From 5534fcd51200843cc6cdd3cabe374a700d5e444a Mon Sep 17 00:00:00 2001 From: Lodato Luciano Date: Tue, 29 Oct 2024 11:32:39 +0100 Subject: [PATCH 1/2] added resource principal authentication and wrapping function --- AutoScaleALL.py | 3 ++- CreateNameSpaces.py | 3 ++- OCIFunctions.py | 15 +++++++++++++-- func.py | 32 ++++++++++++++++++++++++++++++++ func.yaml | 9 +++++++++ 5 files changed, 58 insertions(+), 4 deletions(-) create mode 100644 func.py create mode 100644 func.yaml diff --git a/AutoScaleALL.py b/AutoScaleALL.py index 0a44f82..3f70ab5 100644 --- a/AutoScaleALL.py +++ b/AutoScaleALL.py @@ -1650,6 +1650,7 @@ def autoscale_region(region): # Get Command Line Parser parser = argparse.ArgumentParser() parser.add_argument('-t', default="", dest='config_profile', help='Config file section to use (tenancy profile)') +parser.add_argument('-rp', action='store_true', default=False, dest='is_resource_principals', help='Use Resource Principals for Authentication') parser.add_argument('-ip', action='store_true', default=False, dest='is_instance_principals', help='Use Instance Principals for Authentication') parser.add_argument('-dt', action='store_true', default=False, dest='is_delegation_token', help='Use Delegation Token for Authentication') parser.add_argument('-a', default="All", dest='action', help='Action All, Down, Up') @@ -1685,7 +1686,7 @@ def autoscale_region(region): print_header("Running Auto Scale") # Identity extract compartments -config, signer = OCIFunctions.create_signer(cmd.config_profile, cmd.is_instance_principals, cmd.is_delegation_token) +config, signer = OCIFunctions.create_signer(cmd.config_profile, cmd.is_resource_principals, cmd.is_instance_principals, cmd.is_delegation_token) compartments = [] tenancy = None tenancy_home_region = "" diff --git a/CreateNameSpaces.py b/CreateNameSpaces.py index d91ce08..4d9d742 100644 --- a/CreateNameSpaces.py +++ b/CreateNameSpaces.py @@ -25,12 +25,13 @@ def MakeLog(msg): # Get Command Line Parser parser = argparse.ArgumentParser() parser.add_argument('-t', default="", dest='config_profile', help='Config file section to use (tenancy profile)') +parser.add_argument('-rp', action='store_true', default=False, dest='is_resource_principals', help='Use Resource Principals for Authentication') parser.add_argument('-ip', action='store_true', default=False, dest='is_instance_principals', help='Use Instance Principals for Authentication') parser.add_argument('-dt', action='store_true', default=False, dest='is_delegation_token', help='Use Delegation Token for Authentication') cmd = parser.parse_args() -config, signer = OCIFunctions.create_signer(cmd.config_profile, cmd.is_instance_principals, cmd.is_delegation_token) +config, signer = OCIFunctions.create_signer(cmd.config_profile, cmd.is_resource_principals, cmd.is_instance_principals, cmd.is_delegation_token) MakeLog("Starts at " + str(datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S"))) MakeLog("\nConnecting to Identity Service...") diff --git a/OCIFunctions.py b/OCIFunctions.py index 6b6af6e..31f8997 100644 --- a/OCIFunctions.py +++ b/OCIFunctions.py @@ -6,10 +6,21 @@ # Input - config_profile and is_instance_principals and is_delegation_token # Output - config and signer objects ########################################################################## -def create_signer(config_profile, is_instance_principals, is_delegation_token): +def create_signer(config_profile, is_resource_principals, is_instance_principals, is_delegation_token): + + # if resource principals authentications + if is_resource_principals: + try: + signer = oci.auth.signers.get_resource_principals_signer() + config = {'region': signer.region, 'tenancy': signer.tenancy_id} + return config, signer + + except Exception: + print_header("Error obtaining resource principals certificate, aborting") + raise SystemExit # if instance principals authentications - if is_instance_principals: + elif is_instance_principals: try: signer = oci.auth.signers.InstancePrincipalsSecurityTokenSigner() config = {'region': signer.region, 'tenancy': signer.tenancy_id} diff --git a/func.py b/func.py new file mode 100644 index 0000000..6d62848 --- /dev/null +++ b/func.py @@ -0,0 +1,32 @@ +import io +import json +import logging +import subprocess + +from fdk import response + + +def handler(ctx, data: io.BytesIO = None): + result = None + try: + logging.getLogger().info("Scaling started") + result = subprocess.run(["/bin/python", "AutoScaleALL.py", "-rp"], capture_output=True) + logging.getLogger().info("Scaling completed ") + logging.getLogger().info("subprocess result out"+ str(result.stdout)) + logging.getLogger().info("subprocess result err"+ str(result.stderr)) + return response.Response( + ctx, response_data=json.dumps( + {"message": "Processing complete", "result_out": str(result.stdout), "result_err": str(result.stderr)}), + headers={"Content-Type": "application/json"} + ) + except (Exception, ValueError) as ex: + logging.getLogger().info('error executing AutoScaleALL.py') + logging.getLogger().error("result.stdout:"+str(result.stdout)) + logging.getLogger().error("result.stderr:"+str(result.stderr)) + logging.getLogger().error(str(ex)) + + return response.Response( + ctx, response_data=json.dumps( + {"message": "Processing failed"}), + headers={"Content-Type": "application/json"} + ) \ No newline at end of file diff --git a/func.yaml b/func.yaml new file mode 100644 index 0000000..6db8216 --- /dev/null +++ b/func.yaml @@ -0,0 +1,9 @@ +schema_version: 20180708 +name: oci-autoscaler +version: 1.0.0 +runtime: python +build_image: fnproject/python:3.11-dev +run_image: fnproject/python:3.11 +entrypoint: /python/bin/fdk /function/func.py handler +memory: 512 +timeout: 300 From 919566836874bb3ef078a4a2e5b7dfef9b7aa1e1 Mon Sep 17 00:00:00 2001 From: Lodato Luciano Date: Tue, 29 Oct 2024 11:41:39 +0100 Subject: [PATCH 2/2] added requirements.txt with fdk --- requirements.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/requirements.txt b/requirements.txt index 1770c0e..9213b65 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1 +1,2 @@ oci==2.98.0 +fdk>=0.1.83 \ No newline at end of file