This function uses Resource Principles to securely receive information about the user's information from OCI and returns a list of all compartments within the tenancy regardless of region.
Uses the OCI Python SDK to create a client that receive user information when called in the OCI or a valid config file exists.
As you make your way through this tutorial, look out for this icon. 
Whenever you see it, it's time for you to perform an action.
-
Start by making sure all of your policies are correct from this guide
fn use context <your context name>
Check using
fn ls apps
Get the python boilerplate by running:
fn init --runtime python <function-name>
e.g.
fn init --runtime python list-compartments
Enter the directory, create a new __init__.py file so the directory can be recognized as a package by Python.
cd list-compartments
touch __init__.py
fn create app <app-name> --annotation oracle.com/oci/subnetIds='["<subnet-ocid>"]'
You can find the subnet-ocid by logging on to cloud.oracle.com, navigating to Core Infrastructure > Networking > Virtual Cloud Networks. Make sure you are in the correct Region and Compartment, click on your VNC and select the subnet you wish to use.
e.g.
fn create app resource-principal --annotation oracle.com/oci/subnetIds='["ocid1.subnet.oc1.phx.aaaaaaaacnh..."]'
Update your requirements.txt file to contain the following:
fdk
oci-cli
oci>=2.2.18
Update the imports so that you contain the following.
import io
import json
from fdk import response
import oci.identityThis is what is called when the function is invoked by Oracle Functions, delete what is given from the boilerplate and update it to contain the following:
def handler(ctx, data: io.BytesIO=None):
signer = oci.auth.signers.get_resource_principals_signer()
resp = do(signer)
return response.Response(
ctx, response_data=json.dumps(resp),
headers={"Content-Type": "application/json"}
)The line signer = oci.auth.signers.get_resource_principals_signer() gives us the configuration information of the calling tenancy and compartment which will allow us to gain access to any service in OCI.
Create the following method.
def do(signer):This is where we'll put the bulk of our code that will connect to OCI and return the list of compartments in our tenancy.
# List compartments --------------------------------------------------------------------------------
client = oci.identity.IdentityClient(config={}, signer=signer)
# OCI API for managing users, groups, compartments, and policies.
try:
# Returns a list of all compartments and subcompartments in the tenancy (root compartment)
compartments = client.list_compartments(signer.tenancy_id, compartment_id_in_subtree=True, access_level='ANY')
# Create a list that holds a list of the compartments id and name next to each other.
compartments = [[c.id, c.name] for c in compartments.data]
except Exception as e:
compartments = str(e)
resp = {
"compartments": compartments,
}
return respHere we are creating an IdentityClient from the OCI Python SDK, which allows us to connect to OCI with the resource principal's signer data, since resource principal is already pre-configured we do not need to pass in a valid config dictionary, we are now able to make a call to identity services for information on our compartments.
fn -v deploy --app <your app name>
e.g.
fn -v deploy --app resource-principles
fn invoke <your app name> <your function name>
e.g.
fn invoke resource-principles list-compartments
Upon success, you should see all of the compartments in your tenancy appear in your terminal.