Python API
The oblako.services package. Each service is the local counterpart of an AWS
service, reached through its normal boto3 client (get_client()) or native
driver (connect()). Oblako is the platform handle that owns them all.
Platform
AI / ML
- class oblako.services.bedrock.BedrockService(host_port=11434, runtime_port=8004, region=None)[source]
Local Amazon Bedrock service powered by Ollama.
- Parameters:
host_port (int)
runtime_port (int)
region (str | None)
- property url: str
Ollama engine URL.
- pull_model(model=None)[source]
Pull a model into the engine (defaults to the small qwen default).
- Parameters:
model (str | None)
- Return type:
None
- class oblako.services.sagemaker.SageMakerService[source]
Wrapper around SageMaker SDK local mode.
SageMaker local mode uses Docker directly (no separate container needed). This class provides helpers for managing training images, checking status, and cleaning up local mode artifacts.
- property client: docker.DockerClient
Return (or lazily create) the Docker client for the configured backend.
- build_image(path, tag)[source]
Build a training/inference Docker image.
- Parameters:
path (str)
tag (str)
- Return type:
str
- list_training_containers()[source]
List running SageMaker local mode containers.
- Return type:
list[dict]
- list_endpoint_containers()[source]
List running SageMaker local endpoint containers.
- Return type:
list[dict]
- image_exists(tag)[source]
Check if a training/inference image exists locally.
- Parameters:
tag (str)
- Return type:
bool
- ensure_notebook_image()[source]
Build oblako’s slim notebook image (JupyterLab + boto3) if it’s absent.
Only builds the bundled image; a custom OBLAKO_NOTEBOOK_IMAGE is left to be pulled by the instance container as usual.
- Return type:
str
- create_domain(name='studio', instance_type='t3.medium', notebook_port=8889)[source]
Create a Studio domain as a CloudFormation stack (S3 + EC2 + EBS).
The notebook instance is a real container (Jupyter image) publishing JupyterLab on
notebook_port. Returns the domain status.- Parameters:
name (str)
instance_type (str)
notebook_port (int)
- Return type:
dict
- domain_status(name='studio')[source]
Return {domain, stack, status, artifactsBucket, instanceId} (status NONE if absent).
- Parameters:
name (str)
- Return type:
dict
- launch_notebook(name='studio', port=8889)[source]
Run JupyterLab inside the domain’s notebook instance (EBS as home, pre-wired).
boto3 in the kernel hits oblako’s services on the host via host.docker.internal — unmodified AWS code runs against oblako.
- Parameters:
name (str)
port (int)
- Return type:
dict
- class oblako.services.mlflow.MlflowService(host_port=5050, s3_endpoint='http://host.docker.internal:9000')[source]
Local MLflow App container, pre-wired to S3Proxy for artifact storage.
- Parameters:
host_port (int)
s3_endpoint (str)
- property tracking_uri: str
Return the direct HTTP URL of the MLflow server (for the web UI).
- property tracking_server_arn: str
Return the SageMaker MLflow tracking-server ARN.
This is the value you pass to
mlflow.set_tracking_uri— exactly like real SageMaker-managed MLflow. Thesagemaker-mlflowplugin resolves it to the server URL (via SAGEMAKER_MLFLOW_CUSTOM_ENDPOINT locally) and SigV4-signs the traffic.
- property custom_endpoint: str
Return the value for SAGEMAKER_MLFLOW_CUSTOM_ENDPOINT.
Tells the sagemaker-mlflow plugin where to send tracking traffic when the URI is an ARN — locally, the MLflow container — so the ARN resolves without a SageMaker control plane.
Storage & databases
- class oblako.services.s3proxy.S3ProxyService(host_port=9000)[source]
S3-compatible object storage service backed by S3Proxy.
- Parameters:
host_port (int)
- property endpoint_url: str
Return the S3Proxy endpoint URL.
- get_client()[source]
Return a boto3 S3 client pointing at this S3Proxy.
S3Proxy does not implement botocore’s default flexible checksums (x-amz-checksum-crc32 over aws-chunked), so keep checksum calculation “when_required” — otherwise uploads fail with 501 NotImplemented. (Real checksum support would mean switching the backend to MinIO.)
