def __init__(self, config, **kwargs): """ Creates a new service client :param dict config: Configuration keys and values as per `SDK and Tool Configuration <https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/sdkconfig.htm>`__. The :py:meth:`~oci.config.from_file` method can be used to load configuration from a file. Alternatively, a ``dict`` can be passed. You can validate_config the dict using :py:meth:`~oci.config.validate_config` :param str service_endpoint: (optional) The endpoint of the service to call using this client. For example ``https://iaas.us-ashburn-1.oraclecloud.com``. If this keyword argument is not provided then it will be derived using the region in the config parameter. You should only provide this keyword argument if you have an explicit need to specify a service endpoint. :param timeout: (optional) The connection and read timeouts for the client. The default is that the client never times out. This keyword argument can be provided as a single float, in which case the value provided is used for both the read and connection timeouts, or as a tuple of two floats. If a tuple is provided then the first value is used as the connection timeout and the second value as the read timeout. :type timeout: float or tuple(float, float) :param signer: (optional) The signer to use when signing requests made by the service client. The default is to use a :py:class:`~oci.signer.Signer` based on the values provided in the config parameter. One use case for this parameter is for `Instance Principals authentication <https://docs.us-phoenix-1.oraclecloud.com/Content/Identity/Tasks/callingservicesfrominstances.htm>`__ by passing an instance of :py:class:`~oci.auth.signers.InstancePrincipalsSecurityTokenSigner` as the value for this keyword argument :type signer: :py:class:`~oci.signer.AbstractBaseSigner` :param obj retry_strategy: (optional) A retry strategy to apply to all calls made by this service client (i.e. at the client level). There is no retry strategy applied by default. Retry strategies can also be applied at the operation level by passing a ``retry_strategy`` keyword argument as part of calling the operation. Any value provided at the operation level will override whatever is specified at the client level. This should be one of the strategies available in the :py:mod:`~oci.retry` module. A convenience :py:data:`~oci.retry.DEFAULT_RETRY_STRATEGY` is also available. The specifics of the default retry strategy are described `here <https://oracle-cloud-infrastructure-python-sdk.readthedocs.io/en/latest/sdk_behaviors/retries.html>`__. """ validate_config(config, signer=kwargs.get('signer')) if 'signer' in kwargs: signer = kwargs['signer'] else: signer = Signer( tenancy=config["tenancy"], user=config["user"], fingerprint=config["fingerprint"], private_key_file_location=config.get("key_file"), pass_phrase=get_config_value_or_default(config, "pass_phrase"), private_key_content=config.get("key_content") ) base_client_init_kwargs = { 'regional_client': True, 'service_endpoint': kwargs.get('service_endpoint'), 'timeout': kwargs.get('timeout'), 'base_path': '/20160918' } self.base_client = BaseClient("audit", config, signer, audit_type_mapping, **base_client_init_kwargs) self.retry_strategy = kwargs.get('retry_strategy')
def __init__(self, config, **kwargs): """ Creates a new service client :param dict config: Configuration keys and values as per `SDK and Tool Configuration <https://docs.cloud.oracle.com/Content/API/Concepts/sdkconfig.htm>`__. The :py:meth:`~oci.config.from_file` method can be used to load configuration from a file. Alternatively, a ``dict`` can be passed. You can validate_config the dict using :py:meth:`~oci.config.validate_config` :param str service_endpoint: (optional) The endpoint of the service to call using this client. For example ``https://iaas.us-ashburn-1.oraclecloud.com``. If this keyword argument is not provided then it will be derived using the region in the config parameter. You should only provide this keyword argument if you have an explicit need to specify a service endpoint. :param timeout: (optional) The connection and read timeouts for the client. The default values are connection timeout 10 seconds and read timeout 60 seconds. This keyword argument can be provided as a single float, in which case the value provided is used for both the read and connection timeouts, or as a tuple of two floats. If a tuple is provided then the first value is used as the connection timeout and the second value as the read timeout. :type timeout: float or