Updated on 2024-12-12 GMT+08:00

Create a private provider

Function

CreatePrivateProvider

Create an empty private provider. If the user provides both provider_version and function_graph_urn, upon creating a private provider, a corresponding private provider version is also created within the private provider.

  • Private providers allow users to register customized providers into RFS for their own use only.

  • If the private provider with the same name already exists, 409 is returned.

  • The provider_version must follow the Semantic Version and is customized by the user.

  • In this API, provider_version and function_graph_urn must be provided together. If only one of the parameters is provided, 400 is returned.

  • RFS only performs a shallow validation on function_graph_urn, verifying compliance with regular rules and presence within valid region. However, no comprehensive validations are performed, including validation of user permissions or existence, etc.

  • This API returns the provider_source field, formatted as "huawei.com/private-provider/{provider_name}". For more details on the use of provider_name and provider_source in templates, see the description below.

  • If the user wants to use a provider whose name does not contain uppercase English character, the provider_source field can be specified as the source parameter in required_providers defined in the template as shown below.

  • If the user wants to use a provider whose name contains uppercase English character, the provider_name needs to be completely converted into lowercase English. At the same time, users can either use the provider_source parameter returned by the API in the template, or use "huawei.com/private-provider" as the fixed prefix in the template, and construct the provider_source parameter according to the original provider_name in uppercase English.

    Taking HCL template as an example, the syntax for using a private provider in the template is as follows:

Provider "{provider_name}" {
  source = "{provider_source}"
  version = "{provider_version}"
}

Taking JSON template as an example, the syntax for using a private provider in the template is as follows:

{
  "terraform":{
    "required_providers":[
      {
        "{provider_name}":{
          "source":"{provider_source}",
          "version":"{provider_version}"
        }
      }
    ]
  }
}

When RFS supports users to use the HTTP function in FunctionGraph (hereinafter referred to as FG) to run private providers, we establish a set of detailed integration guidelines to ensure successful interaction between RFS and private providers.

About the use of FG's HTTP functions, please refer to the official website documentation: https://support.huaweicloud.com/productdesc-functiongraph/functiongraph_02_1002.html.

Users need to implement a set of corresponding methods in the HTTP function, according to the following rules:

  1. Users are required to initiate an HTTP Server in FG, intended to accept HTTP requests from RFS. The request path is fixed to "/provider" with "POST" request method. RFS defines the format of the HTTP request body as follows:

    { "method_name": String, "request_data": String, "context":{ "session_id": String, "config_data": String } }

    The HTTP function of FG provided by users should be able to receive the above request. Otherwise, it fails to invoke the private provider.

  2. The following is a detailed explanation of how to use the parameters in the request body to achieve successful interaction between FG and RFS:

    "method_name": RFS expects the gRPC method name invoked in FG's HTTP function. In the request body, RFS selects one of the following methods for delivery each time according to the actual business scene. Each method name needs to correspond one-to-one with the native gRPC method in the provider. After receiving a request with one certain method name, FG's HTTP function should call the corresponding private provider's native gRPC method to implement the processing logic for resources.

    Please refer to the native gRPC protocol provided in the provider: tfplugin5.proto and grpc_controller.proto. The list of method name is as follows:

    tfplugin5.proto: 
      "/tfplugin5.Provider/GetSchema"
      "/tfplugin5.Provider/PrepareProviderConfig"
      "/tfplugin5.Provider/ValidateResourceTypeConfig"
      "/tfplugin5.Provider/ValidateDataSourceConfig"
      "/tfplugin5.Provider/UpgradeResourceState"
      "/tfplugin5.Provider/Configure"
      "/tfplugin5.Provider/ReadResource"
      "/tfplugin5.Provider/PlanResourceChange"
      "/tfplugin5.Provider/ApplyResourceChange"
      "/tfplugin5.Provider/ImportResourceState"
      "/tfplugin5.Provider/ReadDataSource"
      "/tfplugin5.Provider/Stop"
    grpc_controller.proto: 
      "/plugin.GRPCController/Shutdown"

    "request_data": The request data of each method in the HTTP function passed by RFS to FG. In each method, the request_data needs to be decoded using base64 first, and then passed in as the input of the private provider's gRPC method.

    "config_data": Used for initialization before provider handles actual requests. If the config_data in the context is not empty, FG's HTTP function needs to first invoke the /tfplugin5.Provider/Configure method with config_data as input for initialization, and then invoke the corresponding method according to method_name to get the response.

    "session_id": Indicates whether the request comes from the same batch of tasks in the same template.The same session_id means that the request comes from the same batch of orchestration tasks in the same template.

    Note: The same provider process started by users cannot accept multiple requests from RFS. RFS recommends that users start a new process to handle related requests every time.

  3. The request response implemented in FG's HTTP function should be returned in a fixed format. The format of the response body is as follows. The successful response code is fixed at 200. Any other response codes are regarded as failed requests and cause the deployment failure.

    { "response_data": String, "error": String }

    "response_data": The response data returned by invoking the gRPC method of the private provider. In FG's HTTP function, the response returned by the gRPC method needs to be base64 encoded and returned.

    "error": Error message returned by invoking gRPC method.

**Constraints and Limitations: **

  1. The private provider is defined and provided to RFS by the users. RFS does not verify its internal logic.

  2. RFS does not manage the lifecycle of private providers. If a stack deployment encounters issues due to the absence or malfunction of a private provider, RFS does not provide a resolution.

