Skip to content

Commit

Permalink
Releasing version 2.138.0
Browse files Browse the repository at this point in the history
Co-authored-by: Harsh Kumar <[email protected]>
  • Loading branch information
oci-dex-release-bot and harshkumar-dev committed Nov 5, 2024
1 parent f2318ec commit 006daa0
Show file tree
Hide file tree
Showing 68 changed files with 5,994 additions and 400 deletions.
26 changes: 26 additions & 0 deletions CHANGELOG.rst
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,32 @@ Change Log
All notable changes to this project will be documented in this file.

The format is based on `Keep a Changelog <http://keepachangelog.com/>`_.
====================
2.138.0 - 2024-11-05
====================

Added
-----
* Support for calling Oracle Cloud Infrastructure services in the ap-seoul-2 region
* Support for calling Oracle Cloud Infrastructure services in the ap-suwon-1 region
* Support for calling Oracle Cloud Infrastructure services in the ap-chuncheon-2 region
* Support for MFA Enablement v2 in the Identity Domains service
* Support for starting, stopping and updating min/max executor count for SQL Endpoints in the Data Flow service
* Support for customer message in the Customer Incident Management Service
* Support for REJECTED limitStatus in the Customer Incident Management Service

Fixed
-----
* Issue with using `OkeWorkloaIdentityResourcePrincipalSigner` after the PyJWT upgrade to 2.4.0 introduced int OCI Python SDK `2.137.1`
* UserWarning being emitted from Cryptography 43.x

Breaking
--------
* The operations `get_status` and `get_csi_number` were removed from the IncidentClient in the Customer Incident Management Service
* The property `service_categories` was removed from the model `IncidentResourceType` in the Customer Incident Management Service
* The properties `service_category` and `issue_type` were removed from the model `ServiceCategories` in the Customer Incident Management Service
* The retry strategy for getting the X509 token from Identity service was modified and is now protected via circuit breaker

====================
2.137.1 - 2024-10-29
====================
Expand Down
3 changes: 3 additions & 0 deletions docs/api/cims.rst
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,10 @@ Cims
oci.cims.models.ServiceCategories
oci.cims.models.ServiceCategory
oci.cims.models.Status
oci.cims.models.SubCategories
oci.cims.models.SubCategory
oci.cims.models.SubComponents
oci.cims.models.SubscriptionInfo
oci.cims.models.TechSupportItem
oci.cims.models.TenancyInformation
oci.cims.models.Ticket
Expand Down
11 changes: 11 additions & 0 deletions docs/api/cims/models/oci.cims.models.SubCategories.rst
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
SubCategories
=============

.. currentmodule:: oci.cims.models

.. autoclass:: SubCategories
:show-inheritance:
:special-members: __init__
:members:
:undoc-members:
:inherited-members:
11 changes: 11 additions & 0 deletions docs/api/cims/models/oci.cims.models.SubComponents.rst
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
SubComponents
=============

.. currentmodule:: oci.cims.models

.. autoclass:: SubComponents
:show-inheritance:
:special-members: __init__
:members:
:undoc-members:
:inherited-members:
11 changes: 11 additions & 0 deletions docs/api/cims/models/oci.cims.models.SubscriptionInfo.rst
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
SubscriptionInfo
================

