Merge pull request #1 from harsh97/feature-store

Feature store

Author: KshitizLohia

feature_store/apigw_terraform/.gitignore

@@ -0,0 +1,6 @@
+*.hcl
+.terraform
+*.tfvars
+fs_apigw_terraform.zip
+*.tfstate.*
+*.tfstate

feature_store/apigw_terraform/LICENSE

@@ -0,0 +1,27 @@
+Copyright (c) 2024 Oracle and/or its affiliates.  All rights reserved.
+
+The Universal Permissive License (UPL), Version 1.0
+
+Subject to the condition set forth below, permission is hereby granted to any person obtaining a copy of this
+software, associated documentation and/or data (collectively the "Software"), free of charge and under any and
+all copyright rights in the Software, and any and all patent rights owned or freely licensable by each licensor
+hereunder covering either (i) the unmodified Software as contributed to or provided by such licensor, or
+(ii) the Larger Works (as defined below), to deal in both
+
+(a) the Software, and
+(b) any piece of software and/or hardware listed in the lrgrwrks.txt file if one is included with the Software
+(each a “Larger Work” to which the Software is contributed by such licensors),
+
+without restriction, including without limitation the rights to copy, create derivative works of, display,
+perform, and distribute the Software and make, use, sell, offer for sale, import, export, have made, and have
+sold the Software and the Larger Work(s), and to sublicense the foregoing rights on either these or other terms.
+
+This license is subject to the following condition:
+The above copyright notice and either this complete permission notice or at a minimum a reference to the UPL must
+be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO
+THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
+CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+IN THE SOFTWARE.

feature_store/apigw_terraform/Makefile

@@ -0,0 +1,3 @@
+.PHONY: terraform.zip
+terraform.zip:
+	zip -r fs_apigw_terraform.zip main.tf variables.tf modules

feature_store/apigw_terraform/README.md

@@ -0,0 +1,65 @@
+This module handles opinionated Feature Store AuthN/AuthZ configuration using API Gateway on Oracle Cloud Infrastructure ([OCI][oci]). This stack is designed to be used with the [OCI Resource Manager][oci_rm] to enhance Feature store experience with AuthN/AuthZ in a single step. The stack can also be used with the [OCI Terraform Provider][oci_tf_provider] to deploy using local or CloudShell Terraform cli.
+
+## Deploy Using Oracle Resource Manager
+
+> ___NOTE:___ If you aren't already signed in, when prompted, enter the compartment <compartment_name> and user credentials. Review and accept the terms and conditions.
+
+1. Click to download the [terraform bundle][https://cloud.oracle.com/resourcemanager/stacks/create?zipUrl=https://raw.githubusercontent.com/harsh97/oci-data-science-ai-samples/feature-store/feature_store/fs_apigw_terraform.zip]
+
+1. Create a stack in OCI resource manager with the downloaded bundle
+
+1. Follow the on-screen prompts and instructions to create the stack.
+
+1. After creating the stack, click Terraform Actions, and select Plan.
+
+1. Wait for the job to be completed, and review the plan.
+
+1. To make any changes, return to the Stack Details page, click Edit Stack, and make the required changes. Then, run the Plan action again.
+
+1. If no further changes are necessary, return to the Stack Details page, click Terraform Actions, and select Apply.
+
+1. After the stack application is complete attach the auto-provisioned security rules to the respective service and node subnets of the OKE cluster. 
+
+### Prerequisites
+#### Required permissions:
+allow group <user_group> to manage orm-stacks in compartment <compartment_name>
+allow group <user_group> to manage orm-jobs in compartment <compartment_name>
+allow group <user_group> to read network-load-balancers in compartment <compartment_name>
+allow group <user_group> to read instances in compartment <compartment_name>
+allow group <user_group> to manage groups in compartment <compartment_name>
+allow group <user_group> to manage dynamic-groups in compartment <compartment_name>
+allow group <user_group> to manage functions-family in compartment <compartment_name>
+allow group <user_group> to manage virtual-network-family in compartment <compartment_name>
+allow group <user_group> to manage policies in tenancy
+
+
+### Running Terraform
+
+After specifying the required variables you can run the stack using the following commands:
+
+```bash
+terraform init
+```
+
+```bash
+terraform plan -var-file=<path-to-variable-file>
+```
+
+```bash
+terraform apply -var-file=<path-to-variable-file>
+```
+
+```bash
+terraform destroy -refresh=false
+```
+
+
+## License
+
+Copyright (c) 2021, 2024 Oracle and/or its affiliates.
+Released under the Universal Permissive License (UPL), Version 1.0.
+See [LICENSE](./LICENSE) for more details.
+
+[oci]: https://cloud.oracle.com/en_US/cloud-infrastructure
+[oci_rm]: https://docs.cloud.oracle.com/iaas/Content/ResourceManager/Concepts/resourcemanager.htm
+[stack]: https://cloud.oracle.com/resourcemanager/stacks/create?zipUrl=https://raw.githubusercontent.com/harsh97/oci-data-science-ai-samples/feature-store/feature_store/fs_apigw_terraform.zip

feature_store/apigw_terraform/main.tf

@@ -0,0 +1,56 @@
+provider "oci" {
+  disable_auto_retries = "true"
+  region = var.region
+}
+resource "random_string" "suffix" {
+  length = 4
+  special = false
+}
+
+locals {
+  compartment_id = var.use_nlb_compartment?data.oci_network_load_balancer_network_load_balancer.nlb.compartment_id:var.compartment_id
+}
+
+data oci_network_load_balancer_network_load_balancer nlb {
+  network_load_balancer_id = var.nlb_id
+}
+
+module "feature_store_networking" {
+  source = "./modules/feature_store_networking"
+  kubernetes_nlb_id = var.nlb_id
+  compartment_id = local.compartment_id
+  subnet_name = "fs-gw-subnet"
+  existing_subnet_id = var.api_gw_subnet_id
+  use_existing_subnet = !var.automatically_provision_apigw_subnet
+  create_security_rules = var.create_security_rules
+}
+
+module "function" {
+  source = "./modules/function"
+  authorized_groups = var.authorized_user_groups
+  compartment_id = local.compartment_id
+  ocir_path = var.function_img_ocir_url
+  subnet_id = module.feature_store_networking.subnet_id
+  name_suffix = random_string.suffix.id
+}
+
+module "api_gw" {
+  source = "./modules/api_gw"
+  compartment_id = local.compartment_id
+  function_id = module.function.fn_id
+  nlb_id = var.nlb_id
+  subnet_id = module.feature_store_networking.subnet_id
+}
+
+resource oci_identity_policy feature_store_policies {
+  description = "FEATURE STORE: Policy allowing feature store to authenticate and authorize"
+  name        = "feature_store_gw_${random_string.suffix.id}"
+  compartment_id = var.tenancy_ocid
+  statements = concat(module.api_gw.policies, module.function.policies)
+  lifecycle {
+    ignore_changes = [defined_tags["Oracle-Tags.CreatedBy"], defined_tags["Oracle-Tags.CreatedOn"]]
+  }
+}
+
+
+