wood/certimate
1
0
Fork 0
mirror of https://github.com/woodchen-ink/certimate.git synced 2025-07-18 17:31:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #415 from fudiwei/feat/new-workflow

Browse Source 
feat: more providers
This commit is contained in:
Yoan.liu 2025-01-14 08:18:03 +08:00 committed by GitHub
commit 493f2a508b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
48 changed files with 1250 additions and 401 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

95
README.md
View File

@ -16,7 +16,7 @@ Certimate 就是为了解决上述问题而产生的,它具有以下特点:
1. 操作简单:自动申请、部署、续期 SSL 证书,全程无需人工干预。
2. 支持私有部署部署方法简单只需下载二进制文件执行即可。二进制文件、Docker 镜像全部用 Github Actions 生成,过程透明,可自行审计。
3. 数据安全:由于是私有部署,所有数据均存储在本地,不会保存在服务商的服务器,确保数据的安全性。
3. 数据安全:由于是私有部署,所有数据均存储在本地,不会保存在提供商的服务器,确保数据的安全性。
相关文章:
@ -76,49 +76,78 @@ make local.run
[![观看视频](https://i.imgur.com/4DAUKEE.gif)](https://www.bilibili.com/video/BV1xockeZEm2)
## 三、支持的服务商列表
## 三、支持的提供商列表
| 服务商 | 支持申请证书 | 支持部署证书 | 备注 |
| :--------: | :----------: | :----------: | ----------------------------------------------------------------- |
| 阿里云 | √ | √ | 可签发在阿里云注册的域名;可部署到阿里云 OSS、CDN、SLB |
| 腾讯云 | √ | √ | 可签发在腾讯云注册的域名;可部署到腾讯云 COS、CDN、ECDN、CLB、TEO |
| 百度智能云 | | √ | 可部署到百度智能云 CDN |
| 华为云 | √ | √ | 可签发在华为云注册的域名;可部署到华为云 CDN、ELB |
| 七牛云 | | √ | 可部署到七牛云 CDN |
| 多吉云 | | √ | 可部署到多吉云 CDN |
| 火山引擎 | √ | √ | 可签发在火山引擎注册的域名;可部署到火山引擎 Live、CDN |
| AWS | √ | | 可签发在 AWS Route53 托管的域名 |
| CloudFlare | √ | | 可签发在 CloudFlare 注册的域名CloudFlare 服务自带 SSL 证书 |
| GoDaddy | √ | | 可签发在 GoDaddy 注册的域名 |
| Name.com | √ | | 可签发在 Name.com 注册的域名 |
| NameSilo | √ | | 可签发在 NameSilo 注册的域名 |
| PowerDNS | √ | | 可签发在 PowerDNS 托管的域名 |
| HTTP 请求 | √ | | 可签发允许通过 HTTP 请求修改 DNS 的域名 |
| 本地部署 | | √ | 可部署到本地服务器 |
| SSH | | √ | 可部署到 SSH 服务器 |
| Webhook | | √ | 可部署时回调到 Webhook |
| Kubernetes | | √ | 可部署到 Kubernetes Secret |
### 证书申请
支持以下的 DNS 提供商的托管域名:
<details>
<summary>[展开查看]</summary>
| 提供商 | 备注 |
| :--------------------------------------------- | :-------------------------------------- |
| [阿里云](https://www.aliyun.com/) | |
| [腾讯云](https://cloud.tencent.com/) | |
| [华为云](https://www.huaweicloud.com/) | |
| [火山引擎](https://www.volcengine.com/) | |
| [AWS Route53](https://aws.amazon.com/route53/) | |
| [Azure](https://azure.microsoft.com/) | |
| [CloudFlare](https://www.cloudflare.com/) | |
| [GoDaddy](https://www.godaddy.com/) | |
| [Name.com](https://www.name.com/) | |
| [NameSilo](https://www.namesilo.com/) | |
| [PowerDNS](https://www.powerdns.com/) | |
| ACME 代理 HTTP 请求 | 可申请允许通过 HTTP 请求修改 DNS 的域名 |
</details>
### 证书部署
支持以下的主机提供商:
<details>
<summary>[展开查看]</summary>
| 提供商 | 备注 |
| :-------------------------------------- | :------------------------------------------------------------- |
| 本地部署 | 可部署到本地服务器 |
| SSH 部署 | 可部署到远程服务器(通过 SSH+SFTP |
| Webhook 回调 | 可部署到 Webhook |
| [Kubernetes](https://kubernetes.io/) | 可部署到 Kubernetes Secret |
| [阿里云](https://www.aliyun.com/) | 可部署到阿里云 OSS、CDN、DCDN、SLBCLB/ALB/NLB、Live 等服务 |
| [腾讯云](https://cloud.tencent.com/) | 可部署到腾讯云 COS、CDN、ECDN、EdgeOne、CLB、CSS 等服务 |
| [百度智能云](https://cloud.baidu.com/) | 可部署到百度智能云 CDN 等服务 |
| [华为云](https://www.huaweicloud.com/) | 可部署到华为云 CDN、ELB 等服务 |
| [火山引擎](https://www.volcengine.com/) | 可部署到火山引擎 TOS、CDN、DCDN、CLB、Live 等服务 |
| [七牛云](https://www.qiniu.com/) | 可部署到七牛云 CDN |
| [多吉云](https://www.dogecloud.com/) | 可部署到多吉云 CDN |
| [BytePlus](https://www.byteplus.com/) | 可部署到 BytePlus CDN 等服务 |
</details>
## 四、概念
Certimate 的工作流程如下:
- 用户通过 Certimate 管理页面填写申请证书的信息包括域名、DNS 服务商的授权信息、以及要部署到的服务商的授权信息。
- 用户通过 Certimate 管理页面填写申请证书的信息包括域名、DNS 提供商的授权信息、以及要部署到的提供商的授权信息。
- Certimate 向证书厂商的 API 发起申请请求,获取 SSL 证书。
- Certimate 存储证书信息,包括证书内容、私钥、证书有效期等,并在证书即将过期时自动续期。
- Certimate 向服务商的 API 发起部署请求,将证书部署到服务商的服务器上。
- Certimate 向提供商的 API 发起部署请求,将证书部署到提供商的服务器上。
这就涉及域名、DNS 服务商的授权信息、部署服务商的授权信息等。
这就涉及域名、DNS 提供商的授权信息、部署提供商的授权信息等。
### 1. 域名
就是要申请证书的域名。
### 2. DNS 服务商授权信息
### 2. DNS 提供商授权信息
给域名申请证书需要证明域名是你的,所以我们手动申请证书的时候一般需要在域名服务商的控制台解析记录中添加一个 TXT 域名解析记录。
给域名申请证书需要证明域名是你的,所以我们手动申请证书的时候一般需要在域名提供商的控制台解析记录中添加一个 TXT 域名解析记录。
Certimate 会自动添加一个 TXT 域名解析记录,你只需要在 Certimate 后台中填写你的域名服务商的授权信息即可。
Certimate 会自动添加一个 TXT 域名解析记录,你只需要在 Certimate 后台中填写你的域名提供商的授权信息即可。
比如你在阿里云购买的域名,授权信息如下:
@ -134,15 +163,15 @@ secretId: your-secret-id
secretKey: your-secret-key
```
注意,此授权信息需具有访问域名及 DNS 解析的管理权限,具体的权限清单请参阅各服务商自己的技术文档。
注意,此授权信息需具有访问域名及 DNS 解析的管理权限,具体的权限清单请参阅各提供商自己的技术文档。
### 3. 部署服务商授权信息
### 3. 部署提供商授权信息
Certimate 申请证书后,会自动将证书部署到你指定的目标上,比如阿里云 CDNCertimate 会根据你填写的授权信息及域名找到对应的 CDN 服务,并将证书部署到对应的 CDN 服务上。
部署服务商授权信息和 DNS 服务商授权信息基本一致,区别在于 DNS 服务商授权信息用于证明域名是你的,部署服务商授权信息用于提供证书部署的授权信息。
部署提供商授权信息和 DNS 提供商授权信息基本一致,区别在于 DNS 提供商授权信息用于证明域名是你的,部署提供商授权信息用于提供证书部署的授权信息。
注意,此授权信息需具有访问部署目标服务的相关管理权限,具体的权限清单请参阅各服务商自己的技术文档。
注意,此授权信息需具有访问部署目标服务的相关管理权限,具体的权限清单请参阅各提供商自己的技术文档。
## 五、常见问题
@ -167,7 +196,7 @@ Certimate 是一个免费且开源的项目,采用 [MIT 开源协议](LICENSE.
- 提交代码:如果你发现了 Bug 或有新的功能需求,而你又有相关经验,可以[提交代码](CONTRIBUTING.md)给我们。
- 提交 Issue功能建议或者 Bug 可以[提交 Issue](https://github.com/usual2970/certimate/issues) 给我们。
支持更多服务商、UI 的优化改进、Bug 修复、文档完善等,欢迎大家提交 PR。
支持更多提供商、UI 的优化改进、Bug 修复、文档完善等,欢迎大家提交 PR。
## 七、免责声明

69
README_EN.md
View File

@ -77,26 +77,55 @@ password1234567890
## List of Supported Providers
| Provider | Registration | Deployment | Remarks |
| :-----------: | :----------: | :--------: | ----------------------------------------------------------------------------------------------------------- |
| Alibaba Cloud | √ | √ | Supports domains registered on Alibaba Cloud; supports deployment to Alibaba Cloud OSS, CDN,SLB |
| Tencent Cloud | √ | √ | Supports domains registered on Tencent Cloud; supports deployment to Tencent Cloud COS, CDN, ECDN, CLB, TEO |
| Baidu Cloud | | √ | Supports deployment to Baidu Cloud CDN |
| Huawei Cloud | √ | √ | Supports domains registered on Huawei Cloud; supports deployment to Huawei Cloud CDN, ELB |
| Qiniu Cloud | | √ | Supports deployment to Qiniu Cloud CDN |
| Doge Cloud | | √ | Supports deployment to Doge Cloud CDN |
| Volcengine | √ | √ | Supports domains registered on Volcengine; supports deployment to Volcengine Live, CDN |
| AWS | √ | | Supports domains managed on AWS Route53 |
| CloudFlare | √ | | Supports domains registered on CloudFlare; CloudFlare services come with SSL certificates |
| GoDaddy | √ | | Supports domains registered on GoDaddy |
| Name.com | √ | | Supports domains registered on Name.com |
| NameSilo | √ | | Supports domains registered on NameSilo |
| PowerDNS | √ | | Supports domains managed on PowerDNS |
| HTTP Request | √ | | Supports domains which allow managing DNS by HTTP request |
| Local Deploy | | √ | Supports deployment to local servers |
| SSH | | √ | Supports deployment to SSH servers |
| Webhook | | √ | Supports callback to Webhook |
| Kubernetes | | √ | Supports deployment to Kubernetes Secret |
### Request certificates
The following DNS providers are supported:
<details>
<summary>[Fold/Unfold to view ...]</summary>
| Provider | Remarks |
| :--------------------------------------------- | :------------------------------------ |
| [Alibaba Cloud](https://www.alibabacloud.com/) | |
| [Tencent Cloud](https://www.tencentcloud.com/) | |
| [Huawei Cloud](https://www.huaweicloud.com/) | |
| [Volcengine](https://www.volcengine.com/) | |
| [AWS Route53](https://aws.amazon.com/route53/) | |
| [Azure DNS](https://azure.microsoft.com/) | |
| [CloudFlare](https://www.cloudflare.com/) | |
| [GoDaddy](https://www.godaddy.com/) | |
| [Name.com](https://www.name.com/) | |
| [NameSilo](https://www.namesilo.com/) | |
| [PowerDNS](https://www.powerdns.com/) | |
| ACME Proxy HTTP Request | Supports managing DNS by HTTP request |
</details>
### Deploy certificates
The following hosting providers are supported:
<details>
<summary>[Fold/Unfold to view ...]</summary>
| Provider | Remarks |
| :---------------------------------------------- | :-------------------------------------------------------------------------- |
| Local | Supports deployment to local servers |
| SSH | Supports deployment to remote servers (via SSH+SFTP) |
| Webhook | Supports deployment to Webhook |
| [Kubernetes](https://kubernetes.io/) | Supports deployment to Kubernetes Secret |
| [Alibaba Cloud](https://www.alibabacloud.com/) | Supports deployment to Alibaba Cloud OSS, CDN, DCDN, SLB(CLB/ALB/NLB), Live |
| [Tencent Cloud](https://www.tencentcloud.com/) | Supports deployment to Tencent Cloud COS, CDN, ECDN, EdgeOne, CLB, CSS |
| [Baidu AI Cloud](https://intl.cloud.baidu.com/) | Supports deployment to Baidu AI CLoud CDN |
| [Huawei Cloud](https://www.huaweicloud.com/) | Supports deployment to Huawei Cloud CDN, ELB |
| [Volcengine](https://www.volcengine.com/) | Supports deployment to Volcengine TOS, CDN, DCDN, CLB, Live |
| [Qiniu Cloud](https://www.qiniu.com/) | Supports deployment to Qiniu Cloud CDN |
| [Doge Cloud](https://www.dogecloud.com/) | Supports deployment to Doge Cloud CDN |
| [BytePlus](https://www.byteplus.com/) | Supports deployment to BytePlus CDN |
</details>
## Concepts

6
go.mod
View File

@ -10,6 +10,7 @@ require (
github.com/alibabacloud-go/cas-20200407/v3 v3.0.4
github.com/alibabacloud-go/cdn-20180510/v5 v5.2.2
github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.10
github.com/alibabacloud-go/live-20161101 v1.1.1
github.com/alibabacloud-go/nlb-20220430/v2 v2.0.3
github.com/alibabacloud-go/slb-20140515/v4 v4.0.9
github.com/alibabacloud-go/tea v1.2.2
@ -29,7 +30,8 @@ require (
github.com/qiniu/go-sdk/v7 v7.25.1
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdn v1.0.1065
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/clb v1.0.1065
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1065
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1080
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/live v1.0.1080
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl v1.0.1065
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo v1.0.1065
github.com/volcengine/ve-tos-golang-sdk/v2 v2.7.8
@ -102,7 +104,7 @@ require (
github.com/alibabacloud-go/openapi-util v0.1.1 // indirect
github.com/alibabacloud-go/tea-utils v1.4.5 // indirect
github.com/alibabacloud-go/tea-xml v1.1.3 // indirect
github.com/aliyun/alibaba-cloud-sdk-go v1.63.72 // indirect
github.com/aliyun/alibaba-cloud-sdk-go v1.63.80 // indirect
github.com/aliyun/credentials-go v1.3.10 // indirect
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
github.com/aws/aws-sdk-go-v2 v1.32.7 // indirect

13
go.sum
View File

@ -125,6 +125,7 @@ github.com/alibabacloud-go/darabonba-encode-util v0.0.2/go.mod h1:JiW9higWHYXm7F
github.com/alibabacloud-go/darabonba-map v0.0.2 h1:qvPnGB4+dJbJIxOOfawxzF3hzMnIpjmafa0qOTp6udc=
github.com/alibabacloud-go/darabonba-map v0.0.2/go.mod h1:28AJaX8FOE/ym8OUFWga+MtEzBunJwQGceGQlvaPGPc=
github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.0/go.mod h1:5JHVmnHvGzR2wNdgaW1zDLQG8kOC4Uec8ubkMogW7OQ=
github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.2/go.mod h1:5JHVmnHvGzR2wNdgaW1zDLQG8kOC4Uec8ubkMogW7OQ=
github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.5/go.mod h1:kUe8JqFmoVU7lfBauaDD5taFaW7mBI+xVsyHutYtabg=
github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.7/go.mod h1:CzQnh+94WDnJOnKZH5YRyouL+OOcdBnXY5VWAf0McgI=
github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.9/go.mod h1:bb+Io8Sn2RuM3/Rpme6ll86jMyFSrD1bxeV/+v61KeU=
@ -142,6 +143,8 @@ github.com/alibabacloud-go/debug v1.0.1 h1:MsW9SmUtbb1Fnt3ieC6NNZi6aEwrXfDksD4QA
github.com/alibabacloud-go/debug v1.0.1/go.mod h1:8gfgZCCAC3+SCzjWtY053FrOcd4/qlH6IHTI4QyICOc=
github.com/alibabacloud-go/endpoint-util v1.1.0 h1:r/4D3VSw888XGaeNpP994zDUaxdgTSHBbVfZlzf6b5Q=
github.com/alibabacloud-go/endpoint-util v1.1.0/go.mod h1:O5FuCALmCKs2Ff7JFJMudHs0I5EBgecXXxZRyswlEjE=
github.com/alibabacloud-go/live-20161101 v1.1.1 h1:rUGfA8RHmCMtQ5M3yMSyRde+yRXWqVecmiXBU3XrGJ8=
github.com/alibabacloud-go/live-20161101 v1.1.1/go.mod h1:g84w6qeAodT0/IHdc0tEed2a8PyhQhYl7TAj3jGl4A4=
github.com/alibabacloud-go/nlb-20220430/v2 v2.0.3 h1:LtyUVlgBEKyzWgQJurzXM6MXCt84sQr9cE5OKqYymko=
github.com/alibabacloud-go/nlb-20220430/v2 v2.0.3/go.mod h1:4a/RcBYeAhYowHzX+LMgnouz7NradnSKPKl14KS3B1U=
github.com/alibabacloud-go/openapi-util v0.0.11/go.mod h1:sQuElr4ywwFRlCCberQwKRFhRzIyG4QTP/P4y1CJ6Ws=
@ -175,6 +178,7 @@ github.com/alibabacloud-go/tea-utils v1.3.6/go.mod h1:EI/o33aBfj3hETm4RLiAxF/ThQ
github.com/alibabacloud-go/tea-utils v1.4.5 h1:h0/6Xd2f3bPE4XHTvkpjwxowIwRCJAJOqY6Eq8f3zfA=
github.com/alibabacloud-go/tea-utils v1.4.5/go.mod h1:KNcT0oXlZZxOXINnZBs6YvgOd5aYp9U67G+E3R8fcQw=
github.com/alibabacloud-go/tea-utils/v2 v2.0.0/go.mod h1:U5MTY10WwlquGPS34DOeomUGBB0gXbLueiq5Trwu0C4=
github.com/alibabacloud-go/tea-utils/v2 v2.0.1/go.mod h1:U5MTY10WwlquGPS34DOeomUGBB0gXbLueiq5Trwu0C4=
github.com/alibabacloud-go/tea-utils/v2 v2.0.4/go.mod h1:sj1PbjPodAVTqGTA3olprfeeqqmwD0A5OQz94o9EuXQ=
github.com/alibabacloud-go/tea-utils/v2 v2.0.5/go.mod h1:dL6vbUT35E4F4bFTHL845eUloqaerYBYPsdWR2/jhe4=
github.com/alibabacloud-go/tea-utils/v2 v2.0.6 h1:ZkmUlhlQbaDC+Eba/GARMPy6hKdCLiSke5RsN5LcyQ0=
@ -183,8 +187,8 @@ github.com/alibabacloud-go/tea-xml v1.1.1/go.mod h1:Rq08vgCcCAjHyRi/M7xlHKUykZCE
github.com/alibabacloud-go/tea-xml v1.1.2/go.mod h1:Rq08vgCcCAjHyRi/M7xlHKUykZCEtyBy9+DPF6GgEu8=
github.com/alibabacloud-go/tea-xml v1.1.3 h1:7LYnm+JbOq2B+T/B0fHC4Ies4/FofC4zHzYtqw7dgt0=
github.com/alibabacloud-go/tea-xml v1.1.3/go.mod h1:Rq08vgCcCAjHyRi/M7xlHKUykZCEtyBy9+DPF6GgEu8=
github.com/aliyun/alibaba-cloud-sdk-go v1.63.72 h1:HvFZUzEbNvfe8F2Mg0wBGv90bPhWDxgVtDHR5zoBOU0=
github.com/aliyun/alibaba-cloud-sdk-go v1.63.72/go.mod h1:SOSDHfe1kX91v3W5QiBsWSLqeLxImobbMX1mxrFHsVQ=
github.com/aliyun/alibaba-cloud-sdk-go v1.63.80 h1:Dn5QrIWYgi7IZJkuhrAe33x/jFWlbHCW3Dip1Tv3z9c=
github.com/aliyun/alibaba-cloud-sdk-go v1.63.80/go.mod h1:SOSDHfe1kX91v3W5QiBsWSLqeLxImobbMX1mxrFHsVQ=
github.com/aliyun/aliyun-oss-go-sdk v3.0.2+incompatible h1:8psS8a+wKfiLt1iVDX79F7Y6wUM49Lcha2FMXt4UM8g=
github.com/aliyun/aliyun-oss-go-sdk v3.0.2+incompatible/go.mod h1:T/Aws4fEfogEE9v+HPhhw+CntffsBHJ8nXQCwKr0/g8=
github.com/aliyun/credentials-go v1.1.2/go.mod h1:ozcZaMR5kLM7pwtCMEpVmQ242suV6qTJya2bDq4X1Tw=
@ -824,10 +828,13 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdn v1.0.1065 h1:q0Op2Q
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdn v1.0.1065/go.mod h1:UiS7HMWbxGhO/y7nmnHuBMyP4qEDmJeooK6YKWNMuEw=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/clb v1.0.1065 h1:Kb/l5yh9M6Ow59ZRAMcdIBxsNT3uy8fZYh8xy2rM+xQ=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/clb v1.0.1065/go.mod h1:bgwicHdrBXLcgB4mQd8pWbSNuM7fIAjhxHfdZ/Hb7p4=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1065 h1:krcqtAmexnHHBm/4ge4tr2b1cn/a7JGBESVGoZYXQAE=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1065/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1080 h1:N+Urn1Sva75ZoYh9Gjf7A4kJAA3wWItxsoxyADZBol4=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1080/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dnspod v1.0.1065 h1:aEFtLD1ceyeljQXB1S2BjN0zjTkf0X3XmpuxFIiC29w=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dnspod v1.0.1065/go.mod h1:HWvwy09hFSMXrj9SMvVRWV4U7rZO3l+WuogyNuxiT3M=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/live v1.0.1080 h1:ygmXHhIedpjo0yFe6LbB+4ygHaVK8mnrwBAllfw7cX8=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/live v1.0.1080/go.mod h1:UuvtB7f2kQMCBC5vt8hbjWGEba8qzf5YWP+C3VLKY6w=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl v1.0.1065 h1:rHI/2WYmEBfnqVNo5iUy0gu0J7ekFBE/NDV/oKZv448=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl v1.0.1065/go.mod h1:nnd6/G8xfl7RMsm2XYdQT5SfjdxG/U09QaC6qO89JJg=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo v1.0.1065 h1:gDuqak8/kNgF99+ksk70JHjI1Poa5pmrgYDW6xYya8I=

34
internal/deployer/providers.go
View File

@ -9,6 +9,7 @@ import (
providerAliyunCDN "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aliyun-cdn"
providerAliyunCLB "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aliyun-clb"
providerAliyunDCDN "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aliyun-dcdn"
providerAliyunLive "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aliyun-live"
providerAliyunNLB "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aliyun-nlb"
providerAliyunOSS "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aliyun-oss"
providerBaiduCloudCDN "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/baiducloud-cdn"
@ -22,7 +23,8 @@ import (
providerSSH "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/ssh"
providerTencentCloudCDN "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/tencentcloud-cdn"
providerTencentCloudCLB "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/tencentcloud-clb"
providerTencentCloudCOD "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/tencentcloud-cos"
providerTencentCloudCOS "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/tencentcloud-cos"
providerTencentCloudCSS "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/tencentcloud-css"
providerTencentCloudECDN "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/tencentcloud-ecdn"
providerTencentCloudEO "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/tencentcloud-eo"
providerVolcEngineCDN "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/volcengine-cdn"
@ -43,7 +45,7 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, logger.Logger,
NOTICE: If you add new constant, please keep ASCII order.
