Updated on 2024-12-12 GMT+08:00

Deploying a Stack

Function

DeployStack

This API deploys a created stack.

  • You can call this API to update the template and parameters and trigger a new deployment.

  • This API triggers deployment directly. If users want to confirm deployment details in advance, create an execution plan by calling CreateExecutionPlan and get the execution plan by calling GetExecutionPlan.

  • Assign all the templates and vars and then call this API.

  • If automatic rollback is enabled, the stack rolls back once its deployment fails. If automatic rollback is disabled, the stack stays in the current status when the deployment fails.

URI

POST /v1/{project_id}/stacks/{stack_name}/deployments

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

A project ID is obtained by calling an API or from the console.

Obtaining a Project ID

stack_name

Yes

String

A stack name is unique within its domain (domain_id), region, and project (project_id). It is case-sensitive and starts with a letter. Only letters, digits, underscores (_), and hyphens (-) are allowed.

Request Parameters

Table 2 Request header parameters

Parameter

Mandatory

Type

Description

Client-Request-Id

Yes

String

A unique request ID is specified by a user to locate a request. UUID is recommended.

Table 3 Request body parameters

Parameter

Mandatory

Type

Description

template_body

No

String

HCL template. It describes the target status of a resource. RFS compares the differences between the statuses of this template and the current remote resources.

Either template_body or template_uri must be specified but they both cannot be specified together.

In the CreateStack API, template_body and template_uri are optional.

Note:

  • template_body cannot contain any sensitive information. RFS directly uses, logs, displays, and stores the corresponding template_body in plaintext. If the information is sensitive, you are advised to use vars_structure to change the information to a variable and set the encryption field to enable encrypted transmission.

template_uri

No

String

OBS address of an HCL template. The template describes the target status of a resource. RFS compares the differences between the statuses of this template and the current remote resources.

Ensure that the OBS address is located in the same region as the RFS.

The corresponding file must be a tf file or a zip package.

A pure .tf file must end with .tf or .tf.json and comply with the HCL syntax.

Currently, only the .zip package is supported. The file name extension must be .zip. The decompressed file cannot contain the .tfvars file and must be encoded in UTF8 format (the .tf.json file cannot contain the BOM header). The .zip package supports a maximum of 100 subfiles.

Either template_body or template_uri must be specified.

In the CreateStack API, template_body and template_uri are optional.

Note:

  • The template file corresponds to template_uri cannot contain any sensitive information. RFS directly uses, logs, displays, and stores the content of the template file in plaintext. If the information is sensitive, you are advised to use vars_structure to change the information to a variable and set the encryption field to enable encrypted transmission.

  • If the template file corresponding to template_uri is of zip type, the length of the internal file or folder name must not exceed 255 bytes, the length of the deepest path must not exceed 2048 bytes, and the size of the zip package must not exceed 1MB.

vars_structure

No

Array of VarsStructure objects

HCL variable structure. Transferring variables is supported by the HCL template. The same template can use different variables for different purposes.

  • var_structure allows string variables.

  • RFS supports vars_structure, vars_body, and vars_uri. If they declare the same variable, error code 400 will be reported.

  • vars_structure only supports string variables. To use variables of other types, you need to convert them in HCL reference. Alternatively, you can use vars_uri and vars_body, which support various types and complex structures supported by HCL.

  • If vars_structure is too large, you can use vars_uri.

  • Note: vars_structure cannot contain any sensitive information. RFS directly uses, logs, displays, and stores the corresponding vars in plaintext. If the information is sensitive, you are advised to set the encryption field.

vars_body

No

String

Content of the HCL variable file. Transferring variables is supported by the HCL template. The same template can use different variables for different purposes.

  • The vars_body uses the tfvars format of HCL. You can submit the content in the .tfvars file to the vars_body.

  • RFS supports vars_structure, vars_body, and vars_uri. If they declare the same variable, error code 400 will be reported.

  • If vars_body is too large, you can use vars_uri.

  • If the content in vars is simple strings, you can use var_structure.

  • vars_body cannot contain any sensitive information. RFS directly uses, logs, displays, and stores the corresponding vars in plaintext. If the information is sensitive, you are advised to use vars_structure and set the encryption field for transmission.

vars_uri

No

String

OBS address of the HCL variable file. Transferring variables is supported by the HCL template. The same template can use different variables for different purposes.

Ensure that the OBS address is located in the same region as the RFS.

  • RFS supports vars_structure, vars_body, and vars_uri. If they declare the same variable, error code 400 will be reported.

  • The content in vars_uri uses the tfvars format of HCL. You can save the content in .tfvars to a file, upload the file to OBS, and transfer the pre-signed URL of OBS to vars_uri.

  • vars_uri cannot contain any sensitive information. RFS directly uses, logs, displays, and stores the corresponding vars in plaintext. If the information is sensitive, you are advised to use vars_structure and set the encryption field for transmission.

stack_id

No

String

Unique stack ID.

It is a UUID generated by RFS when a stack is created.

Stack names are unique at one specific time, so you can create a stack named HelloWorld and another stack with the same name after deleting the first one.

