Releasing version 2.138.0

Releasing version 2.138.0

Author: oci-dex-release-bot

CHANGELOG.rst

@@ -3,6 +3,32 @@ Change Log
 All notable changes to this project will be documented in this file.
 
 The format is based on `Keep a Changelog <http://keepachangelog.com/>`_.
+====================
+2.138.0 - 2024-11-05
+====================
+
+Added 
+----- 
+* Support for calling Oracle Cloud Infrastructure services in the ap-seoul-2 region 
+* Support for calling Oracle Cloud Infrastructure services in the ap-suwon-1 region 
+* Support for calling Oracle Cloud Infrastructure services in the ap-chuncheon-2 region 
+* Support for MFA Enablement v2 in the Identity Domains service 
+* Support for starting, stopping and updating min/max executor count for SQL Endpoints in the Data Flow service 
+* Support for customer message in the Customer Incident Management Service 
+* Support for REJECTED limitStatus in the Customer Incident Management Service   
+
+Fixed 
+----- 
+* Issue with using `OkeWorkloaIdentityResourcePrincipalSigner` after the PyJWT upgrade to 2.4.0 introduced int OCI Python SDK `2.137.1` 
+* UserWarning being emitted from Cryptography 43.x   
+
+Breaking 
+-------- 
+* The operations `get_status` and `get_csi_number` were removed from the IncidentClient in the Customer Incident Management Service 
+* The property `service_categories` was removed from the model `IncidentResourceType` in the Customer Incident Management Service 
+* The properties `service_category` and `issue_type` were removed from the model `ServiceCategories` in the Customer Incident Management Service 
+* The retry strategy for getting the X509 token from Identity service was modified and is now protected via circuit breaker   
+
 ====================
 2.137.1 - 2024-10-29
 ====================

docs/api/cims.rst

@@ -47,7 +47,10 @@ Cims
     oci.cims.models.ServiceCategories
     oci.cims.models.ServiceCategory
     oci.cims.models.Status
+    oci.cims.models.SubCategories
     oci.cims.models.SubCategory
+    oci.cims.models.SubComponents
+    oci.cims.models.SubscriptionInfo
     oci.cims.models.TechSupportItem
     oci.cims.models.TenancyInformation
     oci.cims.models.Ticket

docs/api/cims/models/oci.cims.models.SubCategories.rst

@@ -0,0 +1,11 @@
+SubCategories
+=============
+
+.. currentmodule:: oci.cims.models
+
+.. autoclass:: SubCategories
+    :show-inheritance:
+    :special-members: __init__
+    :members:
+    :undoc-members:
+    :inherited-members:

docs/api/cims/models/oci.cims.models.SubComponents.rst

@@ -0,0 +1,11 @@
+SubComponents
+=============
+
+.. currentmodule:: oci.cims.models
+
+.. autoclass:: SubComponents
+    :show-inheritance:
+    :special-members: __init__
+    :members:
+    :undoc-members:
+    :inherited-members:

docs/api/cims/models/oci.cims.models.SubscriptionInfo.rst

@@ -0,0 +1,11 @@
+SubscriptionInfo
+================
+
+.. currentmodule:: oci.cims.models
+
+.. autoclass:: SubscriptionInfo
+    :show-inheritance:
+    :special-members: __init__
+    :members:
+    :undoc-members:
+    :inherited-members:

