Documentação oficial: https://docs.oracle.com/en-us/iaas/Content/API/Concepts/sdkconfig.htm
Uma vez gerado a credencial, precisamos dos seguintes parâmetros:
– user: ex: ocid1.user.oc1……
– tenancy: ex: ocid1.tenancy.oc1…..
– region: Sao Paulo, Ausburn, etc
– pem: arquivo texto com chave, começa com “—–BEGIN RSA PRIVATE KEY—–“
– fingerprint: fingerprint da chave
Para o IAM: https://console.sa-saopaulo-1.oraclecloud.com/identity/policies
define tenancy usage-report as ocid1.tenancy.oc1..aaaaaaaaned4fkpkisbwjlr56u7cj63lf3wffbilvqknstgtvzub7vhqkggq
Allow group __meugroup__ to read all-resources in tenancy
endorse group __meugroup__ to read objects in tenancy usage-report
(para processar os custos é necessário manter o código do tenancy acima pois é da própria Oracle)
Permissões específicas para automações
Ligar/desligar/upgrade/downgrade de instâncias:
Allow group __meugroup__ to manage instance-family in tenancy where any {request.permission='INSTANCE_POWER_ACTIONS', request.permission='INSTANCE_UPDATE'}
Backup:
Allow group __meugroup__ to manage volume-family in tenancy where any {request.permission='VOLUME_BACKUP_CREATE', request.permission='VOLUME_WRITE', request.permission='VOLUME_UPDATE', request.permission='VOLUME_BACKUP_DELETE', request.permission='BOOT_VOLUME_BACKUP_CREATE', request.permission='BOOT_VOLUME_BACKUP_DELETE', request.permission='VOLUME_GROUP_BACKUP_CREATE', request.permission='VOLUME_GROUP_BACKUP_DELETE'}
MySQL – Ligar/desligar:
Allow group __meugroup__ to manage mysql-family in tenancy where any {request.permission='MYSQL_INSTANCE_USE', request.permission='MYSQL_BACKUP_CREATE', request.permission='MYSQL_BACKUP_DELETE'}
DbSystems – ligar/desligar:
Allow group __meugroup__ to manage database-family in tenancy where any {request.permission='DB_NODE_POWER_ACTIONS', request.permission='DB_BACKUP_DELETE', request.permission='DB_BACKUP_CREATE'}
Gerenciar Tags:
Allow group __meugroup__ to use tag-namespaces in tenancy
OKE Cluster – ligar/desligar NodePools:
Allow group __meugroup__ to manage instance-family in tenancy
Allow group __meugroup__ to use subnets in tenancy
Allow group __meugroup__ to use vnics in tenancy
(nota: a permissao de ‘manage instance-family’ é necessária. Para evitar misturar com instâncias que não sejam Kubernetes, recomendamos usar ‘in compartment <compartment-name>’ no lugar do tenancy inteiro)