Oracle Cloud Infrastructure Golang SDK

wercker status

This is the Go SDK for Oracle Cloud Infrastructure. This project is open source and maintained by Oracle Corp. The home page for the project is here.

WARNING:: To avoid automatically consuming breaking changes if we have to rev the major version of the Go SDK, please consider using the Go dependency management tool, or vendoring the SDK. This will allow you to pin to a specific version of the Go SDK in your project, letting you control how and when you move to the next major version.



Use the following command to install this SDK:

go get -u

Alternatively you can git clone this repo.

Working with the Go SDK

To start working with the Go SDK, you import the service package, create a client, and then use that client to make calls.


Before using the SDK, set up a config file with the required credentials. See SDK and Tool Configuration for instructions.

Note that the Go SDK does not support profile inheritance or defining custom values in the configuration file.

Once a config file has been setup, call common.DefaultConfigProvider() function as follows:

// Import necessary packages
import (
   "" // Identity or any other service you wish to make requests to


configProvider := common.DefaultConfigProvider()

Or, to configure the SDK programmatically instead, implement the ConfigurationProvider interface shown below:

// ConfigurationProvider wraps information about the account owner
type ConfigurationProvider interface {
   TenancyOCID() (string, error)
   UserOCID() (string, error)
   KeyFingerprint() (string, error)
   Region() (string, error)

Or simply use one of structs exposed by the oci-go-sdk that already implement the above interface

Making a Request

To make a request to an Oracle Cloud Infrastructure service, create a client for the service and then use the client to call a function from the service.

  • Creating a client: All packages provide a function to create clients, using the naming convention New<ServiceName>ClientWithConfigurationProvider, such as NewVirtualNetworkClientWithConfigurationProvider or NewIdentityClientWithConfigurationProvider. To create a new client, pass a struct that conforms to the ConfigurationProvider interface, or use the DefaultConfigProvider() function in the common package.

For example:

config := common.DefaultConfigProvider()
client, err := identity.NewIdentityClientWithConfigurationProvider(config)
if err != nil { 
  • Making calls: After successfully creating a client, requests can now be made to the service. Generally all functions associated with an operation accept context.Context and a struct that wraps all input parameters. The functions then return a response struct that contains the desired data, and an error struct that describes the error if an error occurs.

For example:

id := "your_group_id"
response, err := client.GetGroup(context.Background(), identity.GetGroupRequest{GroupId:&id})
if err != nil {
	//Something happened
//Process the data in response struct
fmt.Println("Group's name is:", response.Name)

Organization of the SDK

The oci-go-sdk contains the following:

  • Service packages: All packages except common and any other package found inside cmd. These packages represent the Oracle Cloud Infrastructure services supported by the Go SDK. Each package represents a service. These packages include methods to interact with the service, structs that model input and output parameters, and a client struct that acts as receiver for the above methods.

  • Common package: Found in the common directory. The common package provides supporting functions and structs used by service packages. Includes HTTP request/response (de)serialization, request signing, JSON parsing, pointer to reference and other helper functions. Most of the functions in this package are meant to be used by the service packages.

  • cmd: Internal tools used by the oci-go-sdk.


Examples can be found here


Full documentation can be found on the godocs site.



oci-go-sdk is an open source project. See CONTRIBUTING for details.

Oracle gratefully acknowledges the contributions to oci-go-sdk that have been made by the community.


Copyright (c) 2016, 2018, 2020, Oracle and/or its affiliates. All rights reserved. This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at or Apache License 2.0 as shown at You may choose either license.

See LICENSE for more details.



Known Issues

You can find information on any known issues with the SDK here and under the Issues tab of this project's GitHub repository.

Building and Testing

Dev Dependencies
  • Install Testify with the command:
go get
  • Install go lint with the command:
go get -u

Building is provided by the make file at the root of the project. To build the project execute.

make build

To run the tests:

make test



This is the official Go SDK for Oracle Cloud Infrastructure


Refer to for installation instructions.


Refer to for configuration instructions.


The following example shows how to get started with the SDK. The example belows creates an identityClient struct with the default configuration. It then utilizes the identityClient to list availability domains and prints them out to stdout

import (


func main() {
	c, err := identity.NewIdentityClientWithConfigurationProvider(common.DefaultConfigProvider())
	if err != nil {
		fmt.Println("Error:", err)

	// The OCID of the tenancy containing the compartment.
	tenancyID, err := common.DefaultConfigProvider().TenancyOCID()
	if err != nil {
		fmt.Println("Error:", err)

	request := identity.ListAvailabilityDomainsRequest{
		CompartmentId: &tenancyID,

	r, err := c.ListAvailabilityDomains(context.Background(), request)
	if err != nil {
		fmt.Println("Error:", err)

	fmt.Printf("List of available domains: %v", r.Items)

More examples can be found in the SDK Github repo:

Optional Fields in the SDK

Optional fields are represented with the `mandatory:"false"` tag on input structs. The SDK will omit all optional fields that are nil when making requests. In the case of enum-type fields, the SDK will omit fields whose value is an empty string.

