The cloud is more than a portal: accessing the trial/promotional account
TL;DR I will save you 5 minutes when you want to access the Oracle database as a service via REST on your promotion account when it’s (automatically) coupled to your Identity cloud service (IDCS).
Like many people I have a personal promotion account on the Oracle cloud to play with the Oracle Database as a service. Some of you know that I like to do things in commandline more than clicking around in a portal. The REST api is pretty well documented. You can find the documentation here: https://docs.oracle.com/en/cloud/paas/database-dbaas-cloud/csdbr/toc.htm
To test all this, I use curl. Very easy and simple to use and ideal to learn how to access the cloud using the REST calls. I made a habit when testing to define my username, password and identity domain in an environment variable. I find this easy to play around with urls and errors and it obfuscates also a bit my username / password / identity domain.
As a simple test, I usually use the “View all service instances”. The explanation can be found here: https://docs.oracle.com/en/cloud/paas/database-dbaas-cloud/csdbr/op-paas-service-dbcs-api-v1.1-instances-%7BidentityDomainId%7D-get.html#examples This is nice and easy as you just specify your identity Domain and you get a result. Easy to learn how it works.
When accessing a traditional cloud account you get this output:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
mbp-vanpupi:~ pieter$ curl -LI --request GET --user ${EMAIL}:${PASSWD} --header "X-ID-TENANT-NAME:${IDOMAIN}" https://dbcs.emea.oraclecloud.com/paas/service/dbcs/api/v1.1/instances/${IDOMAIN} HTTP/2 200 server: Oracle-Application-Server-11g strict-transport-security: max-age=31536000;includeSubDomains content-language: en access-control-allow-headers: Content-Type, api_key, Authorization, X-ID-TENANT-NAME, X-USER-IDENTITY-DOMAIN-NAME access-control-allow-methods: GET, POST, DELETE, PUT, OPTIONS, HEAD x-oracle-dms-ecid: 005OtaiOyIR3z015Rvl3id0006In0000gn x-oracle-dms-ecid: 005OtaiOyIR3z015Rvl3id0006In0000gn access-control-allow-origin: * x-frame-options: DENY content-type: application/json vary: user-agent date: Thu, 25 Jan 2018 13:23:10 GMT content-length: 2278 mbp-vanpupi:~ pieter$ |
Pay attention to line 2. That gives us the http status code 200 which means “OK”. For your interest, I like this page to check what each number means. Note that I use curl -LI instead of the example in the Oracle documentation. This way I don’t list the json it returns. When you replace -LI with –include, it gives you the full json which you request.
Then we do the same with the promotion account.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
mbp-vanpupi:~ pieter$ curl -LI --request GET --user ${EMAIL}:${PASSWD} --header "X-ID-TENANT-NAME:${IDOMAIN}" https://dbcs.emea.oraclecloud.com/paas/service/dbcs/api/v1.1/instances/${IDOMAIN} HTTP/2 403 server: Oracle-Application-Server-11g strict-transport-security: max-age=31536000;includeSubDomains content-language: en access-control-allow-headers: Content-Type, api_key, Authorization, X-ID-TENANT-NAME, X-USER-IDENTITY-DOMAIN-NAME access-control-allow-methods: GET, POST, DELETE, PUT, OPTIONS, HEAD x-oracle-dms-ecid: 005Otb86pyc3n315RvWByd0000Eg0001o4 x-oracle-dms-ecid: 005Otb86pyc3n315RvWByd0000Eg0001o4 access-control-allow-origin: * x-frame-options: DENY content-type: application/vnd.com.oracle.oracloud.provisioning.Pod+json vary: user-agent date: Thu, 25 Jan 2018 13:30:22 GMT mbp-vanpupi:~ pieter$ |
This means “Forbidden”.
When I check with the full output:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
mbp-vanpupi:~ pieter$ curl --include --request GET --user ${EMAIL}:${PASSWD} --header "X-ID-TENANT-NAME:${IDOMAIN}" https://dbcs.emea.oraclecloud.com/paas/service/dbcs/api/v1.1/instances/${IDOMAIN} HTTP/2 403 server: Oracle-Application-Server-11g strict-transport-security: max-age=31536000;includeSubDomains content-language: en access-control-allow-headers: Content-Type, api_key, Authorization, X-ID-TENANT-NAME, X-USER-IDENTITY-DOMAIN-NAME access-control-allow-methods: GET, POST, DELETE, PUT, OPTIONS, HEAD x-oracle-dms-ecid: 005OtbGlTwX3n315RvWByd0000Eg0001mi x-oracle-dms-ecid: 005OtbGlTwX3n315RvWByd0000Eg0001mi access-control-allow-origin: * x-frame-options: DENY content-type: application/vnd.com.oracle.oracloud.provisioning.Pod+json vary: user-agent date: Thu, 25 Jan 2018 13:32:48 GMT no DBAAS permission mbp-vanpupi:~ pieter$ |
No DBAAS permission.