For parallel development, team members may want to ensure that they are operating the stack they created, not one with the same name created by other members after deleting the previous one.

To avoid this mismatch, check the ID, since RFS ensures each stack has a unique ID that does not change with updates. If the stack_id value differs from the current stack ID, 400 is returned.

Table 4 VarsStructure

Parameter

Mandatory

Type

Description

var_key

Yes

String

Variable name.

var_value

Yes

String

Variable value.

Variables must be in the form of a string. If a parameter is a number, it must also be in the form of a string, for example, '10'.

For different types or complex structures, you can use vars_uri or vars_body.

encryption

No

EncryptionStructure object

If a transferred var_value has been encrypted, you can declare this variable to require RFS to decrypt the var_value before using it. Currently, only KMS encryption and decryption are supported.

Table 5 EncryptionStructure

Parameter

Mandatory

Type

Description

kms

Yes

KmsStructure object

If an assigned var_value is encrypted by KMS, related encryption information can be transferred. RFS will help you decrypt the var_value by KMS.

For more details about KMS encryption and its sample code, refer to KMS Application Scenarios.

Note:

  • The agency you specify for RFS should have the operation permissions on the specified key ID.

  • KMS provides a quota for free trial every month. If the quota is exceeded, you will be billed for KMS. The fee is not billed by RFS. More details

  • KMS encryption only indicates that RFS uses ciphertext for storage and transmission. However, RFS still uses plaintext in stack-events. If you want RFS to use ciphertext in logs, you can declare sensitive in templates. For more information about sensitive, refer to https://learn.hashicorp.com/tutorials/terraform/sensitive-variables.

Table 6 KmsStructure

Parameter

Mandatory

Type

Description

id

Yes

String

KMS key ID is used by RFS during decryption. Generally, the key ID is that used for encryption.

cipher_text

Yes

String

Ciphertext of data encryption key.

Response Parameters

Status code: 202

Table 7 Response body parameters

Parameter

Type

Description

deployment_id

String

Deployment ID

Deployment request is accepted by RFS and will be processed asynchronously. You can call GetStackMetadata to query the stack status.

Note:

  • The RFS will persist the deployment request and return the response immediately. Clients do not need to wait for the request to be processed. Therefore, users cannot detect the result in real-time.

  • RFS queues these asynchronous deployment requests and processes them in order. The maximum waiting time for each deployment is 6 hours.

Status code: 400

Table 8 Response body parameters

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

encoded_authorization_message

String

The message contains information about unauthorized requests.

details

Array of Detail objects

Detailed error messages returned by service when permission is denied.

Table 9 Detail

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

Status code: 401

Table 10 Response body parameters

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

encoded_authorization_message

String

The message contains information about unauthorized requests.

details

Array of Detail objects

Detailed error messages returned by service when permission is denied.

Table 11 Detail

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

Status code: 403

Table 12 Response body parameters

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

encoded_authorization_message

String

The message contains information about unauthorized requests.

details

Array of Detail objects

Detailed error messages returned by service when permission is denied.

Table 13 Detail

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

Status code: 404

Table 14 Response body parameters

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

encoded_authorization_message

String

The message contains information about unauthorized requests.

details

Array of Detail objects

Detailed error messages returned by service when permission is denied.

Table 15 Detail

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

Status code: 409

Table 16 Response body parameters

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

encoded_authorization_message

String

The message contains information about unauthorized requests.

details

Array of Detail objects

Detailed error messages returned by service when permission is denied.

Table 17 Detail

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

Status code: 429

Table 18 Response body parameters

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

encoded_authorization_message

String

The message contains information about unauthorized requests.

details

Array of Detail objects

Detailed error messages returned by service when permission is denied.

Table 19 Detail

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

Status code: 500

Table 20 Response body parameters

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

encoded_authorization_message

String

The message contains information about unauthorized requests.

details

Array of Detail objects

Detailed error messages returned by service when permission is denied.

Table 21 Detail

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

Example Requests

Transfer template and variable information using OBS signed URL.

POST https://{endpoint}/v1/ba2b9930c977f71edaeaa3a5e96a8ff1/stacks/my_hello_world_stack/deployments

{
  "template_uri" : "https://my_hello_world_bucket.{region}.myhuaweicloud.com/my-hello-world-template.tf",
  "vars_uri" : "https://my_hello_world_bucket.{region}.myhuaweicloud.com/my-hello-world-vars.tfvars",
  "stack_id" : "1b15e005-bdbb-4bd7-8f9a-a09b6774b4b3"
}

Example Responses

Status code: 202

The request is accepted and processed asynchronously.

{
  "deployment_id" : "3fef5d3e-27b6-44e8-9769-1d7262bd9430"
}

Status Codes

Status Code

Description

202

The request is accepted and processed asynchronously.

400

Invalid request.

401

Authentication failed.

403

  1. Invalid stack status.

  2. The user does not have the permission to call this API.

404

The stack does not exist.

409

Request conflict. Another request is being processed on the current stack.

429

Too frequent requests.

500

Internal server error.