From 26d7b0ba037c7062b6e52cad552b9e84d2a47b68 Mon Sep 17 00:00:00 2001 From: Fu Diwei Date: Fri, 25 Oct 2024 23:03:52 +0800 Subject: [PATCH 1/7] refactor: clean code --- internal/applicant/applicant.go | 4 +- .../pkg/core/uploader/uploader_aliyun_cas.go | 14 ++-- internal/pkg/utils/x509/x509.go | 76 +++++++++++-------- 3 files changed, 52 insertions(+), 42 deletions(-) diff --git a/internal/applicant/applicant.go b/internal/applicant/applicant.go index 17e97cb5..128704b4 100644 --- a/internal/applicant/applicant.go +++ b/internal/applicant/applicant.go @@ -98,7 +98,7 @@ func newApplyUser(ca, email string) (*ApplyUser, error) { if err != nil { return nil, err } - keyStr, err := x509.PrivateKeyToPEM(privateKey) + keyStr, err := x509.ConvertECPrivateKeyToPEM(privateKey) if err != nil { return nil, err } @@ -122,7 +122,7 @@ func (u ApplyUser) GetRegistration() *registration.Resource { } func (u *ApplyUser) GetPrivateKey() crypto.PrivateKey { - rs, _ := x509.ParsePrivateKeyFromPEM(u.key) + rs, _ := x509.ParseECPrivateKeyFromPEM(u.key) return rs } diff --git a/internal/pkg/core/uploader/uploader_aliyun_cas.go b/internal/pkg/core/uploader/uploader_aliyun_cas.go index 64d2e94c..b6a1f792 100644 --- a/internal/pkg/core/uploader/uploader_aliyun_cas.go +++ b/internal/pkg/core/uploader/uploader_aliyun_cas.go @@ -15,9 +15,9 @@ import ( ) type AliyunCASUploaderConfig struct { - Region string `json:"region"` AccessKeyId string `json:"accessKeyId"` AccessKeySecret string `json:"accessKeySecret"` + Region string `json:"region"` } type AliyunCASUploader struct { @@ -28,9 +28,9 @@ type AliyunCASUploader struct { func NewAliyunCASUploader(config *AliyunCASUploaderConfig) (Uploader, error) { client, err := (&AliyunCASUploader{}).createSdkClient( - config.Region, config.AccessKeyId, config.AccessKeySecret, + config.Region, ) if err != nil { return nil, fmt.Errorf("failed to create sdk client: %w", err) @@ -81,12 +81,12 @@ func (u *AliyunCASUploader) Upload(ctx context.Context, certPem string, privkeyP if *getUserCertificateDetailResp.Body.Cert == certPem { isSameCert = true } else { - cert, err := x509.ParseCertificateFromPEM(*getUserCertificateDetailResp.Body.Cert) + oldCertX509, err := x509.ParseCertificateFromPEM(*getUserCertificateDetailResp.Body.Cert) if err != nil { continue } - isSameCert = x509.EqualCertificate(certX509, cert) + isSameCert = x509.EqualCertificate(certX509, oldCertX509) } // 如果已存在相同证书,直接返回已有的证书信息 @@ -133,7 +133,7 @@ func (u *AliyunCASUploader) Upload(ctx context.Context, certPem string, privkeyP }, nil } -func (u *AliyunCASUploader) createSdkClient(region, accessKeyId, accessKeySecret string) (*cas20200407.Client, error) { +func (u *AliyunCASUploader) createSdkClient(accessKeyId, accessKeySecret, region string) (*cas20200407.Client, error) { if region == "" { region = "cn-hangzhou" // CAS 服务默认区域:华东一杭州 } @@ -147,10 +147,6 @@ func (u *AliyunCASUploader) createSdkClient(region, accessKeyId, accessKeySecret switch region { case "cn-hangzhou": endpoint = "cas.aliyuncs.com" - case "ap-southeast-1": - endpoint = "cas.ap-southeast-1.aliyuncs.com" - case "eu-central-1": - endpoint = "cas.eu-central-1.aliyuncs.com" default: endpoint = fmt.Sprintf("cas.%s.aliyuncs.com", region) } diff --git a/internal/pkg/utils/x509/x509.go b/internal/pkg/utils/x509/x509.go index 0239df69..09d67d3a 100644 --- a/internal/pkg/utils/x509/x509.go +++ b/internal/pkg/utils/x509/x509.go @@ -7,6 +7,23 @@ import ( "fmt" ) +// 比较两个 x509.Certificate 对象,判断它们是否是同一张证书。 +// 注意,这不是精确比较,而只是基于证书序列号和数字签名的快速判断,但对于权威 CA 签发的证书来说不会存在误判。 +// +// 入参: +// - a: 待比较的第一个 x509.Certificate 对象。 +// - b: 待比较的第二个 x509.Certificate 对象。 +// +// 出参: +// - 是否相同。 +func EqualCertificate(a, b *x509.Certificate) bool { + return string(a.Signature) == string(b.Signature) && + a.SignatureAlgorithm == b.SignatureAlgorithm && + a.SerialNumber.String() == b.SerialNumber.String() && + a.Issuer.SerialNumber == b.Issuer.SerialNumber && + a.Subject.SerialNumber == b.Subject.SerialNumber +} + // 从 PEM 编码的证书字符串解析并返回一个 x509.Certificate 对象。 // // 入参: @@ -31,26 +48,40 @@ func ParseCertificateFromPEM(certPem string) (cert *x509.Certificate, err error) return cert, nil } -// 比较两个 x509.Certificate 对象,判断它们是否是同一张证书。 -// 注意,这不是精确比较,而只是基于证书序列号和数字签名的快速判断,但对于权威 CA 签发的证书来说不会存在误判。 +// 从 PEM 编码的私钥字符串解析并返回一个 ECDSA 私钥对象。 // // 入参: -// - a: 待比较的第一个 x509.Certificate 对象。 -// - b: 待比较的第二个 x509.Certificate 对象。 +// - privkeyPem: 私钥 PEM 内容。 // // 出参: -// - 是否相同。 -func EqualCertificate(a, b *x509.Certificate) bool { - return string(a.Signature) == string(b.Signature) && - a.SignatureAlgorithm == b.SignatureAlgorithm && - a.SerialNumber.String() == b.SerialNumber.String() && - a.Issuer.SerialNumber == b.Issuer.SerialNumber && - a.Subject.SerialNumber == b.Subject.SerialNumber +// - privkey: ecdsa.PrivateKey 对象。 +// - err: 错误。 +func ParseECPrivateKeyFromPEM(privkeyPem string) (privkey *ecdsa.PrivateKey, err error) { + pemData := []byte(privkeyPem) + + block, _ := pem.Decode(pemData) + if block == nil { + return nil, fmt.Errorf("failed to decode PEM block") + } + + privkey, err = x509.ParseECPrivateKey(block.Bytes) + if err != nil { + return nil, fmt.Errorf("failed to parse private key: %w", err) + } + + return privkey, nil } -// 将 ECDSA 私钥转换为 PEM 格式的字符串。 -func PrivateKeyToPEM(privateKey *ecdsa.PrivateKey) (string, error) { - data, err := x509.MarshalECPrivateKey(privateKey) +// 将 ECDSA 私钥转换为 PEM 编码的字符串。 +// +// 入参: +// - privkey: ecdsa.PrivateKey 对象。 +// +// 出参: +// - privkeyPem: 私钥 PEM 内容。 +// - err: 错误。 +func ConvertECPrivateKeyToPEM(privkey *ecdsa.PrivateKey) (privkeyPem string, err error) { + data, err := x509.MarshalECPrivateKey(privkey) if err != nil { return "", fmt.Errorf("failed to marshal EC private key: %w", err) } @@ -62,20 +93,3 @@ func PrivateKeyToPEM(privateKey *ecdsa.PrivateKey) (string, error) { return string(pem.EncodeToMemory(block)), nil } - -// 从 PEM 编码的私钥字符串解析并返回一个 ECDSA 私钥对象。 -func ParsePrivateKeyFromPEM(privateKeyPem string) (*ecdsa.PrivateKey, error) { - pemData := []byte(privateKeyPem) - - block, _ := pem.Decode(pemData) - if block == nil { - return nil, fmt.Errorf("failed to decode PEM block") - } - - privateKey, err := x509.ParseECPrivateKey(block.Bytes) - if err != nil { - return nil, fmt.Errorf("failed to parse private key: %w", err) - } - - return privateKey, nil -} From e660e9cad1ef3aec145e752c6520832df361eb04 Mon Sep 17 00:00:00 2001 From: Fu Diwei Date: Fri, 25 Oct 2024 23:13:33 +0800 Subject: [PATCH 2/7] feat: add aliyun slb uploader --- go.mod | 5 +- go.sum | 3 + .../pkg/core/uploader/uploader_aliyun_slb.go | 134 ++++++++++++++++++ 3 files changed, 140 insertions(+), 2 deletions(-) create mode 100644 internal/pkg/core/uploader/uploader_aliyun_slb.go diff --git a/go.mod b/go.mod index dff90fd5..f01708ee 100644 --- a/go.mod +++ b/go.mod @@ -8,6 +8,7 @@ require ( github.com/alibabacloud-go/cas-20200407/v3 v3.0.1 github.com/alibabacloud-go/cdn-20180510/v5 v5.0.0 github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.10 + github.com/alibabacloud-go/slb-20140515/v4 v4.0.9 github.com/alibabacloud-go/tea v1.2.2 github.com/alibabacloud-go/tea-utils/v2 v2.0.6 github.com/aliyun/aliyun-oss-go-sdk v3.0.2+incompatible @@ -24,6 +25,7 @@ require ( github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1017 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl v1.0.992 golang.org/x/crypto v0.28.0 + k8s.io/api v0.31.1 k8s.io/apimachinery v0.31.1 k8s.io/client-go v0.31.1 ) @@ -58,7 +60,6 @@ require ( go.mongodb.org/mongo-driver v1.12.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect - k8s.io/api v0.31.1 // indirect k8s.io/klog/v2 v2.130.1 // indirect k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 // indirect @@ -151,7 +152,7 @@ require ( golang.org/x/mod v0.21.0 // indirect golang.org/x/net v0.30.0 // indirect golang.org/x/oauth2 v0.23.0 // indirect - golang.org/x/sync v0.8.0 // indirect + golang.org/x/sync v0.8.0 golang.org/x/sys v0.26.0 // indirect golang.org/x/term v0.25.0 // indirect golang.org/x/text v0.19.0 // indirect diff --git a/go.sum b/go.sum index f666c84a..64b89b32 100644 --- a/go.sum +++ b/go.sum @@ -45,6 +45,7 @@ github.com/alibabacloud-go/darabonba-encode-util v0.0.2/go.mod h1:JiW9higWHYXm7F github.com/alibabacloud-go/darabonba-map v0.0.2 h1:qvPnGB4+dJbJIxOOfawxzF3hzMnIpjmafa0qOTp6udc= github.com/alibabacloud-go/darabonba-map v0.0.2/go.mod h1:28AJaX8FOE/ym8OUFWga+MtEzBunJwQGceGQlvaPGPc= github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.0/go.mod h1:5JHVmnHvGzR2wNdgaW1zDLQG8kOC4Uec8ubkMogW7OQ= +github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.7/go.mod h1:CzQnh+94WDnJOnKZH5YRyouL+OOcdBnXY5VWAf0McgI= github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.8/go.mod h1:CzQnh+94WDnJOnKZH5YRyouL+OOcdBnXY5VWAf0McgI= github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.9/go.mod h1:bb+Io8Sn2RuM3/Rpme6ll86jMyFSrD1bxeV/+v61KeU= github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.10 h1:GEYkMApgpKEVDn6z12DcH1EGYpDYRB8JxsazM4Rywak= @@ -66,6 +67,8 @@ github.com/alibabacloud-go/openapi-util v0.1.0 h1:0z75cIULkDrdEhkLWgi9tnLe+KhAFE github.com/alibabacloud-go/openapi-util v0.1.0/go.mod h1:sQuElr4ywwFRlCCberQwKRFhRzIyG4QTP/P4y1CJ6Ws= github.com/alibabacloud-go/openplatform-20191219/v2 v2.0.1 h1:L0TIjr9Qh/SLVc1yPhFkcB9+9SbCNK/jPq4ZKB5zmnc= github.com/alibabacloud-go/openplatform-20191219/v2 v2.0.1/go.mod h1:EKxBRDLcMzwl4VLF/1WJwlByZZECJawPXUvinKMsTTs= +github.com/alibabacloud-go/slb-20140515/v4 v4.0.9 h1:nrf9gQth7fONUj7V8i78Yb98eb9NdKl0VdeSjmeYugI= +github.com/alibabacloud-go/slb-20140515/v4 v4.0.9/go.mod h1:PEMEsQoxhkMvykMFP5ZXg6SWI9vmAiZ6lK3Pu4mTKB0= github.com/alibabacloud-go/tea v1.1.0/go.mod h1:IkGyUSX4Ba1V+k4pCtJUc6jDpZLFph9QMy2VUPTwukg= github.com/alibabacloud-go/tea v1.1.7/go.mod h1:/tmnEaQMyb4Ky1/5D+SE1BAsa5zj/KeGOFfwYm3N/p4= github.com/alibabacloud-go/tea v1.1.8/go.mod h1:/tmnEaQMyb4Ky1/5D+SE1BAsa5zj/KeGOFfwYm3N/p4= diff --git a/internal/pkg/core/uploader/uploader_aliyun_slb.go b/internal/pkg/core/uploader/uploader_aliyun_slb.go new file mode 100644 index 00000000..99f3c484 --- /dev/null +++ b/internal/pkg/core/uploader/uploader_aliyun_slb.go @@ -0,0 +1,134 @@ +package uploader + +import ( + "context" + "crypto/sha256" + "encoding/hex" + "fmt" + "strings" + "time" + + openapi "github.com/alibabacloud-go/darabonba-openapi/v2/client" + slb20140515 "github.com/alibabacloud-go/slb-20140515/v4/client" + util "github.com/alibabacloud-go/tea-utils/v2/service" + "github.com/alibabacloud-go/tea/tea" + + "github.com/usual2970/certimate/internal/pkg/utils/x509" +) + +type AliyunSLBUploaderConfig struct { + AccessKeyId string `json:"accessKeyId"` + AccessKeySecret string `json:"accessKeySecret"` + Region string `json:"region"` +} + +type AliyunSLBUploader struct { + config *AliyunSLBUploaderConfig + sdkClient *slb20140515.Client + sdkRuntime *util.RuntimeOptions +} + +func NewAliyunSLBUploader(config *AliyunSLBUploaderConfig) (Uploader, error) { + client, err := (&AliyunSLBUploader{}).createSdkClient( + config.AccessKeyId, + config.AccessKeySecret, + config.Region, + ) + if err != nil { + return nil, fmt.Errorf("failed to create sdk client: %w", err) + } + + return &AliyunSLBUploader{ + config: config, + sdkClient: client, + sdkRuntime: &util.RuntimeOptions{}, + }, nil +} + +func (u *AliyunSLBUploader) Upload(ctx context.Context, certPem string, privkeyPem string) (res *UploadResult, err error) { + // 解析证书内容 + certX509, err := x509.ParseCertificateFromPEM(certPem) + if err != nil { + return nil, err + } + + // 查询证书列表,避免重复上传 + // REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-describeservercertificates + describeServerCertificatesReq := &slb20140515.DescribeServerCertificatesRequest{ + RegionId: tea.String(u.config.Region), + } + describeServerCertificatesResp, err := u.sdkClient.DescribeServerCertificatesWithOptions(describeServerCertificatesReq, u.sdkRuntime) + if err != nil { + return nil, fmt.Errorf("failed to execute sdk request 'slb.DescribeServerCertificates': %w", err) + } + + if describeServerCertificatesResp.Body.ServerCertificates != nil && describeServerCertificatesResp.Body.ServerCertificates.ServerCertificate != nil { + fingerprint := sha256.Sum256(certX509.Raw) + fingerprintHex := hex.EncodeToString(fingerprint[:]) + for _, certDetail := range describeServerCertificatesResp.Body.ServerCertificates.ServerCertificate { + isSameCert := *certDetail.IsAliCloudCertificate == 0 && + strings.EqualFold(fingerprintHex, strings.ReplaceAll(*certDetail.Fingerprint, ":", "")) && + strings.EqualFold(certX509.Subject.CommonName, *certDetail.CommonName) + // 如果已存在相同证书,直接返回已有的证书信息 + if isSameCert { + return &UploadResult{ + CertId: *certDetail.ServerCertificateId, + CertName: *certDetail.ServerCertificateName, + }, nil + } + } + } + + // 生成新证书名(需符合阿里云命名规则) + var certId, certName string + certName = fmt.Sprintf("certimate_%d", time.Now().UnixMilli()) + + // 上传新证书 + // REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-uploadservercertificate + uploadServerCertificateReq := &slb20140515.UploadServerCertificateRequest{ + RegionId: tea.String(u.config.Region), + ServerCertificateName: tea.String(certName), + ServerCertificate: tea.String(certPem), + PrivateKey: tea.String(privkeyPem), + } + uploadServerCertificateResp, err := u.sdkClient.UploadServerCertificateWithOptions(uploadServerCertificateReq, u.sdkRuntime) + if err != nil { + return nil, fmt.Errorf("failed to execute sdk request 'slb.UploadServerCertificate': %w", err) + } + + certId = *uploadServerCertificateResp.Body.ServerCertificateId + return &UploadResult{ + CertId: certId, + CertName: certName, + }, nil +} + +func (u *AliyunSLBUploader) createSdkClient(accessKeyId, accessKeySecret, region string) (*slb20140515.Client, error) { + if region == "" { + region = "cn-hangzhou" // SLB 服务默认区域:华东一杭州 + } + + aConfig := &openapi.Config{ + AccessKeyId: tea.String(accessKeyId), + AccessKeySecret: tea.String(accessKeySecret), + } + + var endpoint string + switch region { + case "cn-hangzhou": + case "cn-hangzhou-finance": + case "cn-shanghai-finance-1": + case "cn-shenzhen-finance-1": + endpoint = "slb.aliyuncs.com" + default: + endpoint = fmt.Sprintf("slb.