tuple(float, float) :param signer: (optional) The signer to use when signing requests made by the service client. The default is to use a :py:class:`~oci.signer.Signer` based on the values provided in the config parameter. One use case for this parameter is for `Instance Principals authentication <https://docs.cloud.oracle.com/Content/Identity/Tasks/callingservicesfrominstances.htm>`__ by passing an instance of :py:class:`~oci.auth.signers.InstancePrincipalsSecurityTokenSigner` as the value for this keyword argument :type signer: :py:class:`~oci.signer.AbstractBaseSigner` :param obj retry_strategy: (optional) A retry strategy to apply to all calls made by this service client (i.e. at the client level). There is no retry strategy applied by default. Retry strategies can also be applied at the operation level by passing a ``retry_strategy`` keyword argument as part of calling the operation. Any value provided at the operation level will override whatever is specified at the client level. This should be one of the strategies available in the :py:mod:`~oci.retry` module. A convenience :py:data:`~oci.retry.DEFAULT_RETRY_STRATEGY` is also available. The specifics of the default retry strategy are described `here <https://docs.oracle.com/en-us/iaas/tools/python/latest/sdk_behaviors/retries.html>`__. :param obj circuit_breaker_strategy: (optional) A circuit breaker strategy to apply to all calls made by this service client (i.e. at the client level). This client uses :py:data:`~oci.circuit_breaker.DEFAULT_CIRCUIT_BREAKER_STRATEGY` as default if no circuit breaker strategy is provided. The specifics of circuit breaker strategy are described `here <https://docs.oracle.com/en-us/iaas/tools/python/latest/sdk_behaviors/circuit_breakers.html>`__. :param function circuit_breaker_callback: (optional) Callback function to receive any exceptions triggerred by the circuit breaker. :param allow_control_chars: (optional) allow_control_chars is a boolean to indicate whether or not this client should allow control characters in the response object. By default, the client will not allow control characters to be in the response object. """ validate_config(config, signer=kwargs.get('signer')) if 'signer' in kwargs: signer = kwargs['signer'] elif AUTHENTICATION_TYPE_FIELD_NAME in config: signer = get_signer_from_authentication_type(config) else: signer = Signer(tenancy=config["tenancy"], user=config["user"], fingerprint=config["fingerprint"], private_key_file_location=config.get("key_file"), pass_phrase=get_config_value_or_default( config, "pass_phrase"), private_key_content=config.get("key_content")) base_client_init_kwargs = { 'regional_client': True, 'service_endpoint': kwargs.get('service_endpoint'), 'base_path': '/20181201', 'service_endpoint_template': 'https://functions.{region}.oci.{secondLevelDomain}', 'skip_deserialization': kwargs.get('skip_deserialization', False), 'circuit_breaker_strategy': kwargs.get('circuit_breaker_strategy', circuit_breaker.GLOBAL_CIRCUIT_BREAKER_STRATEGY) } if 'timeout' in kwargs: base_client_init_kwargs['timeout'] = kwargs.get('timeout') if base_client_init_kwargs.get('circuit_breaker_strategy') is None: base_client_init_kwargs[ 'circuit_breaker_strategy'] = circuit_breaker.DEFAULT_CIRCUIT_BREAKER_STRATEGY if 'allow_control_chars' in kwargs: base_client_init_kwargs['allow_control_chars'] = kwargs.get( 'allow_control_chars') self.base_client = BaseClient("functions_invoke", config, signer, functions_type_mapping, **base_client_init_kwargs) self.retry_strategy = kwargs.get('retry_strategy') self.circuit_breaker_callback = kwargs.get('circuit_breaker_callback')
def main(): try: # Check Base path exists check_path(base_path) config = oci.config.from_file("./config.txt", "DEFAULT") validate_config(config) tenancy_id = config["tenancy"] # Initialize CLient identity = oci.identity.IdentityClient(config) #Start as current UTC Time end_time = datetime.datetime.utcnow() #Subscription Regions regions = get_subscription_regions(identity, tenancy_id) write_log(log_file_name, f"Found {len(regions)} Regions in Tenant {tenancy_id}") #Get Compartments compartments = get_compartments(identity, tenancy_id) write_log( log_file_name, f"Found {len(compartments)} Compartments in Tenant {tenancy_id}") #Initialize audit client audit = oci.audit.audit_client.AuditClient(config) for r in regions: # Intialize with a region value. audit.base_client.set_region(r) # Set and validate base path for region region_base_file_path = base_path + "\\" + r check_path(region_base_file_path) for c in compartments: