diff --git a/internal/deployer/aliyun_alb.go b/internal/deployer/aliyun_alb.go index 4ee68a7a..91f6f0c7 100644 --- a/internal/deployer/aliyun_alb.go +++ b/internal/deployer/aliyun_alb.go @@ -9,6 +9,7 @@ import ( aliyunAlb "github.com/alibabacloud-go/alb-20200616/v2/client" aliyunOpen "github.com/alibabacloud-go/darabonba-openapi/v2/client" "github.com/alibabacloud-go/tea/tea" + xerrors "github.com/pkg/errors" "github.com/usual2970/certimate/internal/domain" "github.com/usual2970/certimate/internal/pkg/core/uploader" @@ -24,7 +25,9 @@ type AliyunALBDeployer struct { func NewAliyunALBDeployer(option *DeployerOption) (Deployer, error) { access := &domain.AliyunAccess{} - json.Unmarshal([]byte(option.Access), access) + if err := json.Unmarshal([]byte(option.Access), access); err != nil { + return nil, xerrors.Wrap(err, "failed to get access") + } client, err := (&AliyunALBDeployer{}).createSdkClient( access.AccessKeyId, @@ -32,7 +35,7 @@ func NewAliyunALBDeployer(option *DeployerOption) (Deployer, error) { option.DeployConfig.GetConfigAsString("region"), ) if err != nil { - return nil, err + return nil, xerrors.Wrap(err, "failed to create sdk client") } uploader, err := uploader.NewAliyunCASUploader(&uploader.AliyunCASUploaderConfig{ @@ -41,7 +44,7 @@ func NewAliyunALBDeployer(option *DeployerOption) (Deployer, error) { Region: option.DeployConfig.GetConfigAsString("region"), }) if err != nil { - return nil, err + return nil, xerrors.Wrap(err, "failed to create ssl uploader") } return &AliyunALBDeployer{ @@ -119,7 +122,7 @@ func (d *AliyunALBDeployer) deployToLoadbalancer(ctx context.Context) error { } getLoadBalancerAttributeResp, err := d.sdkClient.GetLoadBalancerAttribute(getLoadBalancerAttributeReq) if err != nil { - return fmt.Errorf("failed to execute sdk request 'alb.GetLoadBalancerAttribute': %w", err) + return xerrors.Wrap(err, "failed to execute sdk request 'alb.GetLoadBalancerAttribute'") } d.infos = append(d.infos, toStr("已查询到 ALB 负载均衡实例", getLoadBalancerAttributeResp)) @@ -138,7 +141,7 @@ func (d *AliyunALBDeployer) deployToLoadbalancer(ctx context.Context) error { } listListenersResp, err := d.sdkClient.ListListeners(listListenersReq) if err != nil { - return fmt.Errorf("failed to execute sdk request 'alb.ListListeners': %w", err) + return xerrors.Wrap(err, "failed to execute sdk request 'alb.ListListeners'") } if listListenersResp.Body.Listeners != nil { @@ -170,7 +173,7 @@ func (d *AliyunALBDeployer) deployToLoadbalancer(ctx context.Context) error { } listListenersResp, err := d.sdkClient.ListListeners(listListenersReq) if err != nil { - return fmt.Errorf("failed to execute sdk request 'alb.ListListeners': %w", err) + return xerrors.Wrap(err, "failed to execute sdk request 'alb.ListListeners'") } if listListenersResp.Body.Listeners != nil { @@ -190,17 +193,17 @@ func (d *AliyunALBDeployer) deployToLoadbalancer(ctx context.Context) error { d.infos = append(d.infos, toStr("已查询到 ALB 负载均衡实例下的全部 QUIC 监听", aliListenerIds)) // 上传证书到 SSL - uploadResult, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey) + upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey) if err != nil { return err } - d.infos = append(d.infos, toStr("已上传证书", uploadResult)) + d.infos = append(d.infos, toStr("已上传证书", upres)) // 批量更新监听证书 var errs []error for _, aliListenerId := range aliListenerIds { - if err := d.updateListenerCertificate(ctx, aliListenerId, uploadResult.CertId); err != nil { + if err := d.updateListenerCertificate(ctx, aliListenerId, upres.CertId); err != nil { errs = append(errs, err) } } @@ -218,15 +221,15 @@ func (d *AliyunALBDeployer) deployToListener(ctx context.Context) error { } // 上传证书到 SSL - uploadResult, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey) + upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey) if err != nil { return err } - d.infos = append(d.infos, toStr("已上传证书", uploadResult)) + d.infos = append(d.infos, toStr("已上传证书", upres)) // 更新监听 - if err := d.updateListenerCertificate(ctx, aliListenerId, uploadResult.CertId); err != nil { + if err := d.updateListenerCertificate(ctx, aliListenerId, upres.CertId); err != nil { return err } @@ -241,7 +244,7 @@ func (d *AliyunALBDeployer) updateListenerCertificate(ctx context.Context, aliLi } getListenerAttributeResp, err := d.sdkClient.GetListenerAttribute(getListenerAttributeReq) if err != nil { - return fmt.Errorf("failed to execute sdk request 'alb.GetListenerAttribute': %w", err) + return xerrors.Wrap(err, "failed to execute sdk request 'alb.GetListenerAttribute'") } d.infos = append(d.infos, toStr("已查询到 ALB 监听配置", getListenerAttributeResp)) @@ -256,7 +259,7 @@ func (d *AliyunALBDeployer) updateListenerCertificate(ctx context.Context, aliLi } updateListenerAttributeResp, err := d.sdkClient.UpdateListenerAttribute(updateListenerAttributeReq) if err != nil { - return fmt.Errorf("failed to execute sdk request 'alb.UpdateListenerAttribute': %w", err) + return xerrors.Wrap(err, "failed to execute sdk request 'alb.UpdateListenerAttribute'") } d.infos = append(d.infos, toStr("已更新 ALB 监听配置", updateListenerAttributeResp)) diff --git a/internal/deployer/aliyun_cdn.go b/internal/deployer/aliyun_cdn.go index 2b633182..29e9bf15 100644 --- a/internal/deployer/aliyun_cdn.go +++ b/internal/deployer/aliyun_cdn.go @@ -8,6 +8,7 @@ import ( aliyunCdn "github.com/alibabacloud-go/cdn-20180510/v5/client" aliyunOpen "github.com/alibabacloud-go/darabonba-openapi/v2/client" "github.com/alibabacloud-go/tea/tea" + xerrors "github.com/pkg/errors" "github.com/usual2970/certimate/internal/domain" "github.com/usual2970/certimate/internal/utils/rand" @@ -22,14 +23,16 @@ type AliyunCDNDeployer struct { func NewAliyunCDNDeployer(option *DeployerOption) (Deployer, error) { access := &domain.AliyunAccess{} - json.Unmarshal([]byte(option.Access), access) + if err := json.Unmarshal([]byte(option.Access), access); err != nil { + return nil, xerrors.Wrap(err, "failed to get access") + } client, err := (&AliyunCDNDeployer{}).createSdkClient( access.AccessKeyId, access.AccessKeySecret, ) if err != nil { - return nil, err + return nil, xerrors.Wrap(err, "failed to create sdk client") } return &AliyunCDNDeployer{ @@ -63,7 +66,7 @@ func (d *AliyunCDNDeployer) Deploy(ctx context.Context) error { } setCdnDomainSSLCertificateResp, err := d.sdkClient.SetCdnDomainSSLCertificate(setCdnDomainSSLCertificateReq) if err != nil { - return fmt.Errorf("failed to execute sdk request 'cdn.SetCdnDomainSSLCertificate': %w", err) + return xerrors.Wrap(err, "failed to execute sdk request 