*/
switch options.Provider {
case domain.DeployProviderTypeAliyunALB, domain.DeployProviderTypeAliyunCDN, domain.DeployProviderTypeAliyunCLB, domain.DeployProviderTypeAliyunDCDN, domain.DeployProviderTypeAliyunNLB, domain.DeployProviderTypeAliyunOSS:
case domain.DeployProviderTypeAliyunALB, domain.DeployProviderTypeAliyunCDN, domain.DeployProviderTypeAliyunCLB, domain.DeployProviderTypeAliyunDCDN, domain.DeployProviderTypeAliyunLive, domain.DeployProviderTypeAliyunNLB, domain.DeployProviderTypeAliyunOSS:
{
access := domain.AccessConfigForAliyun{}
if err := maps.Decode(options.ProviderAccessConfig, &access); err != nil {
@ -59,6 +61,7 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, logger.Logger,
ResourceType: providerAliyunALB.DeployResourceType(maps.GetValueAsString(options.ProviderDeployConfig, "resourceType")),
LoadbalancerId: maps.GetValueAsString(options.ProviderDeployConfig, "loadbalancerId"),
ListenerId: maps.GetValueAsString(options.ProviderDeployConfig, "listenerId"),
Domain: maps.GetValueAsString(options.ProviderDeployConfig, "domain"),
}, logger)
return deployer, logger, err
@ -77,7 +80,8 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, logger.Logger,
Region: maps.GetValueAsString(options.ProviderDeployConfig, "region"),
ResourceType: providerAliyunCLB.DeployResourceType(maps.GetValueAsString(options.ProviderDeployConfig, "resourceType")),
LoadbalancerId: maps.GetValueAsString(options.ProviderDeployConfig, "loadbalancerId"),
ListenerPort: maps.GetValueAsInt32(options.ProviderDeployConfig, "listenerPort"),
ListenerPort: maps.GetValueOrDefaultAsInt32(options.ProviderDeployConfig, "listenerPort", 443),
Domain: maps.GetValueAsString(options.ProviderDeployConfig, "domain"),
}, logger)
return deployer, logger, err
@ -89,6 +93,15 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, logger.Logger,
}, logger)
return deployer, logger, err
case domain.DeployProviderTypeAliyunLive:
deployer, err := providerAliyunLive.NewWithLogger(&providerAliyunLive.AliyunLiveDeployerConfig{
AccessKeyId: access.AccessKeyId,
AccessKeySecret: access.AccessKeySecret,
Region: maps.GetValueAsString(options.ProviderDeployConfig, "region"),
Domain: maps.GetValueAsString(options.ProviderDeployConfig, "domain"),
}, logger)
return deployer, logger, err
case domain.DeployProviderTypeAliyunNLB:
deployer, err := providerAliyunNLB.NewWithLogger(&providerAliyunNLB.AliyunNLBDeployerConfig{
AccessKeyId: access.AccessKeyId,
@ -251,10 +264,9 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, logger.Logger,
return nil, nil, fmt.Errorf("failed to decode provider access config: %w", err)
}
sshPort := access.Port
deployer, err := providerSSH.NewWithLogger(&providerSSH.SshDeployerConfig{
SshHost: access.Host,
SshPort: int32(sshPort),
SshPort: access.Port,
SshUsername: access.Username,
SshPassword: access.Password,
SshKey: access.Key,
@ -272,7 +284,7 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, logger.Logger,
return deployer, logger, err
}
case domain.DeployProviderTypeTencentCloudCDN, domain.DeployProviderTypeTencentCloudCLB, domain.DeployProviderTypeTencentCloudCOS, domain.DeployProviderTypeTencentCloudECDN, domain.DeployProviderTypeTencentCloudEO:
case domain.DeployProviderTypeTencentCloudCDN, domain.DeployProviderTypeTencentCloudCLB, domain.DeployProviderTypeTencentCloudCOS, domain.DeployProviderTypeTencentCloudCSS, domain.DeployProviderTypeTencentCloudECDN, domain.DeployProviderTypeTencentCloudEO:
{
access := domain.AccessConfigForTencentCloud{}
if err := maps.Decode(options.ProviderAccessConfig, &access); err != nil {
@ -301,7 +313,7 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, logger.Logger,
return deployer, logger, err
case domain.DeployProviderTypeTencentCloudCOS:
deployer, err := providerTencentCloudCOD.NewWithLogger(&providerTencentCloudCOD.TencentCloudCOSDeployerConfig{
deployer, err := providerTencentCloudCOS.NewWithLogger(&providerTencentCloudCOS.TencentCloudCOSDeployerConfig{
SecretId: access.SecretId,
SecretKey: access.SecretKey,
Region: maps.GetValueAsString(options.ProviderDeployConfig, "region"),
@ -310,6 +322,14 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, logger.Logger,
}, logger)
return deployer, logger, err
case domain.DeployProviderTypeTencentCloudCSS:
deployer, err := providerTencentCloudCSS.NewWithLogger(&providerTencentCloudCSS.TencentCloudCSSDeployerConfig{
SecretId: access.SecretId,
SecretKey: access.SecretKey,
Domain: maps.GetValueAsString(options.ProviderDeployConfig, "domain"),
}, logger)
return deployer, logger, err
case domain.DeployProviderTypeTencentCloudECDN:
deployer, err := providerTencentCloudECDN.NewWithLogger(&providerTencentCloudECDN.TencentCloudECDNDeployerConfig{
SecretId: access.SecretId,

2
internal/domain/access.go
View File

@ -103,7 +103,7 @@ type AccessConfigForQiniu struct {
type AccessConfigForSSH struct {
Host string `json:"host"`
Port int `json:"port"`
Port int32 `json:"port"`
Username string `json:"username"`
Password string `json:"password"`
Key string `json:"key"`

2
internal/domain/provider.go
View File

@ -74,6 +74,7 @@ const (
DeployProviderTypeAliyunCDN = DeployProviderType("aliyun-cdn")
DeployProviderTypeAliyunCLB = DeployProviderType("aliyun-clb")
DeployProviderTypeAliyunDCDN = DeployProviderType("aliyun-dcdn")
DeployProviderTypeAliyunLive = DeployProviderType("aliyun-live")
DeployProviderTypeAliyunNLB = DeployProviderType("aliyun-nlb")
DeployProviderTypeAliyunOSS = DeployProviderType("aliyun-oss")
DeployProviderTypeBaiduCloudCDN = DeployProviderType("baiducloud-cdn")
@ -88,6 +89,7 @@ const (
DeployProviderTypeTencentCloudCDN = DeployProviderType("tencentcloud-cdn")
DeployProviderTypeTencentCloudCLB = DeployProviderType("tencentcloud-clb")
DeployProviderTypeTencentCloudCOS = DeployProviderType("tencentcloud-cos")
DeployProviderTypeTencentCloudCSS = DeployProviderType("tencentcloud-css")
DeployProviderTypeTencentCloudECDN = DeployProviderType("tencentcloud-ecdn")
DeployProviderTypeTencentCloudEO = DeployProviderType("tencentcloud-eo")
DeployProviderTypeVolcEngineCDN = DeployProviderType("volcengine-cdn")

258
internal/pkg/core/deployer/providers/aliyun-alb/aliyun_alb.go
View File

@ -4,12 +4,16 @@ import (
"context"
"errors"
"fmt"
"strconv"
"strings"
"time"
aliyunAlb "github.com/alibabacloud-go/alb-20200616/v2/client"
aliyunCas "github.com/alibabacloud-go/cas-20200407/v3/client"
aliyunOpen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
"github.com/alibabacloud-go/tea/tea"
xerrors "github.com/pkg/errors"
"golang.org/x/exp/slices"
"github.com/usual2970/certimate/internal/pkg/core/deployer"
"github.com/usual2970/certimate/internal/pkg/core/logger"
@ -32,17 +36,25 @@ type AliyunALBDeployerConfig struct {
// 负载均衡监听 ID。
// 部署资源类型为 [DEPLOY_RESOURCE_LISTENER] 时必填。
ListenerId string `json:"listenerId,omitempty"`
// SNI 域名(支持泛域名)。
// 部署资源类型为 [DEPLOY_RESOURCE_LOADBALANCER]、[DEPLOY_RESOURCE_LISTENER] 时选填。
Domain string `json:"domain,omitempty"`
}
type AliyunALBDeployer struct {
config *AliyunALBDeployerConfig
logger logger.Logger
sdkClient *aliyunAlb.Client
sdkClients *wSdkClients
sslUploader uploader.Uploader
}
var _ deployer.Deployer = (*AliyunALBDeployer)(nil)
type wSdkClients struct {
alb *aliyunAlb.Client
cas *aliyunCas.Client
}
func New(config *AliyunALBDeployerConfig) (*AliyunALBDeployer, error) {
return NewWithLogger(config, logger.NewNilLogger())
}
@ -56,9 +68,9 @@ func NewWithLogger(config *AliyunALBDeployerConfig, logger logger.Logger) (*Aliy
return nil, errors.New("logger is nil")
}
client, err := createSdkClient(config.AccessKeyId, config.AccessKeySecret, config.Region)
clients, err := createSdkClients(config.AccessKeyId, config.AccessKeySecret, config.Region)
if err != nil {
return nil, xerrors.Wrap(err, "failed to create sdk client")
return nil, xerrors.Wrap(err, "failed to create sdk clients")
}
aliyunCasRegion := config.Region
@ -84,7 +96,7 @@ func NewWithLogger(config *AliyunALBDeployerConfig, logger logger.Logger) (*Aliy
return &AliyunALBDeployer{
logger: logger,
config: config,
sdkClient: client,
sdkClients: clients,
sslUploader: uploader,
}, nil
}
@ -122,14 +134,12 @@ func (d *AliyunALBDeployer) deployToLoadbalancer(ctx context.Context, cloudCertI
return errors.New("config `loadbalancerId` is required")
}
listenerIds := make([]string, 0)
// 查询负载均衡实例的详细信息
// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-getloadbalancerattribute
getLoadBalancerAttributeReq := &aliyunAlb.GetLoadBalancerAttributeRequest{
LoadBalancerId: tea.String(d.config.LoadbalancerId),
}
getLoadBalancerAttributeResp, err := d.sdkClient.GetLoadBalancerAttribute(getLoadBalancerAttributeReq)
getLoadBalancerAttributeResp, err := d.sdkClients.alb.GetLoadBalancerAttribute(getLoadBalancerAttributeReq)
if err != nil {
return xerrors.Wrap(err, "failed to execute sdk request 'alb.GetLoadBalancerAttribute'")
}
@ -138,7 +148,7 @@ func (d *AliyunALBDeployer) deployToLoadbalancer(ctx context.Context, cloudCertI
// 查询 HTTPS 监听列表
// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-listlisteners
listListenersPage := 1
listenerIds := make([]string, 0)
listListenersLimit := int32(100)
var listListenersToken *string = nil
for {
@ -148,7 +158,7 @@ func (d *AliyunALBDeployer) deployToLoadbalancer(ctx context.Context, cloudCertI
LoadBalancerIds: []*string{tea.String(d.config.LoadbalancerId)},
ListenerProtocol: tea.String("HTTPS"),
}
listListenersResp, err := d.sdkClient.ListListeners(listListenersReq)
listListenersResp, err := d.sdkClients.alb.ListListeners(listListenersReq)
if err != nil {
return xerrors.Wrap(err, "failed to execute sdk request 'alb.ListListeners'")
}
@ -163,7 +173,6 @@ func (d *AliyunALBDeployer) deployToLoadbalancer(ctx context.Context, cloudCertI
break
} else {
listListenersToken = listListenersResp.Body.NextToken
listListenersPage += 1
}
}
@ -171,7 +180,6 @@ func (d *AliyunALBDeployer) deployToLoadbalancer(ctx context.Context, cloudCertI
// 查询 QUIC 监听列表
// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-listlisteners
listListenersPage = 1
listListenersToken = nil
for {
listListenersReq := &aliyunAlb.ListListenersRequest{
@ -180,7 +188,7 @@ func (d *AliyunALBDeployer) deployToLoadbalancer(ctx context.Context, cloudCertI
LoadBalancerIds: []*string{tea.String(d.config.LoadbalancerId)},
ListenerProtocol: tea.String("QUIC"),
}
listListenersResp, err := d.sdkClient.ListListeners(listListenersReq)
listListenersResp, err := d.sdkClients.alb.ListListeners(listListenersReq)
if err != nil {
return xerrors.Wrap(err, "failed to execute sdk request 'alb.ListListeners'")
}
@ -195,21 +203,26 @@ func (d *AliyunALBDeployer) deployToLoadbalancer(ctx context.Context, cloudCertI
break
} else {
listListenersToken = listListenersResp.Body.NextToken
listListenersPage += 1
}
}
d.logger.Logt("已查询到 ALB 负载均衡实例下的全部 QUIC 监听", listenerIds)
// 批量更新监听证书
var errs []error
for _, listenerId := range listenerIds {
if err := d.updateListenerCertificate(ctx, listenerId, cloudCertId); err != nil {
errs = append(errs, err)
// 遍历更新监听证书
if len(listenerIds) == 0 {
return xerrors.New("listener not found")
} else {
var errs []error
for _, listenerId := range listenerIds {
if err := d.updateListenerCertificate(ctx, listenerId, cloudCertId); err != nil {
errs = append(errs, err)
}
}
if len(errs) > 0 {
return errors.Join(errs...)
}
}
if len(errs) > 0 {
return errors.Join(errs...)
}
return nil
@ -234,57 +247,202 @@ func (d *AliyunALBDeployer) updateListenerCertificate(ctx context.Context, cloud
getListenerAttributeReq := &aliyunAlb.GetListenerAttributeRequest{
ListenerId: tea.String(cloudListenerId),
}
getListenerAttributeResp, err := d.sdkClient.GetListenerAttribute(getListenerAttributeReq)
getListenerAttributeResp, err := d.sdkClients.alb.GetListenerAttribute(getListenerAttributeReq)
if err != nil {
return xerrors.Wrap(err, "failed to execute sdk request 'alb.GetListenerAttribute'")
}
d.logger.Logt("已查询到 ALB 监听配置", getListenerAttributeResp)
// 修改监听的属性
// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-updatelistenerattribute
updateListenerAttributeReq := &aliyunAlb.UpdateListenerAttributeRequest{
ListenerId: tea.String(cloudListenerId),
Certificates: []*aliyunAlb.UpdateListenerAttributeRequestCertificates{{
CertificateId: tea.String(cloudCertId),
}},
}
updateListenerAttributeResp, err := d.sdkClient.UpdateListenerAttribute(updateListenerAttributeReq)
if err != nil {
return xerrors.Wrap(err, "failed to execute sdk request 'alb.UpdateListenerAttribute'")
}
if d.config.Domain == "" {
// 未指定 SNI只需部署到监听器
d.logger.Logt("已更新 ALB 监听配置", updateListenerAttributeResp)
// 修改监听的属性
// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-updatelistenerattribute
updateListenerAttributeReq := &aliyunAlb.UpdateListenerAttributeRequest{
ListenerId: tea.String(cloudListenerId),
Certificates: []*aliyunAlb.UpdateListenerAttributeRequestCertificates{{
CertificateId: tea.String(cloudCertId),
}},
}
updateListenerAttributeResp, err := d.sdkClients.alb.UpdateListenerAttribute(updateListenerAttributeReq)
if err != nil {
return xerrors.Wrap(err, "failed to execute sdk request 'alb.UpdateListenerAttribute'")
}
// TODO: #347
d.logger.Logt("已更新 ALB 监听配置", updateListenerAttributeResp)
} else {
// 指定 SNI需部署到扩展域名支持泛域名
// 查询监听证书列表
// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-listlistenercertificates
listenerCertificates := make([]aliyunAlb.ListListenerCertificatesResponseBodyCertificates, 0)
listListenerCertificatesLimit := int32(100)
var listListenerCertificatesToken *string = nil
for {
listListenerCertificatesReq := &aliyunAlb.ListListenerCertificatesRequest{
NextToken: listListenerCertificatesToken,
MaxResults: tea.Int32(listListenerCertificatesLimit),
ListenerId: tea.String(cloudListenerId),
CertificateType: tea.String("Server"),
}
listListenerCertificatesResp, err := d.sdkClients.alb.ListListenerCertificates(listListenerCertificatesReq)
if err != nil {
return xerrors.Wrap(err, "failed to execute sdk request 'alb.ListListenerCertificates'")
}
if listListenerCertificatesResp.Body.Certificates != nil {
for _, listenerCertificate := range listListenerCertificatesResp.Body.Certificates {
listenerCertificates = append(listenerCertificates, *listenerCertificate)
}
}
if len(listListenerCertificatesResp.Body.Certificates) == 0 || listListenerCertificatesResp.Body.NextToken == nil {
break
} else {
listListenerCertificatesToken = listListenerCertificatesResp.Body.NextToken
}
}
d.logger.Logt("已查询到 ALB 监听下全部证书", listenerCertificates)
// 遍历查询监听证书,并找出需要解除关联的证书
// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-listlistenercertificates
// REF: https://help.aliyun.com/zh/ssl-certificate/developer-reference/api-cas-2020-04-07-getusercertificatedetail
certificateIsAssociated := false
certificateIdsExpired := make([]string, 0)
if len(listenerCertificates) > 0 {
var errs []error
for _, listenerCertificate := range listenerCertificates {
if *listenerCertificate.CertificateId == cloudCertId {
certificateIsAssociated = true
continue
}
if *listenerCertificate.IsDefault || !strings.EqualFold(*listenerCertificate.Status, "Associated") {
continue
}
listenerCertificateId, err := strconv.ParseInt(*listenerCertificate.CertificateId, 10, 64)
if err != nil {
errs = append(errs, err)
continue
}
getUserCertificateDetailReq := &aliyunCas.GetUserCertificateDetailRequest{
CertId: tea.Int64(listenerCertificateId),
}
getUserCertificateDetailResp, err := d.sdkClients.cas.GetUserCertificateDetail(getUserCertificateDetailReq)
if err != nil {
errs = append(errs, xerrors.Wrap(err, "failed to execute sdk request 'cas.GetUserCertificateDetail'"))
continue
}
certCnMatched := getUserCertificateDetailResp.Body.Common != nil && *getUserCertificateDetailResp.Body.Common == d.config.Domain
certSanMatched := getUserCertificateDetailResp.Body.Sans != nil && slices.Contains(strings.Split(*getUserCertificateDetailResp.Body.Sans, ","), d.config.Domain)
if !certCnMatched && !certSanMatched {
continue
}
certEndDate, _ := time.Parse("2006-01-02", *getUserCertificateDetailResp.Body.EndDate)
if time.Now().Before(certEndDate) {
continue
}
certificateIdsExpired = append(certificateIdsExpired, *listenerCertificate.CertificateId)
}
if len(errs) > 0 {
return errors.Join(errs...)
