Skip to content

Commit 9027dac

Browse files
author
Mattia Moretti
authored
Xross tenancy (#272)
* Xcross tenancy beta 1 * log messages * doc
1 parent 381baf9 commit 9027dac

File tree

8 files changed

+87
-42
lines changed

8 files changed

+87
-42
lines changed

docs/images/choose_plugin.png

110 KB
Loading

docs/images/instance_principals2.png

53.9 KB
Loading

docs/linuxoci.md

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -68,13 +68,17 @@ Click **Add data source**.
6868

6969
![Screen Shot 2018-12-17 at 3.24.13 PM](images/Screen%20Shot%202018-12-17%20at%203.24.13%20PM.png)
7070

71-
Choose **oracle-oci-datasource** as your data source type.
71+
Choose **Oracle Cloud Infrastructure Metrics** as your data source type.
7272

73-
![Screen Shot 2018-12-17 at 3.24.24 PM](images/Screen%20Shot%202018-12-17%20at%203.24.17%20PM.png)
73+
![Plugin](images/choose_plugin.png)
7474

7575
For **Authentication Provider** choose **OCI Instance** (please note that **multitenancy** mode is not yet supported with **OCI Instance** as **Authentication Provider**).
7676

77-
![Instance Principals](images/instance_principals.png)
77+
![Instance Principals](images/instance_principals2.png)
78+
79+
You do not need to configure the Cross Tenancy OCID, unless you want to use the Cross Tenancy queries using instance principals and AssumeRole capability of OCI, in case you want to redirect metrics queries to another different Tenancy which is allowed to receive queries from an endorsed tenancy.
80+
When the user provides a custom tenancy OCID, the plugin will use this value instead of the default tenancy taken from the instance to direct metric queries across all plugin functions (dashboard, alert, explore, and test).
81+
More information on AssumeRole in OCI is available here: https://blogs.oracle.com/cloud-infrastructure/post/cross-tenancy-access-assumerole-in-oci
7882

7983
Click **Save & Test** to return to the home dashboard.
8084

pkg/plugin/metrics_functions.go

Lines changed: 50 additions & 37 deletions
Original file line numberDiff line numberDiff line change
@@ -29,20 +29,14 @@ func (o *OCIDatasource) TestConnectivity(ctx context.Context) error {
2929
var reg common.Region
3030
var testResult bool
3131

32-
tenv := o.settings.Environment
33-
tmode := o.settings.TenancyMode
34-
3532
if len(o.tenancyAccess) == 0 {
3633
return fmt.Errorf("TestConnectivity failed: cannot read o.tenancyAccess")
3734
}
3835

3936
for key := range o.tenancyAccess {
4037
testResult = false
4138

42-
if tmode == "multitenancy" && tenv == "OCI Instance" {
43-
return errors.New("Multitenancy mode using instance principals is not implemented yet.")
44-
}
45-
tenancyocid, tenancyErr := o.tenancyAccess[key].config.TenancyOCID()
39+
tenancyocid, tenancyErr := o.FetchTenancyOCID(key)
4640
if tenancyErr != nil {
4741
return errors.Wrap(tenancyErr, "error fetching TenancyOCID")
4842
}
@@ -110,6 +104,45 @@ func (o *OCIDatasource) TestConnectivity(ctx context.Context) error {
110104

