Back to Details

huawei-cloud-terraform-generator

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Huawei Cloud Terraform Generator

华为云Terraform生成工具

1. Overview

1. 概述

This skill turns user infrastructure goals into Terraform configurations for Huawei Cloud. The primary workflow is to:
  1. understand the user's actual deployment intent
  2. determine which resources should be created
  3. determine whether existing resources should be reused
  4. confirm key specifications and dependencies
  5. ensure Terraform is installed
  6. generate Terraform configuration files
  7. run validation steps and fix generation issues until 
    terraform plan
    succeeds
  8. ask user for confirmation and execute 
    terraform apply
    if approved
This skill provides an interactive workflow where the agent guides the user through credential configuration, validates the plan, and executes apply upon explicit user confirmation.
本技能可将用户的基础设施需求转化为适用于华为云的Terraform配置。主要工作流程如下:
  1. 理解用户实际部署意图
  2. 确定需要创建的资源
  3. 判断是否可复用现有资源
  4. 确认关键规格与依赖关系
  5. 确保Terraform已安装
  6. 生成Terraform配置文件
  7. 运行验证步骤并修复生成问题,直至
    terraform plan
    执行成功
  8. 请求用户确认,若获批准则执行
    terraform apply
本技能提供交互式工作流,由Agent引导用户完成凭证配置、验证计划,并在获得用户明确确认后执行部署。

2. Prerequisites

2. 前置条件

Before using this skill, ensure the following are available:
  1. Terraform — installed in PATH or auto-installable (see validation-workflow.md)
  2. Provider download source — the Huawei Cloud mirror must be reachable (see validation-workflow.md)
  3. Target region — the deployment region (e.g. cn-north-4, cn-south-1) must be identified
使用本技能前,请确保满足以下条件:
  1. Terraform — 已安装在PATH中或可自动安装(详见validation-workflow.md)
  2. Provider下载源 — 可访问华为云镜像源(详见validation-workflow.md)
  3. 目标区域 — 已确定部署区域(如cn-north-4、cn-south-1)

3. Parameter Confirmation

3. 参数确认

Before generating Terraform, propose a concrete resource plan for the user to confirm. The plan should include:
  • recommended resource specifications
  • available candidate options when applicable
  • whether to create new resources or reuse existing ones
  • pricing information only when obtained from a reliable source
Important rules:
  • recommended specifications, models, and prices must not be fabricated
  • they must come from a reliable source, such as a trusted resource lookup channel or explicit user input
  • users should not be expected to know exact product models or specification names in advance
  • when exact values are not yet confirmed, present them as pending choices rather than pretending they are validated
  • do not ask user anything about AK/SK configuration
Do not ask the user to provide every parameter manually. Instead:
  1. infer the likely architecture from the user's goal
  2. propose a concrete plan with recommended defaults
  3. confirm only the small number of decisions that materially affect correctness, cost, or architecture
Users should mainly confirm a proposed solution, not build the full parameter set themselves.
生成Terraform配置前,需向用户提交具体的资源方案供确认。方案应包含:
  • 推荐的资源规格
  • 适用情况下的可选候选方案
  • 是创建新资源还是复用现有资源
  • 仅从可靠来源获取的定价信息
重要规则:
  • 不得编造推荐的规格、型号与价格
  • 信息必须来自可靠来源,如可信的资源查询渠道或用户明确输入
  • 不应要求用户预先知晓确切的产品型号或规格名称
  • 当确切数值尚未确认时,应将其列为待选选项,而非假装已验证
  • 不得询问用户任何关于AK/SK配置的问题
请勿要求用户手动提供所有参数,应遵循以下方式:
  1. 根据用户目标推断可能的架构
  2. 提出带有推荐默认值的具体方案
  3. 仅确认对正确性、成本或架构有重大影响的少量决策
用户应主要确认提议的解决方案,而非自行构建完整的参数集。