}
}
// 关联监听和扩展证书
// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-associateadditionalcertificateswithlistener
if !certificateIsAssociated {
associateAdditionalCertificatesFromListenerReq := &aliyunAlb.AssociateAdditionalCertificatesWithListenerRequest{
ListenerId: tea.String(cloudListenerId),
Certificates: []*aliyunAlb.AssociateAdditionalCertificatesWithListenerRequestCertificates{
{
CertificateId: tea.String(cloudCertId),
},
},
}
associateAdditionalCertificatesFromListenerResp, err := d.sdkClients.alb.AssociateAdditionalCertificatesWithListener(associateAdditionalCertificatesFromListenerReq)
if err != nil {
return xerrors.Wrap(err, "failed to execute sdk request 'alb.AssociateAdditionalCertificatesWithListener'")
}
d.logger.Logt("已关联 ALB 监听和扩展证书", associateAdditionalCertificatesFromListenerResp)
}
// 解除关联监听和扩展证书
// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-dissociateadditionalcertificatesfromlistener
if len(certificateIdsExpired) > 0 {
dissociateAdditionalCertificates := make([]*aliyunAlb.DissociateAdditionalCertificatesFromListenerRequestCertificates, 0)
for _, certificateId := range certificateIdsExpired {
dissociateAdditionalCertificates = append(dissociateAdditionalCertificates, &aliyunAlb.DissociateAdditionalCertificatesFromListenerRequestCertificates{
CertificateId: tea.String(certificateId),
})
}
dissociateAdditionalCertificatesFromListenerReq := &aliyunAlb.DissociateAdditionalCertificatesFromListenerRequest{
ListenerId: tea.String(cloudListenerId),
Certificates: dissociateAdditionalCertificates,
}
dissociateAdditionalCertificatesFromListenerResp, err := d.sdkClients.alb.DissociateAdditionalCertificatesFromListener(dissociateAdditionalCertificatesFromListenerReq)
if err != nil {
return xerrors.Wrap(err, "failed to execute sdk request 'alb.DissociateAdditionalCertificatesFromListener'")
}
d.logger.Logt("已解除关联 ALB 监听和扩展证书", dissociateAdditionalCertificatesFromListenerResp)
}
}
return nil
}
func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliyunAlb.Client, error) {
if region == "" {
region = "cn-hangzhou"
}
// 接入点一览 https://www.alibabacloud.com/help/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-endpoint
var endpoint string
func createSdkClients(accessKeyId, accessKeySecret, region string) (*wSdkClients, error) {
// 接入点一览 https://www.alibabacloud.com/help/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-albEndpoint
var albEndpoint string
switch region {
case "cn-hangzhou-finance":
endpoint = "alb.cn-hangzhou.aliyuncs.com"
albEndpoint = "alb.cn-hangzhou.aliyuncs.com"
default:
endpoint = fmt.Sprintf("alb.%s.aliyuncs.com", region)
albEndpoint = fmt.Sprintf("alb.%s.aliyuncs.com", region)
}
config := &aliyunOpen.Config{
albConfig := &aliyunOpen.Config{
AccessKeyId: tea.String(accessKeyId),
AccessKeySecret: tea.String(accessKeySecret),
Endpoint: tea.String(endpoint),
Endpoint: tea.String(albEndpoint),
}
client, err := aliyunAlb.NewClient(config)
albClient, err := aliyunAlb.NewClient(albConfig)
if err != nil {
return nil, err
}
return client, nil
// 接入点一览 https://help.aliyun.com/zh/ssl-certificate/developer-reference/endpoints
var casEndpoint string
if !strings.HasPrefix(region, "cn-") {
casEndpoint = "cas.ap-southeast-1.aliyuncs.com"
} else {
casEndpoint = "cas.aliyuncs.com"
}
casConfig := &aliyunOpen.Config{
Endpoint: tea.String(casEndpoint),
AccessKeyId: tea.String(accessKeyId),
AccessKeySecret: tea.String(accessKeySecret),
}
casClient, err := aliyunCas.NewClient(casConfig)
if err != nil {
return nil, err
}
return &wSdkClients{
alb: albClient,
cas: casClient,
}, nil
}

8
internal/pkg/core/deployer/providers/aliyun-alb/aliyun_alb_test.go
View File

@ -19,6 +19,7 @@ var (
fRegion string
fLoadbalancerId string
fListenerId string
fDomain string
)
func init() {
@ -31,6 +32,7 @@ func init() {
flag.StringVar(&fRegion, argsPrefix+"REGION", "", "")
flag.StringVar(&fLoadbalancerId, argsPrefix+"LOADBALANCERID", "", "")
flag.StringVar(&fListenerId, argsPrefix+"LISTENERID", "", "")
flag.StringVar(&fDomain, argsPrefix+"DOMAIN", "", "")
}
/*
@ -43,7 +45,8 @@ Shell command to run this test:
--CERTIMATE_DEPLOYER_ALIYUNALB_ACCESSKEYSECRET="your-access-key-secret" \
--CERTIMATE_DEPLOYER_ALIYUNALB_REGION="cn-hangzhou" \
--CERTIMATE_DEPLOYER_ALIYUNALB_LOADBALANCERID="your-alb-instance-id" \
--CERTIMATE_DEPLOYER_ALIYUNALB_LISTENERID="your-alb-listener-id"
--CERTIMATE_DEPLOYER_ALIYUNALB_LISTENERID="your-alb-listener-id" \
--CERTIMATE_DEPLOYER_ALIYUNALB_DOMAIN="your-alb-sni-domain"
*/
func TestDeploy(t *testing.T) {
flag.Parse()
@ -57,6 +60,7 @@ func TestDeploy(t *testing.T) {
fmt.Sprintf("ACCESSKEYSECRET: %v", fAccessKeySecret),
fmt.Sprintf("REGION: %v", fRegion),
fmt.Sprintf("LOADBALANCERID: %v", fLoadbalancerId),
fmt.Sprintf("DOMAIN: %v", fDomain),
}, "\n"))
deployer, err := provider.New(&provider.AliyunALBDeployerConfig{
@ -65,6 +69,7 @@ func TestDeploy(t *testing.T) {
Region: fRegion,
ResourceType: provider.DEPLOY_RESOURCE_LOADBALANCER,
LoadbalancerId: fLoadbalancerId,
Domain: fDomain,
})
if err != nil {
t.Errorf("err: %+v", err)
@ -99,6 +104,7 @@ func TestDeploy(t *testing.T) {
Region: fRegion,
ResourceType: provider.DEPLOY_RESOURCE_LISTENER,
ListenerId: fListenerId,
Domain: fDomain,
})
if err != nil {
t.Errorf("err: %+v", err)

147
internal/pkg/core/deployer/providers/aliyun-clb/aliyun_clb.go
View File

@ -31,6 +31,9 @@ type AliyunCLBDeployerConfig struct {
// 负载均衡监听端口。
// 部署资源类型为 [DEPLOY_RESOURCE_LISTENER] 时必填。
ListenerPort int32 `json:"listenerPort,omitempty"`
// SNI 域名(支持泛域名)。
// 部署资源类型为 [DEPLOY_RESOURCE_LOADBALANCER]、[DEPLOY_RESOURCE_LISTENER] 时选填。
Domain string `json:"domain,omitempty"`
}
type AliyunCLBDeployer struct {
@ -110,8 +113,6 @@ func (d *AliyunCLBDeployer) deployToLoadbalancer(ctx context.Context, cloudCertI
return errors.New("config `loadbalancerId` is required")
}
listenerPorts := make([]int32, 0)
// 查询负载均衡实例的详细信息
// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-describeloadbalancerattribute
describeLoadBalancerAttributeReq := &aliyunSlb.DescribeLoadBalancerAttributeRequest{
@ -127,14 +128,14 @@ func (d *AliyunCLBDeployer) deployToLoadbalancer(ctx context.Context, cloudCertI
// 查询 HTTPS 监听列表
// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-describeloadbalancerlisteners
listListenersPage := 1
listListenersLimit := int32(100)
var listListenersToken *string = nil
listenerPorts := make([]int32, 0)
describeLoadBalancerListenersLimit := int32(100)
var describeLoadBalancerListenersToken *string = nil
for {
describeLoadBalancerListenersReq := &aliyunSlb.DescribeLoadBalancerListenersRequest{
RegionId: tea.String(d.config.Region),
MaxResults: tea.Int32(listListenersLimit),
NextToken: listListenersToken,
MaxResults: tea.Int32(describeLoadBalancerListenersLimit),
NextToken: describeLoadBalancerListenersToken,
LoadBalancerId: []*string{tea.String(d.config.LoadbalancerId)},
ListenerProtocol: tea.String("https"),
}
@ -152,22 +153,27 @@ func (d *AliyunCLBDeployer) deployToLoadbalancer(ctx context.Context, cloudCertI
if len(describeLoadBalancerListenersResp.Body.Listeners) == 0 || describeLoadBalancerListenersResp.Body.NextToken == nil {
break
} else {
listListenersToken = describeLoadBalancerListenersResp.Body.NextToken
listListenersPage += 1
describeLoadBalancerListenersToken = describeLoadBalancerListenersResp.Body.NextToken
}
}
d.logger.Logt("已查询到 CLB 负载均衡实例下的全部 HTTPS 监听", listenerPorts)
// 批量更新监听证书
var errs []error
for _, listenerPort := range listenerPorts {
if err := d.updateListenerCertificate(ctx, d.config.LoadbalancerId, listenerPort, cloudCertId); err != nil {
errs = append(errs, err)
// 遍历更新监听证书
if len(listenerPorts) == 0 {
return xerrors.New("listener not found")
} else {
var errs []error
for _, listenerPort := range listenerPorts {
if err := d.updateListenerCertificate(ctx, d.config.LoadbalancerId, listenerPort, cloudCertId); err != nil {
errs = append(errs, err)
}
}
if len(errs) > 0 {
return errors.Join(errs...)
}
}
if len(errs) > 0 {
return errors.Join(errs...)
}
return nil
@ -203,67 +209,76 @@ func (d *AliyunCLBDeployer) updateListenerCertificate(ctx context.Context, cloud
d.logger.Logt("已查询到 CLB HTTPS 监听配置", describeLoadBalancerHTTPSListenerAttributeResp)
// 查询扩展域名
// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-describedomainextensions
describeDomainExtensionsReq := &aliyunSlb.DescribeDomainExtensionsRequest{
RegionId: tea.String(d.config.Region),
LoadBalancerId: tea.String(cloudLoadbalancerId),
ListenerPort: tea.Int32(cloudListenerPort),
}
describeDomainExtensionsResp, err := d.sdkClient.DescribeDomainExtensions(describeDomainExtensionsReq)
if err != nil {
return xerrors.Wrap(err, "failed to execute sdk request 'slb.DescribeDomainExtensions'")
}
if d.config.Domain == "" {
// 未指定 SNI只需部署到监听器
d.logger.Logt("已查询到 CLB 扩展域名", describeDomainExtensionsResp)
// 修改监听配置
// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-setloadbalancerhttpslistenerattribute
//
// 注意修改监听配置要放在修改扩展域名之后
setLoadBalancerHTTPSListenerAttributeReq := &aliyunSlb.SetLoadBalancerHTTPSListenerAttributeRequest{
RegionId: tea.String(d.config.Region),
LoadBalancerId: tea.String(cloudLoadbalancerId),
ListenerPort: tea.Int32(cloudListenerPort),
ServerCertificateId: tea.String(cloudCertId),
}
setLoadBalancerHTTPSListenerAttributeResp, err := d.sdkClient.SetLoadBalancerHTTPSListenerAttribute(setLoadBalancerHTTPSListenerAttributeReq)
if err != nil {
return xerrors.Wrap(err, "failed to execute sdk request 'slb.SetLoadBalancerHTTPSListenerAttribute'")
}
// 遍历修改扩展域名
// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-setdomainextensionattribute
//
// 这里仅修改跟被替换证书一致的扩展域名
if describeDomainExtensionsResp.Body.DomainExtensions != nil && describeDomainExtensionsResp.Body.DomainExtensions.DomainExtension != nil {
for _, domainExtension := range describeDomainExtensionsResp.Body.DomainExtensions.DomainExtension {
if *domainExtension.ServerCertificateId != *describeLoadBalancerHTTPSListenerAttributeResp.Body.ServerCertificateId {
continue
d.logger.Logt("已更新 CLB HTTPS 监听配置", setLoadBalancerHTTPSListenerAttributeResp)
} else {
// 指定 SNI需部署到扩展域名支持泛域名
// 查询扩展域名
// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-describedomainextensions
describeDomainExtensionsReq := &aliyunSlb.DescribeDomainExtensionsRequest{
RegionId: tea.String(d.config.Region),
LoadBalancerId: tea.String(cloudLoadbalancerId),
ListenerPort: tea.Int32(cloudListenerPort),
}
describeDomainExtensionsResp, err := d.sdkClient.DescribeDomainExtensions(describeDomainExtensionsReq)
if err != nil {
return xerrors.Wrap(err, "failed to execute sdk request 'slb.DescribeDomainExtensions'")
}
d.logger.Logt("已查询到 CLB 扩展域名", describeDomainExtensionsResp)
// 遍历修改扩展域名
// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-setdomainextensionattribute
if describeDomainExtensionsResp.Body.DomainExtensions != nil && describeDomainExtensionsResp.Body.DomainExtensions.DomainExtension != nil {
var errs []error
for _, domainExtension := range describeDomainExtensionsResp.Body.DomainExtensions.DomainExtension {
if *domainExtension.Domain != d.config.Domain {
continue
}
setDomainExtensionAttributeReq := &aliyunSlb.SetDomainExtensionAttributeRequest{
RegionId: tea.String(d.config.Region),
DomainExtensionId: tea.String(*domainExtension.DomainExtensionId),
ServerCertificateId: tea.String(cloudCertId),
}
setDomainExtensionAttributeResp, err := d.sdkClient.SetDomainExtensionAttribute(setDomainExtensionAttributeReq)
if err != nil {
errs = append(errs, xerrors.Wrap(err, "failed to execute sdk request 'slb.SetDomainExtensionAttribute'"))
continue
}
d.logger.Logt("已修改 CLB 扩展域名", setDomainExtensionAttributeResp)
}
setDomainExtensionAttributeReq := &aliyunSlb.SetDomainExtensionAttributeRequest{
RegionId: tea.String(d.config.Region),
DomainExtensionId: tea.String(*domainExtension.DomainExtensionId),
ServerCertificateId: tea.String(cloudCertId),
}
_, err := d.sdkClient.SetDomainExtensionAttribute(setDomainExtensionAttributeReq)
if err != nil {
return xerrors.Wrap(err, "failed to execute sdk request 'slb.SetDomainExtensionAttribute'")
if len(errs) > 0 {
return errors.Join(errs...)
