Features
During automatic O&M, you need to pay special attention to some operations, such as deleting important resources or purchasing instances with high costs. If these operations are performed automatically, you may lose control and exceed the budget. However, if these operations are performed automatically, you need to perform them manually or in some other non-automatic ways. In this case, you can use the ACS::Approve action to strike a balance between automatic execution and operations that need special attention.
When executing an ACS::Approve action in a template, the Operation Orchestration Service (OOS) execution engine suspends the execution of the subsequent operations, sets the execution status to Waiting, and sends a notification. After receiving the notification, you can determine whether to approve or reject the operation based on the business requirements. If the operation is approved, the OOS engine continues to perform the subsequent operations. If the operation is rejected, the OOS engine stops the execution, and sets the execution status to Cancelled.
Syntax
Webhook
You can configure webhooks to send notifications to clients, such as DingTalk.
YAML format
Tasks:
- Name: approvalTask
Action: ACS::Approve
Properties:
NotifyType: WebHook
AppendExecutionLink: 'true' # Append execution link or not . ACS::Approve default option is true.
WebHook:
URI: url # Required. The webhook URL, such as https://oapi.dingtalk.com/robot/send?access_token=xxxxxx.
Headers: # Optional. The headers of the Hypertext Transfer Protocol (HTTP) request, such as Content-Type.
Content-Type: 'application/json; charset=utf-8'
Content: # Required. This attribute is set based on the specific requirements of webhooks. For more information about the content of the DingTalk webhook, see https://open-doc.dingtalk.com/docs/doc.htm?treeId=257&articleId=105735&docType=1.
msgtype: text
text:
content: 'the approve notify to user' # Required,the notice content to send with approve link.
at: # in dingtalk group @ user when approval notice sent.
atMobiles: # Optional, @ specified user in dingtalk group,the phone number is account specified user signed in with.
- 138albb1234
- 130albb1234
isAtAll: 'false' # Optional, @ all users in dingtalk group or not, "true" or "false" optional.JSON format (For more information, see the parameter description for the YAML format.)
{
"Tasks": [
{
"Name": "approvalTask",
"Action": "ACS::Approve",
"Properties": {
"NotifyType": "WebHook",
"AppendExecutionLink": "true",
"WebHook": {
"URI": "url",
"Headers": {
"Content-Type": "application/json; charset=utf-8"
},
"Content": {
"msgtype": "text",
"text": {
"content": "the approve notify to user"
},
"at": {
"atMobiles": [
"138albb1234",
"130albb1234"
],
"isAtAll": "false"
}
}
}
}
}
]
}Example
The following template is used to delete an ECS after approval:
YAML format
FormatVersion: OOS-2019-06-01
Description:
en: Bulky restarts the ECS instances with Approval.
name-en: BulkyRebootInstancesWithApproval
Parameters:
targets:
Type: Json
AssociationProperty: Targets
AssociationPropertyMetadata:
ResourceType: 'ALIYUN::ECS::Instance'
rateControl:
Description:
en: Concurrency ratio of task execution.
Type: Json
AssociationProperty: RateControl
Default:
Mode: Concurrency
MaxErrors: 0
Concurrency: 100%
webHookUrl:
Description:
en: 'The webHook url of dingtalk group assistant, e.g.https://oapi.dingtalk.com/robot/send?access_token=1234zxcvaksdq31414.'
Type: String
atMobiles:
Description:
en: 'The telephone numbers of member in dingtalk group assistant @, when notify comes.'
Type: List
Default:
- '12345678901'
atAll:
Description:
en: 'assistant @ all members in dingtalk group or not, when notify comes.'
Type: String
Default: 'false'
OOSAssumeRole:
Description:
en: The RAM role to be assumed by OOS.
Type: String
Default: OOSServiceRole
RamRole: '{{ OOSAssumeRole }}'
Tasks:
- Name: getInstance
Description:
en: Views the ECS instances.