4. Workflow

4. 工作流程

This skill works in nine phases:
本技能分为九个阶段:

4.1 Understand the user's real goal

4.1 理解用户真实目标

The user may describe a resource directly, such as creating an ECS instance, or describe a business goal, such as deploying a website or launching an application.
You must first infer the intended Huawei Cloud architecture from the user's objective, not just from explicit resource names.
用户可能直接描述资源需求,如创建ECS实例,也可能描述业务目标,如部署网站或启动应用。
您必须首先从用户的目标中推断其预期的华为云架构,而非仅依赖明确的资源名称。

4.2 Determine the resource set

4.2 确定资源集合

Based on the user's goal, identify:
  • which resources need to be created
  • which existing resources may be reused
  • what dependencies exist between the resources
For example:
  • a simple public website may require VPC, subnet, security group, ECS, and EIP
  • a managed database deployment may require VPC, subnet, security group, and RDS
  • a scalable public service may require VPC, subnet, security group, ECS or AS, ELB, and public access
根据用户目标,明确:
  • 需要创建的资源
  • 可复用的现有资源
  • 资源之间的依赖关系
示例:
  • 简单的公共网站可能需要VPC、子网、安全组、ECS和EIP
  • 托管数据库部署可能需要VPC、子网、安全组和RDS
  • 可扩展的公共服务可能需要VPC、子网、安全组、ECS或AS、ELB以及公网访问

4.3 Propose a resource plan for confirmation

4.3 提交资源方案供确认

Before generating Terraform, propose a concrete resource plan for the user to confirm following the rules in the Parameter Confirmation section.
生成Terraform配置前,需按照“参数确认”章节的规则向用户提交具体的资源方案供确认。

4.4 Generate Terraform after confirmation

4.4 确认后生成Terraform配置

Once the user confirms the resource plan, generate the Terraform files following the required structure and style rules.
Required files (all must be generated):
  • providers.tf
  • variables.tf
  • main.tf
  • terraform.tfvars
  • README.md
Critical:
  • Generate all 5 required files before reporting completion
  • Verify each file exists on disk after writing
  • Only report "Terraform files generated successfully" after all files are confirmed to exist
  • If any file fails to generate, report the specific file that failed and do not proceed to step 5
See 
reference/terraform-generation-guide.md
for detailed file structure and content rules.
用户确认资源方案后,按照要求的结构和样式规则生成Terraform文件。
必须生成的文件(全部需生成):
  • providers.tf
  • variables.tf
  • main.tf
  • terraform.tfvars
  • README.md
关键要求:
  • 生成所有5个必填文件后再报告完成
  • 写入后验证每个文件是否存在于磁盘
  • 仅在确认所有文件存在后,方可报告“Terraform文件生成成功”
  • 若任何文件生成失败,需报告具体失败的文件,且不得进入步骤5
详见
reference/terraform-generation-guide.md
中的详细文件结构与内容规则。

4.5 Verify credentials configuration

4.5 验证凭证配置

Before proceeding to validation, verify that Huawei Cloud credentials are configured via environment variables:
  • Do NOT ask or guide the user to configure AK/SK in environment variables
  • Assume the user has already configured credentials appropriately
  • Proceed directly to validation without prompting about credential setup
在进行验证前,需确认华为云凭证已通过环境变量配置:
  • 不得询问或引导用户在环境变量中配置AK/SK
  • 假设用户已正确配置凭证
  • 直接进入验证步骤,无需提示凭证设置

4.6 Validate and fix the generated configuration

4.6 验证并修复生成的配置

Run validation directly:
  • terraform fmt -recursive
  • terraform init
  • terraform validate
  • terraform plan
If any step fails:
  • inspect the exact error
  • identify the real cause
  • fix the generated configuration or required inputs
  • retry until 
    terraform plan
    succeeds
See 
reference/validation-workflow.md
for detailed validation steps.
直接运行验证步骤:
  • terraform fmt -recursive
  • terraform init
  • terraform validate
  • terraform plan
若任何步骤失败:
  • 检查确切错误信息
  • 确定根本原因
  • 修复生成的配置或所需输入
  • 重试直至
    terraform plan
    执行成功
详见
reference/validation-workflow.md
中的详细验证步骤。

