Oracle Cloud Infrastructure Ruby SDK
Version 2.5.5
This topic describes how to install, configure, and use the Oracle Cloud Infrastructure Ruby SDK.
SDK Overview
The Ruby SDK supports the following services:
- Announcements
- Audit
- Budgets
- Compute Autoscaling
- Container Engine
- Core Services (which includes Networking, Compute, and Block Volume)
- Database
- Domain Name System
- File Storage
- Health Checks
- Identity and Access Management
- Key Management
- Load Balancing
- Monitoring
- Notification
- Object Storage
- Resource Manager
- Search
- Streaming
- Web Application Acceleration and Security
Licensing: This SDK and sample is dual licensed under the Universal Permissive License 1.0 and the Apache License.
SDK Attributes
The following table provides details about some of the attributes of the SDK.
Requests | API methods expose required parameters as arguments and optional arguments as a hash (opts = {}). Create and update operations take request objects that mirror the properties of those objects. |
Responses | All API methods return a Response object, which contains an HTTP status (200, 204, etc), headers, and data, and also directly exposes some commonly used response headers such as opc-next_page , and opc-request_id . |
Models | Get, update, and create operations return first class objects of the corresponding type (such as User, Instance, etc) in Response.data. |
Errors |
The main exception classes for the SDK are:
|
Signing | Requests made through the API classes are automatically signed, but you can also use the Signer directly to sign your own requests if needed. |
Automatic Paging | Response objects for lists support page enumeration. See example code later in this file. |
Waiters |
Responses for get requests support waiting for a particular states using wait_until. See example code later in this file.
In addition to using waiters, you can use the CompositeOperation classes in the SDK (e.g. OCI::Core::ComputeClientCompositeOperations) to perform an action on a resource and wait for it to enter a particular state (or states). The CompositeOperation classes provide convenience methods so that you yourself do not have to invoke an operation and then separately invoke a waiter. An example of using the CompositeOperations classes: composite_operations_example.rb |
HTTP Client | The Ruby SDK uses Net::HTTP for HTTP requests. Information on how to configure the client, including configuring a proxy, can be found in the Configuring the HTTP Client section of this page |
Instance Principals Authentication | The Ruby SDK supports Instance Principals authentication via the use of the OCI::Auth::Signers::InstancePrincipalsSecurityTokenSigner class. An example of using Instance Principals authentication: instance_principals_example.rb |
Upload Manager |
The Object Storage service supports multipart uploads to make large object uploads easier by splitting the large object into parts. The Ruby SDK supports raw multipart upload operations for advanced use cases, as well as a higher-level upload class that uses the multipart upload APIs.
Managing Multipart Uploads provides links to the APIs used for raw multipart upload operations. Higher-level uploads can be performed using the OCI::ObjectStorage::Transfer::UploadManager. The UploadManager simplifies interaction with the Object Storage service by abstracting away the method used to upload objects and can handle uploading an entire object at once, or in multiple parts if it is of sufficient size (which is configurable via a OCI::ObjectStorage::Transfer::UploadManagerConfig object). In the latter case, the UploadManager will split a large object into parts for you, upload the parts in parallel, and then recombine and commit the parts as a single object in Object Storage.
Example of using the Upload Manager: upload_manager.rb
|
Retries | By default the Ruby SDK will not retry failed service calls, however the SDK supports specifying per client and per operation retry configurations. An example of using retries: retry_example.rb |
SDK Requirements
To use the Ruby SDK, you must have:
- An Oracle Cloud Infrastructure account.
- A user created in that account, in a group with a policy that grants the desired permissions. This can be a user for yourself, or another person/system that needs to call the API. For an example of how to set up a new user, group, compartment, and policy, see Adding Users in the Getting Started Guide. For a list of typical policies you may want to use, see Common Policies in the User Guide.
- A keypair used for signing API requests, with the public key uploaded to Oracle. Only the user calling the API should be in possession of the private key. See the configuration information below.
- Ruby version 2.2 or later running on Mac, Linux or Windows.
Downloading and Installing the Gem File
Installing the SDK
Install from RubyGems:
gem install oci
You can also download the SDK as a zip file containing the gem file, examples, and documentation.
Install the gem with the following command:
gem install oci-*.gem
Troubleshooting an Installation
If you see "Unable to resolve dependencies”, you can install the dependencies manually:
gem install inifile
SDK modules and namespacing
The top level module name for the Ruby SDK is OCI
, however using OracleBMC
as the top level namespace is also supported. For example, you can reference the configuration object as both OCI::Config
and OracleBMC::Config
.
