Updated on 2024-11-04 GMT+08:00

Creating a Stack

Function

CreateStack creates a stack.

  • If template, vars, and other information are not included in the request, an empty stack will be created and stack_id will be returned.

  • If template, vars, and other information are included in the request, a stack will be created and stack_id and deployment_id will be returned.

URI

POST /v1/{project_id}/stacks

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

A project ID is obtained by calling an API or from the console.

Obtaining a Project ID

Request Parameters

Table 2 Request header parameters

Parameter

Mandatory

Type

Description

Client-Request-Id

Yes

String

A unique request ID is specified by a user to locate a request. UUID is recommended.

Table 3 Request body parameters

Parameter

Mandatory

Type

Description

stack_name

Yes

String

A stack name is unique within its domain (domain_id), region, and project (project_id). It is case-sensitive and starts with a letter. Only letters, digits, underscores (_), and hyphens (-) are allowed.

agencies

No

Array of Agency objects

Agency information.

RFS uses an agency only in requests that involve resource operations, such as creating a stack (triggering deployment), creating an execution plan, deploying a stack, and deleting a stack. In addition, the agency applies only to resource operations performed by the provider bound to the agency. If the permissions provided by the agency are insufficient, operations on related resources may fail.

Creating Delegation and Authorisation Methods

description

No

String

Description of a stack. It can be used by customers to identify their own stacks.

enable_deletion_protection

No

Boolean

Deletion protection flag. If this variable is not assigned, the default value is false, indicating that deletion protection is disabled by default. (After deletion protection is enabled, stacks cannot be deleted.)

In the UpdateStack API, if this variable is not assigned in the RequestBody, the deletion protection attribute of the stack will not be updated.

enable_auto_rollback

No

Boolean

Auto-rollback flag. If this variable is not assigned, the default value is false, indicating that auto-rollback is disabled by default. (After auto-rollback is enabled, if the deployment fails, the stack is automatically rolled back and returns to the previous stable status.)

In the UpdateStack API, if this variable is not assigned in the RequestBody, the auto-rollback attribute of the stack will not be updated.

This property is mutually exclusive with the import resources using templates feature, which does not allow the deployment of templates containing imported resources if the stack's auto-rollback is set to true.

template_body

No

String

HCL template. It describes the target status of a resource. RFS compares the differences between the statuses of this template and the current remote resources.

Either template_body or template_uri must be specified but they both cannot be specified together.

In the CreateStack API, template_body and template_uri are optional.

Note:

  • template_body cannot contain any sensitive information. RFS directly uses, logs, displays, and stores the corresponding template_body in plaintext. If the information is sensitive, you are advised to use vars_structure to change the information to a variable and set the encryption field to enable encrypted transmission.

template_uri

No

String

OBS address of an HCL template. The template describes the target status of a resource. RFS compares the differences between the statuses of this template and the current remote resources.

Ensure that the OBS address is located in the same region as the RFS.

The corresponding file must be a tf file or a zip package.

A pure .tf file must end with .tf or .tf.json and comply with the HCL syntax.

Currently, only the .zip package is supported. The file name extension must be .zip. The decompressed file cannot contain the .tfvars file and must be encoded in UTF8 format (the .tf.json file cannot contain the BOM header). The .zip package supports a maximum of 100 subfiles.

Either template_body or template_uri must be specified.

In the CreateStack API, template_body and template_uri are optional.

Note:

  • The template file corresponds to template_uri cannot contain any sensitive information. RFS directly uses, logs, displays, and stores the content of the template file in plaintext. If the information is sensitive, you are advised to use vars_structure to change the information to a variable and set the encryption field to enable encrypted transmission.

  • If the template file corresponding to template_uri is of zip type, the length of the internal file or folder name must not exceed 255 bytes, the length of the deepest path must not exceed 2048 bytes, and the size of the zip package must not exceed 1MB.

vars_body

No

String

Content of the HCL variable file. Transferring variables is supported by the HCL template. The same template can use different variables for different purposes.

  • The vars_body uses the tfvars format of HCL. You can submit the content in the .tfvars file to the vars_body.

  • RFS supports vars_structure, vars_body, and vars_uri. If they declare the same variable, error code 400 will be reported.

