adding oci-stop-untagged-instance-python

Author: gregvers

Diff for: samples/oci-stop-untagged-instance-python/README.md

@@ -0,0 +1,101 @@
+# Function for Stopping improperly tagged instance during provisioning
+
+This is an example of a function to check if a compute instance is tagged correctly on provisioning. If not, stop the instance.
+
+This function is trigged by the compute event -- **Instance - Launch End** which is generated by compute at the completion of instance provisioning whether it succeeds or fails.
+
+This sample uses Oracle cloud infrastructure search to search for compute resources with the freeform tag with a tag key of **costcenter** and tag value of **1234**.
+
+Uses the [OCI Python SDK](https://oracle-cloud-infrastructure-python-sdk.readthedocs.io/en/latest/index.html) to create a client that receive user information when called in the OCI or a valid config file exists.
+
+As you make your way through this tutorial, look out for this icon ![user input icon](./images/userinput.png).
+Whenever you see it, it's time for you to perform an action.
+
+
+## Prerequisites
+Before you deploy this sample function, make sure you have run step A, B and C of the [Oracle Functions Quick Start Guide for Cloud Shell](https://www.oracle.com/webfolder/technetwork/tutorials/infographics/oci_functions_cloudshell_quickview/functions_quickview_top/functions_quickview/index.html)
+* A - Set up your tenancy
+* B - Create application
+* C - Set up your Cloud Shell dev environment
+
+
+## List Applications 
+Assuming your have successfully completed the prerequisites, you should see your 
+application in the list of applications.
+```
+fn ls apps
+```
+
+
+## Create or Update your Dynamic Group
+In order to use other OCI Services, your function must be part of a dynamic group. For information on how to create a dynamic group, refer to the [documentation](https://docs.cloud.oracle.com/iaas/Content/Identity/Tasks/managingdynamicgroups.htm#To).
+
+When specifying the *Matching Rules*, we suggest matching all functions in a compartment with:
+```
+ALL {resource.type = 'fnfunc', resource.compartment.id = 'ocid1.compartment.oc1..aaaaaxxxxx'}
+```
+Please check the [Accessing Other Oracle Cloud Infrastructure Resources from Running Functions](https://docs.cloud.oracle.com/en-us/iaas/Content/Functions/Tasks/functionsaccessingociresources.htm) for other *Matching Rules* options.
+
+
+## Create or Update IAM Policies
+Create a new policy that allows the dynamic group to *use instance-family*.
+
+![user input icon](./images/userinput.png)
+
+Your policy should look something like this:
+```
+Allow dynamic-group <dynamic-group-name> to use instance-family in compartment <compartment-name>
+```
+For more information on how to create policies, check the [documentation](https://docs.cloud.oracle.com/iaas/Content/Identity/Concepts/policysyntax.htm).
+
+
+## Review and customize your function
+Review the following files in the current folder:
+* the code of the function, [func.py](./func.py)
+* its dependencies, [requirements.txt](./requirements.txt)
+* the function metadata, [func.yaml](./func.yaml)
+
+
+## Deploy the function
+In Cloud Shell, run the fn deploy command to build the function and its dependencies as a Docker image,
+push the image to OCIR, and deploy the function to Oracle Functions in your application.
+
+![user input icon](./images/userinput.png)
+```
+fn -v deploy --app <your app name>
+```
+e.g.
+```
+fn -v deploy --app myapp
+```
+
+
+Test
+----
+### Create A Cloud Event
+To create a new cloud event rule, click on Application Integration -> Events Service in the sidebar menu:
+
+  ![user input icon](./images/userinput.png)
+  
+  ![event service image](./images/event_service.png)
+ 
+ ### Click on 'Create Rule' and populate the form:
+ ![user input icon](./images/userinput.png)
+ 
+ ![event rule image](./images/event_rule.png)
+  
+  In this case, the event is **Instance - Launch End** and the action to take is to call the function **stop-untagged-instance**
+  
+### Launch a Compute instance
+
+  ![user input icon](./images/userinput.png)
+  
+  Launch an instance with no tags
+  
+  ![launch instance start](./images/launch_instance_start.png)
+  
+  In a few seconds you should see that the instance has stopped because it wasn't tagged.
+  
+  ![launch instance stop ](./images/launch_instance_stopped.png)
+
+  