}
}
}
// 修改监听配置
// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-setloadbalancerhttpslistenerattribute
//
// 注意修改监听配置要放在修改扩展域名之后
setLoadBalancerHTTPSListenerAttributeReq := &aliyunSlb.SetLoadBalancerHTTPSListenerAttributeRequest{
RegionId: tea.String(d.config.Region),
LoadBalancerId: tea.String(cloudLoadbalancerId),
ListenerPort: tea.Int32(cloudListenerPort),
ServerCertificateId: tea.String(cloudCertId),
}
setLoadBalancerHTTPSListenerAttributeResp, err := d.sdkClient.SetLoadBalancerHTTPSListenerAttribute(setLoadBalancerHTTPSListenerAttributeReq)
if err != nil {
return xerrors.Wrap(err, "failed to execute sdk request 'slb.SetLoadBalancerHTTPSListenerAttribute'")
}
d.logger.Logt("已更新 CLB HTTPS 监听配置", setLoadBalancerHTTPSListenerAttributeResp)
return nil
}
func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliyunSlb.Client, error) {
if region == "" {
region = "cn-hangzhou" // CLB(SLB) 服务默认区域:华东一杭州
}
// 接入点一览 https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-endpoint
var endpoint string
switch region {

8
internal/pkg/core/deployer/providers/aliyun-clb/aliyun_clb_test.go
View File

@ -19,6 +19,7 @@ var (
fRegion string
fLoadbalancerId string
fListenerPort int
fDomain string
)
func init() {
@ -31,6 +32,7 @@ func init() {
flag.StringVar(&fRegion, argsPrefix+"REGION", "", "")
flag.StringVar(&fLoadbalancerId, argsPrefix+"LOADBALANCERID", "", "")
flag.IntVar(&fListenerPort, argsPrefix+"LISTENERPORT", 443, "")
flag.StringVar(&fDomain, argsPrefix+"DOMAIN", "", "")
}
/*
@ -43,7 +45,8 @@ Shell command to run this test:
--CERTIMATE_DEPLOYER_ALIYUNCLB_ACCESSKEYSECRET="your-access-key-secret" \
--CERTIMATE_DEPLOYER_ALIYUNCLB_REGION="cn-hangzhou" \
--CERTIMATE_DEPLOYER_ALIYUNCLB_LOADBALANCERID="your-clb-instance-id" \
--CERTIMATE_DEPLOYER_ALIYUNCLB_LISTENERPORT=443
--CERTIMATE_DEPLOYER_ALIYUNCLB_LISTENERPORT=443 \
--CERTIMATE_DEPLOYER_ALIYUNCLB_DOMAIN="your-alb-sni-domain"
*/
func TestDeploy(t *testing.T) {
flag.Parse()
@ -57,6 +60,7 @@ func TestDeploy(t *testing.T) {
fmt.Sprintf("ACCESSKEYSECRET: %v", fAccessKeySecret),
fmt.Sprintf("REGION: %v", fRegion),
fmt.Sprintf("LOADBALANCERID: %v", fLoadbalancerId),
fmt.Sprintf("DOMAIN: %v", fDomain),
}, "\n"))
deployer, err := provider.New(&provider.AliyunCLBDeployerConfig{
@ -65,6 +69,7 @@ func TestDeploy(t *testing.T) {
Region: fRegion,
ResourceType: provider.DEPLOY_RESOURCE_LOADBALANCER,
LoadbalancerId: fLoadbalancerId,
Domain: fDomain,
})
if err != nil {
t.Errorf("err: %+v", err)
@ -101,6 +106,7 @@ func TestDeploy(t *testing.T) {
ResourceType: provider.DEPLOY_RESOURCE_LISTENER,
LoadbalancerId: fLoadbalancerId,
ListenerPort: int32(fListenerPort),
Domain: fDomain,
})
if err != nil {
t.Errorf("err: %+v", err)

116
internal/pkg/core/deployer/providers/aliyun-live/aliyun_live.go Normal file
View File

@ -0,0 +1,116 @@
package aliyunlive
import (
"context"
"errors"
"fmt"
"strings"
"time"
aliyunOpen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
aliyunLive "github.com/alibabacloud-go/live-20161101/client"
"github.com/alibabacloud-go/tea/tea"
xerrors "github.com/pkg/errors"
"github.com/usual2970/certimate/internal/pkg/core/deployer"
"github.com/usual2970/certimate/internal/pkg/core/logger"
)
type AliyunLiveDeployerConfig struct {
// 阿里云 AccessKeyId。
AccessKeyId string `json:"accessKeyId"`
// 阿里云 AccessKeySecret。
AccessKeySecret string `json:"accessKeySecret"`
// 阿里云地域。
Region string `json:"region"`
// 直播流域名(支持泛域名)。
Domain string `json:"domain"`
}
type AliyunLiveDeployer struct {
config *AliyunLiveDeployerConfig
logger logger.Logger
sdkClient *aliyunLive.Client
}
var _ deployer.Deployer = (*AliyunLiveDeployer)(nil)
func New(config *AliyunLiveDeployerConfig) (*AliyunLiveDeployer, error) {
return NewWithLogger(config, logger.NewNilLogger())
}
func NewWithLogger(config *AliyunLiveDeployerConfig, logger logger.Logger) (*AliyunLiveDeployer, error) {
if config == nil {
return nil, errors.New("config is nil")
}
if logger == nil {
return nil, errors.New("logger is nil")
}
client, err := createSdkClient(config.AccessKeyId, config.AccessKeySecret, config.Region)
if err != nil {
return nil, xerrors.Wrap(err, "failed to create sdk client")
}
return &AliyunLiveDeployer{
logger: logger,
config: config,
sdkClient: client,
}, nil
}
func (d *AliyunLiveDeployer) Deploy(ctx context.Context, certPem string, privkeyPem string) (*deployer.DeployResult, error) {
// "*.example.com" → ".example.com",适配阿里云 Live 要求的泛域名格式
domain := strings.TrimPrefix(d.config.Domain, "*")
// 设置域名证书
// REF: https://help.aliyun.com/zh/live/developer-reference/api-live-2016-11-01-setlivedomaincertificate
setLiveDomainSSLCertificateReq := &aliyunLive.SetLiveDomainCertificateRequest{
DomainName: tea.String(domain),
CertName: tea.String(fmt.Sprintf("certimate-%d", time.Now().UnixMilli())),
CertType: tea.String("upload"),
SSLProtocol: tea.String("on"),
SSLPub: tea.String(certPem),
SSLPri: tea.String(privkeyPem),
}
setLiveDomainSSLCertificateResp, err := d.sdkClient.SetLiveDomainCertificate(setLiveDomainSSLCertificateReq)
if err != nil {
return nil, xerrors.Wrap(err, "failed to execute sdk request 'live.SetLiveDomainCertificate'")
}
d.logger.Logt("已设置域名证书", setLiveDomainSSLCertificateResp)
return &deployer.DeployResult{}, nil
}
func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliyunLive.Client, error) {
// 接入点一览 https://help.aliyun.com/zh/live/developer-reference/api-live-2016-11-01-endpoint
var endpoint string
switch region {
case
"cn-qingdao",
"cn-beijing",
"cn-shanghai",
"cn-shenzhen",
"ap-northeast-1",
"ap-southeast-5",
"me-central-1":
endpoint = "live.aliyuncs.com"
default:
endpoint = fmt.Sprintf("live.%s.aliyuncs.com", region)
}
config := &aliyunOpen.Config{
AccessKeyId: tea.String(accessKeyId),
AccessKeySecret: tea.String(accessKeySecret),
Endpoint: tea.String(endpoint),
}
client, err := aliyunLive.NewClient(config)
if err != nil {
return nil, err
}
return client, nil
}

75
internal/pkg/core/deployer/providers/aliyun-live/aliyun_live_test.go Normal file
View File

@ -0,0 +1,75 @@
package aliyunlive_test
import (
"context"
"flag"
"fmt"
"os"
"strings"
"testing"
provider "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aliyun-live"
)
var (
fInputCertPath string
fInputKeyPath string
fAccessKeyId string
fAccessKeySecret string
fDomain string
)
func init() {
argsPrefix := "CERTIMATE_DEPLOYER_ALIYUNLIVE_"
flag.StringVar(&fInputCertPath, argsPrefix+"INPUTCERTPATH", "", "")
flag.StringVar(&fInputKeyPath, argsPrefix+"INPUTKEYPATH", "", "")
flag.StringVar(&fAccessKeyId, argsPrefix+"ACCESSKEYID", "", "")
flag.StringVar(&fAccessKeySecret, argsPrefix+"ACCESSKEYSECRET", "", "")
flag.StringVar(&fDomain, argsPrefix+"DOMAIN", "", "")
}
/*
Shell command to run this test:
go test -v ./aliyun_live_test.go -args \
--CERTIMATE_DEPLOYER_ALIYUNLIVE_INPUTCERTPATH="/path/to/your-input-cert.pem" \
--CERTIMATE_DEPLOYER_ALIYUNLIVE_INPUTKEYPATH="/path/to/your-input-key.pem" \
--CERTIMATE_DEPLOYER_ALIYUNLIVE_ACCESSKEYID="your-access-key-id" \
--CERTIMATE_DEPLOYER_ALIYUNLIVE_ACCESSKEYSECRET="your-access-key-secret" \
--CERTIMATE_DEPLOYER_ALIYUNLIVE_DOMAIN="example.com"
*/
func TestDeploy(t *testing.T) {
flag.Parse()
t.Run("Deploy", func(t *testing.T) {
t.Log(strings.Join([]string{
"args:",
fmt.Sprintf("INPUTCERTPATH: %v", fInputCertPath),
fmt.Sprintf("INPUTKEYPATH: %v", fInputKeyPath),
fmt.Sprintf("ACCESSKEYID: %v", fAccessKeyId),
fmt.Sprintf("ACCESSKEYSECRET: %v", fAccessKeySecret),
fmt.Sprintf("DOMAIN: %v", fDomain),
}, "\n"))
deployer, err := provider.New(&provider.AliyunLiveDeployerConfig{
AccessKeyId: fAccessKeyId,
AccessKeySecret: fAccessKeySecret,
Domain: fDomain,
})
if err != nil {
t.Errorf("err: %+v", err)
return
}
fInputCertData, _ := os.ReadFile(fInputCertPath)
fInputKeyData, _ := os.ReadFile(fInputKeyPath)
res, err := deployer.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))
if err != nil {
t.Errorf("err: %+v", err)
return
}
t.Logf("ok: %v", res)
})
}

31
internal/pkg/core/deployer/providers/aliyun-nlb/aliyun_nlb.go
View File

@ -122,8 +122,6 @@ func (d *AliyunNLBDeployer) deployToLoadbalancer(ctx context.Context, cloudCertI
return errors.New("config `loadbalancerId` is required")
}
listenerIds := make([]string, 0)
// 查询负载均衡实例的详细信息
// REF: https://help.aliyun.com/zh/slb/network-load-balancer/developer-reference/api-nlb-2022-04-30-getloadbalancerattribute
getLoadBalancerAttributeReq := &aliyunNlb.GetLoadBalancerAttributeRequest{
@ -138,7 +136,7 @@ func (d *AliyunNLBDeployer) deployToLoadbalancer(ctx context.Context, cloudCertI
// 查询 TCPSSL 监听列表
// REF: https://help.aliyun.com/zh/slb/network-load-balancer/developer-reference/api-nlb-2022-04-30-listlisteners
listListenersPage := 1
listenerIds := make([]string, 0)
listListenersLimit := int32(100)
var listListenersToken *string = nil
for {
@ -163,21 +161,26 @@ func (d *AliyunNLBDeployer) deployToLoadbalancer(ctx context.Context, cloudCertI
break
} else {
listListenersToken = listListenersResp.Body.NextToken
listListenersPage += 1
}
}
d.logger.Logt("已查询到 NLB 负载均衡实例下的全部 TCPSSL 监听", listenerIds)
// 批量更新监听证书
var errs []error
for _, listenerId := range listenerIds {
if err := d.updateListenerCertificate(ctx, listenerId, cloudCertId); err != nil {
errs = append(errs, err)
// 遍历更新监听证书
if len(listenerIds) == 0 {
return xerrors.New("listener not found")
} else {
var errs []error
for _, listenerId := range listenerIds {
if err := d.updateListenerCertificate(ctx, listenerId, cloudCertId); err != nil {
errs = append(errs, err)
}
}
if len(errs) > 0 {
return errors.Join(errs...)
}
}
if len(errs) > 0 {
return errors.Join(errs...)
}
return nil
@ -226,10 +229,6 @@ func (d *AliyunNLBDeployer) updateListenerCertificate(ctx context.Context, cloud
}
func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliyunNlb.Client, error) {
if region == "" {
region = "cn-hangzhou" // NLB 服务默认区域:华东一杭州
}
// 接入点一览 https://help.aliyun.com/zh/slb/network-load-balancer/developer-reference/api-nlb-2022-04-30-endpoint
var endpoint string
switch region {

22
internal/pkg/core/deployer/providers/huaweicloud-cdn/huaweicloud_cdn.go
View File

@ -14,8 +14,8 @@ import (
"github.com/usual2970/certimate/internal/pkg/core/logger"
"github.com/usual2970/certimate/internal/pkg/core/uploader"
providerScm "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/huaweicloud-scm"
"github.com/usual2970/certimate/internal/pkg/utils/cast"
hcCdnSdk "github.com/usual2970/certimate/internal/pkg/vendors/huaweicloud-sdk/cdn"
hwsdk "github.com/usual2970/certimate/internal/pkg/vendors/huaweicloud-sdk"
hwsdkCdn "github.com/usual2970/certimate/internal/pkg/vendors/huaweicloud-sdk/cdn"
)
type HuaweiCloudCDNDeployerConfig struct {
@ -32,7 +32,7 @@ type HuaweiCloudCDNDeployerConfig struct {
type HuaweiCloudCDNDeployer struct {
config *HuaweiCloudCDNDeployerConfig
logger logger.Logger
sdkClient *hcCdnSdk.Client
sdkClient *hwsdkCdn.Client
sslUploader uploader.Uploader
}
@ -100,15 +100,15 @@ func (d *HuaweiCloudCDNDeployer) Deploy(ctx context.Context, certPem string, pri
// 更新加速域名配置
// REF: https://support.huaweicloud.com/api-cdn/UpdateDomainMultiCertificates.html
// REF: https://support.huaweicloud.com/usermanual-cdn/cdn_01_0306.html
updateDomainMultiCertificatesReqBodyContent := &hcCdnSdk.UpdateDomainMultiCertificatesExRequestBodyContent{}
updateDomainMultiCertificatesReqBodyContent := &hwsdkCdn.UpdateDomainMultiCertificatesExRequestBodyContent{}
updateDomainMultiCertificatesReqBodyContent.DomainName = d.config.Domain
updateDomainMultiCertificatesReqBodyContent.HttpsSwitch = 1
updateDomainMultiCertificatesReqBodyContent.CertificateType = cast.Int32Ptr(2)
updateDomainMultiCertificatesReqBodyContent.SCMCertificateId = cast.StringPtr(upres.CertId)
updateDomainMultiCertificatesReqBodyContent.CertName = cast.StringPtr(upres.CertName)
updateDomainMultiCertificatesReqBodyContent.CertificateType = hwsdk.Int32Ptr(2)
updateDomainMultiCertificatesReqBodyContent.SCMCertificateId = hwsdk.StringPtr(upres.CertId)
updateDomainMultiCertificatesReqBodyContent.CertName = hwsdk.StringPtr(upres.CertName)
updateDomainMultiCertificatesReqBodyContent = updateDomainMultiCertificatesReqBodyContent.MergeConfig(showDomainFullConfigResp.Configs)
updateDomainMultiCertificatesReq := &hcCdnSdk.UpdateDomainMultiCertificatesExRequest{
Body: &hcCdnSdk.UpdateDomainMultiCertificatesExRequestBody{
updateDomainMultiCertificatesReq := &hwsdkCdn.UpdateDomainMultiCertificatesExRequest{
Body: &hwsdkCdn.UpdateDomainMultiCertificatesExRequestBody{
Https: updateDomainMultiCertificatesReqBodyContent,
},
}
@ -122,7 +122,7 @@ func (d *HuaweiCloudCDNDeployer) Deploy(ctx context.Context, certPem string, pri
return &deployer.DeployResult{}, nil
}
func createSdkClient(accessKeyId, secretAccessKey, region string) (*hcCdnSdk.Client, error) {
func createSdkClient(accessKeyId, secretAccessKey, region string) (*hwsdkCdn.Client, error) {
if region == "" {
region = "cn-north-1" // CDN 服务默认区域:华北一北京
}
@ -148,6 +148,6 @@ func createSdkClient(accessKeyId, secretAccessKey, region string) (*hcCdnSdk.Cli
return nil, err
}
client := hcCdnSdk.NewClient(hcClient)
client := hwsdkCdn.NewClient(hcClient)
return client, nil
}

41
internal/pkg/core/deployer/providers/huaweicloud-elb/huaweicloud_elb.go
View File

@ -20,7 +20,7 @@ import (
"github.com/usual2970/certimate/internal/pkg/core/logger"
"github.com/usual2970/certimate/internal/pkg/core/uploader"
providerElb "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/huaweicloud-elb"
"github.com/usual2970/certimate/internal/pkg/utils/cast"
hwsdk "github.com/usual2970/certimate/internal/pkg/vendors/huaweicloud-sdk"
)
type HuaweiCloudELBDeployerConfig struct {
@ -131,8 +131,8 @@ func (d *HuaweiCloudELBDeployer) deployToCertificate(ctx context.Context, certPe
CertificateId: d.config.CertificateId,
Body: &hcElbModel.UpdateCertificateRequestBody{
Certificate: &hcElbModel.UpdateCertificateOption{
Certificate: cast.StringPtr(certPem),
PrivateKey: cast.StringPtr(privkeyPem),
Certificate: hwsdk.StringPtr(certPem),
PrivateKey: hwsdk.StringPtr(privkeyPem),
},
},
}
@ -151,8 +151,6 @@ func (d *HuaweiCloudELBDeployer) deployToLoadbalancer(ctx context.Context, certP
return errors.New("config `loadbalancerId` is required")
}
listenerIds := make([]string, 0)
// 查询负载均衡器详情
// REF: https://support.huaweicloud.com/api-elb/ShowLoadBalancer.html
showLoadBalancerReq := &hcElbModel.ShowLoadBalancerRequest{
@ -167,11 +165,12 @@ func (d *HuaweiCloudELBDeployer) deployToLoadbalancer(ctx context.Context, certP
// 查询监听器列表
// REF: https://support.huaweicloud.com/api-elb/ListListeners.html
listenerIds := make([]string, 0)
listListenersLimit := int32(2000)
var listListenersMarker *string = nil
for {
listListenersReq := &hcElbModel.ListListenersRequest{
Limit: cast.Int32Ptr(listListenersLimit),
Limit: hwsdk.Int32Ptr(listListenersLimit),
Marker: listListenersMarker,
Protocol: &[]string{"HTTPS", "TERMINATED_HTTPS"},
LoadbalancerId: &[]string{showLoadBalancerResp.Loadbalancer.Id},
@ -204,15 +203,21 @@ func (d *HuaweiCloudELBDeployer) deployToLoadbalancer(ctx context.Context, certP
d.logger.Logt("certificate file uploaded", upres)
// 批量更新监听器证书
var errs []error
for _, listenerId := range listenerIds {
if err := d.modifyListenerCertificate(ctx, listenerId, upres.CertId); err != nil {
errs = append(errs, err)
// 遍历更新监听器证书
if len(listenerIds) == 0 {
return xerrors.New("listener not found")
} else {
var errs []error
for _, listenerId := range listenerIds {
if err := d.modifyListenerCertificate(ctx, listenerId, upres.CertId); err != nil {
errs = append(errs, err)
}
}
if len(errs) > 0 {
return errors.Join(errs...)
}
}
if len(errs) > 0 {
return errors.Join(errs...)
