You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+21-8Lines changed: 21 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -14,24 +14,37 @@ This package implements:
14
14
15
15
## Authentication
16
16
17
-
The provider currently keeps OCI auth intentionally simple:
17
+
OCI SDKs support several authentication methods. This provider supports the two
18
+
primary methods: API keys, for authentication outside OCI, and
19
+
`instance_principal`, for authentication from instances within OCI.
18
20
19
-
- explicit API key fields on `oraclecloud.Provider`
20
-
- OCI config file credentials
21
-
- Oracle CLI environment variables
21
+
All OCI SDKs support some or all of Oracle's standard environment variables for
22
+
authentication configuration, so this provider does too.
23
+
24
+
The recommended and most prominently documented configuration style is the
25
+
standard OCI config file, usually `~/.oci/config`, because it matches Oracle's
26
+
preferred user workflow and works cleanly with existing OCI tooling.
27
+
28
+
See the OCI Developer Guide for more on the [Authentication Methods](https://docs.oracle.com/en-us/iaas/Content/API/Concepts/sdk_authentication_methods.htm) and [Environment Variables](https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/clienvironmentvariables.htm).
22
29
23
30
Supported `Auth` values:
24
31
25
32
-`""` or `auto`
26
33
-`api_key`
27
34
-`config_file`
28
35
-`environment`
36
+
-`instance_principal`
37
+
38
+
The `api_key`, `config_file`, and `environment` values are all API-key authentication;
39
+
they only differ in where the credentials come from.
40
+
41
+
`resource_principal` and token-based authentication are not currently supported.
42
+
43
+
If you set `Auth` to `auto` or `config_file` with a valid `~/.oci/config` file available, or set `Auth` to `instance_principal` on an OCI instance with the appropriate policies applied, no further configuration is required to manage public DNS zones. However, both of these methods require `ViewID` to be configured to manage private zones by name.
29
44
30
-
`instance_principal` is also wired through, but the package is primarily aimed at API-key based usage for now.
45
+
For `environment`, or when populating the provider fields directly, the minimum required values are `TenancyOCID`, `UserOCID`, `Fingerprint`, `Region`, and either `PrivateKeyPath` or inline `PrivateKey`. `PrivateKeyPassphrase`is only needed when the private key is passphrase-protected.
31
46
32
-
If you use `Auth: "config_file"` with `ConfigFile: "~/.oci/config"`, you do not also need to provide
33
-
`TenancyOCID`, `UserOCID`, `Fingerprint`, `Region`, or `PrivateKey*` fields. `ConfigProfile` is optional
34
-
and defaults to `DEFAULT` (or `OCI_CLI_PROFILE` if set).
0 commit comments