- class oblako.services.dynamodb.DynamoDBService(host_port=8001)[source]
DynamoDB Local service backed by the official Amazon Docker image.
- Parameters:
host_port (int)
- property endpoint_url: str
Return the DynamoDB Local endpoint URL.
- get_client(service='dynamodb', **overrides)
boto3 ‘dynamodb’ client pointed at this service’s endpoint.
- Parameters:
service (str)
- class oblako.services.kinesis.KinesisService(host_port=4567, shard_limit=100)[source]
Local Kinesis Data Streams (kinesalite-backed).
- Parameters:
host_port (int)
shard_limit (int)
- property endpoint_url: str
Return the local Kinesis endpoint URL for boto3 clients.
- get_client(service='kinesis', **overrides)
boto3 ‘kinesis’ client pointed at this service’s endpoint.
- Parameters:
service (str)
- class oblako.services.redshift.RedshiftService(host_port=5439, user='oblako', password='oblako', database='oblako', control_port=5500, data_port=8002, region=None)[source]
Local Amazon Redshift, backed by the oblako/redshift image (no proxy).
- Parameters:
host_port (int)
user (str)
password (str)
database (str)
control_port (int)
data_port (int)
region (str | None)
- class oblako.services.rds.RdsService(engine='postgres', host_port=None, user='oblako', password='oblako', database='oblako', control_port=5500, data_port=8006, region=None)[source]
Local Amazon RDS and Aurora service backed by a real PostgreSQL or MySQL engine.
- Parameters:
engine (str)
host_port (int | None)
user (str)
password (str)
database (str)
control_port (int)
data_port (int)
region (str | None)
- seed(instances=None, clusters=None)[source]
Idempotently (re)create RDS instances and Aurora clusters from a spec.
clustersentries may carry an"instances"list of member specs. Each dict is passed through as kwargs tocreate_db_cluster/create_db_instance. Safe to re-run after a moto restart.- Parameters:
instances (list[dict] | None)
clusters (list[dict] | None)
- Return type:
dict
- class oblako.services.iceberg.IcebergCatalogService(host_port=8181, s3_endpoint='http://host.docker.internal:9000', warehouse='s3://oblako-iceberg/')[source]
Local Iceberg REST catalog backed by S3Proxy.
- Parameters:
host_port (int)
s3_endpoint (str)
warehouse (str)
- property endpoint_url: str
REST catalog endpoint that pyiceberg / Spark Iceberg connect to.
Analytics
- class oblako.services.trino.TrinoService(host_port=8485)[source]
Local Trino, pre-wired with the Iceberg connector to oblako’s catalog + S3.
- Parameters:
host_port (int)
- property endpoint_url: str
Trino HTTP endpoint (clients submit SQL via /v1/statement).
- class oblako.services.glue.GlueService[source]
Per-job Glue 5 runner. Submit a PySpark script, get back logs + exit code.
- property client
Return the docker-py client for the configured backend (docker/podman/colima).
- ensure_image()[source]
Pull the Glue 5 image (~5 GB) if it isn’t present locally.
- Return type:
None
- submit_job(script, *, args=None, env=None, timeout=1200)[source]
Run a PySpark script in a Glue 5 container; return
{exit_code, logs}.The script is written to a tempdir mounted at
/scripts/job.py. The container is given creds + endpoints to reach oblako’s S3Proxy and Iceberg REST catalog athost.docker.internal, and an S3A interceptor that strips the one header S3Proxy can’t handle (see_INTERCEPTOR_CLASS).- Parameters:
script (str)
args (list[str] | None)
env (dict[str, str] | None)
timeout (int)
- Return type:
dict
- run_workflow(name, steps, *, timeout=600)[source]
Run a Glue workflow: a sequential pipeline of PySpark job steps.
Each step is
{name, script}. Steps run in order, and a step runs only if every prior step SUCCEEDED — mirroring a Glue CONDITIONAL trigger gated on predecessor success. The first failure stops the pipeline; the rest are marked SKIPPED. Returns{name, status, steps:[{name, status, exitCode, logs}]}.This covers the common sequential-ETL workflow. Full DAGs (parallel branches, crawlers, scheduled/event triggers) aren’t modelled yet.
