OCI Setup

# Configure these two values
export TENANCY_OCID="ocid1.tenancy.oc1..xxxxx"  # Find in OCI Console > Profile > Tenancy
export REGION="eu-frankfurt-1"                   # Your OCI region

# Create user, group, and policy
USER_NAME="cloudgeni-readonly"
GROUP_NAME="CloudGeniReadOnly"

USER_OCID=$(oci iam user create --name "$USER_NAME" \
  --description "CloudGeni read-only access" \
  --email "[email protected]" --query 'data.id' --raw-output)

GROUP_OCID=$(oci iam group create --name "$GROUP_NAME" \
  --description "CloudGeni read-only group" --query 'data.id' --raw-output)

oci iam group add-user --group-id "$GROUP_OCID" --user-id "$USER_OCID"

oci iam policy create --name "CloudGeniReadOnly" \
  --compartment-id "$TENANCY_OCID" \
  --statements '["Allow group CloudGeniReadOnly to read all-resources in tenancy"]' \
  --description "Read-only access for CloudGeni"

# Generate API key
openssl genrsa -out cloudgeni-oci.pem 2048
openssl rsa -pubout -in cloudgeni-oci.pem -out cloudgeni-oci-public.pem 2>/dev/null

FINGERPRINT=$(oci iam user api-key upload --user-id "$USER_OCID" \
  --key-file cloudgeni-oci-public.pem --query 'data.fingerprint' --raw-output)

# Output credentials
echo ""
echo "=== CloudGeni OCI Credentials ==="
echo "Tenancy OCID: $TENANCY_OCID"
echo "User OCID: $USER_OCID"
echo "Fingerprint: $FINGERPRINT"
echo "Region: $REGION"
echo "Private Key: cloudgeni-oci.pem (in current directory)"