Obtain OCI credentials
This page describes how to obtain API credentials to work with Oracle Cloud Infrastructure (OCI) in Abiquo
For details of the support for OCI features in Abiquo, see OCI features table.
For details of the OCI integration, see Oracle Cloud Infrastructure integration.
Abiquo provides this general guide to OCI credentials but OCI functionality may vary between accounts and change at any time.
If you have any doubts, please check the OCI documentation.
Only use ONE set of OCI keys for each enterprise
OCI will allow you to generate more than one set of active keys for each user.
However, in the platform you can only add one set and use them in one enterprise.
If you try to add another set, for example, using the API, the platform will display an error message.
Obtain API credentials for an OCI account
Oracle Cloud Infrastructure (OCI) does not have a partner or reseller account system.
Each enterprise in the cloud platform will have its own OCI account.
The root admin user of your account will have full access to the OCI portal and cloud.
To work in the cloud platform, create a user with an API signing key. See Security Credentials
Abiquo supports Federated and IAM users in OCI. You should decide which type of user best suits your business needs.
You can restrict the API credentials to a set of OCI compartments.
OCI compartments are like Azure resource groups and which are also represented as Abiquo resource groups)
In Abiquo, you can use the same OCI credentials for compute and for pricing and billing.
The credentials you will need to enter in Abiquo are the OCI user, fingerprint, tenancy and private key.
Create a new user in OCI
To create a federated user or a local user to access OCI through Abiquo, do these steps.
Log in to the OCI console and create a user following Oracle instructions for federated or local users
Federated users (IDCS): Adding Users
Local users (IAM): Managing Users
Assign your user to a group and allow access and/or assign an access policy to your user
For a Cloud Admin, assign the user to the Administrators group
Go to Infrastructure Regions and subscribe the user to any other required regions in addition to the home region.
Restrict an OCI user
One way to restrict an OCI user is to allow them to work with resources in one or more OCI Compartments only.
For information about OCI compartments and their use cases, see Learn Best Practices for Setting Up Your Tenancy
For more details about how to manage compartments, see Managing Compartments.
For a quick description of the policy for restricting user compartments, see Common Policies.
(You can add the policy in Identity → Policies).
OCI billing dashboard
To enable an OCI user to use the billing dashboard, assign the OCI user a policy with access to cost and usage data.
Go to Cost and Usage Reports and get the required policy from the “Required IAM Policy” section.
(We got this one on 2022-07-28, please check for updates!).
To use cost and usage reports, the following policy statement is required:define tenancy usage-report as ocid1.tenancy.oc1..aaaaaaaaned4fkpkisbwjlr56u7cj63lf3wffbilvqknstgtvzub7vhqkggq
endorse group <group> to read objects in tenancy usage-report
Replace “<group>” with the OCI user’s group
In OCI, go to Identity → Policies and add the policy
Obtain an API key
To obtain Oracle API key credentials, you will need an API signing key.
To generate your own key, see Oracle info on generating an API signing key.
To obtain Oracle credentials, do these steps in the Oracle console.
For local users
Go to the options menu in the top left of the screen → Identity & Security → Users
Select the user and go to API keys
For federated users
Follow the instructions in the Oracle documentation to add an API key. See https://docs.oracle.com/en-us/iaas/Content/Identity/Tasks/addingidcsusersandgroups.htm
In the section "To add API keys, auth tokens, or other Oracle Cloud Infrastructure Credentials''
Click Add API key
You can let Oracle generate an API signing key or upload your own public key and fingerprint.
If you generate an API signing key, click Download Private Key
The private key will save as a .pem file
Change the permissions of the file so only you can access it
Keep this file to enter as the secret key
Select View Configuration file.
From the Configuration File Preview you will need to prepare the following to enter them in Abiquo.User with the format
ocid1.user.oc1..aaaaaaaa7tnw...verylongstring2...
Fingerprint with the format
ab:ab:ab:bc:bc:bc:...
Tenancy with the format
ocid1.tenancy.oc1..aaaaaaaaeuu5...verylongstring1...
This is described towards the end of the second section of the official Oracle documentation on "Configuring and Connecting to Oracle Cloud with Oracle Developer Tools for VS Code".
In OCI check that the user has permissions to access the public cloud regions to add to Abiquo.
Add credentials in Abiquo
To add the credentials in Abiquo do these steps.
Create at least one OCI public cloud region
Edit the tenant enterprise and go to Credentials → Public
Enter the credentials in the following format:
Access key ID:
tenancy#user#fingerprint
Enter the tenancy user and fingerprint, with “#” characters in between them. For example:ocid1.tenancy.oc1..aaaaaaaaeuu5...verylongstring1...
#ocid1.user.oc1..aaaaaaaa7tnw...verylongstring2...
#ab:ab:ab:bc:bc:bc:...
Secret access key: Private key in PEM format
-----BEGIN PRIVATE KEY-----
BLasdKKTSDksdfkiG9w0BAQaassCBKgwggaaaIBAQbCCSDDD1ZUVdsSQErS
....
-----END PRIVATE KEY-----
To use the same credentials for billing dashboards, mark the checkbox to Also use for pricing if required
Copyright © 2006-2024, Abiquo Holdings SL. All rights reserved