OCI – Use Powershell To deal with ObjectStorage

TLDR – Sample Powershell to list items and upload items to an Oracle Object storage buckets

GET list the contents of a bucket

I was working a case this week where we needed to test the login credentials of a user trying to access a Bucket in OCI Object Storage. I have a sample Curl command you can run to GET a list of bucket content and PUT / Upload files into a bucket.  The user with the issue was running a Windows instance which does not have curl natively install. Lucky for us he had a Linux instance in the same network we could test with. Having not touched PowerShell in ages I figured this was a good excuse to crank out some Powershell.

Screenshot 2019-08-27 at 10.54.58.png
View of the Object storage bucket I used for testing

Get Request

The process started with an attempt to write a script to list the contents of a bucket. Curl commands can be converted to Invoke-WebRequest or Invoke-RestMethod commands in PowerShell. For the Oracle stuff, Invoke-WebRequest did the trick. Roadblock one, what auth credentials do you use? For basic auth to a bucket with Oracle, you use an Auth token; I’ll cover these at the end of this topic and the code comments. For now, let us assume we have the credentials

Armed with the correct user name and password I first tried using the -credential option to send the login credentials; that failed. After a bit of web searching, how all great programs are written, I found a post explaining how to send basic auth credentials as part of the header. About 4 lines of code to replace the -u user option in Curl; mutter. The result and working sample of a GET request are below. – Yes, I deleted the Auth token so you cannot use it.

# command in Curl - curl -v -u '[email protected]:41f91XnTHq]Qwi(u>h>g' -X GET https://swiftobjectstorage.us-phoenix-1.oraclecloud.com/v1/customeroperations/HappyKev_PHX
# For credential use your user name and AUTH token.
# You can generate an Auth token from the OCI webconsole under your user account

# Things to Modify
$user = "[email protected]"
$pass = "41f91XnTHq]Qwi(u>h>g"
$uri = "https://swiftobjectstorage.us-phoenix-1.oraclecloud.com/v1/customeroperations/HappyKev_PHX"

# needed to support TLS in older versions of powershell
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

# Encode the password to shove it into a header then build the auth header
$pair = "$($user):$($pass)"
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))
$basicAuthValue = "Basic $encodedCreds"
$Headers = @{
Authorization = $basicAuthValue
}

# do the actual work, connect to the URL, and make pretty output
$resp = invoke-webrequest -Method GET -uri $uri -Headers $Headers -verbose -UseBasicParsing
$resp
(convertfrom-json $resp.Content) | ft

The Put Request

It only took a few changes to the GET script to come up with a script to PUSH a file to the bucket. Note the URI needs to have the file name in it as you want to name the file in the bucket. The script assumes the file is in the folder you’re running the script from. If you put “c:\users\kev\desktop\bob.txt” in $filename it will append the full path to the URI and break the script. If you are going to use a full path modify the script accordingly. Maybe next week I’ll turn these into full commands and upload them to GIT, if I do I’ll add links to this topic. Below is the sample code to upload a file to a bucket.

# To use Modify $user $pass, $uri, and $filename
# For credential use your user name and AUTH token.
# You can generate an Auth token from the OCI webconsole under your user account

#Things to modify
$user = "[email protected]"
$pass = "41f91XnTHq]Qwi(u>h>g"
$uri = "https://swiftobjectstorage.us-phoenix-1.oraclecloud.com/v1/customeroperations/HappyKev_PHX"
$filename = "bob.txt" # Name of the file you want to upload

# needed to support TLS in older versions of powershell
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

# Encode the password to shove it into a header then build the auth header
$pair = "$($user):$($pass)"
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))
$basicAuthValue = "Basic $encodedCreds"
$Headers = @{
Authorization = $basicAuthValue
}

$uriput = $uri+$filename

# do the actual work, connect to the URL, upload the file, list the files
invoke-webrequest -Method PUT -InFile $filename -uri $uriput -Headers $Headers -verbose -UseBasicParsing
convertfrom-json (invoke-webrequest -Method GET -uri $uri -Headers $Headers -UseBasicParsing).content | ft

Where the Auth Tokens come from

Auth Tokens can be created under your user object in the Oracle Cloud web console under Auth Tokens. The token shows up when you create it for you to copy and save. Once you close the box the token can never be seen again in the console. Make sure you save it in a safe place. At this time you’re allowed 3 Auth tokens by default. If you require more you’ll need to file a limit increase request

Screenshot 2019-08-27 at 10.55.32.png

Leave a Reply

2 thoughts on “OCI – Use Powershell To deal with ObjectStorage”

%d bloggers like this: