diff --git a/internal/domain/access.go b/internal/domain/access.go
index db34cf8a..dd63ada1 100644
--- a/internal/domain/access.go
+++ b/internal/domain/access.go
@@ -229,7 +229,7 @@ type AccessConfigForJDCloud struct {
type AccessConfigForKong struct {
ServerUrl string `json:"serverUrl"`
- ApiToken string `json:"apiToken"`
+ ApiToken string `json:"apiToken,omitempty"`
AllowInsecureConnections bool `json:"allowInsecureConnections,omitempty"`
}
diff --git a/pkg/core/ssl-deployer/providers/kong/kong.go b/pkg/core/ssl-deployer/providers/kong/kong.go
index bd325240..d2855ccf 100644
--- a/pkg/core/ssl-deployer/providers/kong/kong.go
+++ b/pkg/core/ssl-deployer/providers/kong/kong.go
@@ -7,8 +7,6 @@ import (
"fmt"
"log/slog"
"net/http"
- "net/url"
- "strings"
"github.com/kong/go-kong/kong"
@@ -21,7 +19,7 @@ type SSLDeployerProviderConfig struct {
// Kong 服务地址。
ServerUrl string `json:"serverUrl"`
// Kong Admin API Token。
- ApiToken string `json:"apiToken"`
+ ApiToken string `json:"apiToken,omitempty"`
// 是否允许不安全的连接。
AllowInsecureConnections bool `json:"allowInsecureConnections,omitempty"`
// 部署资源类型。
@@ -93,40 +91,25 @@ func (d *SSLDeployerProvider) deployToCertificate(ctx context.Context, certPEM s
return err
}
- if d.config.Workspace == "" {
- // 更新证书
- // REF: https://developer.konghq.com/api/gateway/admin-ee/3.10/#/operations/upsert-certificate
- updateCertificateReq := &kong.Certificate{
- ID: kong.String(d.config.CertificateId),
- Cert: kong.String(certPEM),
- Key: kong.String(privkeyPEM),
- SNIs: kong.StringSlice(certX509.DNSNames...),
- }
- updateCertificateResp, err := d.sdkClient.Certificates.Update(context.TODO(), updateCertificateReq)
- d.logger.Debug("sdk request 'kong.UpdateCertificate'", slog.String("sslId", d.config.CertificateId), slog.Any("request", updateCertificateReq), slog.Any("response", updateCertificateResp))
- if err != nil {
- return fmt.Errorf("failed to execute sdk request 'kong.UpdateCertificate': %w", err)
- }
- } else {
- // 更新证书
- // REF: https://developer.konghq.com/api/gateway/admin-ee/3.10/#/operations/upsert-certificate-in-workspace
- updateCertificateReq := &kong.Certificate{
- ID: kong.String(d.config.CertificateId),
- Cert: kong.String(certPEM),
- Key: kong.String(privkeyPEM),
- SNIs: kong.StringSlice(certX509.DNSNames...),
- }
- updateCertificateResp, err := d.sdkClient.Certificates.Update(context.TODO(), updateCertificateReq)
- d.logger.Debug("sdk request 'kong.UpdateCertificate'", slog.String("sslId", d.config.CertificateId), slog.Any("request", updateCertificateReq), slog.Any("response", updateCertificateResp))
- if err != nil {
- return fmt.Errorf("failed to execute sdk request 'kong.UpdateCertificate': %w", err)
- }
+ // 更新证书
+ // REF: https://developer.konghq.com/api/gateway/admin-ee/3.10/#/operations/upsert-certificate
+ // REF: https://developer.konghq.com/api/gateway/admin-ee/3.10/#/operations/upsert-certificate-in-workspace
+ updateCertificateReq := &kong.Certificate{
+ ID: kong.String(d.config.CertificateId),
+ Cert: kong.String(certPEM),
+ Key: kong.String(privkeyPEM),
+ SNIs: kong.StringSlice(certX509.DNSNames...),
+ }
+ updateCertificateResp, err := d.sdkClient.Certificates.Update(context.TODO(), updateCertificateReq)
+ d.logger.Debug("sdk request 'kong.UpdateCertificate'", slog.String("sslId", d.config.CertificateId), slog.Any("request", updateCertificateReq), slog.Any("response", updateCertificateResp))
+ if err != nil {
+ return fmt.Errorf("failed to execute sdk request 'kong.UpdateCertificate': %w", err)
}
return nil
}
-func createSDKClient(serverUrl, workspace, apiKey string, skipTlsVerify bool) (*kong.Client, error) {
