def __init__(self, config, **kwargs):
"""
Creates a new service client
:param dict config:
Configuration keys and values as per `SDK and Tool Configuration <https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/sdkconfig.htm>`__.
The :py:meth:`~oci.config.from_file` method can be used to load configuration from a file. Alternatively, a ``dict`` can be passed. You can validate_config
the dict using :py:meth:`~oci.config.validate_config`
:param str service_endpoint: (optional)
The endpoint of the service to call using this client. For example ``https://iaas.us-ashburn-1.oraclecloud.com``. If this keyword argument is
not provided then it will be derived using the region in the config parameter. You should only provide this keyword argument if you have an explicit
need to specify a service endpoint.
:param timeout: (optional)
The connection and read timeouts for the client. The default is that the client never times out. This keyword argument can be provided
as a single float, in which case the value provided is used for both the read and connection timeouts, or as a tuple of two floats. If
a tuple is provided then the first value is used as the connection timeout and the second value as the read timeout.
:type timeout: float or tuple(float, float)
:param signer: (optional)
The signer to use when signing requests made by the service client. The default is to use a :py:class:`~oci.signer.Signer` based on the values
provided in the config parameter.
One use case for this parameter is for `Instance Principals authentication <https://docs.us-phoenix-1.oraclecloud.com/Content/Identity/Tasks/callingservicesfrominstances.htm>`__
by passing an instance of :py:class:`~oci.auth.signers.InstancePrincipalsSecurityTokenSigner` as the value for this keyword argument
:type signer: :py:class:`~oci.signer.AbstractBaseSigner`
:param obj retry_strategy: (optional)
A retry strategy to apply to all calls made by this service client (i.e. at the client level). There is no retry strategy applied by default.
Retry strategies can also be applied at the operation level by passing a ``retry_strategy`` keyword argument as part of calling the operation.
Any value provided at the operation level will override whatever is specified at the client level.
This should be one of the strategies available in the :py:mod:`~oci.retry` module. A convenience :py:data:`~oci.retry.DEFAULT_RETRY_STRATEGY`
is also available. The specifics of the default retry strategy are described `here <https://oracle-cloud-infrastructure-python-sdk.readthedocs.io/en/latest/sdk_behaviors/retries.html>`__.
"""
validate_config(config, signer=kwargs.get('signer'))
if 'signer' in kwargs:
signer = kwargs['signer']
else:
signer = Signer(
tenancy=config["tenancy"],
user=config["user"],
fingerprint=config["fingerprint"],
private_key_file_location=config.get("key_file"),
pass_phrase=get_config_value_or_default(config, "pass_phrase"),
private_key_content=config.get("key_content")
)
base_client_init_kwargs = {
'regional_client': True,
'service_endpoint': kwargs.get('service_endpoint'),
'timeout': kwargs.get('timeout'),
'base_path': '/20160918'
}
self.base_client = BaseClient("audit", config, signer, audit_type_mapping, **base_client_init_kwargs)
self.retry_strategy = kwargs.get('retry_strategy')
def __init__(self, config, **kwargs):
"""
Creates a new service client
:param dict config:
Configuration keys and values as per `SDK and Tool Configuration <https://docs.cloud.oracle.com/Content/API/Concepts/sdkconfig.htm>`__.
The :py:meth:`~oci.config.from_file` method can be used to load configuration from a file. Alternatively, a ``dict`` can be passed. You can validate_config
the dict using :py:meth:`~oci.config.validate_config`
:param str service_endpoint: (optional)
The endpoint of the service to call using this client. For example ``https://iaas.us-ashburn-1.oraclecloud.com``. If this keyword argument is
not provided then it will be derived using the region in the config parameter. You should only provide this keyword argument if you have an explicit
need to specify a service endpoint.
:param timeout: (optional)
The connection and read timeouts for the client. The default values are connection timeout 10 seconds and read timeout 60 seconds. This keyword argument can be provided
as a single float, in which case the value provided is used for both the read and connection timeouts, or as a tuple of two floats. If
a tuple is provided then the first value is used as the connection timeout and the second value as the read timeout.
:type timeout: float or tuple(float, float)
:param signer: (optional)
The signer to use when signing requests made by the service client. The default is to use a :py:class:`~oci.signer.Signer` based on the values
provided in the config parameter.
