Type: io.helidon.integrations.oci.OciConfig

This is a standalone configuration type, prefix from configuration root: helidon.oci

Configuration options

Table 1. Optional configuration options
key type default value description

allowed-authentication-methods

string[]

 

List of attempted authentication strategies in case io.helidon.integrations.oci.OciConfig.authenticationMethod() is set to AUTHENTICATION_METHOD_AUTO.

In case the list is empty, all available strategies will be tried, ordered by their io.helidon.common.Weight

See io.helidon.integrations.oci.OciConfig.authenticationMethod()

authentication-method

string

auto

Authentication method to use. If the configured method is not available, an exception would be thrown for OCI related services.

Known and supported authentication strategies for public OCI:

  • AUTHENTICATION_METHOD_AUTO - use the list of io.helidon.integrations.oci.OciConfig.allowedAuthenticationMethods() (in the provided order), and choose the first one capable of providing data

  • AuthenticationMethodConfig.METHOD - use configuration of the application to obtain values needed to set up connectivity, uses com.oracle.bmc.auth.SimpleAuthenticationDetailsProvider

  • AuthenticationMethodConfigFile.METHOD - use configuration file of OCI (home/.oci/config), uses com.oracle.bmc.auth.ConfigFileAuthenticationDetailsProvider

  • resource-principal - use identity of the OCI resource the service is executed on (fn), uses com.oracle.bmc.auth.ResourcePrincipalAuthenticationDetailsProvider, and is available in a separate module helidon-integrations-oci-authentication-resource

  • instance-principal - use identity of the OCI instance the service is running on, uses com.oracle.bmc.auth.InstancePrincipalsAuthenticationDetailsProvider, and is available in a separate module helidon-integrations-oci-authentication-resource

  • oke-workload-identity - use identity of the OCI Kubernetes workload, uses com.oracle.bmc.auth.okeworkloadidentity.OkeWorkloadIdentityAuthenticationDetailsProvider, and is available in a separate module helidon-integrations-oci-authentication-oke-workload

authentication-timeout

Duration

PT10S

Timeout of authentication operations, where applicable. This is a timeout for each operation (if there are retries, each timeout will be this duration). Defaults to 10 seconds.

authentication.config

ConfigMethodConfig

 

Config method configuration (if provided and used).

authentication.config-file

ConfigFileMethodConfig

 

Config file method configuration (if provided and used).

authentication.session-token

SessionTokenMethodConfig

 

Session token method configuration (if provided and used).

federation-endpoint

URI

 

Customization of federation endpoint for authentication providers.

imds-base-uri

URI

 

The OCI IMDS URI (http URL pointing to the metadata service, if customization needed).

imds-detect-retries

int

 

Customize the number of retries to contact IMDS service.

imds-timeout

Duration

PT1S

The OCI IMDS connection timeout. This is used to auto-detect availability.

This configuration property is used when attempting to connect to the metadata service.

region

Region

 

Explicit region. The configured region will be used by region provider. This may be ignored by authentication detail providers, as in most cases region is provided by them.

tenant-id

string

 

OCI tenant id for Instance Principal, Resource Principal or OKE Workload.