steampipe plugin install ocisteampipe plugin install oci

Oracle Cloud + Steampipe

Steampipe is an open source CLI to instantly query cloud APIs using SQL.

Oracle Cloud provides on-demand cloud computing platforms and APIs to authenticated customers on a metered pay-as-you-go basis.

For example:

select
name,
id,
is_mfa_activated
from
oci_identity_user;
+-----------------+------------------------+------------------+
| name | id | is_mfa_activated |
+-----------------+------------------------+------------------+
| pam_beesly | ocid1.user.oc1.aaaa... | false |
| creed_bratton | ocid1.user.oc1.aaaa... | true |
| stanley_hudson | ocid1.user.oc1.aaaa... | false |
| michael_scott | ocid1.user.oc1.aaaa... | false |
| dwight_schrute | ocid1.user.oc1.aaaa... | true |
+-----------------+------------------------+------------------+

Documentation

Get started

Install

Download and install the latest Oracle Cloud plugin:

steampipe plugin install oci

Credentials

ItemDescription
CredentialsCreate API keys for your user and add to default OCI configuration: ~/.oci/config
PermissionsUse policy builder to enable your group with the permission: Allow group {group_name} to inspect all-resources in tenancy
RadiusEach connection represents a single OCI Tenant.
Resolution1. Static credentials in the configuration file with the tenancy_ocid, user_ocid, fingerprint and private_key_path arguments..
2. Named profile from an OCI config file(~/.oci/config) with the config_file_profile argument.
3. Named profile containing security token.
4. Instance Principal based authentication. Note: this configuration will only work when run from an OCI instance.
5. If no credentials are specified, the plugin will use the OCI Default Connection

Configuration

Installing the latest oci plugin will create a config file (~/.steampipe/config/oci.spc) with a single connection named oci:

connection "oci_tenant_y" {
plugin = "oci"
config_file_profile = "DEFAULT" # Name of the profile
config_path = "~/.oci/config" # Path to config file
regions = ["ap-mumbai-1" , "us-ashburn-1"] # List of regions
}

Get involved

Advanced configuration options

If you have an OCI profile setup for using the OCI CLI, Steampipe will just work with that connection.

For users with multiple accounts and more complex authentication use cases, here are some examples of advanced configuration options:

Use static credentials

The OCI plugin allows you set static credentials with the tenancy_ocid, user_ocid, fingerprint and private_key_path arguments. You may select one or more regions with the regions argument.

connection "oci_tenant_x" {
plugin = "oci"
tenancy_ocid = "ocid1.tenancy.oc1..aaaaaaaa111111111bbbbbbbetci3yjjnjqmfkr4pab12cd45gh56hm76cyljaq"
user_ocid = "ocid1.user.oc1..aaaaaaaa111111111bbbbbbb2oixpabcd7a3jkl6yife75v7a7o6c5d6wclrsjia"
fingerprint = "9a:a1:b2:c3:d4:e5:6f:7g:89:33:5f:ed:ab:ec:de:11"
private_key_path = "~/.ssh/oci_private.pem" # Path to user's private key
regions = ["ap-mumbai-1" , "us-ashburn-1"] # List of regions to query resources
}

Using a named profile

If you have an OCI config file(~/.oci/config) with multiple profiles setup, you can set the config_file_profile argument:

connection "oci" {
plugin = "oci"
config_file_profile = "DEFAULT" # Name of the profile in the OCI config file
config_path = "~/.oci/config" # Path to config file
regions = ["ap-mumbai-1" , "us-ashburn-1"] # List of regions to query resources
}
connection "oci_tenant_x" {
plugin = "oci"
config_file_profile = "tenant_x" # Name of the profile in the OCI config file
config_path = "~/.oci/config" # Path to config file
regions = ["ap-mumbai-1" , "us-ashburn-1"] # List of regions to query resources
}

Using a named profile containing security token

connection "oci_tenant_z" {
plugin = "oci"
auth = "SecurityToken" # Type of authentication
config_file_profile = "tenant_z" # OCI Profile containing the details of the token
regions = ["ap-mumbai-1"]
}

Instance principal based authentication

This configuration will only work when run from an OCI instance. More information on using Instance Principals:

connection "oci" {
plugin = "oci"
auth = "InstancePrincipal" # Type of authentication
}