}
return nil
@ -258,7 +263,7 @@ func (d *HuaweiCloudELBDeployer) modifyListenerCertificate(ctx context.Context,
ListenerId: cloudListenerId,
Body: &hcElbModel.UpdateListenerRequestBody{
Listener: &hcElbModel.UpdateListenerOption{
DefaultTlsContainerRef: cast.StringPtr(cloudCertId),
DefaultTlsContainerRef: hwsdk.StringPtr(cloudCertId),
},
},
}
@ -305,7 +310,7 @@ func (d *HuaweiCloudELBDeployer) modifyListenerCertificate(ctx context.Context,
}
if showListenerResp.Listener.SniMatchAlgo != "" {
updateListenerReq.Body.Listener.SniMatchAlgo = cast.StringPtr(showListenerResp.Listener.SniMatchAlgo)
updateListenerReq.Body.Listener.SniMatchAlgo = hwsdk.StringPtr(showListenerResp.Listener.SniMatchAlgo)
}
}
updateListenerResp, err := d.sdkClient.UpdateListener(updateListenerReq)
@ -319,10 +324,6 @@ func (d *HuaweiCloudELBDeployer) modifyListenerCertificate(ctx context.Context,
}
func createSdkClient(accessKeyId, secretAccessKey, region string) (*hcElb.ElbClient, error) {
if region == "" {
region = "cn-north-4" // ELB 服务默认区域:华北四北京
}
projectId, err := getSdkProjectId(accessKeyId, secretAccessKey, region)
if err != nil {
return nil, err

8
internal/pkg/core/deployer/providers/tencentcloud-cdn/tencentcloud_cdn.go
View File

@ -30,13 +30,13 @@ type TencentCloudCDNDeployerConfig struct {
type TencentCloudCDNDeployer struct {
config *TencentCloudCDNDeployerConfig
logger logger.Logger
sdkClients *tencentCloudCDNDeployerSdkClients
sdkClients *wSdkClients
sslUploader uploader.Uploader
}
var _ deployer.Deployer = (*TencentCloudCDNDeployer)(nil)
type tencentCloudCDNDeployerSdkClients struct {
type wSdkClients struct {
ssl *tcSsl.Client
cdn *tcCdn.Client
}
@ -179,7 +179,7 @@ func (d *TencentCloudCDNDeployer) getDeployedDomainsByCertificateId(cloudCertId
return domains, nil
}
func createSdkClients(secretId, secretKey string) (*tencentCloudCDNDeployerSdkClients, error) {
func createSdkClients(secretId, secretKey string) (*wSdkClients, error) {
credential := common.NewCredential(secretId, secretKey)
sslClient, err := tcSsl.NewClient(credential, "", profile.NewClientProfile())
@ -192,7 +192,7 @@ func createSdkClients(secretId, secretKey string) (*tencentCloudCDNDeployerSdkCl
return nil, err
}
return &tencentCloudCDNDeployerSdkClients{
return &wSdkClients{
ssl: sslClient,
cdn: cdnClient,
}, nil

13
internal/pkg/core/deployer/providers/tencentcloud-clb/tencentcloud_clb.go
View File

@ -138,10 +138,10 @@ func (d *TencentCloudCLBDeployer) deployToInstanceUseSsl(ctx context.Context, cl
deployCertificateInstanceReq.ResourceType = common.StringPtr("clb")
deployCertificateInstanceReq.Status = common.Int64Ptr(1)
if d.config.Domain == "" {
// 未开启 SNI只需指定到监听器
// 未指定 SNI只需部署到监听器
deployCertificateInstanceReq.InstanceIdList = common.StringPtrs([]string{fmt.Sprintf("%s|%s", d.config.LoadbalancerId, d.config.ListenerId)})
} else {
// 开启 SNI需指定到域名(支持泛域名)
// 指定 SNI需部署到域名(支持泛域名)
deployCertificateInstanceReq.InstanceIdList = common.StringPtrs([]string{fmt.Sprintf("%s|%s|%s", d.config.LoadbalancerId, d.config.ListenerId, d.config.Domain)})
}
deployCertificateInstanceResp, err := d.sdkClients.ssl.DeployCertificateInstance(deployCertificateInstanceReq)
@ -159,10 +159,9 @@ func (d *TencentCloudCLBDeployer) deployToLoadbalancer(ctx context.Context, clou
return errors.New("config `loadbalancerId` is required")
}
listenerIds := make([]string, 0)
// 查询监听器列表
// REF: https://cloud.tencent.com/document/api/214/30686
listenerIds := make([]string, 0)
describeListenersReq := tcClb.NewDescribeListenersRequest()
describeListenersReq.LoadBalancerId = common.StringPtr(d.config.LoadbalancerId)
describeListenersResp, err := d.sdkClients.clb.DescribeListeners(describeListenersReq)
@ -182,8 +181,10 @@ func (d *TencentCloudCLBDeployer) deployToLoadbalancer(ctx context.Context, clou
d.logger.Logt("已查询到负载均衡器下的监听器", listenerIds)
// 批量更新监听器证书
if len(listenerIds) > 0 {
// 遍历更新监听器证书
if len(listenerIds) == 0 {
return xerrors.New("listener not found")
} else {
var errs []error
for _, listenerId := range listenerIds {

109
internal/pkg/core/deployer/providers/tencentcloud-css/tencentcloud_css.go Normal file
View File

@ -0,0 +1,109 @@
package tencentcloudcss
import (
"context"
"errors"
xerrors "github.com/pkg/errors"
"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common"
"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile"
tcLive "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/live/v20180801"
"github.com/usual2970/certimate/internal/pkg/core/deployer"
"github.com/usual2970/certimate/internal/pkg/core/logger"
"github.com/usual2970/certimate/internal/pkg/core/uploader"
providerSsl "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/tencentcloud-ssl"
)
type TencentCloudCSSDeployerConfig struct {
// 腾讯云 SecretId。
SecretId string `json:"secretId"`
// 腾讯云 SecretKey。
SecretKey string `json:"secretKey"`
// 直播播放域名(不支持泛域名)。
Domain string `json:"domain"`
}
type TencentCloudCSSDeployer struct {
config *TencentCloudCSSDeployerConfig
logger logger.Logger
sdkClient *tcLive.Client
sslUploader uploader.Uploader
}
var _ deployer.Deployer = (*TencentCloudCSSDeployer)(nil)
func New(config *TencentCloudCSSDeployerConfig) (*TencentCloudCSSDeployer, error) {
return NewWithLogger(config, logger.NewNilLogger())
}
func NewWithLogger(config *TencentCloudCSSDeployerConfig, logger logger.Logger) (*TencentCloudCSSDeployer, error) {
if config == nil {
return nil, errors.New("config is nil")
}
if logger == nil {
return nil, errors.New("logger is nil")
}
client, err := createSdkClient(config.SecretId, config.SecretKey)
if err != nil {
return nil, xerrors.Wrap(err, "failed to create sdk client")
}
uploader, err := providerSsl.New(&providerSsl.TencentCloudSSLUploaderConfig{
SecretId: config.SecretId,
SecretKey: config.SecretKey,
})
if err != nil {
return nil, xerrors.Wrap(err, "failed to create ssl uploader")
}
return &TencentCloudCSSDeployer{
logger: logger,
config: config,
sdkClient: client,
sslUploader: uploader,
}, nil
}
func (d *TencentCloudCSSDeployer) Deploy(ctx context.Context, certPem string, privkeyPem string) (*deployer.DeployResult, error) {
// 上传证书到 SSL
upres, err := d.sslUploader.Upload(ctx, certPem, privkeyPem)
if err != nil {
return nil, xerrors.Wrap(err, "failed to upload certificate file")
}
d.logger.Logt("certificate file uploaded", upres)
// 绑定证书对应的播放域名
// REF: https://cloud.tencent.com/document/product/267/78655
modifyLiveDomainCertBindingsReq := &tcLive.ModifyLiveDomainCertBindingsRequest{
DomainInfos: []*tcLive.LiveCertDomainInfo{
{
DomainName: common.StringPtr(d.config.Domain),
Status: common.Int64Ptr(1),
},
},
CloudCertId: common.StringPtr(upres.CertId),
}
modifyLiveDomainCertBindingsResp, err := d.sdkClient.ModifyLiveDomainCertBindings(modifyLiveDomainCertBindingsReq)
if err != nil {
return nil, xerrors.Wrap(err, "failed to execute sdk request 'live.ModifyLiveDomainCertBindings'")
}
d.logger.Logt("已部署证书到云资源实例", modifyLiveDomainCertBindingsResp.Response)
return &deployer.DeployResult{}, nil
}
func createSdkClient(secretId, secretKey string) (*tcLive.Client, error) {
credential := common.NewCredential(secretId, secretKey)
client, err := tcLive.NewClient(credential, "", profile.NewClientProfile())
if err != nil {
return nil, err
}
return client, nil
}

75
internal/pkg/core/deployer/providers/tencentcloud-css/tencentcloud_css_test.go Normal file
View File

@ -0,0 +1,75 @@
package tencentcloudcss_test
import (
"context"
"flag"
"fmt"
"os"
"strings"
"testing"
provider "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/tencentcloud-css"
)
var (
fInputCertPath string
fInputKeyPath string
fSecretId string
fSecretKey string
fDomain string
)
func init() {
argsPrefix := "CERTIMATE_DEPLOYER_TENCENTCLOUDCSS_"
flag.StringVar(&fInputCertPath, argsPrefix+"INPUTCERTPATH", "", "")
flag.StringVar(&fInputKeyPath, argsPrefix+"INPUTKEYPATH", "", "")
flag.StringVar(&fSecretId, argsPrefix+"SECRETID", "", "")
flag.StringVar(&fSecretKey, argsPrefix+"SECRETKEY", "", "")
flag.StringVar(&fDomain, argsPrefix+"DOMAIN", "", "")
}
/*
Shell command to run this test:
go test -v ./tencentcloud_css_test.go -args \
--CERTIMATE_DEPLOYER_TENCENTCLOUDCSS_INPUTCERTPATH="/path/to/your-input-cert.pem" \
--CERTIMATE_DEPLOYER_TENCENTCLOUDCSS_INPUTKEYPATH="/path/to/your-input-key.pem" \
--CERTIMATE_DEPLOYER_TENCENTCLOUDCSS_SECRETID="your-secret-id" \
--CERTIMATE_DEPLOYER_TENCENTCLOUDCSS_SECRETKEY="your-secret-key" \
--CERTIMATE_DEPLOYER_TENCENTCLOUDCSS_DOMAIN="example.com"
*/
func TestDeploy(t *testing.T) {
flag.Parse()
t.Run("Deploy", func(t *testing.T) {
t.Log(strings.Join([]string{
"args:",
fmt.Sprintf("INPUTCERTPATH: %v", fInputCertPath),
fmt.Sprintf("INPUTKEYPATH: %v", fInputKeyPath),
fmt.Sprintf("SECRETID: %v", fSecretId),
fmt.Sprintf("SECRETKEY: %v", fSecretKey),
fmt.Sprintf("DOMAIN: %v", fDomain),
}, "\n"))
deployer, err := provider.New(&provider.TencentCloudCSSDeployerConfig{
SecretId: fSecretId,
SecretKey: fSecretKey,
Domain: fDomain,
})
if err != nil {
t.Errorf("err: %+v", err)
return
}
fInputCertData, _ := os.ReadFile(fInputCertPath)
fInputKeyData, _ := os.ReadFile(fInputKeyPath)
res, err := deployer.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))
if err != nil {
t.Errorf("err: %+v", err)
return
}
t.Logf("ok: %v", res)
})
}

4
internal/pkg/core/deployer/providers/volcengine-cdn/volcengine_cdn.go
View File

@ -12,7 +12,7 @@ import (
"github.com/usual2970/certimate/internal/pkg/core/deployer"
"github.com/usual2970/certimate/internal/pkg/core/logger"
"github.com/usual2970/certimate/internal/pkg/core/uploader"
providerCdn "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/volcengine-cdn"
uploaderCdn "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/volcengine-cdn"
)
type VolcEngineCDNDeployerConfig struct {
@ -50,7 +50,7 @@ func NewWithLogger(config *VolcEngineCDNDeployerConfig, logger logger.Logger) (*
client.Client.SetAccessKey(config.AccessKeyId)
client.Client.SetSecretKey(config.AccessKeySecret)
uploader, err := providerCdn.New(&providerCdn.VolcEngineCDNUploaderConfig{
uploader, err := uploaderCdn.New(&uploaderCdn.VolcEngineCDNUploaderConfig{
AccessKeyId: config.AccessKeyId,
AccessKeySecret: config.AccessKeySecret,
})

4
internal/pkg/core/deployer/providers/volcengine-clb/volcengine_clb.go
View File

@ -13,7 +13,7 @@ import (
"github.com/usual2970/certimate/internal/pkg/core/deployer"
"github.com/usual2970/certimate/internal/pkg/core/logger"
"github.com/usual2970/certimate/internal/pkg/core/uploader"
providerCertCenter "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/volcengine-certcenter"
uploaderCertCenter "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/volcengine-certcenter"
)
type VolcEngineCLBDeployerConfig struct {
@ -57,7 +57,7 @@ func NewWithLogger(config *VolcEngineCLBDeployerConfig, logger logger.Logger) (*
return nil, xerrors.Wrap(err, "failed to create sdk client")
}
uploader, err := providerCertCenter.New(&providerCertCenter.VolcEngineCertCenterUploaderConfig{
uploader, err := uploaderCertCenter.New(&uploaderCertCenter.VolcEngineCertCenterUploaderConfig{
AccessKeyId: config.AccessKeyId,
AccessKeySecret: config.AccessKeySecret,
Region: config.Region,

6
internal/pkg/core/deployer/providers/volcengine-dcdn/volcengine_dcdn.go
View File

@ -13,7 +13,7 @@ import (
"github.com/usual2970/certimate/internal/pkg/core/deployer"
"github.com/usual2970/certimate/internal/pkg/core/logger"
"github.com/usual2970/certimate/internal/pkg/core/uploader"
providerCertCenter "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/volcengine-certcenter"
uploaderCertCenter "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/volcengine-certcenter"
)
type VolcEngineDCDNDeployerConfig struct {
@ -54,7 +54,7 @@ func NewWithLogger(config *VolcEngineDCDNDeployerConfig, logger logger.Logger) (
return nil, xerrors.Wrap(err, "failed to create sdk client")
}
uploader, err := providerCertCenter.New(&providerCertCenter.VolcEngineCertCenterUploaderConfig{
uploader, err := uploaderCertCenter.New(&uploaderCertCenter.VolcEngineCertCenterUploaderConfig{
AccessKeyId: config.AccessKeyId,
AccessKeySecret: config.AccessKeySecret,
Region: config.Region,
@ -102,7 +102,7 @@ func (d *VolcEngineDCDNDeployer) Deploy(ctx context.Context, certPem string, pri
func createSdkClient(accessKeyId, accessKeySecret, region string) (*veDcdn.DCDN, error) {
if region == "" {
region = "cn-beijing" // 证书中心默认区域:北京
region = "cn-beijing" // DCDN 服务默认区域:北京
}
config := ve.NewConfig().WithRegion(region).WithAkSk(accessKeyId, accessKeySecret)

10
internal/pkg/core/deployer/providers/volcengine-live/volcengine_live.go
View File

@ -8,12 +8,12 @@ import (
xerrors "github.com/pkg/errors"
veLive "github.com/volcengine/volc-sdk-golang/service/live/v20230101"
ve "github.com/volcengine/volcengine-go-sdk/volcengine"
"github.com/usual2970/certimate/internal/pkg/core/deployer"
"github.com/usual2970/certimate/internal/pkg/core/logger"
"github.com/usual2970/certimate/internal/pkg/core/uploader"
providerLive "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/volcengine-live"
"github.com/usual2970/certimate/internal/pkg/utils/cast"
uploaderLive "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/volcengine-live"
)
type VolcEngineLiveDeployerConfig struct {
@ -21,7 +21,7 @@ type VolcEngineLiveDeployerConfig struct {
AccessKeyId string `json:"accessKeyId"`
// 火山引擎 AccessKeySecret。
AccessKeySecret string `json:"accessKeySecret"`
// 加速域名(支持泛域名)。
// 直播流域名(支持泛域名)。
Domain string `json:"domain"`
}
@ -51,7 +51,7 @@ func NewWithLogger(config *VolcEngineLiveDeployerConfig, logger logger.Logger) (
client.SetAccessKey(config.AccessKeyId)
client.SetSecretKey(config.AccessKeySecret)
uploader, err := providerLive.New(&providerLive.VolcEngineLiveUploaderConfig{
uploader, err := uploaderLive.New(&uploaderLive.VolcEngineLiveUploaderConfig{
AccessKeyId: config.AccessKeyId,
AccessKeySecret: config.AccessKeySecret,
})
@ -128,7 +128,7 @@ func (d *VolcEngineLiveDeployer) Deploy(ctx context.Context, certPem string, pri
bindCertReq := &veLive.BindCertBody{
ChainID: upres.CertId,
Domain: domain,
HTTPS: cast.BoolPtr(true),
HTTPS: ve.Bool(true),
}
bindCertResp, err := d.sdkClient.BindCert(ctx, bindCertReq)
if err != nil {

4
internal/pkg/core/deployer/providers/volcengine-tos/volcengine_tos.go
View File

@ -11,7 +11,7 @@ import (
"github.com/usual2970/certimate/internal/pkg/core/deployer"
"github.com/usual2970/certimate/internal/pkg/core/logger"
"github.com/usual2970/certimate/internal/pkg/core/uploader"
providerCertCenter "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/volcengine-certcenter"
uploaderCertCenter "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/volcengine-certcenter"
)
type VolcEngineTOSDeployerConfig struct {
@ -54,7 +54,7 @@ func NewWithLogger(config *VolcEngineTOSDeployerConfig, logger logger.Logger) (*
return nil, xerrors.Wrap(err, "failed to create sdk client")
}
uploader, err := providerCertCenter.New(&providerCertCenter.VolcEngineCertCenterUploaderConfig{
uploader, err := uploaderCertCenter.New(&uploaderCertCenter.VolcEngineCertCenterUploaderConfig{
AccessKeyId: config.AccessKeyId,
AccessKeySecret: config.AccessKeySecret,
Region: config.Region,

3
internal/pkg/core/uploader/providers/aliyun-cas/aliyun_cas.go
View File

@ -113,9 +113,6 @@ func (u *AliyunCASUploader) Upload(ctx context.Context, certPem string, privkeyP
break
} else {
listUserCertificateOrderPage += 1
if listUserCertificateOrderPage > 99 { // 避免死循环
break
}
}
}

4
internal/pkg/core/uploader/providers/aliyun-slb/aliyun_slb.go
View File

@ -120,10 +120,6 @@ func (u *AliyunSLBUploader) Upload(ctx context.Context, certPem string, privkeyP
}
func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliyunSlb.Client, error) {
if region == "" {
region = "cn-hangzhou" // SLB 服务默认区域:华东一杭州
}
// 接入点一览 https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-endpoint
var endpoint string
switch region {

11
internal/pkg/core/uploader/providers/byteplus-cdn/byteplus_cdn.go
View File

@ -14,7 +14,6 @@ import (
xerrors "github.com/pkg/errors"
"github.com/usual2970/certimate/internal/pkg/core/uploader"
"github.com/usual2970/certimate/internal/pkg/utils/cast"
"github.com/usual2970/certimate/internal/pkg/utils/x509"
)
@ -60,9 +59,9 @@ func (u *ByteplusCDNUploader) Upload(ctx context.Context, certPem string, privke
listCertInfoPageSize := int64(100)
listCertInfoTotal := 0
listCertInfoReq := &bpCdn.ListCertInfoRequest{
PageNum: cast.Int64Ptr(listCertInfoPageNum),
PageSize: cast.Int64Ptr(listCertInfoPageSize),
Source: cast.StringPtr("cert_center"),
PageNum: bpCdn.GetInt64Ptr(listCertInfoPageNum),
PageSize: bpCdn.GetInt64Ptr(listCertInfoPageSize),
Source: bpCdn.GetStrPtr("cert_center"),
}
for {
listCertInfoResp, err := u.sdkClient.ListCertInfo(listCertInfoReq)
@ -104,8 +103,8 @@ func (u *ByteplusCDNUploader) Upload(ctx context.Context, certPem string, privke
addCertificateReq := &bpCdn.AddCertificateRequest{
Certificate: certPem,
PrivateKey: privkeyPem,
Source: cast.StringPtr("cert_center"),
