fix: #838

2025-07-18 01:11:55 +08:00 · 2025-06-30 12:45:12 +08:00 · 2025-06-30 12:45:12 +08:00 · 341373d73b
commit 341373d73b
parent 09243c88ba
5 changed files with 34 additions and 40 deletions
--- a/internal/domain/access.go
+++ b/internal/domain/access.go
@ -229,7 +229,7 @@ type AccessConfigForJDCloud struct {

 type AccessConfigForKong struct {
 	ServerUrl                string `json:"serverUrl"`
-	ApiToken                 string `json:"apiToken"`
+	ApiToken                 string `json:"apiToken,omitempty"`
 	AllowInsecureConnections bool   `json:"allowInsecureConnections,omitempty"`
 }

--- a/pkg/core/ssl-deployer/providers/kong/kong.go
+++ b/pkg/core/ssl-deployer/providers/kong/kong.go
@ -7,8 +7,6 @@ import (
 	"fmt"
 	"log/slog"
 	"net/http"
-	"net/url"
-	"strings"

 	"github.com/kong/go-kong/kong"

@ -21,7 +19,7 @@ type SSLDeployerProviderConfig struct {
 	// Kong 服务地址。
 	ServerUrl string `json:"serverUrl"`
 	// Kong Admin API Token。
-	ApiToken string `json:"apiToken"`
+	ApiToken string `json:"apiToken,omitempty"`
 	// 是否允许不安全的连接。
 	AllowInsecureConnections bool `json:"allowInsecureConnections,omitempty"`
 	// 部署资源类型。
@ -93,40 +91,25 @@ func (d *SSLDeployerProvider) deployToCertificate(ctx context.Context, certPEM s
 		return err
 	}

-	if d.config.Workspace == "" {
-		// 更新证书
-		// REF: https://developer.konghq.com/api/gateway/admin-ee/3.10/#/operations/upsert-certificate
-		updateCertificateReq := &kong.Certificate{
-			ID:   kong.String(d.config.CertificateId),
-			Cert: kong.String(certPEM),
-			Key:  kong.String(privkeyPEM),
-			SNIs: kong.StringSlice(certX509.DNSNames...),
-		}
-		updateCertificateResp, err := d.sdkClient.Certificates.Update(context.TODO(), updateCertificateReq)
-		d.logger.Debug("sdk request 'kong.UpdateCertificate'", slog.String("sslId", d.config.CertificateId), slog.Any("request", updateCertificateReq), slog.Any("response", updateCertificateResp))
-		if err != nil {
-			return fmt.Errorf("failed to execute sdk request 'kong.UpdateCertificate': %w", err)
-		}
-	} else {
-		// 更新证书
-		// REF: https://developer.konghq.com/api/gateway/admin-ee/3.10/#/operations/upsert-certificate-in-workspace
-		updateCertificateReq := &kong.Certificate{
-			ID:   kong.String(d.config.CertificateId),
-			Cert: kong.String(certPEM),
-			Key:  kong.String(privkeyPEM),
-			SNIs: kong.StringSlice(certX509.DNSNames...),
-		}
-		updateCertificateResp, err := d.sdkClient.Certificates.Update(context.TODO(), updateCertificateReq)
-		d.logger.Debug("sdk request 'kong.UpdateCertificate'", slog.String("sslId", d.config.CertificateId), slog.Any("request", updateCertificateReq), slog.Any("response", updateCertificateResp))
-		if err != nil {
-			return fmt.Errorf("failed to execute sdk request 'kong.UpdateCertificate': %w", err)
-		}
+	// 更新证书
+	// REF: https://developer.konghq.com/api/gateway/admin-ee/3.10/#/operations/upsert-certificate
+	// REF: https://developer.konghq.com/api/gateway/admin-ee/3.10/#/operations/upsert-certificate-in-workspace
+	updateCertificateReq := &kong.Certificate{
+		ID:   kong.String(d.config.CertificateId),
+		Cert: kong.String(certPEM),
+		Key:  kong.String(privkeyPEM),
+		SNIs: kong.StringSlice(certX509.DNSNames...),
+	}
+	updateCertificateResp, err := d.sdkClient.Certificates.Update(context.TODO(), updateCertificateReq)
+	d.logger.Debug("sdk request 'kong.UpdateCertificate'", slog.String("sslId", d.config.CertificateId), slog.Any("request", updateCertificateReq), slog.Any("response", updateCertificateResp))
+	if err != nil {
+		return fmt.Errorf("failed to execute sdk request 'kong.UpdateCertificate': %w", err)
 	}

