From d076f79ff6d0a11932f258a94533effcc11c3551 Mon Sep 17 00:00:00 2001
From: Richard Gebhardt <richard.gebhardt@oracle.com>
Date: Fri, 3 Oct 2025 11:58:45 -0400
Subject: [PATCH] fix: use key_content configuration value if available

Signed-off-by: Richard Gebhardt <richard.gebhardt@oracle.com>
---
 src/oci_cli/cli_util.py     |  6 +++++-
 tests/unit/test_cli_util.py | 33 +++++++++++++++++++++++++++++++++
 2 files changed, 38 insertions(+), 1 deletion(-)

diff --git a/src/oci_cli/cli_util.py b/src/oci_cli/cli_util.py
index 615df0418..c91593cd8 100644
--- a/src/oci_cli/cli_util.py
+++ b/src/oci_cli/cli_util.py
@@ -318,7 +318,11 @@ def get_session_token_signer(client_config):
         token = security_token_file.read()
 
     try:
-        private_key = oci.signer.load_private_key_from_file(client_config.get('key_file'), client_config.get('pass_phrase'))
+        key_content = client_config.get("key_content")
+        if key_content:
+            private_key = oci.signer.load_private_key(key_content, client_config.get('pass_phrase'))
+        else:
+            private_key = oci.signer.load_private_key_from_file(client_config.get('key_file'), client_config.get('pass_phrase'))
     except exceptions.MissingPrivateKeyPassphrase:
         client_config['pass_phrase'] = prompt_for_passphrase()
         private_key = oci.signer.load_private_key_from_file(client_config.get('key_file'), client_config.get('pass_phrase'))
diff --git a/tests/unit/test_cli_util.py b/tests/unit/test_cli_util.py
index bb3fba054..dc3076a44 100644
--- a/tests/unit/test_cli_util.py
+++ b/tests/unit/test_cli_util.py
@@ -6,6 +6,7 @@
 import oci
 import tempfile
 import unittest
+from unittest.mock import patch
 from oci_cli import cli_util
 
 
@@ -32,6 +33,36 @@ def build_config(ctx):
 
 class TestCliUtil(unittest.TestCase):
 
+    @patch('oci.signer.load_private_key')
+    @patch('oci.signer.load_private_key_from_file')
+    def test_get_session_token_signer(self, mock_load_private_key, mock_load_private_key_from_file):
+        # Test when 'key_content' is not in client_config
+        client_config_key_file = {
+            'key_file': 'test_key_file',
+            'pass_phrase': 'test_passphrase',
+        }
+        cli_util.get_session_token_signer(client_config_key_file)
+        mock_load_private_key_from_file.assert_called_once_with(
+            client_config_key_file.get('key_file'),
+            client_config_key_file.get('pass_phrase'),
+        )
+        mock_load_private_key.assert_not_called()
+
+        # Test when 'key_content' is in client_config
+        mock_load_private_key.reset_mock()
+        mock_load_private_key_from_file.reset_mock()
+
+        client_config_key_content = {
+            'key_content': 'test_key_content',
+            'pass_phrase': 'test_passphrase'
+        }
+        cli_util.get_session_token_signer(client_config_key_content)
+        mock_load_private_key.assert_called_once_with(
+            client_config_key_content.get('key_content'),
+            client_config_key_content.get('pass_phrase'),
+        )
+        mock_load_private_key_from_file.assert_not_called()
+
     def test_iam_coalesce_provided_and_default_value(self):
         ctx = Obj()
         ctx.obj = Obj()
@@ -142,3 +173,5 @@ def test_get_possible_subtype_based_on_payload(self):
 
         subtype = cli_util.get_possible_subtype_based_on_payload(oci.core.models.InstanceConfigurationInstanceDetails, 'core', payload)
         assert subtype.__class__.__name__ == 'ComputeInstanceDetails'
+
+        # Add the import statement for patch