Desc: cast.StringPtr(certName),
Source: bpCdn.GetStrPtr("cert_center"),
Desc: bpCdn.GetStrPtr(certName),
}
addCertificateResp, err := u.sdkClient.AddCertificate(addCertificateReq)
if err != nil {

17
internal/pkg/core/uploader/providers/huaweicloud-elb/huaweicloud_elb.go
View File

@ -17,8 +17,8 @@ import (
xerrors "github.com/pkg/errors"
"github.com/usual2970/certimate/internal/pkg/core/uploader"
"github.com/usual2970/certimate/internal/pkg/utils/cast"
"github.com/usual2970/certimate/internal/pkg/utils/x509"
hwsdk "github.com/usual2970/certimate/internal/pkg/vendors/huaweicloud-sdk"
)
type HuaweiCloudELBUploaderConfig struct {
@ -66,12 +66,11 @@ func (u *HuaweiCloudELBUploader) Upload(ctx context.Context, certPem string, pri
// 遍历查询已有证书,避免重复上传
// REF: https://support.huaweicloud.com/api-elb/ListCertificates.html
listCertificatesPage := 1
listCertificatesLimit := int32(2000)
var listCertificatesMarker *string = nil
for {
listCertificatesReq := &hcElbModel.ListCertificatesRequest{
Limit: cast.Int32Ptr(listCertificatesLimit),
Limit: hwsdk.Int32Ptr(listCertificatesLimit),
Marker: listCertificatesMarker,
Type: &[]string{"server"},
}
@ -108,10 +107,6 @@ func (u *HuaweiCloudELBUploader) Upload(ctx context.Context, certPem string, pri
break
} else {
listCertificatesMarker = listCertificatesResp.PageInfo.NextMarker
listCertificatesPage++
if listCertificatesPage >= 9 { // 避免死循环
break
}
}
}
@ -131,10 +126,10 @@ func (u *HuaweiCloudELBUploader) Upload(ctx context.Context, certPem string, pri
createCertificateReq := &hcElbModel.CreateCertificateRequest{
Body: &hcElbModel.CreateCertificateRequestBody{
Certificate: &hcElbModel.CreateCertificateOption{
ProjectId: cast.StringPtr(projectId),
Name: cast.StringPtr(certName),
Certificate: cast.StringPtr(certPem),
PrivateKey: cast.StringPtr(privkeyPem),
ProjectId: hwsdk.StringPtr(projectId),
Name: hwsdk.StringPtr(certName),
Certificate: hwsdk.StringPtr(certPem),
PrivateKey: hwsdk.StringPtr(privkeyPem),
},
},
}

15
internal/pkg/core/uploader/providers/huaweicloud-scm/huaweicloud_scm.go
View File

@ -13,8 +13,8 @@ import (
xerrors "github.com/pkg/errors"
"github.com/usual2970/certimate/internal/pkg/core/uploader"
"github.com/usual2970/certimate/internal/pkg/utils/cast"
"github.com/usual2970/certimate/internal/pkg/utils/x509"
hwsdk "github.com/usual2970/certimate/internal/pkg/vendors/huaweicloud-sdk"
)
type HuaweiCloudSCMUploaderConfig struct {
@ -63,15 +63,14 @@ func (u *HuaweiCloudSCMUploader) Upload(ctx context.Context, certPem string, pri
// 遍历查询已有证书,避免重复上传
// REF: https://support.huaweicloud.com/api-ccm/ListCertificates.html
// REF: https://support.huaweicloud.com/api-ccm/ExportCertificate_0.html
listCertificatesPage := 1
listCertificatesLimit := int32(50)
listCertificatesOffset := int32(0)
for {
listCertificatesReq := &hcScmModel.ListCertificatesRequest{
Limit: cast.Int32Ptr(listCertificatesLimit),
Offset: cast.Int32Ptr(listCertificatesOffset),
SortDir: cast.StringPtr("DESC"),
SortKey: cast.StringPtr("certExpiredTime"),
Limit: hwsdk.Int32Ptr(listCertificatesLimit),
Offset: hwsdk.Int32Ptr(listCertificatesOffset),
SortDir: hwsdk.StringPtr("DESC"),
SortKey: hwsdk.StringPtr("certExpiredTime"),
}
listCertificatesResp, err := u.sdkClient.ListCertificates(listCertificatesReq)
if err != nil {
@ -117,10 +116,6 @@ func (u *HuaweiCloudSCMUploader) Upload(ctx context.Context, certPem string, pri
break
} else {
listCertificatesOffset += listCertificatesLimit
listCertificatesPage += 1
if listCertificatesPage > 99 { // 避免死循环
break
}
}
}

10
internal/pkg/core/uploader/providers/volcengine-cdn/volcengine_cdn.go
View File

@ -12,9 +12,9 @@ import (
xerrors "github.com/pkg/errors"
veCdn "github.com/volcengine/volc-sdk-golang/service/cdn"
ve "github.com/volcengine/volcengine-go-sdk/volcengine"
"github.com/usual2970/certimate/internal/pkg/core/uploader"
"github.com/usual2970/certimate/internal/pkg/utils/cast"
"github.com/usual2970/certimate/internal/pkg/utils/x509"
)
@ -60,8 +60,8 @@ func (u *VolcEngineCDNUploader) Upload(ctx context.Context, certPem string, priv
listCertInfoPageSize := int64(100)
listCertInfoTotal := 0
listCertInfoReq := &veCdn.ListCertInfoRequest{
PageNum: cast.Int64Ptr(listCertInfoPageNum),
PageSize: cast.Int64Ptr(listCertInfoPageSize),
PageNum: ve.Int64(listCertInfoPageNum),
PageSize: ve.Int64(listCertInfoPageSize),
Source: "volc_cert_center",
}
for {
@ -104,8 +104,8 @@ func (u *VolcEngineCDNUploader) Upload(ctx context.Context, certPem string, priv
addCertificateReq := &veCdn.AddCertificateRequest{
Certificate: certPem,
PrivateKey: privkeyPem,
Source: cast.StringPtr("volc_cert_center"),
Desc: cast.StringPtr(certName),
Source: ve.String("volc_cert_center"),
Desc: ve.String(certName),
}
addCertificateResp, err := u.sdkClient.AddCertificate(addCertificateReq)
if err != nil {

8
internal/pkg/core/uploader/providers/volcengine-live/volcengine_live.go
View File

@ -9,9 +9,9 @@ import (
xerrors "github.com/pkg/errors"
veLive "github.com/volcengine/volc-sdk-golang/service/live/v20230101"
ve "github.com/volcengine/volcengine-go-sdk/volcengine"
"github.com/usual2970/certimate/internal/pkg/core/uploader"
"github.com/usual2970/certimate/internal/pkg/utils/cast"
"github.com/usual2970/certimate/internal/pkg/utils/x509"
)
@ -63,7 +63,7 @@ func (u *VolcEngineLiveUploader) Upload(ctx context.Context, certPem string, pri
// 查询证书详细信息
// REF: https://www.volcengine.com/docs/6469/1186278#%E6%9F%A5%E7%9C%8B%E8%AF%81%E4%B9%A6%E8%AF%A6%E6%83%85
describeCertDetailSecretReq := &veLive.DescribeCertDetailSecretV2Body{
ChainID: cast.StringPtr(certDetail.ChainID),
ChainID: ve.String(certDetail.ChainID),
}
describeCertDetailSecretResp, err := u.sdkClient.DescribeCertDetailSecretV2(ctx, describeCertDetailSecretReq)
if err != nil {
@ -100,9 +100,9 @@ func (u *VolcEngineLiveUploader) Upload(ctx context.Context, certPem string, pri
// 上传新证书
// REF: https://www.volcengine.com/docs/6469/1186278#%E6%B7%BB%E5%8A%A0%E8%AF%81%E4%B9%A6
createCertReq := &veLive.CreateCertBody{
CertName: &certName,
CertName: ve.String(certName),
UseWay: "https",
ProjectName: cast.StringPtr("default"),
ProjectName: ve.String("default"),
Rsa: veLive.CreateCertBodyRsa{
Prikey: privkeyPem,
Pubkey: certPem,

25
internal/pkg/utils/cast/cast.go
View File

@ -1,25 +0,0 @@
package cast
func Int32Ptr(i int32) *int32 {
return &i
}
func Int64Ptr(i int64) *int64 {
return &i
}
func UInt32Ptr(i uint32) *uint32 {
return &i
}
func UInt64Ptr(i uint64) *uint64 {
return &i
}
func StringPtr(s string) *string {
return &s
}
func BoolPtr(b bool) *bool {
return &b
}

9
internal/pkg/vendors/huaweicloud-sdk/cast.go vendored Normal file
View File

@ -0,0 +1,9 @@
package huaweicloudsdk
func Int32Ptr(i int32) *int32 {
return &i
}
func StringPtr(s string) *string {
return &s
}

10
internal/pkg/vendors/huaweicloud-sdk/cdn/models.go vendored
View File

@ -3,7 +3,7 @@
import (
hcCdnModel "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cdn/v2/model"
"github.com/usual2970/certimate/internal/pkg/utils/cast"
hwsdk "github.com/usual2970/certimate/internal/pkg/vendors/huaweicloud-sdk"
)
type UpdateDomainMultiCertificatesExRequestBodyContent struct {
@ -34,11 +34,11 @@ func (m *UpdateDomainMultiCertificatesExRequestBodyContent) MergeConfig(src *hcC
// 而且蛋疼的是查询接口返回的数据结构和更新接口传入的参数结构不一致,需要做很多转化。
if *src.OriginProtocol == "follow" {
m.AccessOriginWay = cast.Int32Ptr(1)
m.AccessOriginWay = hwsdk.Int32Ptr(1)
} else if *src.OriginProtocol == "http" {
m.AccessOriginWay = cast.Int32Ptr(2)
m.AccessOriginWay = hwsdk.Int32Ptr(2)
} else if *src.OriginProtocol == "https" {
m.AccessOriginWay = cast.Int32Ptr(3)
m.AccessOriginWay = hwsdk.Int32Ptr(3)
}
if src.ForceRedirect != nil {
@ -54,7 +54,7 @@ func (m *UpdateDomainMultiCertificatesExRequestBodyContent) MergeConfig(src *hcC
if src.Https != nil {
if *src.Https.Http2Status == "on" {
m.Http2 = cast.Int32Ptr(1)
m.Http2 = hwsdk.Int32Ptr(1)
}
}

24
ui/src/components/workflow/node/DeployNode.tsx
View File

@ -25,14 +25,14 @@ const DeployNode = ({ node, disabled }: DeployNodeProps) => {
const formRef = useRef<DeployNodeConfigFormInstance>(null);
const [formPending, setFormPending] = useState(false);
const [fieldProvider, setFieldProvider] = useState<string | undefined>((node.config as WorkflowNodeConfigForDeploy)?.provider);
useEffect(() => {
setFieldProvider((node.config as WorkflowNodeConfigForDeploy)?.provider);
}, [node.config?.provider]);
const [drawerOpen, setDrawerOpen] = useState(false);
const [drawerFooterShow, setDrawerFooterShow] = useState(true);
const getFormValues = () => formRef.current!.getFieldsValue() as WorkflowNodeConfigForDeploy;
useEffect(() => {
setDrawerFooterShow(!!(node.config as WorkflowNodeConfigForDeploy)?.provider);
}, [node.config?.provider]);
const wrappedEl = useMemo(() => {
if (node.type !== WorkflowNodeType.Deploy) {
console.warn(`[certimate] current workflow node type is not: ${WorkflowNodeType.Deploy}`);
@ -45,7 +45,7 @@ const DeployNode = ({ node, disabled }: DeployNodeProps) => {
const config = (node.config as WorkflowNodeConfigForDeploy) ?? {};
const provider = deployProvidersMap.get(config.provider);
return (
<Space>
<Space className="max-w-full">
<Avatar src={provider?.icon} size="small" />
<Typography.Text className="truncate">{t(provider?.name ?? "")}</Typography.Text>
</Space>
@ -76,7 +76,7 @@ const DeployNode = ({ node, disabled }: DeployNodeProps) => {
};
const handleFormValuesChange = (values: Partial<WorkflowNodeConfigForDeploy>) => {
setFieldProvider(values.provider!);
setDrawerFooterShow(!!values.provider);
};
return (
@ -87,11 +87,17 @@ const DeployNode = ({ node, disabled }: DeployNodeProps) => {
<SharedNode.ConfigDrawer
node={node}
footer={!!fieldProvider}
footer={drawerFooterShow}
open={drawerOpen}
pending={formPending}
onConfirm={handleDrawerConfirm}
onOpenChange={(open) => setDrawerOpen(open)}
onOpenChange={(open) => {
setDrawerOpen(open);
if (!open) {
setDrawerFooterShow(!!(node.config as WorkflowNodeConfigForDeploy)?.provider);
}
}}
getFormValues={() => formRef.current!.getFieldsValue()}
>
<DeployNodeConfigForm ref={formRef} disabled={disabled} initialValues={node.config} nodeId={node.id} onValuesChange={handleFormValuesChange} />

8
ui/src/components/workflow/node/DeployNodeConfigForm.tsx
View File

@ -19,6 +19,7 @@ import DeployNodeConfigFormAliyunALBConfig from "./DeployNodeConfigFormAliyunALB
import DeployNodeConfigFormAliyunCDNConfig from "./DeployNodeConfigFormAliyunCDNConfig";
import DeployNodeConfigFormAliyunCLBConfig from "./DeployNodeConfigFormAliyunCLBConfig";
import DeployNodeConfigFormAliyunDCDNConfig from "./DeployNodeConfigFormAliyunDCDNConfig";
import DeployNodeConfigFormAliyunLiveConfig from "./DeployNodeConfigFormAliyunLiveConfig";
import DeployNodeConfigFormAliyunNLBConfig from "./DeployNodeConfigFormAliyunNLBConfig";
import DeployNodeConfigFormAliyunOSSConfig from "./DeployNodeConfigFormAliyunOSSConfig";
import DeployNodeConfigFormBaiduCloudCDNConfig from "./DeployNodeConfigFormBaiduCloudCDNConfig";
@ -33,6 +34,7 @@ import DeployNodeConfigFormSSHConfig from "./DeployNodeConfigFormSSHConfig.tsx";
import DeployNodeConfigFormTencentCloudCDNConfig from "./DeployNodeConfigFormTencentCloudCDNConfig.tsx";
import DeployNodeConfigFormTencentCloudCLBConfig from "./DeployNodeConfigFormTencentCloudCLBConfig.tsx";
import DeployNodeConfigFormTencentCloudCOSConfig from "./DeployNodeConfigFormTencentCloudCOSConfig.tsx";
import DeployNodeConfigFormTencentCloudCSSConfig from "./DeployNodeConfigFormTencentCloudCSSConfig.tsx";
import DeployNodeConfigFormTencentCloudECDNConfig from "./DeployNodeConfigFormTencentCloudECDNConfig.tsx";
import DeployNodeConfigFormTencentCloudEOConfig from "./DeployNodeConfigFormTencentCloudEOConfig.tsx";
import DeployNodeConfigFormVolcEngineCDNConfig from "./DeployNodeConfigFormVolcEngineCDNConfig.tsx";
@ -118,6 +120,8 @@ const DeployNodeConfigForm = forwardRef<DeployNodeConfigFormInstance, DeployNode
return <DeployNodeConfigFormAliyunCDNConfig {...nestedFormProps} />;
case DEPLOY_PROVIDERS.ALIYUN_DCDN:
return <DeployNodeConfigFormAliyunDCDNConfig {...nestedFormProps} />;
case DEPLOY_PROVIDERS.ALIYUN_LIVE:
return <DeployNodeConfigFormAliyunLiveConfig {...nestedFormProps} />;
case DEPLOY_PROVIDERS.ALIYUN_NLB:
return <DeployNodeConfigFormAliyunNLBConfig {...nestedFormProps} />;
case DEPLOY_PROVIDERS.ALIYUN_OSS:
@ -146,6 +150,8 @@ const DeployNodeConfigForm = forwardRef<DeployNodeConfigFormInstance, DeployNode
return <DeployNodeConfigFormTencentCloudCLBConfig {...nestedFormProps} />;
case DEPLOY_PROVIDERS.TENCENTCLOUD_COS:
return <DeployNodeConfigFormTencentCloudCOSConfig {...nestedFormProps} />;
case DEPLOY_PROVIDERS.TENCENTCLOUD_CSS:
return <DeployNodeConfigFormTencentCloudCSSConfig {...nestedFormProps} />;
case DEPLOY_PROVIDERS.TENCENTCLOUD_ECDN:
return <DeployNodeConfigFormTencentCloudECDNConfig {...nestedFormProps} />;
case DEPLOY_PROVIDERS.TENCENTCLOUD_EO:
@ -239,7 +245,7 @@ const DeployNodeConfigForm = forwardRef<DeployNodeConfigFormInstance, DeployNode
<Form.Item name="provider" label={t("workflow_node.deploy.form.provider.label")} rules={[formRule]}>
<DeployProviderSelect
allowClear
disabled
disabled={!!initialValues?.provider}
placeholder={t("workflow_node.deploy.form.provider.placeholder")}
showSearch
onSelect={handleProviderSelect}

20
ui/src/components/workflow/node/DeployNodeConfigFormAliyunALBConfig.tsx
View File

@ -4,12 +4,14 @@ import { createSchemaFieldRule } from "antd-zod";
import { z } from "zod";
import Show from "@/components/Show";
import { validDomainName } from "@/utils/validators";
type DeployNodeConfigFormAliyunALBConfigFieldValues = Nullish<{
resourceType: string;
region: string;
loadbalancerId?: string;
listenerId?: string;
domain?: string;
}>;
export type DeployNodeConfigFormAliyunALBConfigProps = {
@ -56,6 +58,13 @@ const DeployNodeConfigFormAliyunALBConfig = ({
.trim()
.nullish()
.refine((v) => fieldResourceType !== RESOURCE_TYPE_LISTENER || !!v?.trim(), t("workflow_node.deploy.form.aliyun_alb_listener_id.placeholder")),
domain: z
.string()
.nullish()
.refine((v) => {
if (![RESOURCE_TYPE_LOADBALANCER, RESOURCE_TYPE_LISTENER].includes(fieldResourceType)) return true;
return !v || validDomainName(v!, { allowWildcard: true });
}, t("common.errmsg.domain_invalid")),
});
const formRule = createSchemaFieldRule(formSchema);
@ -115,6 +124,17 @@ const DeployNodeConfigFormAliyunALBConfig = ({
<Input placeholder={t("workflow_node.deploy.form.aliyun_alb_listener_id.placeholder")} />
</Form.Item>
</Show>
<Show when={fieldResourceType === RESOURCE_TYPE_LOADBALANCER || fieldResourceType === RESOURCE_TYPE_LISTENER}>
<Form.Item
name="domain"
label={t("workflow_node.deploy.form.aliyun_alb_snidomain.label")}
rules={[formRule]}
tooltip={<span dangerouslySetInnerHTML={{ __html: t("workflow_node.deploy.form.aliyun_alb_snidomain.tooltip") }}></span>}
>
<Input placeholder={t("workflow_node.deploy.form.aliyun_alb_snidomain.placeholder")} />
</Form.Item>
</Show>
</Form>
);
};

21
ui/src/components/workflow/node/DeployNodeConfigFormAliyunCLBConfig.tsx
View File

@ -4,13 +4,14 @@ import { createSchemaFieldRule } from "antd-zod";
import { z } from "zod";
import Show from "@/components/Show";
import { validPortNumber } from "@/utils/validators";
import { validDomainName, validPortNumber } from "@/utils/validators";
type DeployNodeConfigFormAliyunCLBConfigFieldValues = Nullish<{
resourceType: string;
region: string;
loadbalancerId?: string;
listenerPort?: string | number;
domain?: string;
}>;
export type DeployNodeConfigFormAliyunCLBConfigProps = {
@ -68,6 +69,13 @@ const DeployNodeConfigFormAliyunCLBConfig = ({
),
])
.nullish(),
domain: z
.string()
.nullish()
.refine((v) => {
if (![RESOURCE_TYPE_LOADBALANCER, RESOURCE_TYPE_LISTENER].includes(fieldResourceType)) return true;
return !v || validDomainName(v!, { allowWildcard: true });
}, t("common.errmsg.domain_invalid")),
});
const formRule = createSchemaFieldRule(formSchema);
@ -125,6 +133,17 @@ const DeployNodeConfigFormAliyunCLBConfig = ({
<Input type="number" min={1} max={65535} placeholder={t("workflow_node.deploy.form.aliyun_clb_listener_port.placeholder")} />
</Form.Item>
</Show>
<Show when={fieldResourceType === RESOURCE_TYPE_LOADBALANCER || fieldResourceType === RESOURCE_TYPE_LISTENER}>
<Form.Item
name="domain"
label={t("workflow_node.deploy.form.aliyun_clb_snidomain.label")}
rules={[formRule]}
tooltip={<span dangerouslySetInnerHTML={{ __html: t("workflow_node.deploy.form.aliyun_clb_snidomain.tooltip") }}></span>}
>
<Input placeholder={t("workflow_node.deploy.form.aliyun_clb_snidomain.placeholder")} />
</Form.Item>
</Show>
</Form>
);
};

79
ui/src/components/workflow/node/DeployNodeConfigFormAliyunLiveConfig.tsx Normal file
View File

@ -0,0 +1,79 @@
import { useTranslation } from "react-i18next";
import { Form, type FormInstance, Input } from "antd";
import { createSchemaFieldRule } from "antd-zod";
import { z } from "zod";
import { validDomainName } from "@/utils/validators";