- Parameters:
name (str)
steps (list[dict])
timeout (int)
- Return type:
dict
Orchestration, compute & management
- class oblako.services.stepfunctions.StepFunctionsService(host_port=8083, lambda_endpoint='http://host.docker.internal:3001')[source]
Step Functions Local service backed by the official Amazon image.
- Parameters:
host_port (int)
lambda_endpoint (str)
- write_mock_config(config)[source]
Write the SFN Local mock configuration to the mounted file (hot-reloaded).
- Parameters:
config (dict)
- Return type:
None
- start()[source]
Seed the mock config from the bundled ML templates, then start the container.
- Return type:
None
- property endpoint_url: str
Return the Step Functions Local endpoint URL.
- create_state_machine(name, definition, role_arn='arn:aws:iam::123456789012:role/DummyRole')[source]
Create a state machine and return its ARN.
- Parameters:
name (str)
definition (dict)
role_arn (str)
- Return type:
str
- execute(state_machine_arn, input_data)[source]
Start an execution and return the execution ARN.
- Parameters:
state_machine_arn (str)
input_data (dict)
- Return type:
str
- get_client(service='stepfunctions', **overrides)
boto3 ‘stepfunctions’ client pointed at this service’s endpoint.
- Parameters:
service (str)
- class oblako.services.awslambda.LambdaService(moto)[source]
AWS Lambda — control plane + invocation via moto + Docker.
- Parameters:
moto (MotoService)
- property endpoint_url: str
Moto serves Lambda at the same endpoint as every other AWS API.
- ensure_exec_role(name='oblako-lambda-exec')[source]
Create (idempotent) and return the ARN of the default Lambda exec role.
- Parameters:
name (str)
- Return type:
str
- ensure_runtime_image(runtime, architecture='x86_64')[source]
Pre-pull the runtime image for a given architecture (linux/amd64 or linux/arm64).
Real AWS Lambda defaults to x86_64. On Apple Silicon, Docker would pull the native arm64 manifest, which breaks layers built with x86_64 wheels (numpy, pandas, etc.). We pull the platform we want explicitly — moto then picks up the local image tag without caring about its arch.
Uses the official AWS Lambda images (Amazon Linux 2023, glibc 2.34) so modern wheels work — matches what MOTO_DOCKER_LAMBDA_IMAGE is set to in the moto container.
- Parameters:
runtime (str)
architecture (str)
- Return type:
None
- wait_ready(timeout=5.0)[source]
Defer readiness to moto.
- Parameters:
timeout (float)
- Return type:
bool
- get_client(service='lambda', **overrides)
boto3 ‘lambda’ client pointed at this service’s endpoint.
- Parameters:
service (str)
- class oblako.services.opensearch.OpenSearchService(host_port=9200)[source]
OpenSearch service for vector search and RAG Knowledge Bases.
- Parameters:
host_port (int)
- property url: str
Return the OpenSearch base URL.
- class oblako.services.cloudformation.CloudFormationService(port=5601, region=None)[source]
Manage the in-process CloudFormation server and hand out boto3 clients.
- Parameters:
port (int)
region (str | None)
- property endpoint_url: str
Return the HTTP endpoint URL for the local CloudFormation server.
- start_server()[source]
Start the CloudFormation server in-process (idempotent). Returns its URL.
- Return type:
str
- class oblako.services.iam.IamService(moto=None)[source]
IAM/STS control plane (moto) plus oblako’s trust + authorization evaluator.
- Parameters:
moto (MotoService | None)
- property endpoint_url: str
Return the moto endpoint that backs the IAM/STS control plane.
- create_user(name)[source]
Create an IAM user and return its description.
- Parameters:
name (str)
- Return type:
dict
- create_role(name, trust_policy)[source]
Create an IAM role with the given trust policy and return its description.
- Parameters:
name (str)
trust_policy (dict)
- Return type:
dict
- create_policy(name, document)[source]
Create a customer-managed policy and return its description.
