foundry-fn-python
is a community-driven, open source project designed to enable the authoring of functions.
While not a formal CrowdStrike product, foundry-fn-python
is maintained by CrowdStrike and supported in partnership
with the open source developer community.
The SDK can be installed or updated via pip install
:
python3 -m pip install crowdstrike-foundry-function
Add the SDK to your project by following the installation instructions above,
then create your handler.py
:
from crowdstrike.foundry.function import (
APIError,
Request,
Response,
Function,
)
func = Function.instance() # *** (1) ***
@func.handler(method='POST', path='/create') # *** (2) ***
def on_create(request: Request, config: [dict[str, any], None]) -> Response: # *** (3), (4) ***
if len(request.body) == 0:
return Response(
code=400,
errors=[APIError(code=400, message='empty body')]
)
#####
# do something useful
#####
return Response( # *** (5) ***
body={'hello': 'world'},
code=200,
)
if __name__ == '__main__':
func.run() # *** (6) ***
Function
: TheFunction
class wraps the Foundry Function implementation. EachFunction
instance consists of a number of handlers, with each handler corresponding to an endpoint. Only oneFunction
should exist per Python implementation. MultipleFunction
s will result in undefined behavior.@func.handler
: The handler decorator defines a Python function/method as an endpoint. At a minimum, thehandler
must have amethod
and apath
. Themethod
must be one ofDELETE
,GET
,PATCH
,POST
, andPUT
. Thepath
corresponds to theurl
field in the request. The SDK will provide any loaded configuration as an argument.- Methods decorated with
@handler
must take arguments in the order ofRequest
anddict|None
(i.e. the request and either the configuration or nothing; see example above), and must return aResponse
. request
: Request payload and metadata. At the time of this writing, theRequest
object consists of:body
: The request payload as given in the Function Gatewaybody
payload field. Will be deserialized as adict[str, Any]
.params
: Contains request headers and query parameters.url
: The request path relative to the function as a string.method
: The request HTTP method or verb.access_token
: Caller-supplied access token.
- Return from a
@handler
function: Returns aResponse
object. TheResponse
object contains fieldsbody
(payload of the response as adict
),code
(anint
representing an HTTP status code),errors
(a list of anyAPIError
s), andheader
(adict[str, list[str]]
of any special HTTP headers which should be present on the response). If nocode
is provided but a list oferrors
is, thecode
will be derived from the greatest positive valid HTTP code present on the givenAPIError
s. func.run()
: Runner method and general starting point of execution. Callingrun()
causes theFunction
to finish initializing and start executing. Any code declared following this method may not necessarily be executed. As such, it is recommended to place this as the last line of your script.
The SDK provides an out-of-the-box runtime for executing the function. A basic HTTP server will be listening on port 8081.
cd my-project && python3 main.py
Requests can now be made against the executable.
curl -X POST 'http://localhost:8081' \
-H 'Content-Type: application/json' \
--data '{
"body": {
"foo": "bar"
},
"method": "POST",
"url": "/create"
}'
Foundry Function Python ships with falconpy pre-integrated and a convenience constructor. While it is not strictly necessary to use the convenience function, it is recommended.
Important: Create a new instance of each falconpy
client you want on each request.
# omitting other imports
from falconpy.alerts import Alerts
from falconpy.event_streams import EventStreams
from crowdstrike.foundry.function import falcon_client, Function
func = Function.instance()
@func.handler(...)
def endpoint(request, config):
# ... omitting other code ...
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# !!! create a new client instance on each request !!!
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
alerts_client = falcon_client(Alerts)
event_streams_client = falcon_client(EventStreams)
# ... omitting other code ...