リソース・プリンシパル・オーセンティケータ・プロバイダの作成
リソース・プリンシパルを使用してOCIリソースにアクセスするには、アプリケーションでリソース・プリンシパル・オーセンティケータ・プロバイダを使用できます。
次に、Javaアプリケーションのサンプル例を示します。
リソース・プリンシパル・オーセンティケータを作成してオブジェクト・ストレージに接続するサンプルJavaコード
import com.oracle.bmc.Region;
import com.oracle.bmc.auth.ResourcePrincipalAuthenticationDetailsProvider;
import com.oracle.bmc.objectstorage.ObjectStorage;
import com.oracle.bmc.objectstorage.ObjectStorageClient;
import com.oracle.bmc.objectstorage.model.CreateBucketDetails;
import com.oracle.bmc.objectstorage.requests.CreateBucketRequest;
import com.oracle.bmc.objectstorage.requests.GetBucketRequest;
import com.oracle.bmc.objectstorage.requests.GetBucketRequest.Fields;
import com.oracle.bmc.objectstorage.requests.GetNamespaceRequest;
import com.oracle.bmc.objectstorage.requests.PutObjectRequest;
import com.oracle.bmc.objectstorage.responses.GetBucketResponse;
import com.oracle.bmc.objectstorage.responses.GetNamespaceResponse;
import java.io.ByteArrayInputStream;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.List;
/**
* Example to get a bucket and its statistics.
*
* <p>This example first creates a bucket in the compartment corresponding to the compartment OCID
* passed as the first argument to this program. The name of the bucket created is same as the
* second argument to the program. It also creates an object in this bucket whose name is the third
* argument. It then illustrates how we can get a bucket and its statistics (Estimated Size and
* Estimated Count).
*
* Example program uses BDS resource principal to do auth, Make sure to set following env variables
* before executing thr program
*
* <ul>
* <li>OCI_RESOURCE_PRINCIPAL_VERSION=2.2
* <li>OCI_RESOURCE_PRINCIPAL_PRIVATE_PEM=/etc/security/tokens/rpst.pem
* <li>OCI_RESOURCE_PRINCIPAL_REGION=us-ashburn-1
* <li>OCI_RESOURCE_PRINCIPAL_RPST=/etc/security/tokens/rpst.token
* </ul>
*
* Also ensure, the user who executes this program have access to above location
*
* @param args Arguments to provide to the example. The following arguments are expected:
* <ul>
* <li>The first argument is the OCID of the compartment.
* <li>The second is the name of bucket to create and later fetch
* <li>The third is the name of object to create inside bucket
* </ul>
*/
public class BdsListObjectExample {
public static void main(String[] args) throws Exception {
if (args.length != 3) {
throw new IllegalArgumentException(
"Unexpected number of arguments received. Consult the script header comments for expected arguments");
}
ResourcePrincipalAuthenticationDetailsProvider provider = ResourcePrincipalAuthenticationDetailsProvider.builder().build();
final String compartmentId = args[0];
final String bucket = args[1];
final String object = args[2];
final Region region = Region.US_ASHBURN_1; //Can be updated based on the region where object is stored
try(ObjectStorage objectStorageClient =
ObjectStorageClient.builder().region(region).build(provider)) {
System.out.println("Getting the namespace.");
GetNamespaceResponse namespaceResponse =
objectStorageClient.getNamespace(GetNamespaceRequest.builder().build());
String namespaceName = namespaceResponse.getValue();
System.out.println("Creating the source bucket.");
CreateBucketDetails createSourceBucketDetails =
CreateBucketDetails.builder().compartmentId(compartmentId).name(bucket).build();
CreateBucketRequest createSourceBucketRequest =
CreateBucketRequest.builder()
.namespaceName(namespaceName)
.createBucketDetails(createSourceBucketDetails)
.build();
