Updated on 2024-12-12 GMT+08:00

Creating an Execution Plan

Function

CreateExecutionPlan

This API creates an execution plan in a specified stack. An execution plan describes the differences between the resource status recorded in the current stack and the target resource status described in the template. For example, resource A will be generated according to the following configuration file, and resource B will change the following parameters from XXX to YYY.

After an execution plan is created by calling this API, you can query the execution plan status by calling GetExecutionPlanMetadata. Once the execution plan is in an AVAILABLE state, you can call GetExecutionPlan to obtain the execution result.

An execution plan does not support in-depth checks and verification, such as whether the user has the permission to generate or modify resources.

Note:

  • When creating an execution plan, the specified resource stack must exist. If the specified resource stack does not exist, 404 is returned, and the user can create a resource stack by calling the CreateStack API.
  • If the request does not contain template_body or template_uri, 400 is returned.
  • Once a stack is deployed, all execution plans created before this deployment becomes invalid.
  • An execution plan indicates only the resource configurations at the creation time. Once created, it will not automatically update upon your manual changes to the resource status.
  • If the stack is in a DEPLOYMENT_IN_PROGRESS, ROLLBACK_IN_PROGRESS, or DELETION_IN_PROGRESS state, execution plans cannot be created and 403 is returned.

URI

POST /v1/{project_id}/stacks/{stack_name}/execution-plans

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

A project ID is obtained by calling an API or from the console.

Obtaining a Project ID

Minimum: 3

Maximum: 64

stack_name

Yes

String

A stack name is unique within its domain (domain_id), region, and project (project_id). It is case-sensitive and starts with a letter. Only letters, digits, underscores (_), and hyphens (-) are allowed.

Minimum: 1

Maximum: 128

Request Parameters

Table 2 Request header parameters

Parameter

Mandatory

Type

Description

Client-Request-Id

Yes

String

A unique request ID is specified by a user to locate a request. UUID is recommended.

Minimum: 36

Maximum: 128

Table 3 Request body parameters

Parameter

Mandatory

Type

Description

stack_id

No

String

Unique stack ID.

It is a UUID generated by RFS when a stack is created.

Stack names are unique at one specific time, so you can create a stack named HelloWorld and another stack with the same name after deleting the first one.

For parallel development, team members may want to ensure that they are operating the stack they created, not one with the same name created by other members after deleting the previous one.

To avoid this mismatch, check the ID, since RFS ensures each stack has a unique ID that does not change with updates. If the stack_id value differs from the current stack ID, 400 is returned.

Minimum: 36

Maximum: 36

template_body

No

String

HCL template. It describes the target status of a resource. RFS compares the differences between the statuses of this template and the current remote resources.

Either template_body or template_uri must be specified but they both cannot be specified together.

In the CreateStack API, template_body and template_uri are optional.

Note:

  • template_body cannot contain any sensitive information. RFS directly uses, logs, displays, and stores the corresponding template_body in plaintext. If the information is sensitive, you are advised to use vars_structure to change the information to a variable and set the encryption field to enable encrypted transmission.

Minimum: 0

Maximum: 51200

template_uri

No

String

OBS address of an HCL template. The template describes the target status of a resource. RFS compares the differences between the statuses of this template and the current remote resources.

The OBS address allows mutual access to regions of the same type. Regions are classified into universal regions and dedicated regions. A universal region provides universal cloud services for common tenants. A dedicated region provides specific services for specific tenants.

The corresponding file must be a tf file or a zip package.

A pure .tf file must end with .tf or .tf.json and comply with the HCL syntax.

Currently, only the .zip package is supported. The file name extension must be .zip. The decompressed file cannot contain the .tfvars file and must be encoded in UTF8 format (the .tf.json file cannot contain the BOM header). The .zip package supports a maximum of 100 subfiles.

Either template_body or template_uri must be specified.

In the CreateStack API, template_body and template_uri are optional.

Note:

  • The template file corresponds to template_uri cannot contain any sensitive information. RFS directly uses, logs, displays, and stores the content of the template file in plaintext. If the information is sensitive, you are advised to use vars_structure to change the information to a variable and set the encryption field to enable encrypted transmission.
  • If the template file corresponding to template_uri is of zip type, the length of the internal file or folder name must not exceed 255 bytes, the length of the deepest path must not exceed 2048 bytes, and the size of the zip package must not exceed 1MB.

