Task approval actions.
Usage
During automatic O&M, some operations must be performed with caution, such as deleting important resources or purchasing instances with high costs. If these operations are performed automatically, you may lose control on your resources, or the budget threshold may be exceeded. However, if you do not automate these operations, you need to perform them manually or in other non-automated ways. The ACS::Approve action helps you find a balance between automatic execution and operations that need special attention.
When an ACS::Approve action is performed in a template, the Operation Orchestration Service (OOS) execution engine suspends the execution of the subsequent operations, sets the state of the execution to Waiting, and then sends a notification to administrators. After you receive the notification as an administrator, you can determine whether to approve or reject the operation as needed. If the operation is approved, the OOS engine continues to perform the subsequent operations. If the operation is rejected, the OOS engine stops the execution, and sets the state of the execution to Canceled.
Webhook syntax
Support for DingTalk is available via webhooks.
YAML format
Tasks:
- Name: approvalTask
Action: ACS::Approve
Properties:
AppendExecutionLink: 'true' # Specifies whether to append a link to the execution details. Options: true and false. The default value for the ACS::Approve action is true.
Approvers: ["user1", "user2", "user3"] # The names of the RAM users who are approvers.
MinRequiredApprovals: 2 # The minimum number of approvals required.
NotifyType: WebHook
WebHook:
URI: url # Required. The webhook URL. Example: https://oapi.dingtalk.com/robot/send?access_token=xxxxxx
Headers: # Optional. The headers of the HTTP request, such as Content-Type.
Content-Type: 'application/json; charset=utf-8'
Content: # Required. Provide the content based on the specific webhook requirements. For example, the requirements for a DingTalk webhook are described at: https://open-doc.dingtalk.com/docs/doc.htm?treeId=257&articleId=105735&docType=1
msgtype: text
text:
content: 'the approve notify to user' # Required. The content of the approval notification.
at: # The users to at-mention in the DingTalk group.
atMobiles: # Optional. The specified users to at-mention in the group. These are the mobile phone numbers that the users registered with DingTalk.
- 138albb1234
- 130albb1234
isAtAll: 'false' # Optional. Specifies whether to at-mention all users. Options: true or false. Default: false.JSON format (For more information, see the comments in the YAML format.)
{
"Tasks": [
{
"Name": "approvalTask",
"Action": "ACS::Approve",
"Properties": {
"AppendExecutionLink": "true",
"Approvers": [
"user1",
"user2",
"user3"
],
"MinRequiredApprovals": 2,
"NotifyType": "WebHook",
"WebHook": {
"URI": "url",
"Headers": {
"Content-Type": "application/json; charset=utf-8"
},
"Content": {
"msgtype": "text",
"text": {
"content": "the approve notify to user"
},
"at": {
"atMobiles": [
"138albb1234",
"130albb1234"
],
"isAtAll": "false"
}
}
}
}
}
]
}Webhook example
The following template requires approval to delete an instance.
YAML format
---
FormatVersion: OOS-2019-06-01
Description:
en: Bulky restarts the ECS instances with Approval.
name-en: BulkyRebootInstancesWithApproval
Parameters:
targets:
Type: Json
AssociationProperty: Targets
AssociationPropertyMetadata:
ResourceType: 'ALIYUN::ECS::Instance'
rateControl:
Description:
en: Concurrency ratio of task execution.
Type: Json
AssociationProperty: RateControl
Default:
Mode: Concurrency
MaxErrors: 0
Concurrency: 100%
webHookUrl:
Description:
en: >-
The webHook url of dingtalk group assistant,
e.g.https://oapi.dingtalk.com/robot/send?access_token=1234zxcvaksdq31414.
Type: String
atMobiles:
Description:
en: >-
The telephone numbers of member in dingtalk group assistant @, when
notify comes.
Type: List
Default:
- '1390000****'
atAll:
Description:
en: 'assistant @ all members in dingtalk group or not, when notify comes.'
Type: String
Default: 'false'
OOSAssumeRole:
Description:
en: The RAM role to be assumed by OOS.
Type: String
Default: OOSServiceRole
RamRole: '{{ OOSAssumeRole }}'
Tasks:
- Name: getInstance
Description:
en: Views the ECS instances.
Action: 'ACS::SelectTargets'
Properties:
ResourceType: 'ALIYUN::ECS::Instance'
Filters:
- '{{ targets }}'
Outputs:
instanceIds:
Type: List
ValueSelector: 'Instances.Instance[].InstanceId'
instanceNames:
Type: List
ValueSelector: 'Instances.Instance[].InstanceName'
- Name: approveRestart
Action: 'ACS::Approve'
Properties:
NotifyType: WebHook
WebHook:
URI: '{{webhookUrl}}'
Headers:
Content-Type: application/json
Content:
msgtype: text
text:
content: >-
Notify: please approve instances restart, instance names to
approve are {{getInstance.instanceNames}}, sent by
{{ACS::RegionId}} oos {{ACS::ExecutionId}}.
at:
atMobiles: '{{atMobiles}}'
isAtAll: '{{atAll}}'
- Name: rebootInstance
Action: 'ACS::ECS::RebootInstance'
Description:
en: Restarts the ECS instances.