4.7 Execute terraform apply with user confirmation

4.7 获得用户确认后执行terraform apply

After 
terraform plan
succeeds:
  • Show the plan output to the user
  • Do NOT mention or reference AK/SK in the plan output summary
  • Popup a confirmation dialog for user to confirm execution
  • If user confirms: execute 
    terraform apply
  • If user declines: stop and inform the user they can manually run apply later
  • Report the apply result to the user
terraform plan
执行成功后:
  • 向用户展示计划输出
  • 在计划输出摘要中不得提及或引用AK/SK
  • 弹出确认对话框请求用户确认执行
  • 若用户确认:执行
    terraform apply
  • 若用户拒绝:停止操作并告知用户可稍后手动执行apply
  • 向用户报告apply执行结果

4.8 Apply error repair loop

4.8 应用错误修复循环

If 
terraform apply
fails:
  • Inspect the exact error output
  • Identify the root cause
  • Fix the Terraform configuration or inputs accordingly
  • Re-run 
    terraform plan
    to validate the fix
  • Re-execute 
    terraform apply
    after plan succeeds
  • Repeat until 
    terraform apply
    completes successfully
  • Do not stop at the first apply failure; continue fixing and retrying
terraform apply
执行失败:
  • 检查确切的错误输出
  • 确定根本原因
  • 相应修复Terraform配置或输入
  • 重新运行
    terraform plan
    验证修复效果
  • 计划成功后重新执行
    terraform apply
  • 重复此过程直至
    terraform apply
    成功完成
  • 不得在首次apply失败时停止,需持续修复并重试

4.9 Post-apply resource verification

4.9 应用后资源验证

After 
terraform apply
succeeds:
  • Verify that the deployed cloud resources match the resource plan confirmed by the user
  • Check key resource attributes (types, specifications, names, counts, dependencies) against the confirmed plan
  • If discrepancies are found between deployed resources and the confirmed plan:
    • Report the discrepancies to the user
    • Propose and apply fixes to align the deployment with the confirmed plan
    • Re-run apply if needed and re-verify
  • Confirm to the user that the deployed resources are consistent with the confirmed plan
terraform apply
执行成功后:
  • 验证部署的云资源是否与用户确认的资源方案一致
  • 核对关键资源属性(类型、规格、名称、数量、依赖关系)与确认的方案
  • 若发现部署资源与确认方案存在差异:
    • 向用户报告差异
    • 提出并应用修复措施,使部署与确认方案一致
    • 必要时重新执行apply并再次验证
  • 向用户确认部署的资源与确认方案一致

5. Guardrails

5. 约束规则

See 
reference/guardrails.md
for detailed guardrail rules.
Key principles:
  • Do not fabricate specifications, prices, or resource facts
  • Prefer recommended defaults, but do not fabricate validated facts
  • Execute terraform apply with explicit user confirmation
  • Do not generate outputs
  • Validate security group port numbers (no port 0)
  • Do not request sensitive information
  • Do not guide AK/SK environment variable configuration
详见
reference/guardrails.md
中的详细约束规则。
核心原则:
  • 不得编造规格、价格或资源相关事实
  • 优先使用推荐默认值,但不得编造已验证的事实
  • 需获得用户明确确认后方可执行terraform apply
  • 不得生成输出内容
  • 验证安全组端口号(不得使用端口0)
  • 不得请求敏感信息
  • 不得引导用户配置AK/SK环境变量

