Invoke Oracle Cloud Infrastructure Object Storage from an Integration with an OCI Object Storage Action

You can natively invoke Oracle Cloud Infrastructure Object Storage from an integration without the need to configure an explicit REST Adapter connection.

Oracle Cloud Infrastructure Object Storage Concepts

Oracle Cloud Infrastructure Object Storage is an internet-scale, high-performance storage platform that offers reliable and cost-efficient data durability. Oracle Cloud Infrastructure Object Storage enables you to securely store any type of data in its native format. An unlimited amount of unstructured data of any content type is supported, including analytic data and rich content such as images and videos. See Object Storage and Overview of Object Storage.

Prerequisites

To natively invoke Oracle Cloud Infrastructure Object Storage, you must satisfy the following Resource Principal Session Token (RPST) prerequisites in the Oracle Cloud Infrastructure Console.

Note:

The OCI object storage action doesn’t support cross tenancy calls. To make cross tenancy calls, configure the REST Adapter with the OCI Signature Version 1 security policy to call the object storage REST APIs. See this blog.
  • Create a dynamic group
  • Create a policy to grant access to Oracle Cloud Infrastructure Object Storage.
  • Ensure that your cloud tenancy uses identity domains. If you are unsure, ask your administrator for details.
  • Create the required dynamic group and assign a policy to that group to allow your Oracle Integration instance to access Oracle Cloud Infrastructure Object Storage. The policy defines the permissions for the dynamic group and determines which operations the dynamic group can perform on Oracle Cloud Infrastructure Object Storage and other services such as Oracle Cloud Infrastructure Functions, Oracle Cloud Infrastructure Vision, and more
    1. Log in to the Oracle Cloud Infrastructure Console.
    2. Obtain the client ID of the OAuth application for the Oracle Integration instance.
      1. In the navigation pane, select Identity & Security.
      2. Under Identity, select Domains.
      3. In the upper right corner, select Profile, then click the identity domain.
      4. In the menu bar, click Oracle cloud services.


        The Domains tab in the Identity & Security navigation pane is selected. The menu bar shows links for Details, User management, Administrators, Dynamic groups, Directory integrations, Integrated applications, and Oracle cloud services.

        The Oracle Cloud Services page for your domain appears.

      5. In the Name column, click your service instance.
      6. Click OAuth configuration.
      7. Scroll down to the General Information section and copy the client ID value to use to create your dynamic group.
    3. Scroll to the breadcrumbs at the top and click Oracle cloud services to return to the main page for the identity domain.


      A back arrow and the label Oracle cloud services are shown.

    4. In the menu bar, click Dynamic groups.


      The Domains tab is selected in the left navigation pane. The menu bar shows links for Details, User management, Administrators, and Dynamic groups.

    5. Click Create dynamic group
    6. Enter the following details:
      1. In the Name and Description fields, enter values. These fields are required.
      2. In the Matching Rules section, enter the required rule. The resource ID you specify must match the client ID of the OAuth application of your Oracle Integration instance. Ensure that you enclose the value in single quotes. For example:
        resource.id = 'client_ID'


        The Create dynamic group page is shown. Below this is the Matching rules section, with example text and radio buttons for Match any rules defined below and Match all rules defined below. Below this is the Rule builder link. The Rule 1 section shows the resource.id parameter and value.

    7. In the left navigation pane, click Policies.
    8. Click Create Policy.
    9. Select the compartment in which to create the policy.
    10. Enter the following details:
      1. In the Name and Description fields, enter values. These fields are required.
      2. In the Policy Builder section, build the required policy for the dynamic group. Examples of the minimum policy required are as follows:
        allow dynamic-group dynamic_group to manage object-family in compartment compartment_name 

        allow dynamic-group dynamic_group to inspect compartments in compartment compartment_name
        Where:
        • dynamic_group: Is the dynamic group name you specified in Step 5.
        • compartment_name: Is the compartment in which your Oracle Integration instance is located.

        This enables the Oracle Integration instance associated with the dynamic group to call Oracle Cloud Infrastructure Object Storage in this particular compartment. The RPST token is only valid for resources to which the dynamic group has been granted access using this policy.

        Details about more granular permissions for object storage are provided. See Securing Object Storage.

Invoke Oracle Cloud Infrastructure Object Storage from an Integration

Note:

Use of an OCI Object storage action in a project is not supported.
  1. Add an OCI Object storage action to an integration in either of the following ways:
    • On the side of the canvas, click Actions Integration actions icon and drag the OCI Object storage action to the appropriate location.
    • Click Add icon at the location where you want to add the action, then select OCI Object storage.

    The Configure object storage panel opens.

  2. Enter a name.
  3. Select the resource to manage.
    • Manage buckets: Buckets are logical containers for storing objects. Buckets are region- and compartment-specific. You can define policies at a bucket level to control access.
    • Manage objects: Objects are stored within buckets. Objects can be any data type and consist of the object itself and any metadata.
  4. If you select Manage buckets:
    1. From the Operations list, select the operation to perform.
      • Create bucket: Create a bucket in Oracle Cloud Infrastructure Object Storage. In the mapper, you map the bucket name to create.
        1. Select the compartment in which to create the bucket. This selection during design-time is overridden if you map anything to the compartment Id field in the request mapper for this action.
      • List buckets: Retrieve a list of objects in a bucket in Oracle Cloud Infrastructure Object Storage. In the mapper, you map the bucket name to retrieve the objects list.
        1. Select the compartment in which to list the buckets. This selection during design-time is override if you map anything to the compartment Id field in the request mapper for this action.
      • Delete bucket: Delete a bucket in Oracle Cloud Infrastructure Object Storage. In the mapper, you map the bucket name to delete.
    2. Click Continue.
  5. If you select Manage objects:
    1. From the Operations list, select the operation to perform:
      • Upload object: Upload an object into Oracle Cloud Infrastructure Object Storage. In the mapper, you map the object name to upload. This is how you update an object (it overrides an existing object with the same name). The file size limit is 1 GB. However, the API can handle objects up to 50 GB in size. See PutObject.
      • Download object: Retrieve an object from Oracle Cloud Infrastructure Object Storage. In the mapper, you map the object name to retrieve. The size limit is 1 GB. Otherwise, the download fails. Object storage returns a stream reference. You need to use the encodeReferenceToBase64 function and then the decodeBase64 function to get the actual content.
      • Delete object: Delete an object in Oracle Cloud Infrastructure Object Storage. In the mapper, you map the object name to delete.
      • List objects: List all objects in Oracle Cloud Infrastructure Object Storage. In the mapper, you map the bucket name to retrieve the objects list.
    2. Select the compartment in which to perform the operation.
    3. Select the bucket in which to perform the operation. This selection during design-time is overridden if you map anything to the Bucket Name field in the request mapper for this action.
    4. Click Continue.
  6. Review your selections on the Summary page, then click Finish.

    This creates a map action in front of the OCI Object storage action.

Several use cases that natively invoke Oracle Cloud Infrastructure Object Storage are provided. See Manage Oracle Cloud Infrastructure Buckets and Objects from an Integration.