Note:
- This tutorial requires access to Oracle Cloud. To sign up for a free account, see Get started with Oracle Cloud Infrastructure Free Tier.
- It uses example values for Oracle Cloud Infrastructure credentials, tenancy, and compartments. When completing your lab, substitute these values with ones specific to your cloud environment.
Stream Data to Oracle Autonomous Transaction Processing Database using OCI Functions
Introduction
In this tutorial, we will learn how to build and deploy a real-time data streaming pipeline using Oracle Cloud Infrastructure (OCI) services. The pipeline streams data from an OCI stream to an Oracle Autonomous Database by leveraging OCI Connector Hub and OCI Functions. The function is written in Java, employing the Resource Principal Authentication method for secure access to OCI services and a database wallet for establishing a connection with the Oracle Autonomous Database.
OCI Streaming: OCI has an array of tools for handling data in the cloud, with OCI Streaming being one such service tailored for high-throughput, real-time data streams. By leveraging OCI Streaming, developers can construct scalable and dependable data pipelines that efficiently ingest, process, and distribute data streams.
OCI Functions: OCI Functions is a fully managed, multi-tenant, highly scalable, on-demand, Functions-as-a-Service platform. It is built on enterprise-grade OCI and powered by the Fn Project open source engine. Use OCI Functions when you want to focus on writing code to meet business needs.
Resource Principal Authentication: You can use a resource principal to authenticate and access OCI resources. The resource principal consists of a temporary session token and secure credentials that enables the OCI Functions to authenticate itself to other OCI services, such as OCI Streaming.
OCI Connector Hub: OCI Connector Hub is a cloud message bus platform that offers a single pane of glass for describing, executing, and monitoring interactions when moving data between OCI services.
Note:
- This tutorial is designed solely for educational and study purposes. It provides an environment for learners to experiment and gain practical experience in a controlled setting. It is crucial to note that the security configurations and practices employed in this tutorial might not be suitable for real-world scenarios.
- Security considerations for real-world applications are often far more complex and dynamic. Therefore, before implementing any of the techniques or configurations demonstrated here in a production environment, it is essential to conduct a comprehensive security assessment and review. This review should encompass all aspects of security, including access control, encryption, monitoring, and compliance, to ensure that the system aligns with the organization’s security policies and standards.
- Security should always be a top priority when transitioning from a lab environment to a real-world deployment.
Objectives
- Build a seamless data streaming pipeline that processes messages in real time. When a new message is published to an OCI stream, it is automatically forwarded and processed by OCI Functions, which then loads the data into the Oracle Autonomous Transaction Processing (ATP) database. This end-to-end solution showcases efficient data ingestion and transformation using OCI services, ensuring a secure and scalable integration between streaming and database systems.
Prerequisites
-
Oracle Cloud Infrastructure:
-
Oracle account with admin level access permissions.
-
A compartment to create your resources.
Note: Note the compartment name and compartment ID.
-
VCN with a private subnet. For more information, see Creating a Virtual Cloud Network.
Note: Note the VCN OCID and subnet name, you will need it for the stream pool and functions.
-
Create stream pool on the private subnet from your VCN. For more information, see Creating a Stream Pool.
-
Create stream named
myfirststream
on the same stream pool created before. For more information, see Creating a Stream. -
An Oracle Autonomous Database. For more information, see Oracle Autonomous Database.
-
An OCI Vault in order to store secrets. For more information, see Creating a Vault.
-
An OCI auth token to enable log in to OCI Container Registry. For more information, see Generating an Auth Token to Enable Login to Oracle Cloud Infrastructure Registry.
-
-
OCI Cloud Shell Environment:
- An OCI Cloud Shell is needed in order to deploy the function to OCI, if you do not have an OCI Cloud Shell, you can use a Bastion host instead. For more information. see Bastion Overview.
Task 1: Set up Dynamic Groups
Log in to the OCI Console, navigate to your domain, click Dynamic Groups and create a group with the following information.
-
Group Name: Enter
MyFunctions
.ALL {resource.type = 'fnfunc', resource.compartment.id = 'pasteYourCompartmentOCID'}
Task 2: Create Policies
Go to the OCI Console, navigate to Policies and create the policies with the following information.
