### PaaS Authentication

The authenticated user must be an Oracle Cloud user.

You must include the Authorization header and use Basic authorization. That is, the header value must begin with Basic followed by a space, and then base-64 encoded <domain.username>:<password>. You should URL encode the string before you base-64 encode it. For the domain portion of the string, use your identity domain. For example, if your identity domain is exampleDomain, you might use exampleDomain.jdoe@example.com:myPassword. (Every Oracle Cloud service belongs to an identity domain. An identity domain is a construct for managing users and roles through Oracle Identity Cloud Service).

In [None]:
# https://pyswagger.readthedocs.io/en/latest/
import keyring
import requests
from pyswagger import App, Security
from pyswagger.contrib.client.requests import Client

from requests.auth import _basic_auth_str

from secrets import opc_username, opc_password

In [None]:
idm_domain = 'gc30003'
idm_username = f'{idm_domain}.{opc_username}'
print(f'idm_username: {idm_username}')
# load Swagger resource file into App object
domain_auth_token = _basic_auth_str(idm_username, opc_password)
print(f'domain_auth_token: {domain_auth_token}')

In [None]:
method = 'GET'
headers = dict([('Authorization', domain_auth_token), ('X-ID-TENANT-NAME', 'gc30003'), ('X-PSM-CLI-REQUEST', 'cli'), ('X-PSM-CLI-VERSION', '1.1.20')])
data=None
files = None
params = None
request_url = r'https://apicatalog.oraclecloud.com/v1/orgs/oracle-public/apicollections/compute/18.1.2/apis/Instances/canonical'
print(f'method: {method}, headers: {headers}, URL: {request_url}')

In [None]:
response = requests.request(method=method, url=request_url, headers=headers, data=data, files=files, params=params)
print(f'Response OK: {response.ok}, Status Code: {response.status_code}, URL: {response.url}')

In [None]:
response.json()

In [None]:
request_url = r'https://apicatalog.oraclecloud.com/v1/search?q=Instances'
response = requests.request(method=method, url=request_url, headers=headers, data=data, files=files, params=params)
print(f'Response OK: {response.ok}, Status Code: {response.status_code}, URL: {response.url}')

In [None]:
response.json()

In [None]:
request_url = r'https://apicatalog.oraclecloud.com/v1/orgs/oracle-public/apicollections/compute/18.1.2/apis/Instances'
response = requests.request(method=method, url=request_url, headers=headers, data=data, files=files, params=params)
print(f'Response OK: {response.ok}, Status Code: {response.status_code}, URL: {response.url}')

In [None]:
response.json()

In [None]:
request_url = r'https://apicatalog.oraclecloud.com/v1/orgs/oracle-public/apicollections/compute/18.1.2/apis/Instances/canonical'
response = requests.request(method=method, url=request_url, headers=headers, data=data, files=files, params=params)
print(f'Response OK: {response.ok}, Status Code: {response.status_code}, URL: {response.url}')

In [None]:
swagger_defn = response.json()

In [None]:
swagger_defn.keys()
# swagger_defn['swagger']
swagger_defn

### IaaS (Compute Classic) Authentication



[https://docs.oracle.com/en/cloud/iaas/compute-iaas-cloud/stcsa/Authentication.html](https://docs.oracle.com/en/cloud/iaas/compute-iaas-cloud/stcsa/Authentication.html)


API calls to Compute Classic require basic authentication (user name and password). You can pass your username and password with every API call or you can pass a valid authentication token. To get a valid authentication token, send an HTTP request to authenticate the user credentials. If the authentication request succeeds, the server returns a cookie containing an authentication token that is valid for 30 minutes. The client making the API calls must include this cookie in the API calls.


