spinnaker.execution.stages.before.createServerGroup
A policy targeting this object runs before executing each task in a createServerGroup stage.
Example Payload
Click to expand
{
"input": {
"pipeline": {
"application": "test",
"authentication": {
"allowedAccounts": [
"spinnaker",
"staging",
"staging-ecs"
],
"user": "myUserName"
},
"buildTime": 1620926703486,
"canceled": false,
"canceledBy": null,
"cancellationReason": null,
"description": null,
"endTime": 1620926705283,
"id": "01F5KC59TRGWKCP31C4N51CDSB",
"initialConfig": {},
"keepWaitingPipelines": false,
"limitConcurrent": true,
"name": "test",
"notifications": [],
"origin": "api",
"partition": null,
"paused": null,
"pipelineConfigId": "6a4cff2e-8265-4584-8993-2da2eb6254f5",
"source": null,
"spelEvaluator": "v4",
"stages": [],
"startTime": 1620926703525,
"startTimeExpiry": null,
"status": "TERMINAL",
"systemNotifications": [],
"templateVariables": null,
"trigger": {
"artifacts": [
{
"artifactAccount": "myUserName",
"customKind": false,
"location": null,
"metadata": {
"id": "d14e7e5b-247c-455d-8260-9e9b0a3ae936"
},
"name": "manifests/deploy-spinnaker.yaml",
"provenance": null,
"reference": "Https://api.github.com/repos/myUserName/hostname/contents/manifests/deploy-spinnaker.yaml",
"type": "github/file",
"uuid": null,
"version": "master"
}
],
"correlationId": null,
"isDryRun": false,
"isRebake": false,
"isStrategy": false,
"notifications": [],
"other": {
"artifacts": [
{
"artifactAccount": "myUserName",
"customKind": false,
"metadata": {
"id": "d14e7e5b-247c-455d-8260-9e9b0a3ae936"
},
"name": "manifests/deploy-spinnaker.yaml",
"reference": "Https://api.github.com/repos/myUserName/hostname/contents/manifests/deploy-spinnaker.yaml",
"type": "github/file",
"version": "master"
}
],
"dryRun": false,
"enabled": false,
"eventId": "c1090782-f485-490e-a2d7-31763b3bd4d8",
"executionId": "01F5KC59TRGWKCP31C4N51CDSB",
"expectedArtifacts": [
{
"boundArtifact": {
"artifactAccount": "myUserName",
"customKind": false,
"metadata": {
"id": "d14e7e5b-247c-455d-8260-9e9b0a3ae936"
},
"name": "manifests/deploy-spinnaker.yaml",
"reference": "Https://api.github.com/repos/myUserName/hostname/contents/manifests/deploy-spinnaker.yaml",
"type": "github/file",
"version": "master"
},
"defaultArtifact": {
"artifactAccount": "myUserName",
"customKind": false,
"metadata": {
"id": "d14e7e5b-247c-455d-8260-9e9b0a3ae936"
},
"name": "manifests/deploy-spinnaker.yaml",
"reference": "Https://api.github.com/repos/myUserName/hostname/contents/manifests/deploy-spinnaker.yaml",
"type": "github/file",
"version": "master"
},
"id": "05ad020e-73a6-49f2-9988-2073831219e9",
"matchArtifact": {
"artifactAccount": "myUserName",
"customKind": true,
"metadata": {
"id": "f7a9b229-0a23-42ab-82de-9990d77084df"
},
"name": "manifests/deploy-spinnaker.yaml",
"type": "github/file"
},
"useDefaultArtifact": true,
"usePriorArtifact": false
}
],
"notifications": [],
"parameters": {},
"preferred": false,
"rebake": false,
"resolvedExpectedArtifacts": [
{
"boundArtifact": {
"artifactAccount": "myUserName",
"customKind": false,
"metadata": {
"id": "d14e7e5b-247c-455d-8260-9e9b0a3ae936"
},
"name": "manifests/deploy-spinnaker.yaml",
"reference": "Https://api.github.com/repos/myUserName/hostname/contents/manifests/deploy-spinnaker.yaml",