docs/api/identity_domains.rst

@@ -156,6 +156,7 @@ Identity Domains
     oci.identity_domains.models.CloudGateServers
     oci.identity_domains.models.CloudGates
     oci.identity_domains.models.Condition
+    oci.identity_domains.models.ConditionExtensionOciconsolesignonpolicyconsentPolicy
     oci.identity_domains.models.ConditionSearchRequest
     oci.identity_domains.models.Conditions
     oci.identity_domains.models.CustomerSecretKey
@@ -343,6 +344,12 @@ Identity Domains
     oci.identity_domains.models.OAuthPartnerCertificate
     oci.identity_domains.models.OAuthPartnerCertificateSearchRequest
     oci.identity_domains.models.OAuthPartnerCertificates
+    oci.identity_domains.models.OciConsoleSignOnPolicyConsent
+    oci.identity_domains.models.OciConsoleSignOnPolicyConsentConsentSignedBy
+    oci.identity_domains.models.OciConsoleSignOnPolicyConsentModifiedResource
+    oci.identity_domains.models.OciConsoleSignOnPolicyConsentPolicyResource
+    oci.identity_domains.models.OciConsoleSignOnPolicyConsentSearchRequest
+    oci.identity_domains.models.OciConsoleSignOnPolicyConsents
     oci.identity_domains.models.Operations
     oci.identity_domains.models.PasswordPolicies
     oci.identity_domains.models.PasswordPolicy
@@ -352,14 +359,17 @@ Identity Domains
     oci.identity_domains.models.PatchOp
     oci.identity_domains.models.Policies
     oci.identity_domains.models.Policy
+    oci.identity_domains.models.PolicyExtensionOciconsolesignonpolicyconsentPolicy
     oci.identity_domains.models.PolicyPolicyType
     oci.identity_domains.models.PolicyRules
     oci.identity_domains.models.PolicySearchRequest
     oci.identity_domains.models.ResourceTypeSchemaAttribute
     oci.identity_domains.models.ResourceTypeSchemaAttributeSearchRequest
     oci.identity_domains.models.ResourceTypeSchemaAttributes
+    oci.identity_domains.models.RestoreOciConsolePolicy
     oci.identity_domains.models.Rule
     oci.identity_domains.models.RuleConditionGroup
+    oci.identity_domains.models.RuleExtensionOciconsolesignonpolicyconsentPolicy
     oci.identity_domains.models.RulePolicyType
     oci.identity_domains.models.RuleReturn
     oci.identity_domains.models.RuleSearchRequest

docs/api/identity_domains/models/oci.identity_domains.models.ConditionExtensionOciconsolesignonpolicyconsentPolicy.rst

@@ -0,0 +1,11 @@
+ConditionExtensionOciconsolesignonpolicyconsentPolicy
+=====================================================
+
+.. currentmodule:: oci.identity_domains.models
+
+.. autoclass:: ConditionExtensionOciconsolesignonpolicyconsentPolicy
+    :show-inheritance:
+    :special-members: __init__
+    :members:
+    :undoc-members:
+    :inherited-members:

docs/api/identity_domains/models/oci.identity_domains.models.OciConsoleSignOnPolicyConsent.rst

@@ -0,0 +1,11 @@
+OciConsoleSignOnPolicyConsent
+=============================
+
+.. currentmodule:: oci.identity_domains.models
+
+.. autoclass:: OciConsoleSignOnPolicyConsent
+    :show-inheritance:
+    :special-members: __init__
+    :members:
+    :undoc-members:
+    :inherited-members:

docs/api/identity_domains/models/oci.identity_domains.models.OciConsoleSignOnPolicyConsentConsentSignedBy.rst

@@ -0,0 +1,11 @@
+OciConsoleSignOnPolicyConsentConsentSignedBy
+============================================
+
+.. currentmodule:: oci.identity_domains.models
+
+.. autoclass:: OciConsoleSignOnPolicyConsentConsentSignedBy
+    :show-inheritance:
+    :special-members: __init__
+    :members:
+    :undoc-members:
+    :inherited-members:

docs/api/identity_domains/models/oci.identity_domains.models.OciConsoleSignOnPolicyConsentModifiedResource.rst

@@ -0,0 +1,11 @@
+OciConsoleSignOnPolicyConsentModifiedResource
+=============================================
+
+.. currentmodule:: oci.identity_domains.models
+
+.. autoclass:: OciConsoleSignOnPolicyConsentModifiedResource
+    :show-inheritance:
+    :special-members: __init__
+    :members:
+    :undoc-members:
+    :inherited-members:

docs/api/identity_domains/models/oci.identity_domains.models.OciConsoleSignOnPolicyConsentPolicyResource.rst

@@ -0,0 +1,11 @@
+OciConsoleSignOnPolicyConsentPolicyResource
+===========================================
+
+.. currentmodule:: oci.identity_domains.models
+
+.. autoclass:: OciConsoleSignOnPolicyConsentPolicyResource
+    :show-inheritance:
+    :special-members: __init__
+    :members:
+    :undoc-members:
+    :inherited-members:

docs/api/identity_domains/models/oci.identity_domains.models.OciConsoleSignOnPolicyConsentSearchRequest.rst

@@ -0,0 +1,11 @@
+OciConsoleSignOnPolicyConsentSearchRequest
+==========================================
+
+.. currentmodule:: oci.identity_domains.models
+
+.. autoclass:: OciConsoleSignOnPolicyConsentSearchRequest
+    :show-inheritance:
+    :special-members: __init__
+    :members:
+    :undoc-members:
+    :inherited-members:

docs/api/identity_domains/models/oci.identity_domains.models.OciConsoleSignOnPolicyConsents.rst