state = "" #Set State and Log file paths audit_file = region_base_file_path + "\\" + c + audit_file_name state_file = region_base_file_path + "\\" + c + state_file_name # Get events` start time start_time = get_state(state_file) # Cleanup log file cleanup_log(audit_file, max_log_file_size_bytes) #Get Compartment Audit log audit_events = get_audit_events(audit, c, start_time, end_time) write_log( log_file_name, f"Found {len(audit_events)} Events in CompartmentID {c} Region {r}" ) if audit_events: of = open(audit_file, "a") for e in audit_events: record = f"{str(e.event_time)},compartment_name={str(e.data.compartment_name)},principal_name={str(e.data.identity.principal_name)},ip_address={str(e.data.identity.ip_address)},event_name={str(e.data.event_name)},source={str(e.source)},request.action={str(e.data.request.action)},response.status={str(e.data.response.status)},response.message={str(e.data.response.message)}\n" of.write(record) #Get last event timestamp and write to state state = str(e.event_time) if state == "": write_log(log_file_name, f"Null state error for Compartment {c}") else: sf = open(state_file, "w") sf.write(state) sf.close of.close else: print(f"No audit for Compartment {c}") except OSError as err: write_log(log_file_name, f"OS Error {err}") except ValueError: write_log(log_file_name, "Could not convert data.") except: write_log(log_file_name, f"Unexpected error: {sys.exc_info()[0]}") raise
def __init__(self, config, **kwargs): """ Creates a new service client :param dict config: Configuration keys and values as per `SDK and Tool Configuration <https://docs.cloud.oracle.com/Content/API/Concepts/sdkconfig.htm>`__. The :py:meth:`~oci.config.from_file` method can be used to load configuration from a file. Alternatively, a ``dict`` can be passed. You can validate_config the dict using :py:meth:`~oci.config.validate_config` :param str service_endpoint: (optional) The endpoint of the service to call using this client. For example ``https://iaas.us-ashburn-1.oraclecloud.com``. If this keyword argument is not provided then it will be derived using the region in the config parameter. You should only provide this keyword argument if you have an explicit need to specify a service endpoint. :param timeout: (optional) The connection and read timeouts for the client. The default is that the client never times out. This keyword argument can be provided as a single float, in which case the value provided is used for both the read and connection timeouts, or as a tuple of two floats. If a tuple is provided then the first value is used as the connection timeout and the second value as the read timeout. :type timeout: float or tuple(float, float) :param signer: (optional) The signer to use when signing requests made by the service client. The default is to use a :py:class:`~oci.signer.Signer` based on the values provided in the config parameter. One use case for this parameter is for `Instance Principals authentication <https://docs.cloud.oracle.com/Content/Identity/Tasks/callingservicesfrominstances.htm>`__ by passing an instance of :py:class:`~oci.auth.signers.InstancePrincipalsSecurityTokenSigner` as the value for this keyword argument :type signer: :py:class:`~oci.signer.AbstractBaseSigner` :param obj retry_strategy: (optional) A retry strategy to apply to all calls made by this service client (i.e. at the client level). There is no retry strategy applied by default. Retry strategies can also be applied at the operation level by passing a ``retry_strategy`` keyword argument as part of calling the operation. Any value provided at the operation level will override whatever is specified at the client level. This should be one of the strategies available in the :py:mod:`~oci.retry` module. A convenience :py:data:`~oci.retry.DEFAULT_RETRY_STRATEGY` is also available. The specifics of the default retry strategy are described `here <https://oracle-cloud-infrastructure-python-sdk.readthedocs.io/en/latest/sdk_behaviors/retries.html>`__. """ validate_config(config, signer=kwargs.get('signer')) if 'signer' in kwargs: signer = kwargs['signer'] else: signer = Signer(tenancy=config["tenancy"], user=config["user"], fingerprint=config["fingerprint"], private_key_file_location=config.get("key_file"), pass_phrase=get_config_value_or_default( config, "pass_phrase"), private_key_content=config.get("key_content")) base_client_init_kwargs = { 'regional_client': True, 'service_endpoint': kwargs.get('service_endpoint'), 'timeout': kwargs.get('timeout'), 'base_path': '/20170907', 'service_endpoint_template': 'https://email.{region}.{secondLevelDomain}', 'skip_deserialization': kwargs.get('skip_deserialization', False) } self.base_client = BaseClient("email", config, signer, email_type_mapping, **base_client_init_kwargs) self.retry_strategy = kwargs.get('retry_strategy')