+func createSDKClient(serverUrl, workspace, apiToken string, skipTlsVerify bool) (*kong.Client, error) {
httpClient := &http.Client{
Transport: xhttp.NewDefaultTransport(),
Timeout: http.DefaultClient.Timeout,
@@ -138,12 +121,23 @@ func createSDKClient(serverUrl, workspace, apiKey string, skipTlsVerify bool) (*
}
transport.TLSClientConfig.InsecureSkipVerify = true
httpClient.Transport = transport
+ } else {
+ httpClient.Transport = http.DefaultTransport
+ }
+
+ httpHeaders := http.Header{}
+ if apiToken != "" {
+ httpHeaders.Set("Kong-Admin-Token", apiToken)
+ }
+
+ client, err := kong.NewClient(kong.String(serverUrl), kong.HTTPClientWithHeaders(httpClient, httpHeaders))
+ if err != nil {
+ return nil, err
}
- baseUrl := strings.TrimRight(serverUrl, "/")
if workspace != "" {
- baseUrl = fmt.Sprintf("%s/%s", baseUrl, url.PathEscape(workspace))
+ client.SetWorkspace(workspace)
}
- return kong.NewClient(kong.String(baseUrl), httpClient)
+ return client, nil
}
diff --git a/ui/src/components/access/AccessFormKongConfig.tsx b/ui/src/components/access/AccessFormKongConfig.tsx
index 36669161..6ac1d0d5 100644
--- a/ui/src/components/access/AccessFormKongConfig.tsx
+++ b/ui/src/components/access/AccessFormKongConfig.tsx
@@ -27,7 +27,7 @@ const AccessFormKongConfig = ({ form: formInst, formName, disabled, initialValue
const formSchema = z.object({
serverUrl: z.url(t("common.errmsg.url_invalid")),
- apiToken: z.string().nonempty(t("access.form.kong_api_token.placeholder")),
+ apiToken: z.string().nullish(),
allowInsecureConnections: z.boolean().nullish(),
});
const formRule = createSchemaFieldRule(formSchema);
@@ -55,7 +55,7 @@ const AccessFormKongConfig = ({ form: formInst, formName, disabled, initialValue
rules={[formRule]}
tooltip={}
>
-
+
diff --git a/ui/src/i18n/locales/en/nls.access.json b/ui/src/i18n/locales/en/nls.access.json
index 47232e4d..0dd233d6 100644
--- a/ui/src/i18n/locales/en/nls.access.json
+++ b/ui/src/i18n/locales/en/nls.access.json
@@ -288,7 +288,7 @@
"access.form.k8s_kubeconfig.tooltip": "For more information, see https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/
Leave it blank to use the Pod's ServiceAccount.",
"access.form.kong_server_url.label": "Kong admin API server URL",
"access.form.kong_server_url.placeholder": "Please enter Kong admin API server URL",
- "access.form.kong_api_token.label": "Kong admin API token",
+ "access.form.kong_api_token.label": "Kong admin API token (Optional)",
"access.form.kong_api_token.placeholder": "Please enter Kong admin API token",
"access.form.kong_api_token.tooltip": "For more information, see https://developer.konghq.com/admin-api/",
"access.form.larkbot_webhook_url.label": "Lark bot Webhook URL",
diff --git a/ui/src/i18n/locales/zh/nls.access.json b/ui/src/i18n/locales/zh/nls.access.json
index fc344cc0..b6a4a0be 100644
--- a/ui/src/i18n/locales/zh/nls.access.json
+++ b/ui/src/i18n/locales/zh/nls.access.json
@@ -288,7 +288,7 @@
"access.form.k8s_kubeconfig.tooltip": "这是什么?请参阅 https://kubernetes.io/zh-cn/docs/concepts/configuration/organize-cluster-access-kubeconfig/
为空时,将使用 Pod 的 ServiceAccount 作为凭证。",
"access.form.kong_server_url.label": "Kong Admin API 服务地址",
"access.form.kong_server_url.placeholder": "请输入 Kong Admin API 服务地址",
- "access.form.kong_api_token.label": "Kong Admin API Token",
+ "access.form.kong_api_token.label": "Kong Admin API Token(可选)",
"access.form.kong_api_token.placeholder": "请输入 Kong Admin API Token",
"access.form.kong_api_token.tooltip": "这是什么?请参阅 https://developer.konghq.com/admin-api/",
"access.form.larkbot_webhook_url.label": "飞书群机器人 Webhook 地址",