Page Comparison

...

To create a federated user or a local user to access OCI through Abiquo, do these steps.

1. Log in to the OCI console and create a user following Oracle instructions for federated or local users

   1. Federated users (IDCS): https://docs.oracle.com/en-us/iaas/Content/GSG/Tasks/addingusers.htm#Add

   2. Local users (IAM): https://docs.oracle.com/en-us/iaas/Content/Identity/Tasks/managingusers.htm#Managing_Users

2. Assign your user to a group and allow access and/or assign an access policy to your user

   1. For a Cloud Admin, assign the user to the Administrators group

3. Go to Infrastructure Regions and subscribe the user to any other required regions in addition to the home region.

...

Restrict an OCI user

One way to restrict an OCI user is to allow them to work with resources in one or more OCI Compartments only.

...

1. Go to https://docs.oracle.com/en-us/iaas/Content/Billing/Tasks/accessingusagereports.htm#Accessing_Cost_and_Usage_Reports and get the required policy from the “Required IAM Policy” section.
   (We got this one on 2022-07-28, please check for updates!).
   To use cost and usage reports, the following policy statement is required:
   define tenancy usage-report as ocid1.tenancy.oc1..aaaaaaaaned4fkpkisbwjlr56u7cj63lf3wffbilvqknstgtvzub7vhqkggq

   endorse group <group> to read objects in tenancy usage-report

2. Replace “<group>” with the OCI user’s group

3. In OCI, go to Identity → Policies and add the policy

...

Obtain an API key

To obtain Oracle API key credentials, you will need an API signing key.

...

To obtain Oracle credentials, do these steps in the Oracle console. 

1. For local users

   1. Go to the options menu in the top left of the screen → Identity & Security → Users

   2. Select the user and go to API keys 

2. For federated users

   1. Follow the instructions in the Oracle documentation to add an API key. See https://docs.oracle.com/en-us/iaas/Content/Identity/Tasks/addingidcsusersandgroups.htm
      In the section "To add API keys, auth tokens, or other Oracle Cloud Infrastructure Credentials''

3. Click Add API key

4. You can let Oracle generate an API signing key or upload your own public key and fingerprint. 

5. If you generate an API signing key, click Download Private Key

   1. The private key will save as a .pem file

   2. Change the permissions of the file so only you can access it

   3. Keep this file to enter as the secret key

6. Select View Configuration file.
   From the Configuration File Preview you will need to prepare the following to enter them in Abiquo.

   1. User with the format ocid1.user.oc1..aaaaaaaa7tnw...verylongstring2...

   2. Fingerprint with the formatab:ab:ab:bc:bc:bc:...

   3. Tenancy with the format ocid1.tenancy.oc1..aaaaaaaaeuu5...verylongstring1...

This is described towards the end of the second section of the official Oracle documentation on "Configuring and Connecting to Oracle Cloud with Oracle Developer Tools for VS Code".

...

To add the credentials in Abiquo do these steps.

1. Create at least one OCI public cloud region

2. Edit the tenant enterprise and go to Credentials → Public

3. Enter the credentials in the following format:

   1. Access key ID:  tenancy#user#fingerprint
      Enter the tenancy user and fingerprint, with “#” characters in between them. For example:
      ocid1.tenancy.oc1..aaaaaaaaeuu5...verylongstring1...#ocid1.user.oc1..aaaaaaaa7tnw...verylongstring2...#ab:ab:ab:bc:bc:bc:...

   2. Secret access key: Private key in PEM format
      -----BEGIN PRIVATE KEY-----

      BLasdKKTSDksdfkiG9w0BAQaassCBKgwggaaaIBAQbCCSDDD1ZUVdsSQErS

      ....

      -----END PRIVATE KEY-----

4. To use the same credentials for billing dashboards, mark the checkbox to Also use for pricing if required