%s.aliyuncs.com", region) + } + aConfig.Endpoint = tea.String(endpoint) + + client, err := slb20140515.NewClient(aConfig) + if err != nil { + return nil, err + } + + return client, nil +} From 20d2c5699c249193f863ed5a36f4a441f00b5d2b Mon Sep 17 00:00:00 2001 From: Fu Diwei Date: Sat, 26 Oct 2024 00:31:38 +0800 Subject: [PATCH 3/7] feat: add aliyun clb deployer --- README.md | 2 +- README_EN.md | 32 +- internal/deployer/aliyun_clb.go | 281 ++++++++++++++++++ internal/deployer/deployer.go | 3 + internal/deployer/huaweicloud_cdn.go | 2 +- internal/deployer/huaweicloud_elb.go | 39 ++- internal/domain/domains.go | 34 ++- .../components/certimate/DeployEditDialog.tsx | 4 + .../certimate/DeployToAliyunCLB.tsx | 156 ++++++++++ .../certimate/DeployToHuaweiCloudELB.tsx | 2 +- ui/src/domain/domain.ts | 1 + ui/src/i18n/locales/en/nls.common.json | 1 + ui/src/i18n/locales/en/nls.domain.json | 10 + ui/src/i18n/locales/zh/nls.common.json | 1 + ui/src/i18n/locales/zh/nls.domain.json | 26 +- 15 files changed, 554 insertions(+), 40 deletions(-) create mode 100644 internal/deployer/aliyun_clb.go create mode 100644 ui/src/components/certimate/DeployToAliyunCLB.tsx diff --git a/README.md b/README.md index 63d7898b..4fe79035 100644 --- a/README.md +++ b/README.md @@ -73,7 +73,7 @@ make local.run | 服务商 | 支持申请证书 | 支持部署证书 | 备注 | | :--------: | :----------: | :----------: | ------------------------------------------------------------ | -| 阿里云 | √ | √ | 可签发在阿里云注册的域名;可部署到阿里云 OSS、CDN | +| 阿里云 | √ | √ | 可签发在阿里云注册的域名;可部署到阿里云 OSS、CDN、CLB(SLB) | | 腾讯云 | √ | √ | 可签发在腾讯云注册的域名;可部署到腾讯云 COS、CDN、CLB | | 华为云 | √ | √ | 可签发在华为云注册的域名;可部署到华为云 CDN、ELB | | 七牛云 | | √ | 可部署到七牛云 CDN | diff --git a/README_EN.md b/README_EN.md index 5bb30b38..74cb3098 100644 --- a/README_EN.md +++ b/README_EN.md @@ -70,22 +70,22 @@ password:1234567890 ## List of Supported Providers -| Provider | Registration | Deployment | Remarks | -| :-----------: | :----------: | :--------: | ------------------------------------------------------------------------------------------------ | -| Alibaba Cloud | √ | √ | Supports domains registered on Alibaba Cloud; supports deployment to Alibaba Cloud OSS, CDN | -| Tencent Cloud | √ | √ | Supports domains registered on Tencent Cloud; supports deployment to Tencent Cloud COS, CDN, CLB | -| Huawei Cloud | √ | √ | Supports domains registered on Huawei Cloud; supports deployment to Huawei Cloud CDN, ELB | -| Qiniu Cloud | | √ | Supports deployment to Qiniu Cloud CDN | -| AWS | √ | | Supports domains managed on AWS Route53 | -| CloudFlare | √ | | Supports domains registered on CloudFlare; CloudFlare services come with SSL certificates | -| GoDaddy | √ | | Supports domains registered on GoDaddy | -| Namesilo | √ | | Supports domains registered on Namesilo | -| PowerDNS | √ | | Supports domains managed on PowerDNS | -| HTTP Request | √ | | Supports domains which allow managing DNS by HTTP request | -| Local Deploy | | √ | Supports deployment to local servers | -| SSH | | √ | Supports deployment to SSH servers | -| Webhook | | √ | Supports callback to Webhook | -| Kubernetes | | √ | Supports deployment to Kubernetes Secret | +| Provider | Registration | Deployment | Remarks | +| :-----------: | :----------: | :--------: | ----------------------------------------------------------------------------------------------------- | +| Alibaba Cloud | √ | √ | Supports domains registered on Alibaba Cloud; supports deployment to Alibaba Cloud OSS, CDN, CLB(SLB) | +| Tencent Cloud | √ | √ | Supports domains registered on Tencent Cloud; supports deployment to Tencent Cloud COS, CDN, CLB | +| Huawei Cloud | √ | √ | Supports domains registered on Huawei Cloud; supports deployment to Huawei Cloud CDN, ELB | +| Qiniu Cloud | | √ | Supports deployment to Qiniu Cloud CDN | +| AWS | √ | | Supports domains managed on AWS Route53 | +| CloudFlare | √ | | Supports domains registered on CloudFlare; CloudFlare services come with SSL certificates | +| GoDaddy | √ | | Supports domains registered on GoDaddy | +| Namesilo | √ | | Supports domains registered on Namesilo | +| PowerDNS | √ | | Supports domains managed on PowerDNS | +| HTTP Request | √ | | Supports domains which allow managing DNS by HTTP request | +| Local Deploy | | √ | Supports deployment to local servers | +| SSH | | √ | Supports deployment to SSH servers | +| Webhook | | √ | Supports callback to Webhook | +| Kubernetes | | √ | Supports deployment to Kubernetes Secret | ## Screenshots diff --git a/internal/deployer/aliyun_clb.go b/internal/deployer/aliyun_clb.go new file mode 100644 index 00000000..9a0f8789 --- /dev/null +++ b/internal/deployer/aliyun_clb.go @@ -0,0 +1,281 @@ +package deployer + +import ( + "context" + "encoding/json" + "errors" + "fmt" + + openapi "github.com/alibabacloud-go/darabonba-openapi/v2/client" + slb20140515 "github.com/alibabacloud-go/slb-20140515/v4/client" + "github.com/alibabacloud-go/tea/tea" + + "github.com/usual2970/certimate/internal/domain" + "github.com/usual2970/certimate/internal/pkg/core/uploader" +) + +type AliyunCLBDeployer struct { + option *DeployerOption + infos []string + + sdkClient *slb20140515.Client + sslUploader uploader.Uploader +} + +func NewAliyunCLBDeployer(option *DeployerOption) (Deployer, error) { + access := &domain.AliyunAccess{} + json.Unmarshal([]byte(option.Access), access) + + client, err := (&AliyunCLBDeployer{}).createSdkClient( + access.AccessKeyId, + access.AccessKeySecret, + option.DeployConfig.GetConfigAsString("region"), + ) + if err != nil { + return nil, err + } + + uploader, err := uploader.NewAliyunSLBUploader(&uploader.AliyunSLBUploaderConfig{ + AccessKeyId: access.AccessKeyId, + AccessKeySecret: access.AccessKeySecret, + Region: option.DeployConfig.GetConfigAsString("region"), + }) + if err != nil { + return nil, err + } + + return &AliyunCLBDeployer{ + option: option, + infos: make([]string, 0), + sdkClient: client, + sslUploader: uploader, + }, nil +} + +func (d *AliyunCLBDeployer) GetID() string { + return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id) +} + +func (d *AliyunCLBDeployer) GetInfo() []string { + return d.infos +} + +func (d *AliyunCLBDeployer) Deploy(ctx context.Context) error { + switch d.option.DeployConfig.GetConfigAsString("resourceType") { + case "loadbalancer": + if err := d.deployToLoadbalancer(ctx); err != nil { + return err + } + case "listener": + if err := d.deployToListener(ctx); err != nil { + return err + } + default: + return errors.New("unsupported resource type") + } + + return nil +} + +func (d *AliyunCLBDeployer) createSdkClient(accessKeyId, accessKeySecret, region string) (*slb20140515.Client, error) { + if region == "" { + region = "cn-hangzhou" // CLB(SLB) 服务默认区域:华东一杭州 + } + + aConfig := &openapi.Config{ + AccessKeyId: tea.String(accessKeyId), + AccessKeySecret: tea.String(accessKeySecret), + } + + var endpoint string + switch region { + case "cn-hangzhou": + case "cn-hangzhou-finance": + case "cn-shanghai-finance-1": + case "cn-shenzhen-finance-1": + endpoint = "slb.aliyuncs.com" + default: + endpoint = fmt.Sprintf("slb.%s.aliyuncs.com", region) + } + aConfig.Endpoint = tea.String(endpoint) + + client, err := slb20140515.NewClient(aConfig) + if err != nil { + return nil, err + } + + return client, nil +} + +func (d *AliyunCLBDeployer) deployToLoadbalancer(ctx context.Context) error { + aliLoadbalancerId := d.option.DeployConfig.GetConfigAsString("loadbalancerId") + if aliLoadbalancerId == "" { + return errors.New("`loadbalancerId` is required") + } + + // 查询负载均衡器实例的详细信息 + // REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-describeloadbalancerattribute + describeLoadBalancerAttributeReq := &slb20140515.DescribeLoadBalancerAttributeRequest{ + RegionId: tea.String(d.option.DeployConfig.GetConfigAsString("region")), + LoadBalancerId: tea.String(aliLoadbalancerId), + } + describeLoadBalancerAttributeResp, err := d.sdkClient.DescribeLoadBalancerAttribute(describeLoadBalancerAttributeReq) + if err != nil { + return fmt.Errorf("failed to execute sdk request 'slb.DescribeLoadBalancerAttribute': %w", err) + } + + d.infos = append(d.infos, toStr("已查询到 CLB 负载均衡器实例", describeLoadBalancerAttributeResp)) + + // 查询监听列表 + // REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-describeloadbalancerlisteners + aliListenerPorts := make([]int32, 0) + listListenersPage := 1 + listListenersLimit := int32(100) + var listListenersToken *string = nil + for { + describeLoadBalancerListenersReq := &slb20140515.DescribeLoadBalancerListenersRequest{ + RegionId: tea.String(d.option.DeployConfig.GetConfigAsString("region")), + MaxResults: tea.Int32(listListenersLimit), + NextToken: listListenersToken, + LoadBalancerId: []*string{tea.String(aliLoadbalancerId)}, + ListenerProtocol: tea.String("https"), + } + describeLoadBalancerListenersResp, err := d.sdkClient.DescribeLoadBalancerListeners(describeLoadBalancerListenersReq) + if err != nil { + return fmt.Errorf("failed to execute sdk request 'slb.DescribeLoadBalancerListeners': %w", err) + } + + if describeLoadBalancerListenersResp.Body.Listeners != nil { + for _, listener := range describeLoadBalancerListenersResp.Body.Listeners { + aliListenerPorts = append(aliListenerPorts, *listener.ListenerPort) + } + } + + if describeLoadBalancerListenersResp.Body.NextToken == nil { + break + } else { + listListenersToken = describeLoadBalancerListenersResp.Body.NextToken + listListenersPage += 1 + } + } + + d.infos = append(d.infos, toStr("已查询到 ELB 负载均衡器下的监听器", aliListenerPorts)) + + // 上传证书到 SLB + uploadResult, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey) + if err != nil { + return err + } + + d.infos = append(d.infos, toStr("已上传证书", uploadResult)) + + // 批量更新监听证书 + var errs []error + for _, aliListenerPort := range aliListenerPorts { + if err := d.updateListenerCertificate(ctx, aliLoadbalancerId, aliListenerPort, uploadResult.CertId); err != nil { + errs = append(errs, err) + } + } + if len(errs) > 0 { + return errors.Join(errs...) + } + + return nil +} + +func (d *AliyunCLBDeployer) deployToListener(ctx context.Context) error { + aliLoadbalancerId := d.option.DeployConfig.GetConfigAsString("loadbalancerId") + if aliLoadbalancerId == "" { + return errors.New("`loadbalancerId` is required") + } + + aliListenerPort := d.option.DeployConfig.GetConfigAsInt32("listenerPort") + if aliListenerPort == 0 { + return errors.New("`listenerPort` is required") + } + + // 上传证书到 SLB + uploadResult, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey) + if err != nil { + return err + } + + d.infos = append(d.infos, toStr("已上传证书", uploadResult)) + + // 更新监听 + if err := d.updateListenerCertificate(ctx, aliLoadbalancerId, aliListenerPort, uploadResult.CertId); err != nil { + return err + } + + return nil +} + +func (d *AliyunCLBDeployer) updateListenerCertificate(ctx context.Context, aliLoadbalancerId string, aliListenerPort int32, aliCertId string) error { + // 查询监听配置 + // REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-describeloadbalancerhttpslistenerattribute + describeLoadBalancerHTTPSListenerAttributeReq := &slb20140515.DescribeLoadBalancerHTTPSListenerAttributeRequest{ + LoadBalancerId: tea.String(aliLoadbalancerId), + ListenerPort: tea.Int32(aliListenerPort), + } + describeLoadBalancerHTTPSListenerAttributeResp, err := d.sdkClient.DescribeLoadBalancerHTTPSListenerAttribute(describeLoadBalancerHTTPSListenerAttributeReq) + if err != nil { + return fmt.Errorf("failed to execute sdk request 'slb.DescribeLoadBalancerHTTPSListenerAttribute': %w", err) + } + + d.infos = append(d.infos, toStr("已查询到 CLB HTTPS 监听配置", describeLoadBalancerHTTPSListenerAttributeResp)) + + // 查询扩展域名 + // REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-describedomainextensions + describeDomainExtensionsReq := &slb20140515.DescribeDomainExtensionsRequest{ + RegionId: tea.String(d.option.DeployConfig.GetConfigAsString("region")), + LoadBalancerId: tea.String(aliLoadbalancerId), + ListenerPort: tea.Int32(aliListenerPort), + } + describeDomainExtensionsResp, err := d.sdkClient.DescribeDomainExtensions(describeDomainExtensionsReq) + if err != nil { + return fmt.Errorf("failed to execute sdk request 'slb.DescribeDomainExtensions': %w", err) + } + + d.infos = append(d.infos, toStr("已查询到 CLB 扩展域名", describeDomainExtensionsResp)) + + // 遍历修改扩展域名 + // REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-setdomainextensionattribute + // + // 这里仅修改跟被替换证书一致的扩展域名 + if describeDomainExtensionsResp.Body.DomainExtensions == nil && describeDomainExtensionsResp.Body.DomainExtensions.DomainExtension == nil { + for _, domainExtension := range describeDomainExtensionsResp.Body.DomainExtensions.DomainExtension { + if *domainExtension.ServerCertificateId == *describeLoadBalancerHTTPSListenerAttributeResp.Body.ServerCertificateId { + break + } + + setDomainExtensionAttributeReq := &slb20140515.SetDomainExtensionAttributeRequest{ + RegionId: tea.String(d.option.DeployConfig.GetConfigAsString("region")), + DomainExtensionId: tea.String(*domainExtension.DomainExtensionId), + ServerCertificateId: tea.String(aliCertId), + } + _, err := d.sdkClient.SetDomainExtensionAttribute(setDomainExtensionAttributeReq) + if err != nil { + return fmt.Errorf("failed to execute sdk request 'slb.SetDomainExtensionAttribute': %w", err) + } + } + } + + // 修改监听配置 + // REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-setloadbalancerhttpslistenerattribute + // + // 注意修改监听配置要放在修改扩展域名之后 + setLoadBalancerHTTPSListenerAttributeReq := &slb20140515.SetLoadBalancerHTTPSListenerAttributeRequest{ + RegionId: tea.String(d.option.DeployConfig.GetConfigAsString("region")), + LoadBalancerId: tea.String(aliLoadbalancerId), + ListenerPort: tea.Int32(aliListenerPort), + ServerCertificateId: tea.String(aliCertId), + } + setLoadBalancerHTTPSListenerAttributeResp, err := d.sdkClient.SetLoadBalancerHTTPSListenerAttribute(setLoadBalancerHTTPSListenerAttributeReq) + if err != nil { + return fmt.Errorf("failed to execute sdk request 'slb.SetLoadBalancerHTTPSListenerAttribute': %w", err) + } + + d.infos = append(d.infos, toStr("已更新 CLB HTTPS 监听配置", setLoadBalancerHTTPSListenerAttributeResp)) + + return nil +} diff --git a/internal/deployer/deployer.go b/internal/deployer/deployer.go index 512fd748..8e130b3b 100644 --- a/internal/deployer/deployer.go +++ b/internal/deployer/deployer.go @@ -18,6 +18,7 @@ const ( targetAliyunOSS = "aliyun-oss" targetAliyunCDN = "aliyun-cdn" targetAliyunESA = "aliyun-dcdn" + targetAliyunCLB = "aliyun-clb" targetTencentCDN = "tencent-cdn" targetTencentCLB = "tencent-clb" targetTencentCOS = "tencent-cos" @@ -106,6 +107,8 @@ func getWithDeployConfig(record *models.Record, cert *applicant.Certificate, dep return NewAliyunCDNDeployer(option) case targetAliyunESA: return NewAliyunESADeployer(option) + case targetAliyunCLB: + return NewAliyunCLBDeployer(option) case targetTencentCDN: return NewTencentCDNDeployer(option) case targetTencentCLB: diff --git a/internal/deployer/huaweicloud_cdn.go b/internal/deployer/huaweicloud_cdn.go index f7835dcb..ab6e936b 100644 --- a/internal/deployer/huaweicloud_cdn.go +++ b/internal/deployer/huaweicloud_cdn.go @@ -41,9 +41,9 @@ func NewHuaweiCloudCDNDeployer(option *DeployerOption) (Deployer, error) { // TODO: SCM 服务与 DNS 服务所支持的区域可能不一致,这里暂时不传而是使用默认值,仅支持华为云国内版 uploader, err := uploader.NewHuaweiCloudSCMUploader(&uploader.HuaweiCloudSCMUploaderConfig{ - Region: "", AccessKeyId: access.AccessKeyId, SecretAccessKey: access.SecretAccessKey, + Region: "", }) if err != nil { return nil, err diff --git a/internal/deployer/huaweicloud_elb.go b/internal/deployer/huaweicloud_elb.go index e9a6f243..fc5920bb 100644 --- a/internal/deployer/huaweicloud_elb.go +++ b/internal/deployer/huaweicloud_elb.go @@ -46,9 +46,9 @@ func NewHuaweiCloudELBDeployer(option *DeployerOption) (Deployer, error) { } uploader, err := uploader.NewHuaweiCloudELBUploader(&uploader.HuaweiCloudELBUploaderConfig{ - Region: option.DeployConfig.GetConfigAsString("region"), AccessKeyId: access.AccessKeyId, SecretAccessKey: access.SecretAccessKey, + Region: option.DeployConfig.GetConfigAsString("region"), }) if err != nil { return nil, err @@ -176,10 +176,15 @@ func (u *HuaweiCloudELBDeployer) getSdkProjectId(accessKeyId, secretAccessKey, r } func (d *HuaweiCloudELBDeployer) deployToCertificate(ctx context.Context) error { + hcCertId := d.option.DeployConfig.GetConfigAsString("certificateId") + if hcCertId == "" { + return errors.New("`certificateId` is required") + } + // 更新证书 // REF: https://support.huaweicloud.com/api-elb/UpdateCertificate.html updateCertificateReq := &hcElbModel.UpdateCertificateRequest{ - CertificateId: d.option.DeployConfig.GetConfigAsString("certificateId"), + CertificateId: hcCertId, Body: &hcElbModel.UpdateCertificateRequestBody{ Certificate: &hcElbModel.UpdateCertificateOption{ Certificate: cast.StringPtr(d.option.Certificate.Certificate), @@ -198,21 +203,26 @@ func (d *HuaweiCloudELBDeployer) deployToCertificate(ctx context.Context) error } func (d *HuaweiCloudELBDeployer) deployToLoadbalancer(ctx context.Context) error { + hcLoadbalancerId := d.option.DeployConfig.GetConfigAsString("loadbalancerId") + if hcLoadbalancerId == "" { + return errors.New("`loadbalancerId` is required") + } + // 查询负载均衡器详情 // REF: https://support.huaweicloud.com/api-elb/ShowLoadBalancer.html showLoadBalancerReq := &hcElbModel.ShowLoadBalancerRequest{ - LoadbalancerId: d.option.DeployConfig.GetConfigAsString("loadbalancerId"), + LoadbalancerId: hcLoadbalancerId, } showLoadBalancerResp, err := d.sdkClient.ShowLoadBalancer(showLoadBalancerReq) if err != nil { return fmt.Errorf("failed to execute sdk request 'elb.ShowLoadBalancer': %w", err) } - d.infos = append(d.infos, toStr("已查询到到 ELB 负载均衡器", showLoadBalancerResp)) + d.infos = append(d.infos, toStr("已查询到 ELB 负载均衡器", showLoadBalancerResp)) // 查询监听器列表 // REF: https://support.huaweicloud.com/api-elb/ListListeners.html - listenerIds := make([]string, 0) + hcListenerIds := make([]string, 0) listListenersLimit := int32(2000) var listListenersMarker *string = nil for { @@ -229,7 +239,7 @@ func (d *HuaweiCloudELBDeployer) deployToLoadbalancer(ctx context.Context) error if listListenersResp.Listeners != nil { for _, listener := range *listListenersResp.Listeners { - listenerIds = append(listenerIds, listener.Id) + hcListenerIds = append(hcListenerIds, listener.Id) } } @@ -240,7 +250,7 @@ func (d *HuaweiCloudELBDeployer) deployToLoadbalancer(ctx context.Context) error } } - d.infos = append(d.infos, toStr("已查询到到 ELB 负载均衡器下的监听器", listenerIds)) + d.infos = append(d.infos, toStr("已查询到 ELB 负载均衡器下的监听器", hcListenerIds)) // 上传证书到 SCM uploadResult, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey) @@ -252,8 +262,8 @@ func (d *HuaweiCloudELBDeployer) deployToLoadbalancer(ctx context.Context) error // 批量更新监听器证书 var errs []error - for _, listenerId := range listenerIds { - if err := d.updateListenerCertificate(ctx, listenerId, uploadResult.CertId); err != nil { + for _, hcListenerId := range hcListenerIds { + if err := d.updateListenerCertificate(ctx, hcListenerId, uploadResult.CertId); err != nil { errs = append(errs, err) } } @@ -265,6 +275,11 @@ func (d *HuaweiCloudELBDeployer) deployToLoadbalancer(ctx context.Context) error } func (d *HuaweiCloudELBDeployer) deployToListener(ctx context.Context) error { + hcListenerId := d.option.DeployConfig.GetConfigAsString("listenerId") + if hcListenerId == "" { + return errors.New("`listenerId` is required") + } + // 上传证书到 SCM uploadResult, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey) if err != nil { @@ -274,7 +289,7 @@ func (d *HuaweiCloudELBDeployer) deployToListener(ctx context.Context) error { d.infos = append(d.infos, toStr("已上传证书", uploadResult)) // 更新监听器证书 - if err := d.updateListenerCertificate(ctx, d.option.DeployConfig.GetConfigAsString("listenerId"), uploadResult.CertId); err != nil { + if err := d.updateListenerCertificate(ctx, hcListenerId, uploadResult.CertId); err != nil { return err } @@ -292,7 +307,7 @@ func (d *HuaweiCloudELBDeployer) updateListenerCertificate(ctx context.Context, return fmt.Errorf("failed to execute sdk request 'elb.ShowListener': %w", err) } - d.infos = append(d.infos, toStr("已查询到到 ELB 监听器", showListenerResp)) + d.infos = append(d.infos, toStr("已查询到 ELB 监听器", showListenerResp)) // 更新监听器 // REF: https://support.huaweicloud.com/api-elb/UpdateListener.html @@ -359,7 +374,7 @@ func (d *HuaweiCloudELBDeployer) updateListenerCertificate(ctx context.Context, return fmt.Errorf("failed to execute sdk request 'elb.UpdateListener': %w", err) } - d.infos = append(d.infos, toStr("已更新监听器", updateListenerResp)) + d.infos = append(d.infos, toStr("已更新 ELB 监听器", updateListenerResp)) return nil } diff --git a/internal/domain/domains.go b/internal/domain/domains.go index 78acbb3d..bed38ac2 100644 --- a/internal/domain/domains.go +++ b/internal/domain/domains.go @@ -18,7 +18,6 @@ type DeployConfig struct { Config map[string]any `json:"config"` } - // 以字符串形式获取配置项。 // // 入参: @@ -52,6 +51,39 @@ func (dc *DeployConfig) GetConfigOrDefaultAsString(key string, defaultValue stri return defaultValue } +// 以 32 位整数形式获取配置项。 +// +// 入参: +// - key: 配置项的键。 +// +// 出参: +// - 配置项的值。如果配置项不存在或者类型不是 32 位整数,则返回 0。 +func (dc *DeployConfig) GetConfigAsInt32(key string) int32 { + return dc.GetConfigOrDefaultAsInt32(key, 0) +} + +// 以 32 位整数形式获取配置项。 +// +// 入参: +// - key: 配置项的键。 +// - defaultValue: 默认值。 +// +// 出参: +// - 配置项的值。如果配置项不存在或者类型不是 32 位整数,则返回默认值。 +func (dc *DeployConfig) GetConfigOrDefaultAsInt32(key string, defaultValue int32) int32 { + if dc.Config == nil { + return defaultValue + } + + if value, ok := dc.Config[key]; ok { + if result, ok := value.(int32); ok { + return result + } + } + + return defaultValue +} + // 以布尔形式获取配置项。 // // 入参: diff --git a/ui/src/components/certimate/DeployEditDialog.tsx b/ui/src/components/certimate/DeployEditDialog.tsx index 7ef5f291..5fdc4ab1 100644 --- a/ui/src/components/certimate/DeployEditDialog.tsx +++ b/ui/src/components/certimate/DeployEditDialog.tsx @@ -11,6 +11,7 @@ import AccessEditDialog from "./AccessEditDialog"; import { Context as DeployEditContext } from "./DeployEdit"; import DeployToAliyunOSS from "./DeployToAliyunOSS"; import DeployToAliyunCDN from "./DeployToAliyunCDN"; +import DeployToAliyunCLB from "./DeployToAliyunCLB"; import DeployToTencentCDN from "./DeployToTencentCDN"; import DeployToTencentCLB from "./DeployToTencentCLB"; import DeployToTencentCOS from "./DeployToTencentCOS"; @@ -118,6 +119,9 @@ const DeployEditDialog = ({ trigger, deployConfig, onSave }: DeployEditDialogPro case "aliyun-dcdn": childComponent = ; break; + case "aliyun-clb": + childComponent = ; + break; case "tencent-cdn": childComponent = ; break; diff --git a/ui/src/components/certimate/DeployToAliyunCLB.tsx b/ui/src/components/certimate/DeployToAliyunCLB.tsx new file mode 100644 index 00000000..6eb18d9e --- /dev/null +++ b/ui/src/components/certimate/DeployToAliyunCLB.tsx @@ -0,0 +1,156 @@ +import { useEffect } from "react"; +import { useTranslation } from "react-i18next"; +import { z } from "zod"; +import { produce } from "immer"; + +import { Input } from "@/components/ui/input"; +import { Label } from "@/components/ui/label"; +import { Select, SelectContent, SelectGroup, SelectItem, SelectTrigger, SelectValue } from "@/components/ui/select"; +import { useDeployEditContext } from "./DeployEdit"; + +const DeployToAliyunCLB = () => { + const { t } = useTranslation(); + + const { deploy: data, setDeploy, error, setError } = useDeployEditContext(); + + useEffect(() => { + if (!data.id) { + setDeploy({ + ...data, + config: { + region: "cn-hangzhou", + resourceType: "", + loadbalancerId: "", + listenerPort: "443", + }, + }); + } + }, []); + + useEffect(() => { + setError({}); + }, []); + + const formSchema = z + .object({ + region: z.string().min(1, t("domain.deployment.form.aliyun_clb_region.placeholder")), + resourceType: z.string().min(1, t("domain.deployment.form.aliyun_clb_resource_type.placeholder")), + loadbalancerId: z.string().optional(), + listenerPort: z.string().optional(), + }) + .refine((data) => (data.resourceType === "loadbalancer" || data.resourceType === "listener" ? !!data.loadbalancerId?.trim() : true), { + message: t("domain.deployment.form.aliyun_clb_loadbalancer_id.placeholder"), + path: ["loadbalancerId"], + }) + .refine((data) => (data.resourceType === "listener" ? +data.listenerPort! > 0 && +data.listenerPort! < 65535 : true), { + message: t("domain.deployment.form.aliyun_clb_listener_port.placeholder"), + path: ["listenerPort"], + }); + + useEffect(() => { + const res = formSchema.safeParse(data.config); + if (!res.success) { + setError({ + ...error, + region: res.error.errors.find((e) => e.path[0] === "region")?.message, + resourceType: res.error.errors.find((e) => e.path[0] === "resourceType")?.message, + loadbalancerId: res.error.errors.find((e) => e.path[0] === "loadbalancerId")?.message, + listenerPort: res.error.errors.find((e) => e.path[0] === "listenerPort")?.message, + }); + } else { + setError({ + ...error, + region: undefined, + resourceType: undefined, + loadbalancerId: undefined, + listenerPort: undefined, + }); + } + }, [data]); + + return ( +
