用于審批任務的動作。
用途
在自動化運維的一些場景中,有些特殊的操作需要被特殊關注,例如刪除重要資源,或使用費用較高的實例等。如果把這些操作也納入自動化的范疇,您可能會擔心失去控制,超過預算。若不納入自動化的范疇,又會導致這些操作退化到手工執行或其他非自動化方式。審批動作能夠讓您在自動化和特殊關注之間尋找一個平衡。
當執行一個模板中包括審批動作,且執行到審批動作這一步時,OOS執行引擎會暫停執行,執行進入等待中狀態,并發送一個包含通知的審批鏈接到管理員用戶。在訪問審批鏈接后,管理員可根據業務需求做出決定,同意或拒絕,同意后則OOS引擎繼續執行后續任務,拒絕后引擎停止執行,執行狀態為取消(Cancelled)。
Webhook 語法
對于釘釘,可以通過Webhook的方式支持。
YAML格式
Tasks:
- Name: approvalTask
Action: ACS::Approve
Properties:
AppendExecutionLink: 'true' # 是否附加執行詳情鏈接,可選項true和false。ACS::Approve動作默認為true。
Approvers: ["user1", "user2", "user3"] # 待審批的RAM子賬號名字。
MinRequiredApprovals: 2 # 審批通過時至少需要贊同的人數。
NotifyType: WebHook
WebHook:
URI: url # 必填,webhook地址,如https://oapi.dingtalk.com/robot/send?access_token=xxxxxx
Headers: # 可選,Http請求的Headers,如Content-Type
Content-Type: 'application/json; charset=utf-8'
Content: # 必填,根據具體的Webhook要求提供,如釘釘webhook要求如下:https://open-doc.dingtalk.com/docs/doc.htm?treeId=257&articleId=105735&docType=1
msgtype: text
text:
content: 'the approve notify to user' # 必填,發送審批通知的內容。
at: # 在釘釘群中@的用戶
atMobiles: # 可選,@群里面的指定用戶,此處的手機號為用戶注冊釘釘的手機號。
- 138albb1234
- 130albb1234
isAtAll: 'false' # 可選,是否@所有用戶,可選true 或 false,默認為false。
JSON格式(請參照YAML注釋說明)
{
"Tasks": [
{
"Name": "approvalTask",
"Action": "ACS::Approve",
"Properties": {
"AppendExecutionLink": "true",
"Approvers": [
"user1",
"user2",
"user3"
],
"MinRequiredApprovals": 2,
"NotifyType": "WebHook",
"WebHook": {
"URI": "url",
"Headers": {
"Content-Type": "application/json; charset=utf-8"
},
"Content": {
"msgtype": "text",
"text": {
"content": "the approve notify to user"
},
"at": {
"atMobiles": [
"138albb1234",
"130albb1234"
],
"isAtAll": "false"
}
}
}
}
}
]
}
Webhook 示例
以下模板:在刪除實例前需要審批。
YAML格式
---
FormatVersion: OOS-2019-06-01
Description:
en: Bulky restarts the ECS instances with Approval.
zh-cn: 批量重啟ECS實例帶審批。
name-en: BulkyRebootInstancesWithApproval
name-zh-cn: 批量重啟ECS實例帶審批
Parameters:
targets:
Type: Json
AssociationProperty: Targets
AssociationPropertyMetadata:
ResourceType: 'ALIYUN::ECS::Instance'
rateControl:
Description:
en: Concurrency ratio of task execution.
zh-cn: 任務執行的并發比率。
Type: Json
AssociationProperty: RateControl
Default:
Mode: Concurrency
MaxErrors: 0
Concurrency: 100%
webHookUrl:
Description:
en: >-
The webHook url of dingtalk group assistant,
e.g.https://oapi.dingtalk.com/robot/send?access_token=1234zxcvaksdq31414.
zh-cn: >-
釘釘群助手的webhook地址,形如https://oapi.dingtalk.com/robot/send?access_token=1234zxcvaksdq31414。
Type: String
atMobiles:
Description:
en: >-
The telephone numbers of member in dingtalk group assistant @, when
notify comes.
zh-cn: 當群助手向釘釘群中發送審批通知時,要被@的群成員注冊釘釘所用手機號。
Type: List
Default:
- '1390000****'
atAll:
Description:
en: 'assistant @ all members in dingtalk group or not, when notify comes.'
zh-cn: 當群助手向釘釘群中發送審批通知時是否@所有人。
Type: String
Default: 'false'
OOSAssumeRole:
Description:
en: The RAM role to be assumed by OOS.
zh-cn: OOS扮演的RAM角色。
Type: String
Default: OOSServiceRole
RamRole: '{{ OOSAssumeRole }}'
Tasks:
- Name: getInstance
Description:
en: Views the ECS instances.
zh-cn: 獲取ECS實例。
Action: 'ACS::SelectTargets'
Properties:
ResourceType: 'ALIYUN::ECS::Instance'
Filters:
- '{{ targets }}'
Outputs:
instanceIds:
Type: List
ValueSelector: 'Instances.Instance[].InstanceId'
instanceNames:
Type: List
ValueSelector: 'Instances.Instance[].InstanceName'
- Name: approveRestart
Action: 'ACS::Approve'
Properties:
NotifyType: WebHook
WebHook:
URI: '{{webhookUrl}}'
Headers:
Content-Type: application/json
Content:
msgtype: text
text:
content: >-
Notify: please approve instances restart, instance names to
approve are {{getInstance.instanceNames}}, sent by
{{ACS::RegionId}} oos {{ACS::ExecutionId}}.