6. Terraform Generation Rules

6. Terraform配置生成规则

After the user confirms the resource plan, generate Terraform that is minimal, valid, and aligned with the confirmed solution.
用户确认资源方案后,生成简洁、有效且与确认方案一致的Terraform配置。

6.1 Core generation principles

6.1 核心生成原则

Follow these principles when generating Terraform:
  1. Start from the confirmed resource plan
  2. Follow the Minimum Viable Configuration principle
  3. Prefer Terraform validity over unnecessary flexibility
  4. Use existing package references when relevant
生成Terraform配置时需遵循以下原则:
  1. 基于确认的资源方案开始构建
  2. 遵循最小可行配置原则
  3. 优先保证Terraform配置的有效性,而非不必要的灵活性
  4. 相关情况下使用现有包引用

6.2 File structure and content

6.2 文件结构与内容

See 
reference/terraform-generation-guide.md
for detailed guidance on:
  • Fixed file structure
  • providers.tf requirements
  • variables.tf requirements
  • main.tf structure
  • terraform.tfvars content
  • README.md content
  • Data source usage rules
  • Variables vs data sources
详见
reference/terraform-generation-guide.md
中的详细指南,包括:
  • 固定文件结构
  • providers.tf要求
  • variables.tf要求
  • main.tf结构
  • terraform.tfvars内容
  • README.md内容
  • 数据源使用规则
  • 变量与数据源的区别

7. Environment Preparation and Validation

7. 环境准备与验证

See 
reference/validation-workflow.md
for detailed guidance on:
  • Ensuring Terraform is available
  • Checking local provider cache version
  • Downloading provider from Huawei Cloud mirror
  • Handling provider download failure
  • Validation order
  • Authentication handling
  • Repair loop
  • Cleanup
详见
reference/validation-workflow.md
中的详细指南,包括:
  • 确保Terraform可用
  • 检查本地Provider缓存版本
  • 从华为云镜像源下载Provider
  • 处理Provider下载失败情况
  • 验证顺序
  • 认证处理
  • 修复循环
  • 清理操作

8. Reference Usage and Template Guidance

8. 参考资料与模板使用指南

Use the reference materials, templates, examples, and helper utilities already included in the skill package when they are relevant to the current scenario.
当参考资料、模板、示例和辅助工具与当前场景相关时,使用技能包中已包含的这些资源。

8.1 Use existing references when relevant

8.1 相关时使用现有参考资料

If the package contains service-specific reference documents, consult them when the user's request involves that service.
These references may provide:
  • recommended architecture patterns
  • required resources
  • dependency design
  • common parameter structures
  • service-specific best practices
Typical services may include: VPC, ECS, RDS, CCE, ELB, OBS, EVS, NAT, VPN and other Huawei Cloud services covered by the package.
若包中包含特定服务的参考文档,当用户请求涉及该服务时需查阅这些文档。
这些参考资料可能提供:
  • 推荐的架构模式
  • 所需资源
  • 依赖设计
  • 常见参数结构
  • 特定服务的最佳实践
典型服务包括:VPC、ECS、RDS、CCE、ELB、OBS、EVS、NAT、VPN以及包中覆盖的其他华为云服务。

8.2 Use existing examples and templates as a starting point

8.2 使用现有示例与模板作为起点

If the package already contains an example or template close to the user's target scenario, use it as a starting point instead of inventing structure.
Example:
  • assets/vpc/basic
    may serve as a complete working example for a basic VPC scenario
When using an existing example or template:
  • preserve the useful structure
  • adapt it to the confirmed plan
  • remove resources that are not needed
  • avoid copying unrelated complexity
若包中已包含与用户目标场景相近的示例或模板,以此为起点构建,而非自行设计结构。
示例:
  • assets/vpc/basic
    可作为基础VPC场景的完整可用示例
使用现有示例或模板时:
  • 保留有用的结构
  • 根据确认的方案进行调整
  • 删除不需要的资源
  • 避免复制无关的复杂内容