Helper Functions

The SDK uses pointers for primitive types in many input structs. To aid in the construction of such structs, the SDK provides functions that return a pointer for a given value. For example:

// Given the struct
type CreateVcnDetails struct {

	// Example: ``
	CidrBlock *string `mandatory:"true" json:"cidrBlock"`

	CompartmentId *string `mandatory:"true" json:"compartmentId"`

	DisplayName *string `mandatory:"false" json:"displayName"`


// We can use the helper functions to build the struct
details := core.CreateVcnDetails{
	CidrBlock:     common.String(""),
	CompartmentId: common.String("someOcid"),
	DisplayName:   common.String("myVcn"),

Customizing Requests

The SDK exposes functionality that allows the user to customize any http request before is sent to the service.

You can do so by setting the `Interceptor` field in any of the `Client` structs. For example:

client, err := audit.NewAuditClientWithConfigurationProvider(common.DefaultConfigProvider())
if err != nil {

// This will add a header called "X-CustomHeader" to all request
// performed with client
client.Interceptor = func(request *http.Request) error {
	request.Header.Set("X-CustomHeader", "CustomValue")
	return nil

The Interceptor closure gets called before the signing process, thus any changes done to the request will be properly signed and submitted to the service.

Signing Custom Requests

The SDK exposes a stand-alone signer that can be used to signing custom requests. Related code can be found here:

The example below shows how to create a default signer.

client := http.Client{}
var request http.Request
request = ... // some custom request

// Set the Date header
request.Header.Set("Date", time.Now().UTC().Format(http.TimeFormat))

// And a provider of cryptographic keys
provider := common.DefaultConfigProvider()

// Build the signer
signer := common.DefaultSigner(provider)

// Sign the request

// Execute the request

The signer also allows more granular control on the headers used for signing. For example:

client := http.Client{}
var request http.Request
request = ... // some custom request

// Set the Date header
request.Header.Set("Date", time.Now().UTC().Format(http.TimeFormat))

// Mandatory headers to be used in the sign process
defaultGenericHeaders    = []string{"date", "(request-target)", "host"}

// Optional headers
optionalHeaders = []string{"content-length", "content-type", "x-content-sha256"}

// A predicate that specifies when to use the optional signing headers
optionalHeadersPredicate := func (r *http.Request) bool {
	return r.Method == http.MethodPost

// And a provider of cryptographic keys
provider := common.DefaultConfigProvider()

// Build the signer
signer := common.RequestSigner(provider, defaultGenericHeaders, optionalHeaders, optionalHeadersPredicate)

// Sign the request

// Execute the request

You can combine a custom signer with the exposed clients in the SDK. This allows you to add custom signed headers to the request. Following is an example:

//Create a provider of cryptographic keys
provider := common.DefaultConfigProvider()

//Create a client for the service you interested in
c, _ := identity.NewIdentityClientWithConfigurationProvider(provider)

//Define a custom header to be signed, and add it to the list of default headers
customHeader := "opc-my-token"
allHeaders := append(common.DefaultGenericHeaders(), customHeader)

//Overwrite the signer in your client to sign the new slice of headers
c.Signer = common.RequestSigner(provider, allHeaders, common.DefaultBodyHeaders())

//Set the value of the header. This can be done with an Interceptor
c.Interceptor = func(request *http.Request) error {
	request.Header.Add(customHeader, "customvalue")
	return nil

//Execute your operation as before

Bear in mind that some services have a white list of headers that it expects to be signed. Therefore, adding an arbitrary header can result in authentications errors. To see a runnable example, see

For more information on the signing algorithm refer to:

Polymorphic JSON Requests and Responses

Some operations accept or return polymorphic JSON objects. The SDK models such objects as interfaces. Further the SDK provides structs that implement such interfaces. Thus, for all operations that expect interfaces as input, pass the struct in the SDK that satisfies such interface. For example:

c, err := identity.NewIdentityClientWithConfigurationProvider(common.DefaultConfigProvider())
if err != nil {

// The CreateIdentityProviderRequest takes a CreateIdentityProviderDetails interface as input
rCreate := identity.CreateIdentityProviderRequest{}

// The CreateSaml2IdentityProviderDetails struct implements the CreateIdentityProviderDetails interface
details := identity.CreateSaml2IdentityProviderDetails{}
details.CompartmentId = common.String(getTenancyID())
details.Name = common.String("someName")
//... more setup if needed
// Use the above struct
rCreate.CreateIdentityProviderDetails = details

// Make the call
rspCreate, createErr := c.CreateIdentityProvider(context.Background(), rCreate)

In the case of a polymorphic response you can type assert the interface to the expected type. For example:

rRead := identity.GetIdentityProviderRequest{}
rRead.IdentityProviderId = common.String("aValidId")
response, err := c.GetIdentityProvider(context.Background(), rRead)

provider := response.IdentityProvider.(identity.Saml2IdentityProvider)

An example of polymorphic JSON request handling can be found here:


When calling a list operation, the operation will retrieve a page of results. To retrieve more data, call the list operation again, passing in the value of the most recent response's OpcNextPage as the value of Page in the next list operation call. When there is no more data the OpcNextPage field will be nil. An example of pagination using this logic can be found here:

Logging and Debugging

The SDK has a built-in logging mechanism used internally. The internal logging logic is used to record the raw http requests, responses and potential errors when (un)marshalling request and responses.

