4 Replies Latest reply on Mar 18, 2018 1:32 AM by 3622227

    oci cli - 401 "NotAuthenticated"

    3622227

      Dear Gurus,

       

      This is my first time trying to use oci cli. I completed the install  and config process from the below URL and everything went fine.

       

      https://docs.us-phoenix-1.oraclecloud.com/Content/API/SDKDocs/cliinstall.htm

       

      Created the API keys , uploaded the key to OCI and Configured the profile. Finger prints matches between public.pem (uploaded to OCI) and private key.

       

      Now when i try to issue any command via cli it throws the 401 error irrespective of what I try.

      I tried on three different machines with different OS (Windows/Linux ). Looks like I am doing something wrong somewhere. 

       

      Error Message:

       

      [oracle@localhost .oci]$ oci os ns get

      ServiceError:

      {

          "code": "NotAuthenticated",

          "message": "The required information to complete authentication was not provided.",

          "opc-request-id": "72C5694FDF694AEDA0FA42FBB77E811C",

          "status": 401

      }

       

       

      Clocks seems to be in sync:

      curl -s --head https://iaas.us-phoenix-1.oraclecloud.com | grep Date

      [oracle@localhost ~]$ curl -s --head https://iaas.us-phoenix-1.oraclecloud.com | grep Date

      Date: Sat, 17 Mar 2018 16:25:08 GMT

      [oracle@localhost ~]$ date

      Sat Mar 17 12:25:16 EDT 2018

       

      setup went fine and have necessary permissions for keys:

      [oracle@localhost .oci]$ ls -lrt

      total 12

      -rw-------. 1 oracle oinstall  451 Mar 17 11:56 oci_api_key_public.pem

      -rw-------. 1 oracle oinstall 1679 Mar 17 11:56 oci_api_key.pem

      -rw-------. 1 oracle oinstall  302 Mar 17 11:56 config

       

      $cat config

      [DEFAULT]

      user=ocid1.user.oc1..aaaaxxxxxxxxxrhbpmiv3vmx3fanyfotrjnfa

      fingerprint=5e:e3:43:c6:b3:64:73:df:a4:e2:a6:a3:35:e6:39:e3

      key_file=/home/.oci/oci_api_key.pem

      tenancy=ocid1.tenancy.oc1..aaaaaxjjaryrxflyysgaganbmybm

      region=us-"ashburn-1"

       

      I am out of ideas and any help in this regard is greatly appreciated.

        • 1. Re: oci cli - 401 "NotAuthenticated"
          vikram thakur

          Hi,

           

          Just curious, can you try without the double-quotes for region?

           

          From:

          region=us-"ashburn-1"

           

          To:

          region=us-ashburn-1

           

          Thanks,

          Vikram

          • 2. Re: oci cli - 401 "NotAuthenticated"
            3622227

            Thanks Vikram for pointing out. Still the same without any quotes.

            I was desperate and trying different options and tried with quotes. Initial config file created has no quotes and i reverted back what it was.

             

            Tried with different region too but no luck.

             

             

            $cat config

            [DEFAULT]

            user=ocid1.user.oc1..aaaaxxxxxxxxxrhbpmiv3vmx3fanyfotrjnfa

            fingerprint=5e:e3:43:c6:b3:64:73:df:a4:e2:a6:a3:35:e6:39:e3

            key_file=/home/.oci/oci_api_key.pem

            tenancy=ocid1.tenancy.oc1..aaaaaxjjaryrxflyysgaganbmybm

            region=us-ashburn-1

             

            I am out of ideas and any help in this regard is greatly appreciated.

            • 3. Re: oci cli - 401 "NotAuthenticated"
              vikram thakur

              Understood. I also noticed the file timestamp for oci_api_key_public.pem, oci_api_key.pem and config are all the same. So I did not think the config file was manually updated.

              Was yours an auto install or manual? From documentation, it almost looks like some of your information may be incorrect in the config. Clock, I remember, you mentioned is in sync.

               

              ---- from doc (Ref: https://docs.us-phoenix-1.oraclecloud.com/Content/API/References/apierrors.htm#ErrorDetailsandTroubleshooting )

              html status code: 401

              • Missing or incorrect authentication information. Verify that all the required information (tenant OCID, user OCID, fingerprint, and private key) is provided and accurate. Verify that the public key corresponding to the fingerprint has been uploaded for the user. For more information, see Required Keys and OCIDs.
              • Clock skew. This status code is returned if the client's clock is skewed more than 5 minutes from the server's clock. For more information, see Maximum Allowed Client Clock Skew.
              • API request signature error. This status code is returned if a required header is missing from a signing string. For more information, see Request Signatures.

               

              Thanks,

              Vikram

              • 4. Re: oci cli - 401 "NotAuthenticated"
                3622227

                I did a fresh install on a OCI compute instance just to see if it has anything to do with my install scripts.

                 

                Anyway I tried with a new user instead of a service administrator and it worked ...YAYYYYYYYYYYYYYYYYYYYY

                 

                Vikram thanks a lot man for your kind support and help.... Really appreciated.

                 

                [opc@shaikprod .oci]$ oci os ns get

                {

                  "data": "shaikscloud33"

                }