- Parameters:
name (str)
document (dict)
- Return type:
dict
- attach_role_policy(role_name, policy_arn)[source]
Attach a managed policy to a role.
- Parameters:
role_name (str)
policy_arn (str)
- Return type:
None
- attach_user_policy(user_name, policy_arn)[source]
Attach a managed policy to a user.
- Parameters:
user_name (str)
policy_arn (str)
- Return type:
None
- gather_statements(principal_arn)[source]
Collect all identity-policy statements (managed + inline) for a user/role ARN.
- Parameters:
principal_arn (str)
- Return type:
list
- authorize(principal_arn, action, resource)[source]
Return Allow/Deny/ImplicitDeny for the principal doing action on resource.
- Parameters:
principal_arn (str)
action (str)
resource (str)
- Return type:
str
- assume_role(role_arn, principal_arn, session_name='oblako-session')[source]
Evaluate the role’s trust policy, then sts:AssumeRole if the principal is allowed.
- Parameters:
role_arn (str)
principal_arn (str)
session_name (str)
- Return type:
dict
- get_client(service='iam', **overrides)
boto3 ‘iam’ client pointed at this service’s endpoint.
- Parameters:
service (str)
- class oblako.services.ec2.Ec2Service(moto)[source]
AWS EC2 — moto control plane + container-backed instances.
- Parameters:
moto (MotoService)
- property endpoint_url: str
Moto serves EC2 at the same endpoint as every other AWS API.
- run_instance(image_id='ami-0abcdef1234567890', instance_type='t3.micro', *, backed=True, **kwargs)[source]
Launch one instance: record it in moto, then back it with a container.
Returns the InstanceId.
backed=Falserecords control-plane metadata only (no container) — useful when Docker isn’t available.- Parameters:
image_id (str)
instance_type (str)
backed (bool)
- Return type:
str
- stop_instance(instance_id)[source]
Stop the instance (moto -> stopped; container stopped, EBS volume kept).
- Parameters:
instance_id (str)
- Return type:
None
- start_instance(instance_id)[source]
Start a stopped instance (moto -> running; container started).
- Parameters:
instance_id (str)
- Return type:
None
- terminate_instance(instance_id)[source]
Terminate the instance (moto -> terminated; container + EBS volume removed).
- Parameters:
instance_id (str)
- Return type:
None
- instance_container(instance_id)[source]
Return the backing container (or None if the instance isn’t backed).
- Parameters:
instance_id (str)
- list_instance_containers()[source]
All oblako EC2 instance containers (running or stopped).
- Return type:
list
- stop()[source]
No-op — moto owns the control plane; instances are managed per-id.
- Return type:
None
- wait_ready(timeout=5.0)[source]
Defer readiness to moto.
- Parameters:
timeout (float)
- Return type:
bool
- get_client(service='ec2', **overrides)
boto3 ‘ec2’ client pointed at this service’s endpoint.
- Parameters:
service (str)
- class oblako.services.appconfig.AppConfigService(port=8003)[source]
Local AppConfig + AppConfigData, served by the in-process engine.
- Parameters:
port (int)
- property endpoint_url: str
Endpoint URL boto3 clients connect to.
- start_server()[source]
Start the in-process AppConfig server (idempotent). Returns its URL.
- Return type:
str
- get_client(autostart=True)[source]
boto3
appconfigmanagement client (applications, profiles, versions…).- Parameters:
autostart (bool)
Container backends
The lifecycle layer behind every service: Docker, Apple container, or
Kubernetes (selected with OBLAKO_CONTAINER_BACKEND).
Pluggable container backend so oblako isn’t hard-wired to Docker.
Service (see base.py) drives containers through a ContainerBackend instead
of calling docker-py directly. Docker, Podman, and Colima all speak the Docker
Engine API, so they share DockerBackend — the only difference is which socket
it talks to (honoured via DOCKER_HOST or auto-detected per runtime).
Kubernetes is a genuinely different control plane, so it gets its own backend, as
does Apple’s container (macOS 26+), which has no Docker-API socket.
Select with OBLAKO_CONTAINER_BACKEND = docker (default) | podman | colima |
kubernetes | apple. DOCKER_HOST always wins for the Docker-API runtimes.
