search

oracle / oci-python-sdk

Oracle Cloud Infrastructure SDK for Python
https://cloud.oracle.com/cloud-infrastructure
Other
393 stars 281 forks source link

Cloud Guard 404 Error #719

Closed veeravastavg closed 2 weeks ago

veeravastavg commented 2 weeks ago

After writing the below code:

import oci config = oci.config.from_file() cloud_guard_client = oci.cloud_guard.CloudGuardClient(config) list_problems = cloud_guard_client.list_problems(compartment_id=config['tenancy']) print(list_problems.data)

getting the below error: Traceback (most recent call last): File "/workspaces/oci-python/CloudGuard/cloudGuard_score_and_recommendations.py", line 6, in list_problems = cloud_guard_client.list_problems(compartment_id=config['tenancy']) File "/usr/local/python/3.10.13/lib/python3.10/site-packages/oci/cloud_guard/cloud_guard_client.py", line 10439, in list_problems return self.base_client.call_api( File "/usr/local/python/3.10.13/lib/python3.10/site-packages/oci/base_client.py", line 535, in call_api response = self.request(request, allow_control_chars, operation_name, api_reference_link) File "/usr/local/python/3.10.13/lib/python3.10/site-packages/circuitbreaker.py", line 159, in wrapper return call(function, *args, *kwargs) File "/usr/local/python/3.10.13/lib/python3.10/site-packages/circuitbreaker.py", line 170, in call return func(args, **kwargs) File "/usr/local/python/3.10.13/lib/python3.10/site-packages/oci/base_client.py", line 726, in request self.raise_service_error(request, response, service_code, message, operation_name, api_reference_link, target_service, request_endpoint, client_version, timestamp, deserialized_data) File "/usr/local/python/3.10.13/lib/python3.10/site-packages/oci/base_client.py", line 891, in raise_service_error raise exceptions.ServiceError( oci.exceptions.ServiceError: {'target_service': 'cloud_guard', 'status': 404, 'code': 404, 'opc-request-id': 'D4D96AFB2D70451AA13669F74F070658/13E3D860EF6CD480897A2626F7131F7A/6FACFC5429880D060753EF4FBE4292E4', 'message': 'Authorization failed or requested resource not found', 'operation_name': 'list_problems', 'timestamp': '2024-11-11T03:50:47.964976+00:00', 'client_version': 'Oracle-PythonSDK/2.137.1', 'request_endpoint': 'GET https://cloudguard-cp-api.ap-hyderabad-1.oci.oraclecloud.com/20200131/problems', 'logging_tips': 'To get more info on the failing request, refer to https://docs.oracle.com/en-us/iaas/tools/python/latest/logging.html for ways to log the request/response details.', 'troubleshooting_tips': "See https://docs.oracle.com/iaas/Content/API/References/apierrors.htm#apierrors_404__404_404 for more information about resolving this error. Also see https://docs.oracle.com/iaas/api/#/en/cloud-guard/20200131/Problem/ListProblems for details on this operation's requirements. If you are unable to resolve this cloud_guard issue, please contact Oracle support and provide them this full error message."}

In the console my user is in administrator group with policy to manage all-resources in tenancy. while trying the same with new domain accounts able to fetch the details as expected. but i am not able to fetch the details for idcs cloud accounts.

adizohar commented 2 weeks ago

Can you please run the below with cloud shell of your tenant ? 

import oci
config = oci.config.from_file()
signer = None
delegation_token_location = config["delegation_token_file"]

with open(delegation_token_location, 'r') as delegation_token_file:
    delegation_token = delegation_token_file.read().strip()
    signer = oci.auth.signers.InstancePrincipalsDelegationTokenSigner(delegation_token=delegation_token)

cloud_guard_client = oci.cloud_guard.CloudGuardClient(config, signer=signer)
list_problems = cloud_guard_client.list_problems(compartment_id=config['tenancy'])
print(list_problems.data)
veeravastavg commented 2 weeks ago

getting the following error after running the commands:

xxxxxxxxx@cloudshell:test (ap-hyderabad-1)$ cat test.py import oci config = oci.config.from_file() signer = None delegation_token_location = config["delegation_token_file"]

with open(delegation_token_location, 'r') as delegation_token_file: delegation_token = delegation_token_file.read().strip() signer = oci.auth.signers.InstancePrincipalsDelegationTokenSigner(delegation_token=delegation_token)

cloud_guard_client = oci.cloud_guard.CloudGuardClient(config, signer=signer) list_problems = cloud_guard_client.list_problems(compartment_id=config['tenancy']) print(list_problems.data)

