foundry-fn-python
is a community-driven, open source project designed to enable the authoring of functions.
While not a formal CrowdStrike product, foundry-fn-python
is maintained by CrowdStrike and supported in partnership
with the open source developer community.
The SDK can be installed or updated via pip install
:
python3 -m pip install crowdstrike-foundry-function
Add the SDK to your project by following the installation instructions above,
then create your handler.py
:
import logging
from crowdstrike.foundry.function import (
APIError,
Request,
Response,
Function,
)
func = Function.instance() # *** (1) ***
@func.handler(method='POST', path='/create') # *** (2) ***
def on_create(request: Request, config: [dict[str, any], None],
logger: logging.Logger) -> Response: # *** (3), (4), (5) ***
if len(request.body) == 0:
return Response(
code=400,
errors=[APIError(code=400, message='empty body')]
)
#####
# do something useful
#####
return Response( # *** (6) ***
body={'hello': 'world'},
code=200,
)
@func.handler(method='PUT', path='/update')
def on_update(request: Request) -> Response: # *** (7) ***
# do stuff
return Response(
# ...snip...
)
@func.handler(method='DELETE', path='/foo')
def on_delete(request: Request, config: [dict[str, any], None]) -> Response: # *** (8) ***
# do stuff
return Response(
# ...snip...
)
if __name__ == '__main__':
func.run() # *** (9) ***
Function
: TheFunction
class wraps the Foundry Function implementation. EachFunction
instance consists of a number of handlers, with each handler corresponding to an endpoint. Only oneFunction
should exist per Python implementation. MultipleFunction
s will result in undefined behavior.@func.handler
: The handler decorator defines a Python function/method as an endpoint. At a minimum, thehandler
must have amethod
and apath
. Themethod
must be one ofDELETE
,GET
,PATCH
,POST
, andPUT
. Thepath
corresponds to theurl
field in the request. The SDK will provide any loaded configuration as an argument.- Methods decorated with
@handler
must take arguments in the order ofRequest
anddict|None
(i.e. the request and either the configuration or nothing; see example above), and must return aResponse
. request
: Request payload and metadata. At the time of this writing, theRequest
object consists of:body
: The request payload as given in the Function Gatewaybody
payload field. Will be deserialized as adict[str, Any]
.params
: Contains request headers and query parameters.url
: The request path relative to the function as a string.method
: The request HTTP method or verb.access_token
: Caller-supplied access token.
logger
: Unless there is specific reason not to, the function author should use theLogger
provided to the function. When deployed, the suppliedLogger
will be formatted in a custom manner and will have fields injected to assist with working against our internal logging infrastructure. Failure to use the providedLogger
can thus make triage more difficult.- Return from a
@handler
function: Returns aResponse
object. TheResponse
object contains fieldsbody
(payload of the response as adict
),code
(anint
representing an HTTP status code),errors
(a list of anyAPIError
s), andheader
(adict[str, list[str]]
of any special HTTP headers which should be present on the response). If nocode
is provided but a list oferrors
is, thecode
will be derived from the greatest positive valid HTTP code present on the givenAPIError
s. on_update(request: Request)
: If only one argument is provided, only aRequest
will be provided.on_delete(request: Request, config: [dict[str, any], None])
: If two arguments are provided, aRequest
and config will be provided.func.run()
: Runner method and general starting point of execution. Callingrun()
causes theFunction
to finish initializing and start executing. Any code declared following this method may not necessarily be executed. As such, it is recommended to place this as the last line of your script.
The SDK provides an out-of-the-box runtime for executing the function. A basic HTTP server will be listening on port 8081.
cd my-project && python3 main.py
Requests can now be made against the executable.
curl -X POST 'http://localhost:8081' \
-H 'Content-Type: application/json' \
--data '{
"body": {
"foo": "bar"
},
"method": "POST",
"url": "/create"
}'
Function authors should import falconpy
explicitly as a requirement in their project when needed.
Important: Create a new instance of each falconpy
client you want on each request.
# omitting other imports
from falconpy.alerts import Alerts
from crowdstrike.foundry.function import cloud, Function
func = Function.instance()
@func.handler(...)
def endpoint(request, config):
# ... omitting other code ...
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# !!! create a new client instance on each request !!!
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
falconpy_alerts = Alerts(access_token=request.access_token, base_url=cloud())
# ... omitting other code ...