+
+ + { + const newData = produce(data, (draft) => { + draft.config ??= {}; + draft.config.region = e.target.value?.trim(); + }); + setDeploy(newData); + }} + /> +
{error?.region}
+
+ +
+ + +
{error?.resourceType}
+
+ +
+ + { + const newData = produce(data, (draft) => { + draft.config ??= {}; + draft.config.loadbalancerId = e.target.value?.trim(); + }); + setDeploy(newData); + }} + /> +
{error?.loadbalancerId}
+
+ + {data?.config?.resourceType === "listener" ? ( +
+ + { + const newData = produce(data, (draft) => { + draft.config ??= {}; + draft.config.listenerPort = e.target.value?.trim(); + }); + setDeploy(newData); + }} + /> +
{error?.listenerPort}
+
+ ) : ( + <> + )} +
+ ); +}; + +export default DeployToAliyunCLB; diff --git a/ui/src/components/certimate/DeployToHuaweiCloudELB.tsx b/ui/src/components/certimate/DeployToHuaweiCloudELB.tsx index 9cb5e686..b85203e8 100644 --- a/ui/src/components/certimate/DeployToHuaweiCloudELB.tsx +++ b/ui/src/components/certimate/DeployToHuaweiCloudELB.tsx @@ -44,7 +44,7 @@ const DeployToHuaweiCloudCDN = () => { message: t("domain.deployment.form.huaweicloud_elb_certificate_id.placeholder"), path: ["certificateId"], }) - .refine((data) => (data.resourceType === "loadbalancer" ? !!data.certificateId?.trim() : true), { + .refine((data) => (data.resourceType === "loadbalancer" ? !!data.loadbalancerId?.trim() : true), { message: t("domain.deployment.form.huaweicloud_elb_loadbalancer_id.placeholder"), path: ["loadbalancerId"], }) diff --git a/ui/src/domain/domain.ts b/ui/src/domain/domain.ts index 97bb4ce1..4f5131df 100644 --- a/ui/src/domain/domain.ts +++ b/ui/src/domain/domain.ts @@ -75,6 +75,7 @@ export const deployTargetsMap: Map = new Map ["aliyun-oss", "common.provider.aliyun.oss", "/imgs/providers/aliyun.svg"], ["aliyun-cdn", "common.provider.aliyun.cdn", "/imgs/providers/aliyun.svg"], ["aliyun-dcdn", "common.provider.aliyun.dcdn", "/imgs/providers/aliyun.svg"], + ["aliyun-clb", "common.provider.aliyun.clb", "/imgs/providers/aliyun.svg"], ["tencent-cdn", "common.provider.tencent.cdn", "/imgs/providers/tencent.svg"], ["tencent-clb", "common.provider.tencent.clb", "/imgs/providers/tencent.svg"], ["tencent-cos", "common.provider.tencent.cos", "/imgs/providers/tencent.svg"], diff --git a/ui/src/i18n/locales/en/nls.common.json b/ui/src/i18n/locales/en/nls.common.json index 872ef19b..660f7abe 100644 --- a/ui/src/i18n/locales/en/nls.common.json +++ b/ui/src/i18n/locales/en/nls.common.json @@ -56,6 +56,7 @@ "common.provider.aliyun.oss": "Alibaba Cloud - OSS", "common.provider.aliyun.cdn": "Alibaba Cloud - CDN", "common.provider.aliyun.dcdn": "Alibaba Cloud - DCDN", + "common.provider.aliyun.clb": "Alibaba Cloud - CLB(SLB)", "common.provider.tencent": "Tencent Cloud", "common.provider.tencent.cdn": "Tencent Cloud - CDN", "common.provider.tencent.clb": "Tencent Cloud - CLB", diff --git a/ui/src/i18n/locales/en/nls.domain.json b/ui/src/i18n/locales/en/nls.domain.json index 80f1a4d7..996c3326 100644 --- a/ui/src/i18n/locales/en/nls.domain.json +++ b/ui/src/i18n/locales/en/nls.domain.json @@ -61,6 +61,16 @@ "domain.deployment.form.aliyun_oss_endpoint.placeholder": "Please enter endpoint", "domain.deployment.form.aliyun_oss_bucket.label": "Bucket", "domain.deployment.form.aliyun_oss_bucket.placeholder": "Please enter bucket", + "domain.deployment.form.aliyun_clb_region.label": "Region", + "domain.deployment.form.aliyun_clb_region.placeholder": "Please enter region (e.g. cn-hangzhou)", + "domain.deployment.form.aliyun_clb_resource_type.label": "Resource Type", + "domain.deployment.form.aliyun_clb_resource_type.placeholder": "Please select CLB resource type", + "domain.deployment.form.aliyun_clb_resource_type.option.loadbalancer.label": "CLB LoadBalancer", + "domain.deployment.form.aliyun_clb_resource_type.option.listener.label": "CLB Listener", + "domain.deployment.form.aliyun_clb_loadbalancer_id.label": "LoadBalancer ID", + "domain.deployment.form.aliyun_clb_loadbalancer_id.placeholder": "Please enter CLB loadbalancer ID", + "domain.deployment.form.aliyun_clb_listener_port.label": "Listener Port", + "domain.deployment.form.aliyun_clb_listener_port.placeholder": "Please enter CLB listener port", "domain.deployment.form.tencent_cos_region.label": "Region", "domain.deployment.form.tencent_cos_region.placeholder": "Please enter region (e.g. ap-guangzhou)", "domain.deployment.form.tencent_cos_bucket.label": "Bucket", diff --git a/ui/src/i18n/locales/zh/nls.common.json b/ui/src/i18n/locales/zh/nls.common.json index 818807ce..66187d90 100644 --- a/ui/src/i18n/locales/zh/nls.common.json +++ b/ui/src/i18n/locales/zh/nls.common.json @@ -55,6 +55,7 @@ "common.provider.aliyun.oss": "阿里云 - OSS", "common.provider.aliyun.cdn": "阿里云 - CDN", "common.provider.aliyun.dcdn": "阿里云 - DCDN", + "common.provider.aliyun.clb": "阿里云 - CLB(原 SLB)", "common.provider.tencent": "腾讯云", "common.provider.tencent.cos": "腾讯云 - COS", "common.provider.tencent.cdn": "腾讯云 - CDN", diff --git a/ui/src/i18n/locales/zh/nls.domain.json b/ui/src/i18n/locales/zh/nls.domain.json index ae7f4d0f..fdedf22c 100644 --- a/ui/src/i18n/locales/zh/nls.domain.json +++ b/ui/src/i18n/locales/zh/nls.domain.json @@ -61,6 +61,16 @@ "domain.deployment.form.aliyun_oss_endpoint.placeholder": "请输入 Endpoint", "domain.deployment.form.aliyun_oss_bucket.label": "存储桶", "domain.deployment.form.aliyun_oss_bucket.placeholder": "请输入存储桶名", + "domain.deployment.form.aliyun_clb_region.label": "地域", + "domain.deployment.form.aliyun_clb_region.placeholder": "请输入地域(如 cn-hangzhou)", + "domain.deployment.form.aliyun_clb_resource_type.label": "替换方式", + "domain.deployment.form.aliyun_clb_resource_type.placeholder": "请选择替换方式", + "domain.deployment.form.aliyun_clb_resource_type.option.loadbalancer.label": "替换指定负载均衡器的全部监听的证书", + "domain.deployment.form.aliyun_clb_resource_type.option.listener.label": "替换指定负载均衡器监听的证书", + "domain.deployment.form.aliyun_clb_loadbalancer_id.label": "负载均衡器 ID", + "domain.deployment.form.aliyun_clb_loadbalancer_id.placeholder": "请输入负载均衡器 ID", + "domain.deployment.form.aliyun_clb_listener_port.label": "监听端口", + "domain.deployment.form.aliyun_clb_listener_port.placeholder": "请输入监听端口", "domain.deployment.form.tencent_cos_region.label": "地域", "domain.deployment.form.tencent_cos_region.placeholder": "请输入地域(如 ap-guangzhou)", "domain.deployment.form.tencent_cos_bucket.label": "存储桶", @@ -75,17 +85,17 @@ "domain.deployment.form.tencent_clb_domain.placeholder": "请输入部署到的域名, 如未开启 SNI, 可置空忽略此项", "domain.deployment.form.huaweicloud_elb_region.label": "地域", "domain.deployment.form.huaweicloud_elb_region.placeholder": "请输入地域(如 cn-north-1)", - "domain.deployment.form.huaweicloud_elb_resource_type.label": "资源类型替换方式", - "domain.deployment.form.huaweicloud_elb_resource_type.placeholder": "请选择资源类型替换方式", - "domain.deployment.form.huaweicloud_elb_resource_type.option.certificate.label": "按证书替换", - "domain.deployment.form.huaweicloud_elb_resource_type.option.loadbalancer.label": "按负载均衡器替换", - "domain.deployment.form.huaweicloud_elb_resource_type.option.listener.label": "按监听器替换", + "domain.deployment.form.huaweicloud_elb_resource_type.label": "替换方式", + "domain.deployment.form.huaweicloud_elb_resource_type.placeholder": "请选择替换方式", + "domain.deployment.form.huaweicloud_elb_resource_type.option.certificate.label": "替换指定证书", + "domain.deployment.form.huaweicloud_elb_resource_type.option.loadbalancer.label": "替换指定负载均衡器的全部监听器的证书", + "domain.deployment.form.huaweicloud_elb_resource_type.option.listener.label": "替换指定监听器", "domain.deployment.form.huaweicloud_elb_certificate_id.label": "证书 ID", - "domain.deployment.form.huaweicloud_elb_certificate_id.placeholder": "请输入证书 ID(可从华为云控制面板获取)", + "domain.deployment.form.huaweicloud_elb_certificate_id.placeholder": "请输入证书 ID", "domain.deployment.form.huaweicloud_elb_loadbalancer_id.label": "负载均衡器 ID", - "domain.deployment.form.huaweicloud_elb_loadbalancer_id.placeholder": "请输入负载均衡器 ID(可从华为云控制面板获取)", + "domain.deployment.form.huaweicloud_elb_loadbalancer_id.placeholder": "请输入负载均衡器 ID", "domain.deployment.form.huaweicloud_elb_listener_id.label": "监听器 ID", - "domain.deployment.form.huaweicloud_elb_listener_id.placeholder": "请输入监听器 ID(可从华为云控制面板获取)", + "domain.deployment.form.huaweicloud_elb_listener_id.placeholder": "请输入监听器 ID", "domain.deployment.form.ssh_key_path.label": "私钥保存路径", "domain.deployment.form.ssh_key_path.placeholder": "请输入私钥保存路径", "domain.deployment.form.ssh_cert_path.label": "证书保存路径", From 1690963aafb2cc3c5f7862b2b0cc0af1e92680c4 Mon Sep 17 00:00:00 2001 From: Fu Diwei Date: Sat, 26 Oct 2024 12:40:45 +0800 Subject: [PATCH 4/7] feat: add aliyun alb deployer --- README.md | 2 +- README_EN.md | 32 +-- go.mod | 1 + go.sum | 2 + internal/deployer/aliyun_alb.go | 232 ++++++++++++++++++ internal/deployer/aliyun_clb.go | 6 +- .../components/certimate/DeployEditDialog.tsx | 4 + .../certimate/DeployToAliyunALB.tsx | 162 ++++++++++++ .../certimate/DeployToAliyunCLB.tsx | 4 +- ui/src/domain/domain.ts | 1 + ui/src/i18n/locales/en/nls.common.json | 3 +- ui/src/i18n/locales/en/nls.domain.json | 10 + ui/src/i18n/locales/zh/nls.common.json | 21 +- ui/src/i18n/locales/zh/nls.domain.json | 14 +- 14 files changed, 460 insertions(+), 34 deletions(-) create mode 100644 internal/deployer/aliyun_alb.go create mode 100644 ui/src/components/certimate/DeployToAliyunALB.tsx diff --git a/README.md b/README.md index 4fe79035..40d590e1 100644 --- a/README.md +++ b/README.md @@ -73,7 +73,7 @@ make local.run | 服务商 | 支持申请证书 | 支持部署证书 | 备注 | | :--------: | :----------: | :----------: | ------------------------------------------------------------ | -| 阿里云 | √ | √ | 可签发在阿里云注册的域名;可部署到阿里云 OSS、CDN、CLB(SLB) | +| 阿里云 | √ | √ | 可签发在阿里云注册的域名;可部署到阿里云 OSS、CDN、SLB | | 腾讯云 | √ | √ | 可签发在腾讯云注册的域名;可部署到腾讯云 COS、CDN、CLB | | 华为云 | √ | √ | 可签发在华为云注册的域名;可部署到华为云 CDN、ELB | | 七牛云 | | √ | 可部署到七牛云 CDN | diff --git a/README_EN.md b/README_EN.md index 74cb3098..8194ac5b 100644 --- a/README_EN.md +++ b/README_EN.md @@ -70,22 +70,22 @@ password:1234567890 ## List of Supported Providers -| Provider | Registration | Deployment | Remarks | -| :-----------: | :----------: | :--------: | ----------------------------------------------------------------------------------------------------- | -| Alibaba Cloud | √ | √ | Supports domains registered on Alibaba Cloud; supports deployment to Alibaba Cloud OSS, CDN, CLB(SLB) | -| Tencent Cloud | √ | √ | Supports domains registered on Tencent Cloud; supports deployment to Tencent Cloud COS, CDN, CLB | -| Huawei Cloud | √ | √ | Supports domains registered on Huawei Cloud; supports deployment to Huawei Cloud CDN, ELB | -| Qiniu Cloud | | √ | Supports deployment to Qiniu Cloud CDN | -| AWS | √ | | Supports domains managed on AWS Route53 | -| CloudFlare | √ | | Supports domains registered on CloudFlare; CloudFlare services come with SSL certificates | -| GoDaddy | √ | | Supports domains registered on GoDaddy | -| Namesilo | √ | | Supports domains registered on Namesilo | -| PowerDNS | √ | | Supports domains managed on PowerDNS | -| HTTP Request | √ | | Supports domains which allow managing DNS by HTTP request | -| Local Deploy | | √ | Supports deployment to local servers | -| SSH | | √ | Supports deployment to SSH servers | -| Webhook | | √ | Supports callback to Webhook | -| Kubernetes | | √ | Supports deployment to Kubernetes Secret | +| Provider | Registration | Deployment | Remarks | +| :-----------: | :----------: | :--------: | ------------------------------------------------------------------------------------------------ | +| Alibaba Cloud | √ | √ | Supports domains registered on Alibaba Cloud; supports deployment to Alibaba Cloud OSS, CDN, SLB | +| Tencent Cloud | √ | √ | Supports domains registered on Tencent Cloud; supports deployment to Tencent Cloud COS, CDN, CLB | +| Huawei Cloud | √ | √ | Supports domains registered on Huawei Cloud; supports deployment to Huawei Cloud CDN, ELB | +| Qiniu Cloud | | √ | Supports deployment to Qiniu Cloud CDN | +| AWS | √ | | Supports domains managed on AWS Route53 | +| CloudFlare | √ | | Supports domains registered on CloudFlare; CloudFlare services come with SSL certificates | +| GoDaddy | √ | | Supports domains registered on GoDaddy | +| Namesilo | √ | | Supports domains registered on Namesilo | +| PowerDNS | √ | | Supports domains managed on PowerDNS | +| HTTP Request | √ | | Supports domains which allow managing DNS by HTTP request | +| Local Deploy | | √ | Supports deployment to local servers | +| SSH | | √ | Supports deployment to SSH servers | +| Webhook | | √ | Supports callback to Webhook | +| Kubernetes | | √ | Supports deployment to Kubernetes