oci-cli icon indicating copy to clipboard operation
oci-cli copied to clipboard

Published 20 hours ago verified publisher icon oracle

project o difficult to configure with security token auth

Open jtpereyda opened this issue 3 years ago • 2 comments

First, I really love the new project o interface! But I did run into one bump when using security token auth.

When starting with project o, the CLI tells me to run o <my-tenancy-ocid>. Since I was using security token auth, it mirrored this OCI CLI warning:

WARNING: The active profile contains a value for 'security_token_file' which is not being used. To authenticate using the token, specify --auth security_token

However the following does not work:

o <my-tenancy-ocid> --auth security_token

Because the setup_ocids_file function only works with exactly one argument, and it doesn't pass along options.

This makes the tool unusable if your main use case is security token auth. I was able to get by with a workaround by running the special commands individually:

o iam compartment get -c <my-tenancy-ocid> --auth security_token go
o iam ad list -c <my-tenancy-ocid> --auth security_token go
o iam region list --auth security_token go
o iam compartment list -c <my-tenancy-ocid> -ciis true -all --auth security_token go

If options could be passed along appropriately, the onboarding with security token auth would be much easier.

jtpereyda avatar Jun 09 '21 18:06 jtpereyda

I'm having SAME issue, setting my first OKE cluster in oci , now for each command i need to execute from my local machine have to provide the argument "--auth security_token" , I couldnt find a way to execute kubectl commands now

charanm1985 avatar Jul 18 '21 02:07 charanm1985

@jtpereyda I'm glad you like project o!

Another approach to using o with security token would be use the CLI Environment variable OCI_CLI_AUTH. This way you won't need --auth security_token on the command line, and the authentication method would get passed to all the subcommands run by o.

You can set the variable for one execution with:

OCI_CLI_AUTH=security_token o ...

or set it for your shell session with

export OCI_CLI_AUTH=security token
o ...

I regularly set the OCI_CLI_PROFILE in a similar manner to choose from multiple profiles in my .oci/config. Let me know how this works!

I think this may help with @charanm1985 's kubectl commands as well, but I'm having trouble visualizing how the oci and kubectl commands interact. o only helps build oci commands, and should not adversely affect kubectl. In any case, the OCI_* environment variables provides a way to tell child oci commands to use different authentication methods, profiles, etc., without adding to the oci command line.

kevco-us avatar Aug 06 '21 20:08 kevco-us