7 Authentication

This section describes the Compute Classic CLI commands that you can use to create and refresh an authentication token.

Only authenticated users can run the Compute Classic CLI commands.

There are various ways to authenticate a user. See Setting Up Environment Variables and Files. Creating an authentication cookie and saving it in an environment variable is just one of ways to authenticate a user.

Before running the CLI commands described in this section, make sure that you've installed the CLI client and set up the required environment variables as described in Preparing to Use the CLI.

authentication add

Create an authentication cookie. You can store the value of the cookie in an environment variable, such as OPC_COMPUTE_COOKIE. An authentication cookie lasts for only 30 minutes, so you’ll need to refresh the cookie before it expires.

You can use this command to generate an authentication token and provide it to a third-party, especially when you don’t want to share your Compute Classic password with a third-party tool.

Here’s the order of precedence (the first option has the highest precedence):

  1. The value that you specify for the OPC_COMPUTE_COOKIE variable.

  2. The values you specify for the command line options, such as -pf and -u.

  3. When you don’t provide command line arguments, the values specified in the environment variables, such as OPC_COMPUTE_USER and OPC_COMPUTE_PASSWORD_FILE, take precedence over the values provided in the profile file.

  4. When you don’t specify values for command line arguments and environment variables, values specified in the profile file are considered.

Syntax

opc compute authentication add password user 

For help with the parameters and options of this command, run the command with the -h option.

Example

Before running this command, gather the account credentials.

  1. Identify the type of cloud account that you are using: Traditional Cloud Accounts (also known as Cloud Service Accounts) or Cloud Accounts with Identity Cloud Service (IDCS). See Types of Oracle Cloud Accounts in Managing and Monitoring Oracle Cloud.

    Note:

    Oracle Cloud Machine only supports Cloud Accounts with Identity Cloud Service (IDCS).

  2. Note down the account credentials for your Compute Classic instance.

    • On Oracle Cloud Machine: The account creation email from Oracle would contain the user name and password for your Compute Classic instance.

    • On Oracle Cloud: The account creation email from Oracle would contain the identity domain name, user name, and password for your Compute Classic instance, as shown in the following example:

      Account creation email from Oracle contains the name of the identity domain, user name, and password.

    If you don't have this information, contact your service administrator.

  3. Note down the REST API endpoint URL of your Compute Classic site. To find out the REST API endpoint URL of your site, follow the instructions at Send Requests in REST API for Oracle Cloud Infrastructure Compute Classic.

  4. While running CLI commands, you have to pass a two-part user name. Specify the two-part user name in one of the following ways:

    • On Oracle Cloud: If you are using a traditional cloud account or if your account creation email contains information about the identity domain, then you must use the following format for the two-part user name:

      /Compute-identity_domain/user

      For example, if your identity domain is acme and the username in your account-creation email is jack.jones@example.com, then the following would be the two-part user name that you must use for running CLI commands:

      /Compute-acme/jack.jones@example.com

    • On Oracle Cloud Machine: If you are using a cloud account with Identity Cloud Service (IDCS) or if your account creation email does not contain information about the identity domain, then you must use the following format for the two-part user name:

      /Compute-serviceInstanceID/username

      To get the service instance ID for your Compute Classic instance:

      1. Sign in to the Oracle Cloud My Services application. See Logging in to My Services in Managing and Monitoring Oracle Cloud.

        The Oracle Cloud My Services Dashboard page is displayed. It lists the services that are assigned to your account.

      2. In the Compute service tile, click Compute. The Service Details page for Compute Classic is displayed.

      3. Under Additional Information, note down the Service Instance ID.

        For example, if your service instance ID is 575260584 and the username in your account-creation email is jack.jones@example.com, then use the following two-part user name for REST API calls:

        /Compute-575260584/jack.jones@example.com

    Note:

    All examples in this document use /Compute-acme/jack.jones@example.com as the two-part user name. If you are using a Cloud Account with IDCS, replace acme in the two-part user name with your service instance ID.

  5. Store your password in a plain-text file of your choice (for example, in your /home/user directory).

    Ensure that the file containing the password isn't world-readable, by changing the permission to 600.

    chmod 600 /full/path/to/password/file
    
opc -f json compute -e api-z999.compute.us0.oraclecloud.com authentications add file://./password.txt /Compute-acme/jack.jones@example.com

Sample Output

Some lines have been truncated with ellipses (...) for readability. When you run the command in your environment, you'll see the full output.

{  "SetCookie": "nimbula=eyJpZGVudGl0eSI6ICJ7XCJyZWFsbVwiOi..." }

refresh-token get

Extends the expiry of the authentication token by 30 minutes from the time you run the command. Authentication tokens expire in 30 minutes. This command extends the expiry of the current authentication token, but not beyond the session expiry time, which is 3 hours.

Prerequisite

Before running this command, set the value of the OPC_COMPUTE_COOKIE environment variable with the response received when you run the authentication add command.