8.3 Match user goals to the most relevant references

8.3 将用户目标映射到最相关的参考资料

When the user describes a business goal instead of explicit resource names, map the goal to the most relevant service references.
Examples:
  • "deploy a website" may map to VPC + ECS + EIP, and possibly ELB or OBS
  • "create a managed database" may map to RDS with related network resources
  • "build a Kubernetes environment" may map to CCE with required networking and node configuration
当用户描述业务目标而非明确的资源名称时,将目标映射到最相关的服务参考资料。
示例:
  • “部署网站”可能对应VPC + ECS + EIP,可能还包括ELB或OBS
  • “创建托管数据库”可能对应带有相关网络资源的RDS
  • “构建Kubernetes环境”可能对应带有必要网络和节点配置的CCE

8.4 Use references to improve, not to overbuild

8.4 使用参考资料优化配置,而非过度构建

References and templates are guides, not mandatory full blueprints.
When using them:
  • keep the final Terraform aligned with the user-confirmed plan
  • follow the Minimum Viable Configuration principle
  • avoid adding optional resources unless the user actually needs them
  • prefer simpler configurations when they are sufficient
参考资料与模板是指南,而非强制的完整蓝图。
使用时:
  • 确保最终Terraform配置与用户确认的方案一致
  • 遵循最小可行配置原则
  • 除非用户确实需要,否则避免添加可选资源
  • 当简单配置足够时,优先选择简洁的配置

8.5 Do not rely on templates blindly

8.5 不要盲目依赖模板

A matching template or example does not guarantee correctness for the current request.
Always:
  • check whether the template matches the confirmed plan
  • verify that specifications and dependencies are still appropriate
  • adjust variables, data sources, and resource arguments as needed
  • validate the final generated Terraform through the normal validation workflow
匹配的模板或示例并不保证适用于当前请求。
始终:
  • 检查模板是否与确认的方案匹配
  • 验证规格与依赖关系是否仍然合适
  • 根据需要调整变量、数据源和资源参数
  • 通过常规验证流程验证最终生成的Terraform配置

9. Quality Checklist

9. 质量检查清单

Before finalizing, ensure:
  • The generated Terraform matches the confirmed resource plan
  • All 5 required files were generated and verified (providers.tf, variables.tf, main.tf, terraform.tfvars, README.md)
  • No sensitive information was requested from user
  • terraform.tfvars does not contain access_key or secret_key
  • Recommended values were not fabricated
  • Queryable cloud facts use Terraform data sources where supported
  • variables.tf
    includes 
    region
  • No 
    outputs.tf
    or output blocks were generated
  • Security group rules do not use port 0
  • Validation reached 
    terraform plan
    , or the blocker was clearly explained
  • User was asked for confirmation via confirmation dialog before terraform apply
  • terraform apply
    was executed only after explicit user confirmation (or user declined)
  • Network reachability was checked before provider installation when needed
  • Terraform CLI provider installation behavior was configured appropriately when using a mirror or local provider source
最终完成前,请确保:
  • 生成的Terraform配置与确认的资源方案一致
  • 已生成并验证所有5个必填文件(providers.tf、variables.tf、main.tf、terraform.tfvars、README.md)
  • 未向用户请求敏感信息
  • terraform.tfvars中不包含access_key或secret_key
  • 未编造推荐值
  • 可查询的云事实在支持的情况下使用Terraform数据源
  • variables.tf
    包含
    region
    变量
  • 未生成
    outputs.tf
    或输出块
  • 安全组规则未使用端口0
  • 已完成
    terraform plan
    验证,或已明确解释阻塞原因
  • 在执行terraform apply前,已通过确认对话框请求用户确认
  • terraform apply
    仅在获得用户明确确认(或用户拒绝)后执行
  • 必要时在安装Provider前检查网络可达性
  • 使用镜像源或本地Provider源时,已正确配置Terraform CLI的Provider安装行为