The ACS::Approve action is used to approve tasks.
Description
During automatic O&M, some operations must be performed with caution, such as deleting important resources or purchasing instances with high costs. If these operations are performed automatically, you may lose control on your resources, or the budget threshold may be exceeded. However, if you do not automate these operations, you need to perform them manually or in other non-automated ways. The ACS::Approve action helps you find a balance between automatic execution and operations that need special attention.
When an ACS::Approve action is performed in a template, the CloudOps Orchestration Service (OOS) execution engine suspends the execution of subsequent operations, sets the state of the execution to Waiting, and then sends a notification to administrators. After you receive the notification as an administrator, you can determine whether to approve or reject the operation based on your business requirements. If the operation is approved, the OOS execution engine continues to perform subsequent operations. If the operation is rejected, the OOS execution engine stops the execution and sets the state of the execution to Canceled.
Webhook syntax
You can configure webhooks to send notifications to clients, such as DingTalk.
YAML format
Tasks:
- Name: approvalTask
Action: ACS::Approve
Properties:
AppendExecutionLink: 'true' # Specifies whether to append execution links. Valid values: true and false. Default value: true.
Approvers: ["user1", "user2", "user3"] # The names of the Resource Access Management (RAM) users that act as approvers.
MinRequiredApprovals: 2 # The minimum number of approvers that are required to approve the task.
NotifyType: WebHook
WebHook:
URI: url # Required. The webhook URL. Example: https://oapi.dingtalk.com/robot/send?access_token=xxxxxx.
Headers: # Optional. The headers of the HTTP request. Example: Content-Type.
Content-Type: 'application/json; charset=utf-8'
Content: # Required. The content of the webhook notification. Set the value based on the requirements for the webhook. For information about the content of the DingTalk webhook, visit https://open-doc.dingtalk.com/docs/doc.htm?treeId=257&articleId=105735&docType=1.
msgtype: text
text:
content: 'the approve notify to user' # Required. The content of the approval notification.
at: # The users that are @ in the DingTalk group.
atMobiles: # Optional. The users that are @ in the DingTalk group. Specify the users by using the mobile numbers that they use to create their DingTalk accounts.
- 138albb1234
- 130albb1234
isAtAll: 'false' # Optional. Specifies whether to @ all users in the DingTalk group. Valid values: true and false. Default value: false.JSON format (For more information, see the attribute descriptions for the YAML format.)
{
"Tasks": [
{
"Name": "approvalTask",
"Action": "ACS::Approve",
"Properties": {
"AppendExecutionLink": "true",
"Approvers": [
"user1",
"user2",
"user3"
],
"MinRequiredApprovals": 2,
"NotifyType": "WebHook",
"WebHook": {
"URI": "url",
"Headers": {
"Content-Type": "application/json; charset=utf-8"
},
"Content": {
"msgtype": "text",
"text": {
"content": "the approve notify to user"
},
"at": {
"atMobiles": [
"138albb1234",
"130albb1234"
],
"isAtAll": "false"
}
}
}
}
}
]
}Webhook examples
The following templates are used to delete an Elastic Compute Service (ECS) instance after approval.
YAML format
---
FormatVersion: OOS-2019-06-01
Description:
en: Bulky restarts the ECS instances with Approval.
name-en: BulkyRebootInstancesWithApproval
Parameters:
targets:
Type: Json
AssociationProperty: Targets
AssociationPropertyMetadata:
ResourceType: 'ALIYUN::ECS::Instance'
rateControl:
Description:
en: Concurrency ratio of task execution.
Type: Json
AssociationProperty: RateControl
Default:
Mode: Concurrency
MaxErrors: 0
Concurrency: 100%
webHookUrl:
Description:
en: >-
The webHook url of dingtalk group assistant,
e.g.https://oapi.dingtalk.com/robot/send?access_token=1234zxcvaksdq31414.
zh-cn: >-
Type: String
atMobiles:
Description:
en: >-
The telephone numbers of member in dingtalk group assistant @, when
notify comes.
Type: List
Default:
- '1390000****'
atAll:
Description:
en: 'assistant @ all members in dingtalk group or not, when notify comes.'
Type: String
Default: 'false'
OOSAssumeRole:
Description:
en: The RAM role to be assumed by OOS.
Type: String
Default: OOSServiceRole
RamRole: '{{ OOSAssumeRole }}'
Tasks:
- Name: getInstance
Description:
en: Views the ECS instances.
Action: 'ACS::SelectTargets'
Properties:
ResourceType: 'ALIYUN::ECS::Instance'
Filters:
- '{{ targets }}'
Outputs:
instanceIds:
Type: List
ValueSelector: 'Instances.Instance[].InstanceId'
instanceNames:
Type: List
ValueSelector: 'Instances.Instance[].InstanceName'
- Name: approveRestart
Action: 'ACS::Approve'
Properties:
NotifyType: WebHook
WebHook:
URI: '{{webhookUrl}}'
Headers:
Content-Type: application/json
Content:
msgtype: text
text:
content: >-
Notify: please approve instances restart, instance names to
approve are {{getInstance.instanceNames}}, sent by
{{ACS::RegionId}} oos {{ACS::ExecutionId}}.
at:
atMobiles: '{{atMobiles}}'
isAtAll: '{{atAll}}'
- Name: rebootInstance
Action: 'ACS::ECS::RebootInstance'
Description:
en: Restarts the ECS instances.