xxxxxxxxxxxx@cloudshell:test (ap-hyderabad-1)$ python test.py /opt/rh/rh-python38/root/usr/local/lib/python3.8/site-packages/oci/auth/auth_utils.py:13: UserWarning: Attribute's length must be >= 1 and <= 64, but it was 94 for name_attribute in cert.subject: Traceback (most recent call last): File "test.py", line 11, in list_problems = cloud_guard_client.list_problems(compartment_id=config['tenancy']) File "/opt/rh/rh-python38/root/usr/local/lib/python3.8/site-packages/oci/cloud_guard/cloud_guard_client.py", line 10439, in list_problems return self.base_client.call_api( File "/opt/rh/rh-python38/root/usr/local/lib/python3.8/site-packages/oci/base_client.py", line 526, in call_api return self.request(request, allow_control_chars, operation_name, api_reference_link) File "/opt/rh/rh-python38/root/usr/local/lib/python3.8/site-packages/circuitbreaker.py", line 146, in wrapper return self.call(function, *args, *kwargs) File "/opt/rh/rh-python38/root/usr/local/lib/python3.8/site-packages/circuitbreaker.py", line 188, in call return func(args, **kwargs) File "/opt/rh/rh-python38/root/usr/local/lib/python3.8/site-packages/oci/base_client.py", line 726, in request self.raise_service_error(request, response, service_code, message, operation_name, api_reference_link, target_service, request_endpoint, client_version, timestamp, deserialized_data) File "/opt/rh/rh-python38/root/usr/local/lib/python3.8/site-packages/oci/base_client.py", line 891, in raise_service_error raise exceptions.ServiceError( oci.exceptions.ServiceError: {'target_service': 'cloud_guard', 'status': 404, 'code': 404, 'opc-request-id': 'BD28973CA1674AF2BDAD13BD0104EEE3/234A4BC547CEEC1A56F0FBDC8BB42CB1/C861EC6CDD3493BC8B929A9C1C6F555E', 'message': 'Authorization failed or requested resource not found', 'operation_name': 'list_problems', 'timestamp': '2024-11-12T01:58:44.432458+00:00', 'client_version': 'Oracle-PythonSDK/2.137.0', 'request_endpoint': 'GET https://cloudguard-cp-api.ap-hyderabad-1.oci.oraclecloud.com/20200131/problems', 'logging_tips': 'To get more info on the failing request, refer to https://docs.oracle.com/en-us/iaas/tools/python/latest/logging.html for ways to log the request/response details.', 'troubleshooting_tips': "See https://docs.oracle.com/iaas/Content/API/References/apierrors.htm#apierrors_404__404_404 for more information about resolving this error. Also see https://docs.oracle.com/iaas/api/#/en/cloud-guard/20200131/Problem/ListProblems for details on this operation's requirements. If you are unable to resolve this cloud_guard issue, please contact Oracle support and provide them this full error message."}

adizohar commented 2 weeks ago

Does the cloud guard enable on this tenant ? Cloud Guard is not enabled by default Can you please post screenshot from the cloud guard screen shows problems on the right ?

veeravastavg commented 2 weeks ago

Yes cloud guard is enabled in this tenant PFB snippet

cloudGuard

adizohar commented 2 weeks ago

Thank you for the info above, I am trying to find what is the issue.

Can you please use cloud shell to run oci cli:

oci cloud-guard problem list --compartment-id $C
and $C will be any compartment you have on the right (try not the root)

Also, can you try to run the test.py with compartment Id below (not the tenant id) choose any compartment you have problems:

list_problems = cloud_guard_client.list_problems(compartment_id="ocid...")
veeravastavg commented 2 weeks ago

ServiceError: { "client_version": "Oracle-PythonSDK/2.137.0, Oracle-PythonCLI/3.49.3", "code": 404, "logging_tips": "Please run the OCI CLI command using --debug flag to find more debug information.", "message": "Authorization failed or requested resource not found", "opc-request-id": "A1AFE28583554AEEB34F8E4D4EC3A1A3/81EF7E4ABFD063130411708D94AB7C5F/415814DC093E0F383593E49487413883", "operation_name": "list_problems", "request_endpoint": "GET https://cloudguard-cp-api.ap-hyderabad-1.oci.oraclecloud.com/20200131/problems", "status": 404, "target_service": "cloud_guard", "timestamp": "2024-11-12T02:22:10.952238+00:00", "troubleshooting_tips": "See [https://docs.oracle.com/iaas/Content/API/References/apierrors.htm] for more information about resolving this error. If you are unable to resolve this issue, run this CLI command with --debug option and contact Oracle support and provide them the full error message." }

adizohar commented 2 weeks ago

If both Python SDK and OCI CLI cause issue, I would open ticket to Oracle Support, for Cloud Guard and specify the error including the opc-request-id, they can engage the correct team to track it.

You mentioned that this tenant is IDCS and without Domains, any reason it was not updated to IAM domains ?

There is no issue with the SDK, it is service issue according to your error.

veeravastavg commented 2 weeks ago

I will raise the ticket to oracle support This is an old account Thanks for the help

adizohar commented 2 weeks ago

Sorry I could not help more, I could not ask you to provide tenant information here which is a public site.