Get an authentication cookie from Compute Classic, as shown in the following cURL command example:

```
curl -i -X POST
     -H "Content-Type: application/oracle-compute-v3+json"
     -d '{"user":"/Compute-acme/jack.jones@example.com","password":"ft7)Dvjo"}'
        https://api-z999.compute.us0.oraclecloud.com/authenticate/

```
5. In the response to the POST request, look for the Set-Cookie header, as shown in the following example.

```
Set-Cookie: nimbula=eyJpZGVudGl0eSI6ICJ7XCJyZWFsbVwiOiBcImNvbXB1dGUtdXM2LXoyOFwiLCBcInZhbHVlXCI6IFwie1xcXCJjdXN0b21lclxcXCI6IFxcXCJDb21wdXRlLWFjbWVjY3NcXFwiLCBcXFwicmVhbG1cXFwiOiBcXFwiY29tcHV0ZS11czYtejI4XFxcIiwgXFxcImVudGl0eV90eXBlXFxcIjogXFxcInVzZXJcXFwiLCBcXFwic2Vzc2lvbl9leHBpcmVzXFxcIjogMTQ2MDQ4NjA5Mi44MDM1NiwgXFxcImV4cGlyZXNcXFwiOiAxNDYwNDc3MDkyLjgwMzU5MiwgXFxcInVzZXJcXFwiOiBcXFwiL0NvbXB1dGUtYWNtZWNjcy9zeWxhamEua2FubmFuQG9yYWNsZS5jb21cXFwiLCBcXFwiZ3JvdXBzXFxcIjogW1xcXCIvQ29tcHV0ZS1hY21lY2NzL0NvbXB1dGUuQ29tcHV0ZV9PcGVyYXRpb25zXFxcIiwgXFxcIi9Db21wdXRlLWFjbWVjY3MvQ29tcHV0ZS5Db21wdXRlX01vbml0b3JcXFwiXX1cIiwgXCJzaWduYXR1cmVcIjogXCJRT0xaeUZZdU54SmdjL3FuSk16MDRnNmRWVng2blY5S0JpYm5zeFNCWXJXcVVJVGZmMkZtdjhoTytaVnZwQVdURGpwczRNMHZTc2RocWw3QmM0VGJpSmhFTWVyNFBjVVgvb05qd2VpaUcyaStBeDBPWmc3SDJFSjRITWQ0S1V3eTl6NlYzRHd4eUhwTjdqM0w0eEFUTDUyeVpVQWVQK1diMkdzU1pjMmpTaHZyNi9ibU1CZ1Nyd2M4MUdxdURBMFN6d044V2VneUF1YVk5QTUxZmxaanJBMGVvVUJudmZ6NGxCUVVIZXloYyt0SXZVaDdUcGU2RGwxd3RSeFNGVVlQR0FEQk9xMExGaVd1QlpaU0FTZVcwOHBZcEZ2a2lOZXdPdU9LaU93dFc3VkFtZ3VHT0E1Yk1ibzYvMm5oZEhTWHJhYmtsY000UVE1LzZUMDJlZUpTYVE9PVwifSJ9; Path=/; Max-Age=1800
Note that the Set-Cookie header and value are in a single line. Line breaks are used in this example for readability.
```
6. Store the authentication cookie in an environment variable, as shown in the following example for a Linux host.

