This function checks the service limits, usage and availability of all OCI resources across one or more regions in a tenancy. Once the function executes it will send a summary to the subscribed emails within your designated OCI Notification Topic. The function utilizes the OCI Python SDK and the OCI Functions Resource Principal for authentication.
Example output: "Service: database, Scope: AD, AD: UWQV:US-ASHBURN-AD-1, Limit Name: vm-standard1-ocpu-count, Limit: 4, Usage: 3, Available: 1, Usage %: 75.00%"
As you make your way through this tutorial, look out for this icon 
.
Whenever you see it, it's time for you to perform an action.
Before you deploy this sample function, make sure you have run step A, B and C of the Oracle Functions Quick Start Guide for Cloud Shell
- A - Set up your tenancy
- B - Create application
- C - Set up your Cloud Shell dev environment
Assuming your have successfully completed the prerequisites, you should see your application in the list of applications.
fn ls apps
In order to use other OCI Services, your function must be part of a dynamic group. For information on how to create a dynamic group, refer to the documentation.
When specifying the Matching Rules, we suggest matching all functions in a compartment with:
ALL {resource.type = 'fnfunc', resource.compartment.id = 'ocid1.compartment.oc1..aaaaaxxxxx'}
Please check the Accessing Other Oracle Cloud Infrastructure Resources from Running Functions for other Matching Rules options.
Now that your dynamic group is created, create a new policy in root compartment that allows the dynamic group to use any resources you are interested in receiving
information about, in this case we will grant access to read all-resources in
the root compartment.
Your policy should look something like this:
Allow dynamic-group <dynamic-group-name> to read all-resources in tenancy
Allow dynamic-group <dynamic-group-name> to use ons-topics in tenancy
Allow dynamic-group <dynamic-group-name> to use ons-subscriptions in tenancy
For more information on how to create policies, check the documentation.
In order to recieve the summarized service limits of the tenancy, you'll need an OCI Notifications topic & Subscription for the data to be sent to.
Save the OCID of the OCI Topic you just created for use in the function.
Create an OCI Email Subscription
NOTE - You must confirm the subscription email in your inbox after the subscription is created.
You will need to clone the repository in Cloud Shell in order to build and deploy the function.
Example:
git clone https://github.com/webdev2080/ServiceLimitCheck.git
cd ServiceLimitCheck
- Required - notification_topic_id: ""
- Optional - regions (Default is home region)
- Optional - threshold_percentage (Default is 90)
- Optional - policy_limit (Default is 100)
Example:
{
"notification_topic_id": "<ocid1.onstopic.oc1.iad....>",
"regions": ["us-ashburn-1", "us-phoenix-1"],
"threshold_percentage": 75,
"policy_limit": 100
}
Review the following files in the current folder:
- Main Function, func.py
- Dependencies, requirements.txt
- Metadata, func.yaml
In Cloud Shell, run the fn deploy command to build the function and its dependencies as a Docker image, push the image to OCIR, and deploy the function to Oracle Functions in your application.
fn -v deploy --app <app-name>
fn invoke <app-name> <function-name> < test.json
e.g.:
fn invoke ServiceLimitApp ServiceLimitFunction < test.json
Assuming the other function was invoked correctly, you should see the following output after a few minutes :
{"message": "Function executed successfully"}Shortly after, the Notification Topic subscribers will recieve a message (email) with the summary of the resources sitting above the usage threshold.
- Optional - You can run the OCI Function from any OCI CLI Authorized device with a Function Invoke Endpoint. Docs: https://docs.oracle.com/en-us/iaas/Content/Functions/Tasks/functionsinvokingfunctions.htm#rawrequestinvoke Example:
oci raw-request --http-method POST --target-uri <invoke-endpoint> --request-body "<request-parameters>"
Added policy_limit as a default option and now acquires total policy count within tenancy. NOTE - OCI Tenancy Policy limits are defaulted to a limit of 100.