Backplane Open Source Cloud Abstraction API

Creating a Service Principal in OCI

Creating a service principal in Oracle Cloud Infrastructure (OCI) involves setting up a:

Dynamic Group
Policy to allow a non-human entity, such as an application or script, to perform actions on your behalf.

Here’s how you can set up and use a service principal for authenticating Backplane with OCI

Create a Dynamic Group

Log in to the Oracle Cloud Console.
Obtain the Root Compartment OCID from Identity & Security -> Compartments
Navigate to Identity & Security -> Domains -> Click on Domain -> Dynamic Groups
Create a New Dynamic Group:

Click on “Create Dynamic Group”.
Enter a Name and Description for the dynamic group

Field Value
Name Backplane API
Description Service Credentials for Backplane API to create compartments
Define the Matching Rules to include the instances or resources that you want this dynamic group to manage. For example, to include all instances in your tenancy:

Matching Rule
```
ALL {instance.compartment.id = '<your_compartment_ocid>'}
```
- Click Create

Field	Value
Name	`Backplane API`
Description	`Service Credentials for Backplane API to create compartments`

Create a Policy

Navigate to Identity & Security > Policies
Click Create Policy
- Enter a Name, Description, and Compartment for the policy.
- In Policy Builder, toggle it to show manual editor and add the required Policy Statement/s. For example, to allow the Dynamic Group to manage all resources:
```
Allow dynamic-group '<Domain>'/'<Dynamic Group Name>' to manage all-resources in tenancy
```
- Click Create

Collect Information

Field	How
User OCID	Go to Identity & Security -> Domain -> Users
Tenancy OCID	Go to Governance & Administrator -> Tenancy Details
Region	Same as above
API Signing Key / private key	Go to Identity & Security -> Domains -> Users -> Resources -> API Key -> Add API Key -> Generate API key pair -> Download Private Key -> Add
Fingerprint	Copy Fingerprint from Resources -> API Keys

Create an oci.json file as per template below with the information collected

Example oci.json

{
  "tenancyId": "ocid1.tenancy.oc1..aaaaaaaane...",
  "userId": "ocid1.user.oc1..aaaaaaaayuatcpsk...",
  "fingerprint": "xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx",
  "privateKey": "-----BEGIN PRIVATE KEY-----\nMIIEv...n-----END PRIVATE KEY-----\n",
  "region": "uk-london-1",
  "passphrase": null
}

Add OCI Credentials via CLI

bp cloud oci add -i 66681fa21440f6afb76522e6 --ocisecret ../oci.json

OCI Credentials are now added to Backplane for Compartment Creation

Help us improve the documentation

If you encounter any issues or errors in the documentation, please report on the Support Slack Channel

Connect to OCI