  • If vars_body is too large, you can use vars_uri.

  • If the content in vars is simple strings, you can use var_structure.

  • vars_body cannot contain any sensitive information. RFS directly uses, logs, displays, and stores the corresponding vars in plaintext. If the information is sensitive, you are advised to use vars_structure and set the encryption field for transmission.

vars_structure

No

Array of VarsStructure objects

HCL variable structure. Transferring variables is supported by the HCL template. The same template can use different variables for different purposes.

  • var_structure allows string variables.

  • RFS supports vars_structure, vars_body, and vars_uri. If they declare the same variable, error code 400 will be reported.

  • vars_structure only supports string variables. To use variables of other types, you need to convert them in HCL reference. Alternatively, you can use vars_uri and vars_body, which support various types and complex structures supported by HCL.

  • If vars_structure is too large, you can use vars_uri.

  • Note: vars_structure cannot contain any sensitive information. RFS directly uses, logs, displays, and stores the corresponding vars in plaintext. If the information is sensitive, you are advised to set the encryption field.

vars_uri

No

String

OBS address of the HCL variable file. Transferring variables is supported by the HCL template. The same template can use different variables for different purposes.

Ensure that the OBS address is located in the same region as the RFS.

  • RFS supports vars_structure, vars_body, and vars_uri. If they declare the same variable, error code 400 will be reported.

  • The content in vars_uri uses the tfvars format of HCL. You can save the content in .tfvars to a file, upload the file to OBS, and transfer the pre-signed URL of OBS to vars_uri.

  • vars_uri cannot contain any sensitive information. RFS directly uses, logs, displays, and stores the corresponding vars in plaintext. If the information is sensitive, you are advised to use vars_structure and set the encryption field for transmission.

Table 4 Agency

Parameter

Mandatory

Type

Description

provider_name

Yes

String

Name of the provider used by a user. If the provider_name value given by the user is duplicate, 400 is returned.

agency_name

No

String

IAM agency used by the corresponding provider. RFS uses this agency to access and create resources of the provider. Either agency_name or agency_urn must be specified.

agency_urn

No

String

Agency URN

When a user defines an agency, either agency_name or agency_urn must be specified.

You are advised to set agency_urn when using the trust agency. agency_name can only receive common agency names. If agency_name is set to a trust agency name, template deployment will fail.

Table 5 VarsStructure

Parameter

Mandatory

Type

Description

var_key

Yes

String

Variable name.

var_value

Yes

String

Variable value.

Variables must be in the form of a string. If a parameter is a number, it must also be in the form of a string, for example, '10'.

For different types or complex structures, you can use vars_uri or vars_body.

encryption

No

EncryptionStructure object

If a transferred var_value has been encrypted, you can declare this variable to require RFS to decrypt the var_value before using it. Currently, only KMS encryption and decryption are supported.

Table 6 EncryptionStructure

Parameter

Mandatory

Type

Description

kms

Yes

KmsStructure object

If an assigned var_value is encrypted by KMS, related encryption information can be transferred. RFS will help you decrypt the var_value by KMS.

For more details about KMS encryption and its sample code, refer to KMS Application Scenarios.

Note:

  • The agency you specify for RFS should have the operation permissions on the specified key ID.

  • KMS provides a quota for free trial every month. If the quota is exceeded, you will be billed for KMS. The fee is not billed by RFS. More details

  • KMS encryption only indicates that RFS uses ciphertext for storage and transmission. However, RFS still uses plaintext in stack-events. If you want RFS to use ciphertext in logs, you can declare sensitive in templates. For more information about sensitive, refer to https://learn.hashicorp.com/tutorials/terraform/sensitive-variables.

Table 7 KmsStructure

Parameter

Mandatory

Type

Description

id

Yes

String

KMS key ID is used by RFS during decryption. Generally, the key ID is that used for encryption.

cipher_text

Yes

String

Ciphertext of data encryption key.

Response Parameters

Status code: 201

Table 8 Response body parameters

Parameter

Type

Description

stack_id

String

Unique stack ID.

It is a UUID generated by RFS when a stack is created.

Stack names are unique at one specific time, so you can create a stack named HelloWorld and another stack with the same name after deleting the first one.