type DeployNodeConfigFormAliyunLiveConfigFieldValues = Nullish<{
region: string;
domain: string;
}>;
export type DeployNodeConfigFormAliyunLiveConfigProps = {
form: FormInstance;
formName: string;
disabled?: boolean;
initialValues?: DeployNodeConfigFormAliyunLiveConfigFieldValues;
onValuesChange?: (values: DeployNodeConfigFormAliyunLiveConfigFieldValues) => void;
};
const initFormModel = (): DeployNodeConfigFormAliyunLiveConfigFieldValues => {
return {};
};
const DeployNodeConfigFormAliyunLiveConfig = ({
form: formInst,
formName,
disabled,
initialValues,
onValuesChange,
}: DeployNodeConfigFormAliyunLiveConfigProps) => {
const { t } = useTranslation();
const formSchema = z.object({
region: z
.string({ message: t("workflow_node.deploy.form.aliyun_live_region.placeholder") })
.nonempty(t("workflow_node.deploy.form.aliyun_live_region.placeholder"))
.trim(),
domain: z
.string({ message: t("workflow_node.deploy.form.aliyun_live_domain.placeholder") })
.refine((v) => validDomainName(v, { allowWildcard: true }), t("common.errmsg.domain_invalid")),
});
const formRule = createSchemaFieldRule(formSchema);
const handleFormChange = (_: unknown, values: z.infer<typeof formSchema>) => {
onValuesChange?.(values);
};
return (
<Form
form={formInst}
disabled={disabled}
initialValues={initialValues ?? initFormModel()}
layout="vertical"
name={formName}
onValuesChange={handleFormChange}
>
<Form.Item
name="region"
label={t("workflow_node.deploy.form.aliyun_live_region.label")}
rules={[formRule]}
tooltip={<span dangerouslySetInnerHTML={{ __html: t("workflow_node.deploy.form.aliyun_live_region.tooltip") }}></span>}
>
<Input placeholder={t("workflow_node.deploy.form.aliyun_live_region.placeholder")} />
</Form.Item>
<Form.Item
name="domain"
label={t("workflow_node.deploy.form.aliyun_live_domain.label")}
rules={[formRule]}
tooltip={<span dangerouslySetInnerHTML={{ __html: t("workflow_node.deploy.form.aliyun_live_domain.tooltip") }}></span>}
>
<Input placeholder={t("workflow_node.deploy.form.aliyun_live_domain.placeholder")} />
</Form.Item>
</Form>
);
};
export default DeployNodeConfigFormAliyunLiveConfig;

2
ui/src/components/workflow/node/DeployNodeConfigFormTencentCloudCLBConfig.tsx
View File

@ -66,7 +66,7 @@ const DeployNodeConfigFormTencentCloudCLBConfig = ({
t("workflow_node.deploy.form.tencentcloud_clb_listener_id.placeholder")
),
domain: z
.string({ message: t("workflow_node.deploy.form.tencentcloud_clb_domain.placeholder") })
.string()
.nullish()
.refine((v) => RESOURCE_TYPE_RULEDOMAIN !== fieldResourceType || validDomainName(v!, { allowWildcard: true }), t("common.errmsg.domain_invalid")),
});

65
ui/src/components/workflow/node/DeployNodeConfigFormTencentCloudCSSConfig.tsx Normal file
View File

@ -0,0 +1,65 @@
import { useTranslation } from "react-i18next";
import { Form, type FormInstance, Input } from "antd";
import { createSchemaFieldRule } from "antd-zod";
import { z } from "zod";
import { validDomainName } from "@/utils/validators";
type DeployNodeConfigFormTencentCloudCSSConfigFieldValues = Nullish<{
domain: string;
}>;
export type DeployNodeConfigFormTencentCloudCSSConfigProps = {
form: FormInstance;
formName: string;
disabled?: boolean;
initialValues?: DeployNodeConfigFormTencentCloudCSSConfigFieldValues;
onValuesChange?: (values: DeployNodeConfigFormTencentCloudCSSConfigFieldValues) => void;
};
const initFormModel = (): DeployNodeConfigFormTencentCloudCSSConfigFieldValues => {
return {};
};
const DeployNodeConfigFormTencentCloudCSSConfig = ({
form: formInst,
formName,
disabled,
initialValues,
onValuesChange,
}: DeployNodeConfigFormTencentCloudCSSConfigProps) => {
const { t } = useTranslation();
const formSchema = z.object({
domain: z
.string({ message: t("workflow_node.deploy.form.tencentcloud_css_domain.placeholder") })
.refine((v) => validDomainName(v, { allowWildcard: true }), t("common.errmsg.domain_invalid")),
});
const formRule = createSchemaFieldRule(formSchema);
const handleFormChange = (_: unknown, values: z.infer<typeof formSchema>) => {
onValuesChange?.(values);
};
return (
<Form
form={formInst}
disabled={disabled}
initialValues={initialValues ?? initFormModel()}
layout="vertical"
name={formName}
onValuesChange={handleFormChange}
>
<Form.Item
name="domain"
label={t("workflow_node.deploy.form.tencentcloud_css_domain.label")}
rules={[formRule]}
tooltip={<span dangerouslySetInnerHTML={{ __html: t("workflow_node.deploy.form.tencentcloud_css_domain.tooltip") }}></span>}
>
<Input placeholder={t("workflow_node.deploy.form.tencentcloud_css_domain.placeholder")} />
</Form.Item>
</Form>
);
};
export default DeployNodeConfigFormTencentCloudCSSConfig;

2
ui/src/components/workflow/node/_SharedNode.tsx
View File

@ -196,7 +196,7 @@ const SharedNodeBlock = ({ children, node, disabled, onClick }: SharedNodeBlockP
</div>
<div className="flex cursor-pointer flex-col justify-center px-4 py-2" onClick={handleNodeClick}>
<div className="text-sm">{children}</div>
<div className="overflow-hidden text-sm">{children}</div>
</div>
</Card>
</Popover>

6
ui/src/domain/provider.ts
View File

@ -155,6 +155,7 @@ export const DEPLOY_PROVIDERS = Object.freeze({
ALIYUN_CDN: `${ACCESS_PROVIDERS.ALIYUN}-cdn`,
ALIYUN_CLB: `${ACCESS_PROVIDERS.ALIYUN}-clb`,
ALIYUN_DCDN: `${ACCESS_PROVIDERS.ALIYUN}-dcdn`,
ALIYUN_LIVE: `${ACCESS_PROVIDERS.ALIYUN}-live`,
ALIYUN_NLB: `${ACCESS_PROVIDERS.ALIYUN}-nlb`,
ALIYUN_OSS: `${ACCESS_PROVIDERS.ALIYUN}-oss`,
BAIDUCLOUD_CDN: `${ACCESS_PROVIDERS.BAIDUCLOUD}-cdn`,
@ -169,6 +170,7 @@ export const DEPLOY_PROVIDERS = Object.freeze({
TENCENTCLOUD_CDN: `${ACCESS_PROVIDERS.TENCENTCLOUD}-cdn`,
TENCENTCLOUD_CLB: `${ACCESS_PROVIDERS.TENCENTCLOUD}-clb`,
TENCENTCLOUD_COS: `${ACCESS_PROVIDERS.TENCENTCLOUD}-cos`,
TENCENTCLOUD_CSS: `${ACCESS_PROVIDERS.TENCENTCLOUD}-css`,
TENCENTCLOUD_ECDN: `${ACCESS_PROVIDERS.TENCENTCLOUD}-ecdn`,
TENCENTCLOUD_EO: `${ACCESS_PROVIDERS.TENCENTCLOUD}-eo`,
VOLCENGINE_CDN: `${ACCESS_PROVIDERS.VOLCENGINE}-cdn`,
@ -204,19 +206,21 @@ export const deployProvidersMap: Map<DeployProvider["type"] | string, DeployProv
[DEPLOY_PROVIDERS.ALIYUN_CLB, "common.provider.aliyun.clb"],
[DEPLOY_PROVIDERS.ALIYUN_ALB, "common.provider.aliyun.alb"],
[DEPLOY_PROVIDERS.ALIYUN_NLB, "common.provider.aliyun.nlb"],
[DEPLOY_PROVIDERS.ALIYUN_LIVE, "common.provider.aliyun.live"],
[DEPLOY_PROVIDERS.TENCENTCLOUD_COS, "common.provider.tencentcloud.cos"],
[DEPLOY_PROVIDERS.TENCENTCLOUD_CDN, "common.provider.tencentcloud.cdn"],
[DEPLOY_PROVIDERS.TENCENTCLOUD_ECDN, "common.provider.tencentcloud.ecdn"],
[DEPLOY_PROVIDERS.TENCENTCLOUD_EO, "common.provider.tencentcloud.eo"],
[DEPLOY_PROVIDERS.TENCENTCLOUD_CLB, "common.provider.tencentcloud.clb"],
[DEPLOY_PROVIDERS.TENCENTCLOUD_CSS, "common.provider.tencentcloud.css"],
[DEPLOY_PROVIDERS.HUAWEICLOUD_CDN, "common.provider.huaweicloud.cdn"],
[DEPLOY_PROVIDERS.HUAWEICLOUD_ELB, "common.provider.huaweicloud.elb"],
[DEPLOY_PROVIDERS.BAIDUCLOUD_CDN, "common.provider.baiducloud.cdn"],
[DEPLOY_PROVIDERS.VOLCENGINE_TOS, "common.provider.volcengine.tos"],
[DEPLOY_PROVIDERS.VOLCENGINE_CDN, "common.provider.volcengine.cdn"],
[DEPLOY_PROVIDERS.VOLCENGINE_DCDN, "common.provider.volcengine.dcdn"],
[DEPLOY_PROVIDERS.VOLCENGINE_LIVE, "common.provider.volcengine.live"],
[DEPLOY_PROVIDERS.VOLCENGINE_CLB, "common.provider.volcengine.clb"],
[DEPLOY_PROVIDERS.VOLCENGINE_LIVE, "common.provider.volcengine.live"],
[DEPLOY_PROVIDERS.QINIU_CDN, "common.provider.qiniu.cdn"],
[DEPLOY_PROVIDERS.DOGECLOUD_CDN, "common.provider.dogecloud.cdn"],
[DEPLOY_PROVIDERS.BYTEPLUS_CDN, "common.provider.byteplus.cdn"],

50
ui/src/i18n/locales/en/nls.common.json
View File

@ -37,29 +37,30 @@
"common.provider.acmehttpreq": "Http Request (ACME Proxy)",
"common.provider.aliyun": "Alibaba Cloud",
"common.provider.aliyun.alb": "Alibaba Cloud - ALB",
"common.provider.aliyun.cdn": "Alibaba Cloud - CDN",
"common.provider.aliyun.clb": "Alibaba Cloud - CLB",
"common.provider.aliyun.dcdn": "Alibaba Cloud - DCDN",
"common.provider.aliyun.dns": "Alibaba Cloud - DNS",
"common.provider.aliyun.nlb": "Alibaba Cloud - NLB",
"common.provider.aliyun.oss": "Alibaba Cloud - OSS",
"common.provider.aliyun.alb": "Alibaba Cloud - Application Load Balancer (ALB)",
"common.provider.aliyun.cdn": "Alibaba Cloud - Content Delivery Network (CDN)",
"common.provider.aliyun.clb": "Alibaba Cloud - Classic Load Balancer (CLB)",
"common.provider.aliyun.dcdn": "Alibaba Cloud - Dynamic Route for Content Delivery Network (DCDN)",
"common.provider.aliyun.dns": "Alibaba Cloud - Domain Name Service (DNS)",
"common.provider.aliyun.live": "Alibaba Cloud - ApsaraVideo Live",
"common.provider.aliyun.nlb": "Alibaba Cloud - Network Load Balancer (NLB)",
"common.provider.aliyun.oss": "Alibaba Cloud - Object Storage Service (OSS)",
"common.provider.aws": "AWS",
"common.provider.aws.route53": "AWS - Route53",
"common.provider.azure": "Azure",
"common.provider.azure.dns": "Azure - DNS",
"common.provider.baiducloud": "Baidu Cloud",
"common.provider.baiducloud.cdn": "Baidu Cloud - CDN",
"common.provider.baiducloud.cdn": "Baidu Cloud - Content Delivery Network (CDN)",
"common.provider.byteplus": "BytePlus",
"common.provider.byteplus.cdn": "BytePlus - CDN",
"common.provider.byteplus.cdn": "BytePlus - Content Delivery Network (CDN)",
"common.provider.cloudflare": "Cloudflare",
"common.provider.dogecloud": "Doge Cloud",
"common.provider.dogecloud.cdn": "Doge Cloud - CDN",
"common.provider.dogecloud.cdn": "Doge Cloud - Content Delivery Network (CDN)",
"common.provider.godaddy": "GoDaddy",
"common.provider.huaweicloud": "Huawei Cloud",
"common.provider.huaweicloud.cdn": "Huawei Cloud - CDN",
"common.provider.huaweicloud.dns": "Huawei Cloud - DNS",
"common.provider.huaweicloud.elb": "Huawei Cloud - ELB",
"common.provider.huaweicloud.cdn": "Huawei Cloud - Content Delivery Network (CDN)",
"common.provider.huaweicloud.dns": "Huawei Cloud - Domain Name Service (DNS)",
"common.provider.huaweicloud.elb": "Huawei Cloud - Elastic Load Balance (ELB)",
"common.provider.kubernetes": "Kubernetes",
"common.provider.kubernetes.secret": "Kubernetes - Secret",
"common.provider.local": "Local deployment",
@ -67,22 +68,23 @@
"common.provider.namesilo": "NameSilo",
"common.provider.powerdns": "PowerDNS",
"common.provider.qiniu": "Qiniu",
"common.provider.qiniu.cdn": "Qiniu - CDN",
"common.provider.qiniu.cdn": "Qiniu - Content Delivery Network (CDN)",
"common.provider.ssh": "SSH deployment",
"common.provider.tencentcloud": "Tencent Cloud",
"common.provider.tencentcloud.cdn": "Tencent Cloud - CDN",
"common.provider.tencentcloud.clb": "Tencent Cloud - CLB",
"common.provider.tencentcloud.cos": "Tencent Cloud - COS",
"common.provider.tencentcloud.dns": "Tencent Cloud - DNS",
"common.provider.tencentcloud.ecdn": "Tencent Cloud - ECDN",
"common.provider.tencentcloud.cdn": "Tencent Cloud - Content Delivery Network (CDN)",
"common.provider.tencentcloud.clb": "Tencent Cloud - Cloud Load Balancer (CLB)",
"common.provider.tencentcloud.cos": "Tencent Cloud - Cloud Object Storage (COS)",
"common.provider.tencentcloud.css": "Tencent Cloud - Cloud Streaming Service (CSS)",
"common.provider.tencentcloud.dns": "Tencent Cloud - Domain Name Service (DNS)",
"common.provider.tencentcloud.ecdn": "Tencent Cloud - Enterprise Content Delivery Network (ECDN)",
"common.provider.tencentcloud.eo": "Tencent Cloud - EdgeOne",
"common.provider.volcengine": "Volcengine",
"common.provider.volcengine.cdn": "Volcengine - CDN",
"common.provider.volcengine.clb": "Volcengine - CLB",
"common.provider.volcengine.dcdn": "Volcengine - DCDN",
"common.provider.volcengine.dns": "Volcengine - DNS",
"common.provider.volcengine.cdn": "Volcengine - Content Delivery Network (CDN)",
"common.provider.volcengine.clb": "Volcengine - Cloud Load Balancer (CLB)",
"common.provider.volcengine.dcdn": "Volcengine - Dynamic Content Delivery Network (DCDN)",
"common.provider.volcengine.dns": "Volcengine - Domain Name Service (DNS)",
"common.provider.volcengine.live": "Volcengine - Live",
"common.provider.volcengine.tos": "Volcengine - TOS",
"common.provider.volcengine.tos": "Volcengine - Tinder Object Storage (TOS)",
"common.provider.webhook": "Webhook",
"common.notifier.bark": "Bark",

77
ui/src/i18n/locales/en/nls.workflow.nodes.json
View File

@ -77,55 +77,67 @@
"workflow_node.deploy.form.aliyun_alb_resource_type.placeholder": "Please select resource type",
"workflow_node.deploy.form.aliyun_alb_resource_type.option.loadbalancer.label": "ALB load balancer",
"workflow_node.deploy.form.aliyun_alb_resource_type.option.listener.label": "ALB listener",
"workflow_node.deploy.form.aliyun_alb_region.label": "Aliyun region",
"workflow_node.deploy.form.aliyun_alb_region.placeholder": "Please enter Aliyun region (e.g. cn-hangzhou)",
"workflow_node.deploy.form.aliyun_alb_region.label": "Alibaba Cloud region",
"workflow_node.deploy.form.aliyun_alb_region.placeholder": "Please enter Alibaba Cloud region (e.g. cn-hangzhou)",
"workflow_node.deploy.form.aliyun_alb_region.tooltip": "For more information, see <a href=\"https://www.alibabacloud.com/help/en/slb/application-load-balancer/product-overview/supported-regions-and-zones\" target=\"_blank\">https://www.alibabacloud.com/help/en/slb/application-load-balancer/product-overview/supported-regions-and-zones</a>",
"workflow_node.deploy.form.aliyun_alb_loadbalancer_id.label": "Aliyun ALB load balancer ID",
"workflow_node.deploy.form.aliyun_alb_loadbalancer_id.placeholder": "Please enter Aliyun ALB load balancer ID",
"workflow_node.deploy.form.aliyun_alb_loadbalancer_id.label": "Alibaba Cloud ALB load balancer ID",
"workflow_node.deploy.form.aliyun_alb_loadbalancer_id.placeholder": "Please enter Alibaba Cloud ALB load balancer ID",
"workflow_node.deploy.form.aliyun_alb_loadbalancer_id.tooltip": "For more information, see <a href=\"https://slb.console.aliyun.com/alb\" target=\"_blank\">https://slb.console.aliyun.com/alb</a>",
"workflow_node.deploy.form.aliyun_alb_listener_id.label": "Aliyun ALB listener ID",
"workflow_node.deploy.form.aliyun_alb_listener_id.placeholder": "Please enter Aliyun ALB listener ID",
"workflow_node.deploy.form.aliyun_alb_listener_id.label": "Alibaba Cloud ALB listener ID",
"workflow_node.deploy.form.aliyun_alb_listener_id.placeholder": "Please enter Alibaba Cloud ALB listener ID",
"workflow_node.deploy.form.aliyun_alb_listener_id.tooltip": "For more information, see <a href=\"https://slb.console.aliyun.com/alb\" target=\"_blank\">https://slb.console.aliyun.com/alb</a>",
"workflow_node.deploy.form.aliyun_alb_snidomain.label": "Alibaba Cloud ALB SNI domain (Optional)",
"workflow_node.deploy.form.aliyun_alb_snidomain.placeholder": "Please enter Alibaba Cloud ALB SNI domain name",
"workflow_node.deploy.form.aliyun_alb_snidomain.tooltip": "For more information, see <a href=\"https://slb.console.aliyun.com/alb\" target=\"_blank\">https://slb.console.aliyun.com/alb</a>",
"workflow_node.deploy.form.aliyun_clb_resource_type.label": "Resource type",
"workflow_node.deploy.form.aliyun_clb_resource_type.placeholder": "Please select resource type",
"workflow_node.deploy.form.aliyun_clb_resource_type.option.loadbalancer.label": "CLB load balancer",
"workflow_node.deploy.form.aliyun_clb_resource_type.option.listener.label": "CLB listener",
"workflow_node.deploy.form.aliyun_clb_region.label": "Aliyun region",
"workflow_node.deploy.form.aliyun_clb_region.placeholder": "Please enter Aliyun region (e.g. cn-hangzhou)",
"workflow_node.deploy.form.aliyun_clb_region.label": "Alibaba Cloud region",
"workflow_node.deploy.form.aliyun_clb_region.placeholder": "Please enter Alibaba Cloud region (e.g. cn-hangzhou)",
"workflow_node.deploy.form.aliyun_clb_region.tooltip": "For more information, see <a href=\"https://www.alibabacloud.com/help/en/slb/classic-load-balancer/product-overview/regions-that-support-clb\" target=\"_blank\">https://www.alibabacloud.com/help/en/slb/classic-load-balancer/product-overview/regions-that-support-clb</a>",
"workflow_node.deploy.form.aliyun_clb_loadbalancer_id.label": "Aliyun CLB load balancer ID",
"workflow_node.deploy.form.aliyun_clb_loadbalancer_id.placeholder": "Please enter Aliyun CLB load balancer ID",
"workflow_node.deploy.form.aliyun_clb_loadbalancer_id.label": "Alibaba Cloud CLB load balancer ID",
"workflow_node.deploy.form.aliyun_clb_loadbalancer_id.placeholder": "Please enter Alibaba Cloud CLB load balancer ID",
"workflow_node.deploy.form.aliyun_clb_loadbalancer_id.tooltip": "For more information, see <a href=\"https://slb.console.aliyun.com/clb\" target=\"_blank\">https://slb.console.aliyun.com/clb</a>",
"workflow_node.deploy.form.aliyun_clb_listener_port.label": "Aliyun CLB listener port",
"workflow_node.deploy.form.aliyun_clb_listener_port.placeholder": "Please enter Aliyun CLB listener port",
"workflow_node.deploy.form.aliyun_clb_listener_port.label": "Alibaba Cloud CLB listener port",
"workflow_node.deploy.form.aliyun_clb_listener_port.placeholder": "Please enter Alibaba Cloud CLB listener port",