@@ -0,0 +1,11 @@
+OciConsoleSignOnPolicyConsents
+==============================
+
+.. currentmodule:: oci.identity_domains.models
+
+.. autoclass:: OciConsoleSignOnPolicyConsents
+    :show-inheritance:
+    :special-members: __init__
+    :members:
+    :undoc-members:
+    :inherited-members:

docs/api/identity_domains/models/oci.identity_domains.models.PolicyExtensionOciconsolesignonpolicyconsentPolicy.rst

@@ -0,0 +1,11 @@
+PolicyExtensionOciconsolesignonpolicyconsentPolicy
+==================================================
+
+.. currentmodule:: oci.identity_domains.models
+
+.. autoclass:: PolicyExtensionOciconsolesignonpolicyconsentPolicy
+    :show-inheritance:
+    :special-members: __init__
+    :members:
+    :undoc-members:
+    :inherited-members:

docs/api/identity_domains/models/oci.identity_domains.models.RestoreOciConsolePolicy.rst

@@ -0,0 +1,11 @@
+RestoreOciConsolePolicy
+=======================
+
+.. currentmodule:: oci.identity_domains.models
+
+.. autoclass:: RestoreOciConsolePolicy
+    :show-inheritance:
+    :special-members: __init__
+    :members:
+    :undoc-members:
+    :inherited-members:

docs/api/identity_domains/models/oci.identity_domains.models.RuleExtensionOciconsolesignonpolicyconsentPolicy.rst

@@ -0,0 +1,11 @@
+RuleExtensionOciconsolesignonpolicyconsentPolicy
+================================================
+
+.. currentmodule:: oci.identity_domains.models
+
+.. autoclass:: RuleExtensionOciconsolesignonpolicyconsentPolicy
+    :show-inheritance:
+    :special-members: __init__
+    :members:
+    :undoc-members:
+    :inherited-members:

src/oci/auth/auth_utils.py

@@ -3,19 +3,22 @@
 # This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose either license.
 
 import random
+import warnings
 from oci._vendor import six
 
 
 def get_tenancy_id_from_certificate(cert):
     if not cert:
         raise RuntimeError('A certificate must be provided')
 
-    for name_attribute in cert.subject:
-        val = name_attribute.value
-        if val.startswith('opc-tenant:'):
-            return val[len('opc-tenant:'):]
-        if val.startswith('opc-identity:'):
-            return val[len('opc-identity:'):]
+    with warnings.catch_warnings():
+        warnings.simplefilter('ignore', UserWarning)
+        for name_attribute in cert.subject:
+            val = name_attribute.value
+            if val.startswith('opc-tenant:'):
+                return val[len('opc-tenant:'):]
+            if val.startswith('opc-identity:'):
+                return val[len('opc-identity:'):]
 
     raise RuntimeError('The certificate does not contain a tenancy OCID')
 

src/oci/auth/federation_client.py

@@ -15,6 +15,10 @@
 import logging
 import pprint
 
+from oci.circuit_breaker import CircuitBreakerStrategy, NoCircuitBreakerStrategy
+from circuitbreaker import CircuitBreakerMonitor
+import random
+
 
 class X509FederationClient(object):
     REQUIRED_INIT_KWARGS = [
@@ -62,12 +66,19 @@ def __init__(self, **kwargs):
 
         :param obj retry_strategy: (optional)
             A retry strategy to apply to calls made by this client. This should be one of the strategies available in
-            the :py:mod:`~oci.retry` module. A convenience :py:data:`~oci.retry.DEFAULT_RETRY_STRATEGY` is also available and
-            will be used if no explicit retry strategy is specified.
+            the :py:mod:`~oci.retry` module. A convenience :py:data:`~oci.retry.DEFAULT_FEDERATION_CLIENT_RETRY_STRATEGY`
+            is also available and will be used if no explicit retry strategy is specified.
+
+            The specifics of the retry strategy are described `here <https://docs.oracle.com/en-us/iaas/tools/python/latest/sdk_behaviors/retries.html>`__.
+
+            To have this client explicitly not perform any retries, pass an instance of :py:class:`~oci.retry.NoneRetryStrategy`.
 
-            The specifics of the default retry strategy are described `here <https://docs.oracle.com/en-us/iaas/tools/python/latest/sdk_behaviors/retries.html>`__.
+        :param obj circuit_breaker_strategy: (optional)
+            The circuit_breaker_strategy to apply to calls made by this client. This should be one of the strategies
+            available in the :py:mod:`~oci.circuit_breaker` module. A convenience :py:data:`~oci.circuit_breaker.DEFAULT_FEDERATION_CLIENT_CIRCUIT_BREAKER_STRATEGY`
+            is also available and will be used if no explicit retry strategy is specified.
 