Using OCI
as the top level module name is preferred and it is also used in the SDK API Reference. Additionally, if you inspect the type of an SDK object it will always be reported as being under the OCI::
module.
Configuring the SDK
To use any of the APIs, you must supply a Config object. You can create the object directly in code, or you can create one in a config file. The configuration includes:
- Required credentials and settings: See SDK and Tool Configuration in the User Guide.
- Optional SDK-specific settings: See the Config object for the full list of config options.
Note that the Ruby SDK does not support parsing custom attributes in the configuration file.
Forward Compatibility
Some response fields are enum-typed. In the future, individual services may return values not covered by existing enums for that field. To address this possibility, every enum-type response field has an additional value named "UNKNOWN_ENUM_VALUE". If a service returns a value that is not recognized by your version of the SDK, then the response field will be set to this value. Please ensure that your code handles the "UNKNOWN_ENUM_VALUE" case if you have conditional logic based on an enum-typed field.
New Region Support
If you are using a version of the SDK released prior to the announcement of a new region, you may still be able to reach it, depending on whether the region is in the oraclecloud.com realm.
A region is a localized geographic area. For more information on regions and how to identify them, see Regions and Availability Domains.
A realm is a set of regions that share entities. You can identify your realm by looking at the domain name at the end of the network address. For example, the realm for xyz.abc.123.oraclecloud.com
is oraclecloud.com
.
oraclecloud.com Realm
For regions in the oraclecloud.com realm, even if the OCI::Regions::REGION_ENUM
does not contain the new region, the forward compatibility of the SDK can automatically handle it. You can pass new region names just as you would pass ones that are already defined. For more information on passing region names in the configuration, see Configuring the SDK. For details on OCI::Regions::REGION_ENUM
, see OCI::Regions.
Other Realms
For regions in realms other than oraclecloud.com, you can use the following workarounds to reach new regions with earlier versions of the SDK.
You can set the endpoint when creating a new client:
identity_client = OCI::Identity::IdentityClient.new(
endpoint: 'https://identity.us-gov-phoenix-1.oraclegovcloud.com'
)
If you are authenticating via instance principals, you can set the federation_endpoint
for the region using InstancePrincipalsSecurityTokenSigner
when initializing the signer:
instance_principals_signer = OCI::Auth::Signers::InstancePrincipalsSecurityTokenSigner.new(
federation_endpoint: 'https://auth.us-gov-phoenix-1.oraclegovcloud.com/v1/x509'
)
Writing Your First Ruby Program with the SDK
require 'oci'
# This will load the config file at the default location, and will
# use the tenancy from that config as the compartment in the
# call to list_users.
api = OCI::Identity::IdentityClient.new(region: OCI::Regions::REGION_US_PHOENIX_1)
response = api.list_users(OCI.config.tenancy)
response.data.each { |user| puts user.name }
Loading Alternate Configurations
You can also load a config file from a different location, and/or specify a different profile from the config file:
require 'oci'
my_config = OCI::ConfigFileLoader.load_config(config_file_location:'my_config', profile_name:'USER_TWO')
api = OCI::Identity::IdentityClient.new(config:my_config)
response = api.get_user(my_config.user)
puts 'User Name: ' + response.data.name
Or you can create a Config programmatically. Note that the global value OCI.config will always attempt to load the DEFAULT profile from the default config file location unless it has been explicitly set to another value.
The default config file location is ~/.oci/config
(on Windows C:\Users\{user}\.oci\config
).
Configuring the HTTP Client
The underlying HTTP client used by the SDK can be configured by setting the ApiClient.request_option_overrides on the client. An example on how to do this, showing all supported options, is:
require 'oci'
identity = OCI::Identity::IdentityService.new
identity.api_client.request_option_overrides = {
# The path to the PEM-formatted CA certificate file.
# The file can contain several CA certificates
ca_file: '/path/to/pem/file',
# The path to a directory of PEM-formatted CA certificate files
ca_path_cert: '/path/to/cert/directory',
# An OpenSSL::X509::Certificate object as client certificate
cert: OpenSSL::X509::Certificate.new(...),
# The X509::Store to verify peer certificate.
cert_store: OpenSSL::X509::Store.new(...),
# One of the available ciphers from OpenSSL::SSL::SSLContext#ciphers
ciphers: ...,
# Close the connection immediately if the server sent no response body
close_on_empty_response: true,
# An OpenSSL::PKey::RSA or OpenSSL::PKey::DSA object
key: ...,
# The SSL timeout in seconds
ssl_timeout: 60,
# The SSL version to use. See OpenSSL::SSL::SSLContext#ssl_version
ssl_version: ...,
# The verify callback for the server certification verification
verify_callback: ...,
# The maximum depth for the certificate chain verification
verify_depth: 3,
# Either OpenSSL::SSL::VERIFY_PEER or OpenSSL::SSL::VERIFY_NONE
# Using OpenSSL::SSL::VERIFY_NONE (i.e. not validating the SSL certificate) is not
# recommended
verify_mode: OpenSSL::SSL::VERIFY_PEER
}
Note that these correspond to a subset of the keys that can be provided as opts
to the Net::HTTP
start method.