objectStorageClient.createBucket(createSourceBucketRequest);
System.out.println("Creating the source object");
PutObjectRequest putObjectRequest =
PutObjectRequest.builder()
.namespaceName(namespaceName)
.bucketName(bucket)
.objectName(object)
.contentLength(4L)
.putObjectBody(
new ByteArrayInputStream("data".getBytes(StandardCharsets.UTF_8)))
.build();
objectStorageClient.putObject(putObjectRequest);
System.out.println("Creating Get bucket request");
List<Fields> fieldsList = new ArrayList<>(2);
fieldsList.add(GetBucketRequest.Fields.ApproximateCount);
fieldsList.add(GetBucketRequest.Fields.ApproximateSize);
GetBucketRequest request =
GetBucketRequest.builder()
.namespaceName(namespaceName)
.bucketName(bucket)
.fields(fieldsList)
.build();
System.out.println("Fetching bucket details");
GetBucketResponse response = objectStorageClient.getBucket(request);
System.out.println("Bucket Name : " + response.getBucket().getName());
System.out.println("Bucket Compartment : " + response.getBucket().getCompartmentId());
System.out.println(
"The Approximate total number of objects within this bucket : "
+ response.getBucket().getApproximateCount());
System.out.println(
"The Approximate total size of objects within this bucket : "
+ response.getBucket().getApproximateSize());
}
}
}
/**
Maven Dependencies. Version can be updated as per the requirement. This example is validated with version 3.43.0 of SDK
<dependency>
<groupId>com.oracle.oci.sdk</groupId>
<artifactId>oci-java-sdk-objectstorage</artifactId>
<version>3.43.0</version>
</dependency>
<dependency>
<groupId>com.oracle.oci.sdk</groupId>
<artifactId>oci-java-sdk-common</artifactId>
<version>3.43.0</version>
</dependency>
<dependency>
<groupId>com.oracle.oci.sdk</groupId>
<artifactId>oci-java-sdk-common-httpclient-jersey</artifactId>
<version>3.43.0</version>
</dependency>
**/ビッグ・データ・サービス・リソース・プリンシパルを使用してOCIボールトで様々な操作を行うためのサンプルPythonコード
# coding: utf-8
# Copyright (c) 2016, 2024, Oracle and/or its affiliates. All rights reserved.
# This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose either license.
import oci
import sys
from datetime import datetime
from datetime import timedelta
# ==========================================================
# Ensure to set the following env variable before running this code,
# OCI_RESOURCE_PRINCIPAL_VERSION=2.2
# OCI_RESOURCE_PRINCIPAL_PRIVATE_PEM=/etc/security/tokens/rpst.pem
# OCI_RESOURCE_PRINCIPAL_REGION=us-ashburn-1
# OCI_RESOURCE_PRINCIPAL_RPST=/etc/security/tokens/rpst.token
#
# This file provides examples of basic key management service usage
# * - Get a vault
# * - Create a vault
# Management endpoint operations
# * - Get a key
# * - Create a key
# * - Enable a key
# * - Disable a key
# Secrets Management operations
# * - Create a secret
# * - Create a new secret version
# * - Update a secret
# * - Move a secret to a new compartment
# * - Delete a secret
# Documentation : https://docs.cloud.oracle.com/en-us/iaas/Content/KeyManagement/Tasks/managingsecrets.htm
# Usage : python secret_examples.py compartment_id
def create_vault(compartment_id, vault_name, sac_composite):
print(" Creating vault {} in {} compartment.".format(vault_name,
compartment_id))
# Create vault_details object that needs to be passed when creating vault.
vault_details = oci.key_management.models.CreateVaultDetails(
compartment_id=compartment_id,
vault_type="DEFAULT",
display_name=vault_name)
print("Vault details {}.".format(vault_details.vault_type))