.. currentmodule:: oci.cims.models

.. autoclass:: SubscriptionInfo
:show-inheritance:
:special-members: __init__
:members:
:undoc-members:
:inherited-members:
10 changes: 10 additions & 0 deletions docs/api/identity_domains.rst
Original file line number Diff line number Diff line change
Expand Up @@ -156,6 +156,7 @@ Identity Domains
oci.identity_domains.models.CloudGateServers
oci.identity_domains.models.CloudGates
oci.identity_domains.models.Condition
oci.identity_domains.models.ConditionExtensionOciconsolesignonpolicyconsentPolicy
oci.identity_domains.models.ConditionSearchRequest
oci.identity_domains.models.Conditions
oci.identity_domains.models.CustomerSecretKey
Expand Down Expand Up @@ -343,6 +344,12 @@ Identity Domains
oci.identity_domains.models.OAuthPartnerCertificate
oci.identity_domains.models.OAuthPartnerCertificateSearchRequest
oci.identity_domains.models.OAuthPartnerCertificates
oci.identity_domains.models.OciConsoleSignOnPolicyConsent
oci.identity_domains.models.OciConsoleSignOnPolicyConsentConsentSignedBy
oci.identity_domains.models.OciConsoleSignOnPolicyConsentModifiedResource
oci.identity_domains.models.OciConsoleSignOnPolicyConsentPolicyResource
oci.identity_domains.models.OciConsoleSignOnPolicyConsentSearchRequest
oci.identity_domains.models.OciConsoleSignOnPolicyConsents
oci.identity_domains.models.Operations
oci.identity_domains.models.PasswordPolicies
oci.identity_domains.models.PasswordPolicy
Expand All @@ -352,14 +359,17 @@ Identity Domains
oci.identity_domains.models.PatchOp
oci.identity_domains.models.Policies
oci.identity_domains.models.Policy
oci.identity_domains.models.PolicyExtensionOciconsolesignonpolicyconsentPolicy
oci.identity_domains.models.PolicyPolicyType
oci.identity_domains.models.PolicyRules
oci.identity_domains.models.PolicySearchRequest
oci.identity_domains.models.ResourceTypeSchemaAttribute
oci.identity_domains.models.ResourceTypeSchemaAttributeSearchRequest
oci.identity_domains.models.ResourceTypeSchemaAttributes
oci.identity_domains.models.RestoreOciConsolePolicy
oci.identity_domains.models.Rule
oci.identity_domains.models.RuleConditionGroup
oci.identity_domains.models.RuleExtensionOciconsolesignonpolicyconsentPolicy
oci.identity_domains.models.RulePolicyType
oci.identity_domains.models.RuleReturn
oci.identity_domains.models.RuleSearchRequest
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
ConditionExtensionOciconsolesignonpolicyconsentPolicy
=====================================================

.. currentmodule:: oci.identity_domains.models

.. autoclass:: ConditionExtensionOciconsolesignonpolicyconsentPolicy
:show-inheritance:
:special-members: __init__
:members:
:undoc-members:
:inherited-members:
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
OciConsoleSignOnPolicyConsent
=============================

.. currentmodule:: oci.identity_domains.models

.. autoclass:: OciConsoleSignOnPolicyConsent
:show-inheritance:
:special-members: __init__
:members:
:undoc-members:
:inherited-members:
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
OciConsoleSignOnPolicyConsentConsentSignedBy
============================================

.. currentmodule:: oci.identity_domains.models

.. autoclass:: OciConsoleSignOnPolicyConsentConsentSignedBy
:show-inheritance:
:special-members: __init__
:members:
:undoc-members:
:inherited-members:
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
OciConsoleSignOnPolicyConsentModifiedResource
=============================================

.. currentmodule:: oci.identity_domains.models

.. autoclass:: OciConsoleSignOnPolicyConsentModifiedResource
:show-inheritance:
:special-members: __init__
:members:
:undoc-members:
:inherited-members:
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
OciConsoleSignOnPolicyConsentPolicyResource
===========================================

.. currentmodule:: oci.identity_domains.models

.. autoclass:: OciConsoleSignOnPolicyConsentPolicyResource
:show-inheritance:
:special-members: __init__
:members:
:undoc-members:
:inherited-members:
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
OciConsoleSignOnPolicyConsentSearchRequest
==========================================

.. currentmodule:: oci.identity_domains.models

.. autoclass:: OciConsoleSignOnPolicyConsentSearchRequest
:show-inheritance:
:special-members: __init__
:members:
:undoc-members:
:inherited-members:
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
OciConsoleSignOnPolicyConsents
==============================

