Oracle Cloud Infrastructure CLI Scripting: How to Quickly Override the Default Configuration

August 20, 2020 | 3 minute read
Olaf Heimburger
Cloud Security Advisor
Text Size 100%:

Introduction

Command line interfaces (CLIs) are artifacts from the stone age of the computer age. Their introduction was a big leap forward in terms of ease and speed when a computer should be directed to do what the user wants to be done. Over time CLI environments evolved and are interactive and programmable and are available on all modern operating systems, for example as shells. They are not as fancy as graphical user interfaces, but, are fast, repeatable, scriptable, and scripts can be quickly shared.

The Oracle Cloud Infrastructure Command Line Interface (OCI CLI) is such a tool and, combined with a shell script, can be quickly used to create shareable scripts.

However, this article is not an introduction to the OCI CLI (see OCI Command Line Interface (CLI) for a more detailed description). But it shows an easy to use way to switch between compartments, regions, etc. without rewriting the command line or script.

OCI CLI Configuration

By default, OCI CLI looks for configuration information in $HOME/.oci/config. If this file is not present, it must be created manually and should contain the tenancy OCID, user OCID, default region, and authentication information.

OCI CLI uses API keys, a private/public security scheme, as the default authentication. To easily create these keys use the oci setup keys command. It will store the private and public keys as PEM files in $HOME/.oci and displays the fingerprint of the public key. The file location, the fingerprint must be added to $HOME/.oci/config manually, too.

A sample $HOME/.oci/config looks like this: [DEFAULT] tenancy=ocid1.tenancy.oc1..<unique_ID> user=ocid1.user.oc1..<unique_ID> region=us-ashburn-1 fingerprint=XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX key_file=~/.oci/oci_api_key.pem pass_phrase=<pass_phrase>

Note: pass_phrase is a deprecated key. You might use a different authentication scheme in later versions of the OCI CLI.

Using CLI Profiles

To support different tenancies, users, regions, and key files you can easily add new configurations as so called profiles in the same file. For example, using one profile per region your $HOME/.oci/config looks like this: [DEFAULT] tenancy=ocid1.tenancy.oc1..<unique_ID> user=ocid1.user.oc1..<unique_ID> region=us-ashburn-1 fingerprint=XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX key_file=~/.oci/oci_api_key.pem pass_phrase=<pass_phrase> [FRA] tenancy=ocid1.tenancy.oc1..<unique_ID> user=ocid1.user.oc1..<unique_ID> region=eu-frankfurt-1 fingerprint=XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX key_file=~/.oci/oci_api_key.pem pass_phrase=<pass_phrase> With this profile configuration you can easily switch between regions using the command line switch --profile, for example, listing all your compartments for your profiles:
prfs="DEFAULT FRA" for i in $prfs; do echo "Compartments in profile $i" oci iam compartment list --profile $i done

Using the OCI CLI Environment Variables

Hmm, the standard option using profiles is great if you use completely different environments, i.e., a combination of tenancies, users, and keys. If you need to change just one value like a region it is quite an overhead.

To change just one or two values of your DEFAULT configuration, you can use OCI CLI environment variables. These environment variables override the values specified in the DEFAULT profile, but do not change any value in the $HOME/.oci/config file.

So, for example, to list all compartments you own in your subscribed regions, you can just use the OCI_CLI_REGION environment variable like this: rgs="us-ashburn-1 eu-frankfurt-1 ap-sydney-1" for i in $rgs; do export OCI_CLI_REGION=$i echo "Compartments in region $OCI_CLI_REGION" oci iam compartment list done This loop uses the same OCI CLI command line and the DEFAULT profile, overrides the region setting, and returns different results for the regions you need.

Imagine the power of the environment variables for a complex script!

References

Olaf Heimburger

Cloud Security Advisor


Previous Post

Oracle SD-WAN Edge Deployment in OCI

Javier Ramirez | 15 min read

Next Post


Oracle – Azure Interconnect Use Cases

Javier Ramirez | 16 min read