Action: 'ACS::SelectTargets'
Properties:
ResourceType: 'ALIYUN::ECS::Instance'
Filters:
- '{{ targets }}'
Outputs:
instanceIds:
Type: List
ValueSelector: 'Instances.Instance[].InstanceId'
instanceNames:
Type: List
ValueSelector: 'Instances.Instance[].InstanceName'
- Name: approveRestart
Action: 'ACS::Approve'
Properties:
NotifyType: WebHook
WebHook:
URI: '{{webhookUrl}}'
Headers:
Content-Type: application/json
Content:
msgtype: text
text:
content: 'Notify: please approve instances restart, instance names to approve are {{getInstance.instanceNames}}, sent by {{ACS::RegionId}} oos {{ACS::ExecutionId}}.'
at:
atMobiles: '{{atMobiles}}'
isAtAll: '{{atAll}}'
- Name: rebootInstance
Action: 'ACS::ECS::RebootInstance'
Description:
en: Restarts the ECS instances.
Properties:
instanceId: '{{ ACS::TaskLoopItem }}'
Loop:
RateControl: '{{ rateControl }}'
Items: '{{ getInstance.instanceIds }}'
Outputs:
instanceIds:
Type: List
Value: '{{ getInstance.instanceIds }}'JSON format
{
"FormatVersion": "OOS-2019-06-01",
"Description": {
"en": "Bulky restarts the ECS instances with Approval.",
"name-en": "BulkyRebootInstancesWithApproval"
},
"Parameters": {
"targets": {
"Type": "Json",
"AssociationProperty": "Targets",
"AssociationPropertyMetadata": {
"ResourceType": "ALIYUN::ECS::Instance"
}
},
"rateControl": {
"Description": {
"en": "Concurrency ratio of task execution."
},
"Type": "Json",
"AssociationProperty": "RateControl",
"Default": {
"Mode": "Concurrency",
"MaxErrors": 0,
"Concurrency": "100%"
}
},
"webHookUrl": {
"Description": {
"en": "The webHook url of dingtalk group assistant, e.g.https://oapi.dingtalk.com/robot/send?access_token=1234zxcvaksdq31414."
},
"Type": "String"
},
"atMobiles": {
"Description": {
"en": "The telephone numbers of member in dingtalk group assistant @, when notify comes."
},
"Type": "List",
"Default": [
"12345678901"
]
},
"atAll": {
"Description": {
"en": "assistant @ all members in dingtalk group or not, when notify comes."
},
"Type": "String",
"Default": "false"
},
"OOSAssumeRole": {
"Description": {
"en": "The RAM role to be assumed by OOS."
},
"Type": "String",
"Default": "OOSServiceRole"
}
},
"RamRole": "{{ OOSAssumeRole }}",
"Tasks": [
{
"Name": "getInstance",
"Description": {
"en": "Views the ECS instances."
},
"Action": "ACS::SelectTargets",
"Properties": {
"ResourceType": "ALIYUN::ECS::Instance",
"Filters": [
"{{ targets }}"
]
},
"Outputs": {
"instanceIds": {
"Type": "List",
"ValueSelector": "Instances.Instance[].InstanceId"
},
"instanceNames": {
"Type": "List",
"ValueSelector": "Instances.Instance[].InstanceName"
}
}
},
{
"Name": "approveRestart",
"Action": "ACS::Approve",
"Properties": {
"NotifyType": "WebHook",
"WebHook": {
"URI": "{{webhookUrl}}",
"Headers": {
"Content-Type": "application/json"
},
"Content": {
"msgtype": "text",
"text": {
"content": "Notify: please approve instances restart, instance names to approve are {{getInstance.instanceNames}}, sent by {{ACS::RegionId}} oos {{ACS::ExecutionId}}."
},
"at": {
"atMobiles": "{{atMobiles}}",
"isAtAll": "{{atAll}}"
}
}
}
}
},
{
"Name": "rebootInstance",
"Action": "ACS::ECS::RebootInstance",
"Description": {
"en": "Restarts the ECS instances."
},
"Properties": {
"instanceId": "{{ ACS::TaskLoopItem }}"
},
"Loop": {
"RateControl": "{{ rateControl }}",
"Items": "{{ getInstance.instanceIds }}"
}
}
],
"Outputs": {
"instanceIds": {
"Type": "List",
"Value": "{{ getInstance.instanceIds }}"
}
}
}