1. Publish blockchain events to multiple consumers
  2. Prepare Your Oracle Cloud Infrastructure Environment

Prepare Your Oracle Cloud Infrastructure Environment

Your environment should have a certain structure and set of permissions. This will allow you to isolate the blockchain event system from the rest of your projects in the tenancy.

You control access to compartments by creating groups of users and assigning policies that specify what actions the group members can take on the resources in those compartments.

Create a Compartment

Create a compartment that is used solely for containing the artifacts, configuration, and other resources that are related to the events that come from the blockchain.

  1. Log in to the Oracle Cloud Infrastructure Console as a user that has Administrator privileges.
  2. In the Console navigation menu, select Identity then click Compartment.
  3. Click Create Compartment.
  4. Enter OBP_Events as the name of the new compartment, enter a suitable description, and make sure that Parent Compartment is your root compartment.
  5. Click Create Compartment.
  6. After the compartment is created, make a record of its OCID. You will need the OCID later when you create a Dynamic Group and when you modify the terraform.tfvars file.

Create Groups

You need to create two groups. One is a regular Group that will have a list of users. The other is a Dynamic Group

A Dynamic Group is used for specifying which Oracle Cloud Infrastructure services can access other Oracle Cloud Infrastructure Compute services.
  1. Create a Group.
    1. In the Console navigation menu, select Identity and click Groups.
    2. Click Create Group.
    3. Enter OBP_Events_Group as the name of the Group, enter a suitable description, and then click Create.
  2. Add your user to the group. Click OBP_Events_Group and then click Add User to Group and select your user from the list.
  3. Create a Dynamic Group.
    1. In the navigation menu click Dynamic Groups.
    2. Click Create Dynamic Group.
    3. Enter OBP_Events_Dynamic_Group as the name of the Group.
    4. Add the following two Matching Rules. Make sure to replace COMPARTMENT_OCID with the OCID for the compartment that you created earlier.
      all {resource.type='fnfunc',resource.compartment.id='COMPARTMENT_OCID'}
all {resource.type='ApiGateway',resource.compartment.id='COMPARTMENT_OCID'}

Configure Policies

A Policy is a set of statements that specify access controls to Oracle Cloud Infrastructure resources in your tenancy.

The Policy that you create will grant access and permissions to the Group and the Dynamic Group that you created earlier. It will also allow the Functions service to access the network and repository.

  1. In the Console navigation menu, select Identity and click Policies.
  2. Click Create Policy.
  3. Enter OBP_Events_Policies as the name of the Policy and enter a suitable description.
  4. In the Policy Builder panel, click Advanced.
  5. Paste the following policy statements into the text box:
    Allow dynamic-group OBP_Events_Dynamic_Group to manage vaults in compartment OBP_Events
Allow dynamic-group OBP_Events_Dynamic_Group to manage keys in compartment OBP_Events
Allow dynamic-group OBP_Events_Dynamic_Group to manage key-delegate in compartment OBP_Events
Allow dynamic-group OBP_Events_Dynamic_Group to use virtual-network-family in compartment OBP_Events
Allow dynamic-group OBP_Events_Dynamic_Group to use functions-family in compartment OBP_Events
Allow dynamic-group OBP_Events_Dynamic_Group to manage public-ips in compartment OBP_Events
Allow service FaaS to use virtual-network-family in compartment OBP_Events
Allow service FaaS to read repos in tenancy
Allow group OBP_Events_Group to use cloud-shell in tenancy
Allow group OBP_Events_Group to manage all-resources in compartment OBP_Events
Allow group OBP_Events_Group to manage repos in tenancy
  6. Click Create.

Generate an Auth Token

Generate a token to use when pushing your Functions code to Oracle Cloud Infrastructure Registry.

  1. In the Console navigation menu, select Identity and click Users.
  2. Select the user that you want to generate a token for.
  3. In the Resources section, click Auth Tokens then click Generate Token.
  4. In the window that opens, enter a suitable description and click Generate Token.
  5. Copy the token and save it so that you can retrieve it later. The token is only displayed once.
  6. Click Close.