oci-cli
oci-cli copied to clipboard
oracle
BUG: authentication info in environment variable is all-or-nothing.
To use oci cli authentication via environment variables, the following ALL 6 environment variables must be set. If any one of them are missing, cli doesn't work even if the missing option(if available as cli option) is supplied via cli. This is NOT the case if the ~/.oci/config exists and some options are missing.
OCI_CLI_REGION OCI_CLI_USER OCI_CLI_PASSPHRASE OCI_CLI_FINGERPRINT OCI_CLI_KEY_FILE OCI_CLI_TENANCY
Steps to reproduce the issue:
- make sure ~/.oci/config does NOT exist
- set the following environment variables:
- OCI_CLI_USER ==> no cli option
- OCI_CLI_PASSPHRASE
- OCI_CLI_FINGERPRINT => no cli option
- OCI_CLI_KEY_FILE => no cli option
- OCI_CLI_TENANCY
-
run command "oci iam compartment list --region ca-toronto-1", it errors out "Error: Missing option(s) --compartment-id.". Then when adding compartment id to the cli "oci iam compartment list --region ca-toronto-1 --compartment-id compartment1", cli will prompt to create ~/.oci/config file.
-
unset the 5 environment variables from step 2 and put them into ~/.oci/config file as following [DEFAULT] user= fingerprint= key_file= tenancy= pass_phrase=
-
run command "oci iam compartment list --region ca-toronto-1", this will succeed.
the above behavior doesn't match the documentation here: https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/clienvironmentvariables.htm
At the bottom of the document, the "Order of precedence". It indicates the cli should pickup the environment variable settings.
The CLI respects and applies configurations specified by option, environment variable, or OCI config file entry in the following order of precedence:
The value specified in the command option. The value specified in the environment variable. The value specified in the OCI config file.
====================================
Thanks for raising the issue , we have resolved this in the release version 3.19.0. See the changelog for more details.