# Since vault creation is asynchronous; we need to wait for the stream to become active.
response = sac_composite.create_vault_and_wait_for_state(
vault_details,
wait_for_states=[oci.key_management.models.Vault.LIFECYCLE_STATE_ACTIVE])
return response
def get_vault(client, vault_id):
return client.get_vault(vault_id)
def create_key(key_mgmt_composite, key_name, compartment_id):
print(" Creating key {} in compartment {}.".format(key_name, compartment_id))
# Create key_details object that needs to be passed when creating key.
key_shape = oci.key_management.models.KeyShape(algorithm="AES", length=32)
key_details = oci.key_management.models.CreateKeyDetails(
compartment_id=compartment_id,
display_name=key_name,
key_shape=key_shape)
# Since key creation is asynchronous; we need to wait for the key to become enabled.
response = key_mgmt_composite.create_key_and_wait_for_state(key_details,
wait_for_states=[
oci.key_management.models.Key.LIFECYCLE_STATE_ENABLED])
return response
def get_key(client, key_id):
return client.get_key(key_id)
def enable_key(key_mgmt_composite, key_id):
print(" Enabling key {}.".format(key_id))
# Since enabling key is asynchronous; we need to wait for the key to become enabled.
response = key_mgmt_composite.enable_key_and_wait_for_state(key_id,
wait_for_states=[
oci.key_management.models.Key.LIFECYCLE_STATE_ENABLED])
return response
def disable_key(key_mgmt_composite, key_id):
print(" Disabling key {}.".format(key_id))
# Since disabling key is asynchronous; we need to wait for the key to become disabled.
response = key_mgmt_composite.disable_key_and_wait_for_state(key_id,
wait_for_states=[
oci.key_management.models.Key.LIFECYCLE_STATE_DISABLED])
return response
def create_secret(vaults_client_composite, compartment_id, secret_content, secret_name, valult_id, key_id):
print("Creating a secret {}.".format(secret_name))
# Create secret_content_details that needs to be passed when creating secret.
secret_description = "This is just a test"
secret_content_details = oci.vault.models.Base64SecretContentDetails(
content_type=oci.vault.models.SecretContentDetails.CONTENT_TYPE_BASE64,
name=secret_content,
stage="CURRENT",
content=secret_content)
secrets_details = oci.vault.models.CreateSecretDetails(compartment_id=compartment_id,
description=secret_description,
secret_content=secret_content_details,
secret_name=secret_name,
vault_id=vault_id,
key_id=key_id)
# Create secret and wait for the secret to become active
response = vaults_client_composite.create_secret_and_wait_for_state(create_secret_details=secrets_details,
wait_for_states=[
oci.vault.models.Secret.LIFECYCLE_STATE_ACTIVE])
return response
def create_newsecret_version(vaults_client_composite, secret_content, secret_id):
print("Creating a new secret version {}.".format(secret_id))
# Create secret_content_details that needs to be passed when updating secret content.
secret_content_details = oci.vault.models.Base64SecretContentDetails(
content_type=oci.vault.models.SecretContentDetails.CONTENT_TYPE_BASE64,
stage="CURRENT",
content=secret_content)
secrets_details = oci.vault.models.UpdateSecretDetails(secret_content=secret_content_details)
# Create new secret version and wait for the new version to become active.
response = vaults_client_composite.update_secret_and_wait_for_state(secret_id,
secrets_details,
wait_for_states=[
oci.vault.models.Secret.LIFECYCLE_STATE_ACTIVE])
return response
def get_secret(vaults_client, secret_id):
return vaults_client.get_secret(secret_id)
def delete_secret(vaults_client, secret_id, deletion_time):
print("Deleting a secret")
# Create Secret deletion details object.
secret_deletion_details = oci.vault.models.ScheduleSecretDeletionDetails(time_of_deletion=deletion_time)
# secret_deletion_details = oci.vault.models.ScheduleSecretDeletionDetails()
# Delete the secret or mark the secret for deletion
response = vaults_client.schedule_secret_deletion(secret_id, secret_deletion_details)
print("Secret deletion response is: {}.".format(response.data))
def delete_secret_version(vaults_client, secret_id, deletion_time, secret_version_number):
print("Deleting a specific version of a secret")
# Create Secret version deletion object
secret_version_deletion_details = oci.vault.models.ScheduleSecretVersionDeletionDetails(time_of_deletion=deletion_time)
