Connectors and Connections > Data Ingestion and Replication connection properties > Oracle Cloud Object Storage connections

Oracle Cloud Object Storage connections

Create a Oracle Cloud Object Storage connection to read data from or write data to Oracle Cloud Object Storage files. You can use Oracle Cloud Object Storage connections to specify sources and targets in mappings and mapping tasks.

Prerequisites

Before you create an Oracle Cloud Object Storage connection to read from or write to Oracle Cloud Object Storage, be sure to complete the prerequisites.

Configure Oracle Cloud Infrastructure policies

As a user, you can use Oracle Cloud Object Storage Connector after the organization administrator creates a minimal Oracle Cloud Infrastructure (OCI) Identity and Access Management (IAM) policy for Oracle Cloud Object Storage Connector.

The Oracle Cloud Infrastructure policy defines the resources that users and groups can access in an OCI account and how to access them. You can use policies to manage certain types of resources in a specific compartment in certain ways.

You need to perform the following tasks:

1Define users, groups, and one or more compartments to hold the cloud resources for your organization.
2Create the policies.
3Place users into the appropriate groups depending on the compartments and resources they need to work with.
4Provide the users with the one-time passwords that they need to access the console and work with the compartments.

For more information about adding users, groups, and policies, see Oracle Cloud Infrastructure documentation.

You can create a policy in the following format:

Allow group <group_name> to <verb> <resource-type> in compartment <compartment_name>

For example,

Allow group ObjectReaders to read buckets in compartment ABC

Allow group ObjectWriters to manage objects in compartment ABC where any {request.permission='OBJECT_CREATE', request.permission='OBJECT_INSPECT'}

You need to add the following policies to configure the Oracle Cloud Object Storage connection, access objects, and run mappings:

•Policies for Oracle Cloud Object Storage test connection

Allow group <group_name> to inspect object-family in compartment <compartment_name>

Allow group <group_name> to inspect buckets in compartment <compartment_name>

•Policies for Oracle Cloud Object Storage sources

Allow group <group_name> to inspect buckets in compartment <compartment_name>

Allow group <group_name> to read object-family in compartment <compartment_name>

•Policies for Oracle Cloud Object Storage targets

Allow group <group_name> to manage inspect buckets in compartment <compartment_name>

Allow group <group_name> to manage object-family in compartment <compartment_name>

Prepare for authentication

You can configure the following authentication methods for Oracle Cloud Object Storage Connector:

ConfigFile authentication: The ConfigFile authentication uses identity credentials of Oracle Cloud Infrastructure (OCI) account provided through a configuration file for authentication. This authentication method is based on the profile selected in the configuration file.; You can create a configuration file in the following format:; You require the user OCID, fingerprint, and tenancy OCID information from the OCI account for the configuration file.; For more information about the steps to extract the identity credentials from the Oracle Cloud Infrastructure Console, see the Oracle Cloud Infrastructure documentation.; By default, the OCI configuration file is located at ~/.oci/config on the Secure Agent machine. The ~/.oci/config file can contain several profiles. The default profile name is DEFAULT. You can change the default profile name to any new profile names based on the profiles that you add to the ~/.oci/config file. The ~/.oci/config file cannot contain two profiles with the same name.
Simple authentication: The simple authentication uses API keys for authentication. You can provide the authentication details in the Oracle Cloud Object Storage connection. You need to place the private key file in the Secure Agent machine.; You require the user OCID, fingerprint, and tenancy OCID information from the Oracle Cloud Infrastructure account to create an Oracle Cloud Object Storage connection.; For more information about the steps to extract the identity credentials from the Oracle Cloud Infrastructure Console, see the Oracle Cloud Infrastructure documentation.

Connect to Oracle Cloud Object Storage

Let's configure the Oracle Cloud Object Storage connection properties to connect to Oracle Cloud Object Storage.

Before you begin

Before you get started, configure the Oracle Cloud Infrastructure policies and get the required information from your Oracle Cloud Infrastructure account based on the authentication type that you want to configure.

Check out Prerequisites to learn more about these tasks.

Connection details

When you create an Oracle Cloud Object Storage connection, configure the connection properties.