'cdn.SetCdnDomainSSLCertificate'") } d.infos = append(d.infos, toStr("已设置 CDN 域名证书", setCdnDomainSSLCertificateResp)) diff --git a/internal/deployer/aliyun_clb.go b/internal/deployer/aliyun_clb.go index 87f68a02..8af40687 100644 --- a/internal/deployer/aliyun_clb.go +++ b/internal/deployer/aliyun_clb.go @@ -9,6 +9,7 @@ import ( aliyunOpen "github.com/alibabacloud-go/darabonba-openapi/v2/client" aliyunSlb "github.com/alibabacloud-go/slb-20140515/v4/client" "github.com/alibabacloud-go/tea/tea" + xerrors "github.com/pkg/errors" "github.com/usual2970/certimate/internal/domain" "github.com/usual2970/certimate/internal/pkg/core/uploader" @@ -24,7 +25,9 @@ type AliyunCLBDeployer struct { func NewAliyunCLBDeployer(option *DeployerOption) (Deployer, error) { access := &domain.AliyunAccess{} - json.Unmarshal([]byte(option.Access), access) + if err := json.Unmarshal([]byte(option.Access), access); err != nil { + return nil, xerrors.Wrap(err, "failed to get access") + } client, err := (&AliyunCLBDeployer{}).createSdkClient( access.AccessKeyId, @@ -32,7 +35,7 @@ func NewAliyunCLBDeployer(option *DeployerOption) (Deployer, error) { option.DeployConfig.GetConfigAsString("region"), ) if err != nil { - return nil, err + return nil, xerrors.Wrap(err, "failed to create sdk client") } uploader, err := uploader.NewAliyunSLBUploader(&uploader.AliyunSLBUploaderConfig{ @@ -41,7 +44,7 @@ func NewAliyunCLBDeployer(option *DeployerOption) (Deployer, error) { Region: option.DeployConfig.GetConfigAsString("region"), }) if err != nil { - return nil, err + return nil, xerrors.Wrap(err, "failed to create ssl uploader") } return &AliyunCLBDeployer{ @@ -123,7 +126,7 @@ func (d *AliyunCLBDeployer) deployToLoadbalancer(ctx context.Context) error { } describeLoadBalancerAttributeResp, err := d.sdkClient.DescribeLoadBalancerAttribute(describeLoadBalancerAttributeReq) if err != nil { - return fmt.Errorf("failed to execute sdk request 'slb.DescribeLoadBalancerAttribute': %w", err) + return xerrors.Wrap(err, "failed to execute sdk request 'slb.DescribeLoadBalancerAttribute'") } d.infos = append(d.infos, toStr("已查询到 CLB 负载均衡实例", describeLoadBalancerAttributeResp)) @@ -143,7 +146,7 @@ func (d *AliyunCLBDeployer) deployToLoadbalancer(ctx context.Context) error { } describeLoadBalancerListenersResp, err := d.sdkClient.DescribeLoadBalancerListeners(describeLoadBalancerListenersReq) if err != nil { - return fmt.Errorf("failed to execute sdk request 'slb.DescribeLoadBalancerListeners': %w", err) + return xerrors.Wrap(err, "failed to execute sdk request 'slb.DescribeLoadBalancerListeners'") } if describeLoadBalancerListenersResp.Body.Listeners != nil { @@ -163,17 +166,17 @@ func (d *AliyunCLBDeployer) deployToLoadbalancer(ctx context.Context) error { d.infos = append(d.infos, toStr("已查询到 CLB 负载均衡实例下的全部 HTTPS 监听", aliListenerPorts)) // 上传证书到 SLB - uploadResult, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey) + upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey) if err != nil { return err } - d.infos = append(d.infos, toStr("已上传证书", uploadResult)) + d.infos = append(d.infos, toStr("已上传证书", upres)) // 批量更新监听证书 var errs []error for _, aliListenerPort := range aliListenerPorts { - if err := d.updateListenerCertificate(ctx, aliLoadbalancerId, aliListenerPort, uploadResult.CertId); err != nil { + if err := d.updateListenerCertificate(ctx, aliLoadbalancerId, aliListenerPort, upres.CertId); err != nil { errs = append(errs, err) } } @@ -196,15 +199,15 @@ func (d *AliyunCLBDeployer) deployToListener(ctx context.Context) error { } // 上传证书到 SLB - uploadResult, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey) + upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey) if err != nil { return err } - d.infos = append(d.infos, toStr("已上传证书", uploadResult)) + d.infos = append(d.infos, toStr("已上传证书", upres)) // 更新监听 - if err := d.updateListenerCertificate(ctx, aliLoadbalancerId, aliListenerPort, uploadResult.CertId); err != nil { + if err := d.updateListenerCertificate(ctx, aliLoadbalancerId, aliListenerPort, upres.CertId); err != nil { return err } @@ -220,7 +223,7 @@ func (d *AliyunCLBDeployer) updateListenerCertificate(ctx context.Context, aliLo } describeLoadBalancerHTTPSListenerAttributeResp, err := d.sdkClient.DescribeLoadBalancerHTTPSListenerAttribute(describeLoadBalancerHTTPSListenerAttributeReq) if err != nil { - return fmt.Errorf("failed to execute sdk request 'slb.DescribeLoadBalancerHTTPSListenerAttribute': %w", err) + return xerrors.Wrap(err, "failed to execute sdk request 'slb.DescribeLoadBalancerHTTPSListenerAttribute'") } d.infos = append(d.infos, toStr("已查询到 CLB HTTPS 监听配置", describeLoadBalancerHTTPSListenerAttributeResp)) @@ -234,7 +237,7 @@ func (d *AliyunCLBDeployer) updateListenerCertificate(ctx context.Context, aliLo } describeDomainExtensionsResp, err := d.sdkClient.DescribeDomainExtensions(describeDomainExtensionsReq) if err != nil { - return fmt.Errorf("failed to execute sdk request 'slb.DescribeDomainExtensions': %w", err) + return xerrors.Wrap(err, "failed to execute sdk request 'slb.DescribeDomainExtensions'") } d.infos = append(d.infos, toStr("已查询到 CLB 扩展域名", describeDomainExtensionsResp)) @@ -256,7 +259,7 @@ func (d *AliyunCLBDeployer) updateListenerCertificate(ctx context.Context, aliLo } _, err := d.sdkClient.SetDomainExtensionAttribute(setDomainExtensionAttributeReq) if err != nil { - return fmt.Errorf("failed to execute sdk request 'slb.SetDomainExtensionAttribute': %w", err) + return xerrors.Wrap(err, "failed to execute sdk request 'slb.SetDomainExtensionAttribute'") } } } @@ -273,7 +276,7 @@ func (d *AliyunCLBDeployer) updateListenerCertificate(ctx context.Context, aliLo } setLoadBalancerHTTPSListenerAttributeResp, err := d.sdkClient.SetLoadBalancerHTTPSListenerAttribute(setLoadBalancerHTTPSListenerAttributeReq) if err != nil { - return fmt.Errorf("failed to execute sdk request 'slb.SetLoadBalancerHTTPSListenerAttribute': %w", err) + return xerrors.Wrap(err, "failed to execute sdk request 'slb.SetLoadBalancerHTTPSListenerAttribute'") } d.infos = append(d.infos, toStr("已更新 CLB HTTPS 监听配置", setLoadBalancerHTTPSListenerAttributeResp)) diff --git a/internal/deployer/aliyun_dcdn.go b/internal/deployer/aliyun_dcdn.go index f760e92f..37641016 100644 --- a/internal/deployer/aliyun_dcdn.go +++ b/internal/deployer/aliyun_dcdn.go @@ -9,6 +9,7 @@ import ( aliyunOpen "github.com/alibabacloud-go/darabonba-openapi/v2/client" aliyunDcdn "github.com/alibabacloud-go/dcdn-20180115/v3/client" "github.com/alibabacloud-go/tea/tea" + xerrors "github.com/pkg/errors" "github.com/usual2970/certimate/internal/domain" "github.com/usual2970/certimate/internal/utils/rand" @@ -23,14 +24,16 @@ type AliyunDCDNDeployer struct { func NewAliyunDCDNDeployer(option *DeployerOption) (Deployer, error) { access := &domain.AliyunAccess{} - json.Unmarshal([]byte(option.Access), access) + if err := json.Unmarshal([]byte(option.Access), access); err != nil { + return nil, xerrors.Wrap(err, "failed to get access") + } client, err := (&AliyunDCDNDeployer{}).createSdkClient( access.AccessKeyId, access.AccessKeySecret, ) if err != nil { - return nil, err + return nil, xerrors.Wrap(err, "failed to create sdk client") } return &AliyunDCDNDeployer{ @@ -70,7 +73,7 @@ func (d *AliyunDCDNDeployer) Deploy(ctx context.Context) error { } setDcdnDomainSSLCertificateResp, err := d.sdkClient.SetDcdnDomainSSLCertificate(setDcdnDomainSSLCertificateReq) if err != nil { - return fmt.Errorf("failed to execute sdk request 'dcdn.SetDcdnDomainSSLCertificate': %w", err) + return xerrors.Wrap(err, "failed to execute sdk request 'dcdn.SetDcdnDomainSSLCertificate'") } d.infos = append(d.infos, toStr("已配置 DCDN 域名证书", setDcdnDomainSSLCertificateResp)) diff --git a/internal/deployer/aliyun_nlb.go b/internal/deployer/aliyun_nlb.go index 59cc0163..36034036 100644 --- a/internal/deployer/aliyun_nlb.go +++ b/internal/deployer/aliyun_nlb.go @@ -9,6 +9,7 @@ import ( aliyunOpen "github.com/alibabacloud-go/darabonba-openapi/v2/client" aliyunNlb "github.com/alibabacloud-go/nlb-20220430/v2/client" "github.com/alibabacloud-go/tea/tea" + xerrors "github.com/pkg/errors" "github.com/usual2970/certimate/internal/domain" "github.com/usual2970/certimate/internal/pkg/core/uploader" @@ -24,7 +25,9 @@ type AliyunNLBDeployer struct { func NewAliyunNLBDeployer(option *DeployerOption) (Deployer, error) { access := &domain.AliyunAccess{} - json.Unmarshal([]byte(option.Access), access) + if err := json.Unmarshal([]byte(option.Access), access); err != nil { + return nil, xerrors.Wrap(err, "failed to get access") + } client, err := (&AliyunNLBDeployer{}).createSdkClient( access.AccessKeyId, @@ -32,7 +35,7 @@ func NewAliyunNLBDeployer(option *DeployerOption) (Deployer, error) { option.DeployConfig.GetConfigAsString("region"), ) if err != nil { - return nil, err + return nil, xerrors.Wrap(err, "failed to create sdk client") } uploader, err := uploader.NewAliyunCASUploader(&uploader.AliyunCASUploaderConfig{ @@ -41,7 +44,7 @@ func NewAliyunNLBDeployer(option *DeployerOption) (Deployer, error) { Region: option.DeployConfig.GetConfigAsString("region"), }) if err != nil { - return nil, err + return nil, xerrors.Wrap(err, "failed to create ssl uploader") } return &AliyunNLBDeployer{ @@ -117,7 +120,7 @@ func (d *AliyunNLBDeployer) deployToLoadbalancer(ctx context.Context) error { } getLoadBalancerAttributeResp, err := d.sdkClient.GetLoadBalancerAttribute(getLoadBalancerAttributeReq) if err != nil { - return fmt.Errorf("failed to execute sdk request 'nlb.GetLoadBalancerAttribute': %w", err) + return xerrors.Wrap(err, "failed to execute sdk request 'nlb.GetLoadBalancerAttribute'") } d.infos = append(d.infos, toStr("已查询到 NLB 负载均衡实例", getLoadBalancerAttributeResp)) @@ -136,7 +139,7 @@ func (d *AliyunNLBDeployer) deployToLoadbalancer(ctx context.Context) error { } listListenersResp, err := d.sdkClient.ListListeners(listListenersReq) if err != nil { - return fmt.Errorf("failed to execute sdk request 'nlb.ListListeners': %w", err) + return xerrors.Wrap(err, "failed to execute sdk request 'nlb.ListListeners'") } if listListenersResp.Body.Listeners != nil { @@ -156,17 +159,17 @@ func (d *AliyunNLBDeployer) deployToLoadbalancer(ctx context.Context) error { d.infos = append(d.infos, toStr("已查询到 NLB 负载均衡实例下的全部 TCPSSL 监听", aliListenerIds)) // 上传证书到 SSL - uploadResult, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey) + upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey) if err != nil { return err } - d.infos = append(d.infos, toStr("已上传证书", uploadResult)) + d.infos = append(d.infos, toStr("已上传证书", upres)) // 批量更新监听证书 var errs []error for _, aliListenerId := range aliListenerIds { - if err := d.updateListenerCertificate(ctx, aliListenerId, uploadResult.CertId); err != nil { + if err := d.updateListenerCertificate(ctx, aliListenerId, upres.CertId); err != nil { errs = append(errs, err) } } @@ -184,15 +187,15 @@ func (d *AliyunNLBDeployer) deployToListener(ctx context.Context) error { } // 上传证书到 SSL - uploadResult, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey) + upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey) if err != nil { return err } - d.infos = append(d.infos, toStr("已上传证书", uploadResult)) + d.infos = append(d.infos, toStr("已上传证书", upres)) // 更新监听 - if err := d.updateListenerCertificate(ctx, aliListenerId, uploadResult.CertId); err != nil { + if err := d.updateListenerCertificate(ctx, aliListenerId, upres.CertId); err != nil { return err } @@ -207,7 +210,7 @@ func (d *AliyunNLBDeployer) updateListenerCertificate(ctx context.Context, aliLi } getListenerAttributeResp, err := d.sdkClient.GetListenerAttribute(getListenerAttributeReq) if err != nil { - return fmt.Errorf("failed to execute sdk request 'nlb.GetListenerAttribute': %w", err) + return xerrors.Wrap(err, "failed to execute sdk request 'nlb.GetListenerAttribute'") } d.infos = append(d.infos, toStr("已查询到 NLB 监听配置", getListenerAttributeResp)) @@ -220,7 +223,7 @@ func (d *AliyunNLBDeployer) updateListenerCertificate(ctx context.Context, aliLi } updateListenerAttributeResp, err := d.sdkClient.UpdateListenerAttribute(updateListenerAttributeReq) if err != nil { - return fmt.Errorf("failed to execute sdk request 'nlb.UpdateListenerAttribute': %w", err) + return xerrors.Wrap(err, "failed to execute sdk request 'nlb.UpdateListenerAttribute'") } d.infos = append(d.infos, toStr("已更新 NLB 监听配置", updateListenerAttributeResp)) diff --git a/internal/deployer/aliyun_oss.go b/internal/deployer/aliyun_oss.go index 47173d0e..f0ee5f56 100644 --- a/internal/deployer/aliyun_oss.go +++ b/internal/deployer/aliyun_oss.go @@ -7,6 +7,7 @@ import ( "fmt" "github.com/aliyun/aliyun-oss-go-sdk/oss" + xerrors "github.com/pkg/errors" "github.com/usual2970/certimate/internal/domain" ) @@ -20,7 +21,9 @@ type AliyunOSSDeployer struct { func NewAliyunOSSDeployer(option *DeployerOption) (Deployer, error) { access := &domain.AliyunAccess{} - json.Unmarshal([]byte(option.Access), access) + if err := json.Unmarshal([]byte(option.Access), access); err != nil { + return