One use case for this parameter is for `Instance Principals authentication <https://docs.cloud.oracle.com/Content/Identity/Tasks/callingservicesfrominstances.htm>`__
by passing an instance of :py:class:`~oci.auth.signers.InstancePrincipalsSecurityTokenSigner` as the value for this keyword argument
:type signer: :py:class:`~oci.signer.AbstractBaseSigner`
:param obj retry_strategy: (optional)
A retry strategy to apply to all calls made by this service client (i.e. at the client level). There is no retry strategy applied by default.
Retry strategies can also be applied at the operation level by passing a ``retry_strategy`` keyword argument as part of calling the operation.
Any value provided at the operation level will override whatever is specified at the client level.
This should be one of the strategies available in the :py:mod:`~oci.retry` module. A convenience :py:data:`~oci.retry.DEFAULT_RETRY_STRATEGY`
is also available. The specifics of the default retry strategy are described `here <https://docs.oracle.com/en-us/iaas/tools/python/latest/sdk_behaviors/retries.html>`__.
:param obj circuit_breaker_strategy: (optional)
A circuit breaker strategy to apply to all calls made by this service client (i.e. at the client level).
This client uses :py:data:`~oci.circuit_breaker.DEFAULT_CIRCUIT_BREAKER_STRATEGY` as default if no circuit breaker strategy is provided.
The specifics of circuit breaker strategy are described `here <https://docs.oracle.com/en-us/iaas/tools/python/latest/sdk_behaviors/circuit_breakers.html>`__.
:param function circuit_breaker_callback: (optional)
Callback function to receive any exceptions triggerred by the circuit breaker.
:param allow_control_chars: (optional)
allow_control_chars is a boolean to indicate whether or not this client should allow control characters in the response object. By default, the client will not
allow control characters to be in the response object.
"""
validate_config(config, signer=kwargs.get('signer'))
if 'signer' in kwargs:
signer = kwargs['signer']
elif AUTHENTICATION_TYPE_FIELD_NAME in config:
signer = get_signer_from_authentication_type(config)
else:
signer = Signer(tenancy=config["tenancy"],
user=config["user"],
fingerprint=config["fingerprint"],
private_key_file_location=config.get("key_file"),
pass_phrase=get_config_value_or_default(
config, "pass_phrase"),
private_key_content=config.get("key_content"))
base_client_init_kwargs = {
'regional_client':
True,
'service_endpoint':
kwargs.get('service_endpoint'),
'base_path':
'/20181201',
'service_endpoint_template':
'https://functions.{region}.oci.{secondLevelDomain}',
'skip_deserialization':
kwargs.get('skip_deserialization', False),
'circuit_breaker_strategy':
kwargs.get('circuit_breaker_strategy',
circuit_breaker.GLOBAL_CIRCUIT_BREAKER_STRATEGY)
}
if 'timeout' in kwargs:
base_client_init_kwargs['timeout'] = kwargs.get('timeout')
if base_client_init_kwargs.get('circuit_breaker_strategy') is None:
base_client_init_kwargs[
'circuit_breaker_strategy'] = circuit_breaker.DEFAULT_CIRCUIT_BREAKER_STRATEGY
if 'allow_control_chars' in kwargs:
base_client_init_kwargs['allow_control_chars'] = kwargs.get(
'allow_control_chars')
self.base_client = BaseClient("functions_invoke", config, signer,
functions_type_mapping,
**base_client_init_kwargs)
self.retry_strategy = kwargs.get('retry_strategy')
self.circuit_breaker_callback = kwargs.get('circuit_breaker_callback')
def main():
try:
# Check Base path exists
check_path(base_path)
config = oci.config.from_file("./config.txt", "DEFAULT")
validate_config(config)
tenancy_id = config["tenancy"]
# Initialize CLient
identity = oci.identity.IdentityClient(config)
#Start as current UTC Time
end_time = datetime.datetime.utcnow()
#Subscription Regions
regions = get_subscription_regions(identity, tenancy_id)
write_log(log_file_name,
f"Found {len(regions)} Regions in Tenant {tenancy_id}")
#Get Compartments
compartments = get_compartments(identity, tenancy_id)
write_log(
log_file_name,
f"Found {len(compartments)} Compartments in Tenant {tenancy_id}")
#Initialize audit client
audit = oci.audit.audit_client.AuditClient(config)
for r in regions:
