1. Oracle ZFS Storage Appliance Object API Guide for Oracle Cloud Infrastructure Object Storage Service Support, Release OS8.8.x
  2. Oracle ZFS Storage Appliance Object API for Oracle Cloud Infrastructure Object Storage
  3. Using the Oracle Cloud Infrastructure Object Storage Service
  4. Managing Oracle Cloud Infrastructure Object Storage Service User Keys (CLI)

Managing Oracle Cloud Infrastructure Object Storage Service User Keys (CLI)

This procedure describes how to use the CLI to create a user key, set operations permissions for a user key, or delete a user key for the Oracle Cloud Infrastructure Object Storage service for the HTTP protocol.

  1. Go to the oci keys node of the HTTP service. 
    hostname:> configuration services http oci keys
hostname:configuration services http oci keys> list
NAME    CREATED             USER  FINGERPRINT        COMMENT
key-000 2019-6-19 15:25:42  usr1  key-000-fingerprint
key-001 2019-7-8  16:01:18  usr2  key-001-fingerprint
  2. Use the create command to create a new user key. 
    hostname:configuration services http oci keys> create

    Provide a user name, a public key, and an optional comment.

    1. Set the user name.

      The user name is the OCID of an Oracle Cloud Infrastructure account user and is also a valid data user on the appliance. A data user is a user that is allowed to access data protocols. The user does not need to be an appliance administrator.

      hostname:configuration services http oci key-002 (uncommitted)> set user=usr3
                          user = usr3 (uncommitted)
    2. Use the setkey command to set the key.

      The public key is a 392-character base64 string that corresponds to an RSA public key in PEM format. The key is echoed in correct PEM format for visual verification.

      hostname:configuration services http oci key-002 (uncommitted)> setkey
("." to end)> -----BEGIN PUBLIC KEY-----
("." to end)> MIIBITANBgkqhkiG9w0BAQEFAAOCAQ4AMIIBCQKCAQBqm2f5LPGIe9Nc6QiA+1Sb
("." to end)> ...
("." to end)> Bg/rj3IO97yXax+l8hIwCI6uNzgye7bUSQF6BNyEuNazW8VbCJPwnTdbWknKoSXh
("." to end)> AgMBAAEa
("." to end)> -----END PUBLIC KEY-----
("." to end)> .
  3. Optional: Provide a comment. 
    hostname:configuration services http oci key-002 (uncommitted)> set comment=dev
                       comment = dev (uncommitted)
  4. Commit the changes. 
    hostname:configuration services http oci key-002 (uncommitted)> commit
Here is the fingerprint associated with the registered public key.

Fingerprint: key-002-fingerprint

    The Keys list displays the generated fingerprint for the new key.

    • A unique fingerprint is generated for each different key that is entered by the same user.

    • The same fingerprint is generated for a key that is entered by different users.

  5. Optional: Change operations permissions for a user key.

    Permissions control a user's ability to perform operations on resources. See the Permissions Required for Each API Operation for more information.

    1. Select a key.

      A specific key can be selected in either of the following ways:

      • By key name, such as key-000.

      • By both username and fingerprint. A username or a fingerprint could match more than one key. Even if the username or fingerprint is unique in the current configuration, you must specify both to select the key.

      To select a key, use one of the following commands:

      hostname:configuration services http oci keys> select keyname
OR
hostname:configuration services http oci keys> select user=username fingerprint=fingerprint

      Select the new key and show its permissions properties.

      hostname:configuration services http oci keys> select key-002
hostname:configuration services http oci key-002> ls
Properties:
                          user = usr3
                   fingerprint = key-002-fingerprint
                       comment = dev
                namespace_read = true
                 bucket_create = true
                 bucket_update = true
                   bucket_read = true
                bucket_inspect = true
                 bucket_delete = true
                 object_create = true
              object_overwrite = true
                   object_read = true
                object_inspect = true
                 object_delete = true
         object_version_delete = true
                    par_manage = true
         retention_rule_manage = true
           retention_rule_lock = true
    2. Disable or enable specific permissions.

      The following example disables the object_version_delete permission for the selected key. 

      hostname:configuration services http oci key-002> set object_version_delete=false
         object_version_delete = false (uncommitted)
    3. Commit the changes. 
      hostname:configuration services http oci key-002> commit
hostname:configuration services http oci key-002> get object_version_delete
         object_version_delete = false
hostname:configuration services http oci key-002> done
  6. To delete a key, use the destroy command.

    Enter destroy keyname , and then enter y to confirm the key deletion. 

    hostname:configuration services http oci keys> destroy key-000
This will delete key "key-000". Are you sure? (Y/N) y