Open forana opened 2 years ago
I'm struggling with the same. When running oci session authenticate
, configured profile doesn't create useruser = ocid1.user.oc1..aaaXXX
I wanted to use OCI session only once for creating API Key for the same user in pragmatic way.
Without this field I don't know about user OCID and --user-id argument can't be provided automatically for the
oci --config-file ~/.oci/sso-config --profile SSO --auth security_token iam user api-key upload --user-id <MISSING ID> --key-file ~/.oci/id_rsa.pub
Is it possible to add this user OCID during session authenticate?
I have been suffering from the exact same experience, my workaround is to use oci setup config
and forget about oci session
When you run: "oci session authenticate" it shows you an example about how to run a command using --auth security_token and correct profile.
doc has "Validating a Token" https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/clitoken.htm
oci session validate --config-file
which also mentions --auth security_token.
session based auth doesn't need user ocid.
to add on to what @harshkumar-dev, you can also set an environment variable (@forana maybe put it in your ~/.bashrc
)
export OCI_CLI_AUTH=security_token
It would be really nice if oci session authenticate
would just write authentication_type=security_token
in the profile in ~/.oci/config
when it is writing security_token_file
and all the other things that only work for auth type security_token
.
but unfortunately the oci python sdk doesn't support authentication_type
of security_token
in the config
https://github.com/oracle/oci-python-sdk/blob/60f042354caef47ce0008b9969962ff3481d91c1/src/oci/util.py#L29-L33
https://github.com/oracle/oci-python-sdk/blob/60f042354caef47ce0008b9969962ff3481d91c1/src/oci/util.py#L212-L224
Also it doesn't seem to honor --token-location
arg just at all. I have several versions of OCI CLI and python, and am trying to scope all the work dedicated to a specific env within a dedicated folder (via pyenv-virtualenv
, direnv
, etc.) - I'm not able to do this as every time I'm running oci session authenticate
it creates ~/.oci
and drops tokens there.
It also doesn't seem to honor OCI_CLI_CONFIG_FILE
env var, but at least --config-location
arg works.
Tried this with oci cli version 3.30.1
today.
Just your friendly developers reporting this is still an issue in 2024 and this is still the best place to find the answer :D
You can log in to the OCI consode and find out the user ocid, then you can add it in your .oci/config file under the relevant profile. That should work fine.
This is still a problem. Setup process is so confusing, even if you do exactly what documentation said, you will get the same error again and again :disappointed:
Thanks all for sharing your views. CLI team will relook at all proposed suggestions and get back here
I followed these instructions: https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/clitoken.htm
I authenticated successfully, and
oci session validate
succeeds. However, any API interaction results in the error:The
user
key is indeed missing from~/.oci/config
. Runningoci session refresh
did not add it.There are a total of two google results for this error, and neither were useful - opened this issue to hopefully get this resolved, and add a google result for anyone else who hit this. After figuring out how to find my OCID from the console and adding it manually to
~/.oci/config
, then trying an API interaction, I got a new error message:This showed me that I had misunderstood the instructions at the bottom, where the
--auth security_token
parameter was mentioned as necessary for all CLI interactions using this auth. This was a confusing experience because page reads like two alternatives - authenticating with a browser and without. I chose the former, and proceeded to the next page of instructions - missing that critical step.Several suggestions for resolving this:
security_token_file
is present in the profile, include an additional(did you forgot to pass '--auth security_token'?)
message (or something like that).--auth security_token
, and set that when a profile is created usingoci session validate
.