"workflow_node.deploy.form.aliyun_clb_listener_port.tooltip": "For more information, see <a href=\"https://slb.console.aliyun.com/clb\" target=\"_blank\">https://slb.console.aliyun.com/clb</a>",
"workflow_node.deploy.form.aliyun_cdn_domain.label": "Aliyun CDN domain",
"workflow_node.deploy.form.aliyun_cdn_domain.placeholder": "Please enter Aliyun CDN domain name",
"workflow_node.deploy.form.aliyun_clb_snidomain.label": "Alibaba Cloud CLB SNI domain (Optional)",
"workflow_node.deploy.form.aliyun_clb_snidomain.placeholder": "Please enter Alibaba Cloud CLB SNI domain name",
"workflow_node.deploy.form.aliyun_clb_snidomain.tooltip": "For more information, see <a href=\"https://slb.console.aliyun.com/clb\" target=\"_blank\">https://slb.console.aliyun.com/clb</a>",
"workflow_node.deploy.form.aliyun_cdn_domain.label": "Alibaba Cloud CDN domain",
"workflow_node.deploy.form.aliyun_cdn_domain.placeholder": "Please enter Alibaba Cloud CDN domain name",
"workflow_node.deploy.form.aliyun_cdn_domain.tooltip": "For more information, see <a href=\"https://cdn.console.aliyun.com\" target=\"_blank\">https://cdn.console.aliyun.com</a>",
"workflow_node.deploy.form.aliyun_dcdn_domain.label": "Aliyun DCDN domain",
"workflow_node.deploy.form.aliyun_dcdn_domain.placeholder": "Please enter Aliyun DCDN domain name",
"workflow_node.deploy.form.aliyun_dcdn_domain.label": "Alibaba Cloud DCDN domain",
"workflow_node.deploy.form.aliyun_dcdn_domain.placeholder": "Please enter Alibaba Cloud DCDN domain name",
"workflow_node.deploy.form.aliyun_dcdn_domain.tooltip": "For more information, see <a href=\"https://dcdn.console.aliyun.com\" target=\"_blank\">https://dcdn.console.aliyun.com</a>",
"workflow_node.deploy.form.aliyun_live_region.label": "Alibaba Cloud region",
"workflow_node.deploy.form.aliyun_live_region.placeholder": "Please enter Alibaba Cloud region (e.g. cn-hangzhou)",
"workflow_node.deploy.form.aliyun_live_region.tooltip": "For more information, see <a href=\"https://www.alibabacloud.com/help/en/live/product-overview/supported-regions\" target=\"_blank\">https://www.alibabacloud.com/help/en/live/product-overview/supported-regions</a>",
"workflow_node.deploy.form.aliyun_live_domain.label": "Alibaba Cloud live streaming domain",
"workflow_node.deploy.form.aliyun_live_domain.placeholder": "Please enter Alibaba Cloud live streaming domain name",
"workflow_node.deploy.form.aliyun_live_domain.tooltip": "For more information, see <a href=\"https://live.console.aliyun.com\" target=\"_blank\">https://live.console.aliyun.com</a>",
"workflow_node.deploy.form.aliyun_nlb_resource_type.label": "Resource type",
"workflow_node.deploy.form.aliyun_nlb_resource_type.placeholder": "Please select resource type",
"workflow_node.deploy.form.aliyun_nlb_resource_type.option.loadbalancer.label": "NLB load balancer",
"workflow_node.deploy.form.aliyun_nlb_resource_type.option.listener.label": "NLB listener",
"workflow_node.deploy.form.aliyun_nlb_region.label": "Aliyun region",
"workflow_node.deploy.form.aliyun_nlb_region.placeholder": "Please enter Aliyun region (e.g. cn-hangzhou)",
"workflow_node.deploy.form.aliyun_nlb_region.label": "Alibaba Cloud region",
"workflow_node.deploy.form.aliyun_nlb_region.placeholder": "Please enter Alibaba Cloud region (e.g. cn-hangzhou)",
"workflow_node.deploy.form.aliyun_nlb_region.tooltip": "For more information, see <a href=\"https://www.alibabacloud.com/help/en/slb/network-load-balancer/product-overview/regions-that-support-nlb\" target=\"_blank\">https://www.alibabacloud.com/help/en/slb/network-load-balancer/product-overview/regions-that-support-nlb</a>",
"workflow_node.deploy.form.aliyun_nlb_loadbalancer_id.label": "Aliyun NLB load balancer ID",
"workflow_node.deploy.form.aliyun_nlb_loadbalancer_id.placeholder": "Please enter Aliyun NLB load balancer ID",
"workflow_node.deploy.form.aliyun_nlb_loadbalancer_id.label": "Alibaba Cloud NLB load balancer ID",
"workflow_node.deploy.form.aliyun_nlb_loadbalancer_id.placeholder": "Please enter Alibaba Cloud NLB load balancer ID",
"workflow_node.deploy.form.aliyun_nlb_loadbalancer_id.tooltip": "For more information, see <a href=\"https://slb.console.aliyun.com/nlb\" target=\"_blank\">https://slb.console.aliyun.com/nlb</a>",
"workflow_node.deploy.form.aliyun_nlb_listener_id.label": "Aliyun NLB listener ID",
"workflow_node.deploy.form.aliyun_nlb_listener_id.placeholder": "Please enter Aliyun NLB listener ID",
"workflow_node.deploy.form.aliyun_nlb_listener_id.label": "Alibaba Cloud NLB listener ID",
"workflow_node.deploy.form.aliyun_nlb_listener_id.placeholder": "Please enter Alibaba Cloud NLB listener ID",
"workflow_node.deploy.form.aliyun_nlb_listener_id.tooltip": "For more information, see <a href=\"https://slb.console.aliyun.com/nlb\" target=\"_blank\">https://slb.console.aliyun.com/nlb</a>",
"workflow_node.deploy.form.aliyun_oss_endpoint.label": "Aliyun OSS endpoint",
"workflow_node.deploy.form.aliyun_oss_endpoint.placeholder": "Please enter Aliyun OSS endpoint",
"workflow_node.deploy.form.aliyun_oss_endpoint.label": "Alibaba Cloud OSS endpoint",
"workflow_node.deploy.form.aliyun_oss_endpoint.placeholder": "Please enter Alibaba Cloud OSS endpoint",
"workflow_node.deploy.form.aliyun_oss_endpoint.tooltip": "For more information, see <a href=\"https://www.alibabacloud.com/help/en/oss/user-guide/regions-and-endpoints\" target=\"_blank\">https://www.alibabacloud.com/help/en/oss/user-guide/regions-and-endpoints</a>",
"workflow_node.deploy.form.aliyun_oss_bucket.label": "Aliyun OSS bucket",
"workflow_node.deploy.form.aliyun_oss_bucket.placeholder": "Please enter Aliyun OSS bucket name",
"workflow_node.deploy.form.aliyun_oss_bucket.label": "Alibaba Cloud OSS bucket",
"workflow_node.deploy.form.aliyun_oss_bucket.placeholder": "Please enter Alibaba Cloud OSS bucket name",
"workflow_node.deploy.form.aliyun_oss_bucket.tooltip": "For more information, see <a href=\"https://oss.console.aliyun.com\" target=\"_blank\">https://oss.console.aliyun.com</a>",
"workflow_node.deploy.form.aliyun_oss_domain.label": "Aliyun OSS domain",
"workflow_node.deploy.form.aliyun_oss_domain.placeholder": "Please enter Aliyun OSS domain name",
"workflow_node.deploy.form.aliyun_oss_domain.label": "Alibaba Cloud OSS domain",
"workflow_node.deploy.form.aliyun_oss_domain.placeholder": "Please enter Alibaba Cloud OSS domain name",
"workflow_node.deploy.form.aliyun_oss_domain.tooltip": "For more information, see <a href=\"https://oss.console.aliyun.com\" target=\"_blank\">https://oss.console.aliyun.com</a>",
"workflow_node.deploy.form.baiducloud_cdn_domain.label": "Baidu Cloud CDN domain",
"workflow_node.deploy.form.baiducloud_cdn_domain.placeholder": "Please enter Baidu Cloud CDN domain name",
@ -262,9 +274,9 @@
"workflow_node.deploy.form.tencentcloud_clb_listener_id.label": "Tencent Cloud CLB listener ID",
"workflow_node.deploy.form.tencentcloud_clb_listener_id.placeholder": "Please enter Tencent Cloud CLB listener ID",
"workflow_node.deploy.form.tencentcloud_clb_listener_id.tooltip": "For more information, see <a href=\"https://console.tencentcloud.com/clb\" target=\"_blank\">https://console.tencentcloud.com/clb</a>",
"workflow_node.deploy.form.tencentcloud_clb_snidomain.label": "Tencent Cloud CLB domain (Optional)",
"workflow_node.deploy.form.tencentcloud_clb_snidomain.placeholder": "Please enter Tencent Cloud CLB domain name",
"workflow_node.deploy.form.tencentcloud_clb_snidomain.tooltip": "For more information, see <a href=\"https://console.tencentcloud.com/clb\" target=\"_blank\">https://console.tencentcloud.com/clb</a>",
"workflow_node.deploy.form.tencentcloud_clb_snidomain.label": "Tencent Cloud CLB SNI domain (Optional)",
"workflow_node.deploy.form.tencentcloud_clb_snidomain.placeholder": "Please enter Tencent Cloud CLB SNI domain name",
"workflow_node.deploy.form.tencentcloud_clb_snidomain.tooltip": "For more information, see <a href=\"https://console.tencentcloud.com/clb\" target=\"_blank\">https://console.tencentcloud.com/clb</a><br><br>It is optional. If you want to deploy multiple certificates on the same CLB listener, you can fill in this field.",
"workflow_node.deploy.form.tencentcloud_clb_ruledomain.label": "Tencent Cloud CLB domain",
"workflow_node.deploy.form.tencentcloud_clb_ruledomain.placeholder": "Please enter Tencent Cloud CLB domain name",
"workflow_node.deploy.form.tencentcloud_clb_ruledomain.tooltip": "For more information, see <a href=\"https://console.tencentcloud.com/clb\" target=\"_blank\">https://console.tencentcloud.com/clb</a>",
@ -277,6 +289,9 @@
"workflow_node.deploy.form.tencentcloud_cos_domain.label": "Tencent Cloud COS domain",
"workflow_node.deploy.form.tencentcloud_cos_domain.placeholder": "Please enter Tencent Cloud COS domain name",
"workflow_node.deploy.form.tencentcloud_cos_domain.tooltip": "For more information, see <a href=\"https://console.tencentcloud.com/cos\" target=\"_blank\">https://console.tencentcloud.com/cos</a>",
"workflow_node.deploy.form.tencentcloud_css_domain.label": "Tencent Cloud CSS playing domain",
"workflow_node.deploy.form.tencentcloud_css_domain.placeholder": "Please enter Tencent Cloud CSS playing domain name",
"workflow_node.deploy.form.tencentcloud_css_domain.tooltip": "For more information, see <a href=\"https://console.cloud.tencent.com/live/livestat\" target=\"_blank\">https://console.cloud.tencent.com/live/livestat</a>",
"workflow_node.deploy.form.tencentcloud_ecdn_domain.label": "Tencent Cloud ECDN domain",
"workflow_node.deploy.form.tencentcloud_ecdn_domain.placeholder": "Please enter Tencent Cloud ECDN domain name",
"workflow_node.deploy.form.tencentcloud_ecdn_domain.tooltip": "For more information, see <a href=\"https://console.tencentcloud.com/cdn\" target=\"_blank\">https://console.tencentcloud.com/cdn</a>",

2
ui/src/i18n/locales/zh/nls.common.json
View File

@ -42,6 +42,7 @@
"common.provider.aliyun.clb": "阿里云 - 传统型负载均衡 CLB",
"common.provider.aliyun.dcdn": "阿里云 - 全站加速 DCDN",
"common.provider.aliyun.dns": "阿里云 - 云解析 DNS",
"common.provider.aliyun.live": "阿里云 - 视频直播 Live",
"common.provider.aliyun.nlb": "阿里云 - 网络型负载均衡 NLB",
"common.provider.aliyun.oss": "阿里云 - 对象存储 OSS",
"common.provider.aws": "AWS",
@ -73,6 +74,7 @@
"common.provider.tencentcloud.cdn": "腾讯云 - 内容分发网络 CDN",
"common.provider.tencentcloud.clb": "腾讯云 - 负载均衡 CLB",
"common.provider.tencentcloud.cos": "腾讯云 - 对象存储 COS",
"common.provider.tencentcloud.css": "腾讯云 - 云直播 CSS",
"common.provider.tencentcloud.dns": "腾讯云 - 云解析 DNS",
"common.provider.tencentcloud.ecdn": "腾讯云 - 全站加速网络 ECDN",
"common.provider.tencentcloud.eo": "腾讯云 - 边缘安全加速平台 EdgeOne",

23
ui/src/i18n/locales/zh/nls.workflow.nodes.json
View File

@ -86,6 +86,9 @@
"workflow_node.deploy.form.aliyun_alb_listener_id.label": "阿里云 ALB 监听器 ID",
"workflow_node.deploy.form.aliyun_alb_listener_id.placeholder": "请输入阿里云 ALB 监听器 ID",
"workflow_node.deploy.form.aliyun_alb_listener_id.tooltip": "这是什么?请参阅 <a href=\"https://slb.console.aliyun.com/alb\" target=\"_blank\">https://slb.console.aliyun.com/alb</a>",
"workflow_node.deploy.form.aliyun_alb_snidomain.label": "阿里云 ALB 扩展域名(可选)",
"workflow_node.deploy.form.aliyun_alb_snidomain.placeholder": "请输入阿里云 ALB 扩展域名",
"workflow_node.deploy.form.aliyun_alb_snidomain.tooltip": "这是什么?请参阅 <a href=\"https://slb.console.aliyun.com/alb\" target=\"_blank\">https://slb.console.aliyun.com/alb</a><br><br>为空时,将替换监听器的默认证书。",
"workflow_node.deploy.form.aliyun_clb_resource_type.label": "证书替换方式",
"workflow_node.deploy.form.aliyun_clb_resource_type.placeholder": "请选择证书替换方式",
"workflow_node.deploy.form.aliyun_clb_resource_type.option.loadbalancer.label": "替换指定负载均衡器下的全部 HTTPS 监听的证书",
@ -96,15 +99,24 @@
"workflow_node.deploy.form.aliyun_clb_loadbalancer_id.label": "阿里云 CLB 负载均衡器 ID",
"workflow_node.deploy.form.aliyun_clb_loadbalancer_id.placeholder": "请输入阿里云 CLB 负载均衡器 ID",
"workflow_node.deploy.form.aliyun_clb_loadbalancer_id.tooltip": "这是什么?请参阅 <a href=\"https://slb.console.aliyun.com/clb\" target=\"_blank\">https://slb.console.aliyun.com/clb</a>",
"workflow_node.deploy.form.aliyun_clb_listener_id.label": "阿里云 CLB 监听端口",
"workflow_node.deploy.form.aliyun_clb_listener_id.placeholder": "请输入阿里云 CLB 监听端口",
"workflow_node.deploy.form.aliyun_clb_listener_id.tooltip": "这是什么?请参阅 <a href=\"https://slb.console.aliyun.com/clb\" target=\"_blank\">https://slb.console.aliyun.com/clb</a>",
"workflow_node.deploy.form.aliyun_clb_listener_port.label": "阿里云 CLB 监听端口",
"workflow_node.deploy.form.aliyun_clb_listener_port.placeholder": "请输入阿里云 CLB 监听端口",
"workflow_node.deploy.form.aliyun_clb_listener_port.tooltip": "这是什么?请参阅 <a href=\"https://slb.console.aliyun.com/clb\" target=\"_blank\">https://slb.console.aliyun.com/clb</a>",
"workflow_node.deploy.form.aliyun_clb_snidomain.label": "阿里云 CLB 扩展域名(可选)",
"workflow_node.deploy.form.aliyun_clb_snidomain.placeholder": "请输入阿里云 CLB 扩展域名",
"workflow_node.deploy.form.aliyun_clb_snidomain.tooltip": "这是什么?请参阅 <a href=\"https://slb.console.aliyun.com/clb\" target=\"_blank\">https://slb.console.aliyun.com/clb</a><br><br>为空时,将替换监听器的默认证书。",
"workflow_node.deploy.form.aliyun_cdn_domain.label": "阿里云 CDN 加速域名(支持泛域名)",
"workflow_node.deploy.form.aliyun_cdn_domain.placeholder": "请输入阿里云 CDN 加速域名",
"workflow_node.deploy.form.aliyun_cdn_domain.tooltip": "这是什么?请参阅 <a href=\"https://cdn.console.aliyun.com\" target=\"_blank\">https://cdn.console.aliyun.com</a><br><br>泛域名表示形式为:*.example.com",
"workflow_node.deploy.form.aliyun_dcdn_domain.label": "阿里云 DCDN 加速域名(支持泛域名)",
"workflow_node.deploy.form.aliyun_dcdn_domain.placeholder": "请输入阿里云 DCDN 加速域名",
"workflow_node.deploy.form.aliyun_dcdn_domain.tooltip": "这是什么?请参阅 <a href=\"https://dcdn.console.aliyun.com\" target=\"_blank\">https://dcdn.console.aliyun.com</a><br><br>泛域名表示形式为:*.example.com",
"workflow_node.deploy.form.aliyun_live_region.label": "阿里云地域",
"workflow_node.deploy.form.aliyun_live_region.placeholder": "请输入阿里云地域例如cn-hangzhou",
"workflow_node.deploy.form.aliyun_live_region.tooltip": "这是什么?请参阅 <a href=\"https://help.aliyun.com/zh/live/product-overview/supported-regions\" target=\"_blank\">https://help.aliyun.com/zh/live/product-overview/supported-regions</a>",
"workflow_node.deploy.form.aliyun_live_domain.label": "阿里云视频直播流域名(支持泛域名)",
"workflow_node.deploy.form.aliyun_live_domain.placeholder": "请输入阿里云视频直播流域名",
"workflow_node.deploy.form.aliyun_live_domain.tooltip": "这是什么?请参阅 <a href=\"https://live.console.aliyun.com\" target=\"_blank\">https://live.console.aliyun.com</a>",
"workflow_node.deploy.form.aliyun_nlb_resource_type.label": "证书替换方式",
"workflow_node.deploy.form.aliyun_nlb_resource_type.placeholder": "请选择证书替换方式",
"workflow_node.deploy.form.aliyun_nlb_resource_type.option.loadbalancer.label": "替换指定负载均衡器下的全部 HTTPS/QUIC 监听的证书",
@ -264,7 +276,7 @@
"workflow_node.deploy.form.tencentcloud_clb_listener_id.tooltip": "这是什么?请参阅 <a href=\"https://console.cloud.tencent.com/clb\" target=\"_blank\">https://console.cloud.tencent.com/clb</a>",
"workflow_node.deploy.form.tencentcloud_clb_snidomain.label": "腾讯云 CLB SNI 域名(可选)",
"workflow_node.deploy.form.tencentcloud_clb_snidomain.placeholder": "请输入腾讯云 CLB SNI 域名",
"workflow_node.deploy.form.tencentcloud_clb_snidomain.tooltip": "这是什么?请参阅 <a href=\"https://console.cloud.tencent.com/clb\" target=\"_blank\">https://console.cloud.tencent.com/clb</a>",
"workflow_node.deploy.form.tencentcloud_clb_snidomain.tooltip": "这是什么?请参阅 <a href=\"https://console.cloud.tencent.com/clb\" target=\"_blank\">https://console.cloud.tencent.com/clb</a><br><br>为空时,将替换监听器的默认证书。",
"workflow_node.deploy.form.tencentcloud_clb_ruledomain.label": "腾讯云 CLB 七层转发规则域名",
"workflow_node.deploy.form.tencentcloud_clb_ruledomain.placeholder": "请输入腾讯云 CLB 七层转发规则域名",
"workflow_node.deploy.form.tencentcloud_clb_ruledomain.tooltip": "这是什么?请参阅 <a href=\"https://console.cloud.tencent.com/clb\" target=\"_blank\">https://console.cloud.tencent.com/clb</a>",
@ -277,6 +289,9 @@
"workflow_node.deploy.form.tencentcloud_cos_domain.label": "腾讯云 COS 自定义域名",
"workflow_node.deploy.form.tencentcloud_cos_domain.placeholder": "请输入腾讯云 COS 自定义域名",
"workflow_node.deploy.form.tencentcloud_cos_domain.tooltip": "这是什么?请参阅 see <a href=\"https://console.cloud.tencent.com/cos\" target=\"_blank\">https://console.cloud.tencent.com/cos</a>",
"workflow_node.deploy.form.tencentcloud_css_domain.label": "腾讯云云直播播放域名",
"workflow_node.deploy.form.tencentcloud_css_domain.placeholder": "请输入腾讯云云直播播放域名",
"workflow_node.deploy.form.tencentcloud_css_domain.tooltip": "这是什么?请参阅 <a href=\"https://console.cloud.tencent.com/live/livestat\" target=\"_blank\">https://console.cloud.tencent.com/live/livestat</a>",
"workflow_node.deploy.form.tencentcloud_ecdn_domain.label": "腾讯云 ECDN 加速域名(支持泛域名)",
"workflow_node.deploy.form.tencentcloud_ecdn_domain.placeholder": "请输入腾讯云 ECDN 加速域名",
"workflow_node.deploy.form.tencentcloud_ecdn_domain.tooltip": "这是什么?请参阅 <a href=\"https://console.cloud.tencent.com/cdn\" target=\"_blank\">https://console.cloud.tencent.com/cdn</a><br><br>泛域名表示形式为:*.example.com",