# Delete the secret version or mark the version for deletion.
response = vaults_client.schedule_secret_version_deletion(secret_id,
secret_version_number=secret_version_number,
schedule_secret_version_deletion_details=secret_version_deletion_details)
print("Secret deletion response is: {}.".format(response.data))
def move_secret(vaults_client, secret_id, target_compartment_id):
print("Moving secret to a target compartment")
# Create an object of Change Secret Compartment Details
target_compartment_details = oci.vault.models.ChangeSecretCompartmentDetails(compartment_id=target_compartment_id)
# Move the secret to target compartment and then wait for the state to become active.
response = vaults_client.change_secret_compartment(secret_id, change_secret_compartment_details=target_compartment_details)
target_state = oci.vault.models.Secret.LIFECYCLE_STATE_ACTIVE.lower()
try:
waiter_result = oci.wait_until(
vaults_client,
vaults_client.get_secret(secret_id),
evaluate_response=lambda r: getattr(r.data, 'lifecycle_state') and getattr(r.data, 'lifecycle_state').lower() == target_state,
waiter_kwargs={}
)
result_to_return = waiter_result
print("Change compartment response is {}.".format(result_to_return.data))
return result_to_return
except Exception as e:
raise oci.exceptions.CompositeOperationError(partial_results=[response], cause=e)
if len(sys.argv) != 2:
raise RuntimeError(
'This example expects an ocid for the secret to read.')
compartment_id = sys.argv[1]
resource_principal_signer = oci.auth.signers.get_resource_principals_signer()
secret_content = "TestContent"
secret_name = "TestSecret"
VAULT_NAME = "KmsVault"
KEY_NAME = "KmsKey"
# Vault client to create vault
kms_vault_client = oci.key_management.KmsVaultClient({}, signer=resource_principal_signer)
kms_vault_client_composite = oci.key_management.KmsVaultClientCompositeOperations(
kms_vault_client)
# This will create a vault in the given compartment
vault = create_vault(compartment_id, VAULT_NAME, kms_vault_client_composite).data
# vault = get_vault(kms_vault_client, vault_id).data
vault_id = vault.id
print(" Created vault {} with id : {}".format(VAULT_NAME, vault_id))
# Vault Management client to create a key
vault_management_client = oci.key_management.KmsManagementClient({}, signer=resource_principal_signer,
service_endpoint=vault.management_endpoint)
vault_management_client_composite = oci.key_management.KmsManagementClientCompositeOperations(
vault_management_client)
# Create key in given compartment
key = create_key(vault_management_client_composite, KEY_NAME, compartment_id).data
# key = get_key(vault_management_client,key_id).data
key_id = key.id
print(" Created key {} with id : {}".format(KEY_NAME, key.id))
# Vault client to manage secrets
vaults_client = oci.vault.VaultsClient({}, signer=resource_principal_signer)
vaults_management_client_composite = oci.vault.VaultsClientCompositeOperations(vaults_client)
secret = create_secret(vaults_management_client_composite, compartment_id, secret_content, secret_name, vault_id, key_id).data
secret_id = secret.id
print("Secret ID is {}.".format(secret_id))
secret_deletion_time = datetime.now() + timedelta(days=2)
delete_secret(vaults_client, secret_id, secret_deletion_time)詳細は、oci-python-sdkの例を参照してください。
