#961 OIC 23.04 New Features - OCI Functions Action

 

Before 23.04 one had to create a REST connection for OCI functions, now, thanks to a capability RPST  - Resource Principal authentication. 

The resource principal provider uses a resource provider session token (RPST) that enables the function to authenticate itself with other Oracle Cloud Infrastructure services. The token is only valid for the resources to which the dynamic group has been granted access. This requires one to use Identity Domains. 

Ergo, instead of having to create a connection, define security etc., we get access, based on policies granted to the OIC instance.

Essentially, you create dynamic group with a matching rule that includes your OIC ocid(s). e.g.

myOICDynGroup

Matching Rule: resource.id = myOIC clientId

You now create a policy leveraging the above - 

allow dynamic-group myOICDynGroup to manage functions-family in compartment myFnCompartment 

So where to find the OIC instance client id?

Finally, I create the policy - 

So now, we know how to do the pre-requisites, let's kick the tyres -

My simple integration above invokes a simple python based function. Here's the actual code - 

import io
import json
import logging
from fdk import response

def handler(ctx, data: io.BytesIO = None):
    discount = 5
    try:
        body = json.loads(data.getvalue())
        product = body.get("product")
        unitsOrdered = body.get("unitsOrdered")
    except (Exception, ValueError) as ex:
        logging.getLogger().info('error parsing json payload: ' + str(ex))
try:
        body = json.loads(data.getvalue())
        product = body.get("product")
        unitsOrdered = body.get("unitsOrdered")
    except (Exception, ValueError) as ex:
        logging.getLogger().info('error parsing json payload: ' + str(ex))
    logging.getLogger().info("Inside Python order discount function")
    if product == "iBike" and int(unitsOrdered) > 30:
       discount = 10
    else:
       discount = 5
    return response.Response(
        ctx, response_data=json.dumps(
            {"product": product,  
"discount": discount}),
             headers={"Content-Type": "application/json"}
    )

The request format is as follows - 

{"product": "someProduct",

"unitsOrdered": 10}

The response format is as follows - 

 {"product": product,  
   "discount": 10}

This information will be required, when using the new OCI Functions action in OIC.

Naturally, we don't expect the OIC developer to have to delve into the function code to get this data, usually the functions developers will publish this somewhere, for example, in a confluence page.

The OCI Functions Service, like all other OCI services is provisioned in a compartment, within a region.

The actual functions are contained within an application - here is the orderDiscount function I will invoke -

Now to OIC - 

I configure as follows - 

Now to testing - 

Only 10% discount on 99 iBikes? Just shows how popular they are.