-
Policy Name: Enter
FunctionsPolicies
.Allow dynamic-group MyFunctions to {STREAM_INSPECT, STREAM_READ, STREAM_CONSUME, STREAM_PRODUCE} in compartment YOUR-COMPARTMENT-NAME Allow dynamic-group MyFunctions to read repos in compartment YOUR-COMPARTMENT-NAME Allow dynamic-group MyFunctions to read objects in compartment YOUR-COMPARTMENT-NAME Allow dynamic-group MyFunctions to read secret-bundles in compartment YOUR-COMPARTMENT-NAME
Task 3: Create an OCI Container Registry
-
Go to the OCI Console, navigate to Developer Services, Containers & Artifacts, select Container registry and click Create repository to create a private repository for the function image.
-
Repository name: Enter
lab/fn-java-event-to-atp
.
-
-
Check the repositories and take a note of the Namespace.
-
Open the OCI Cloud Shell where you should have OCI CLI and Docker installed, and proceed with the log in on the registry. Check what is the correct URL for your region. In this tutorial, we are using Brazil East (Sao Paulo) where the registry URL is
gru.ocir.io
.Note: You will need the user auth token created in Prerequisites section.
docker login gru.ocir.io Username: <your container namespace>/youruser Password: YOUR_AUTH_TOKEN_CREATED_EARLIER
Task 4: Create an OCI Object Storage Bucket to Store your Database Wallet
Go to the OCI Console, navigate to Storage, Object Storage & Archive Storage, Buckets and click Create Bucket to create a new bucket named Wallet
to store your database wallet zip file.
Task 5: Download the Database Wallet and Store it on OCI Object Storage Bucket
Note: This code example demonstrates how to securely connect to an Oracle Autonomous Database using wallet. To proceed, you will need to configure your wallet credentials and establish a password for use throughout this tutorial.
-
Go to the OCI Console, navigate to Oracle Database, click Autonomous Database and select your ATP.
-
Click Database Connection.
-
Enter your wallet password and note down, you will need this password in your application.
-
Go to your OCI Object Storage bucket created in Task 4 and click Upload to upload your downloaded wallet zip file.
Task 6: Securely Store your Database Credentials and Wallet Password within your Vault
Note: As a prerequisite, ensure you have already created a vault.
-
Go to the OCI Console, navigate to Identity & Security, Vault and select your vault.
-
Click Secrets, Create Secret and create secrets with the following information.
Secret Name Value MYRDBMS_WALLET_PASSWORD
Your wallet password in plain-text MYRDBMS_DB_PASSWORD
Your database password in plain-text Note Ensure you select Plain-Text for Secret Type Template.
Repeat this process for the MYRDBMS_DB_PASSWORD
as well and take note of both OCIDs that will be used for the function configuration.
Task 7: Create the Java OCI Functions to Receive the Event Message and Insert to ATP Database
Note Make sure you select your private subnet, the same subnet of your stream pool.
-
Go to the OCI Console, navigate to Developer Services, Functions, Applications and click Create application.
-
Go to the OCI Cloud Shell where you have Docker, OCI CLI, Fn Project CLI installed and run the following command to initialize the function.
Note: If you followed the tasks, your Docker log in command has already been executed by now, if not, proceed with the Docker log steps in Task 3.
-
Check the current context, since you are using OCI Cloud Shell, it should be already set up in the current context.
fn list context
-
Run the following command to update your function settings to be able to pull images from your container registry created in Task 3.
fn update context oracle.compartment-id PASTE_YOUR_COMPARTMENT_OCID fn update context registry gru.ocir.io/PASTE_YOUR_REGISTRY_NAMESPACE/lab fn list context
Note: In this tutorial, we are using Brazil East(Sao Paulo) region, if you are using a different region, you need to change the API URL and REGISTRY locations.
-
Run the following command to check if the application you created is listed on your OCI Cloud Shell.
Note: Ensure your OCI Cloud Shell is using Network: Public
fn list apps
-
Get the Java function sample code from here: fn-java-event-to-atp.zip and upload it to your OCI Cloud Shell and then proceed to unzip the file.
-
Click on the top right wheel menu and select Upload to upload the file.
-
Run the following command to unzip the file.
# check your file is there ls -lrt # unzip the file unzip fn-java-event-to-atp.zip # check again ls -lrt
Note: This concise Java project retrieves JSON data input from the OCI Connector Hub, parses it according to a predefined format, and seamlessly inserts the extracted information into your ATP database. To ensure proper data insertion, consult the following steps for guidance on the required message format and corresponding table within your ATP database.