Properties:
instanceId: '{{ ACS::TaskLoopItem }}'
Loop:
RateControl: '{{ rateControl }}'
Items: '{{ getInstance.instanceIds }}'
Outputs:
instanceIds:
Type: List
Value: '{{ getInstance.instanceIds }}'JSON format
{
"FormatVersion": "OOS-2019-06-01",
"Description": {
"en": "Bulky restarts the ECS instances with Approval.",
"name-en": "BulkyRebootInstancesWithApproval"
},
"Parameters": {
"targets": {
"Type": "Json",
"AssociationProperty": "Targets",
"AssociationPropertyMetadata": {
"ResourceType": "ALIYUN::ECS::Instance"
}
},
"rateControl": {
"Description": {
"en": "Concurrency ratio of task execution."
},
"Type": "Json",
"AssociationProperty": "RateControl",
"Default": {
"Mode": "Concurrency",
"MaxErrors": 0,
"Concurrency": "100%"
}
},
"webHookUrl": {
"Description": {
"en": "The webHook url of dingtalk group assistant, e.g.https://oapi.dingtalk.com/robot/send?access_token=1234zxcvaksdq31414."
},
"Type": "String"
},
"atMobiles": {
"Description": {
"en": "The telephone numbers of member in dingtalk group assistant @, when notify comes."
},
"Type": "List",
"Default": [
"1390000****"
]
},
"atAll": {
"Description": {
"en": "assistant @ all members in dingtalk group or not, when notify comes."
},
"Type": "String",
"Default": "false"
},
"OOSAssumeRole": {
"Description": {
"en": "The RAM role to be assumed by OOS."
},
"Type": "String",
"Default": "OOSServiceRole"
}
},
"RamRole": "{{ OOSAssumeRole }}",
"Tasks": [
{
"Name": "getInstance",
"Description": {
"en": "Views the ECS instances."
},
"Action": "ACS::SelectTargets",
"Properties": {
"ResourceType": "ALIYUN::ECS::Instance",
"Filters": [
"{{ targets }}"
]
},
"Outputs": {
"instanceIds": {
"Type": "List",
"ValueSelector": "Instances.Instance[].InstanceId"
},
"instanceNames": {
"Type": "List",
"ValueSelector": "Instances.Instance[].InstanceName"
}
}
},
{
"Name": "approveRestart",
"Action": "ACS::Approve",
"Properties": {
"NotifyType": "WebHook",
"WebHook": {
"URI": "{{webhookUrl}}",
"Headers": {
"Content-Type": "application/json"
},
"Content": {
"msgtype": "text",
"text": {
"content": "Notify: please approve instances restart, instance names to approve are {{getInstance.instanceNames}}, sent by {{ACS::RegionId}} oos {{ACS::ExecutionId}}."
},
"at": {
"atMobiles": "{{atMobiles}}",
"isAtAll": "{{atAll}}"
}
}
}
}
},
{
"Name": "rebootInstance",
"Action": "ACS::ECS::RebootInstance",
"Description": {
"en": "Restarts the ECS instances."
},
"Properties": {
"instanceId": "{{ ACS::TaskLoopItem }}"
},
"Loop": {
"RateControl": "{{ rateControl }}",
"Items": "{{ getInstance.instanceIds }}"
}
}
],
"Outputs": {
"instanceIds": {
"Type": "List",
"Value": "{{ getInstance.instanceIds }}"
}
}
}Mail syntax
YAML format
Tasks:
- Action: ACS::Approve
Name: ApproveByMail
Properties:
NotifyType: Mail
Mail:
Host: SMTPHostAddress # The host address of the SMTP server, such as smtp.example1.com.
Port: SMTPPort # The port of the SMTP server, such as 465.
Username: sender # The mailbox user for sending emails, such as usr001@example1.com.
Password: senderPassword # The authorization code for the IMAP/SMTP service, not the logon password for the mailbox.
Subject: mailSubject # The email subject, such as hello world.
Body: mailBody # The email body, such as hello world !!!.
From: senderAddress # The sender's email address, such as usr001@example1.com.
To: # A list of recipient email addresses, such as [usr1234@example2.com,usr123@example2.com].
- usr123@example2.com
- usr1234@example2.comJSON format (For more information, see the comments in the YAML format.)
{
"Tasks": [
{
"Action": "ACS::Approve",
"Name": "ApproveByMail",
"Properties": {
"NotifyType": "Mail",
"Mail": {
"Host": "SMTPHostAddress",
"Port": "SMTPPort",
"Username": "sender",
"Password": "senderPassword",
"Subject": "mailSubject",
"Body": "mailBody",
"From": "senderAddress",
"To": [
"usr123@example2.com,usr1234@example2.com"
]
}
}
}
]
}