|
| 1 | +# Function that copies an object in an OCI Object Storage bucket to another bucket using the OCI Python SDK |
| 2 | +This function can be used to create *"Immutable Copies"* of objects in an OCI bucket by copying them, during creation/update, to another bucket with defined retention policies. This is especially useful when using the [Oracle Backup Cloud Service](https://docs.oracle.com/en/cloud/paas/db-backup-cloud/csdbb/oracle-database-backup-cloud-service.html) to ensure backups are maintained for a specified amount of time. |
| 3 | + |
| 4 | + |
| 5 | +The function uses Resource Principals to securely authorize a function to make |
| 6 | +API calls to OCI services using the [OCI Python SDK](https://oracle-cloud-infrastructure-python-sdk.readthedocs.io/en/latest/index.html). |
| 7 | +It creates an object in a bucket in Object Storage and returns a message with a status. |
| 8 | + |
| 9 | + |
| 10 | +The function calls the following OCI Python SDK classes: |
| 11 | +* [Resource Principals Signer](https://oracle-cloud-infrastructure-python-sdk.readthedocs.io/en/latest/api/signing.html#resource-principals-signer) to authenticate |
| 12 | +* [Object Storage Client](https://oracle-cloud-infrastructure-python-sdk.readthedocs.io/en/latest/api/object_storage/client/oci.object_storage.ObjectStorageClient.html) to interact with Object Storage |
| 13 | + |
| 14 | +As you make your way through this tutorial, look out for this icon . |
| 15 | +Whenever you see it, it's time for you to perform an action. |
| 16 | + |
| 17 | + |
| 18 | +## Prerequisites |
| 19 | + |
| 20 | +1. Before you deploy this sample function, make sure you have run steps A, B |
| 21 | +and C of the [Oracle Functions Quick Start Guide for Cloud Shell](https://www.oracle.com/webfolder/technetwork/tutorials/infographics/oci_functions_cloudshell_quickview/functions_quickview_top/functions_quickview/index.html) |
| 22 | + * A - Set up your tenancy |
| 23 | + * B - Create application |
| 24 | + * C - Set up your Cloud Shell dev environment |
| 25 | + |
| 26 | +2. Have your Oracle Object Storage Namespace available. This can be found by |
| 27 | +logging into your [cloud account](https://console.us-ashburn-1.oraclecloud.com/), |
| 28 | +under your user profile, click on your Tenancy. Your Object Storage Namespace |
| 29 | +is shown there. |
| 30 | + |
| 31 | + |
| 32 | +## List Applications |
| 33 | + |
| 34 | +Assuming you have successfully completed the prerequisites, you should see your |
| 35 | +application in the list of applications. |
| 36 | + |
| 37 | +``` |
| 38 | +fn ls apps |
| 39 | +``` |
| 40 | + |
| 41 | + |
| 42 | +## Create or Update your Dynamic Group |
| 43 | + |
| 44 | +In order to use other OCI Services, your function must be part of a dynamic |
| 45 | +group. For information on how to create a dynamic group, refer to the |
| 46 | +[documentation](https://docs.cloud.oracle.com/iaas/Content/Identity/Tasks/managingdynamicgroups.htm#To). |
| 47 | + |
| 48 | +When specifying the *Matching Rules*, we suggest matching all functions in a compartment with: |
| 49 | + |
| 50 | +``` |
| 51 | +ALL {resource.type = 'fnfunc', resource.compartment.id = 'ocid1.compartment.oc1..aaaaaxxxxx'} |
| 52 | +``` |
| 53 | + |
| 54 | + |
| 55 | +## Create or Update IAM Policies |
| 56 | + |
| 57 | +Create a new policy that allows the dynamic group to `manage objects` and `manage buckets` in the functions related compartment. |
| 58 | + |
| 59 | + |
| 60 | + |
| 61 | +Your policy should look something like this: |