Note that the entire command is in a single line. Line breaks are used in this example for readability.
```
export COMPUTE_COOKIE='nimbula=eyJpZGVudGl0eSI6ICJ7XCJyZWFsbVwiOiBcImNvbXB1dGUtdXM2LXoyOFwiLCBcInZhbHVlXCI6IFwie1xcXCJjdXN0b21lclxcXCI6IFxcXCJDb21wdXRlLWFjbWVjY3NcXFwiLCBcXFwicmVhbG1cXFwiOiBcXFwiY29tcHV0ZS11czYtejI4XFxcIiwgXFxcImVudGl0eV90eXBlXFxcIjogXFxcInVzZXJcXFwiLCBcXFwic2Vzc2lvbl9leHBpcmVzXFxcIjogMTQ2MDQ4NjA5Mi44MDM1NiwgXFxcImV4cGlyZXNcXFwiOiAxNDYwNDc3MDkyLjgwMzU5MiwgXFxcInVzZXJcXFwiOiBcXFwiL0NvbXB1dGUtYWNtZWNjcy9zeWxhamEua2FubmFuQG9yYWNsZS5jb21cXFwiLCBcXFwiZ3JvdXBzXFxcIjogW1xcXCIvQ29tcHV0ZS1hY21lY2NzL0NvbXB1dGUuQ29tcHV0ZV9PcGVyYXRpb25zXFxcIiwgXFxcIi9Db21wdXRlLWFjbWVjY3MvQ29tcHV0ZS5Db21wdXRlX01vbml0b3JcXFwiXX1cIiwgXCJzaWduYXR1cmVcIjogXCJRT0xaeUZZdU54SmdjL3FuSk16MDRnNmRWVng2blY5S0JpYm5zeFNCWXJXcVVJVGZmMkZtdjhoTytaVnZwQVdURGpwczRNMHZTc2RocWw3QmM0VGJpSmhFTWVyNFBjVVgvb05qd2VpaUcyaStBeDBPWmc3SDJFSjRITWQ0S1V3eTl6NlYzRHd4eUhwTjdqM0w0eEFUTDUyeVpVQWVQK1diMkdzU1pjMmpTaHZyNi9ibU1CZ1Nyd2M4MUdxdURBMFN6d044V2VneUF1YVk5QTUxZmxaanJBMGVvVUJudmZ6NGxCUVVIZXloYyt0SXZVaDdUcGU2RGwxd3RSeFNGVVlQR0FEQk9xMExGaVd1QlpaU0FTZVcwOHBZcEZ2a2lOZXdPdU9LaU93dFc3VkFtZ3VHT0E1Yk1ibzYvMm5oZEhTWHJhYmtsY000UVE1LzZUMDJlZUpTYVE9PVwifSJ9; Path=/; Max-Age=1800'
After getting an authentication cookie, you can perform operations on Compute Classic objects.
```



#### How to Generate an Authentication Token in OCI Compute Classic

[https://simplesassim.wordpress.com/2017/06/07/how-to-generate-an-authentication-token-in-oci-compute-classic/](https://simplesassim.wordpress.com/2017/06/07/how-to-generate-an-authentication-token-in-oci-compute-classic/)

```
import requests
 
res = requests.post('https://host/authenticate/', json = { 'user': '/sampleService-sampleIdentityDomain/sampleUser', 'password': 'samplePassword' })
 
if res.no_content:
  print(res.headers['Set-Cookie'])![image.png](attachment:image.png)
  
  
```  

In [1]:
import keyring
import requests
from requests import Session
from requests.auth import HTTPBasicAuth
from requests.auth import _basic_auth_str
from secrets import opc_username, opc_password

In [2]:
idm_domain_name = 'gc30003'
idm_service_instance_id = '587626604'
iaas_rest_endpoint = r'https://compute.uscom-central-1.oraclecloud.com'
iaas_auth_endpoint = r'https://compute.uscom-central-1.oraclecloud.com/authenticate/'
traditional_iaas_username = f'/Compute-{idm_domain_name}/{opc_username}'
idcs_iaas_username = f'/Compute-{idm_service_instance_id}/{opc_username}'
basic_auth_cred = _basic_auth_str(idcs_iaas_username, opc_password)
json_data={"user":traditional_iaas_username, "password":opc_password}
files = None
params = None
headers = dict([('Authorization', basic_auth_cred), ('Content-Type', 'application/oracle-compute-v3+json'), ('X-ID-TENANT-NAME', 'gc30003'), ('X-PSM-CLI-REQUEST', 'cli'), ('X-PSM-CLI-VERSION', '1.1.20')])

print(f'headers: {headers}')
print(f'json_data: {json_data}')
print(f'basic_auth_cred: {basic_auth_cred}')
print(f'traditional_iaas_username: {traditional_iaas_username}')
print(f'idcs_iaas_username: {idcs_iaas_username}')
print(f'iaas_rest_endpoint: {iaas_rest_endpoint}')
print(f'iaas_auth_endpoint: {iaas_auth_endpoint}')