Setting a proxy
If the SDK is running in an environment which requires the use of a proxy server for outgoing HTTP requests, this can be configured by providing via:
- Providing an environment variable; or
- Providing an OCI::ApiClientProxySettings object. Here is an example of the different ways to create this object:
Proxy via environment variable
As the SDK uses Net::HTTP
, the http_proxy
environment variable can be used to specify a proxy:
export HTTP_PROXY="http://10.10.1.10:3128"
When using the environment variable approach, no code changes need to be made.
Note that this does not support providing a username and password to the proxy, except when using Ruby 2.5+ on Linux, FreeBSD or macOS (Darwin). Otherwise, if a username and password is required then the OCI::ApiClientProxySettings object method can be used.
Proxy via the ApiClientProxySettings object
An OCI::ApiClientProxySettings object can be used to capture proxy settings. Here are the different ways an object can be created:
# This creates an ApiClientProxySettings with a nil proxy address and will make the API client
# bypass all proxies
proxy_settings = OCI::ApiClientProxySettings.new(nil)
# This creates an ApiClientProxySettings that will use the proxy at 10.10.1.10:3128 and will
# not provide a username and password to the proxy
proxy_settings = OCI::ApiClientProxySettings.new("10.10.1.10", 3128)
# This creates an ApiClientProxySettings with a username and password. In production, you should use an appropriate password/secret management mechanism to vend the username and password
# rather than having the credentials in code
proxy_settings = OCI::ApiClientProxySettings.new("10.10.1.10", 3128, "username", "pass")
Once an OCI::ApiClientProxySettings object has been created, it can be used when creating or modifying a client:
# At client creation time
identity = OCI::Identity::IdentityService.new(proxy_settings: proxy_settings)
# When updating a client
identity.api_client.proxy_settings = proxy_settings
# The proxy_settings can also be nil'ed out. This will make the ApiClient fall back to
# using the http_proxy environment variable (if present)
identity.api_client.proxy_settings = nil
Exceptions
Service Errors
Any operation that receives a response with a non-2xx HTTP status code from an Oracle Cloud Infrastructure service will cause an exception of type ServiceError to be thrown by the SDK.
For information about common service errors returned by OCI, see API Errors.
The key attributes to inspect when dealing with a OCI::Errors::ServiceError are:
- request_id if you need to contact Oracle about a particular request, please provide this request ID
- status_code contains the HTTP status code of the response
- service_code should contain a value from the Error Code field as described in the API Errors page
- request_made contains the actual
Net::HTTPRequest
which was sent by the SDK
You can also call to_s on the error to get a summary of the key information about the error.
HTTP 3xx Responses
The SDK will throw exceptions of type ServiceError on HTTP 3xx responses. This impacts operations that support conditional GETs. This includes OCI::ObjectStorage::ObjectStorageClient#get_object and OCI::ObjectStorage::ObjectStorageClient#head_object methods as these can return responses with a HTTP status code of 304 if passed an if_none_match
, which corresponds to the current etag of the object or bucket.
In order to account for this, you should catch ServiceError and check its status_code
attribute for the HTTP status code. For example:
require 'oci'
object_storage = OCI::ObjectStorage::ObjectStorageClient.new
begin
get_object_response = object_storage.get_object('my_namespace', 'my_bucket', 'my_object', if_none_match: 'some_etag_value')
rescue OCI::Errors::ServiceError => err
# Do nothing if the object exists but has not been modified (based on the etag value), otherwise raise the exception
raise if err.status_code != 304
end
Network Errors
NetworkError is thrown when the issue is likely to be network related rather than an application issue. This is defined as:
- Requests which were sent from the SDK but the outcome was not a response from an Oracle Cloud Infrastructure service. Further examples of include:
- Gateway timeouts
- Read or connection timeouts
- Any Errno exception which was generated by making the request
- Requests which resulted in a HTTP 408 (timeout)
The key attributes to inspect when dealing with a OCI::Errors::NetworkError are:
- request_made and response_received contain the
Net::HTTPRequest
andNet::HTTPResponse
, respectively - code contains the HTTP status code of the response
You can also call to_s on the error to get a summary of the key information about the error. In addition, the NetworkError.cause of the NetworkError can be inspected to see the original error that caused the NetworkError to be thrown.