Secret | ## Screenshots diff --git a/go.mod b/go.mod index f01708ee..fc4267b9 100644 --- a/go.mod +++ b/go.mod @@ -5,6 +5,7 @@ go 1.22.0 toolchain go1.23.2 require ( + github.com/alibabacloud-go/alb-20200616/v2 v2.2.1 github.com/alibabacloud-go/cas-20200407/v3 v3.0.1 github.com/alibabacloud-go/cdn-20180510/v5 v5.0.0 github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.10 diff --git a/go.sum b/go.sum index 64b89b32..3475675b 100644 --- a/go.sum +++ b/go.sum @@ -29,6 +29,8 @@ github.com/Netflix/go-expect v0.0.0-20220104043353-73e0943537d2/go.mod h1:HBCaDe github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c= github.com/ajstarks/svgo v0.0.0-20180226025133-644b8db467af/go.mod h1:K08gAheRH3/J6wwsYMMT4xOr94bZjxIelGM0+d/wbFw= github.com/alex-ant/gomath v0.0.0-20160516115720-89013a210a82/go.mod h1:nLnM0KdK1CmygvjpDUO6m1TjSsiQtL61juhNsvV/JVI= +github.com/alibabacloud-go/alb-20200616/v2 v2.2.1 h1:b8ixnrkFhWrmJQd+iEE1UWPD5vdyC3d9l7G0uvkfi2s= +github.com/alibabacloud-go/alb-20200616/v2 v2.2.1/go.mod h1:cPdZwovbqpv+5nM/HnMwZpG5q0/gBuX31hu2H1VoyrM= github.com/alibabacloud-go/alibabacloud-gateway-pop v0.0.6 h1:eIf+iGJxdU4U9ypaUfbtOWCsZSbTb8AUHvyPrxu6mAA= github.com/alibabacloud-go/alibabacloud-gateway-pop v0.0.6/go.mod h1:4EUIoxs/do24zMOGGqYVWgw0s9NtiylnJglOeEB5UJo= github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.4/go.mod h1:sCavSAvdzOjul4cEqeVtvlSaSScfNsTQ+46HwlTL1hc= diff --git a/internal/deployer/aliyun_alb.go b/internal/deployer/aliyun_alb.go new file mode 100644 index 00000000..979f25f8 --- /dev/null +++ b/internal/deployer/aliyun_alb.go @@ -0,0 +1,232 @@ +package deployer + +import ( + "context" + "encoding/json" + "errors" + "fmt" + + alb20200616 "github.com/alibabacloud-go/alb-20200616/v2/client" + openapi "github.com/alibabacloud-go/darabonba-openapi/v2/client" + "github.com/alibabacloud-go/tea/tea" + + "github.com/usual2970/certimate/internal/domain" + "github.com/usual2970/certimate/internal/pkg/core/uploader" +) + +type AliyunALBDeployer struct { + option *DeployerOption + infos []string + + sdkClient *alb20200616.Client + sslUploader uploader.Uploader +} + +func NewAliyunALBDeployer(option *DeployerOption) (Deployer, error) { + access := &domain.AliyunAccess{} + json.Unmarshal([]byte(option.Access), access) + + client, err := (&AliyunALBDeployer{}).createSdkClient( + access.AccessKeyId, + access.AccessKeySecret, + option.DeployConfig.GetConfigAsString("region"), + ) + if err != nil { + return nil, err + } + + uploader, err := uploader.NewAliyunCASUploader(&uploader.AliyunCASUploaderConfig{ + AccessKeyId: access.AccessKeyId, + AccessKeySecret: access.AccessKeySecret, + Region: option.DeployConfig.GetConfigAsString("region"), + }) + if err != nil { + return nil, err + } + + return &AliyunALBDeployer{ + option: option, + infos: make([]string, 0), + sdkClient: client, + sslUploader: uploader, + }, nil +} + +func (d *AliyunALBDeployer) GetID() string { + return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id) +} + +func (d *AliyunALBDeployer) GetInfo() []string { + return d.infos +} + +func (d *AliyunALBDeployer) Deploy(ctx context.Context) error { + switch d.option.DeployConfig.GetConfigAsString("resourceType") { + case "loadbalancer": + if err := d.deployToLoadbalancer(ctx); err != nil { + return err + } + case "listener": + if err := d.deployToListener(ctx); err != nil { + return err + } + default: + return errors.New("unsupported resource type") + } + + return nil +} + +func (d *AliyunALBDeployer) createSdkClient(accessKeyId, accessKeySecret, region string) (*alb20200616.Client, error) { + if region == "" { + region = "cn-hangzhou" // ALB 服务默认区域:华东一杭州 + } + + aConfig := &openapi.Config{ + AccessKeyId: tea.String(accessKeyId), + AccessKeySecret: tea.String(accessKeySecret), + } + + var endpoint string + switch region { + case "cn-hangzhou-finance": + endpoint = "alb.cn-hangzhou.aliyuncs.com" + default: + endpoint = fmt.Sprintf("alb.%s.aliyuncs.com", region) + } + aConfig.Endpoint = tea.String(endpoint) + + client, err := alb20200616.NewClient(aConfig) + if err != nil { + return nil, err + } + + return client, nil +} + +func (d *AliyunALBDeployer) deployToLoadbalancer(ctx context.Context) error { + aliLoadbalancerId := d.option.DeployConfig.GetConfigAsString("loadbalancerId") + if aliLoadbalancerId == "" { + return errors.New("`loadbalancerId` is required") + } + + // 查询负载均衡实例的详细信息 + // REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-getloadbalancerattribute + getLoadBalancerAttributeReq := &alb20200616.GetLoadBalancerAttributeRequest{ + LoadBalancerId: tea.String(aliLoadbalancerId), + } + getLoadBalancerAttributeResp, err := d.sdkClient.GetLoadBalancerAttribute(getLoadBalancerAttributeReq) + if err != nil { + return fmt.Errorf("failed to execute sdk request 'alb.GetLoadBalancerAttribute': %w", err) + } + + d.infos = append(d.infos, toStr("已查询到 ALB 负载均衡实例", getLoadBalancerAttributeResp)) + + // 查询监听列表 + // REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-listlisteners + aliListenerIds := make([]string, 0) + listListenersPage := 1 + listListenersLimit := int32(100) + var listListenersToken *string = nil + for { + listListenersReq := &alb20200616.ListListenersRequest{ + MaxResults: tea.Int32(listListenersLimit), + NextToken: listListenersToken, + LoadBalancerIds: []*string{tea.String(aliLoadbalancerId)}, + ListenerProtocol: tea.String("HTTPS"), + } + listListenersResp, err := d.sdkClient.ListListeners(listListenersReq) + if err != nil { + return fmt.Errorf("failed to execute sdk request 'alb.ListListeners': %w", err) + } + + if listListenersResp.Body.Listeners != nil { + for _, listener := range listListenersResp.Body.Listeners { + aliListenerIds = append(aliListenerIds, *listener.ListenerId) + } + } + + if listListenersResp.Body.NextToken == nil { + break + } else { + listListenersToken = listListenersResp.Body.NextToken + listListenersPage += 1 + } + } + + d.infos = append(d.infos, toStr("已查询到 ALB 负载均衡实例下的全部 HTTPS 监听", aliListenerIds)) + + // 上传证书到 SSL + uploadResult, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey) + if err != nil { + return err + } + + d.infos = append(d.infos, toStr("已上传证书", uploadResult)) + + // 批量更新监听证书 + var errs []error + for _, aliListenerId := range aliListenerIds { + if err := d.updateListenerCertificate(ctx, aliListenerId, uploadResult.CertId); err != nil { + errs = append(errs, err) + } + } + if len(errs) > 0 { + return errors.Join(errs...) + } + + return nil +} + +func (d *AliyunALBDeployer) deployToListener(ctx context.Context) error { + aliListenerId := d.option.DeployConfig.GetConfigAsString("listenerId") + if aliListenerId == "" { + return errors.New("`listenerId` is required") + } + + // 上传证书到 SSL + uploadResult, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey) + if err != nil { + return err + } + + d.infos = append(d.infos, toStr("已上传证书", uploadResult)) + + // 更新监听 + if err := d.updateListenerCertificate(ctx, aliListenerId, uploadResult.CertId); err != nil { + return err + } + + return nil +} + +func (d *AliyunALBDeployer) updateListenerCertificate(ctx context.Context, aliListenerId string, aliCertId string) error { + // 查询监听的属性 + // REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-getlistenerattribute + getListenerAttributeReq := &alb20200616.GetListenerAttributeRequest{ + ListenerId: tea.String(aliListenerId), + } + getListenerAttributeResp, err := d.sdkClient.GetListenerAttribute(getListenerAttributeReq) + if err != nil { + return fmt.Errorf("failed to execute sdk request 'alb.GetListenerAttribute': %w", err) + } + + d.infos = append(d.infos, toStr("已查询到 ALB 监听配置", getListenerAttributeResp)) + + // 修改监听的属性 + // REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-updatelistenerattribute + updateListenerAttributeReq := &alb20200616.UpdateListenerAttributeRequest{ + ListenerId: tea.String(aliListenerId), + Certificates: []*alb20200616.UpdateListenerAttributeRequestCertificates{{ + CertificateId: tea.String(aliCertId), + }}, + } + updateListenerAttributeResp, err := d.sdkClient.UpdateListenerAttribute(updateListenerAttributeReq) + if err != nil { + return fmt.Errorf("failed to execute sdk request 'alb.UpdateListenerAttribute': %w", err) + } + + d.infos = append(d.infos, toStr("已更新 ALB 监听配置", updateListenerAttributeResp)) + + return nil +} diff --git a/internal/deployer/aliyun_clb.go b/internal/deployer/aliyun_clb.go index 9a0f8789..0c6466a7 100644 --- a/internal/deployer/aliyun_clb.go +++ b/internal/deployer/aliyun_clb.go @@ -113,7 +113,7 @@ func (d *AliyunCLBDeployer) deployToLoadbalancer(ctx context.Context) error { return errors.New("`loadbalancerId` is required") } - // 查询负载均衡器实例的详细信息 + // 查询负载均衡实例的详细信息 // REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-describeloadbalancerattribute describeLoadBalancerAttributeReq := &slb20140515.DescribeLoadBalancerAttributeRequest{ RegionId: tea.String(d.option.DeployConfig.GetConfigAsString("region")), @@ -124,7 +124,7 @@ func (d *AliyunCLBDeployer) deployToLoadbalancer(ctx context.Context) error { return fmt.Errorf("failed to execute sdk request 'slb.DescribeLoadBalancerAttribute': %w", err) } - d.infos = append(d.infos, toStr("已查询到 CLB 负载均衡器实例", describeLoadBalancerAttributeResp)) + d.infos = append(d.infos, toStr("已查询到 CLB 负载均衡实例", describeLoadBalancerAttributeResp)) // 查询监听列表 // REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-describeloadbalancerlisteners @@ -159,7 +159,7 @@ func (d *AliyunCLBDeployer) deployToLoadbalancer(ctx context.Context) error { } } - d.infos = append(d.infos, toStr("已查询到 ELB 负载均衡器下的监听器", aliListenerPorts)) + d.infos = append(d.infos, toStr("已查询到 CLB 负载均衡实例下的全部 HTTPS 监听", aliListenerPorts)) // 上传证书到 SLB uploadResult, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey) diff --git a/ui/src/components/certimate/DeployEditDialog.tsx b/ui/src/components/certimate/DeployEditDialog.tsx index 5fdc4ab1..395fd9c8 100644 --- a/ui/src/components/certimate/DeployEditDialog.tsx +++ b/ui/src/components/certimate/DeployEditDialog.tsx @@ -12,6 +12,7 @@ import { Context as DeployEditContext } from "./DeployEdit"; import DeployToAliyunOSS from "./DeployToAliyunOSS"; import DeployToAliyunCDN from "./DeployToAliyunCDN"; import DeployToAliyunCLB from "./DeployToAliyunCLB"; +import DeployToAliyunALB from "./DeployToAliyunALB"; import DeployToTencentCDN from "./DeployToTencentCDN"; import DeployToTencentCLB from "./DeployToTencentCLB"; import DeployToTencentCOS from "./DeployToTencentCOS"; @@ -122,6 +123,9 @@ const DeployEditDialog = ({ trigger, deployConfig, onSave }: DeployEditDialogPro case "aliyun-clb": childComponent = ; break; + case "aliyun-alb": + childComponent = ; + break; case "tencent-cdn": childComponent = ; break; diff --git a/ui/src/components/certimate/DeployToAliyunALB.tsx b/ui/src/components/certimate/DeployToAliyunALB.tsx new file mode 100644 index 00000000..cf7feba9 --- /dev/null +++ b/ui/src/components/certimate/DeployToAliyunALB.tsx @@ -0,0 +1,162 @@ +import { useEffect } from "react"; +import { useTranslation } from "react-i18next"; +import { z } from "zod"; +import { produce } from "immer"; + +import { Input } from "@/components/ui/input"; +import { Label } from "@/components/ui/label"; +import { Select, SelectContent, SelectGroup, SelectItem, SelectTrigger, SelectValue } from "@/components/ui/select"; +import { useDeployEditContext } from "./DeployEdit"; + +const DeployToAliyunALB = () => { + const { t } = useTranslation(); + + const { deploy: data, setDeploy, error, setError } = useDeployEditContext(); + + useEffect(() => { + if (!data.id) { + setDeploy({ + ...data, + config: { + region: "cn-hangzhou", + resourceType: "", + loadbalancerId: "", + listenerId: "", + }, + }); + } + }, []); + + useEffect(() => { + setError({}); + }, []); + + const formSchema = z + .object({ + region: z.string().min(1, t("domain.deployment.form.aliyun_alb_region.placeholder")), + resourceType: z.union([z.literal("loadbalancer"), z.literal("listener")], { + message: t("domain.deployment.form.aliyun_alb_resource_type.placeholder"), + }), + loadbalancerId: z.string().optional(), + listenerId: z.string().optional(), + }) + .refine((data) => (data.resourceType === "loadbalancer" ? !!data.loadbalancerId?.trim() : true), { + message: t("domain.deployment.form.aliyun_alb_loadbalancer_id.placeholder"), + path: ["loadbalancerId"], + }) + .refine((data) => (data.resourceType === "listener" ? !!data.listenerId?.trim() : true), { + message: t("domain.deployment.form.aliyun_alb_listener_id.placeholder"), + path: ["listenerId"], + }); + + useEffect(() => { + const res = formSchema.safeParse(data.config); + if (!res.success) { + setError({ + ...error, + region: res.error.errors.find((e) => e.path[0] === "region")?.message, + resourceType: res.error.errors.find((e) => e.path[0] === "resourceType")?.message, + loadbalancerId: res.error.errors.find((e) => e.path[0] === "loadbalancerId")?.message, + listenerId: res.error.errors.find((e) => e.path[0] === "listenerId")?.message, + }); + } else { + setError({ + ...error, + region: undefined, + resourceType: undefined, + loadbalancerId: undefined, + listenerId: undefined, + }); + } + }, [data]); + + return ( +