nil, xerrors.Wrap(err, "failed to get access") + } client, err := (&AliyunOSSDeployer{}).createSdkClient( access.AccessKeyId, @@ -28,7 +31,7 @@ func NewAliyunOSSDeployer(option *DeployerOption) (Deployer, error) { option.DeployConfig.GetConfigAsString("endpoint"), ) if err != nil { - return nil, err + return nil, xerrors.Wrap(err, "failed to create sdk client") } return &AliyunOSSDeployer{ @@ -63,7 +66,7 @@ func (d *AliyunOSSDeployer) Deploy(ctx context.Context) error { }, }) if err != nil { - return fmt.Errorf("failed to execute sdk request 'oss.PutBucketCnameWithCertificate': %w", err) + return xerrors.Wrap(err, "failed to execute sdk request 'oss.PutBucketCnameWithCertificate'") } return nil diff --git a/internal/deployer/deployer.go b/internal/deployer/deployer.go index 100f6753..57ae4568 100644 --- a/internal/deployer/deployer.go +++ b/internal/deployer/deployer.go @@ -204,7 +204,7 @@ func convertPEMToPFX(certificate string, privateKey string, password string) ([] pfxData, err := pkcs12.LegacyRC2.Encode(privkey, cert, nil, password) if err != nil { - return nil, fmt.Errorf("failed to encode as pfx %w", err) + return nil, err } return pfxData, nil diff --git a/internal/deployer/huaweicloud_cdn.go b/internal/deployer/huaweicloud_cdn.go index ab6e936b..e8f35171 100644 --- a/internal/deployer/huaweicloud_cdn.go +++ b/internal/deployer/huaweicloud_cdn.go @@ -10,6 +10,7 @@ import ( hcCdn "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cdn/v2" hcCdnModel "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cdn/v2/model" hcCdnRegion "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cdn/v2/region" + xerrors "github.com/pkg/errors" "github.com/usual2970/certimate/internal/domain" "github.com/usual2970/certimate/internal/pkg/core/uploader" @@ -27,7 +28,7 @@ type HuaweiCloudCDNDeployer struct { func NewHuaweiCloudCDNDeployer(option *DeployerOption) (Deployer, error) { access := &domain.HuaweiCloudAccess{} if err := json.Unmarshal([]byte(option.Access), access); err != nil { - return nil, err + return nil, xerrors.Wrap(err, "failed to get access") } client, err := (&HuaweiCloudCDNDeployer{}).createSdkClient( @@ -36,7 +37,7 @@ func NewHuaweiCloudCDNDeployer(option *DeployerOption) (Deployer, error) { option.DeployConfig.GetConfigAsString("region"), ) if err != nil { - return nil, err + return nil, xerrors.Wrap(err, "failed to create sdk client") } // TODO: SCM 服务与 DNS 服务所支持的区域可能不一致,这里暂时不传而是使用默认值,仅支持华为云国内版 @@ -46,7 +47,7 @@ func NewHuaweiCloudCDNDeployer(option *DeployerOption) (Deployer, error) { Region: "", }) if err != nil { - return nil, err + return nil, xerrors.Wrap(err, "failed to create ssl uploader") } return &HuaweiCloudCDNDeployer{ @@ -87,16 +88,16 @@ func (d *HuaweiCloudCDNDeployer) Deploy(ctx context.Context) error { var updateDomainMultiCertificatesResp *hcCdnModel.UpdateDomainMultiCertificatesResponse if d.option.DeployConfig.GetConfigAsBool("useSCM") { // 上传证书到 SCM - uploadResult, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey) + upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey) if err != nil { return err } - d.infos = append(d.infos, toStr("已上传证书", uploadResult)) + d.infos = append(d.infos, toStr("已上传证书", upres)) updateDomainMultiCertificatesReqBodyContent.CertificateType = cast.Int32Ptr(2) - updateDomainMultiCertificatesReqBodyContent.SCMCertificateId = cast.StringPtr(uploadResult.CertId) - updateDomainMultiCertificatesReqBodyContent.CertName = cast.StringPtr(uploadResult.CertName) + updateDomainMultiCertificatesReqBodyContent.SCMCertificateId = cast.StringPtr(upres.CertId) + updateDomainMultiCertificatesReqBodyContent.CertName = cast.StringPtr(upres.CertName) } else { updateDomainMultiCertificatesReqBodyContent.CertificateType = cast.Int32Ptr(0) updateDomainMultiCertificatesReqBodyContent.CertName = cast.StringPtr(fmt.Sprintf("certimate-%d", time.Now().UnixMilli())) diff --git a/internal/deployer/huaweicloud_elb.go b/internal/deployer/huaweicloud_elb.go index f9f26338..9bf9f40e 100644 --- a/internal/deployer/huaweicloud_elb.go +++ b/internal/deployer/huaweicloud_elb.go @@ -16,6 +16,7 @@ import ( hcIam "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/iam/v3" hcIamModel "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/iam/v3/model" hcIamRegion "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/iam/v3/region" + xerrors "github.com/pkg/errors" "github.com/usual2970/certimate/internal/domain" "github.com/usual2970/certimate/internal/pkg/core/uploader" @@ -33,7 +34,7 @@ type HuaweiCloudELBDeployer struct { func NewHuaweiCloudELBDeployer(option *DeployerOption) (Deployer, error) { access := &domain.HuaweiCloudAccess{} if err := json.Unmarshal([]byte(option.Access), access); err != nil { - return nil, err + return nil, xerrors.Wrap(err, "failed to get access") } client, err := (&HuaweiCloudELBDeployer{}).createSdkClient( @@ -42,7 +43,7 @@ func NewHuaweiCloudELBDeployer(option *DeployerOption) (Deployer, error) { option.DeployConfig.GetConfigAsString("region"), ) if err != nil { - return nil, err + return nil, xerrors.Wrap(err, "failed to create sdk client") } uploader, err := uploader.NewHuaweiCloudELBUploader(&uploader.HuaweiCloudELBUploaderConfig{ @@ -51,7 +52,7 @@ func NewHuaweiCloudELBDeployer(option *DeployerOption) (Deployer, error) { Region: option.DeployConfig.GetConfigAsString("region"), }) if err != nil { - return nil, err + return nil, xerrors.Wrap(err, "failed to create ssl uploader") } return &HuaweiCloudELBDeployer{ @@ -73,14 +74,17 @@ func (d *HuaweiCloudELBDeployer) GetInfo() []string { func (d *HuaweiCloudELBDeployer) Deploy(ctx context.Context) error { switch d.option.DeployConfig.GetConfigAsString("resourceType") { case "certificate": + // 部署到指定证书 if err := d.deployToCertificate(ctx); err != nil { return err } case "loadbalancer": + // 部署到指定负载均衡器 if err := d.deployToLoadbalancer(ctx); err != nil { return err } case "listener": + // 部署到指定监听器 if err := d.deployToListener(ctx); err != nil { return err } @@ -254,17 +258,17 @@ func (d *HuaweiCloudELBDeployer) deployToLoadbalancer(ctx context.Context) error d.infos = append(d.infos, toStr("已查询到 ELB 负载均衡器下的监听器", hcListenerIds)) // 上传证书到 SCM - uploadResult, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey) + upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey) if err != nil { return err } - d.infos = append(d.infos, toStr("已上传证书", uploadResult)) + d.infos = append(d.infos, toStr("已上传证书", upres)) // 批量更新监听器证书 var errs []error for _, hcListenerId := range hcListenerIds { - if err := d.updateListenerCertificate(ctx, hcListenerId, uploadResult.CertId); err != nil { + if err := d.updateListenerCertificate(ctx, hcListenerId, upres.CertId); err != nil { errs = append(errs, err) } } @@ -282,15 +286,15 @@ func (d *HuaweiCloudELBDeployer) deployToListener(ctx context.Context) error { } // 上传证书到 SCM - uploadResult, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey) + upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey) if err != nil { return err } - d.infos = append(d.infos, toStr("已上传证书", uploadResult)) + d.infos = append(d.infos, toStr("已上传证书", upres)) // 更新监听器证书 - if err := d.updateListenerCertificate(ctx, hcListenerId, uploadResult.CertId); err != nil { + if err := d.updateListenerCertificate(ctx, hcListenerId, upres.CertId); err != nil { return err } diff --git a/internal/deployer/k8s_secret.go b/internal/deployer/k8s_secret.go index 85471ef3..0b5945b9 100644 --- a/internal/deployer/k8s_secret.go +++ b/internal/deployer/k8s_secret.go @@ -3,9 +3,11 @@ package deployer import ( "context" "encoding/json" + "errors" "fmt" "strings" + xerrors "github.com/pkg/errors" k8sCore "k8s.io/api/core/v1" k8sMeta "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/kubernetes" @@ -19,12 +21,25 @@ import ( type K8sSecretDeployer struct { option *DeployerOption infos []string + + k8sClient *kubernetes.Clientset } func NewK8sSecretDeployer(option *DeployerOption) (Deployer, error) { + access := &domain.KubernetesAccess{} + if err := json.Unmarshal([]byte(option.Access), access); err != nil { + return nil, xerrors.Wrap(err, "failed to get access") + } + + client, err := (&K8sSecretDeployer{}).createK8sClient(access) + if err != nil { + return nil, xerrors.Wrap(err, "failed to create k8s client") + } + return &K8sSecretDeployer{ - option: option, - infos: make([]string, 0), + option: option, + infos: make([]string, 0), + k8sClient: client, }, nil } @@ -37,41 +52,20 @@ func (d *K8sSecretDeployer) GetInfo() []string { } func (d *K8sSecretDeployer) Deploy(ctx context.Context) error { - access := &domain.KubernetesAccess{} - if err := json.Unmarshal([]byte(d.option.Access), access); err != nil { - return err - } - - client, err := d.createClient(access) - if err != nil { - return err - } - - d.infos = append(d.infos, toStr("kubeClient create success.", nil)) - namespace := d.option.DeployConfig.GetConfigAsString("namespace") + secretName := d.option.DeployConfig.GetConfigAsString("secretName") + secretDataKeyForCrt := d.option.DeployConfig.GetConfigOrDefaultAsString("secretDataKeyForCrt", "tls.crt") + secretDataKeyForKey := d.option.DeployConfig.GetConfigOrDefaultAsString("secretDataKeyForKey", "tls.key") if namespace == "" { namespace = "default" } - - secretName := d.option.DeployConfig.GetConfigAsString("secretName") if secretName == "" { - return fmt.Errorf("k8s secret name is empty") - } - - secretDataKeyForCrt := d.option.DeployConfig.GetConfigAsString("secretDataKeyForCrt") - if secretDataKeyForCrt == "" { - namespace = "tls.crt" - } - - secretDataKeyForKey := d.option.DeployConfig.GetConfigAsString("secretDataKeyForKey") - if secretDataKeyForKey == "" { - namespace = "tls.key" + return errors.New("`secretName` is required") } certX509, err := x509.ParseCertificateFromPEM(d.option.Certificate.Certificate) if err != nil { - return fmt.Errorf("failed to parse certificate: %w", err) + return err } secretPayload := k8sCore.Secret{ @@ -90,17 +84,16 @@ func (d *K8sSecretDeployer) Deploy(ctx context.Context) error { }, Type: k8sCore.SecretType("kubernetes.io/tls"), } - secretPayload.Data = make(map[string][]byte) secretPayload.Data[secretDataKeyForCrt] = []byte(d.option.Certificate.Certificate) secretPayload.Data[secretDataKeyForKey] = []byte(d.option.Certificate.PrivateKey) // 获取 Secret 实例 - _, err = client.CoreV1().Secrets(namespace).Get(context.TODO(), secretName, k8sMeta.GetOptions{}) + _, err = d.k8sClient.CoreV1().Secrets(namespace).Get(context.TODO(), secretName, k8sMeta.GetOptions{}) if err != nil { - _, err = client.CoreV1().Secrets(namespace).Create(context.TODO(), &secretPayload, k8sMeta.CreateOptions{}) + _, err = d.k8sClient.CoreV1().Secrets(namespace).Create(context.TODO(), &secretPayload, k8sMeta.CreateOptions{}) if err != nil { - return fmt.Errorf("failed to create k8s secret: %w", err) + return xerrors.Wrap(err, "failed to create k8s secret") } else { d.infos = append(d.infos, toStr("Certificate has been created in K8s Secret", nil)) return nil @@ -108,9 +101,9 @@ func (d *K8sSecretDeployer) Deploy(ctx context.Context) error { } // 更新 Secret 实例 - _, err = client.CoreV1().Secrets(namespace).Update(context.TODO(), &secretPayload, k8sMetaV1.UpdateOptions{}) + _, err = d.k8sClient.CoreV1().Secrets(namespace).Update(context.TODO(), &secretPayload, k8sMeta.UpdateOptions{}) if err != nil { - return fmt.Errorf("failed to update k8s secret: %w", err) + return xerrors.Wrap(err, "failed to update k8s secret") } d.infos = append(d.infos, toStr("Certificate has been updated to K8s Secret", nil)) @@ -118,7 +111,7 @@ func (d *K8sSecretDeployer) Deploy(ctx context.Context) error { return nil } -func (d *K8sSecretDeployer) createClient(access *domain.KubernetesAccess) (*kubernetes.Clientset, error) { +func (d *K8sSecretDeployer) createK8sClient(access *domain.KubernetesAccess) (*kubernetes.Clientset, error) { var config *rest.Config var err error if access.KubeConfig == "" { @@ -129,7 +122,6 @@ func (d *K8sSecretDeployer) createClient(access *domain.KubernetesAccess) (*kube return nil, err } config, err = kubeConfig.ClientConfig() - } if err != nil { return nil, err @@ -139,5 +131,6 @@ func (d *K8sSecretDeployer) createClient(access *domain.KubernetesAccess) (*kube if err != nil { return nil, err } + return client, nil } diff --git a/internal/deployer/local.go b/internal/deployer/local.go index 0c839fa4..1f1ef488 100644 --- a/internal/deployer/local.go +++ b/internal/deployer/local.go @@ -3,12 +3,13 @@ package deployer import ( "bytes" "context" - "encoding/json" + "errors" "fmt" "os/exec" "runtime" - "github.com/usual2970/certimate/internal/domain" + xerrors "github.com/pkg/errors" + "github.com/usual2970/certimate/internal/pkg/utils/fs" ) @@ -45,17 +46,12 @@ func (d *LocalDeployer) GetInfo() []string { } func (d *LocalDeployer) Deploy(ctx context.Context) error { - access := &domain.LocalAccess{} - if err := json.Unmarshal([]byte(d.option.Access), access); err != nil { - return err - } - // 执行前置命令 preCommand := d.option.DeployConfig.GetConfigAsString("preCommand") if preCommand != "" { stdout, stderr, err := d.execCommand(preCommand) if err != nil { - return fmt.Errorf("failed to run pre-command: %w, stdout: %s, stderr: %s", err, stdout, stderr) + return xerrors.Wrapf(err, "failed to run pre-command, stdout: %s, stderr: %s", stdout, stderr) } d.infos = append(d.infos, toStr("执行前置命令成功", stdout)) @@ -65,13 +61,13 @@ func (d *LocalDeployer) Deploy(ctx context.Context) error { switch d.option.DeployConfig.GetConfigOrDefaultAsString("format", certFormatPEM) { case certFormatPEM: if err := fs.WriteFileString(d.option.DeployConfig.GetConfigAsString("certPath"), d.option.Certificate.Certificate); err != nil { - return fmt.Errorf("failed to save certificate file: %w", err) + return err } d.infos = append(d.infos, toStr("保存证书成功", nil)) if err := fs.WriteFileString(d.option.DeployConfig.GetConfigAsString("keyPath"), d.option.Certificate.PrivateKey); err != nil { - return fmt.Errorf("failed to save private key file: %w", err) + return err } d.infos = append(d.infos, toStr("保存私钥成功", nil)) @@ -83,11 +79,11 @@ func (d *LocalDeployer) Deploy(ctx context.Context) error { d.option.DeployConfig.GetConfigAsString("pfxPassword"), ) if err != nil { - return fmt.Errorf("failed to convert pem to pfx %w", err) + return err } if err := fs.WriteFile(d.option.DeployConfig.GetConfigAsString("certPath"), pfxData); err != nil { - return fmt.Errorf("failed to save certificate file: %w", err) + return err } d.infos = append(d.infos, toStr("保存证书成功", nil)) @@ -101,11 +97,11 @@ func (d *LocalDeployer) Deploy(ctx context.Context) error { d.option.DeployConfig.GetConfigAsString("jksStorepass"), ) if err != nil { - return fmt.Errorf("failed to convert pem to pfx %w", err) + return err } if err := fs.WriteFile(d.option.DeployConfig.GetConfigAsString("certPath"), jksData); err != nil { - return fmt.Errorf("failed to save certificate file: %w", err) + return err } d.infos = append(d.infos, toStr("保存证书成功", nil)) @@ -116,7 +112,7 @@ func (d *LocalDeployer) Deploy(ctx context.Context) error { if command != "" { stdout, stderr, err := d.execCommand(command) if err != nil { - return fmt.Errorf("failed to run command: %w, stdout: %s, stderr: %s", err, stdout, stderr) + return xerrors.Wrapf(err, "failed to run command, stdout: %s, stderr: %s", stdout, stderr) } d.infos = append(d.infos, toStr("执行命令成功", stdout)) @@ -146,7 +142,7 @@ func (d *LocalDeployer) execCommand(command string) (string, string, error) { } default: - return "", "", fmt.Errorf("unsupported shell") + return "", "", errors.New("unsupported shell") } var stdoutBuf bytes.Buffer @@ -156,7 +152,7 @@ func (d *LocalDeployer) execCommand(command string) (string, string, error) { err := cmd.Run() if err != nil { - return "", "", fmt.Errorf("failed to execute script: %w", err) + return "", "", xerrors.Wrap(err, "failed to execute shell script") } return stdoutBuf.String(), stderrBuf.String(), err diff --git a/internal/deployer/qiniu_cdn.go b/internal/deployer/qiniu_cdn.go index c17c5241..797e3427 100644 --- a/internal/deployer/qiniu_cdn.go +++ b/internal/deployer/qiniu_cdn.go @@ -24,7 +24,9 @@ type QiniuCDNDeployer struct { func NewQiniuCDNDeployer(option *DeployerOption) (*QiniuCDNDeployer, error) { access := &domain.QiniuAccess{} - json.Unmarshal([]byte(option.Access), access) + if err := json.Unmarshal([]byte(option.Access), access); err != nil { + return nil, fmt.Errorf("failed to get access: %w", err) + } return &QiniuCDNDeployer{ option: option, diff --git a/internal/pkg/core/uploader/uploader_aliyun_cas.go b/internal/pkg/core/uploader/uploader_aliyun_cas.go index 6a90331d..a6e23c40 100644 --- a/internal/pkg/core/uploader/uploader_aliyun_cas.go +++ b/internal/pkg/core/uploader/uploader_aliyun_cas.go @@ -9,6 +9,7 @@ import ( aliyunCas "github.com/alibabacloud-go/cas-20200407/v3/client" aliyunOpen "github.com/alibabacloud-go/darabonba-openapi/v2/client" "github.com/alibabacloud-go/tea/tea" + xerrors "github.com/pkg/errors" "github.com/usual2970/certimate/internal/pkg/utils/x509" ) @@ -31,7 +32,7 @@ func NewAliyunCASUploader(config *AliyunCASUploaderConfig) (Uploader, error) { config.Region, ) if err != nil { - return nil, fmt.Errorf("failed to create sdk client: %w", err) + return nil, xerrors.Wrap(err, "failed to create sdk client") } return &AliyunCASUploader{ @@ -60,7 +61,7 @@ func (u *AliyunCASUploader) Upload(ctx context.Context, certPem string, privkeyP } listUserCertificateOrderResp, err := u.sdkClient.ListUserCertificateOrder(listUserCertificateOrderReq) if err != nil { - return nil, fmt.Errorf("failed to execute sdk request 'cas.ListUserCertificateOrder': %w", err) + return nil, xerrors.Wrap(err, "failed to execute sdk request 'cas.ListUserCertificateOrder'") } if listUserCertificateOrderResp.Body.CertificateOrderList != nil { @@ -71,7 +72,7 @@ func (u *AliyunCASUploader) Upload(ctx context.Context, certPem string, privkeyP } getUserCertificateDetailResp, err := u.sdkClient.GetUserCertificateDetail(getUserCertificateDetailReq) if err != nil { - return nil, fmt.Errorf("failed to execute sdk request 'cas.GetUserCertificateDetail': %w", err) + return nil, xerrors.Wrap(err, "failed to execute sdk request 'cas.GetUserCertificateDetail'") } var isSameCert bool @@ -120,7 +121,7 @@ func (u *AliyunCASUploader) Upload(ctx context.Context, certPem string, privkeyP } uploadUserCertificateResp, err := u.sdkClient.UploadUserCertificate(uploadUserCertificateReq) if err != nil { - return nil, fmt.Errorf("failed to execute sdk request 'cas.UploadUserCertificate': %w", err) + return nil, xerrors.Wrap(err, "failed to execute sdk request 'cas.UploadUserCertificate'") } certId = fmt.Sprintf("%d", tea.Int64Value(uploadUserCertificateResp.Body.CertId)) diff --git a/internal/pkg/core/uploader/uploader_aliyun_slb.go b/internal/pkg/core/uploader/uploader_aliyun_slb.go index 2028a04b..6f25d128 100644 --- a/internal/pkg/core/uploader/uploader_aliyun_slb.go +++ b/internal/pkg/core/uploader/uploader_aliyun_slb.go @@ -11,6 +11,7 @@ import ( aliyunOpen "github.com/alibabacloud-go/darabonba-openapi/v2/client" aliyunSlb "github.com/alibabacloud-go/slb-20140515/v4/client" "github.com/alibabacloud-go/tea/tea" + xerrors "github.com/pkg/errors" "github.com/usual2970/certimate/internal/pkg/utils/x509" ) @@ -33,7 +34,7 @@ func NewAliyunSLBUploader(config *AliyunSLBUploaderConfig) (Uploader, error) { config.Region, ) if err != nil { - return nil, fmt.Errorf("failed to create sdk client: %w", err) + return nil, xerrors.Wrap(err, "failed to create sdk client") } return &AliyunSLBUploader{ @@ -56,7 +57,7 @@ func (u *AliyunSLBUploader) Upload(ctx context.Context, certPem string, privkeyP } describeServerCertificatesResp, err := u.sdkClient.DescribeServerCertificates(describeServerCertificatesReq) if err != nil { - return nil, fmt.Errorf("failed to execute sdk request 'slb.DescribeServerCertificates': %w", err) + return nil, xerrors.Wrap(err, "failed to execute sdk request 'slb.DescribeServerCertificates'") } if describeServerCertificatesResp.Body.ServerCertificates != nil && describeServerCertificatesResp.Body.ServerCertificates.ServerCertificate != nil { @@ -90,7 +91,7 @@ func (u *AliyunSLBUploader) Upload(ctx context.Context, certPem string, privkeyP } uploadServerCertificateResp, err := u.sdkClient.UploadServerCertificate(uploadServerCertificateReq) if err != nil { - return nil, fmt.Errorf("failed to execute sdk request 'slb.UploadServerCertificate': %w", err) + return nil, xerrors.Wrap(err, "failed to execute sdk request 'slb.UploadServerCertificate'") } certId = *uploadServerCertificateResp.Body.ServerCertificateId diff --git a/internal/pkg/core/uploader/uploader_huaweicloud_elb.go b/internal/pkg/core/uploader/uploader_huaweicloud_elb.go index 090362af..840db8cf 100644 --- a/internal/pkg/core/uploader/uploader_huaweicloud_elb.go +++ b/internal/pkg/core/uploader/uploader_huaweicloud_elb.go @@ -2,6 +2,7 @@ import ( "context" + "errors" "fmt" "time" @@ -13,6 +14,7 @@ import ( hcIam "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/iam/v3" hcIamModel "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/iam/v3/model" hcIamRegion "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/iam/v3/region" + xerrors "github.com/pkg/errors" "github.com/usual2970/certimate/internal/pkg/utils/cast" "github.com/usual2970/certimate/internal/pkg/utils/x509" @@ -36,7 +38,7 @@ func NewHuaweiCloudELBUploader(config *HuaweiCloudELBUploaderConfig) (Uploader, config.Region, ) if err != nil { - return nil, fmt.Errorf("failed to create sdk client: %w", err) + return nil, xerrors.Wrap(err, "failed to create sdk client: %w") } return &HuaweiCloudELBUploader{ @@ -65,7 +67,7 @@ func (u *HuaweiCloudELBUploader) Upload(ctx context.Context, certPem string, pri } listCertificatesResp, err := u.sdkClient.ListCertificates(listCertificatesReq) if err != nil { - return nil, fmt.Errorf("failed to execute sdk request 'elb.ListCertificates': %w", err) + return nil, xerrors.Wrap(err, "failed to execute sdk request 'elb.ListCertificates'") } if listCertificatesResp.Certificates != nil { @@ -107,7 +109,7 @@ func (u *HuaweiCloudELBUploader) Upload(ctx context.Context, certPem string, pri // REF: https://support.huaweicloud.com/api-iam/iam_06_0001.html projectId, err := u.getSdkProjectId(u.config.Region, u.config.AccessKeyId, u.config.SecretAccessKey) if err != nil { - return nil, fmt.Errorf("failed to get SDK project id: %w", err) + return nil, xerrors.Wrap(err, "failed to get SDK project id") } // 生成新证书名(需符合华为云命名规则) @@ -128,7 +130,7 @@ func (u *HuaweiCloudELBUploader) Upload(ctx context.Context, certPem string, pri } createCertificateResp, err := u.sdkClient.CreateCertificate(createCertificateReq) if err != nil { - return nil, fmt.Errorf("failed to execute sdk request 'elb.CreateCertificate': %w", err) + return nil, xerrors.Wrap(err, "failed to execute sdk request 'elb.CreateCertificate'") } certId = createCertificateResp.Certificate.Id @@ -207,7 +209,7 @@ func (u *HuaweiCloudELBUploader) getSdkProjectId(accessKeyId, secretAccessKey, r if err != nil { return "", err } else if response.Projects == nil || len(*response.Projects) == 0 { - return "", fmt.Errorf("no project found") + return "", errors.New("no project found") } return (*response.Projects)[0].Id, nil diff --git a/internal/pkg/core/uploader/uploader_huaweicloud_scm.go b/internal/pkg/core/uploader/uploader_huaweicloud_scm.go index 2b09ca19..5cc0d153 100644 --- a/internal/pkg/core/uploader/uploader_huaweicloud_scm.go +++ b/internal/pkg/core/uploader/uploader_huaweicloud_scm.go @@ -9,6 +9,7 @@ import ( hcScm "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/scm/v3" hcScmModel "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/scm/v3/model" hcScmRegion "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/scm/v3/region" + xerrors "github.com/pkg/errors" "github.com/usual2970/certimate/internal/pkg/utils/cast" "github.com/usual2970/certimate/internal/pkg/utils/x509" @@ -32,7 +33,7 @@ func NewHuaweiCloudSCMUploader(config *HuaweiCloudSCMUploaderConfig) (Uploader, config.Region, ) if err != nil { - return nil, fmt.Errorf("failed to create sdk client: %w", err) + return nil, xerrors.Wrap(err, "failed to create sdk client") } return &HuaweiCloudSCMUploader{ @@ -63,7 +64,7 @@ func (u *HuaweiCloudSCMUploader) Upload(ctx context.Context, certPem string, pri } listCertificatesResp, err := u.sdkClient.ListCertificates(listCertificatesReq) if err != nil { - return nil, fmt.Errorf("failed to execute sdk request 'scm.ListCertificates': %w", err) + return nil, xerrors.Wrap(err, "failed to execute sdk request 'scm.ListCertificates'") } if listCertificatesResp.Certificates != nil { @@ -76,7 +77,7 @@ func (u *HuaweiCloudSCMUploader) Upload(ctx context.Context, certPem string, pri if exportCertificateResp != nil && exportCertificateResp.HttpStatusCode == 404 { continue } - return nil, fmt.Errorf("failed to execute sdk request 'scm.ExportCertificate': %w", err) + return nil, xerrors.Wrap(err, "failed to execute sdk request 'scm.ExportCertificate'") } var isSameCert bool @@ -127,7 +128,7 @@ func (u *HuaweiCloudSCMUploader) Upload(ctx context.Context, certPem string, pri } importCertificateResp, err := u.sdkClient.ImportCertificate(importCertificateReq) if err != nil { - return nil, fmt.Errorf("failed to execute sdk request 'scm.ImportCertificate': %w", err) + return nil, xerrors.Wrap(err, "failed to execute sdk request 'scm.ImportCertificate'") } certId = *importCertificateResp.CertificateId diff --git a/internal/pkg/core/uploader/uploader_tencentcloud_ssl.go b/internal/pkg/core/uploader/uploader_tencentcloud_ssl.go index 2a34e5e6..28837371 100644 --- a/internal/pkg/core/uploader/uploader_tencentcloud_ssl.go +++ b/internal/pkg/core/uploader/uploader_tencentcloud_ssl.go @@ -5,15 +5,13 @@ import ( "fmt" "time" + xerrors "github.com/pkg/errors" "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common" "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile" tcSsl "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl/v20191205" - - "github.com/usual2970/certimate/internal/pkg/utils/cast" ) type TencentCloudSSLUploaderConfig