How to create sha256 signature for Oracle Cloud integration Rest API ?

Question

Hi Experts,

Infra:

Azure Synapse -we are using pipelines / API method to get data and create a Data Warehouse.

Source:

We have an Oracle Cloud Infrastructure (OCI ) as source , that will output the report to Oracle Cloud Storage.

OCI has a REST API resource and we can trigger the jobs using API call and get the status . ( we want to achieve this)

Target:

Azure Blob

Issue:

We wish to trigger the OCI Job using Azure Synapse pipeline using the REST API , the caveat here is we need to create a Sha256 signature using private key .

From Oracle Doc: it uses bash and open ssl to create a signature

echo "====================================================================================================="
printf '%b' "signing string is $signing_string \n"
signature=`printf '%b' "$signing_string" | openssl dgst -sha256 -sign $privateKeyPath | openssl enc -e -base64 | tr -d '\n'`
printf '%b' "Signed Request is  \n$signature\n"

From Postman collection : it has pre-req script which has the line as below to create a signature!!

I want to achieve this using Azure Synapse pipeline method , Request you experts to please guide me here . The goal is to create the signature for GET and POST methods and then send an API request to OCI to trigger the jobs.

Thank you !

Kenny Alex

Answer 1

You need to obtain the private key file from Oracle Cloud Infrastructure. This file will be used to sign the requests.

The signing string is a combination of the HTTP method, request headers, and the request target.

http_method="GET"  # or POST, depending on your request

request_target="/20160918/instances/"

host="objectstorage.us-phoenix-1.oraclecloud.com"

date=$(date -u "+%a, %d %h %Y %H:%M:%S GMT")

signing_string="(request-target): ${http_method,,} ${request_target}\nhost: $host\ndate: $date"

Use OpenSSL to sign the signing string with your private key and encode it in base64:

signature=$(printf '%b' "$signing_string" | openssl dgst -sha256 -sign /path/to/your/private_key.pem | openssl enc -e -base64 | tr -d '\n')

The authorization header includes the signature and other required details like the key ID and algorithm.

key_id="ocid1.tenancy.oc1..your-unique-key-id"

auth_header="Signature version=\"1\",keyId=\"$key_id\",algorithm=\"rsa-sha256\",headers=\"(request-target) host date\",signature=\"$signature\""

You can use Azure Synapse Pipeline Web Activity to make HTTP requests where you add headers for Authorization, Date, and Host.

{

"Authorization": "Signature version=\"1\",keyId=\"ocid1.tenancy.oc1..your-unique-key-id\",algorithm=\"rsa-sha256\",headers=\"(request-target) host date\",signature=\"$signature\"",

"Date": "Thu, 04 Jul 2024 14:27:00 GMT",

"Host": "objectstorage.us-phoenix-1.oraclecloud.com"

}

Then set the URL to the OCI endpoint you want to interact with and configure the method (GET or POST) as required (you can pass any additional required parameters)

Answer 2

@Caniut Alex You're absolutely right about the "Execute Python Script" activity not being available in Azure Synapse pipelines. I apologize for the confusion caused by my previous response.

There currently isn't a built-in activity within Synapse pipelines to directly execute Python scripts for functionalities like creating SHA256 signatures.

You can consider using Azure Data Factory (ADF) for this specific task. ADF offers a "Web Activity" that allows you to make API calls and includes options for setting headers. You could potentially use an external Python script (hosted elsewhere like Azure Functions) to generate the signature and pass it as a header within the ADF Web Activity.

I apologize again for the initial misunderstanding about the "Execute Python Script" activity in Synapse pipelines. Let me know if you have any questions about the alternative approaches or need further guidance on implementing them.