111105
}
112106

107+
/*
108+
Fetch TenancyOcid function
109+
*/
110+
func (o *OCIDatasource) FetchTenancyOCID(takey string) (string, error) {
111+
tenv := o.settings.Environment
112+
tenancymode := o.settings.TenancyMode
113+
xtenancy := o.settings.Xtenancy_0
114+
var tenancyocid string
115+
var tenancyErr error
116+
117+
if tenancymode == "multitenancy" && tenv == "OCI Instance" {
118+
return "", errors.New("Multitenancy mode using instance principals is not implemented yet.")
119+
}
120+
121+
if tenancymode == "multitenancy" {
122+
if len(takey) <= 0 || takey == NoTenancy {
123+
o.logger.Error("Unable to get Multi-tenancy OCID")
124+
return "", errors.Wrap(tenancyErr, "error fetching TenancyOCID")
125+
} else {
126+
res := strings.Split(takey, "/")
127+
tenancyocid = res[1]
128+
}
129+
} else {
130+
if xtenancy != "" && tenv == "OCI Instance" {
131+
o.logger.Debug("Cross Tenancy Instance Principal detected")
132+
tocid, _ := o.tenancyAccess[takey].config.TenancyOCID()
133+
o.logger.Debug("Source Tenancy OCID: " + tocid)
134+
o.logger.Debug("Target Tenancy OCID: " + o.settings.Xtenancy_0)
135+
tenancyocid = xtenancy
136+
} else {
137+
tenancyocid, tenancyErr = o.tenancyAccess[takey].config.TenancyOCID()
138+
if tenancyErr != nil {
139+
return "", errors.Wrap(tenancyErr, "error fetching TenancyOCID")
140+
}
141+
}
142+
}
143+
return tenancyocid, nil
144+
}
145+
113146
/*
114147
Function generates an array containing OCI tenancy list in the following format:
115148
<Label/TenancyOCID>
@@ -142,27 +175,18 @@ func (o *OCIDatasource) GetSubscribedRegions(ctx context.Context, tenancyOCID st
142175

143176
var subscribedRegions []string
144177
takey := o.GetTenancyAccessKey(tenancyOCID)
145-
tenancymode := o.settings.TenancyMode
146-
var tenancyocid string
147-
var tenancyErr error
148178

149179
if len(takey) == 0 {
150180
backend.Logger.Warn("client", "GetSubscribedRegions", "invalid takey")
151181
return nil
152182
}
153-
if tenancymode == "multitenancy" {
154-
if len(takey) <= 0 || takey == NoTenancy {
155-
o.logger.Error("Unable to get Multi-tenancy OCID")
156-
return nil
157-
}
158-
res := strings.Split(takey, "/")
159-
tenancyocid = res[1]
160-
} else {
161-
tenancyocid, tenancyErr = o.tenancyAccess[takey].config.TenancyOCID()
162-
if tenancyErr != nil {
163-
return nil
164-
}
183+
184+
tenancyocid, tenancyErr := o.FetchTenancyOCID(takey)
185+
if tenancyErr != nil {
186+
backend.Logger.Warn("client", "GetSubscribedRegions", tenancyErr)
187+
return nil
165188
}
189+
166190
backend.Logger.Error("client", "GetSubscribedRegionstakey", "fetching the subscribed region for tenancy OCID: "+*common.String(tenancyocid))
167191

168192
req := identity.ListRegionSubscriptionsRequest{TenancyId: common.String(tenancyocid)}
@@ -209,9 +233,6 @@ func (o *OCIDatasource) GetCompartments(ctx context.Context, tenancyOCID string)
209233
backend.Logger.Error("client", "GetCompartments", "fetching the sub-compartments for tenancy: "+tenancyOCID)
210234

211235
takey := o.GetTenancyAccessKey(tenancyOCID)
212-
var tenancyocid string
213-
var tenancyErr error
214-
tenancymode := o.settings.TenancyMode
215236

216237
region, regErr := o.tenancyAccess[takey].config.Region()
217238
if regErr != nil {
@@ -221,18 +242,10 @@ func (o *OCIDatasource) GetCompartments(ctx context.Context, tenancyOCID string)
221242
reg := common.StringToRegion(region)
222243
o.tenancyAccess[takey].monitoringClient.SetRegion(string(reg))
223244

224-
if tenancymode == "multitenancy" {
225-
if len(takey) <= 0 || takey == NoTenancy {
226-
o.logger.Error("Unable to get Multi-tenancy OCID")
227-
return nil
228-
}
229-
res := strings.Split(takey, "/")
230-
tenancyocid = res[1]
231-
} else {
232-
tenancyocid, tenancyErr = o.tenancyAccess[takey].config.TenancyOCID()
233-
if tenancyErr != nil {
234-
return nil
235-
}
245+
tenancyocid, tenancyErr := o.FetchTenancyOCID(takey)
246+
if tenancyErr != nil {
247+
backend.Logger.Warn("client", "GetSubscribedRegions", tenancyErr)
248+
return nil
236249
}
237250