.. currentmodule:: oci.identity_domains.models

.. autoclass:: OciConsoleSignOnPolicyConsents
:show-inheritance:
:special-members: __init__
:members:
:undoc-members:
:inherited-members:
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
PolicyExtensionOciconsolesignonpolicyconsentPolicy
==================================================

.. currentmodule:: oci.identity_domains.models

.. autoclass:: PolicyExtensionOciconsolesignonpolicyconsentPolicy
:show-inheritance:
:special-members: __init__
:members:
:undoc-members:
:inherited-members:
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
RestoreOciConsolePolicy
=======================

.. currentmodule:: oci.identity_domains.models

.. autoclass:: RestoreOciConsolePolicy
:show-inheritance:
:special-members: __init__
:members:
:undoc-members:
:inherited-members:
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
RuleExtensionOciconsolesignonpolicyconsentPolicy
================================================

.. currentmodule:: oci.identity_domains.models

.. autoclass:: RuleExtensionOciconsolesignonpolicyconsentPolicy
:show-inheritance:
:special-members: __init__
:members:
:undoc-members:
:inherited-members:
15 changes: 9 additions & 6 deletions src/oci/auth/auth_utils.py
Original file line number Diff line number Diff line change
Expand Up @@ -3,19 +3,22 @@
# This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose either license.

import random
import warnings
from oci._vendor import six


def get_tenancy_id_from_certificate(cert):
if not cert:
raise RuntimeError('A certificate must be provided')

for name_attribute in cert.subject:
val = name_attribute.value
if val.startswith('opc-tenant:'):
return val[len('opc-tenant:'):]
if val.startswith('opc-identity:'):
return val[len('opc-identity:'):]
with warnings.catch_warnings():
warnings.simplefilter('ignore', UserWarning)
for name_attribute in cert.subject:
val = name_attribute.value
if val.startswith('opc-tenant:'):
return val[len('opc-tenant:'):]
if val.startswith('opc-identity:'):
return val[len('opc-identity:'):]

raise RuntimeError('The certificate does not contain a tenancy OCID')

Expand Down
64 changes: 59 additions & 5 deletions src/oci/auth/federation_client.py
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,10 @@
import logging
import pprint

from oci.circuit_breaker import CircuitBreakerStrategy, NoCircuitBreakerStrategy
from circuitbreaker import CircuitBreakerMonitor
import random


class X509FederationClient(object):
REQUIRED_INIT_KWARGS = [
Expand Down Expand Up @@ -62,12 +66,19 @@ def __init__(self, **kwargs):
:param obj retry_strategy: (optional)
A retry strategy to apply to calls made by this client. This should be one of the strategies available in
the :py:mod:`~oci.retry` module. A convenience :py:data:`~oci.retry.DEFAULT_RETRY_STRATEGY` is also available and
will be used if no explicit retry strategy is specified.
the :py:mod:`~oci.retry` module. A convenience :py:data:`~oci.retry.DEFAULT_FEDERATION_CLIENT_RETRY_STRATEGY`
is also available and will be used if no explicit retry strategy is specified.
The specifics of the retry strategy are described `here <https://docs.oracle.com/en-us/iaas/tools/python/latest/sdk_behaviors/retries.html>`__.
To have this client explicitly not perform any retries, pass an instance of :py:class:`~oci.retry.NoneRetryStrategy`.
The specifics of the default retry strategy are described `here <https://docs.oracle.com/en-us/iaas/tools/python/latest/sdk_behaviors/retries.html>`__.
:param obj circuit_breaker_strategy: (optional)
The circuit_breaker_strategy to apply to calls made by this client. This should be one of the strategies
available in the :py:mod:`~oci.circuit_breaker` module. A convenience :py:data:`~oci.circuit_breaker.DEFAULT_FEDERATION_CLIENT_CIRCUIT_BREAKER_STRATEGY`
is also available and will be used if no explicit retry strategy is specified.
To have this operation explicitly not perform any retries, pass an instance of :py:class:`~oci.retry.NoneRetryStrategy`.
To have this client explicitly not have any circuit breaker, pass an instance of :py:class:`~oci.circuit_breaker.NoCircuitBreakerStrategy`.
:param bool log_requests: (optional)
log_request if set to True, will log the request url and response data when retrieving
Expand Down Expand Up @@ -116,10 +127,39 @@ def __init__(self, **kwargs):
if retry_strategy:
self.retry_strategy = retry_strategy
else:
self.retry_strategy = oci.retry.DEFAULT_RETRY_STRATEGY
self.logger.debug('Setting DEFAULT_FEDERATION_CLIENT_RETRY_STRATEGY for federation client')
self.retry_strategy = oci.retry.DEFAULT_FEDERATION_CLIENT_RETRY_STRATEGY