# Intialize with a region value.
audit.base_client.set_region(r)
# Set and validate base path for region
region_base_file_path = base_path + "\\" + r
check_path(region_base_file_path)
for c in compartments:
state = ""
#Set State and Log file paths
audit_file = region_base_file_path + "\\" + c + audit_file_name
state_file = region_base_file_path + "\\" + c + state_file_name
# Get events` start time
start_time = get_state(state_file)
# Cleanup log file
cleanup_log(audit_file, max_log_file_size_bytes)
#Get Compartment Audit log
audit_events = get_audit_events(audit, c, start_time, end_time)
write_log(
log_file_name,
f"Found {len(audit_events)} Events in CompartmentID {c} Region {r}"
)
if audit_events:
of = open(audit_file, "a")
for e in audit_events:
record = f"{str(e.event_time)},compartment_name={str(e.data.compartment_name)},principal_name={str(e.data.identity.principal_name)},ip_address={str(e.data.identity.ip_address)},event_name={str(e.data.event_name)},source={str(e.source)},request.action={str(e.data.request.action)},response.status={str(e.data.response.status)},response.message={str(e.data.response.message)}\n"
of.write(record)
#Get last event timestamp and write to state
state = str(e.event_time)
if state == "":
write_log(log_file_name,
f"Null state error for Compartment {c}")
else:
sf = open(state_file, "w")
sf.write(state)
sf.close
of.close
else:
print(f"No audit for Compartment {c}")
except OSError as err:
write_log(log_file_name, f"OS Error {err}")
except ValueError:
write_log(log_file_name, "Could not convert data.")
except:
write_log(log_file_name, f"Unexpected error: {sys.exc_info()[0]}")
raise
def __init__(self, config, **kwargs):
"""
Creates a new service client
:param dict config:
Configuration keys and values as per `SDK and Tool Configuration <https://docs.cloud.oracle.com/Content/API/Concepts/sdkconfig.htm>`__.
The :py:meth:`~oci.config.from_file` method can be used to load configuration from a file. Alternatively, a ``dict`` can be passed. You can validate_config
the dict using :py:meth:`~oci.config.validate_config`
:param str service_endpoint: (optional)
The endpoint of the service to call using this client. For example ``https://iaas.us-ashburn-1.oraclecloud.com``. If this keyword argument is
not provided then it will be derived using the region in the config parameter. You should only provide this keyword argument if you have an explicit
need to specify a service endpoint.
:param timeout: (optional)
The connection and read timeouts for the client. The default is that the client never times out. This keyword argument can be provided
as a single float, in which case the value provided is used for both the read and connection timeouts, or as a tuple of two floats. If
a tuple is provided then the first value is used as the connection timeout and the second value as the read timeout.
:type timeout: float or tuple(float, float)
:param signer: (optional)
The signer to use when signing requests made by the service client. The default is to use a :py:class:`~oci.signer.Signer` based on the values
provided in the config parameter.
One use case for this parameter is for `Instance Principals authentication <https://docs.cloud.oracle.com/Content/Identity/Tasks/callingservicesfrominstances.htm>`__
by passing an instance of :py:class:`~oci.auth.signers.InstancePrincipalsSecurityTokenSigner` as the value for this keyword argument
:type signer: :py:class:`~oci.signer.AbstractBaseSigner`
:param obj retry_strategy: (optional)
A retry strategy to apply to all calls made by this service client (i.e. at the client level). There is no retry strategy applied by default.
Retry strategies can also be applied at the operation level by passing a ``retry_strategy`` keyword argument as part of calling the operation.
Any value provided at the operation level will override whatever is specified at the client level.
This should be one of the strategies available in the :py:mod:`~oci.retry` module. A convenience :py:data:`~oci.retry.DEFAULT_RETRY_STRATEGY`
is also available. The specifics of the default retry strategy are described `here <https://oracle-cloud-infrastructure-python-sdk.readthedocs.io/en/latest/sdk_behaviors/retries.html>`__.
"""
validate_config(config, signer=kwargs.get('signer'))
if 'signer' in kwargs:
signer = kwargs['signer']
else:
signer = Signer(tenancy=config["tenancy"],
user=config["user"],
fingerprint=config["fingerprint"],
private_key_file_location=config.get("key_file"),
pass_phrase=get_config_value_or_default(
config, "pass_phrase"),
private_key_content=config.get("key_content"))
base_client_init_kwargs = {
'regional_client': True,
'service_endpoint': kwargs.get('service_endpoint'),
'timeout': kwargs.get('timeout'),
'base_path': '/20170907',
'service_endpoint_template':
'https://email.{region}.{secondLevelDomain}',
'skip_deserialization': kwargs.get('skip_deserialization', False)
}
self.base_client = BaseClient("email", config, signer,
email_type_mapping,
**base_client_init_kwargs)
self.retry_strategy = kwargs.get('retry_strategy')
sys.exit(-1)
else:
print("Running with: ")
print("Instance OCID: {}".format(sys.argv[1]))
print("")
#
# Main
#
print("")
controlla_params()
validate_config(config)
print("Validate config OK")
ocid = sys.argv[1]
client = DatabaseClient(config)
print('Starting instance...')