238251
// fetching from cache, if present

pkg/plugin/models/datasource_settings.go

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -39,6 +39,8 @@ type OCIDatasourceSettings struct {
3939

4040
Profile_5 string `json:"profile5,omitempty"`
4141
Region_5 string `json:"region5,omitempty"`
42+
43+
Xtenancy_0 string `json:"xtenancy0,omitempty"`
4244
}
4345

4446
func (d *OCIDatasourceSettings) Load(dsiSettings backend.DataSourceInstanceSettings) error {

pkg/plugin/plugin.go

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -104,6 +104,7 @@ type OCISecuredSettings struct {
104104
User_5 string `json:"user5,omitempty"`
105105
Fingerprint_5 string `json:"fingerprint5,omitempty"`
106106
Privkey_5 string `json:"privkey5,omitempty"`
107+
Xtenancy_0 string `json:"xtenancy0,omitempty"`
107108
}
108109

109110
// NewOCIConfigFile - constructor
@@ -243,6 +244,8 @@ func OCILoadSettings(req backend.DataSourceInstanceSettings) (*OCIConfigFile, er
243244
dat.Profile_4 = nonsecdat.Profile_4
244245
dat.Profile_5 = nonsecdat.Profile_5
245246

247+
dat.Xtenancy_0 = nonsecdat.Xtenancy_0
248+
246249
v := reflect.ValueOf(dat)
247250
typeOfS := v.Type()
248251
var key string
@@ -344,6 +347,12 @@ func (o *OCIDatasource) getConfigProvider(environment string, tenancymode string
344347
if err != nil {
345348
return errors.New("error with instance principals")
346349
}
350+
if o.settings.Xtenancy_0 != "" {
351+
log.DefaultLogger.Debug("Configuring using Cross Tenancy Instance Principal")
352+
tocid, _ := configProvider.TenancyOCID()
353+
log.DefaultLogger.Debug("Source Tenancy OCID: " + tocid)
354+
log.DefaultLogger.Debug("Target Tenancy OCID: " + o.settings.Xtenancy_0)
355+
}
347356
monitoringClient, err := monitoring.NewMonitoringClientWithConfigurationProvider(configProvider)
348357
if err != nil {
349358
backend.Logger.Error("getConfigProvider", "Error with config", SingleTenancyKey)

src/ConfigEditor.tsx

Lines changed: 17 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -59,8 +59,23 @@ export class ConfigEditor extends PureComponent<Props, State> {
5959
}}
6060
/>
6161
</InlineField>
62+
{options.jsonData.environment === AuthProviders.OCI_INSTANCE && (
63+
<>
64+
<InlineField
65+
label="Cross Tenancy ocid (optional)"
66+
labelWidth={28}
67+
tooltip="AssumeRole compliant Cross Tenancy configuration. Do not use if you are not using Cross Tenancy configuration"
68+
>
69+
<Input
70+
className="width-30"
71+
value={options.jsonData.xtenancy0}
72+
onChange={onUpdateDatasourceJsonDataOption(this.props, 'xtenancy0')}
73+
/>
74+
</InlineField>
75+
</>
76+
)}
6277

63-
{options.jsonData.environment === AuthProviders.OCI_USER && (
78+
{options.jsonData.environment === AuthProviders.OCI_USER && (
6479
<>
6580
<InlineField
6681
label="Tenancy Mode"
@@ -78,7 +93,7 @@ export class ConfigEditor extends PureComponent<Props, State> {
7893
/>
7994
</InlineField>
8095
</>
81-
)}
96+
)}
8297
<br></br>
8398

8499

src/types.ts

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -114,6 +114,8 @@ export interface OCIDataSourceOptions extends DataSourceJsonData {
114114
tenancyName: string; // name of the base tenancy
115115
environment?: string; // oci-cli, oci-instance
116116
tenancymode?: string; // multi-profile, cross-tenancy-policy
117+
xtenancy0: string;
118+
117119

118120
addon1: boolean;
119121
addon2: boolean;

0 commit comments

Comments
 (0)