Response Parsing Errors
ResponseParsingError is thrown when a response was received from an Oracle Cloud Infrastructure service but the SDK could not parse it into the appropriate model type to put into an OCI::Response.
The key attributes to inspect when dealing with a OCI::Errors::ResponseParsingError are:
- request_made and response_received contain the
Net::HTTPRequest
andNet::HTTPResponse
, respectively - response_body contains the response data which failed to parse
You can also call to_s on the error to get a summary of the key information about the error. In addition, the ResponseParsingError.cause of the ResponseParsingError can be inspected to see the original error that caused the ResponseParsingError to be thrown.
Other Errors
The other errors you may encounter while using the SDK are:
- MaximumWaitTimeExceededError when using OCI::Response#wait_until or when using OCI::LoadBalancer::Util.wait_on_work_request
- WorkRequestFailedError when using OCI::LoadBalancer::Util.wait_on_work_request. The work_request attribute can be inspected to get the actual work request details
- MultipartUploadError when using UploadManager. The errors attribute can be inspected to see what errors occurred during the upload, and the upload_id can be used if you wish to try and resume the upload via the UploadManager's resume method
Examples
The example code in this section shows how various parts of the Ruby SDK work. More examples can be found from the Ruby SDK on GitHub.
Management Operations on a User
The following example runs create, read, update, and delete (CRUD) operations on users.
require 'oci'
compartment = OCI.config.tenancy
api = OCI::Identity::IdentityClient.new
users = api.list_users(compartment_id = compartment).data
puts "There are currently " + users.length.to_s + " users."
# Create User
request = OCI::Identity::Models::CreateUserDetails.new
request.compartment_id = compartment
request.name = "userA"
request.description = "example user"
response = api.create_user(request)
puts "Created user " + response.data.name
user_id = response.data.id
users = api.list_users(compartment_id = compartment).data
puts "There are now " + users.length.to_s + " users."
# Get User
response = api.get_user(user_id = user_id)
# Update User (using a request object)
newDescription = "updated user description"
request = OCI::Identity::Models::UpdateUserDetails.new
request.description = "Updated description"
response = api.update_user(user_id, request)
puts "Updated description to:" + response.data.description
# Update User (using a hash)
newDescription = "updated without a request object"
response = api.update_user(user_id, { description: "Updated again, but using a hash instead of an object." })
# Delete User
api.delete_user(user_id)
users = api.list_users(compartment_id = compartment).data
puts "Back to " + users.length.to_s + " users."
Paging Through Results
The following example shows how to page through results. It also gives an example of supplying optional parameters.
require 'oci'
api = OCI::Identity::IdentityClient.new
compartment = OCI.config.tenancy
### Automatic paging:
api.list_users(compartment, limit:'3').each { |r| r.data.each { |user| puts user.name }}
### Manual paging:
request_number = 0
next_page = nil
loop do
response = api.list_users(compartment, {limit: '3', page: next_page})
puts "Page " + request_number.to_s
response.data.each { |user| puts user.name }
break unless response.has_next_page?
next_page = response.next_page
request_number += 1
end
Launching an Instance and Waiting for a State
The following example shows how to launch an instance (which assumes that you already have a subnet created), and then wait until the instance is running.
require 'oci'
ssh_public_key = File.open(File.(public_key_file), "rb").read
request = OCI::Core::Models::LaunchInstanceDetails.new
request.availability_domain = availability_domain # TODO: Set an availability domain, such as 'kIdk:PHX-AD-2'
request.compartment_id = compartment_id # TODO: set your compartment ID here
request.display_name = 'my_instance'
request.image_id = image_id # TODO: set your image ID here. You can see the available options with list_images.
request.shape = shape # TODO: set your instance shape. You can see the available options with list_shapes.
request.subnet_id = subnet_id # TODO: set your subnet ID here
request. = {'ssh_authorized_keys' => ssh_public_key}
api = OCI::Core::ComputeClient.new
response = api.launch_instance(request)
instance_id = response.data.id
response = api.get_instance(instance_id).wait_until(:lifecycle_state, OCI::Core::Models::Instance::LIFECYCLE_STATE_RUNNING)
Waiting for state using a proc/lambda
Instead of waiting until the attribute of a resource reaches a given state, the wait_until
method can also be passed a proc/lambda via its eval_proc
keyword argument.