For example, if the response that you have received while running the authentication add command is:

{
 "SetCookie": "nimbula=eyJpZGVudGl0eSI6ICJ7XCJyZWFsbVwiOiBcImNvbXB1dGUtZW0yLXoxN1wiLCBcInZhbHVlXCI6IFwie1xcXCJjdXN0b21lclxcXCI6IFxcXCJDb21wdXRlLWRvY2V4YW1wbGVcXFwiLCBcXFwicmVhbG1cXFwiOiBcXFwiY29tcHV0ZS1lbTItejE3XFxcIiwgXFxcImVudGl0eV90eXBlXFxcIjogXFxcInVzZXJcXFwiLCBcXFwic2Vzc2lvbl9leHBpcmVzXFxcIjogMTQ4Mjg0MTQzOS45MjUwMDksIFxcXCJleHBpcmVzXFxcIjogMTQ4MjgzMjQzOS45MjUwMzY5LCBcXFwidXNlclxcXCI6IFxcXCIvQ29tcHV0ZS1kb2NleGFtcGxlL1N5bGFqYVxcXCIsIFxcXCJncm91cHNcXFwiOiBbXFxcIi9Db21wdXRlLWRvY2V4YW1wbGUvQ29tcHV0ZS5Db21wdXRlX09wZXJhdGlvbnNcXFwiXX1cIiwgXCJzaWduYXR1cmVcIjogXCJhdXZxeHRXM080Y0FSZ3psUVB4Q05JTCswMUZSeDNlY1ZjaDNIVHhETDViemZZY2kzVDkrejFSUSsvUlJBRFpZUm4zUE1kcVRGZGc1b01ZYVhEUWd6a2l3eXd0TU1KQzNTT1MxZHdhc2hXYXVFV3NERmVxN21tMkhFd21WMFk4RE1wVHY0UDZCLzR5ZUxVT0VrcnVoNGNHMkNvNlEvMnVHRjA4dGdITWVNMHM1Q1NFcnZqZERNcmJaT0l4M0ZtalA0QmgyTjNWYXVlK01GS0h4MmNKQ3d1UDFCTUc0NjVqT2F1eEV0djU4TitJanp6NWhmT0hkWW9kVTNZNk0wbUJzcDRaS1lndC9IVkZPclpOK05jN3JFQkhWSmZkSW44cWh3YW0yUFAra2JJMmo2RGozSUJNSkpDSVFYZXJzT2ZXYWVSWEdyWlN1MEV6WWd1dmJiSXJlMUE9PVwifSJ9; Path=/; Max-Age=1800"
}

You’ll set the value of the OPC_COMPUTE_COOKIE environment variable as by excluding nimbula and including values only till the first semicolon.

export OPC_COMPUTE_COOKIE='eyJpZGVudGl0eSI6ICJ7XCJyZWFsbVwiOiBcImNvbXB1dGUtZW0yLXoxN1wiLCBcInZhbHVlXCI6IFwie1xcXCJjdXN0b21lclxcXCI6IFxcXCJDb21wdXRlLWRvY2V4YW1wbGVcXFwiLCBcXFwicmVhbG1cXFwiOiBcXFwiY29tcHV0ZS1lbTItejE3XFxcIiwgXFxcImVudGl0eV90eXBlXFxcIjogXFxcInVzZXJcXFwiLCBcXFwic2Vzc2lvbl9leHBpcmVzXFxcIjogMTQ4Mjg0MTQzOS45MjUwMDksIFxcXCJleHBpcmVzXFxcIjogMTQ4MjgzMjQzOS45MjUwMzY5LCBcXFwidXNlclxcXCI6IFxcXCIvQ29tcHV0ZS1kb2NleGFtcGxlL1N5bGFqYVxcXCIsIFxcXCJncm91cHNcXFwiOiBbXFxcIi9Db21wdXRlLWRvY2V4YW1wbGUvQ29tcHV0ZS5Db21wdXRlX09wZXJhdGlvbnNcXFwiXX1cIiwgXCJzaWduYXR1cmVcIjogXCJhdXZxeHRXM080Y0FSZ3psUVB4Q05JTCswMUZSeDNlY1ZjaDNIVHhETDViemZZY2kzVDkrejFSUSsvUlJBRFpZUm4zUE1kcVRGZGc1b01ZYVhEUWd6a2l3eXd0TU1KQzNTT1MxZHdhc2hXYXVFV3NERmVxN21tMkhFd21WMFk4RE1wVHY0UDZCLzR5ZUxVT0VrcnVoNGNHMkNvNlEvMnVHRjA4dGdITWVNMHM1Q1NFcnZqZERNcmJaT0l4M0ZtalA0QmgyTjNWYXVlK01GS0h4MmNKQ3d1UDFCTUc0NjVqT2F1eEV0djU4TitJanp6NWhmT0hkWW9kVTNZNk0wbUJzcDRaS1lndC9IVkZPclpOK05jN3JFQkhWSmZkSW44cWh3YW0yUFAra2JJMmo2RGozSUJNSkpDSVFYZXJzT2ZXYWVSWEdyWlN1MEV6WWd1dmJiSXJlMUE9PVwifSJ9'

Syntax

opc compute refresh-token get

For help with the parameters and options of this command, run the command with the -h option.

Example

opc compute -e api-z999.compute.us0.oraclecloud.com -u /Compute-acme/jack.jones@example.com refresh-token get

Sample Output

{}