X

Best Practices from Oracle Development's A‑Team

  • February 17, 2021

Automating Oracle Integration Cloud SFTP Server Configuration

Introduction

Oracle Integration Cloud (OIC) Gen2 service comes with an SFTP server with up to 500GB of storage. This is convenient for moving files between on-prem and OIC. Before you can access the SFTP server, there are a few configuration steps required. Full documentation on these steps can be found at Using File Server with Oracle Integration Generation 2.

All configurations can be performed manually through the OIC console. There is also a set of REST APIs available for automation, which makes it easier for environment migration. This blog provides some snippets of Python scripts that demonstrate using REST API to interact with the OIC SFTP server.

Confidential Application

Basic authentication is often used for invoking deployed integration applications in OIC. But for calling OIC system REST API such as the SFTP file systems, only Oauth based authentication is supported. So a necessary prerequisite for using the OIC API is to create and configure a confidential application in the Identity Cloud Service (IDCS) associated with the OIC instance. My colleague Greg Mally has created a step-by-step guide on this topic in his blog: Trigger OIC Integration Using OAuth Client Credentials 

After a confidential client application has been created in the IDCS, the following information needs to be recorded:

  • scope: https://76XXXXXXXXXXXXXXXXXXF8.integration.ocp.oraclecloud.com:443/ic/api/
  • client id: ccxxxxxxxxxxxxxxxxxxxxxdb
  • client secret: 7axxxxxxxxxxxxxxxxxxxxx41

For the sample code in this blog to work, the Allowed Grant Types must include Resource Owner, Client Credential and Authorization Code. Other grant types can be specified as well but not used in this blog.

config File

This sample code uses a config file to specify information related to connectivity and security.

[DEFAULT]
idcs_host = https://idcs-3a0d8xxxxxxxxxxxxac86.identity.oraclecloud.com
oic_host = https://your-oic-instance.integration.ocp.oraclecloud.com
scope = https://76XXXXXXXXXXXXXXXXXXF8.integration.ocp.oraclecloud.com:443/ic/api/

client_id = ccxxxxxxxxxxxxxxxxxxxxxdb
client_secret = 7axxxxxxxxxxxxxxxxxxxxx41
username = oic_admin_username
password = oic_admin_user_password

The config is parsed as the following:

config = configparser.ConfigParser()
config.read('./config')

Obtain an Access Token

First of all, an access token is required to invoke any OIC REST system API.

def getAccessToken(config):
    global accessToken
    
    body = {}
    body['scope'] = config['scope']
    body['grant_type'] = 'password'
    body['username'] = config['username']
    body['password'] = config['password']
        
    response = requests.post( url = config['idcs_host'] + '/oauth2/v1/token',
                              auth = (config['client_id'], config['client_secret']),
                              headers = {'Content-Type': 'application/x-www-form-urlencoded'},
                              data = body )

    if response.status_code == 200 :
        accessToken = response.json()['access_token']
    else :
        print('Error in obtaining access token from IDCS. HTTP code: ' + str(response.status_code))
        print(response.json())
    return

Create a Home Folder for the New User

In the sample code, we assume a new user has already been created in the IDCS associated with the OIC instance. The new user must also be given proper OIC application roles to access OIC. With these prerequisites in place, the new user can now be configured for SFTP server access. The new user can be set up to use a default or a custom home folder. The default home folder name is the user's username. To specify a custom home folder, the home folder must be created first.

def createFolder(config):
    global accessToken
    
    body = {}
    body['name'] = 'customHomeFolderName'
    body['parent'] = 'root'
    headers = {}
    headers['Content-Type'] = 'application/json'
    headers['Authorization'] = 'Bearer ' + accessToken
    
    response = requests.post( url = config['oic_host'] + '/ic/api/fileserver/v1/filesystem/directories',
                              headers = headers, data = json.dumps(body) )

    if response.status_code == 201 :
        print('Folder created successfully')
    else :
        print('Error in creating folder. HTTP code: ' + str(response.status_code))
        print(response.json())
    return 

Enable a New User for SFTP Access

With a home folder created, we can enable the new user for SFTP server access.

    global accessToken
    newUsername = 'newuser'

    body = {}
    body['status'] = 'enabled' # enabled, disabled, notConfigured
    body['homeType'] = 'Custom' # Default or Custom
    body['homeDirectory'] = 'customHomeFolderName'
    headers = {}
    headers['Content-Type'] = 'application/json'
    headers['Authorization'] = 'Bearer ' + accessToken
    
    response = requests.put( url = config['oic_host'] + '/ic/api/fileserver/v1/users/' + newUsername,
                              headers = headers, data = json.dumps(body) )

    if response.status_code == 200 :
        print('User ' + newUsername + ' updated successfully')
    else :
        print('Error in updating user ' + newUsername + '. HTTP code: ' + str(response.status_code))
        print(response.json())
    return 

Upload New User's Public SSH Key

OIC SFTP Server only supports key-based access. So we need to upload the new user's public SSH key to the OIC SFTP server.

def uploadUserSSHKey(config):
    global accessToken
    newUsername = 'newuser'
    
    body = {}
    body['userkey'] = 'ssh-rsa AAAAB3......7ipheIVGU0//ksdCwjt5H4Shi+Izw== oracle@oel66.1'
    headers = {}
    headers['Authorization'] = 'Bearer ' + accessToken

#   do not specify content-type header as it will be automatically set correctly by 
#   the requests module.
#   headers['Content-Type'] = 'multipart/form-data'

    response = requests.post( url = config['oic_host'] + '/ic/api/fileserver/v1/users/' + newUsername + '/key',
                              headers = headers, files = body)

    if response.status_code == 200 :
        print('User ' + newUsername + ' ssh key uploaded successfully')
    else :
        print('Error in uploading user ' + newUsername + ' ssh key. HTTP code: ' + str(response.status_code))
        print(response.json())
    return 

Execute the Scripts

Now we can simply execute the above scripts in sequence to automate the process.

getAccessToken(config['DEFAULT'])
createFolder(config['DEFAULT'])
configureUser(config['DEFAULT'])
uploadUserSSHKey(config['DEFAULT'])

 

 

 

 

 

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.Captcha