-
In your OCI Cloud Shell, run the following command to build the code and deploy the function.
fn deploy --app MyApp # After deploy complete, check the function is there: fn list functions MyApp |grep fn-java-event-to-atp
-
Go to the OCI Console, navigate to Developer Services, Functions, Applications, select your application (
Myapp
) and click your function.Note This tutorial’s Java sample code utilizes configuration variables to establish a database connection. Ensure you provide the appropriate values from your environment to guarantee successful execution.
-
Create all the following configurations.
Secret Name/Key | Value |
---|---|
WALLET_BUCKET | Wallet |
WALLET_OBJECT | name of your zip file |
BUCKET_NAMESPACE | Your bucket namespace |
DB_USER | Your database username |
DB_SERVICE_NAME | the database service name you find in your database connection details |
DB_PASSWORD_OCID_VAULT | paste your secret OCID |
DB_WALLET_PASSWORD_OCID_VAULT | paste your secret OCID |
Task 8: Create a New Table on ATP Database
Create a new table named MY_TABLE
on the ATP database in order to receive data from the streaming.
-
Select your Oracle Autonomous Database on which you downloaded the wallet, click Database actions drop-down menu and then click SQL.
-
Run the following table creation DDL command.
Note This lab uses the ADMIN user for database connections. Substitute your own username if it differs.
CREATE TABLE "ADMIN"."MY_TABLE" ( "CODE" VARCHAR2(50 BYTE), "NAME" VARCHAR2(500 BYTE) ) ;
Task 9: Set up OCI Connector Hub to Invoke the Function when new Message Arrives on the Stream
Now that you have created the function and the new table to store the data, it is time to connect everything together! We will do this by setting up a pipeline that flows from OCI Streaming, through OCI Connector Hub, and finally to your OCI Functions.
-
Go to the OCI Console, navigate to Analytics & AI, Messaging and click Connector Hub.
-
Click Create connector and enter the following information.
- Connector name: Enter
StreamingToFN
. - Source: Select Streaming.
- Target: Select Functions.
Note As a prerequisite, ensure you have already created your stream pool and stream named
myfirststream
. - Connector name: Enter
-
In Configure source, select your Stream pool and Stream.
-
In Configure target, select MyApp as Function Application and fn-java-event-to-atp as Function.
Note You may need to create additional policies as suggested on Create connector page.
Task 10: Create a Message on OCI Streaming and Verify the Pipeline Working
Note The provided Java code sample is designed to process messages in a particular JSON structure. The code parses this JSON to extract the necessary data and then inserts it into the
MY_TABLE
table. Any deviation from the expected JSON format will result in parsing errors and prevent successful database insertion.
JSON Sample Message:
{"code": "001", "name":"Larry"}
Follow the steps:
-
Go to the OCI Console, navigate to Analytics & AI, Messaging, Streaming, select your stream (
myfirststream
) and click Produce Test Message. -
In Data, enter the sample JSON message and click Produce.
Note The stream pipeline may experience a cold start on its first execution, resulting in a noticeable delay. This is a consequence of the function initialization that occurs upon the connector hub’s first attempt to send a message.
Task 11: Validate the Data Arrived on the Database
-
Select your Oracle Autonomous Database on which you downloaded the wallet, click Database actions drop-down menu and click SQL.
-
Run the following query.
select * from admin.my_table;
Troubleshooting and Tips
-
Enable logs for your function and check for any errors. For more information on logging, see Storing and Viewing Function Logs.
-
Validate all policies are in place as detailed in the Prerequisites section.
-
Enable logs for the OCI Connector hub. For more information, see Logs for Connector Hub.
Related Links
Acknowledgments
- Author - Joao Tarla (Oracle LAD A-Team Solution Engineer)
More Learning Resources
Explore other labs on docs.oracle.com/learn or access more free learning content on the Oracle Learning YouTube channel. Additionally, visit education.oracle.com/learning-explorer to become an Oracle Learning Explorer.
For product documentation, visit Oracle Help Center.
Stream Data to Oracle Autonomous Transaction Processing Database using OCI Functions
G25888-01
February 2025
Copyright ©2025, Oracle and/or its affiliates.