# Setup Circuit breaker strategy
self._set_circuit_breaker_strategy(circuit_breaker_strategy=kwargs.get('circuit_breaker_strategy'))

self.requests_session = requests.Session()

def _set_circuit_breaker_strategy(self, circuit_breaker_strategy):
self.circuit_breaker_strategy = circuit_breaker_strategy
# If not set by client use the GLOBAL_FEDERATION_CLIENT_CIRCUIT_BREAKER_STRATEGY
if circuit_breaker_strategy is None:
self.circuit_breaker_strategy = oci.circuit_breaker.GLOBAL_FEDERATION_CLIENT_CIRCUIT_BREAKER_STRATEGY

# Skip enabling circuit breaker if NoCircuitBreakerStrategy is set
if isinstance(circuit_breaker_strategy, NoCircuitBreakerStrategy):
self.logger.debug('No circuit breaker strategy enabled!')
else:
# Enable Circuit breaker if a valid circuit breaker strategy is available
if not isinstance(self.circuit_breaker_strategy, CircuitBreakerStrategy):
raise TypeError('Invalid Circuit Breaker Strategy!')
self.logger.debug('Enabling circuit breaker strategy for federation client')
# Set the recovery timeout a random value between 30 seconds to 49 seconds
if self.circuit_breaker_strategy == oci.circuit_breaker.DEFAULT_FEDERATION_CLIENT_CIRCUIT_BREAKER_STRATEGY:
self.logger.debug('Using DEFAULT_FEDERATION_CLIENT_CIRCUIT_BREAKER_STRATEGY for federation client')
self.circuit_breaker_strategy.recovery_timeout = random.randint(30, 49)
# Re-use Circuit breaker if sharing a Circuit Breaker Strategy.
circuit_breaker = CircuitBreakerMonitor.get(self.circuit_breaker_strategy.name)
if circuit_breaker is None:
circuit_breaker = self.circuit_breaker_strategy.get_circuit_breaker()
# Equivalent to decorating the request function with Circuit Breaker
self._get_security_token_from_auth_service = circuit_breaker(self._get_security_token_from_auth_service)

def refresh_security_token(self):
return self._refresh_security_token_inner()

Expand Down Expand Up @@ -188,6 +228,13 @@ def _get_security_token_from_auth_service(self):
if response.ok:
raise RuntimeError(error_text)
else:
if isinstance(self.circuit_breaker_strategy, CircuitBreakerStrategy) and self.circuit_breaker_strategy.is_transient_error(response.status_code, response.reason):
raise oci.exceptions.TransientServiceError(
response.status_code,
response.reason,
response.headers,
error_text
)
raise oci.exceptions.ServiceError(
response.status_code,
response.reason,
Expand All @@ -196,6 +243,13 @@ def _get_security_token_from_auth_service(self):
)

if not response.ok:
if isinstance(self.circuit_breaker_strategy, CircuitBreakerStrategy) and self.circuit_breaker_strategy.is_transient_error(response.status_code, response.reason):
raise oci.exceptions.TransientServiceError(
response.status_code,
parsed_response.get('code'),
response.headers,
parsed_response.get('message')
)
raise oci.exceptions.ServiceError(
response.status_code,
parsed_response.get('code'),
Expand Down
Loading

0 comments on commit 006daa0

Please sign in to comment.