+
+ + { + const newData = produce(data, (draft) => { + draft.config ??= {}; + draft.config.region = e.target.value?.trim(); + }); + setDeploy(newData); + }} + /> +
{error?.region}
+
+ +
+ + +
{error?.resourceType}
+
+ + {data?.config?.resourceType === "loadbalancer" ? ( +
+ + { + const newData = produce(data, (draft) => { + draft.config ??= {}; + draft.config.loadbalancerId = e.target.value?.trim(); + }); + setDeploy(newData); + }} + /> +
{error?.loadbalancerId}
+
+ ) : ( + <> + )} + + {data?.config?.resourceType === "listener" ? ( +
+ + { + const newData = produce(data, (draft) => { + draft.config ??= {}; + draft.config.listenerId = e.target.value?.trim(); + }); + setDeploy(newData); + }} + /> +
{error?.listenerId}
+
+ ) : ( + <> + )} +
+ ); +}; + +export default DeployToAliyunALB; diff --git a/ui/src/components/certimate/DeployToAliyunCLB.tsx b/ui/src/components/certimate/DeployToAliyunCLB.tsx index 6eb18d9e..eb41c0ac 100644 --- a/ui/src/components/certimate/DeployToAliyunCLB.tsx +++ b/ui/src/components/certimate/DeployToAliyunCLB.tsx @@ -34,7 +34,9 @@ const DeployToAliyunCLB = () => { const formSchema = z .object({ region: z.string().min(1, t("domain.deployment.form.aliyun_clb_region.placeholder")), - resourceType: z.string().min(1, t("domain.deployment.form.aliyun_clb_resource_type.placeholder")), + resourceType: z.union([z.literal("certificate"), z.literal("loadbalancer"), z.literal("listener")], { + message: t("domain.deployment.form.aliyun_clb_resource_type.placeholder"), + }), loadbalancerId: z.string().optional(), listenerPort: z.string().optional(), }) diff --git a/ui/src/domain/domain.ts b/ui/src/domain/domain.ts index 4f5131df..8f090032 100644 --- a/ui/src/domain/domain.ts +++ b/ui/src/domain/domain.ts @@ -76,6 +76,7 @@ export const deployTargetsMap: Map = new Map ["aliyun-cdn", "common.provider.aliyun.cdn", "/imgs/providers/aliyun.svg"], ["aliyun-dcdn", "common.provider.aliyun.dcdn", "/imgs/providers/aliyun.svg"], ["aliyun-clb", "common.provider.aliyun.clb", "/imgs/providers/aliyun.svg"], + ["aliyun-alb", "common.provider.aliyun.alb", "/imgs/providers/aliyun.svg"], ["tencent-cdn", "common.provider.tencent.cdn", "/imgs/providers/tencent.svg"], ["tencent-clb", "common.provider.tencent.clb", "/imgs/providers/tencent.svg"], ["tencent-cos", "common.provider.tencent.cos", "/imgs/providers/tencent.svg"], diff --git a/ui/src/i18n/locales/en/nls.common.json b/ui/src/i18n/locales/en/nls.common.json index 660f7abe..dc6ad896 100644 --- a/ui/src/i18n/locales/en/nls.common.json +++ b/ui/src/i18n/locales/en/nls.common.json @@ -56,7 +56,8 @@ "common.provider.aliyun.oss": "Alibaba Cloud - OSS", "common.provider.aliyun.cdn": "Alibaba Cloud - CDN", "common.provider.aliyun.dcdn": "Alibaba Cloud - DCDN", - "common.provider.aliyun.clb": "Alibaba Cloud - CLB(SLB)", + "common.provider.aliyun.clb": "Alibaba Cloud - CLB", + "common.provider.aliyun.alb": "Alibaba Cloud - ALB", "common.provider.tencent": "Tencent Cloud", "common.provider.tencent.cdn": "Tencent Cloud - CDN", "common.provider.tencent.clb": "Tencent Cloud - CLB", diff --git a/ui/src/i18n/locales/en/nls.domain.json b/ui/src/i18n/locales/en/nls.domain.json index 996c3326..ddba1aae 100644 --- a/ui/src/i18n/locales/en/nls.domain.json +++ b/ui/src/i18n/locales/en/nls.domain.json @@ -71,6 +71,16 @@ "domain.deployment.form.aliyun_clb_loadbalancer_id.placeholder": "Please enter CLB loadbalancer ID", "domain.deployment.form.aliyun_clb_listener_port.label": "Listener Port", "domain.deployment.form.aliyun_clb_listener_port.placeholder": "Please enter CLB listener port", + "domain.deployment.form.aliyun_alb_region.label": "Region", + "domain.deployment.form.aliyun_alb_region.placeholder": "Please enter region (e.g. cn-hangzhou)", + "domain.deployment.form.aliyun_alb_resource_type.label": "Resource Type", + "domain.deployment.form.aliyun_alb_resource_type.placeholder": "Please select ALB resource type", + "domain.deployment.form.aliyun_alb_resource_type.option.loadbalancer.label": "ALB LoadBalancer", + "domain.deployment.form.aliyun_alb_resource_type.option.listener.label": "ALB Listener", + "domain.deployment.form.aliyun_alb_loadbalancer_id.label": "LoadBalancer ID", + "domain.deployment.form.aliyun_alb_loadbalancer_id.placeholder": "Please enter ALB loadbalancer ID", + "domain.deployment.form.aliyun_alb_listener_id.label": "Listener ID", + "domain.deployment.form.aliyun_alb_listener_id.placeholder": "Please enter ALB listener ID", "domain.deployment.form.tencent_cos_region.label": "Region", "domain.deployment.form.tencent_cos_region.placeholder": "Please enter region (e.g. ap-guangzhou)", "domain.deployment.form.tencent_cos_bucket.label": "Bucket", diff --git a/ui/src/i18n/locales/zh/nls.common.json b/ui/src/i18n/locales/zh/nls.common.json index 66187d90..b3e18f7a 100644 --- a/ui/src/i18n/locales/zh/nls.common.json +++ b/ui/src/i18n/locales/zh/nls.common.json @@ -52,19 +52,20 @@ "common.errmsg.ip_invalid": "请输入正确的 IP 地址", "common.errmsg.url_invalid": "请输入正确的 URL", "common.provider.aliyun": "阿里云", - "common.provider.aliyun.oss": "阿里云 - OSS", - "common.provider.aliyun.cdn": "阿里云 - CDN", - "common.provider.aliyun.dcdn": "阿里云 - DCDN", - "common.provider.aliyun.clb": "阿里云 - CLB(原 SLB)", + "common.provider.aliyun.oss": "阿里云 - 对象存储 OSS", + "common.provider.aliyun.cdn": "阿里云 - 内容分发网络 CDN", + "common.provider.aliyun.dcdn": "阿里云 - 全站加速 DCDN", + "common.provider.aliyun.clb": "阿里云 - 传统型负载均衡 CLB", + "common.provider.aliyun.alb": "阿里云 - 应用型负载均衡 ALB", "common.provider.tencent": "腾讯云", - "common.provider.tencent.cos": "腾讯云 - COS", - "common.provider.tencent.cdn": "腾讯云 - CDN", - "common.provider.tencent.clb": "腾讯云 - CLB", + "common.provider.tencent.cos": "腾讯云 - 对象存储 COS", + "common.provider.tencent.cdn": "腾讯云 - 内容分发网络 CDN", + "common.provider.tencent.clb": "腾讯云 - 负载均衡 CLB", "common.provider.huaweicloud": "华为云", - "common.provider.huaweicloud.cdn": "华为云 - CDN", - "common.provider.huaweicloud.elb": "华为云 - ELB", + "common.provider.huaweicloud.cdn": "华为云 - 内容分发网络 CDN", + "common.provider.huaweicloud.elb": "华为云 - 弹性负载均衡 ELB", "common.provider.qiniu": "七牛云", - "common.provider.qiniu.cdn": "七牛云 - CDN", + "common.provider.qiniu.cdn": "七牛云 - 内容分发网络 CDN", "common.provider.aws": "AWS", "common.provider.cloudflare": "Cloudflare", "common.provider.namesilo": "Namesilo", diff --git a/ui/src/i18n/locales/zh/nls.domain.json b/ui/src/i18n/locales/zh/nls.domain.json index fdedf22c..1929440e 100644 --- a/ui/src/i18n/locales/zh/nls.domain.json +++ b/ui/src/i18n/locales/zh/nls.domain.json @@ -65,12 +65,22 @@ "domain.deployment.form.aliyun_clb_region.placeholder": "请输入地域(如 cn-hangzhou)", "domain.deployment.form.aliyun_clb_resource_type.label": "替换方式", "domain.deployment.form.aliyun_clb_resource_type.placeholder": "请选择替换方式", - "domain.deployment.form.aliyun_clb_resource_type.option.loadbalancer.label": "替换指定负载均衡器的全部监听的证书", + "domain.deployment.form.aliyun_clb_resource_type.option.loadbalancer.label": "替换指定负载均衡器的全部监听的证书(仅支持 HTTPS 监听)", "domain.deployment.form.aliyun_clb_resource_type.option.listener.label": "替换指定负载均衡器监听的证书", "domain.deployment.form.aliyun_clb_loadbalancer_id.label": "负载均衡器 ID", "domain.deployment.form.aliyun_clb_loadbalancer_id.placeholder": "请输入负载均衡器 ID", "domain.deployment.form.aliyun_clb_listener_port.label": "监听端口", "domain.deployment.form.aliyun_clb_listener_port.placeholder": "请输入监听端口", + "domain.deployment.form.aliyun_alb_region.label": "地域", + "domain.deployment.form.aliyun_alb_region.placeholder": "请输入地域(如 cn-hangzhou)", + "domain.deployment.form.aliyun_alb_resource_type.label": "替换方式", + "domain.deployment.form.aliyun_alb_resource_type.placeholder": "请选择替换方式", + "domain.deployment.form.aliyun_alb_resource_type.option.loadbalancer.label": "替换指定负载均衡器的全部监听的证书(仅支持 HTTPS 监听)", + "domain.deployment.form.aliyun_alb_resource_type.option.listener.label": "替换指定负载均衡器监听的证书", + "domain.deployment.form.aliyun_alb_loadbalancer_id.label": "负载均衡器 ID", + "domain.deployment.form.aliyun_alb_loadbalancer_id.placeholder": "请输入负载均衡器 ID", + "domain.deployment.form.aliyun_alb_listener_id.label": "监听器 ID", + "domain.deployment.form.aliyun_alb_listener_id.placeholder": "请输入监听器 ID", "domain.deployment.form.tencent_cos_region.label": "地域", "domain.deployment.form.tencent_cos_region.placeholder": "请输入地域(如 ap-guangzhou)", "domain.deployment.form.tencent_cos_bucket.label": "存储桶", @@ -88,7 +98,7 @@ "domain.deployment.form.huaweicloud_elb_resource_type.label": "替换方式", "domain.deployment.form.huaweicloud_elb_resource_type.placeholder": "请选择替换方式", "domain.deployment.form.huaweicloud_elb_resource_type.option.certificate.label": "替换指定证书", - "domain.deployment.form.huaweicloud_elb_resource_type.option.loadbalancer.label": "替换指定负载均衡器的全部监听器的证书", + "domain.deployment.form.huaweicloud_elb_resource_type.option.loadbalancer.label": "替换指定负载均衡器的全部监听器的证书(仅支持 HTTPS 监听)", "domain.deployment.form.huaweicloud_elb_resource_type.option.listener.label": "替换指定监听器", "domain.deployment.form.huaweicloud_elb_certificate_id.label": "证书 ID", "domain.deployment.form.huaweicloud_elb_certificate_id.placeholder": "请输入证书 ID", From d87026d5be7f98b50282c15cd0fdfdcbed9adeeb Mon Sep 17 00:00:00 2001 From: Fu Diwei Date: Sat, 26 Oct 2024 12:52:55 +0800 Subject: [PATCH 5/7] feat: add aliyun nlb deployer --- go.mod | 1 + go.sum | 4 + internal/deployer/aliyun_nlb.go | 230 ++++++++++++++++++ internal/deployer/deployer.go | 8 +- .../components/certimate/DeployEditDialog.tsx | 4 + .../certimate/DeployToAliyunNLB.tsx | 162 ++++++++++++ ui/src/domain/domain.ts | 1 + ui/src/i18n/locales/en/nls.common.json | 1 + ui/src/i18n/locales/en/nls.domain.json | 10 + ui/src/i18n/locales/zh/nls.common.json | 1 + ui/src/i18n/locales/zh/nls.domain.json | 14 +- 11 files changed, 433 insertions(+), 3 deletions(-) create mode 100644 internal/deployer/aliyun_nlb.go create mode 100644 ui/src/components/certimate/DeployToAliyunNLB.tsx diff --git a/go.mod b/go.mod index fc4267b9..0571e260 100644 --- a/go.mod +++ b/go.mod @@ -9,6 +9,7 @@ require ( github.com/alibabacloud-go/cas-20200407/v3 v3.0.1 github.com/alibabacloud-go/cdn-20180510/v5 v5.0.0 github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.10 + github.com/alibabacloud-go/nlb-20220430/v2 v2.0.3 github.com/alibabacloud-go/slb-20140515/v4 v4.0.9 github.com/alibabacloud-go/tea v1.2.2 github.com/alibabacloud-go/tea-utils/v2 v2.0.6 diff --git a/go.sum b/go.sum index 3475675b..10911699 100644 --- a/go.sum +++ b/go.sum @@ -47,6 +47,7 @@ github.com/alibabacloud-go/darabonba-encode-util v0.0.2/go.mod h1:JiW9higWHYXm7F github.com/alibabacloud-go/darabonba-map v0.0.2 h1:qvPnGB4+dJbJIxOOfawxzF3hzMnIpjmafa0qOTp6udc= github.com/alibabacloud-go/darabonba-map v0.0.2/go.mod h1:28AJaX8FOE/ym8OUFWga+MtEzBunJwQGceGQlvaPGPc= github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.0/go.mod h1:5JHVmnHvGzR2wNdgaW1zDLQG8kOC4Uec8ubkMogW7OQ= +github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.5/go.mod h1:kUe8JqFmoVU7lfBauaDD5taFaW7mBI+xVsyHutYtabg= github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.7/go.mod h1:CzQnh+94WDnJOnKZH5YRyouL+OOcdBnXY5VWAf0McgI= github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.8/go.mod h1:CzQnh+94WDnJOnKZH5YRyouL+OOcdBnXY5VWAf0McgI= github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.9/go.mod h1:bb+Io8Sn2RuM3/Rpme6ll86jMyFSrD1bxeV/+v61KeU= @@ -64,6 +65,8 @@ github.com/alibabacloud-go/debug v1.0.1 h1:MsW9SmUtbb1Fnt3ieC6NNZi6aEwrXfDksD4QA github.com/alibabacloud-go/debug v1.0.1/go.mod h1:8gfgZCCAC3+SCzjWtY053FrOcd4/qlH6IHTI4QyICOc= github.com/alibabacloud-go/endpoint-util v1.1.0 h1:r/4D3VSw888XGaeNpP994zDUaxdgTSHBbVfZlzf6b5Q= github.com/alibabacloud-go/endpoint-util v1.1.0/go.mod h1:O5FuCALmCKs2Ff7JFJMudHs0I5EBgecXXxZRyswlEjE= +github.com/alibabacloud-go/nlb-20220430/v2 v2.0.3 h1:LtyUVlgBEKyzWgQJurzXM6MXCt84sQr9cE5OKqYymko= +github.com/alibabacloud-go/nlb-20220430/v2 v2.0.3/go.mod h1:4a/RcBYeAhYowHzX+LMgnouz7NradnSKPKl14KS3B1U= github.com/alibabacloud-go/openapi-util v0.0.11/go.mod h1:sQuElr4ywwFRlCCberQwKRFhRzIyG4QTP/P4y1CJ6Ws= github.com/alibabacloud-go/openapi-util v0.1.0 h1:0z75cIULkDrdEhkLWgi9tnLe+KhAFE/r5Pb3312/eAY= github.com/alibabacloud-go/openapi-util v0.1.0/go.mod h1:sQuElr4ywwFRlCCberQwKRFhRzIyG4QTP/P4y1CJ6Ws= @@ -94,6 +97,7 @@ github.com/alibabacloud-go/tea-utils v1.3.6/go.mod h1:EI/o33aBfj3hETm4RLiAxF/ThQ github.com/alibabacloud-go/tea-utils v1.4.5 h1:h0/6Xd2f3bPE4XHTvkpjwxowIwRCJAJOqY6Eq8f3zfA= github.com/alibabacloud-go/tea-utils v1.4.5/go.mod h1:KNcT0oXlZZxOXINnZBs6YvgOd5aYp9U67G+E3R8fcQw= github.com/alibabacloud-go/tea-utils/v2 v2.0.0/go.mod h1:U5MTY10WwlquGPS34DOeomUGBB0gXbLueiq5Trwu0C4= +github.com/alibabacloud-go/tea-utils/v2 v2.0.4/go.mod h1:sj1PbjPodAVTqGTA3olprfeeqqmwD0A5OQz94o9EuXQ= github.com/alibabacloud-go/tea-utils/v2 v2.0.5/go.mod h1:dL6vbUT35E4F4bFTHL845eUloqaerYBYPsdWR2/jhe4= github.com/alibabacloud-go/tea-utils/v2 