Minimum: 0

Maximum: 2048

execution_plan_name

Yes

String

An execution plan name is unique within its domain (domain_id), region, project (project_id), and stack (stack_id). It is case-sensitive and starts with a letter. Only letters, digits, underscores (_), and hyphens (-) are allowed.

Minimum: 1

Maximum: 128

description

No

String

Execution plan description. It is used to identify your own execution plans.

Minimum: 0

Maximum: 1024

vars_structure

No

Array of VarsStructure objects

HCL variable structure. Transferring variables is supported by the HCL template. The same template can use different variables for different purposes.

  • var_structure allows string variables.
  • RFS supports vars_structure, vars_body, and vars_uri. If they declare the same variable, error code 400 will be reported.
  • vars_structure only supports string variables. To use variables of other types, you need to convert them in HCL reference. Alternatively, you can use vars_uri and vars_body, which support various types and complex structures supported by HCL.
  • If vars_structure is too large, you can use vars_uri.
  • Note: vars_structure cannot contain any sensitive information. RFS directly uses, logs, displays, and stores the corresponding vars in plaintext. If the information is sensitive, you are advised to set the encryption field.

Array Length: 0 - 100

vars_body

No

String

Content of the HCL variable file. Transferring variables is supported by the HCL template. The same template can use different variables for different purposes.

  • The vars_body uses the tfvars format of HCL. You can submit the content in the .tfvars file to the vars_body.
  • RFS supports vars_structure, vars_body, and vars_uri. If they declare the same variable, error code 400 will be reported.
  • If vars_body is too large, you can use vars_uri.
  • If the content in vars is simple strings, you can use var_structure.
  • vars_body cannot contain any sensitive information. RFS directly uses, logs, displays, and stores the corresponding vars in plaintext. If the information is sensitive, you are advised to use vars_structure and set the encryption field for transmission.

Minimum: 0

Maximum: 51200

vars_uri

No

String

OBS address of the HCL variable file. Transferring variables is supported by the HCL template. The same template can use different variables for different purposes.

The OBS address allows mutual access to regions of the same type. Regions are classified into universal regions and dedicated regions. A universal region provides universal cloud services for common tenants. A dedicated region provides specific services for specific tenants.

  • RFS supports vars_structure, vars_body, and vars_uri. If they declare the same variable, error code 400 will be reported.
  • The content in vars_uri uses the tfvars format of HCL. You can save the content in .tfvars to a file, upload the file to OBS, and transfer the pre-signed URL of OBS to vars_uri.
  • vars_uri cannot contain any sensitive information. RFS directly uses, logs, displays, and stores the corresponding vars in plaintext. If the information is sensitive, you are advised to use vars_structure and set the encryption field for transmission.

Minimum: 0

Maximum: 2048

Table 4 VarsStructure

Parameter

Mandatory

Type

Description

var_key

Yes

String

Variable name.

Minimum: 1

Maximum: 32

var_value

Yes

String

Variable value.

Variables must be in the form of a string. If a parameter is a number, it must also be in the form of a string, for example, '10'.

For different types or complex structures, you can use vars_uri or vars_body.

Minimum: 0

Maximum: 2048

encryption

No

EncryptionStructure object

If a transferred var_value has been encrypted, you can declare this variable to require RFS to decrypt the var_value before using it. Currently, only KMS encryption and decryption are supported.

Table 5 EncryptionStructure

Parameter

Mandatory

Type

Description

kms

Yes

KmsStructure object

If an assigned var_value is encrypted by KMS, related encryption information can be transferred. RFS will help you decrypt the var_value by KMS.

For more details about KMS encryption and its sample code, refer to KMS Application Scenarios.

Note:

  • The agency you specify for RFS should have the operation permissions on the specified key ID.
  • KMS provides a quota for free trial every month. If the quota is exceeded, you will be billed for KMS. The fee is not billed by RFS.
  • KMS encryption only indicates that RFS uses ciphertext for storage and transmission. However, RFS still uses plaintext in stack-events. If you want RFS to use ciphertext in logs, you can declare sensitive in templates. For more information about sensitive, refer to https://learn.hashicorp.com/tutorials/terraform/sensitive-variables.
Table 6 KmsStructure

Parameter

Mandatory

Type

Description

id

Yes

String

KMS key ID is used by RFS during decryption. Generally, the key ID is that used for encryption.