Built-in logging in the SDK is controlled via the environment variable "OCI_GO_SDK_DEBUG" and its contents. The below are possible values for the "OCI_GO_SDK_DEBUG" variable

1. "info" or "i" enables all info logging messages

2. "debug" or "d" enables all debug and info logging messages

3. "verbose" or "v" or "1" enables all verbose, debug and info logging messages

4. "null" turns all logging messages off.

If the value of the environment variable does not match any of the above then default logging level is "info". If the environment variable is not present then no logging messages are emitted.

The default destination for logging is Stderr and if you want to output log to a file you can set via environment variable "OCI_GO_SDK_LOG_OUTPUT_MODE". The below are possible values

1. "file" or "f" enables all logging output saved to file

2. "combine" or "c" enables all logging output to both stderr and file

If the value does not match any of the above or does not exist then default logging output will be set to Stderr

You can also customize the log file location and name via "OCI_GO_SDK_LOG_FILE" environment variable, the value should be the path to a specific file If this environment variable is not present, the default location will be the project root path


Sometimes you may need to wait until an attribute of a resource, such as an instance or a VCN, reaches a certain state. An example of this would be launching an instance and then waiting for the instance to become available, or waiting until a subnet in a VCN has been terminated. You might also want to retry the same operation again if there's network issue etc... This can be accomplished by using the RequestMetadata.RetryPolicy. You can find the examples here:

Using the SDK with a Proxy Server

The GO SDK uses the net/http package to make calls to OCI services. If your environment requires you to use a proxy server for outgoing HTTP requests then you can set this up in the following ways:

1. Configuring environment variable as described here 2. Modifying the underlying Transport struct for a service client

In order to modify the underlying Transport struct in HttpClient, you can do something similar to (sample code for audit service client):

// create audit service client
client, clerr := audit.NewAuditClientWithConfigurationProvider(common.DefaultConfigProvider())

// create a proxy url
proxyURL, err := url.Parse("http(s)://[username]:[password]@[ip address]:[port]")

client.HTTPClient = &http.Client{
	// adding the proxy settings to the http.Transport
	Transport: &http.Transport{
		Proxy: http.ProxyURL(proxyURL),

Uploading Large Objects

The Object Storage service supports multipart uploads to make large object uploads easier by splitting the large object into parts. The Go SDK supports raw multipart upload operations for advanced use cases, as well as a higher level upload class that uses the multipart upload APIs. For links to the APIs used for multipart upload operations, see Managing Multipart Uploads ( Higher level multipart uploads are implemented using the UploadManager, which will: split a large object into parts for you, upload the parts in parallel, and then recombine and commit the parts as a single object in storage.

This code sample shows how to use the UploadManager to automatically split an object into parts for upload to simplify interaction with the Object Storage service:

Forward Compatibility

Some response fields are enum-typed. In the future, individual services may return values not covered by existing enums for that field. To address this possibility, every enum-type response field is a modeled as a type that supports any string. Thus if a service returns a value that is not recognized by your version of the SDK, then the response field will be set to this value.

When individual services return a polymorphic JSON response not available as a concrete struct, the SDK will return an implementation that only satisfies the interface modeling the polymorphic JSON response.

New Region Support

If you are using a version of the SDK released prior to the announcement of a new region, you may need to use a workaround to reach it, depending on whether the region is in the realm.

A region is a localized geographic area. For more information on regions and how to identify them, see Regions and Availability Domains(

A realm is a set of regions that share entities. You can identify your realm by looking at the domain name at the end of the network address. For example, the realm for is Realm: For regions in the realm, even if common.Region does not contain the new region, the forward compatibility of the SDK can automatically handle it. You can pass new region names just as you would pass ones that are already defined. For more information on passing region names in the configuration, see Configuring ( For details on common.Region, see (

Other Realms: For regions in realms other than, you can use the following workarounds to reach new regions with earlier versions of the SDK.

NOTE: Be sure to supply the appropriate endpoints for your region.

You can overwrite the target host with client.Host:

client.Host = ''

If you are authenticating via instance principals, you can set the authentication endpoint in an environment variable:



Got a fix for a bug, or a new feature you'd like to contribute? The SDK is open source and accepting pull requests on GitHub


Licensing information available at:


To be notified when a new version of the Go SDK is released, subscribe to the following feed:

Questions or Feedback

Please refer to this link:

Source Files


Path Synopsis
Package common provides supporting functions and structs used by service packages
Package common provides supporting functions and structs used by service packages
Package auth provides supporting functions and structs for authentication
Package auth provides supporting functions and structs for authentication
Package transfer simplifies interaction with the Object Storage service by abstracting away the method used to upload objects.
Package transfer simplifies interaction with the Object Storage service by abstracting away the method used to upload objects.