"type": "github/file",
"version": "master"
},
"defaultArtifact": {
"artifactAccount": "myUserName",
"customKind": false,
"metadata": {
"id": "d14e7e5b-247c-455d-8260-9e9b0a3ae936"
},
"name": "manifests/deploy-spinnaker.yaml",
"reference": "Https://api.github.com/repos/myUserName/hostname/contents/manifests/deploy-spinnaker.yaml",
"type": "github/file",
"version": "master"
},
"id": "05ad020e-73a6-49f2-9988-2073831219e9",
"matchArtifact": {
"artifactAccount": "myUserName",
"customKind": true,
"metadata": {
"id": "f7a9b229-0a23-42ab-82de-9990d77084df"
},
"name": "manifests/deploy-spinnaker.yaml",
"type": "github/file"
},
"useDefaultArtifact": true,
"usePriorArtifact": false
}
],
"strategy": false,
"type": "manual",
"user": "myUserName"
},
"parameters": {},
"resolvedExpectedArtifacts": [
{
"boundArtifact": {
"artifactAccount": "myUserName",
"customKind": false,
"location": null,
"metadata": {
"id": "d14e7e5b-247c-455d-8260-9e9b0a3ae936"
},
"name": "manifests/deploy-spinnaker.yaml",
"provenance": null,
"reference": "Https://api.github.com/repos/myUserName/hostname/contents/manifests/deploy-spinnaker.yaml",
"type": "github/file",
"uuid": null,
"version": "master"
},
"defaultArtifact": {
"artifactAccount": "myUserName",
"customKind": false,
"location": null,
"metadata": {
"id": "d14e7e5b-247c-455d-8260-9e9b0a3ae936"
},
"name": "manifests/deploy-spinnaker.yaml",
"provenance": null,
"reference": "Https://api.github.com/repos/myUserName/hostname/contents/manifests/deploy-spinnaker.yaml",
"type": "github/file",
"uuid": null,
"version": "master"
},
"id": "05ad020e-73a6-49f2-9988-2073831219e9",
"matchArtifact": {
"artifactAccount": "myUserName",
"customKind": true,
"location": null,
"metadata": {
"id": "f7a9b229-0a23-42ab-82de-9990d77084df"
},
"name": "manifests/deploy-spinnaker.yaml",
"provenance": null,
"reference": null,
"type": "github/file",
"uuid": null,
"version": null
},
"useDefaultArtifact": true,
"usePriorArtifact": false
}
],
"type": "manual",
"user": "myUserName"
},
"type": "PIPELINE"
},
"stage": {
"context": {
"account": "staging",
"application": "test",
"availabilityZones": {
"us-east-2": [
"us-east-2a",
"us-east-2b",
"us-east-2c"
]
},
"capacity": {
"desired": 1,
"max": 1,
"min": 1
},
"cloudProvider": "aws",
"cooldown": 10,
"copySourceCustomBlockDeviceMappings": false,
"ebsOptimized": false,
"enabledMetrics": [],
"freeFormDetails": "",
"healthCheckGracePeriod": 600,
"healthCheckType": "EC2",
"iamRole": "BaseIAMRole",
"instanceMonitoring": false,
"instanceType": "t3.nano",
"keyPair": "Demo",
"loadBalancers": [],
"name": "Deploy in us-east-2",
"provider": "aws",
"reason": "sad",
"securityGroups": [],
"source": {},
"spotPrice": "",
"stack": "",
"strategy": "",
"subnetType": "",
"suspendedProcesses": [],
"tags": {},
"targetGroups": [],
"targetHealthyDeployPercentage": 100,
"terminationPolicies": [
"Default"
],
"type": "createServerGroup",
"useAmiBlockDeviceMappings": false
},
"endTime": null,
"id": "01F5KC59ZVHCFYZPQ9851X0D3X",
"lastModified": null,
"name": "Deploy in us-east-2",
"outputs": {},
"parentStageId": "01F5KC59VX6DZFTP10F521J3G2",
"refId": "15<1",
"requisiteStageRefIds": [],
"scheduledTime": null,
"startTime": 1620926703698,
"startTimeExpiry": null,
"status": "RUNNING",
"syntheticStageOwner": "STAGE_BEFORE",