For parallel development, team members may want to ensure that they are operating the stack they created, not one with the same name created by other members after deleting the previous one.

To avoid this mismatch, check the ID, since RFS ensures each stack has a unique ID that does not change with updates. If the stack_id value differs from the current stack ID, 400 is returned.

deployment_id

String

Deployment ID

Deployment request is accepted by RFS and will be processed asynchronously. You can call GetStackMetadata to query the stack status.

Note:

  • The RFS will persist the deployment request and return the response immediately. Clients do not need to wait for the request to be processed. Therefore, users cannot detect the result in real-time.

  • RFS queues these asynchronous deployment requests and processes them in order. The maximum waiting time for each deployment is 6 hours.

Status code: 400

Table 9 Response body parameters

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

encoded_authorization_message

String

The message contains information about unauthorized requests.

details

Array of Detail objects

Detailed error messages returned by service when permission is denied.

Table 10 Detail

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

Status code: 401

Table 11 Response body parameters

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

encoded_authorization_message

String

The message contains information about unauthorized requests.

details

Array of Detail objects

Detailed error messages returned by service when permission is denied.

Table 12 Detail

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

Status code: 403

Table 13 Response body parameters

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

encoded_authorization_message

String

The message contains information about unauthorized requests.

details

Array of Detail objects

Detailed error messages returned by service when permission is denied.

Table 14 Detail

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

Status code: 409

Table 15 Response body parameters

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

encoded_authorization_message

String

The message contains information about unauthorized requests.

details

Array of Detail objects

Detailed error messages returned by service when permission is denied.

Table 16 Detail

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

Status code: 429

Table 17 Response body parameters

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

encoded_authorization_message

String

The message contains information about unauthorized requests.

details

Array of Detail objects

Detailed error messages returned by service when permission is denied.

Table 18 Detail

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

Status code: 500

Table 19 Response body parameters

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

encoded_authorization_message

String

The message contains information about unauthorized requests.

details

Array of Detail objects

Detailed error messages returned by service when permission is denied.

Table 20 Detail

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

Example Requests

  • Create a stack.

    POST https://{endpoint}/v1/ba2b9930c977f71edaeaa3a5e96a8ff1/stacks
    
    {
      "stack_name" : "my_first_stack",
      "description" : "my first stack"
    }
  • Create a stack using an agency.

    POST https://{endpoint}/v1/ba2b9930c977f71edaeaa3a5e96a8ff1/stacks
    
    {
      "stack_name" : "my_second_stack",
      "description" : "my second stack",
      "agencies" : [ {
        "provider_name" : "huaweicloud",
        "agency_name" : "my_agency"
      } ]
    }
  • Create and deploy a stack using the URI of a template.

    POST https://{endpoint}/v1/ba2b9930c977f71edaeaa3a5e96a8ff1/stacks
    
    {
      "stack_name" : "my_third_stack",
      "template_uri" : "https://my_hello_world_bucket.{region}.myhuaweicloud.com/my-hello-world-template.tf",
      "description" : "my third stack"
    }
  • Create and deploy a stack using a template.

    {
      "stack_name" : "my_fourth_stack",
      "template_body" : "terraform {\n    required_providers {\n      huaweicloud = {\n        source = \"huawei.com/provider/huaweicloud\"\n        version = \"1.41.0\"\n        }\n    }\n}\nprovider \"huaweicloud\"{\n    insecure = true\n    cloud = \"{cloud_name}\"\n    region = \"{region}\"\n    endpoints = {\n        iam = \"{iam_endpoint}\",\n    }\n}\n\nresource \"huaweicloud_vpc\" \"vpc\" {\n  cidr = \"172.16.0.0/16\"\n  name = \"my_vpc\"\n}",
      "description" : "my fourth stack"
    }

Example Responses

Status code: 201

Stack created.

{
  "stack_id" : "ea6a4f0e-ee8a-494e-b12a-8be4a1e65af2"
}

Status Codes

Status Code

Description

201

Stack created.

400

Invalid request.

401

Authentication failed.

403

  1. The user does not have the permission to call this API.

  2. Too many stacks.

409

Request conflict. Another stack with the same name already exists.

429

Too frequent requests.

500

Internal server error.