v2.0.6 h1:ZkmUlhlQbaDC+Eba/GARMPy6hKdCLiSke5RsN5LcyQ0= github.com/alibabacloud-go/tea-utils/v2 v2.0.6/go.mod h1:qxn986l+q33J5VkialKMqT/TTs3E+U9MJpd001iWQ9I= diff --git a/internal/deployer/aliyun_nlb.go b/internal/deployer/aliyun_nlb.go new file mode 100644 index 00000000..8e4d8d84 --- /dev/null +++ b/internal/deployer/aliyun_nlb.go @@ -0,0 +1,230 @@ +package deployer + +import ( + "context" + "encoding/json" + "errors" + "fmt" + + openapi "github.com/alibabacloud-go/darabonba-openapi/v2/client" + nlb20220430 "github.com/alibabacloud-go/nlb-20220430/v2/client" + "github.com/alibabacloud-go/tea/tea" + + "github.com/usual2970/certimate/internal/domain" + "github.com/usual2970/certimate/internal/pkg/core/uploader" +) + +type AliyunNLBDeployer struct { + option *DeployerOption + infos []string + + sdkClient *nlb20220430.Client + sslUploader uploader.Uploader +} + +func NewAliyunNLBDeployer(option *DeployerOption) (Deployer, error) { + access := &domain.AliyunAccess{} + json.Unmarshal([]byte(option.Access), access) + + client, err := (&AliyunNLBDeployer{}).createSdkClient( + access.AccessKeyId, + access.AccessKeySecret, + option.DeployConfig.GetConfigAsString("region"), + ) + if err != nil { + return nil, err + } + + uploader, err := uploader.NewAliyunCASUploader(&uploader.AliyunCASUploaderConfig{ + AccessKeyId: access.AccessKeyId, + AccessKeySecret: access.AccessKeySecret, + Region: option.DeployConfig.GetConfigAsString("region"), + }) + if err != nil { + return nil, err + } + + return &AliyunNLBDeployer{ + option: option, + infos: make([]string, 0), + sdkClient: client, + sslUploader: uploader, + }, nil +} + +func (d *AliyunNLBDeployer) GetID() string { + return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id) +} + +func (d *AliyunNLBDeployer) GetInfo() []string { + return d.infos +} + +func (d *AliyunNLBDeployer) Deploy(ctx context.Context) error { + switch d.option.DeployConfig.GetConfigAsString("resourceType") { + case "loadbalancer": + if err := d.deployToLoadbalancer(ctx); err != nil { + return err + } + case "listener": + if err := d.deployToListener(ctx); err != nil { + return err + } + default: + return errors.New("unsupported resource type") + } + + return nil +} + +func (d *AliyunNLBDeployer) createSdkClient(accessKeyId, accessKeySecret, region string) (*nlb20220430.Client, error) { + if region == "" { + region = "cn-hangzhou" // NLB 服务默认区域:华东一杭州 + } + + aConfig := &openapi.Config{ + AccessKeyId: tea.String(accessKeyId), + AccessKeySecret: tea.String(accessKeySecret), + } + + var endpoint string + switch region { + case "cn-hangzhou-finance": + endpoint = "nlb.cn-hangzhou.aliyuncs.com" + default: + endpoint = fmt.Sprintf("nlb.%s.aliyuncs.com", region) + } + aConfig.Endpoint = tea.String(endpoint) + + client, err := nlb20220430.NewClient(aConfig) + if err != nil { + return nil, err + } + + return client, nil +} + +func (d *AliyunNLBDeployer) deployToLoadbalancer(ctx context.Context) error { + aliLoadbalancerId := d.option.DeployConfig.GetConfigAsString("loadbalancerId") + if aliLoadbalancerId == "" { + return errors.New("`loadbalancerId` is required") + } + + // 查询负载均衡实例的详细信息 + // REF: https://help.aliyun.com/zh/slb/network-load-balancer/developer-reference/api-nlb-2022-04-30-getloadbalancerattribute + getLoadBalancerAttributeReq := &nlb20220430.GetLoadBalancerAttributeRequest{ + LoadBalancerId: tea.String(aliLoadbalancerId), + } + getLoadBalancerAttributeResp, err := d.sdkClient.GetLoadBalancerAttribute(getLoadBalancerAttributeReq) + if err != nil { + return fmt.Errorf("failed to execute sdk request 'nlb.GetLoadBalancerAttribute': %w", err) + } + + d.infos = append(d.infos, toStr("已查询到 NLB 负载均衡实例", getLoadBalancerAttributeResp)) + + // 查询监听列表 + // REF: https://help.aliyun.com/zh/slb/network-load-balancer/developer-reference/api-nlb-2022-04-30-listlisteners + aliListenerIds := make([]string, 0) + listListenersPage := 1 + listListenersLimit := int32(100) + var listListenersToken *string = nil + for { + listListenersReq := &nlb20220430.ListListenersRequest{ + MaxResults: tea.Int32(listListenersLimit), + NextToken: listListenersToken, + LoadBalancerIds: []*string{tea.String(aliLoadbalancerId)}, + ListenerProtocol: tea.String("TCPSSL"), + } + listListenersResp, err := d.sdkClient.ListListeners(listListenersReq) + if err != nil { + return fmt.Errorf("failed to execute sdk request 'nlb.ListListeners': %w", err) + } + + if listListenersResp.Body.Listeners != nil { + for _, listener := range listListenersResp.Body.Listeners { + aliListenerIds = append(aliListenerIds, *listener.ListenerId) + } + } + + if listListenersResp.Body.NextToken == nil { + break + } else { + listListenersToken = listListenersResp.Body.NextToken + listListenersPage += 1 + } + } + + d.infos = append(d.infos, toStr("已查询到 NLB 负载均衡实例下的全部 TCPSSL 监听", aliListenerIds)) + + // 上传证书到 SSL + uploadResult, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey) + if err != nil { + return err + } + + d.infos = append(d.infos, toStr("已上传证书", uploadResult)) + + // 批量更新监听证书 + var errs []error + for _, aliListenerId := range aliListenerIds { + if err := d.updateListenerCertificate(ctx, aliListenerId, uploadResult.CertId); err != nil { + errs = append(errs, err) + } + } + if len(errs) > 0 { + return errors.Join(errs...) + } + + return nil +} + +func (d *AliyunNLBDeployer) deployToListener(ctx context.Context) error { + aliListenerId := d.option.DeployConfig.GetConfigAsString("listenerId") + if aliListenerId == "" { + return errors.New("`listenerId` is required") + } + + // 上传证书到 SSL + uploadResult, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey) + if err != nil { + return err + } + + d.infos = append(d.infos, toStr("已上传证书", uploadResult)) + + // 更新监听 + if err := d.updateListenerCertificate(ctx, aliListenerId, uploadResult.CertId); err != nil { + return err + } + + return nil +} + +func (d *AliyunNLBDeployer) updateListenerCertificate(ctx context.Context, aliListenerId string, aliCertId string) error { + // 查询监听的属性 + // REF: https://help.aliyun.com/zh/slb/network-load-balancer/developer-reference/api-nlb-2022-04-30-getlistenerattribute + getListenerAttributeReq := &nlb20220430.GetListenerAttributeRequest{ + ListenerId: tea.String(aliListenerId), + } + getListenerAttributeResp, err := d.sdkClient.GetListenerAttribute(getListenerAttributeReq) + if err != nil { + return fmt.Errorf("failed to execute sdk request 'nlb.GetListenerAttribute': %w", err) + } + + d.infos = append(d.infos, toStr("已查询到 NLB 监听配置", getListenerAttributeResp)) + + // 修改监听的属性 + // REF: https://help.aliyun.com/zh/slb/network-load-balancer/developer-reference/api-nlb-2022-04-30-updatelistenerattribute + updateListenerAttributeReq := &nlb20220430.UpdateListenerAttributeRequest{ + ListenerId: tea.String(aliListenerId), + CertificateIds: []*string{tea.String(aliCertId)}, + } + updateListenerAttributeResp, err := d.sdkClient.UpdateListenerAttribute(updateListenerAttributeReq) + if err != nil { + return fmt.Errorf("failed to execute sdk request 'nlb.UpdateListenerAttribute': %w", err) + } + + d.infos = append(d.infos, toStr("已更新 NLB 监听配置", updateListenerAttributeResp)) + + return nil +} diff --git a/internal/deployer/deployer.go b/internal/deployer/deployer.go index 8e130b3b..3936da88 100644 --- a/internal/deployer/deployer.go +++ b/internal/deployer/deployer.go @@ -19,6 +19,8 @@ const ( targetAliyunCDN = "aliyun-cdn" targetAliyunESA = "aliyun-dcdn" targetAliyunCLB = "aliyun-clb" + targetAliyunALB = "aliyun-alb" + targetAliyunNLB = "aliyun-nlb" targetTencentCDN = "tencent-cdn" targetTencentCLB = "tencent-clb" targetTencentCOS = "tencent-cos" @@ -109,6 +111,10 @@ func getWithDeployConfig(record *models.Record, cert *applicant.Certificate, dep return NewAliyunESADeployer(option) case targetAliyunCLB: return NewAliyunCLBDeployer(option) + case targetAliyunALB: + return NewAliyunALBDeployer(option) + case targetAliyunNLB: + return NewAliyunNLBDeployer(option) case targetTencentCDN: return NewTencentCDNDeployer(option) case targetTencentCLB: @@ -130,7 +136,7 @@ func getWithDeployConfig(record *models.Record, cert *applicant.Certificate, dep case targetK8sSecret: return NewK8sSecretDeployer(option) } - return nil, errors.New("not implemented") + return nil, errors.New("unsupported deploy target") } func getProduct(t string) string { diff --git a/ui/src/components/certimate/DeployEditDialog.tsx b/ui/src/components/certimate/DeployEditDialog.tsx index 395fd9c8..b368a1fb 100644 --- a/ui/src/components/certimate/DeployEditDialog.tsx +++ b/ui/src/components/certimate/DeployEditDialog.tsx @@ -13,6 +13,7 @@ import DeployToAliyunOSS from "./DeployToAliyunOSS"; import DeployToAliyunCDN from "./DeployToAliyunCDN"; import DeployToAliyunCLB from "./DeployToAliyunCLB"; import DeployToAliyunALB from "./DeployToAliyunALB"; +import DeployToAliyunNLB from "./DeployToAliyunNLB"; import DeployToTencentCDN from "./DeployToTencentCDN"; import DeployToTencentCLB from "./DeployToTencentCLB"; import DeployToTencentCOS from "./DeployToTencentCOS"; @@ -126,6 +127,9 @@ const DeployEditDialog = ({ trigger, deployConfig, onSave }: DeployEditDialogPro case "aliyun-alb": childComponent = ; break; + case "aliyun-nlb": + childComponent = ; + break; case "tencent-cdn": childComponent = ; break; diff --git a/ui/src/components/certimate/DeployToAliyunNLB.tsx b/ui/src/components/certimate/DeployToAliyunNLB.tsx new file mode 100644 index 00000000..38d6b1f7 --- /dev/null +++ b/ui/src/components/certimate/DeployToAliyunNLB.tsx @@ -0,0 +1,162 @@ +import { useEffect } from "react"; +import { useTranslation } from "react-i18next"; +import { z } from "zod"; +import { produce } from "immer"; + +import { Input } from "@/components/ui/input"; +import { Label } from "@/components/ui/label"; +import { Select, SelectContent, SelectGroup, SelectItem, SelectTrigger, SelectValue } from "@/components/ui/select"; +import { useDeployEditContext } from "./DeployEdit"; + +const DeployToAliyunNLB = () => { + const { t } = useTranslation(); + + const { deploy: data, setDeploy, error, setError } = useDeployEditContext(); + + useEffect(() => { + if (!data.id) { + setDeploy({ + ...data, + config: { + region: "cn-hangzhou", + resourceType: "", + loadbalancerId: "", + listenerId: "", + }, + }); + } + }, []); + + useEffect(() => { + setError({}); + }, []); + + const formSchema = z + .object({ + region: z.string().min(1, t("domain.deployment.form.aliyun_nlb_region.placeholder")), + resourceType: z.union([z.literal("loadbalancer"), z.literal("listener")], { + message: t("domain.deployment.form.aliyun_nlb_resource_type.placeholder"), + }), + loadbalancerId: z.string().optional(), + listenerId: z.string().optional(), + }) + .refine((data) => (data.resourceType === "loadbalancer" ? !!data.loadbalancerId?.trim() : true), { + message: t("domain.deployment.form.aliyun_nlb_loadbalancer_id.placeholder"), + path: ["loadbalancerId"], + }) + .refine((data) => (data.resourceType === "listener" ? !!data.listenerId?.trim() : true), { + message: t("domain.deployment.form.aliyun_nlb_listener_id.placeholder"), + path: ["listenerId"], + }); + + useEffect(() => { + const res = formSchema.safeParse(data.config); + if (!res.success) { + setError({ + ...error, + region: res.error.errors.find((e) => e.path[0] === "region")?.message, + resourceType: res.error.errors.find((e) => e.path[0] === "resourceType")?.message, + loadbalancerId: res.error.errors.find((e) => e.path[0] === "loadbalancerId")?.message, + listenerId: res.error.errors.find((e) => e.path[0] === "listenerId")?.message, + }); + } else { + setError({ + ...error, + region: undefined, + resourceType: undefined, + loadbalancerId: undefined, + listenerId: undefined, + }); + } + }, [data]); + + return ( +
+
+ + { + const newData = produce(data, (draft) => { + draft.config ??= {}; + draft.config.region = e.target.value?.trim(); + }); + setDeploy(newData); + }} + /> +
{error?.region}
+
+ +
+ + +
{error?.resourceType}
+
+ + {data?.config?.resourceType === "loadbalancer" ? ( +
+ + { + const newData = produce(data, (draft) => { + draft.config ??= {}; + draft.config.loadbalancerId = e.target.value?.trim(); + }); + setDeploy(newData); + }} + /> +
{error?.loadbalancerId}
+
+ ) : ( + <> + )} + + {data?.config?.resourceType === "listener" ? ( +
+ + { + const newData = produce(data, (draft) => { + draft.config ??= {}; + draft.config.listenerId = e.target.value?.trim(); + }); + setDeploy(newData); + }} + /> +
{error?.listenerId}
+
+ ) : ( + <> + )} +