| 62 | +``` |
| 63 | +Allow service objectstorage-<region> to manage object-family in compartment <compartment-name> |
| 64 | +Allow dynamic-group <dynamic-group-name> to manage objects in compartment <compartment-name> |
| 65 | +Allow dynamic-group <dynamic-group-name> to manage buckets in compartment <compartment-name> |
| 66 | +``` |
| 67 | +e.g. |
| 68 | +``` |
| 69 | +Allow service objectstorage-eu-frankfurt-1 to manage object-family in compartment demo-func-compartment |
| 70 | +Allow dynamic-group demo-func-dyn-group to manage objects in compartment demo-func-compartment |
| 71 | +Allow dynamic-group demo-func-dyn-group to manage buckets in compartment demo-func-compartment |
| 72 | +``` |
| 73 | +For more information on how to create policies, go [here](https://docs.cloud.oracle.com/iaas/Content/Identity/Concepts/policysyntax.htm). |
| 74 | + |
| 75 | + |
| 76 | +## Review and customize the function |
| 77 | + |
| 78 | +Review the following files in the current folder: |
| 79 | + |
| 80 | +- [requirements.txt](./requirements.txt) specifies all the dependencies for your function |
| 81 | +- [func.yaml](./func.yaml) that contains metadata about your function and declares properties |
| 82 | +- [func.py](./func.py) which is your actual Python function |
| 83 | + |
| 84 | +The name of your function *oci-objectstorage-copy-objects-python* is specified in [func.yaml](./func.yaml). |
| 85 | + |
| 86 | + |
| 87 | +## Deploy the function |
| 88 | + |
| 89 | +In Cloud Shell, run the `fn deploy` command to build the function and its dependencies as a Docker image, |
| 90 | +push the image to the specified Docker registry, and deploy the function to Oracle Functions |
| 91 | +in the application created earlier: |
| 92 | + |
| 93 | + |
| 94 | + |
| 95 | +``` |
| 96 | +fn -v deploy --app <app-name> |
| 97 | +``` |
| 98 | +e.g. |
| 99 | +``` |
| 100 | +fn -v deploy --app myapp |
| 101 | +``` |
| 102 | + |
| 103 | +## Create Object Store Buckets |
| 104 | + |
| 105 | + |
| 106 | + |
| 107 | +From the OCI Console > Storage > Object Storage > Create Bucket with bucket name = "TEST" and enable "Emit Object Events" |
| 108 | + |
| 109 | +From the OCI Console > Storage > Object Storage > Create Bucket with bucket name = "TEST_IMMUTABLE" and apply a retention policy |
| 110 | + |
| 111 | +## Create an Event Rule on Bucket |
| 112 | + |
| 113 | + |
| 114 | + |
| 115 | +From the OCI Console > Observability & Management > Event Service > Create Rule: |
| 116 | + |
| 117 | + Display Name: IMMUTABLE-OBJECT_STORE |
| 118 | + Rule Conditions: |
| 119 | + Event Type: Object Storage: Object - Create; Object - Update |
| 120 | + Attribute: bucketName: TEST |
| 121 | + Actions (<app-name> as per the `fn -v deploy --app <app-name>`) : |
| 122 | + Function: (root): <app-name> |
| 123 | + |
| 124 | + |
| 125 | + |
| 126 | +## Test |
| 127 | + |
| 128 | + |
| 129 | + |
| 130 | +From the OCI Console > Storage > Object Storage > TEST |
| 131 | + |
| 132 | +Objects -> Upload; Drop file to upload |
| 133 | + |
| 134 | +From the OCI Console > Storage > Object Storage > TEST_IMMUTABLE |
| 135 | + |
| 136 | +__The file uploaded to the TEST bucket should now be present in the TEST_IMMUTABLE bucket.__ |
| 137 | + |
| 138 | + |
| 139 | +## Monitoring Functions |
| 140 | + |
| 141 | +Learn how to configure basic observability for your function using metrics, alarms and email alerts: |
| 142 | +* [Basic Guidance for Monitoring your Functions](../basic-observability/functions.md) |
| 143 | + |
0 commit comments