- class oblako.services.backends.ContainerBackend[source]
Minimal container lifecycle interface a Service needs.
- ensure_image(image)[source]
Pull the image if it is not present locally.
- Parameters:
image (str)
- Return type:
None
- build_image(image, context_dir)[source]
Build an oblako-owned image from a Dockerfile context.
- Parameters:
image (str)
context_dir (str)
- Return type:
None
- run(*, name, image, ports, environment, volumes, extra_hosts, command, working_dir, user)[source]
Create and start a detached container with the given spec.
- Return type:
None
- status(name)[source]
Return RUNNING, STOPPED, or ABSENT for the named container.
- Parameters:
name (str)
- Return type:
str
- remove(name)[source]
Force-remove the container if present.
- Parameters:
name (str)
- Return type:
None
- class oblako.services.backends.DockerBackend(base_url=None)[source]
Docker Engine API backend — also serves Podman and Colima via their sockets.
- Parameters:
base_url (str | None)
- property client
Lazily create the docker-py client, honouring DOCKER_HOST or the active context.
- ensure_image(image)[source]
Pull the image if it is not already present.
- Parameters:
image (str)
- Return type:
None
- build_image(image, context_dir)[source]
Build an image from a Dockerfile context (skips if already present).
- Parameters:
image (str)
context_dir (str)
- Return type:
None
- run(*, name, image, ports, environment, volumes, extra_hosts, command, working_dir, user)[source]
Create and start a detached container.
- Return type:
None
- status(name)[source]
Return RUNNING/STOPPED/ABSENT for the container.
- Parameters:
name (str)
- Return type:
str
- remove(name)[source]
Force-remove the container if present.
- Parameters:
name (str)
- Return type:
None
- class oblako.services.backends.KubernetesBackend(namespace=None, kubectl='kubectl')[source]
Run oblako services as Kubernetes workloads (e.g. on minikube), via kubectl.
Each Service maps to a Deployment + Service;
kubectl port-forwardbinds localhost:host_port to the in-cluster Service so oblako’s boto3 clients work unchanged. Port-forwards live as long as the oblako process — after a restart, re-run start (or restart) on a service to re-establish them.- Parameters:
namespace (str | None)
kubectl (str)
- ensure_image(image)[source]
No image pre-pull: the cluster pulls it (use minikube image load for local images).
- Parameters:
image (str)
- Return type:
None
- run(*, name, image, ports, environment, volumes, extra_hosts, command, working_dir, user)[source]
Apply a Deployment + Service, wait for it, and port-forward each port.
- Return type:
None
- status(name)[source]
Return RUNNING/STOPPED/ABSENT from the deployment’s ready replicas.
- Parameters:
name (str)
- Return type:
str
- remove(name)[source]
Delete the Deployment + Service and stop its port-forwards.
- Parameters:
name (str)
- Return type:
None
- class oblako.services.backends.AppleContainerBackend[source]
Apple container backend (macOS 26+): Linux containers in lightweight VMs.
Shells out to the container CLI (there is no Python SDK). Each container runs in its own VM with an IP on a vmnet subnet, but -p host:container publishes to localhost exactly like Docker — so oblako’s fixed-endpoint contract holds unchanged. Two adaptations vs Docker: named volumes are mapped to host dirs (the CLI bind-mounts host paths), and since there is no host.docker.internal / –add-host, env values referencing it are rewritten to the vmnet gateway.
- ensure_image(image)[source]
Pre-pull the image (best effort; container run also auto-pulls).
- Parameters:
image (str)
- Return type:
None
- build_image(image, context_dir)[source]
Build an image from a Dockerfile context via container build.
- Parameters:
image (str)
context_dir (str)
- Return type:
None
- run(*, name, image, ports, environment, volumes, extra_hosts, command, working_dir, user)[source]
Create and start a detached container via container run.
- Return type:
None
- status(name)[source]
Return RUNNING/STOPPED/ABSENT from container ls –format json.
- Parameters:
name (str)
- Return type:
str
- remove(name)[source]
Force-remove the container if present.
- Parameters:
name (str)
- Return type:
None