Minimum: 36

Maximum: 36

cipher_text

Yes

String

Ciphertext of data encryption key.

Minimum: 2

Maximum: 2048

Response Parameters

Status code: 202

Table 7 Response body parameters

Parameter

Type

Description

execution_plan_id

String

Unique execution plan ID.

A UUID is generated by RFS when an execution plan is created.

Execution plan names are unique at one specific time, so you can create an execution plan named HelloWorld and another execution plan with the same name after deleting the first one.

For parallel development, team members may want to ensure that they are operating the execution plan they created, not one with the same name created by other members after deleting the previous one.

To avoid this mismatch, check the ID, since RFS ensures each execution plan has a unique ID that does not change with updates. If the execution_plan_id value differs from the current execution plan ID, 400 is returned.

Note:

  • The RFS will persist the request and return the response immediately. Clients do not need to wait for the request to be processed. Therefore, users cannot detect the result in real-time.
  • RFS queues these asynchronous requests and processes them in order when the sever is idle. The maximum waiting time for each request is 1 hours.

Minimum: 36

Maximum: 36

Status code: 400

Table 8 Response body parameters

Parameter

Type

Description

error_code

String

Response code.

Minimum: 11

Maximum: 11

error_msg

String

Response message.

encoded_authorization_message

String

The message contains information about unauthorized requests.

Status code: 401

Table 9 Response body parameters

Parameter

Type

Description

error_code

String

Response code.

Minimum: 11

Maximum: 11

error_msg

String

Response message.

encoded_authorization_message

String

The message contains information about unauthorized requests.

Status code: 403

Table 10 Response body parameters

Parameter

Type

Description

error_code

String

Response code.

Minimum: 11

Maximum: 11

error_msg

String

Response message.

encoded_authorization_message

String

The message contains information about unauthorized requests.

Status code: 409

Table 11 Response body parameters

Parameter

Type

Description

error_code

String

Response code.

Minimum: 11

Maximum: 11

error_msg

String

Response message.

encoded_authorization_message

String

The message contains information about unauthorized requests.

Status code: 429

Table 12 Response body parameters

Parameter

Type

Description

error_code

String

Response code.

Minimum: 11

Maximum: 11

error_msg

String

Response message.

encoded_authorization_message

String

The message contains information about unauthorized requests.

Status code: 500

Table 13 Response body parameters

Parameter

Type

Description

error_code

String

Response code.

Minimum: 11

Maximum: 11

error_msg

String

Response message.

encoded_authorization_message

String

The message contains information about unauthorized requests.

Example Requests

  • Create an execution plan in a specified stack based on the template URI.
    POST https://{endpoint}/v1/ba2b9930c977f71edaeaa3a5e96a8ff1/stacks/my_hello_world_stack/execution-plans
    
    {
      "execution_plan_name" : "my_first_execution_plan",
      "template_uri" : "https://my_hello_world_bucket.{region}.myhuaweicloud.com/vpc.tf"
    }
  • Create an execution plan in a specified stack based on the template.
    POST https://{endpoint}/v1/ba2b9930c977f71edaeaa3a5e96a8ff1/stacks/my_hello_world_stack/execution-plans
    
    {
      "execution_plan_name" : "my_second_execution_plan",
      "template_body" : "terraform {\n    required_providers {\n      huaweicloud = {\n        source = \"huawei.com/provider/huaweicloud\"\n        version = \"1.41.0\"\n        }\n    }\n}\nprovider \"huaweicloud\"{\n    insecure = true\n    cloud = \"{cloud_name}\"\n    region = \"{region}\"\n    endpoints = {\n        iam = \"{iam_endpoint}\",\n    }\n}\n\nresource \"huaweicloud_vpc\" \"vpc\" {\n  cidr = \"172.16.0.0/16\"\n  name = \"my_vpc\"\n}"
    }

Example Responses

Status code: 202

The request is accepted and processed asynchronously.

{
  "execution_plan_id" : "fb5e781e-a27d-46e2-9954-242753857a9f"
}

Status Codes

Status Code

Description

202

The request is accepted and processed asynchronously.

400

Invalid request.

401

Authentication failed.

403

  1. The user does not have the permission to call this API.
  2. The maximum number of execution plans has been reached.

409

Creation requests conflict. An execution plan with the same name already exists.

429

Too frequent requests.

500

Internal server error.