple key-value pair
with no predefined name, type, or namespace. For more information, see
Resource Tags. Example: *{"Department": "Finance"}* This is a complex
type whose value must be valid JSON. The value can be provided as a
string on the command line or passed in as a file using the
file://path/to/file syntax.

The --generate-param-json-input option can be used to generate an
example of the JSON which must be provided. We recommend storing this
example in a file, modifying it as needed and then passing it back in
via the file:// syntax.


--defined-tags [complex type]
-----------------------------

Defined tags for this resource. Each key is predefined and scoped to a
namespace. For more information, see Resource Tags. Example:
*{"Operations": {"CostCenter": "42"}}* This is a complex type whose
value must be valid JSON. The value can be provided as a string on the
command line or passed in as a file using the file://path/to/file
syntax.

The --generate-param-json-input option can be used to generate an
example of the JSON which must be provided. We recommend storing this
example in a file, modifying it as needed and then passing it back in
via the file:// syntax.


--wait-for-state [CREATING|ACTIVE|INACTIVE|DELETING|DELETED]
------------------------------------------------------------

This operation creates, modifies or deletes a resource that has a
defined lifecycle state. Specify this option to perform the action and
then wait until the resource reaches a given lifecycle state.


--max-wait-seconds [integer]
----------------------------

The maximum time to wait for the resource to reach the lifecycle state
defined by --wait-for-state. Defaults to 1200 seconds.


--wait-interval-seconds [integer]
---------------------------------

Check every --wait-interval-seconds to see whether the resource to see
if it has reached the lifecycle state defined by --wait-for-state.
Defaults to 30 seconds.


--from-json [text]
------------------

Provide input to this command as a JSON document from a file.

Options can still be provided on the command line. If an option exists
in both the JSON document and the command line then the command line
specified value will be used


-?, -h, --help
--------------

Show this message and exit.