-            To have this operation explicitly not perform any retries, pass an instance of :py:class:`~oci.retry.NoneRetryStrategy`.
+            To have this client explicitly not have any circuit breaker, pass an instance of :py:class:`~oci.circuit_breaker.NoCircuitBreakerStrategy`.
 
         :param bool log_requests: (optional)
         log_request if set to True, will log the request url and response data when retrieving
@@ -116,10 +127,39 @@ def __init__(self, **kwargs):
         if retry_strategy:
             self.retry_strategy = retry_strategy
         else:
-            self.retry_strategy = oci.retry.DEFAULT_RETRY_STRATEGY
+            self.logger.debug('Setting DEFAULT_FEDERATION_CLIENT_RETRY_STRATEGY for federation client')
+            self.retry_strategy = oci.retry.DEFAULT_FEDERATION_CLIENT_RETRY_STRATEGY
+
+        # Setup Circuit breaker strategy
+        self._set_circuit_breaker_strategy(circuit_breaker_strategy=kwargs.get('circuit_breaker_strategy'))
 
         self.requests_session = requests.Session()
 
+    def _set_circuit_breaker_strategy(self, circuit_breaker_strategy):
+        self.circuit_breaker_strategy = circuit_breaker_strategy
+        # If not set by client use the GLOBAL_FEDERATION_CLIENT_CIRCUIT_BREAKER_STRATEGY
+        if circuit_breaker_strategy is None:
+            self.circuit_breaker_strategy = oci.circuit_breaker.GLOBAL_FEDERATION_CLIENT_CIRCUIT_BREAKER_STRATEGY
+
+        # Skip enabling circuit breaker if NoCircuitBreakerStrategy is set
+        if isinstance(circuit_breaker_strategy, NoCircuitBreakerStrategy):
+            self.logger.debug('No circuit breaker strategy enabled!')
+        else:
+            # Enable Circuit breaker if a valid circuit breaker strategy is available
+            if not isinstance(self.circuit_breaker_strategy, CircuitBreakerStrategy):
+                raise TypeError('Invalid Circuit Breaker Strategy!')
+            self.logger.debug('Enabling circuit breaker strategy for federation client')
+            # Set the recovery timeout a random value between 30 seconds to 49 seconds
+            if self.circuit_breaker_strategy == oci.circuit_breaker.DEFAULT_FEDERATION_CLIENT_CIRCUIT_BREAKER_STRATEGY:
+                self.logger.debug('Using DEFAULT_FEDERATION_CLIENT_CIRCUIT_BREAKER_STRATEGY for federation client')
+                self.circuit_breaker_strategy.recovery_timeout = random.randint(30, 49)
+            # Re-use Circuit breaker if sharing a Circuit Breaker Strategy.
+            circuit_breaker = CircuitBreakerMonitor.get(self.circuit_breaker_strategy.name)
+            if circuit_breaker is None:
+                circuit_breaker = self.circuit_breaker_strategy.get_circuit_breaker()
+            # Equivalent to decorating the request function with Circuit Breaker
+            self._get_security_token_from_auth_service = circuit_breaker(self._get_security_token_from_auth_service)
+
     def refresh_security_token(self):
         return self._refresh_security_token_inner()
 
@@ -188,6 +228,13 @@ def _get_security_token_from_auth_service(self):
             if response.ok:
                 raise RuntimeError(error_text)
             else:
+                if isinstance(self.circuit_breaker_strategy, CircuitBreakerStrategy) and self.circuit_breaker_strategy.is_transient_error(response.status_code, response.reason):
+                    raise oci.exceptions.TransientServiceError(
+                        response.status_code,
+                        response.reason,
+                        response.headers,
+                        error_text
+                    )
                 raise oci.exceptions.ServiceError(
                     response.status_code,
                     response.reason,
@@ -196,6 +243,13 @@ def _get_security_token_from_auth_service(self):
                 )
 
         if not response.ok:
+            if isinstance(self.circuit_breaker_strategy, CircuitBreakerStrategy) and self.circuit_breaker_strategy.is_transient_error(response.status_code, response.reason):
+                raise oci.exceptions.TransientServiceError(
+                    response.status_code,
+                    parsed_response.get('code'),
+                    response.headers,
+                    parsed_response.get('message')
+                )
             raise oci.exceptions.ServiceError(
                 response.status_code,
                 parsed_response.get('code'),