# yes, also for autonomous DWH
client.start_autonomous_data_warehouse(ocid)
print("Instance to be started !")
print("")
def validate_upload_user_credentials(ctx,
upload_bucket,
upload_user_config=None):
"""
There are two users, the admin user and the upload user
The admin user is the one who has access to the user's tenancy and can perform operations like creating a job,
requesting an appliance, etc.
The upload user has enough permissions to just upload data to a particular user bucket. The upload user cannot
delete objects from the bucket nor can it make modifications to the bucket or account. In essence it is a
restricted user.
The upload user is defined in ~/.oci/config_upload_user under the [DEFAULT] section. There is no way to change
the file and the section. These are standards that are expected
The idea of validation is to check whether the upload user has the ability to create objects, inspect the object
and read the object's meta data from Oracle Cloud Infrastructure
The procedure is this:
1. Admin user tries to get the test object and delete it if it is present.
- This is more of an error check when there is a stale object present from a previous failed run
- Only the admin user, NOT the upload user, can delete an object
2. Upload user creates the test object
3. Upload user overwrites the test object
4. Upload user gets the checksum of the test object
5. Upload user gets the metadata of the test bucket
6. Admin user deletes the test object
:param upload_bucket: The bucket to upload to
:param upload_user_config: config built from APPLIANCE_UPLOAD_USER_CONFIG_PATH
:return: None
"""
# Overriding any endpoint that was set. Need to get to the endpoint based on the config file, not based on the
# override parameter
ctx.endpoint = None
ctx.obj['endpoint'] = None
# To support cross region uploads. get the region from the Upload User file
# For example, let's say the config file had us-phoenix-1 as the region and config_upload_user had us-ashburn-1
# If the region is not changed in the context, the admin client would be talking to us-phoenix-1 whereas the
# upload client would be talking to us-ashburn-1. That's not what we want.
try:
if not upload_user_config:
upload_user_config = get_upload_user_config()
oci_config.validate_config(upload_user_config)
except exceptions.ProfileNotFound as e:
error_message_wrapper(
'ProfileNotFound: Unable to parse the upload user config file %s: %s'
% (APPLIANCE_UPLOAD_USER_CONFIG_PATH, e))
except exceptions.InvalidConfig as bad_config:
table = render_config_errors(bad_config)
template = "InvalidConfig: The config file at {config_file} is invalid:\n\n{errors}"
error_message_wrapper(
template.format(config_file=APPLIANCE_UPLOAD_USER_CONFIG_PATH,
errors=table))
admin_user = get_user(ctx)
region = get_upload_user_region()
if 'config' in ctx.obj: # config loaded/present
if 'region' in ctx.obj['config'] and ctx.obj['config'][
'region']: # region present in ~/.oci/config
if region: # region present in APPLIANCE_UPLOAD_USER_CONFIG_PATH
if ctx.obj['config']['region'].strip() != region.strip():
confirm_prompt = "WARNING: The config file under {config_path}/config: '{config_region}' has different region than "\
"{upload_user_path}: '{upload_user_region}'. Are you sure you want to continue with " \
"'{upload_user_region}'?".format(config_path=CONFIG_DIR,
upload_user_path=APPLIANCE_UPLOAD_USER_CONFIG_PATH,
config_region=ctx.obj['config']['region'], upload_user_region=region)
if not click.confirm(
click.style(confirm_prompt, fg="yellow")):
error_message_wrapper("Aborted. Exiting...")
ctx.obj['region'] = region
ctx.obj['config']['region'] = region
object_storage_admin_client = create_obj_storage_client(ctx)
# A bit hacky but gets the job done. Only two parameters need to be changed to get the upload user context,
# the profile and the config file. All other parameters remain the same
upload_user_ctx = ctx
upload_user_ctx.obj['profile'] = 'DEFAULT'
upload_user_ctx.obj[
'config_file'] = APPLIANCE_UPLOAD_USER_CONFIG_PATH
# Overriding any endpoint that was set. Need to get to the endpoint based on the config_upload_user file
upload_user_ctx.endpoint = None
object_storage_upload_client = create_obj_storage_client(
upload_user_ctx)
namespace = object_storage_admin_client.get_namespace().data
try:
try:
object_storage_admin_client.head_object(
namespace, upload_bucket, TEST_OBJECT)
click.echo(
"Found test object in bucket. Deleting it...")