Using eval_proc
may be useful in situations where logic other than checking if an attribute has a certain value is needed, for example checking
that an attribute is one of a possible set of values. eval_proc
should take a single argument, which is the raw response received from the service call, and its result
should be a truthy value if the waiter should stop waiting, and it should be falsey otherwise. If the eval_proc
is provided, then neither the property
nor state
parameters should be provided.
An example using a lambda is:
require 'oci'
request = OCI::Core::Models::CreateVcnDetails.new
request.cidr_block = '10.0.0.0/16'
request.display_name = 'my_test_vcn'
request.compartment_id = compartment_id # TODO: set your compartment ID here
api = OCI::Core::VirtualNetworkClient.new
response = api.create_vcn(request)
vcn_id = response.data.id
response = api.get_vcn(vcn.id).wait_until(eval_proc: lambda { |response| response.data.lifecycle_state == OCI::Core::Models::Vcn::LIFECYCLE_STATE_AVAILABLE })
An example using a proc is:
require 'oci'
request = OCI::Core::Models::CreateVcnDetails.new
request.cidr_block = '10.0.0.0/16'
request.display_name = 'my_test_vcn'
request.compartment_id = compartment_id # TODO: set your compartment ID here
api = OCI::Core::VirtualNetworkClient.new
response = api.create_vcn(request)
vcn_id = response.data.id
check_available_proc = Proc.new do |response|
[OCI::Core::Models::Vcn::LIFECYCLE_STATE_AVAILABLE].include?(response.data.lifecycle_state)
end
response = api.get_vcn(vcn.id).wait_until(eval_proc: check_available_proc)
Waiting on terminated/deleted resources
When waiting for a request to be terminated/deleted, there is a chance that doing a GET of that resource will return a 404 because the resource is no longer available. Instead of having to catch this, for example:
require 'oci'
api = OCI::Core::VirtualNetworkClient.new
api.delete_vcn(vcn.id)
begin
api.get_vcn(vcn.id).wait_until(:lifecycle_state, OCI::Core::Models::Vcn::LIFECYCLE_STATE_TERMINATED)
rescue OCI::Errors::ServiceError => e
raise unless e.status_code == 404
end
You can instruct the waiter to take care of this for you and consider that a 404 means success. For example:
require 'oci'
api = OCI::Core::VirtualNetworkClient.new
api.delete_vcn(vcn.id)
api.get_vcn(vcn.id).wait_until(:lifecycle_state, OCI::Core::Models::Vcn::LIFECYCLE_STATE_TERMINATED, succeed_on_not_found: true)
Using the succeed_on_not_found
keyword argument is likely only useful when waiting on temrinated/deleted resources.
Signing a Raw Request
The OCI::Signer can be used to sign arbitrary requests to the Oracle Cloud Infrastructure Services. The following example uses Net::HTTP to call the IAM service directly.
require 'oci'
require 'net/http'
config = OCI::ConfigFileLoader.load_config(config_file_location:my_config_file_location)
endpoint = OCI::Regions.get_service_endpoint(config.region, :IdentityClient)
uri = URI(endpoint + '/20160918/users/' + config.user)
request = Net::HTTP::Get.new(uri)
signer = OCI::Signer.new(config.user, config.fingerprint, config.tenancy, config.key_file, pass_phrase:my_private_key_pass_phrase)
signer.sign(:get, uri.to_s, request, nil)
result = Net::HTTP.start(uri.hostname, uri.port, :use_ssl => true) {|http|
http.request(request)
}
puts result.body
Documentation
Full documentation, including prerequisites, installation, and configuration instructions can be found here.
API reference can be found here.
Changes
See CHANGELOG.
Contributing
oci-ruby-sdk is an open source project. See CONTRIBUTING for details.
Oracle gratefully acknowledges the contributions to oci-ruby-sdk that have been made by the community.
Notifications
To be notified when a new version of the Ruby SDK is released, subscribe to the Atom feed.
Known Issues
You can find information on any known issues with the SDK here and under the Issues tab of this project's GitHub repository.
Questions or Feedback?
You can post an issue on the Issues tab of this project's GitHub repository.
Addtional ways to get in touch:
- Stack Overflow: Please use the oracle-cloud-infrastructure and oci-ruby-sdk tags in your post
- Developer Tools section of the Oracle Cloud forums
- My Oracle Support
License
Copyright (c) 2016, 2019, Oracle and/or its affiliates. All rights reserved.
This SDK and sample is dual licensed under the Universal Permissive License 1.0 and the Apache License 2.0.
See LICENSE for more details.