The following table describes the basic connection properties:

Property	Description
Connection Name	Name of the connection. Each connection name must be unique within the organization. Connection names can contain alphanumeric characters, spaces, and the following special characters: _ . + -, Maximum length is 255 characters.
Description	Description of the connection. Maximum length is 4000 characters.
Use Secret Vault	Stores sensitive credentials for this connection in the secrets manager that is configured for your organization. This property appears only if secrets manager is set up for your organization. This property is not supported by Data Ingestion and Replication and the Data Access Management services. When you enable the secret vault in the connection, you can select which credentials that the Secure Agent retrieves from the secrets manager. If you don't enable this option, the credentials are stored in the repository or on a local Secure Agent, depending on how your organization is configured. Note: If you’re using this connection to apply data access policies through pushdown or proxy services, you cannot use the Secret Vault configuration option. For information about how to configure and use a secrets manager, see Secrets manager configuration.
Runtime Environment	The name of the runtime environment where you want to run tasks. Select a Secure Agent or elastic runtime environment. For database ingestion and replication tasks, you can use the Secure Agent or serverless runtime environment. You can't run tasks on a Hosted Agent or elastic runtime environment.

Authentication types

You can configure ConfigFile or simple authentication to connect to Oracle Cloud Object Storage. Select the required authentication type and then configure the authentication-specific parameters.

Default is ConfigFile Authentication.

ConfigFile authentication

The following table describes the basic connection properties for ConfigFile authentication:

Property	Description
Region	The Oracle Cloud Infrastructure region where the object storage bucket resides. Select the Oracle Cloud Object Storage region from the list.
Bucket Name	The Oracle Cloud Object Storage bucket name that contains the objects.

Advanced settings

The following table describes the advanced connection properties for ConfigFile authentication:

Property	Description
Configuration File Location	The absolute path of the configuration file on the Secure Agent machine. If you do not enter the value, the Secure Agent uses the following configuration file path: ~/.oci/config
Profile Name	The name of the profile in the configuration file that you want to use. Default is DEFAULT.
Folder Path	The folder under the specified Oracle Cloud Object Storage bucket. For example, bucket/Dir_1/Dir_2/FileName.txt. Here, Dir_1/Dir_2 is the folder path.

Simple authentication

The following table describes the basic connection properties for simple authentication:

Property	Description
User OCID	The unique identifier of the user in Oracle Cloud Infrastructure. For example, ocid1.user.oc1..aaaaaaaaherdgpjknqzrwbdc7n5ksokkot7c5jngtx3pgolr7oqbw7xzksza
Fingerprint	The fingerprint of the public key.
Tenancy OCID	The unique identifier of the tenancy in Oracle Cloud Infrastructure. The tenancy is the globally unique name of the Oracle Cloud Infrastructure account. For example, ocid1.tenancy.oc1..aaaaaaaaba3pv6wkcr4jqae5f44n2b2m2yt2j6rx32uzr4h25vqstifsfdsq
Private Key File Location	The location of the private key file in .PEM format on the Secure Agent machine.
Region	The Oracle Cloud Infrastructure region where the object storage bucket resides. Select the Oracle Cloud Object Storage region from the list.
Bucket Name	The Oracle Cloud Object Storage bucket name that contains the objects.

Advanced settings

The following table describes the advanced connection property for simple authentication:

Property	Description
Folder Path	The folder under the specified Oracle Cloud Object Storage bucket. For example, bucket/Dir_1/Dir_2/FileName.txt. Here, Dir_1/Dir_2 is the folder path.

Proxy server settings

If your organization uses an outgoing proxy server to connect to the Internet, the Secure Agent connects to Informatica Intelligent Cloud Services through the proxy server.

You can configure the Secure Agent to use the proxy server on Windows and Linux. You can use the unauthenticated or authenticated proxy server.

Note: You cannot use a proxy server with managed identity authentication.

You can use one of the following types of proxy servers:

•Unauthenticated proxy - Requires only the host and port address for configuration.
•Authenticated proxy - Requires the host address, port address, user name, and password for configuration.

To configure proxy settings for the Secure Agent, use one of the following methods:

•Configure the Secure Agent through the Secure Agent Manager on Windows or shell command on Linux.

For instructions, see Configure the proxy settings on Windows or Configure the proxy settings on Linux.

•Configure the JVM options for the DTM in the Secure Agent properties. For instructions, see the Proxy server settings Knowledge article.