ビッグ・データ・サービス・リソース・プリンシパルを使用したオブジェクト・ストレージでのCURD操作のサンプルPython SDK
# coding: utf-8
# Copyright (c) 2016, 2024, Oracle and/or its affiliates. All rights reserved.
# This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose either license.
# Ensure to set the following env variable before running this code,
# OCI_RESOURCE_PRINCIPAL_VERSION=2.2
# OCI_RESOURCE_PRINCIPAL_PRIVATE_PEM=/etc/security/tokens/rpst.pem
# OCI_RESOURCE_PRINCIPAL_REGION=us-ashburn-1
# OCI_RESOURCE_PRINCIPAL_RPST=/etc/security/tokens/rpst.token
import filecmp
from datetime import datetime, timedelta
import pytz
import oci
from oci._vendor import urllib3
from oci.object_storage.models import CreateBucketDetails
from oci.object_storage.models import CreatePreauthenticatedRequestDetails
resource_principal_signer = oci.auth.signers.get_resource_principals_signer()
compartment_id = "<<compartment_ocid>>"
object_storage = oci.object_storage.ObjectStorageClient({}, signer=resource_principal_signer)
namespace = object_storage.get_namespace().data
bucket_name = "python-sdk-example-bucket"
object_name = "python-sdk-example-object"
my_data = b"Hello, World!"
par_name = "python-sdk-example-par"
print("Creating a new bucket {!r} in compartment {!r}".format(
bucket_name, compartment_id))
request = CreateBucketDetails()
request.compartment_id = compartment_id
request.name = bucket_name
bucket = object_storage.create_bucket(namespace, request)
print("Uploading new object {!r}".format(object_name))
obj = object_storage.put_object(
namespace,
bucket_name,
object_name,
my_data)
same_obj = object_storage.get_object(
namespace,
bucket_name,
object_name)
print("{!r} == {!r}: {}".format(
my_data, same_obj.data.content,
my_data == same_obj.data.content))
print('Uploading a file to object storage')
# First create a sample file
sample_content = b'a' * 1024 * 1024 * 5
with open('example_file', 'wb') as f:
f.write(sample_content)
# Then upload the file to Object Storage
example_file_object_name = 'example_file_obj'
with open('example_file', 'rb') as f:
obj = object_storage.put_object(namespace, bucket_name, example_file_object_name, f)
# Retrieve the file, streaming it into another file in 1 MiB chunks
print('Retrieving file from object storage')
get_obj = object_storage.get_object(namespace, bucket_name, example_file_object_name)
with open('example_file_retrieved', 'wb') as f:
for chunk in get_obj.data.raw.stream(1024 * 1024, decode_content=False):
f.write(chunk)
print('Uploaded and downloaded files are the same: {}'.format(filecmp.cmp('example_file', 'example_file_retrieved')))
# Creating a Pre-Authenticated Request
par_ttl = (datetime.utcnow() + timedelta(hours=24)).replace(tzinfo=pytz.UTC)
create_par_details = CreatePreauthenticatedRequestDetails()
create_par_details.name = par_name
create_par_details.object_name = object_name
create_par_details.access_type = CreatePreauthenticatedRequestDetails.ACCESS_TYPE_OBJECT_READ
create_par_details.time_expires = par_ttl.isoformat()
par = object_storage.create_preauthenticated_request(namespace_name=namespace, bucket_name=bucket_name,
create_preauthenticated_request_details=create_par_details)
# Get Object using the Pre-Authenticated Request
par_request_url = object_storage.base_client.get_endpoint() + par.data.access_uri
http = urllib3.PoolManager()
par_obj = http.request('GET', par_request_url).data.decode('utf-8')
print("Check object from PAR is same or not: {}".format(my_data == bytes(par_obj, 'utf-8')))
# Delete Pre-Authenticated Request
object_storage.delete_preauthenticated_request(namespace_name=namespace, bucket_name=bucket_name, par_id=par.data.id)
print("Deleting object {}".format(object_name))
object_storage.delete_object(namespace, bucket_name, object_name)
print("Deleting object {}".format(example_file_object_name))
object_storage.delete_object(namespace, bucket_name, example_file_object_name)
print("Deleting bucket {}".format(bucket_name))
object_storage.delete_bucket(namespace, bucket_name)詳細は、object_crud.pt Exampleを参照してください。