Diff for: samples/oci-stop-untagged-instance-python/func.py

@@ -0,0 +1,105 @@
+#
+# oci-stop-untagged-instance-python version 1.0.
+#
+# Copyright (c) 2020 Oracle, Inc.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+
+import io
+import json
+from fdk import response
+
+import oci
+
+def handler(ctx, data: io.BytesIO=None):
+
+    resp=None
+
+    try:
+      body = json.loads(data.getvalue())  
+      jsondata = body.get("data")
+
+
+      print("event type          : " + body["eventType"],flush=True)
+      print("Instance Id         : " + body["data"]["resourceId"],flush=True)
+      print("Instance Name       : " + body["data"]["resourceName"],flush=True)
+      print("Availability Domain : " + body["data"]["availabilityDomain"],flush=True)
+
+      print(jsondata.get("resourceId"),flush=True)
+      print(jsondata.get("resourceName"),flush=True)
+      print(jsondata.get("availabilityDomain"),flush=True)
+     
+      print(json.dumps(body, indent=4), flush=True)
+
+      instanceId = body["data"]["resourceId"]
+      signer = oci.auth.signers.get_resource_principals_signer()
+    
+      resp   = do(signer,instanceId)
+
+      return response.Response(
+        ctx, response_data=json.dumps(resp),
+        headers={"Content-Type": "application/json"}
+      )
+    except ( Exception, ValueError) as e:
+      print("Error " +  str(e), flush=True)
+
+def do(signer,instanceId):
+
+    print("Searching for untagged instance", flush=True)
+
+    results = ""
+    message = ""
+    resp    = ""
+
+    try:
+        search_client = oci.resource_search.ResourceSearchClient(config={}, signer=signer)
+        print("Search client initialized",flush=True)
+
+        key="costcenter"
+        value="1234"
+
+        structured_search = oci.resource_search.models.StructuredSearchDetails(
+                query="query instance resources where ((freeformTags.key != '{}' && freeformTags.value != '{}') && (identifier='{}'))".format(key,value,instanceId),
+                type='Structured',
+                matching_context_type=oci.resource_search.models.SearchDetails.MATCHING_CONTEXT_TYPE_NONE)
+        results = search_client.search_resources(structured_search)
+        if len(results.data.items) == 1:
+           message = "Instance " + instanceId + " was untagged "
+           print(message, flush=True)
+           resp = perform_action(signer,instanceId, 'STOP')
+        else:
+           message = "Instance " + instanceId + " properly tagged "
+           print(message, flush=True)
+     
+    except oci.exceptions.ServiceError as e:
+            print('RQS Search failed with Service Error: {0}'.format(e),flush=True)
+            raise
+    except oci.exceptions.RequestException as e:
+            print('RQS Search failed w/ a Request exception. {0}'.format(e),flush=True)
+            raise
+
+    return resp
+
+
+def perform_action(signer,instanceId,action):
+    
+    compute_client = oci.core.ComputeClient(config={}, signer=signer)
+    print("Performing action", flush=True)
+    try:
+        if compute_client.get_instance(instanceId).data.lifecycle_state in ('RUNNING'):
+            try:
+
+                 resp = compute_client.instance_action(instanceId,action)
+                 print('response code: {0}'.format(resp.status),flush=True)
+            except oci.exceptions.ServiceError as e:
+                print('Action failed. {0}'.format(e),flush=True)
+                raise
+        else:
+            print('The instance {0} was in the incorrect state to stop'.format(instanceId),flush=True)
+    except oci.exceptions.ServiceError as e:
+        print('Action failed. {0}'.format(e),flush=True)
+        raise
+
+    print('Action ' + action + ' performed on instance: {}'.format(instanceId),flush=True)
+
+    return compute_client.get_instance(instanceId).data.lifecycle_state

Diff for: samples/oci-stop-untagged-instance-python/func.yaml

@@ -0,0 +1,6 @@
+schema_version: 20180708
+name: oci-stop-untagged-instance-python
+version: 0.0.1
+runtime: python
+entrypoint: /python/bin/fdk /function/func.py handler
+memory: 256

Diff for: samples/oci-stop-untagged-instance-python/images/event_rule.png

@@ -0,0 +1,3 @@
+fdk
+oci-cli
+oci