wood/certimate
1
0
Fork 0
mirror of https://github.com/woodchen-ink/certimate.git synced 2025-07-18 09:21:56 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: #838

Browse Source
This commit is contained in:
Fu Diwei 2025-06-30 12:45:12 +08:00 committed by RHQYZ
parent 09243c88ba
commit 341373d73b
5 changed files with 34 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
internal/domain/access.go
View File

@ -229,7 +229,7 @@ type AccessConfigForJDCloud struct {
type AccessConfigForKong struct { type AccessConfigForKong struct {
ServerUrl string `json:"serverUrl"` ServerUrl string `json:"serverUrl"`
ApiToken string `json:"apiToken"` ApiToken string `json:"apiToken,omitempty"`
AllowInsecureConnections bool `json:"allowInsecureConnections,omitempty"` AllowInsecureConnections bool `json:"allowInsecureConnections,omitempty"`
} }

38
pkg/core/ssl-deployer/providers/kong/kong.go
View File

@ -7,8 +7,6 @@ import (
"fmt" "fmt"
"log/slog" "log/slog"
"net/http" "net/http"
"net/url"
"strings"
"github.com/kong/go-kong/kong" "github.com/kong/go-kong/kong"
@ -21,7 +19,7 @@ type SSLDeployerProviderConfig struct {
// Kong 服务地址。 // Kong 服务地址。
ServerUrl string `json:"serverUrl"` ServerUrl string `json:"serverUrl"`
// Kong Admin API Token。 // Kong Admin API Token。
ApiToken string `json:"apiToken"` ApiToken string `json:"apiToken,omitempty"`
// 是否允许不安全的连接。 // 是否允许不安全的连接。
AllowInsecureConnections bool `json:"allowInsecureConnections,omitempty"` AllowInsecureConnections bool `json:"allowInsecureConnections,omitempty"`
// 部署资源类型。 // 部署资源类型。
@ -93,22 +91,8 @@ func (d *SSLDeployerProvider) deployToCertificate(ctx context.Context, certPEM s
return err return err
} }
if d.config.Workspace == "" {
// 更新证书 // 更新证书
// REF: https://developer.konghq.com/api/gateway/admin-ee/3.10/#/operations/upsert-certificate // REF: https://developer.konghq.com/api/gateway/admin-ee/3.10/#/operations/upsert-certificate
updateCertificateReq := &kong.Certificate{
ID: kong.String(d.config.CertificateId),
Cert: kong.String(certPEM),
Key: kong.String(privkeyPEM),
SNIs: kong.StringSlice(certX509.DNSNames...),
}
updateCertificateResp, err := d.sdkClient.Certificates.Update(context.TODO(), updateCertificateReq)
d.logger.Debug("sdk request 'kong.UpdateCertificate'", slog.String("sslId", d.config.CertificateId), slog.Any("request", updateCertificateReq), slog.Any("response", updateCertificateResp))
if err != nil {
return fmt.Errorf("failed to execute sdk request 'kong.UpdateCertificate': %w", err)
}
} else {
// 更新证书
// REF: https://developer.konghq.com/api/gateway/admin-ee/3.10/#/operations/upsert-certificate-in-workspace // REF: https://developer.konghq.com/api/gateway/admin-ee/3.10/#/operations/upsert-certificate-in-workspace
updateCertificateReq := &kong.Certificate{ updateCertificateReq := &kong.Certificate{
ID: kong.String(d.config.CertificateId), ID: kong.String(d.config.CertificateId),
@ -121,12 +105,11 @@ func (d *SSLDeployerProvider) deployToCertificate(ctx context.Context, certPEM s
if err != nil { if err != nil {
return fmt.Errorf("failed to execute sdk request 'kong.UpdateCertificate': %w", err) return fmt.Errorf("failed to execute sdk request 'kong.UpdateCertificate': %w", err)
} }
}
return nil return nil
} }
func createSDKClient(serverUrl, workspace, apiKey string, skipTlsVerify bool) (*kong.Client, error) { func createSDKClient(serverUrl, workspace, apiToken string, skipTlsVerify bool) (*kong.Client, error) {
httpClient := &http.Client{ httpClient := &http.Client{
Transport: xhttp.NewDefaultTransport(), Transport: xhttp.NewDefaultTransport(),
Timeout: http.DefaultClient.Timeout, Timeout: http.DefaultClient.Timeout,
@ -138,12 +121,23 @@ func createSDKClient(serverUrl, workspace, apiKey string, skipTlsVerify bool) (*
} }
transport.TLSClientConfig.InsecureSkipVerify = true transport.TLSClientConfig.InsecureSkipVerify = true
httpClient.Transport = transport httpClient.Transport = transport
} else {
httpClient.Transport = http.DefaultTransport
}
httpHeaders := http.Header{}
if apiToken != "" {
httpHeaders.Set("Kong-Admin-Token", apiToken)
}
client, err := kong.NewClient(kong.String(serverUrl), kong.HTTPClientWithHeaders(httpClient, httpHeaders))
if err != nil {
return nil, err
} }
baseUrl := strings.TrimRight(serverUrl, "/")
if workspace != "" { if workspace != "" {
baseUrl = fmt.Sprintf("%s/%s", baseUrl, url.PathEscape(workspace)) client.SetWorkspace(workspace)
} }
return kong.NewClient(kong.String(baseUrl), httpClient) return client, nil
} }

4
ui/src/components/access/AccessFormKongConfig.tsx
View File

@ -27,7 +27,7 @@ const AccessFormKongConfig = ({ form: formInst, formName, disabled, initialValue
const formSchema = z.object({ const formSchema = z.object({
serverUrl: z.url(t("common.errmsg.url_invalid")), serverUrl: z.url(t("common.errmsg.url_invalid")),
apiToken: z.string().nonempty(t("access.form.kong_api_token.placeholder")), apiToken: z.string().nullish(),
allowInsecureConnections: z.boolean().nullish(), allowInsecureConnections: z.boolean().nullish(),
}); });
const formRule = createSchemaFieldRule(formSchema); const formRule = createSchemaFieldRule(formSchema);
@ -55,7 +55,7 @@ const AccessFormKongConfig = ({ form: formInst, formName, disabled, initialValue
rules={[formRule]} rules={[formRule]}
tooltip={<span dangerouslySetInnerHTML={{ __html: t("access.form.kong_api_token.tooltip") }}></span>} tooltip={<span dangerouslySetInnerHTML={{ __html: t("access.form.kong_api_token.tooltip") }}></span>}
> >
<Input.Password autoComplete="new-password" placeholder={t("access.form.kong_api_token.placeholder")} /> <Input.Password allowClear autoComplete="new-password" placeholder={t("access.form.kong_api_token.placeholder")} />
</Form.Item> </Form.Item>
<Form.Item name="allowInsecureConnections" label={t("access.form.common_allow_insecure_conns.label")} rules={[formRule]}> <Form.Item name="allowInsecureConnections" label={t("access.form.common_allow_insecure_conns.label")} rules={[formRule]}>

2
ui/src/i18n/locales/en/nls.access.json
View File

@ -288,7 +288,7 @@
"access.form.k8s_kubeconfig.tooltip": "For more information, see <a href=\"https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/\" target=\"_blank\">https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/</a><br><br>Leave it blank to use the Pod's ServiceAccount.", "access.form.k8s_kubeconfig.tooltip": "For more information, see <a href=\"https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/\" target=\"_blank\">https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/</a><br><br>Leave it blank to use the Pod's ServiceAccount.",
"access.form.kong_server_url.label": "Kong admin API server URL", "access.form.kong_server_url.label": "Kong admin API server URL",
"access.form.kong_server_url.placeholder": "Please enter Kong admin API server URL", "access.form.kong_server_url.placeholder": "Please enter Kong admin API server URL",
"access.form.kong_api_token.label": "Kong admin API token", "access.form.kong_api_token.label": "Kong admin API token (Optional)",
"access.form.kong_api_token.placeholder": "Please enter Kong admin API token", "access.form.kong_api_token.placeholder": "Please enter Kong admin API token",
"access.form.kong_api_token.tooltip": "For more information, see <a href=\"https://developer.konghq.com/admin-api/\" target=\"_blank\">https://developer.konghq.com/admin-api/</a>", "access.form.kong_api_token.tooltip": "For more information, see <a href=\"https://developer.konghq.com/admin-api/\" target=\"_blank\">https://developer.konghq.com/admin-api/</a>",
"access.form.larkbot_webhook_url.label": "Lark bot Webhook URL", "access.form.larkbot_webhook_url.label": "Lark bot Webhook URL",

2
ui/src/i18n/locales/zh/nls.access.json
View File

@ -288,7 +288,7 @@
"access.form.k8s_kubeconfig.tooltip": "这是什么?请参阅 <a href=\"https://kubernetes.io/zh-cn/docs/concepts/configuration/organize-cluster-access-kubeconfig/\" target=\"_blank\">https://kubernetes.io/zh-cn/docs/concepts/configuration/organize-cluster-access-kubeconfig/</a><br><br>为空时,将使用 Pod 的 ServiceAccount 作为凭证。", "access.form.k8s_kubeconfig.tooltip": "这是什么?请参阅 <a href=\"https://kubernetes.io/zh-cn/docs/concepts/configuration/organize-cluster-access-kubeconfig/\" target=\"_blank\">https://kubernetes.io/zh-cn/docs/concepts/configuration/organize-cluster-access-kubeconfig/</a><br><br>为空时,将使用 Pod 的 ServiceAccount 作为凭证。",
"access.form.kong_server_url.label": "Kong Admin API 服务地址", "access.form.kong_server_url.label": "Kong Admin API 服务地址",
"access.form.kong_server_url.placeholder": "请输入 Kong Admin API 服务地址", "access.form.kong_server_url.placeholder": "请输入 Kong Admin API 服务地址",
"access.form.kong_api_token.label": "Kong Admin API Token", "access.form.kong_api_token.label": "Kong Admin API Token(可选)",
"access.form.kong_api_token.placeholder": "请输入 Kong Admin API Token", "access.form.kong_api_token.placeholder": "请输入 Kong Admin API Token",
"access.form.kong_api_token.tooltip": "这是什么?请参阅 <a href=\"https://developer.konghq.com/admin-api/\" target=\"_blank\">https://developer.konghq.com/admin-api/</a>", "access.form.kong_api_token.tooltip": "这是什么?请参阅 <a href=\"https://developer.konghq.com/admin-api/\" target=\"_blank\">https://developer.konghq.com/admin-api/</a>",
"access.form.larkbot_webhook_url.label": "飞书群机器人 Webhook 地址", "access.form.larkbot_webhook_url.label": "飞书群机器人 Webhook 地址",