sys.exit(-1) else: print("Running with: ") print("Instance OCID: {}".format(sys.argv[1])) print("") # # Main # print("") controlla_params() validate_config(config) print("Validate config OK") ocid = sys.argv[1] client = DatabaseClient(config) print('Starting instance...') # yes, also for autonomous DWH client.start_autonomous_data_warehouse(ocid) print("Instance to be started !") print("")
def validate_upload_user_credentials(ctx, upload_bucket, upload_user_config=None): """ There are two users, the admin user and the upload user The admin user is the one who has access to the user's tenancy and can perform operations like creating a job, requesting an appliance, etc. The upload user has enough permissions to just upload data to a particular user bucket. The upload user cannot delete objects from the bucket nor can it make modifications to the bucket or account. In essence it is a restricted user. The upload user is defined in ~/.oci/config_upload_user under the [DEFAULT] section. There is no way to change the file and the section. These are standards that are expected The idea of validation is to check whether the upload user has the ability to create objects, inspect the object and read the object's meta data from Oracle Cloud Infrastructure The procedure is this: 1. Admin user tries to get the test object and delete it if it is present. - This is more of an error check when there is a stale object present from a previous failed run - Only the admin user, NOT the upload user, can delete an object 2. Upload user creates the test object 3. Upload user overwrites the test object 4. Upload user gets the checksum of the test object 5. Upload user gets the metadata of the test bucket 6. Admin user deletes the test object :param upload_bucket: The bucket to upload to :param upload_user_config: config built from APPLIANCE_UPLOAD_USER_CONFIG_PATH :return: None """ # Overriding any endpoint that was set. Need to get to the endpoint based on the config file, not based on the # override parameter ctx.endpoint = None ctx.obj['endpoint'] = None # To support cross region uploads. get the region from the Upload User file # For example, let's say the config file had us-phoenix-1 as the region and config_upload_user had us-ashburn-1 # If the region is not changed in the context, the admin client would be talking to us-phoenix-1 whereas the # upload client would be talking to us-ashburn-1. That's not what we want. try: if not upload_user_config: upload_user_config = get_upload_user_config() oci_config.validate_config(upload_user_config) except exceptions.ProfileNotFound as e: error_message_wrapper( 'ProfileNotFound: Unable to parse the upload user config file %s: %s' % (APPLIANCE_UPLOAD_USER_CONFIG_PATH, e)) except exceptions.InvalidConfig as bad_config: table = render_config_errors(bad_config) template = "InvalidConfig: The config file at {config_file} is invalid:\n\n{errors}" error_message_wrapper( template.format(config_file=APPLIANCE_UPLOAD_USER_CONFIG_PATH, errors=table)) admin_user = get_user(ctx) region = get_upload_user_region() if 'config' in ctx.obj: # config loaded/present if 'region' in ctx.obj['config'] and ctx.obj['config'][ 'region']: # region present in ~/.oci/config if region: # region present in APPLIANCE_UPLOAD_USER_CONFIG_PATH if ctx.obj['config']['region'].strip() != region.strip(): confirm_prompt = "WARNING: The config file under {config_path}/config: '{config_region}' has different region than "\ "{upload_user_path}: '{upload_user_region}'. Are you sure you want to continue with " \ "'{upload_user_region}'?".format(config_path=CONFIG_DIR, upload_user_path=APPLIANCE_UPLOAD_USER_CONFIG_PATH, config_region=ctx.obj['config']['region'], upload_user_region=region) if not click.confirm( click.style(confirm_prompt, fg="yellow")): error_message_wrapper("Aborted. Exiting...") ctx.obj['region'] = region ctx.obj['config']['region'] = region object_storage_admin_client = create_obj_storage_client(ctx) # A bit hacky but gets the job done. Only two parameters need to be changed to get the upload user context, # the profile and the config file. All other parameters remain the same upload_user_ctx = ctx upload_user_ctx.obj['profile'] = 'DEFAULT' upload_user_ctx.obj[ 'config_file'] = APPLIANCE_UPLOAD_USER_CONFIG_PATH # Overriding