at:
atMobiles: '{{atMobiles}}'
isAtAll: '{{atAll}}'
- Name: rebootInstance
Action: 'ACS::ECS::RebootInstance'
Description:
en: Restarts the ECS instances.
zh-cn: 重啟實例。
Properties:
instanceId: '{{ ACS::TaskLoopItem }}'
Loop:
RateControl: '{{ rateControl }}'
Items: '{{ getInstance.instanceIds }}'
Outputs:
instanceIds:
Type: List
Value: '{{ getInstance.instanceIds }}'
JSON格式
{
"FormatVersion": "OOS-2019-06-01",
"Description": {
"en": "Bulky restarts the ECS instances with Approval.",
"zh-cn": "批量重啟ECS實例帶審批。",
"name-en": "BulkyRebootInstancesWithApproval",
"name-zh-cn": "批量重啟ECS實例帶審批"
},
"Parameters": {
"targets": {
"Type": "Json",
"AssociationProperty": "Targets",
"AssociationPropertyMetadata": {
"ResourceType": "ALIYUN::ECS::Instance"
}
},
"rateControl": {
"Description": {
"en": "Concurrency ratio of task execution.",
"zh-cn": "任務執行的并發比率。"
},
"Type": "Json",
"AssociationProperty": "RateControl",
"Default": {
"Mode": "Concurrency",
"MaxErrors": 0,
"Concurrency": "100%"
}
},
"webHookUrl": {
"Description": {
"en": "The webHook url of dingtalk group assistant, e.g.https://oapi.dingtalk.com/robot/send?access_token=1234zxcvaksdq31414.",
"zh-cn": "釘釘群助手的webhook地址,形如https://oapi.dingtalk.com/robot/send?access_token=1234zxcvaksdq31414。"
},
"Type": "String"
},
"atMobiles": {
"Description": {
"en": "The telephone numbers of member in dingtalk group assistant @, when notify comes.",
"zh-cn": "當群助手向釘釘群中發送審批通知時,要被@的群成員注冊釘釘所用手機號。"
},
"Type": "List",
"Default": [
"1390000****"
]
},
"atAll": {
"Description": {
"en": "assistant @ all members in dingtalk group or not, when notify comes.",
"zh-cn": "當群助手向釘釘群中發送審批通知時是否@所有人。"
},
"Type": "String",
"Default": "false"
},
"OOSAssumeRole": {
"Description": {
"en": "The RAM role to be assumed by OOS.",
"zh-cn": "OOS扮演的RAM角色。"
},
"Type": "String",
"Default": "OOSServiceRole"
}
},
"RamRole": "{{ OOSAssumeRole }}",
"Tasks": [
{
"Name": "getInstance",
"Description": {
"en": "Views the ECS instances.",
"zh-cn": "獲取ECS實例。"
},
"Action": "ACS::SelectTargets",
"Properties": {
"ResourceType": "ALIYUN::ECS::Instance",
"Filters": [
"{{ targets }}"
]
},
"Outputs": {
"instanceIds": {
"Type": "List",
"ValueSelector": "Instances.Instance[].InstanceId"
},
"instanceNames": {
"Type": "List",
"ValueSelector": "Instances.Instance[].InstanceName"
}
}
},
{
"Name": "approveRestart",
"Action": "ACS::Approve",
"Properties": {
"NotifyType": "WebHook",
"WebHook": {
"URI": "{{webhookUrl}}",
"Headers": {
"Content-Type": "application/json"
},
"Content": {
"msgtype": "text",
"text": {
"content": "Notify: please approve instances restart, instance names to approve are {{getInstance.instanceNames}}, sent by {{ACS::RegionId}} oos {{ACS::ExecutionId}}."
},
"at": {
"atMobiles": "{{atMobiles}}",
"isAtAll": "{{atAll}}"
}
}
}
}
},
{
"Name": "rebootInstance",
"Action": "ACS::ECS::RebootInstance",
"Description": {
"en": "Restarts the ECS instances.",
"zh-cn": "重啟實例。"
},
"Properties": {
"instanceId": "{{ ACS::TaskLoopItem }}"
},
"Loop": {
"RateControl": "{{ rateControl }}",
"Items": "{{ getInstance.instanceIds }}"
}
}
],
"Outputs": {
"instanceIds": {
"Type": "List",
"Value": "{{ getInstance.instanceIds }}"
}
}
}
Mail 語法
YAML格式
Tasks:
- Action: ACS::Approve
Name: ApproveByMail
Properties:
NotifyType: Mail
Mail:
Host: SMTPHostAddress # SMTP 服務器主機地址如 smtp.example1.com
Port: SMTPPort # SMTP 服務器端口如 465
Username: sender # 代發送的郵箱用戶如 usr001@example1.com
Password: senderPassword # 需要填寫的是"IMAP/SMTP服務"的授權碼,而不是郵箱登錄密碼
Subject: mailSubject # 郵件主題如 hello world
Body: mailBody # 郵件正文如 hello world !!!
From: senderAddress # 郵件來自如 usr001@example1.com
To: # 收件人郵箱地址列表如 [usr1234@example2.com,usr123@example2.com]
- usr123@example2.com
- usr1234@example2.com
JSON格式(請參照YAML注釋說明)
{
"Tasks": [
{
"Action": "ACS::Approve",
"Name": "ApproveByMail",
"Properties": {
"NotifyType": "Mail",
"Mail": {
"Host": "SMTPHostAddress",
"Port": "SMTPPort",
"Username": "sender",
"Password": "senderPassword",
"Subject": "mailSubject",
"Body": "mailBody",
"From": "senderAddress",
"To": [
"usr123@example2.com,usr1234@example2.com"
]
}
}
}
]
}
文檔內容是否對您有幫助?