This is odd because I am allowed and able to create services:
So there must be something different between the traditional cloud account and the promotion/trial account. Quickly I noticed that in the promotional account Oracle Identity Cloud Service (IDCS) is active. I’m a dba and I don’t know anything about this beast, so I was able to create a service request and then after a while it turned out I need to use the identity domain from the IDCS.
This URL can be retrieved in the portal under Dashboard -> Database -> Overview -> Additional information
There you will find following information (don’t mind the things I blanked out):
Then you can see at the right an idcs- entry. That’s the identity domain you need.
When I then export my environment variable to that identity domain it lists my one and only vanpupi-instance (sorry for the stars, you must use your own idcs 😉 ):
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
mbp-vanpupi:~ pieter$ export IDOMAIN=idcs-28e1dc1b900a*****************25 mbp-vanpupi:~ pieter$ curl -LI --request GET --user ${EMAIL}:${PASSWD} --header "X-ID-TENANT-NAME:${IDOMAIN}" https://dbcs.emea.oraclecloud.com/paas/service/dbcs/api/v1.1/instances/${IDOMAIN} HTTP/2 200 server: Oracle-Application-Server-11g strict-transport-security: max-age=31536000;includeSubDomains content-language: en access-control-allow-headers: Content-Type, api_key, Authorization, X-ID-TENANT-NAME, X-USER-IDENTITY-DOMAIN-NAME access-control-allow-methods: GET, POST, DELETE, PUT, OPTIONS, HEAD x-oracle-dms-ecid: 005OtdHBVQu3z015Rvl3id0006In0000t3 x-oracle-dms-ecid: 005OtdHBVQu3z015Rvl3id0006In0000t3 access-control-allow-origin: * x-frame-options: DENY content-type: application/json vary: user-agent date: Thu, 25 Jan 2018 14:08:43 GMT content-length: 792 mbp-vanpupi:~ pieter$ |
And when I ask the full output it nicely lists my vanpupi instance (i manually hid some thing with stars, it should show you your own info):
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
mbp-vanpupi:~ pieter$ curl --include --request GET --user ${EMAIL}:${PASSWD} --header "X-ID-TENANT-NAME:${IDOMAIN}" https://dbcs.emea.oraclecloud.com/paas/service/dbcs/api/v1.1/instances/${IDOMAIN} HTTP/2 200 server: Oracle-Application-Server-11g strict-transport-security: max-age=31536000;includeSubDomains content-language: en access-control-allow-headers: Content-Type, api_key, Authorization, X-ID-TENANT-NAME, X-USER-IDENTITY-DOMAIN-NAME access-control-allow-methods: GET, POST, DELETE, PUT, OPTIONS, HEAD x-oracle-dms-ecid: 005OtdVJCI03n315RvWByd0000Eg00028F x-oracle-dms-ecid: 005OtdVJCI03n315RvWByd0000Eg00028F access-control-allow-origin: * x-frame-options: DENY content-type: application/json vary: user-agent date: Thu, 25 Jan 2018 14:12:39 GMT content-length: 792 {"uri":"https:\/\/dbcs.emea.oraclecloud.com:443\/paas\/service\/dbcs\/api\/v1.1\/instances\/idcs-28e1dc1b900a**************25","service_type":"dbaas","implementation_version":"1.0","services":[{"service_name":"vanpupi","service_uuid":"D721464819FB415ABA8D********00D","version":"12.2.0.1","status":"Stopped","description":"testservice","identity_domain":"idcs-28e1dc1b900a**************25","creation_time":"2018-01-04T15:44:55.979+0000","last_modified_time":"2018-01-04T15:44:55.916+0000","created_by":"pieter.vanpuymbroeck@gmail.com","sm_plugin_version":"17.4.6-536","tools_version":"17.4.6-536","service_uri":"https:\/\/dbcs.emea.oraclecloud.com:443\/paas\/service\/dbcs\/api\/v1.1\/instances\/idcs-28e1dc1b900a**************25\/vanpupi","database_id":"0"}],"subscriptions":[]} mbp-vanpupi:~ pieter$ |
As always, questions, remarks? find me on twitter @vanpupi