 	return nil
 }

-func createSDKClient(serverUrl, workspace, apiKey string, skipTlsVerify bool) (*kong.Client, error) {
+func createSDKClient(serverUrl, workspace, apiToken string, skipTlsVerify bool) (*kong.Client, error) {
 	httpClient := &http.Client{
 		Transport: xhttp.NewDefaultTransport(),
 		Timeout:   http.DefaultClient.Timeout,
@ -138,12 +121,23 @@ func createSDKClient(serverUrl, workspace, apiKey string, skipTlsVerify bool) (*
 		}
 		transport.TLSClientConfig.InsecureSkipVerify = true
 		httpClient.Transport = transport
+	} else {
+		httpClient.Transport = http.DefaultTransport
+	}
+
+	httpHeaders := http.Header{}
+	if apiToken != "" {
+		httpHeaders.Set("Kong-Admin-Token", apiToken)
+	}
+
+	client, err := kong.NewClient(kong.String(serverUrl), kong.HTTPClientWithHeaders(httpClient, httpHeaders))
+	if err != nil {
+		return nil, err
 	}

-	baseUrl := strings.TrimRight(serverUrl, "/")
 	if workspace != "" {
-		baseUrl = fmt.Sprintf("%s/%s", baseUrl, url.PathEscape(workspace))
+		client.SetWorkspace(workspace)
 	}

-	return kong.NewClient(kong.String(baseUrl), httpClient)
+	return client, nil
 }
--- a/ui/src/components/access/AccessFormKongConfig.tsx
+++ b/ui/src/components/access/AccessFormKongConfig.tsx
@ -27,7 +27,7 @@ const AccessFormKongConfig = ({ form: formInst, formName, disabled, initialValue

  const formSchema = z.object({
    serverUrl: z.url(t("common.errmsg.url_invalid")),
-    apiToken: z.string().nonempty(t("access.form.kong_api_token.placeholder")),
+    apiToken: z.string().nullish(),
    allowInsecureConnections: z.boolean().nullish(),
  });
  const formRule = createSchemaFieldRule(formSchema);
@ -55,7 +55,7 @@ const AccessFormKongConfig = ({ form: formInst, formName, disabled, initialValue
        rules={[formRule]}
        tooltip={<span dangerouslySetInnerHTML={{ __html: t("access.form.kong_api_token.tooltip") }}></span>}
      >
-        <Input.Password autoComplete="new-password" placeholder={t("access.form.kong_api_token.placeholder")} />
+        <Input.Password allowClear autoComplete="new-password" placeholder={t("access.form.kong_api_token.placeholder")} />
      </Form.Item>

      <Form.Item name="allowInsecureConnections" label={t("access.form.common_allow_insecure_conns.label")} rules={[formRule]}>
--- a/ui/src/i18n/locales/en/nls.access.json
+++ b/ui/src/i18n/locales/en/nls.access.json
@ -288,7 +288,7 @@
  "access.form.k8s_kubeconfig.tooltip": "For more information, see <a href=\"https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/\" target=\"_blank\">https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/</a><br><br>Leave it blank to use the Pod's ServiceAccount.",
  "access.form.kong_server_url.label": "Kong admin API server URL",
  "access.form.kong_server_url.placeholder": "Please enter Kong admin API server URL",
-  "access.form.kong_api_token.label": "Kong admin API token",
+  "access.form.kong_api_token.label": "Kong admin API token (Optional)",
  "access.form.kong_api_token.placeholder": "Please enter Kong admin API token",
  "access.form.kong_api_token.tooltip": "For more information, see <a href=\"https://developer.konghq.com/admin-api/\" target=\"_blank\">https://developer.konghq.com/admin-api/</a>",
  "access.form.larkbot_webhook_url.label": "Lark bot Webhook URL",
--- a/ui/src/i18n/locales/zh/nls.access.json
+++ b/ui/src/i18n/locales/zh/nls.access.json
@ -288,7 +288,7 @@
  "access.form.k8s_kubeconfig.tooltip": "这是什么？请参阅 <a href=\"https://kubernetes.io/zh-cn/docs/concepts/configuration/organize-cluster-access-kubeconfig/\" target=\"_blank\">https://kubernetes.io/zh-cn/docs/concepts/configuration/organize-cluster-access-kubeconfig/</a><br><br>为空时，将使用 Pod 的 ServiceAccount 作为凭证。",
  "access.form.kong_server_url.label": "Kong Admin API 服务地址",
  "access.form.kong_server_url.placeholder": "请输入 Kong Admin API 服务地址",
-  "access.form.kong_api_token.label": "Kong Admin API Token",
+  "access.form.kong_api_token.label": "Kong Admin API Token（可选）",
  "access.form.kong_api_token.placeholder": "请输入 Kong Admin API Token",
  "access.form.kong_api_token.tooltip": "这是什么？请参阅 <a href=\"https://developer.konghq.com/admin-api/\" target=\"_blank\">https://developer.konghq.com/admin-api/</a>",
  "access.form.larkbot_webhook_url.label": "飞书群机器人 Webhook 地址",