headers: {'Authorization': 'Basic L0NvbXB1dGUtNTg3NjI2NjA0L2VyaWMuaGFycmlzQG9yYWNsZS5jb206UEBsbDRkaXVtIQ==', 'Content-Type': 'application/oracle-compute-v3+json', 'X-ID-TENANT-NAME': 'gc30003', 'X-PSM-CLI-REQUEST': 'cli', 'X-PSM-CLI-VERSION': '1.1.20'}
json_data: {'user': '/Compute-gc30003/eric.harris@oracle.com', 'password': 'P@ll4dium!'}
basic_auth_cred: Basic L0NvbXB1dGUtNTg3NjI2NjA0L2VyaWMuaGFycmlzQG9yYWNsZS5jb206UEBsbDRkaXVtIQ==
traditional_iaas_username: /Compute-gc30003/eric.harris@oracle.com
idcs_iaas_username: /Compute-587626604/eric.harris@oracle.com
iaas_rest_endpoint: https://compute.uscom-central-1.oraclecloud.com
iaas_auth_endpoint: https://compute.uscom-central-1.oraclecloud.com/authenticate/


In [3]:
session = Session()
session.auth = (idcs_iaas_username, opc_password)
session.headers.update(headers)


In [4]:
response = session.post(url=iaas_auth_endpoint,
                         json=json_data,
                         files=files, 
                         params=params)
print(f'Response OK: {response.ok}, Status Code: {response.status_code}, URL: {response.url}')
if response.ok and 'Set-Cookie' in response.headers:
    print(f"Auth request succeess.\n")
    ### The auth cookie is already placed in the session ... nothing else needs to be done.
    print(f"Session Cookies: {session.cookies}")

else:
    print(f'Something failed! Response OK: {response.ok}, Status Code: {response.status_code}')

Response OK: True, Status Code: 204, URL: https://compute.uscom-central-1.oraclecloud.com/authenticate/
Auth request succeess.

Session Cookies: <RequestsCookieJar[<Cookie nimbula=eyJpZGVudGl0eSI6ICJ7XCJyZWFsbVwiOiBcInVzY29tLWNlbnRyYWwtMVwiLCBcInZhbHVlXCI6IFwie1xcXCJjdXN0b21lclxcXCI6IFxcXCJDb21wdXRlLWdjMzAwMDNcXFwiLCBcXFwicmVhbG1cXFwiOiBcXFwidXNjb20tY2VudHJhbC0xXFxcIiwgXFxcImVudGl0eV90eXBlXFxcIjogXFxcInVzZXJcXFwiLCBcXFwic2Vzc2lvbl9leHBpcmVzXFxcIjogMTUyMzQ4MjE3OC4wNDI4NSwgXFxcImV4cGlyZXNcXFwiOiAxNTIzNDczMTc4LjA0Mjg3OTEsIFxcXCJ1c2VyXFxcIjogXFxcIi9Db21wdXRlLWdjMzAwMDMvZXJpYy5oYXJyaXNAb3JhY2xlLmNvbVxcXCIsIFxcXCJncm91cHNcXFwiOiBbXFxcIi9Db21wdXRlLWdjMzAwMDMvQ29tcHV0ZS5Db21wdXRlX09wZXJhdGlvbnNcXFwiLCBcXFwiL0NvbXB1dGUtZ2MzMDAwMy9Db21wdXRlLkNvbXB1dGVfTW9uaXRvclxcXCJdfVwiLCBcInNpZ25hdHVyZVwiOiBcIlRVNEhIdkliYXVNMmZFM3dwV2wyN2RKSXZOb3ZubWhucW4rcTFrKzlGUk41UGVxdms4Q0ZaR0tJV0RvM3I5S3YyZ2FuaUNJSXhUL05kRnhlUVZBc0NKdG5rSjdlY0ZZQjk0cFR2dHpGRjk3cTdpREpPbHpLVVZ6dHhieDNnSUhJbk1VcDFIaUsxRGZUZ0drenpQNG9WOFM1