oci-cli icon indicating copy to clipboard operation
oci-cli copied to clipboard
verified publisher icon oracle

cli configuration file cannot feed `auth` variable to `oci os bucket list`

Open davidkhala opened this issue 3 years ago • 13 comments

Enrivonment

  • ubuntu

I have setup with a CLI configuration file oci_cli_rc with session

[DEFAULT]
compartment-id=ocid1.tenancy.oc1.....
auth=instance_principal
query=data
...
  • oci cli version: 3.9.0

What I expect

running oci os bucket list can work silently with success.

What I see

running oci os bucket list, I am prompted

ERROR: Could not find config file at /home/ubuntu/.oci/config
Do you want to create a new config file? [Y/n]:

But runing oci os bucket list --auth instance_principal successs.

An runing oci iam region list successs

davidkhala avatar Oct 01 '22 03:10 davidkhala

What cli version are you on? (pip list | grep oci) Are you able to run oci os ns get successfully? If not, can you share the output for oci os ns get --debug?

mandyht avatar Oct 04 '22 18:10 mandyht

@mandyht Hi Mandy, thanks for your followup. My OCI CLI version is 3.9.0 I am able to run oci os ns get successfully

davidkhala avatar Oct 13 '22 15:10 davidkhala

@mandyht after upgrade to 3.18.1, this issue is reproducible still.

davidkhala avatar Oct 13 '22 15:10 davidkhala

Can you confirm if your config file is indeed located at /home/ubuntu/.oci/config? Does it contain the values: user, fingerprint, key_file, tenancy, and region? If you create a new config file as prompted and execute the command again, will it still prompt you to create a new one?

mandyht avatar Oct 13 '22 16:10 mandyht

Hi @mandyht Mandy, then it will be something anti-pattern. I expect the auth=instance_principal should not require me to setup any ~/.oci/config file even if it is missing. If with a config file, that is not instance_principal. but user auth.

davidkhala avatar Oct 14 '22 07:10 davidkhala

If you didn't use --auth instance_principal, you will be using your config file for authentication. Which one did you intend to use?

mandyht avatar Dec 19 '22 17:12 mandyht

@mandyht Hi Mandy, I mean the CLI configuration file should help me autofill --auth instance_principal for for CLI command. I want to use instance_principal.

davidkhala avatar Dec 20 '22 10:12 davidkhala

And this should not be labeled as Object Storage only issue but a general CLI configuration file environment feed issue.

davidkhala avatar Dec 20 '22 10:12 davidkhala

You won't be able to setup your oci config (config) to have your auth method applied automatically, but you may be able to setup your cli config (oci_cli_rc) so it does.

Read more about cli-specific config here: https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliconfigure.htm

mandyht avatar Dec 20 '22 17:12 mandyht

Hi @mandyht It is my typo in last comment. I meant CLI config. I am using the oci_cli_rc to setup. Please double check my original post.

davidkhala avatar Dec 22 '22 04:12 davidkhala

Turns out it's currently not possible to set default auth value in cli-specific config. You can use export OCI_CLI_AUTH=instance_principal to avoid providing the --auth option for every command.

mandyht avatar Dec 22 '22 19:12 mandyht

@mandyht Yes, that is why I want this issue as labelled as enhancement issue

davidkhala avatar Dec 23 '22 03:12 davidkhala

@davidkhala the command oci os bucket list gives error because it is not able to find namspace.If you are using oci_cli_rc file for getting the auth value then you should also specify namespace in the oci_cli_rc file(nampespace=xxx). The iam command works fine because it do not require any namspace.

pankajmjx avatar Jan 05 '23 07:01 pankajmjx