+ ); +}; + +export default DeployToAliyunNLB; diff --git a/ui/src/domain/domain.ts b/ui/src/domain/domain.ts index 8f090032..b2a51492 100644 --- a/ui/src/domain/domain.ts +++ b/ui/src/domain/domain.ts @@ -77,6 +77,7 @@ export const deployTargetsMap: Map = new Map ["aliyun-dcdn", "common.provider.aliyun.dcdn", "/imgs/providers/aliyun.svg"], ["aliyun-clb", "common.provider.aliyun.clb", "/imgs/providers/aliyun.svg"], ["aliyun-alb", "common.provider.aliyun.alb", "/imgs/providers/aliyun.svg"], + ["aliyun-nlb", "common.provider.aliyun.nlb", "/imgs/providers/aliyun.svg"], ["tencent-cdn", "common.provider.tencent.cdn", "/imgs/providers/tencent.svg"], ["tencent-clb", "common.provider.tencent.clb", "/imgs/providers/tencent.svg"], ["tencent-cos", "common.provider.tencent.cos", "/imgs/providers/tencent.svg"], diff --git a/ui/src/i18n/locales/en/nls.common.json b/ui/src/i18n/locales/en/nls.common.json index dc6ad896..581d5e8e 100644 --- a/ui/src/i18n/locales/en/nls.common.json +++ b/ui/src/i18n/locales/en/nls.common.json @@ -58,6 +58,7 @@ "common.provider.aliyun.dcdn": "Alibaba Cloud - DCDN", "common.provider.aliyun.clb": "Alibaba Cloud - CLB", "common.provider.aliyun.alb": "Alibaba Cloud - ALB", + "common.provider.aliyun.nlb": "Alibaba Cloud - NLB", "common.provider.tencent": "Tencent Cloud", "common.provider.tencent.cdn": "Tencent Cloud - CDN", "common.provider.tencent.clb": "Tencent Cloud - CLB", diff --git a/ui/src/i18n/locales/en/nls.domain.json b/ui/src/i18n/locales/en/nls.domain.json index ddba1aae..a6e4ca83 100644 --- a/ui/src/i18n/locales/en/nls.domain.json +++ b/ui/src/i18n/locales/en/nls.domain.json @@ -81,6 +81,16 @@ "domain.deployment.form.aliyun_alb_loadbalancer_id.placeholder": "Please enter ALB loadbalancer ID", "domain.deployment.form.aliyun_alb_listener_id.label": "Listener ID", "domain.deployment.form.aliyun_alb_listener_id.placeholder": "Please enter ALB listener ID", + "domain.deployment.form.aliyun_nlb_region.label": "Region", + "domain.deployment.form.aliyun_nlb_region.placeholder": "Please enter region (e.g. cn-hangzhou)", + "domain.deployment.form.aliyun_nlb_resource_type.label": "Resource Type", + "domain.deployment.form.aliyun_nlb_resource_type.placeholder": "Please select NLB resource type", + "domain.deployment.form.aliyun_nlb_resource_type.option.loadbalancer.label": "NLB LoadBalancer", + "domain.deployment.form.aliyun_nlb_resource_type.option.listener.label": "NLB Listener", + "domain.deployment.form.aliyun_nlb_loadbalancer_id.label": "LoadBalancer ID", + "domain.deployment.form.aliyun_nlb_loadbalancer_id.placeholder": "Please enter NLB loadbalancer ID", + "domain.deployment.form.aliyun_nlb_listener_id.label": "Listener ID", + "domain.deployment.form.aliyun_nlb_listener_id.placeholder": "Please enter NLB listener ID", "domain.deployment.form.tencent_cos_region.label": "Region", "domain.deployment.form.tencent_cos_region.placeholder": "Please enter region (e.g. ap-guangzhou)", "domain.deployment.form.tencent_cos_bucket.label": "Bucket", diff --git a/ui/src/i18n/locales/zh/nls.common.json b/ui/src/i18n/locales/zh/nls.common.json index b3e18f7a..455c3351 100644 --- a/ui/src/i18n/locales/zh/nls.common.json +++ b/ui/src/i18n/locales/zh/nls.common.json @@ -57,6 +57,7 @@ "common.provider.aliyun.dcdn": "阿里云 - 全站加速 DCDN", "common.provider.aliyun.clb": "阿里云 - 传统型负载均衡 CLB", "common.provider.aliyun.alb": "阿里云 - 应用型负载均衡 ALB", + "common.provider.aliyun.nlb": "阿里云 - 网络型负载均衡 NLB", "common.provider.tencent": "腾讯云", "common.provider.tencent.cos": "腾讯云 - 对象存储 COS", "common.provider.tencent.cdn": "腾讯云 - 内容分发网络 CDN", diff --git a/ui/src/i18n/locales/zh/nls.domain.json b/ui/src/i18n/locales/zh/nls.domain.json index 1929440e..0e850ca0 100644 --- a/ui/src/i18n/locales/zh/nls.domain.json +++ b/ui/src/i18n/locales/zh/nls.domain.json @@ -66,7 +66,7 @@ "domain.deployment.form.aliyun_clb_resource_type.label": "替换方式", "domain.deployment.form.aliyun_clb_resource_type.placeholder": "请选择替换方式", "domain.deployment.form.aliyun_clb_resource_type.option.loadbalancer.label": "替换指定负载均衡器的全部监听的证书(仅支持 HTTPS 监听)", - "domain.deployment.form.aliyun_clb_resource_type.option.listener.label": "替换指定负载均衡器监听的证书", + "domain.deployment.form.aliyun_clb_resource_type.option.listener.label": "替换指定负载均衡监听的证书", "domain.deployment.form.aliyun_clb_loadbalancer_id.label": "负载均衡器 ID", "domain.deployment.form.aliyun_clb_loadbalancer_id.placeholder": "请输入负载均衡器 ID", "domain.deployment.form.aliyun_clb_listener_port.label": "监听端口", @@ -76,11 +76,21 @@ "domain.deployment.form.aliyun_alb_resource_type.label": "替换方式", "domain.deployment.form.aliyun_alb_resource_type.placeholder": "请选择替换方式", "domain.deployment.form.aliyun_alb_resource_type.option.loadbalancer.label": "替换指定负载均衡器的全部监听的证书(仅支持 HTTPS 监听)", - "domain.deployment.form.aliyun_alb_resource_type.option.listener.label": "替换指定负载均衡器监听的证书", + "domain.deployment.form.aliyun_alb_resource_type.option.listener.label": "替换指定监听器的证书", "domain.deployment.form.aliyun_alb_loadbalancer_id.label": "负载均衡器 ID", "domain.deployment.form.aliyun_alb_loadbalancer_id.placeholder": "请输入负载均衡器 ID", "domain.deployment.form.aliyun_alb_listener_id.label": "监听器 ID", "domain.deployment.form.aliyun_alb_listener_id.placeholder": "请输入监听器 ID", + "domain.deployment.form.aliyun_nlb_region.label": "地域", + "domain.deployment.form.aliyun_nlb_region.placeholder": "请输入地域(如 cn-hangzhou)", + "domain.deployment.form.aliyun_nlb_resource_type.label": "替换方式", + "domain.deployment.form.aliyun_nlb_resource_type.placeholder": "请选择替换方式", + "domain.deployment.form.aliyun_nlb_resource_type.option.loadbalancer.label": "替换指定负载均衡器的全部监听的证书(仅支持 TCPSSL 监听)", + "domain.deployment.form.aliyun_nlb_resource_type.option.listener.label": "替换指定监听器的证书", + "domain.deployment.form.aliyun_nlb_loadbalancer_id.label": "负载均衡器 ID", + "domain.deployment.form.aliyun_nlb_loadbalancer_id.placeholder": "请输入负载均衡器 ID", + "domain.deployment.form.aliyun_nlb_listener_id.label": "监听器 ID", + "domain.deployment.form.aliyun_nlb_listener_id.placeholder": "请输入监听器 ID", "domain.deployment.form.tencent_cos_region.label": "地域", "domain.deployment.form.tencent_cos_region.placeholder": "请输入地域(如 ap-guangzhou)", "domain.deployment.form.tencent_cos_bucket.label": "存储桶", From 506ab4f18e2e6bb64ad166b2b0c131c02f9d7727 Mon Sep 17 00:00:00 2001 From: Fu Diwei Date: Sat, 26 Oct 2024 13:15:01 +0800 Subject: [PATCH 6/7] feat: support quic listener in deployment to aliyun alb --- internal/deployer/aliyun_alb.go | 37 ++++++++++++++++++++++++-- internal/deployer/aliyun_clb.go | 5 ++-- internal/deployer/aliyun_nlb.go | 5 ++-- internal/deployer/huaweicloud_elb.go | 3 ++- ui/src/i18n/locales/zh/nls.domain.json | 2 +- 5 files changed, 44 insertions(+), 8 deletions(-) diff --git a/internal/deployer/aliyun_alb.go b/internal/deployer/aliyun_alb.go index 979f25f8..b676e043 100644 --- a/internal/deployer/aliyun_alb.go +++ b/internal/deployer/aliyun_alb.go @@ -110,6 +110,8 @@ func (d *AliyunALBDeployer) deployToLoadbalancer(ctx context.Context) error { return errors.New("`loadbalancerId` is required") } + aliListenerIds := make([]string, 0) + // 查询负载均衡实例的详细信息 // REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-getloadbalancerattribute getLoadBalancerAttributeReq := &alb20200616.GetLoadBalancerAttributeRequest{ @@ -122,9 +124,8 @@ func (d *AliyunALBDeployer) deployToLoadbalancer(ctx context.Context) error { d.infos = append(d.infos, toStr("已查询到 ALB 负载均衡实例", getLoadBalancerAttributeResp)) - // 查询监听列表 + // 查询 HTTPS 监听列表 // REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-listlisteners - aliListenerIds := make([]string, 0) listListenersPage := 1 listListenersLimit := int32(100) var listListenersToken *string = nil @@ -156,6 +157,38 @@ func (d *AliyunALBDeployer) deployToLoadbalancer(ctx context.Context) error { d.infos = append(d.infos, toStr("已查询到 ALB 负载均衡实例下的全部 HTTPS 监听", aliListenerIds)) + // 查询 QUIC 监听列表 + // REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-listlisteners + listListenersPage = 1 + listListenersToken = nil + for { + listListenersReq := &alb20200616.ListListenersRequest{ + MaxResults: tea.Int32(listListenersLimit), + NextToken: listListenersToken, + LoadBalancerIds: []*string{tea.String(aliLoadbalancerId)}, + ListenerProtocol: tea.String("QUIC"), + } + listListenersResp, err := d.sdkClient.ListListeners(listListenersReq) + if err != nil { + return fmt.Errorf("failed to execute sdk request 'alb.ListListeners': %w", err) + } + + if listListenersResp.Body.Listeners != nil { + for _, listener := range listListenersResp.Body.Listeners { + aliListenerIds = append(aliListenerIds, *listener.ListenerId) + } + } + + if listListenersResp.Body.NextToken == nil { + break + } else { + listListenersToken = listListenersResp.Body.NextToken + listListenersPage += 1 + } + } + + d.infos = append(d.infos, toStr("已查询到 ALB 负载均衡实例下的全部 QUIC 监听", aliListenerIds)) + // 上传证书到 SSL uploadResult, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey) if err != nil { diff --git a/internal/deployer/aliyun_clb.go b/internal/deployer/aliyun_clb.go index 0c6466a7..11384ba8 100644 --- a/internal/deployer/aliyun_clb.go +++ b/internal/deployer/aliyun_clb.go @@ -113,6 +113,8 @@ func (d *AliyunCLBDeployer) deployToLoadbalancer(ctx context.Context) error { return errors.New("`loadbalancerId` is required") } + aliListenerPorts := make([]int32, 0) + // 查询负载均衡实例的详细信息 // REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-describeloadbalancerattribute describeLoadBalancerAttributeReq := &slb20140515.DescribeLoadBalancerAttributeRequest{ @@ -126,9 +128,8 @@ func (d *AliyunCLBDeployer) deployToLoadbalancer(ctx context.Context) error { d.infos = append(d.infos, toStr("已查询到 CLB 负载均衡实例", describeLoadBalancerAttributeResp)) - // 查询监听列表 + // 查询 HTTPS 监听列表 // REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-describeloadbalancerlisteners - aliListenerPorts := make([]int32, 0) listListenersPage := 1 listListenersLimit := int32(100) var listListenersToken *string = nil diff --git a/internal/deployer/aliyun_nlb.go b/internal/deployer/aliyun_nlb.go index 8e4d8d84..cb9d8c43 100644 --- a/internal/deployer/aliyun_nlb.go +++ b/internal/deployer/aliyun_nlb.go @@ -110,6 +110,8 @@ func (d *AliyunNLBDeployer) deployToLoadbalancer(ctx context.Context) error { return errors.New("`loadbalancerId` is required") } + aliListenerIds := make([]string, 0) + // 查询负载均衡实例的详细信息 // REF: https://help.aliyun.com/zh/slb/network-load-balancer/developer-reference/api-nlb-2022-04-30-getloadbalancerattribute getLoadBalancerAttributeReq := &nlb20220430.GetLoadBalancerAttributeRequest{ @@ -122,9 +124,8 @@ func (d *AliyunNLBDeployer) deployToLoadbalancer(ctx context.Context) error { d.infos = append(d.infos, toStr("已查询到 NLB 负载均衡实例", getLoadBalancerAttributeResp)) - // 查询监听列表 + // 查询 TCPSSL 监听列表 // REF: https://help.aliyun.com/zh/slb/network-load-balancer/developer-reference/api-nlb-2022-04-30-listlisteners - aliListenerIds := make([]string, 0) listListenersPage := 1 listListenersLimit := int32(100) var listListenersToken *string = nil diff --git a/internal/deployer/huaweicloud_elb.go b/internal/deployer/huaweicloud_elb.go index fc5920bb..f9f26338 100644 --- a/internal/deployer/huaweicloud_elb.go +++ b/internal/deployer/huaweicloud_elb.go @@ -208,6 +208,8 @@ func (d *HuaweiCloudELBDeployer) deployToLoadbalancer(ctx context.Context) error return errors.New("`loadbalancerId` is required") } + hcListenerIds := make([]string, 0) + // 查询负载均衡器详情 // REF: https://support.huaweicloud.com/api-elb/ShowLoadBalancer.html showLoadBalancerReq := &hcElbModel.ShowLoadBalancerRequest{ @@ -222,7 +224,6 @@ func (d *HuaweiCloudELBDeployer) deployToLoadbalancer(ctx context.Context) error // 查询监听器列表 // REF: https://support.huaweicloud.com/api-elb/ListListeners.html - hcListenerIds := make([]string, 0) listListenersLimit := int32(2000) var listListenersMarker *string = nil for { diff --git a/ui/src/i18n/locales/zh/nls.domain.json b/ui/src/i18n/locales/zh/nls.domain.json index 0e850ca0..6ad1cb27 100644 --- a/ui/src/i18n/locales/zh/nls.domain.json +++ b/ui/src/i18n/locales/zh/nls.domain.json @@ -75,7 +75,7 @@ "domain.deployment.form.aliyun_alb_region.placeholder": "请输入地域(如 cn-hangzhou)", "domain.deployment.form.aliyun_alb_resource_type.label": "替换方式", "domain.deployment.form.aliyun_alb_resource_type.placeholder": "请选择替换方式", - "domain.deployment.form.aliyun_alb_resource_type.option.loadbalancer.label": "替换指定负载均衡器的全部监听的证书(仅支持 HTTPS 监听)", + "domain.deployment.form.aliyun_alb_resource_type.option.loadbalancer.label": "替换指定负载均衡器的全部监听的证书(仅支持 HTTPS/QUIC 监听)", "domain.deployment.form.aliyun_alb_resource_type.option.listener.label": "替换指定监听器的证书", "domain.deployment.form.aliyun_alb_loadbalancer_id.label": "负载均衡器 ID", "domain.deployment.form.aliyun_alb_loadbalancer_id.placeholder": "请输入负载均衡器 ID", From da4715e6dc36171cda43a2750cced65b4f448771 Mon Sep 17 00:00:00 2001 From: Fu Diwei Date: Sat, 26 Oct 2024 13:18:15 +0800 Subject: [PATCH 7/7] fix: fix aliyun nlb endpoint --- internal/deployer/aliyun_nlb.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/internal/deployer/aliyun_nlb.go b/internal/deployer/aliyun_nlb.go index cb9d8c43..514657e6 100644 --- a/internal/deployer/aliyun_nlb.go +++ b/internal/deployer/aliyun_nlb.go @@ -89,8 +89,6 @@ func (d *AliyunNLBDeployer) createSdkClient(accessKeyId, accessKeySecret, region var endpoint string switch region { - case "cn-hangzhou-finance": - endpoint = "nlb.cn-hangzhou.aliyuncs.com" default: endpoint = fmt.Sprintf("nlb.%s.aliyuncs.com", region) }