Before 23.04 one had to create a REST connection for OCI functions, now, thanks to a capability RPST - Resource Principal authentication.
The resource principal provider uses a resource provider session token (RPST) that enables the function to authenticate itself with other Oracle Cloud Infrastructure services. The token is only valid for the resources to which the dynamic group has been granted access.
Ergo, instead of having to create a connection, define security etc., we get access, based on policies granted to the OIC instance.
Essentially, you create dynamic group with a matching rule that includes your OIC ocid(s). e.g.
myOICDynGroup
Matching Rule: resource.id = myOIC ocids
You now create a policy leveraging the above -
allow dynamic-group myOICDynGroup to manage functions-family in compartment myFnCompartment
So now, we know what is it, let's kick the tyres -
My simple integration above invokes a simple python based helloWorld function. Here's how I configure the new action - Functions are regions based so that's where I start -
Next steps are the define request and response -
I do the required mapping and then test -
No comments:
Post a Comment