Properties:
instanceId: '{{ ACS::TaskLoopItem }}'
Loop:
RateControl: '{{ rateControl }}'
Items: '{{ getInstance.instanceIds }}'
Outputs:
instanceIds:
Type: List
Value: '{{ getInstance.instanceIds }}'JSON format
{
"FormatVersion": "OOS-2019-06-01",
"Description": {
"en": "Bulky restarts the ECS instances with Approval.",
"name-en": "BulkyRebootInstancesWithApproval",
},
"Parameters": {
"targets": {
"Type": "Json",
"AssociationProperty": "Targets",
"AssociationPropertyMetadata": {
"ResourceType": "ALIYUN::ECS::Instance"
}
},
"rateControl": {
"Description": {
"en": "Concurrency ratio of task execution.",
},
"Type": "Json",
"AssociationProperty": "RateControl",
"Default": {
"Mode": "Concurrency",
"MaxErrors": 0,
"Concurrency": "100%"
}
},
"webHookUrl": {
"Description": {
"en": "The webHook url of dingtalk group assistant, e.g.https://oapi.dingtalk.com/robot/send?access_token=1234zxcvaksdq31414.",
},
"Type": "String"
},
"atMobiles": {
"Description": {
"en": "The telephone numbers of member in dingtalk group assistant @, when notify comes.",
},
"Type": "List",
"Default": [
"1390000****"
]
},
"atAll": {
"Description": {
"en": "assistant @ all members in dingtalk group or not, when notify comes.",
},
"Type": "String",
"Default": "false"
},
"OOSAssumeRole": {
"Description": {
"en": "The RAM role to be assumed by OOS.",
},
"Type": "String",
"Default": "OOSServiceRole"
}
},
"RamRole": "{{ OOSAssumeRole }}",
"Tasks": [
{
"Name": "getInstance",
"Description": {
"en": "Views the ECS instances.",
},
"Action": "ACS::SelectTargets",
"Properties": {
"ResourceType": "ALIYUN::ECS::Instance",
"Filters": [
"{{ targets }}"
]
},
"Outputs": {
"instanceIds": {
"Type": "List",
"ValueSelector": "Instances.Instance[].InstanceId"
},
"instanceNames": {
"Type": "List",
"ValueSelector": "Instances.Instance[].InstanceName"
}
}
},
{
"Name": "approveRestart",
"Action": "ACS::Approve",
"Properties": {
"NotifyType": "WebHook",
"WebHook": {
"URI": "{{webhookUrl}}",
"Headers": {
"Content-Type": "application/json"
},
"Content": {
"msgtype": "text",
"text": {
"content": "Notify: please approve instances restart, instance names to approve are {{getInstance.instanceNames}}, sent by {{ACS::RegionId}} oos {{ACS::ExecutionId}}."
},
"at": {
"atMobiles": "{{atMobiles}}",
"isAtAll": "{{atAll}}"
}
}
}
}
},
{
"Name": "rebootInstance",
"Action": "ACS::ECS::RebootInstance",
"Description": {
"en": "Restarts the ECS instances.",
},
"Properties": {
"instanceId": "{{ ACS::TaskLoopItem }}"
},
"Loop": {
"RateControl": "{{ rateControl }}",
"Items": "{{ getInstance.instanceIds }}"
}
}
],
"Outputs": {
"instanceIds": {
"Type": "List",
"Value": "{{ getInstance.instanceIds }}"
}
}
}Mail syntax
YAML format
Tasks:
- Action: ACS::Approve
Name: ApproveByMail
Properties:
NotifyType: Mail
Mail:
Host: SMTPHostAddress # The Simple Mail Transfer Protocol (SMTP) server address. Example: smtp.example1.com.
Port: SMTPPort # The port number of the SMTP server. Example: 465.
Username: sender # The email account that is used to send the notification. Example: usr001@example1.com.
Password: senderPassword # The authorization code of the Internet Message Access Protocol (IMAP) or SMTP service, instead of the password of the email account.
Subject: mailSubject # The subject of the email notification. Example: hello world.
Body: mailBody # The body of the email notification. Example: hello world ! ! !.
From: senderAddress # The email address of the sender. Example: usr001@example1.com.
To: # The email addresses of the recipients. Example: usr1234@example2.com,usr123@example2.com.
- usr123@example2.com
- usr1234@example2.comJSON format (For more information, see the attribute descriptions for the YAML format.)
{
"Tasks": [
{
"Action": "ACS::Approve",
"Name": "ApproveByMail",
"Properties": {
"NotifyType": "Mail",
"Mail": {
"Host": "SMTPHostAddress",
"Port": "SMTPPort",
"Username": "sender",
"Password": "senderPassword",
"Subject": "mailSubject",
"Body": "mailBody",
"From": "senderAddress",
"To": [
"usr123@example2.com,usr1234@example2.com"
]
}
}
}
]
}