"tasks": [
{
"endTime": 1620926706124,
"id": "1",
"implementingClass": "com.netflix.spinnaker.orca.kato.pipeline.strategy.DetermineSourceServerGroupTask",
"loopEnd": false,
"loopStart": false,
"name": "determineSourceServerGroup",
"stageEnd": false,
"stageStart": true,
"startTime": 1620926703970,
"status": "SUCCEEDED"
},
{
"endTime": null,
"id": "2",
"implementingClass": "com.netflix.spinnaker.orca.clouddriver.tasks.DetermineHealthProvidersTask",
"loopEnd": false,
"loopStart": false,
"name": "determineHealthProviders",
"stageEnd": false,
"stageStart": false,
"startTime": 1620926706454,
"status": "RUNNING"
},
{
"endTime": null,
"id": "3",
"implementingClass": "com.netflix.spinnaker.orca.clouddriver.pipeline.providers.aws.CaptureSourceServerGroupCapacityTask",
"loopEnd": false,
"loopStart": false,
"name": "snapshotSourceServerGroup",
"stageEnd": false,
"stageStart": false,
"startTime": null,
"status": "NOT_STARTED"
},
{
"endTime": null,
"id": "4",
"implementingClass": "com.netflix.spinnaker.orca.clouddriver.tasks.servergroup.CreateServerGroupTask",
"loopEnd": false,
"loopStart": false,
"name": "createServerGroup",
"stageEnd": false,
"stageStart": false,
"startTime": null,
"status": "NOT_STARTED"
},
{
"endTime": null,
"id": "5",
"implementingClass": "com.netflix.spinnaker.orca.clouddriver.tasks.MonitorKatoTask",
"loopEnd": false,
"loopStart": false,
"name": "monitorDeploy",
"stageEnd": false,
"stageStart": false,
"startTime": null,
"status": "NOT_STARTED"
},
{
"endTime": null,
"id": "6",
"implementingClass": "com.netflix.spinnaker.orca.clouddriver.tasks.servergroup.ServerGroupCacheForceRefreshTask",
"loopEnd": false,
"loopStart": false,
"name": "forceCacheRefresh",
"stageEnd": false,
"stageStart": false,
"startTime": null,
"status": "NOT_STARTED"
},
{
"endTime": null,
"id": "7",
"implementingClass": "com.netflix.spinnaker.orca.clouddriver.tasks.instance.WaitForUpInstancesTask",
"loopEnd": false,
"loopStart": false,
"name": "waitForUpInstances",
"stageEnd": false,
"stageStart": false,
"startTime": null,
"status": "NOT_STARTED"
},
{
"endTime": null,
"id": "8",
"implementingClass": "com.netflix.spinnaker.orca.clouddriver.tasks.servergroup.ServerGroupCacheForceRefreshTask",
"loopEnd": false,
"loopStart": false,
"name": "forceCacheRefresh",
"stageEnd": false,
"stageStart": false,
"startTime": null,
"status": "NOT_STARTED"
},
{
"endTime": null,
"id": "9",
"implementingClass": "com.netflix.spinnaker.orca.igor.tasks.GetCommitsTask",
"loopEnd": false,
"loopStart": false,
"name": "getCommits",
"stageEnd": true,
"stageStart": false,
"startTime": null,
"status": "NOT_STARTED"
}
],
"type": "createServerGroup"
},
"user": {
"isAdmin": false,
"roles": [],
"username": "myUserName"
}
}
}
Example Policy
Prevent server groups from being created in production with fewer than 1 instance.
package spinnaker.execution.stages.before.createServerGroup
productionAccounts :=["prod1","prod2"]
deny["ASGs running in production must have a minimum of 2 instances to avoid having a single point of failure."]{
input.stage.context.account==productionAccounts[_]
object.get(input.stage.context.capacity,"min",0)<2
}
Keys
Parameters related to the stage against which the policy is executing can be found in the input.stage.context object.
