Frequently Asked Questions

I created a DevOps project in VS Code, triggered the build pipeline which ran successfully, and I noticed new resources created in my OCI tenancy/compartment. What is happening? #

When you click Create DevOps Project, the GCN extension calls the OCI DevOps service and creates the following resources in your tenancy or compartment:

Resource Type	Name used by GCN Tooling	Tenancy	User Compartment
OKE Deploy Environment	`<projectname>OkeDeployEnvironment`	X (Unique name per tenancy)
Notifications	`<usercompartmentname>NotificationTopic`		X
DevOps Project	`<projectname>`		X
Default Log Group	`Default_Group`		X
Default Compartment Access Policy	`CompartmentAccessPolicy`		X
Container Registry Repository	`<projectname>`		X
Artifact Registry Repository	`<projectname>ArtifactRepository`		X
ADM Knowledge Base	`<projectname>Audits`		X
Source Code Repository	many under `<projectname>`		X
OKE Cluster	Leads user to web Quick Create OKE page		X

The GCN extension creates a policy to provide the DevOps service with access to the resources within the compartment. One policy is created per compartment. A policy specifies who can access which resources, and how. You can review the compartment policies: in the Oracle Cloud Console navigation menu, select Identity & Security. Under Identity select Policies, and view the CompartmentAccessPolicy which is a default policy to access compartment resources created from VS Code. Click it to see the policy statements.

The policies created by the OCI DevOps service match this pattern:

const rules = [
 `Allow any-user to read devops-family in compartment id ${compartmentID} where ALL {request.principal.type='devopsbuildpipeline', request.principal.compartment.id='${compartmentID}'}`,
 `Allow any-user to manage generic-artifacts in compartment id ${compartmentID} where ALL {request.principal.type='devopsbuildpipeline', request.principal.compartment.id='${compartmentID}'}`,
 `Allow any-user to manage repos in compartment id ${compartmentID} where ALL {request.principal.type='devopsbuildpipeline', request.principal.compartment.id='${compartmentID}'}`,
 `Allow any-user to manage compute-container-instances in compartment id ${compartmentID} where ALL {request.principal.type='devopsdeploypipeline', request.principal.compartment.id='${compartmentID}'}`,
 `Allow any-user to manage compute-containers in compartment id ${compartmentID} where ALL {request.principal.type='devopsdeploypipeline', request.principal.compartment.id='${compartmentID}'}`,
 `Allow any-user to use vnics in compartment id ${compartmentID} where ALL {request.principal.type='devopsdeploypipeline', request.principal.compartment.id='${compartmentID}'}`,
 `Allow any-user to use subnets in compartment id ${compartmentID} where ALL {request.principal.type='devopsdeploypipeline', request.principal.compartment.id='${compartmentID}'}`,
 `Allow any-user to use dhcp-options in compartment id ${compartmentID} where ALL {request.principal.type='devopsdeploypipeline', request.principal.compartment.id='${compartmentID}'}`,
 `Allow any-user to read all-artifacts in compartment id ${compartmentID} where ALL {request.principal.type='devopsdeploypipeline', request.principal.compartment.id='${compartmentID}'}`,
 `Allow any-user to manage clusters in compartment id ${compartmentID} where ALL {request.principal.type='devopsdeploypipeline', request.principal.compartment.id='${compartmentID}'}`
];

How does the OCI DevOps service handle unique resource names? For example, if one user creates two projects in two separate compartments? #

DevOps Project names must be unique per tenancy. The OCI DevOps Tools VS Code extension checks that the name is unique.

How do I delete a DevOps project created by the VS Code OCI DevOps Extension? #

You cannot currently delete a DevOps project from within VS Code. Instead, delete the DevOps project from the Oracle Cloud Console. Use the Delete action which is available from the root of the project.