  3. RFS does not ensure the information security of private providers. If a stack deployed using a private provider contains sensitive data in the template and results in leakage to third-party resources, RFS does not take any responsibilities.

  4. Network factors are taken into account during the invocation of private providers, increasing the probability of deployment failure for private providers. If deployment fails due to network issues, users can implement retry operations.

  5. RFS synchronously calls a set of methods defined in FG by users. Each method needs to complete execution within 30 seconds to minimize failure probability.

  6. Only fixed private provider versions in templates are supported, and the expressions of loose versions such as >, >=, <, <=, ~> are not supported.

URI

POST /v1/private-providers

Request Parameters

Table 1 Request header parameters

Parameter

Mandatory

Type

Description

Client-Request-Id

Yes

String

Unique request ID. It is specified by a user and is used to locate a request. UUID is recommended.

Table 2 Request body parameters

Parameter

Mandatory

Type

Description

provider_name

Yes

String

Private provider name. The name is unique within its domain (domain_id) and region. Only letters, digits, and hyphens (-) are allowed. The name only supports starting and ending with lowercase English and numbers.

Following the HCL best practices, provider name is recommended to be the local name of the private provider defined in the template.

CreatePrivateProvider API also uses "huawei.com/private-provider" as the fixed prefix and returns the provider_source value in the form of "huawei.com/private-provider/{provider_name}". For more details on the use of provider_name and provider_source in templates, see the API description of CreatePrivateProvider API.

provider_description

No

String

Description of a private provider. It can be used by customers to identify their own private providers.

provider_version

No

String

Private provider version. The version number follows the Semantic Version and is customized by the user.

version_description

No

String

The Description of the private provider version. It can be used by users to identify and manage private provider versions. Note: The private provider version is immutable, so the description cannot be updated. If it needs to be updated, please delete private provider version and rebuild it.

function_graph_urn

No

String

Uniform resource identifier for FunctionGraph methods, it can be used to uniquely identify FunctionGraph methods. Only supports the function graph urns in the same region as RFS. If provided in other regions, 400 is returned.

For more detail about this parameter, please refer to the official documentation: https://support.huaweicloud.com/api-functiongraph/functiongraph_06_0102.html

Response Parameters

Status code: 201

Table 3 Response body parameters

Parameter

Type

Description

provider_id

String

Unique ID of a private provider.

It is a UUID generated by RFS when a private provider is created.

Private provider names are unique only at one specific time, so you can create a private provider named helloWorld and another private provider with the same name after deleting the first one.

For parallel development in a team, users may want to ensure that the private provider they operate is the one created by themselves, not the one with the same name created by other teammates after deleting the previous one. Therefore, they can use this ID for strong matching.

RFS ensures that the ID of each private provider is different and does not change with updates. If the provider_id value is different from the current private provider ID, 400 is returned.

provider_source

String

When users use private providers and define required_providers information in the template, they need to specify the source using provider_source value.

Provider source is spliced in the form of "huawei.com/private-provider/{provider_name}". For more details on the use of provider_name and provider_source in templates, see the API description of CreatePrivateProvider.

Status code: 400

Table 4 Response body parameters

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

encoded_authorization_message

String

The message contains information about unauthorized requests.

details

Array of Detail objects

Detailed error messages returned by service when permission is denied.

Table 5 Detail

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

Status code: 401

Table 6 Response body parameters

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

encoded_authorization_message

String

The message contains information about unauthorized requests.

details

Array of Detail objects

Detailed error messages returned by service when permission is denied.

Table 7 Detail

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

Status code: 403

Table 8 Response body parameters

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

encoded_authorization_message

String

The message contains information about unauthorized requests.

details

Array of Detail objects

Detailed error messages returned by service when permission is denied.

Table 9 Detail

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

Status code: 409

Table 10 Response body parameters

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

encoded_authorization_message

String

The message contains information about unauthorized requests.

details

Array of Detail objects

Detailed error messages returned by service when permission is denied.

Table 11 Detail

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

Status code: 429

Table 12 Response body parameters

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

encoded_authorization_message

String

The message contains information about unauthorized requests.

details

Array of Detail objects

Detailed error messages returned by service when permission is denied.

Table 13 Detail

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

Status code: 500

Table 14 Response body parameters

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

encoded_authorization_message

String

The message contains information about unauthorized requests.

details

Array of Detail objects

Detailed error messages returned by service when permission is denied.

Table 15 Detail

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

Example Requests

  • Create a new empty private provider

    POST https://{endpoint}/v1/private-providers
    
    {
      "provider_name" : "my-hello-world-provider-name",
      "provider_description" : "my first private provider"
    }
  • Create a new private provider with provider version

    POST https://{endpoint}/v1/private-providers
    
    {
      "provider_name" : "my-hello-world-provider-name",
      "provider_description" : "my first hello world private provider",
      "provider_version" : "0.0.1",
      "function_graph_urn" : "urn:fss:cn-north-7:a61dfe3154de42829367056598d5040f:function:default:test:latest",
      "version_description" : "my first private provider version"
    }

Example Responses

Status code: 201

Private provider created successfully

{
  "provider_id" : "1b15e005-bdbb-4bd7-8f9a-a09b6774b4b3",
  "provider_source" : "huawei.com/private-provider/my-hello-world-provider-name"
}

Status Codes

Status Code

Description

201

Private provider created successfully

400

Invalid request.

401

Authentication failed.

403

  1. The user does not have the permission to call this API.

  2. The maximum number of private providers has been reached.

409

Creation requests conflict. The private provider with the same name already exists.

429

Too frequent requests.

500

Internal server error.