struct { - Region string `json:"region"` SecretId string `json:"secretId"` SecretKey string `json:"secretKey"` } @@ -25,12 +23,11 @@ type TencentCloudSSLUploader struct { func NewTencentCloudSSLUploader(config *TencentCloudSSLUploaderConfig) (Uploader, error) { client, err := (&TencentCloudSSLUploader{}).createSdkClient( - config.Region, config.SecretId, config.SecretKey, ) if err != nil { - return nil, fmt.Errorf("failed to create sdk client: %w", err) + return nil, xerrors.Wrap(err, "failed to create sdk client") } return &TencentCloudSSLUploader{ @@ -40,33 +37,38 @@ func NewTencentCloudSSLUploader(config *TencentCloudSSLUploaderConfig) (Uploader } func (u *TencentCloudSSLUploader) Upload(ctx context.Context, certPem string, privkeyPem string) (res *UploadResult, err error) { + defer func() { + if r := recover(); r != nil { + fmt.Printf("Recovered from panic: %+v", r) + fmt.Println() + } + }() + // 生成新证书名(需符合腾讯云命名规则) var certId, certName string certName = fmt.Sprintf("certimate-%d", time.Now().UnixMilli()) // 上传新证书 // REF: https://cloud.tencent.com/document/product/400/41665 - uploadCertificateReq := &tcSsl.UploadCertificateRequest{ - Alias: cast.StringPtr(certName), - CertificatePublicKey: cast.StringPtr(certPem), - CertificatePrivateKey: cast.StringPtr(privkeyPem), - Repeatable: cast.BoolPtr(false), - } + uploadCertificateReq := tcSsl.NewUploadCertificateRequest() + uploadCertificateReq.Alias = common.StringPtr(certName) + uploadCertificateReq.CertificatePublicKey = common.StringPtr(certPem) + uploadCertificateReq.CertificatePrivateKey = common.StringPtr(privkeyPem) + uploadCertificateReq.Repeatable = common.BoolPtr(false) uploadCertificateResp, err := u.sdkClient.UploadCertificate(uploadCertificateReq) if err != nil { - return nil, fmt.Errorf("failed to execute sdk request 'ssl.UploadCertificate': %w", err) + return nil, xerrors.Wrap(err, "failed to execute sdk request 'ssl.UploadCertificate'") } // 获取证书详情 // REF: https://cloud.tencent.com/document/api/400/41673 // // P.S. 上传重复证书会返回上一次的证书 ID,这里需要重新获取一遍证书名(https://github.com/usual2970/certimate/pull/227) - describeCertificateDetailReq := &tcSsl.DescribeCertificateDetailRequest{ - CertificateId: uploadCertificateResp.Response.CertificateId, - } + describeCertificateDetailReq := tcSsl.NewDescribeCertificateDetailRequest() + describeCertificateDetailReq.CertificateId = uploadCertificateResp.Response.CertificateId describeCertificateDetailResp, err := u.sdkClient.DescribeCertificateDetail(describeCertificateDetailReq) if err != nil { - return nil, fmt.Errorf("failed to execute sdk request 'ssl.DescribeCertificateDetail': %w", err) + return nil, xerrors.Wrap(err, "failed to execute sdk request 'ssl.DescribeCertificateDetail'") } certId = *describeCertificateDetailResp.Response.CertificateId @@ -77,13 +79,9 @@ func (u *TencentCloudSSLUploader) Upload(ctx context.Context, certPem string, pr }, nil } -func (u *TencentCloudSSLUploader) createSdkClient(region, secretId, secretKey string) (*tcSsl.Client, error) { - if region == "" { - region = "ap-guangzhou" // SSL 服务默认区域:广州 - } - +func (u *TencentCloudSSLUploader) createSdkClient(secretId, secretKey string) (*tcSsl.Client, error) { credential := common.NewCredential(secretId, secretKey) - client, err := tcSsl.NewClient(credential, region, profile.NewClientProfile()) + client, err := tcSsl.NewClient(credential, "", profile.NewClientProfile()) if err != nil { return nil, err } diff --git a/internal/pkg/utils/fs/fs.go b/internal/pkg/utils/fs/fs.go index 3ae82060..47b0cafb 100644 --- a/internal/pkg/utils/fs/fs.go +++ b/internal/pkg/utils/fs/fs.go @@ -1,9 +1,10 @@ package fs import ( - "fmt" "os" "path/filepath" + + xerrors "github.com/pkg/errors" ) // 与 [WriteFile] 类似,但写入的是字符串内容。 @@ -33,18 +34,18 @@ func WriteFile(path string, data []byte) error { err := os.MkdirAll(dir, os.ModePerm) if err != nil { - return fmt.Errorf("failed to create directory: %w", err) + return xerrors.Wrap(err, "failed to create directory") } file, err := os.Create(path) if err != nil { - return fmt.Errorf("failed to create file: %w", err) + return xerrors.Wrap(err, "failed to create file") } defer file.Close() _, err = file.Write(data) if err != nil { - return fmt.Errorf("failed to write file: %w", err) + return xerrors.Wrap(err, "failed to write file") } return nil diff --git a/internal/pkg/utils/x509/x509.go b/internal/pkg/utils/x509/x509.go index 40cc39d6..2a70a083 100644 --- a/internal/pkg/utils/x509/x509.go +++ b/internal/pkg/utils/x509/x509.go @@ -5,7 +5,9 @@ import ( "crypto/rsa" "crypto/x509" "encoding/pem" - "fmt" + "errors" + + xerrors "github.com/pkg/errors" ) // 比较两个 x509.Certificate 对象,判断它们是否是同一张证书。 @@ -38,12 +40,12 @@ func ParseCertificateFromPEM(certPem string) (cert *x509.Certificate, err error) block, _ := pem.Decode(pemData) if block == nil { - return nil, fmt.Errorf("failed to decode PEM block") + return nil, errors.New("failed to decode PEM block") } cert, err = x509.ParseCertificate(block.Bytes) if err != nil { - return nil, fmt.Errorf("failed to parse certificate: %w", err) + return nil, xerrors.Wrap(err, "failed to parse certificate") } return cert, nil @@ -62,12 +64,12 @@ func ParseECPrivateKeyFromPEM(privkeyPem string) (privkey *ecdsa.PrivateKey, err block, _ := pem.Decode(pemData) if block == nil { - return nil, fmt.Errorf("failed to decode PEM block") + return nil, errors.New("failed to decode PEM block") } privkey, err = x509.ParseECPrivateKey(block.Bytes) if err != nil { - return nil, fmt.Errorf("failed to parse private key: %w", err) + return nil, xerrors.Wrap(err, "failed to parse private key") } return privkey, nil @@ -86,12 +88,12 @@ func ParsePKCS1PrivateKeyFromPEM(privkeyPem string) (privkey *rsa.PrivateKey, er block, _ := pem.Decode(pemData) if block == nil { - return nil, fmt.Errorf("failed to decode PEM block") + return nil, errors.New("failed to decode PEM block") } privkey, err = x509.ParsePKCS1PrivateKey(block.Bytes) if err != nil { - return nil, fmt.Errorf("failed to parse private key: %w", err) + return nil, xerrors.Wrap(err, "failed to parse private key") } return privkey, nil @@ -108,7 +110,7 @@ func ParsePKCS1PrivateKeyFromPEM(privkeyPem string) (privkey *rsa.PrivateKey, er func ConvertECPrivateKeyToPEM(privkey *ecdsa.PrivateKey) (privkeyPem string, err error) { data, err := x509.MarshalECPrivateKey(privkey) if err != nil { - return "", fmt.Errorf("failed to marshal EC private key: %w", err) + return "", xerrors.Wrap(err, "failed to marshal EC private key") } block := &pem.Block{