any endpoint that was set. Need to get to the endpoint based on the config_upload_user file upload_user_ctx.endpoint = None object_storage_upload_client = create_obj_storage_client( upload_user_ctx) namespace = object_storage_admin_client.get_namespace().data try: try: object_storage_admin_client.head_object( namespace, upload_bucket, TEST_OBJECT) click.echo( "Found test object in bucket. Deleting it...") object_storage_admin_client.delete_object( namespace, upload_bucket, TEST_OBJECT) except exceptions.ServiceError as se: if se.status != 404: raise se except Exception as e: raise exceptions.RequestException( "Admin user {} failed to delete the test object {}: {}" .format(admin_user, TEST_OBJECT, str(e))) test_object_content = "Bulk Data Transfer Test" operation = None test_object_exists = False try: operation = "Create object {} in bucket {} using upload user".format( TEST_OBJECT, upload_bucket) object_storage_upload_client.put_object( namespace, upload_bucket, TEST_OBJECT, test_object_content) click.echo(operation) test_object_exists = True operation = "Overwrite object {} in bucket {} using upload user".format( TEST_OBJECT, upload_bucket) object_storage_upload_client.put_object( namespace, upload_bucket, TEST_OBJECT, test_object_content) click.echo(operation) operation = "Inspect object {} in bucket {} using upload user".format( TEST_OBJECT, upload_bucket) object_storage_upload_client.head_object( namespace, upload_bucket, TEST_OBJECT) click.echo(operation) operation = "Read bucket metadata {} using upload user".format( upload_bucket) metadata = object_storage_upload_client.get_bucket( namespace, upload_bucket).data.metadata click.echo(operation) except exceptions.ServiceError as se: raise exceptions.RequestException( "Failed to {} in tenancy {} as upload user: {}".format( operation, namespace, se.message)) finally: if test_object_exists: try: object_storage_admin_client.delete_object( namespace, upload_bucket, TEST_OBJECT) except exceptions.ServiceError as se: raise exceptions.ServiceError( "Failed to delete test object {} as admin user {}: {}" .format(TEST_OBJECT, admin_user, se.message)) else: error_message_wrapper( 'Unable to parse the upload user config file. Region not found in %s' % APPLIANCE_UPLOAD_USER_CONFIG_PATH) else: error_message_wrapper( 'Unable to parse the config file. Region not found in %s/config' % CONFIG_DIR) else: error_message_wrapper('Unable to parse the config file at %s/config' % CONFIG_DIR)
print("oci version:", pkg_resources.get_distribution("oci").version) # Set do_clean_up_at_end to false to keep the autonomous database, secrets and connection created do_clean_up_at_end = True # Variables that will be modified during the processing autonomous_database_id = None wallet_secret_id = None password_secret_id = None connection_id = None # Load OCI Config oci_config = from_file(file_location="~/.oci/config", profile_name="DEFAULT") # Validate OCI Config validate_config(oci_config) # Prepare all clients that we will need db_client, db_async_client = get_database_clients(oci_config) vaults_client, vaults_async_client = get_vaults_clients(oci_config) kms_vault_client = get_kms_vault_client(oci_config) secrets_client = get_secrets_client(oci_config) dbtools_client, dbtools_async_client = get_dbtools_clients(oci_config) # Prepare a dict that contains all the required clients clients = { "db_client": db_client, "db_async_client": db_async_client, "vaults_client": vaults_client, "vaults_async_client": vaults_async_client, "kms_vault_client": kms_vault_client,
""" Setup, invoke, or, teardown a function. :param args: The commandline args: setup, invoke, teardown :type argv: [str] """ # All resources will be prefixed with this name. name = NAME_PREFIX # Load OCI credentials from default location and profile. cfg = config.from_file(file_location=os.getenv("OCI_CONFIG_PATH", config.DEFAULT_LOCATION), profile_name=os.getenv("OCI_CONFIG_PROFILE", config.DEFAULT_PROFILE)) config.validate_config(cfg) # All resources will be created in the specified compartment. compartment_name = os.environ.get('COMPARTMENT_NAME') if compartment_name is not None: compartment_id = get_compartment_id(cfg, compartment_name).id else: compartment_id = os.environ.get('COMPARTMENT_ID') if compartment_id is None: print( "The COMPARTMENT_ID (or COMPARTMENT_NAME) environment variable must be set." ) sys.exit(1) # We need an accessible image to invoke. # e.g. phx.ocir.io/tenancy-name/registry/imagename:version
def validate_configuration(): config = get_configuration() validate_config(config)