input.pipeline
| Key | Type | Description |
|---|---|---|
input.pipeline.application |
string |
The name of the Spinnaker application to which this pipeline belongs. |
input.pipeline.authentication.allowedAccounts[] |
string |
The list of accounts to which the user this stage runs as has access. |
input.pipeline.authentication.user |
string |
The Spinnaker user initiating the change. |
input.pipeline.buildTime |
number |
|
input.pipeline.canceled |
boolean |
|
input.pipeline.canceledBy |
||
input.pipeline.cancellationReason |
||
input.pipeline.description |
string |
Description of the pipeline defined in the UI. |
input.pipeline.endTime |
number |
|
input.pipeline.id |
string |
The unique ID of the pipeline. |
input.pipeline.keepWaitingPipelines |
boolean |
If false and concurrent pipeline execution is disabled, then the pipelines in the waiting queue gets canceled when the next execution starts. |
input.pipeline.limitConcurrent |
boolean |
True if only 1 concurrent execution of this pipeline is allowed. |
input.pipeline.name |
string |
The name of this pipeline. |
input.pipeline.origin |
string |
|
input.pipeline.partition |
||
input.pipeline.paused |
||
input.pipeline.pipelineConfigId |
string |
|
input.pipeline.source |
||
input.pipeline.spelEvaluator |
string |
Which version of spring expression language is being used to evaluate SpEL. |
input.pipeline.stages[] |
[array] |
An array of the stages in the pipeline. Typically if you are writing a policy that examines multiple pipeline stages, it is better to write that policy against either the opa.pipelines package, or the spinnaker.execution.pipelines.before package. |
input.pipeline.startTime |
number |
Timestamp from when the pipeline was started. |
input.pipeline.startTimeExpiry |
date |
Unix epoch date at which the pipeline expires. |
input.pipeline.status |
string |
|
input.pipeline.templateVariables |
||
input.pipeline.type |
string |
input.pipeline.trigger
See input.pipeline.trigger for more information.
input.stage
See input.stage for more information.
input.stage.context
| Key | Type | Description |
|---|---|---|
input.stage.context.account |
string |
The account in which the server group is created. |
input.stage.context.application |
string |
The name of the Spinnaker application for this pipeline. |
input.stage.context.availabilityZones.<region>[] |
string |
The availability zones in which the server group is created. |
input.stage.context.capacity.desired |
number |
The desired number of instances to run in the group. |
input.stage.context.capacity.max |
number |
The maximum number of instances to run in the group. |
input.stage.context.capacity.min |
number |
The minimum number of instances to run in the group. |
input.stage.context.cloudProvider |
string |
The name of the cloud provider that executes the stage. |
input.stage.context.cooldown |
number |
|
input.stage.context.copySourceCustomBlockDeviceMappings |
boolean |
|
input.stage.context.ebsOptimized |
boolean |
Will instances be optimized for EBS |
input.stage.context.freeFormDetails |
string |
Detail is a string of free-form alphanumeric characters and hyphens to describe any other variables in naming a cluster. |
input.stage.context.healthCheckGracePeriod |
number |
|
input.stage.context.healthCheckType |
string |
What type of health check to use. EC2 or ELB. |
input.stage.context.iamRole |
string |
What IAM Role should the instances execute with. |
input.stage.context.instanceMonitoring |
boolean |
Whether to enable detailed monitoring of instances. Group metrics must be disabled to update an ASG with Instance Monitoring set to false. |
input.stage.context.instanceType |
string |
What type of instances should be used to run the server group. |
input.stage.context.keyPair |
string |
The security credentials that can be used to connect to the instance. |
input.stage.context.name |
string |
The name of the server group. |
input.stage.context.provider |
string |
The name of the cloud provider that executes the stage. |
input.stage.context.reason |
string |
The user-provided reason for creating the server group. |
input.stage.context.spotPrice |
string |
The maximum price per unit hour to pay for a Spot instance. |
input.stage.context.stack |
string |
Stack is one of the core naming components of a cluster, used to create vertical stacks of dependent services for integration testing. |
input.stage.context.strategy |
string |
The deployment strategy tells Spinnaker what to do with the previous version of the server group. |
input.stage.context.subnetType |
string |
The subnet selection determines the VPC in which your server group runs. Options vary by account and region; the most common ones are: None (EC2 Classic): instances will not run in a VPC. Internal: instances are restricted to internal clients (i.e. require VPN access). External: instances are publicly accessible and running in VPC. |
input.stage.context.targetHealthyDeployPercentage |
number |
What percentage of the ASG should be healthy instances during rollouts. |
input.stage.context.terminationPolicies[] |
string |
|
input.stage.context.type |
string |
The name of this stage, typically createServerGroup. |
input.stage.context.useAmiBlockDeviceMappings |
boolean |
Spinnaker will use the block device mappings from the selected AMI when deploying a new server group. |
input.user
This object provides information about the user performing the action. This can be used to restrict actions by role. See input.user for more information.
Feedback
Was this page helpful?
Thank you for letting us know!
Sorry to hear that. Please tell us how we can improve.
Last modified August 18, 2023: (02b163b7)