object_storage_admin_client.delete_object(
namespace, upload_bucket, TEST_OBJECT)
except exceptions.ServiceError as se:
if se.status != 404:
raise se
except Exception as e:
raise exceptions.RequestException(
"Admin user {} failed to delete the test object {}: {}"
.format(admin_user, TEST_OBJECT, str(e)))
test_object_content = "Bulk Data Transfer Test"
operation = None
test_object_exists = False
try:
operation = "Create object {} in bucket {} using upload user".format(
TEST_OBJECT, upload_bucket)
object_storage_upload_client.put_object(
namespace, upload_bucket, TEST_OBJECT,
test_object_content)
click.echo(operation)
test_object_exists = True
operation = "Overwrite object {} in bucket {} using upload user".format(
TEST_OBJECT, upload_bucket)
object_storage_upload_client.put_object(
namespace, upload_bucket, TEST_OBJECT,
test_object_content)
click.echo(operation)
operation = "Inspect object {} in bucket {} using upload user".format(
TEST_OBJECT, upload_bucket)
object_storage_upload_client.head_object(
namespace, upload_bucket, TEST_OBJECT)
click.echo(operation)
operation = "Read bucket metadata {} using upload user".format(
upload_bucket)
metadata = object_storage_upload_client.get_bucket(
namespace, upload_bucket).data.metadata
click.echo(operation)
except exceptions.ServiceError as se:
raise exceptions.RequestException(
"Failed to {} in tenancy {} as upload user: {}".format(
operation, namespace, se.message))
finally:
if test_object_exists:
try:
object_storage_admin_client.delete_object(
namespace, upload_bucket, TEST_OBJECT)
except exceptions.ServiceError as se:
raise exceptions.ServiceError(
"Failed to delete test object {} as admin user {}: {}"
.format(TEST_OBJECT, admin_user, se.message))
else:
error_message_wrapper(
'Unable to parse the upload user config file. Region not found in %s'
% APPLIANCE_UPLOAD_USER_CONFIG_PATH)
else:
error_message_wrapper(
'Unable to parse the config file. Region not found in %s/config'
% CONFIG_DIR)
else:
error_message_wrapper('Unable to parse the config file at %s/config' %
CONFIG_DIR)
print("oci version:", pkg_resources.get_distribution("oci").version)
# Set do_clean_up_at_end to false to keep the autonomous database, secrets and connection created
do_clean_up_at_end = True
# Variables that will be modified during the processing
autonomous_database_id = None
wallet_secret_id = None
password_secret_id = None
connection_id = None
# Load OCI Config
oci_config = from_file(file_location="~/.oci/config", profile_name="DEFAULT")
# Validate OCI Config
validate_config(oci_config)
# Prepare all clients that we will need
db_client, db_async_client = get_database_clients(oci_config)
vaults_client, vaults_async_client = get_vaults_clients(oci_config)
kms_vault_client = get_kms_vault_client(oci_config)
secrets_client = get_secrets_client(oci_config)
dbtools_client, dbtools_async_client = get_dbtools_clients(oci_config)
# Prepare a dict that contains all the required clients
clients = {
"db_client": db_client,
"db_async_client": db_async_client,
"vaults_client": vaults_client,
"vaults_async_client": vaults_async_client,
"kms_vault_client": kms_vault_client,
"""
Setup, invoke, or, teardown a function.
:param args: The commandline args: setup, invoke, teardown
:type argv: [str]
"""
# All resources will be prefixed with this name.
name = NAME_PREFIX
# Load OCI credentials from default location and profile.
cfg = config.from_file(file_location=os.getenv("OCI_CONFIG_PATH",
config.DEFAULT_LOCATION),
profile_name=os.getenv("OCI_CONFIG_PROFILE",
config.DEFAULT_PROFILE))
config.validate_config(cfg)
# All resources will be created in the specified compartment.
compartment_name = os.environ.get('COMPARTMENT_NAME')
if compartment_name is not None:
compartment_id = get_compartment_id(cfg, compartment_name).id
else:
compartment_id = os.environ.get('COMPARTMENT_ID')
if compartment_id is None:
print(
"The COMPARTMENT_ID (or COMPARTMENT_NAME) environment variable must be set."
)
sys.exit(1)
# We need an accessible image to invoke.
# e.g. phx.ocir.io/tenancy-name/registry/imagename:version
def validate_configuration():
config = get_configuration()
validate_config(config)
