From 5ee5460612ca63b8b4795fa08a26d187612c3fc9 Mon Sep 17 00:00:00 2001 From: Fu Diwei Date: Thu, 23 Jan 2025 23:21:56 +0800 Subject: [PATCH] feat: add aws cloudfront deployer --- README.md | 1 + README_EN.md | 1 + go.mod | 1 + go.sum | 2 + internal/deployer/providers.go | 59 ++++++-- internal/domain/provider.go | 1 + .../acme-dns-01/lego-providers/gname/gname.go | 39 +++++ .../providers/aliyun-alb/aliyun_alb.go | 6 +- .../providers/aliyun-clb/aliyun_clb.go | 6 +- .../providers/aliyun-nlb/aliyun_nlb.go | 6 +- .../providers/aliyun-waf/aliyun_waf.go | 4 +- .../aws-cloudfront/aws_cloudfront.go | 133 ++++++++++++++++++ .../aws-cloudfront/aws_cloudfront_test.go | 80 +++++++++++ .../providers/byteplus-cdn/byteplus_cdn.go | 6 +- .../providers/dogecloud-cdn/dogecloud_cdn.go | 4 +- .../huaweicloud-cdn/huaweicloud_cdn.go | 4 +- .../huaweicloud-elb/huaweicloud_elb.go | 6 +- .../deployer/providers/qiniu-cdn/qiniu_cdn.go | 4 +- .../providers/qiniu-pili/qiniu_pili.go | 4 +- .../tencentcloud-cdn/tencentcloud_cdn.go | 4 +- .../tencentcloud-clb/tencentcloud_clb.go | 6 +- .../tencentcloud-cos/tencentcloud_cos.go | 4 +- .../tencentcloud-css/tencentcloud_css.go | 4 +- .../tencentcloud-ecdn/tencentcloud_ecdn.go | 4 +- .../tencentcloud-eo/tencentcloud_eo.go | 6 +- .../providers/ucloud-ucdn/ucloud_ucdn.go | 4 +- .../providers/ucloud-us3/ucloud_us3.go | 4 +- .../volcengine-cdn/volcengine_cdn.go | 6 +- .../volcengine-clb/volcengine_clb.go | 4 +- .../volcengine-dcdn/volcengine_dcdn.go | 4 +- .../volcengine-live/volcengine_live.go | 4 +- .../volcengine-tos/volcengine_tos.go | 4 +- .../uploader/providers/aws-acm/aws_acm.go | 1 - internal/pkg/utils/certs/converter.go | 5 +- .../workflow/node/DeployNodeConfigForm.tsx | 3 + ...eployNodeConfigFormAWSCloudFrontConfig.tsx | 79 +++++++++++ .../DeployNodeConfigFormAliyunWAFConfig.tsx | 4 +- ui/src/domain/provider.ts | 4 +- ui/src/i18n/locales/en/nls.common.json | 1 + .../i18n/locales/en/nls.workflow.nodes.json | 10 +- ui/src/i18n/locales/zh/nls.common.json | 1 + .../i18n/locales/zh/nls.workflow.nodes.json | 10 +- 42 files changed, 467 insertions(+), 76 deletions(-) create mode 100644 internal/pkg/core/applicant/acme-dns-01/lego-providers/gname/gname.go create mode 100644 internal/pkg/core/deployer/providers/aws-cloudfront/aws_cloudfront.go create mode 100644 internal/pkg/core/deployer/providers/aws-cloudfront/aws_cloudfront_test.go create mode 100644 ui/src/components/workflow/node/DeployNodeConfigFormAWSCloudFrontConfig.tsx diff --git a/README.md b/README.md index 5aea2374..28438c76 100644 --- a/README.md +++ b/README.md @@ -130,6 +130,7 @@ make local.run | [多吉云](https://www.dogecloud.com/) | 可部署到多吉云 CDN | | [BytePlus](https://www.byteplus.com/) | 可部署到 BytePlus CDN 等服务 | | [优刻得](https://www.ucloud.cn/) | 可部署到优刻得 US3、UCDN 等服务 | +| [AWS](https://aws.amazon.com/) | 可部署到 AWS CloudFront 等服务 | | [Edgio](https://edg.io/) | 可部署到 Edgio Applications 等服务 | diff --git a/README_EN.md b/README_EN.md index c360ce63..5b3e67ff 100644 --- a/README_EN.md +++ b/README_EN.md @@ -129,6 +129,7 @@ The following hosting providers are supported: | [Doge Cloud](https://www.dogecloud.com/) | Supports deployment to Doge Cloud CDN | | [BytePlus](https://www.byteplus.com/) | Supports deployment to BytePlus CDN | | [UCloud](https://www.ucloud-global.com/) | Supports deployment to UCloud US3, UCDN | +| [AWS](https://aws.amazon.com/) | Supports deployment to AWS CloudFront | | [Edgio](https://edg.io/) | Supports deployment to Edgio Applications | diff --git a/go.mod b/go.mod index 7598eb2c..3bb9f1d9 100644 --- a/go.mod +++ b/go.mod @@ -17,6 +17,7 @@ require ( github.com/alibabacloud-go/waf-openapi-20211001/v5 v5.0.4 github.com/aliyun/aliyun-oss-go-sdk v3.0.2+incompatible github.com/aws/aws-sdk-go-v2/service/acm v1.30.13 + github.com/aws/aws-sdk-go-v2/service/cloudfront v1.44.5 github.com/baidubce/bce-sdk-go v0.9.214 github.com/byteplus-sdk/byteplus-sdk-golang v1.0.40 github.com/go-acme/lego/v4 v4.21.0 diff --git a/go.sum b/go.sum index c8111f99..2111474e 100644 --- a/go.sum +++ b/go.sum @@ -234,6 +234,8 @@ github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.28 h1:7kpeALOUeThs2kEjlAxlADAVfxK github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.28/go.mod h1:pyaOYEdp1MJWgtXLy6q80r3DhsVdOIOZNB9hdTcJIvI= github.com/aws/aws-sdk-go-v2/service/acm v1.30.13 h1:aPCPsgDxQqOS3zPJKYJQVh02q8stjSQ1haHaUucCAUM= github.com/aws/aws-sdk-go-v2/service/acm v1.30.13/go.mod h1:3pfuOCVLzWu3aiavTB9bOIdZpVadNYt6fyZdp+fDOSU= +github.com/aws/aws-sdk-go-v2/service/cloudfront v1.44.5 h1:oBLlEuSL5G9W8M4GtEVdNi+xsQP+9lphVkbYf38Isgs= +github.com/aws/aws-sdk-go-v2/service/cloudfront v1.44.5/go.mod h1:H/t3dGwvHy2WJ+ZwyDBWva7ttsoxSxt5qC1OMcc0iJ0= github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.8.1/go.mod h1:CM+19rL1+4dFWnOQKwDc7H1KwXTz+h61oUSHyhV0b3o= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 h1:iXtILhvDxB6kPvEXgsDhGaZCSC6LQET5ZHSdJozeI0Y= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1/go.mod h1:9nu0fVANtYiAePIBh2/pFUSwtJ402hLnp854CNoDOeE= diff --git a/internal/deployer/providers.go b/internal/deployer/providers.go index fb4d10c6..28e4108c 100644 --- a/internal/deployer/providers.go +++ b/internal/deployer/providers.go @@ -13,6 +13,7 @@ import ( providerAliyunNLB "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aliyun-nlb" providerAliyunOSS "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aliyun-oss" providerAliyunWAF "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aliyun-waf" + providerAWSCloudFront "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aws-cloudfront" providerBaiduCloudCDN "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/baiducloud-cdn" providerBytePlusCDN "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/byteplus-cdn" providerDogeCDN "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/dogecloud-cdn" @@ -142,6 +143,28 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, logger.Logger, } } + case domain.DeployProviderTypeAWSCloudFront: + { + access := domain.AccessConfigForAWS{} + if err := maps.Decode(options.ProviderAccessConfig, &access); err != nil { + return nil, nil, fmt.Errorf("failed to decode provider access config: %w", err) + } + + switch options.Provider { + case domain.DeployProviderTypeAWSCloudFront: + deployer, err := providerAWSCloudFront.NewWithLogger(&providerAWSCloudFront.AWSCloudFrontDeployerConfig{ + AccessKeyId: access.AccessKeyId, + SecretAccessKey: access.SecretAccessKey, + Region: maps.GetValueAsString(options.ProviderDeployConfig, "region"), + DistributionId: maps.GetValueAsString(options.ProviderDeployConfig, "distributionId"), + }, logger) + return deployer, logger, err + + default: + break + } + } + case domain.DeployProviderTypeBaiduCloudCDN: { access := domain.AccessConfigForBaiduCloud{} @@ -149,12 +172,18 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, logger.Logger, return nil, nil, fmt.Errorf("failed to decode provider access config: %w", err) } - deployer, err := providerBaiduCloudCDN.NewWithLogger(&providerBaiduCloudCDN.BaiduCloudCDNDeployerConfig{ - AccessKeyId: access.AccessKeyId, - SecretAccessKey: access.SecretAccessKey, - Domain: maps.GetValueAsString(options.ProviderDeployConfig, "domain"), - }, logger) - return deployer, logger, err + switch options.Provider { + case domain.DeployProviderTypeBaiduCloudCDN: + deployer, err := providerBaiduCloudCDN.NewWithLogger(&providerBaiduCloudCDN.BaiduCloudCDNDeployerConfig{ + AccessKeyId: access.AccessKeyId, + SecretAccessKey: access.SecretAccessKey, + Domain: maps.GetValueAsString(options.ProviderDeployConfig, "domain"), + }, logger) + return deployer, logger, err + + default: + break + } } case domain.DeployProviderTypeBytePlusCDN: @@ -164,12 +193,18 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, logger.Logger, return nil, nil, fmt.Errorf("failed to decode provider access config: %w", err) } - deployer, err := providerBytePlusCDN.NewWithLogger(&providerBytePlusCDN.BytePlusCDNDeployerConfig{ - AccessKey: access.AccessKey, - SecretKey: access.SecretKey, - Domain: maps.GetValueAsString(options.ProviderDeployConfig, "domain"), - }, logger) - return deployer, logger, err + switch options.Provider { + case domain.DeployProviderTypeBytePlusCDN: + deployer, err := providerBytePlusCDN.NewWithLogger(&providerBytePlusCDN.BytePlusCDNDeployerConfig{ + AccessKey: access.AccessKey, + SecretKey: access.SecretKey, + Domain: maps.GetValueAsString(options.ProviderDeployConfig, "domain"), + }, logger) + return deployer, logger, err + + default: + break + } } case domain.DeployProviderTypeDogeCloudCDN: diff --git a/internal/domain/provider.go b/internal/domain/provider.go index 71e048b3..374fab2c 100644 --- a/internal/domain/provider.go +++ b/internal/domain/provider.go @@ -88,6 +88,7 @@ const ( DeployProviderTypeAliyunNLB = DeployProviderType("aliyun-nlb") DeployProviderTypeAliyunOSS = DeployProviderType("aliyun-oss") DeployProviderTypeAliyunWAF = DeployProviderType("aliyun-waf") + DeployProviderTypeAWSCloudFront = DeployProviderType("aws-cloudfront") DeployProviderTypeBaiduCloudCDN = DeployProviderType("baiducloud-cdn") DeployProviderTypeBytePlusCDN = DeployProviderType("byteplus-cdn") DeployProviderTypeDogeCloudCDN = DeployProviderType("dogecloud-cdn") diff --git a/internal/pkg/core/applicant/acme-dns-01/lego-providers/gname/gname.go b/internal/pkg/core/applicant/acme-dns-01/lego-providers/gname/gname.go new file mode 100644 index 00000000..a4045997 --- /dev/null +++ b/internal/pkg/core/applicant/acme-dns-01/lego-providers/gname/gname.go @@ -0,0 +1,39 @@ +package gname + +import ( + "errors" + "time" + + "github.com/go-acme/lego/v4/challenge" + "github.com/go-acme/lego/v4/providers/dns/westcn" +) + +type GnameApplicantConfig struct { + Username string `json:"username"` + ApiPassword string `json:"apiPassword"` + DnsPropagationTimeout int32 `json:"dnsPropagationTimeout,omitempty"` + DnsTTL int32 `json:"dnsTTL,omitempty"` +} + +func NewChallengeProvider(config *GnameApplicantConfig) (challenge.Provider, error) { + if config == nil { + return nil, errors.New("config is nil") + } + + providerConfig := westcn.NewDefaultConfig() + providerConfig.Username = config.Username + providerConfig.Password = config.ApiPassword + if config.DnsPropagationTimeout != 0 { + providerConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second + } + if config.DnsTTL != 0 { + providerConfig.TTL = int(config.DnsTTL) + } + + provider, err := westcn.NewDNSProviderConfig(providerConfig) + if err != nil { + return nil, err + } + + return provider, nil +} diff --git a/internal/pkg/core/deployer/providers/aliyun-alb/aliyun_alb.go b/internal/pkg/core/deployer/providers/aliyun-alb/aliyun_alb.go index 072f4a74..9878b6f4 100644 --- a/internal/pkg/core/deployer/providers/aliyun-alb/aliyun_alb.go +++ b/internal/pkg/core/deployer/providers/aliyun-alb/aliyun_alb.go @@ -18,7 +18,7 @@ import ( "github.com/usual2970/certimate/internal/pkg/core/deployer" "github.com/usual2970/certimate/internal/pkg/core/logger" "github.com/usual2970/certimate/internal/pkg/core/uploader" - providerCas "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/aliyun-cas" + uploaderp "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/aliyun-cas" ) type AliyunALBDeployerConfig struct { @@ -195,7 +195,7 @@ func (d *AliyunALBDeployer) deployToLoadbalancer(ctx context.Context, cloudCertI // 遍历更新监听证书 if len(listenerIds) == 0 { - return xerrors.New("listener not found") + return errors.New("listener not found") } else { var errs []error @@ -445,7 +445,7 @@ func createSslUploader(accessKeyId, accessKeySecret, region string) (uploader.Up } } - uploader, err := providerCas.New(&providerCas.AliyunCASUploaderConfig{ + uploader, err := uploaderp.New(&uploaderp.AliyunCASUploaderConfig{ AccessKeyId: accessKeyId, AccessKeySecret: accessKeySecret, Region: casRegion, diff --git a/internal/pkg/core/deployer/providers/aliyun-clb/aliyun_clb.go b/internal/pkg/core/deployer/providers/aliyun-clb/aliyun_clb.go index 1fe99458..4bd91611 100644 --- a/internal/pkg/core/deployer/providers/aliyun-clb/aliyun_clb.go +++ b/internal/pkg/core/deployer/providers/aliyun-clb/aliyun_clb.go @@ -13,7 +13,7 @@ import ( "github.com/usual2970/certimate/internal/pkg/core/deployer" "github.com/usual2970/certimate/internal/pkg/core/logger" "github.com/usual2970/certimate/internal/pkg/core/uploader" - providerSlb "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/aliyun-slb" + uploaderp "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/aliyun-slb" ) type AliyunCLBDeployerConfig struct { @@ -63,7 +63,7 @@ func NewWithLogger(config *AliyunCLBDeployerConfig, logger logger.Logger) (*Aliy return nil, xerrors.Wrap(err, "failed to create sdk client") } - uploader, err := providerSlb.New(&providerSlb.AliyunSLBUploaderConfig{ + uploader, err := uploaderp.New(&uploaderp.AliyunSLBUploaderConfig{ AccessKeyId: config.AccessKeyId, AccessKeySecret: config.AccessKeySecret, Region: config.Region, @@ -161,7 +161,7 @@ func (d *AliyunCLBDeployer) deployToLoadbalancer(ctx context.Context, cloudCertI // 遍历更新监听证书 if len(listenerPorts) == 0 { - return xerrors.New("listener not found") + return errors.New("listener not found") } else { var errs []error diff --git a/internal/pkg/core/deployer/providers/aliyun-nlb/aliyun_nlb.go b/internal/pkg/core/deployer/providers/aliyun-nlb/aliyun_nlb.go index 35286919..6deee907 100644 --- a/internal/pkg/core/deployer/providers/aliyun-nlb/aliyun_nlb.go +++ b/internal/pkg/core/deployer/providers/aliyun-nlb/aliyun_nlb.go @@ -14,7 +14,7 @@ import ( "github.com/usual2970/certimate/internal/pkg/core/deployer" "github.com/usual2970/certimate/internal/pkg/core/logger" "github.com/usual2970/certimate/internal/pkg/core/uploader" - providerCas "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/aliyun-cas" + uploaderp "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/aliyun-cas" ) type AliyunNLBDeployerConfig struct { @@ -153,7 +153,7 @@ func (d *AliyunNLBDeployer) deployToLoadbalancer(ctx context.Context, cloudCertI // 遍历更新监听证书 if len(listenerIds) == 0 { - return xerrors.New("listener not found") + return errors.New("listener not found") } else { var errs []error @@ -248,7 +248,7 @@ func createSslUploader(accessKeyId, accessKeySecret, region string) (uploader.Up } } - uploader, err := providerCas.New(&providerCas.AliyunCASUploaderConfig{ + uploader, err := uploaderp.New(&uploaderp.AliyunCASUploaderConfig{ AccessKeyId: accessKeyId, AccessKeySecret: accessKeySecret, Region: casRegion, diff --git a/internal/pkg/core/deployer/providers/aliyun-waf/aliyun_waf.go b/internal/pkg/core/deployer/providers/aliyun-waf/aliyun_waf.go index 58289fc2..75c634b8 100644 --- a/internal/pkg/core/deployer/providers/aliyun-waf/aliyun_waf.go +++ b/internal/pkg/core/deployer/providers/aliyun-waf/aliyun_waf.go @@ -14,7 +14,7 @@ import ( "github.com/usual2970/certimate/internal/pkg/core/deployer" "github.com/usual2970/certimate/internal/pkg/core/logger" "github.com/usual2970/certimate/internal/pkg/core/uploader" - providerCas "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/aliyun-cas" + uploaderp "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/aliyun-cas" ) type AliyunWAFDeployerConfig struct { @@ -141,7 +141,7 @@ func createSslUploader(accessKeyId, accessKeySecret, region string) (uploader.Up } } - uploader, err := providerCas.New(&providerCas.AliyunCASUploaderConfig{ + uploader, err := uploaderp.New(&uploaderp.AliyunCASUploaderConfig{ AccessKeyId: accessKeyId, AccessKeySecret: accessKeySecret, Region: casRegion, diff --git a/internal/pkg/core/deployer/providers/aws-cloudfront/aws_cloudfront.go b/internal/pkg/core/deployer/providers/aws-cloudfront/aws_cloudfront.go new file mode 100644 index 00000000..086dd415 --- /dev/null +++ b/internal/pkg/core/deployer/providers/aws-cloudfront/aws_cloudfront.go @@ -0,0 +1,133 @@ +package awscloudfront + +import ( + "context" + "errors" + + aws "github.com/aws/aws-sdk-go-v2/aws" + awsCfg "github.com/aws/aws-sdk-go-v2/config" + awsCred "github.com/aws/aws-sdk-go-v2/credentials" + awsCf "github.com/aws/aws-sdk-go-v2/service/cloudfront" + awsCfTypes "github.com/aws/aws-sdk-go-v2/service/cloudfront/types" + xerrors "github.com/pkg/errors" + + "github.com/usual2970/certimate/internal/pkg/core/deployer" + "github.com/usual2970/certimate/internal/pkg/core/logger" + "github.com/usual2970/certimate/internal/pkg/core/uploader" + uploaderp "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/aws-acm" +) + +type AWSCloudFrontDeployerConfig struct { + // AWS AccessKeyId。 + AccessKeyId string `json:"accessKeyId"` + // AWS SecretAccessKey。 + SecretAccessKey string `json:"secretAccessKey"` + // AWS 区域。 + Region string `json:"region"` + // AWS CloudFront 分配 ID。 + DistributionId string `json:"distributionId"` +} + +type AWSCloudFrontDeployer struct { + config *AWSCloudFrontDeployerConfig + logger logger.Logger + sdkClient *awsCf.Client + sslUploader uploader.Uploader +} + +var _ deployer.Deployer = (*AWSCloudFrontDeployer)(nil) + +func New(config *AWSCloudFrontDeployerConfig) (*AWSCloudFrontDeployer, error) { + return NewWithLogger(config, logger.NewNilLogger()) +} + +func NewWithLogger(config *AWSCloudFrontDeployerConfig, logger logger.Logger) (*AWSCloudFrontDeployer, error) { + if config == nil { + return nil, errors.New("config is nil") + } + + if logger == nil { + return nil, errors.New("logger is nil") + } + + client, err := createSdkClient(config.AccessKeyId, config.SecretAccessKey, config.Region) + if err != nil { + return nil, xerrors.Wrap(err, "failed to create sdk client") + } + + uploader, err := uploaderp.New(&uploaderp.AWSCertificateManagerUploaderConfig{ + AccessKeyId: config.AccessKeyId, + SecretAccessKey: config.SecretAccessKey, + Region: config.Region, + }) + if err != nil { + return nil, xerrors.Wrap(err, "failed to create ssl uploader") + } + + return &AWSCloudFrontDeployer{ + logger: logger, + config: config, + sdkClient: client, + sslUploader: uploader, + }, nil +} + +func (d *AWSCloudFrontDeployer) Deploy(ctx context.Context, certPem string, privkeyPem string) (*deployer.DeployResult, error) { + if d.config.DistributionId == "" { + return nil, errors.New("config `distribuitionId` is required") + } + + // 上传证书到 ACM + upres, err := d.sslUploader.Upload(ctx, certPem, privkeyPem) + if err != nil { + return nil, xerrors.Wrap(err, "failed to upload certificate file") + } + + d.logger.Logt("certificate file uploaded", upres) + + // 获取分配配置 + // REF: https://docs.aws.amazon.com/en_us/cloudfront/latest/APIReference/API_GetDistributionConfig.html + getDistributionConfigReq := &awsCf.GetDistributionConfigInput{ + Id: aws.String(d.config.DistributionId), + } + getDistributionConfigResp, err := d.sdkClient.GetDistributionConfig(context.TODO(), getDistributionConfigReq) + if err != nil { + return nil, xerrors.Wrap(err, "failed to execute sdk request 'cloudfront.GetDistributionConfig'") + } + + d.logger.Logt("已获取分配配置", getDistributionConfigResp) + + // 更新分配配置 + // REF: https://docs.aws.amazon.com/zh_cn/cloudfront/latest/APIReference/API_UpdateDistribution.html + updateDistributionReq := &awsCf.UpdateDistributionInput{ + Id: aws.String(d.config.DistributionId), + DistributionConfig: getDistributionConfigResp.DistributionConfig, + IfMatch: getDistributionConfigResp.ETag, + } + if updateDistributionReq.DistributionConfig.ViewerCertificate == nil { + updateDistributionReq.DistributionConfig.ViewerCertificate = &awsCfTypes.ViewerCertificate{} + } + updateDistributionReq.DistributionConfig.ViewerCertificate.CloudFrontDefaultCertificate = aws.Bool(false) + updateDistributionReq.DistributionConfig.ViewerCertificate.ACMCertificateArn = aws.String(upres.CertId) + updateDistributionResp, err := d.sdkClient.UpdateDistribution(context.TODO(), updateDistributionReq) + if err != nil { + return nil, xerrors.Wrap(err, "failed to execute sdk request 'cloudfront.UpdateDistribution'") + } + + d.logger.Logt("已更新分配配置", updateDistributionResp) + + return &deployer.DeployResult{}, nil +} + +func createSdkClient(accessKeyId, secretAccessKey, region string) (*awsCf.Client, error) { + cfg, err := awsCfg.LoadDefaultConfig(context.TODO()) + if err != nil { + return nil, err + } + + client := awsCf.NewFromConfig(cfg, func(o *awsCf.Options) { + o.Region = region + o.Credentials = aws.NewCredentialsCache(awsCred.NewStaticCredentialsProvider(accessKeyId, secretAccessKey, "")) + }) + return client, nil +} diff --git a/internal/pkg/core/deployer/providers/aws-cloudfront/aws_cloudfront_test.go b/internal/pkg/core/deployer/providers/aws-cloudfront/aws_cloudfront_test.go new file mode 100644 index 00000000..89997b37 --- /dev/null +++ b/internal/pkg/core/deployer/providers/aws-cloudfront/aws_cloudfront_test.go @@ -0,0 +1,80 @@ +package awscloudfront_test + +import ( + "context" + "flag" + "fmt" + "os" + "strings" + "testing" + + provider "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aws-cloudfront" +) + +var ( + fInputCertPath string + fInputKeyPath string + fAccessKeyId string + fSecretAccessKey string + fRegion string + fDistribuitionId string +) + +func init() { + argsPrefix := "CERTIMATE_DEPLOYER_AWSCLOUDFRONT_" + + flag.StringVar(&fInputCertPath, argsPrefix+"INPUTCERTPATH", "", "") + flag.StringVar(&fInputKeyPath, argsPrefix+"INPUTKEYPATH", "", "") + flag.StringVar(&fAccessKeyId, argsPrefix+"ACCESSKEYID", "", "") + flag.StringVar(&fSecretAccessKey, argsPrefix+"SECRETACCESSKEY", "", "") + flag.StringVar(&fRegion, argsPrefix+"REGION", "", "") + flag.StringVar(&fDistribuitionId, argsPrefix+"DISTRIBUTIONID", "", "") +} + +/* +Shell command to run this test: + + go test -v ./aws_cloudfront_test.go -args \ + --CERTIMATE_DEPLOYER_AWSCLOUDFRONT_INPUTCERTPATH="/path/to/your-input-cert.pem" \ + --CERTIMATE_DEPLOYER_AWSCLOUDFRONT_INPUTKEYPATH="/path/to/your-input-key.pem" \ + --CERTIMATE_DEPLOYER_AWSCLOUDFRONT_ACCESSKEYID="your-access-key-id" \ + --CERTIMATE_DEPLOYER_AWSCLOUDFRONT_SECRETACCESSKEY="your-secret-access-id" \ + --CERTIMATE_DEPLOYER_AWSCLOUDFRONT_REGION="us-east-1" \ + --CERTIMATE_DEPLOYER_AWSCLOUDFRONT_DISTRIBUTIONID="your-distribution-id" +*/ +func TestDeploy(t *testing.T) { + flag.Parse() + + t.Run("Deploy", func(t *testing.T) { + t.Log(strings.Join([]string{ + "args:", + fmt.Sprintf("INPUTCERTPATH: %v", fInputCertPath), + fmt.Sprintf("INPUTKEYPATH: %v", fInputKeyPath), + fmt.Sprintf("ACCESSKEYID: %v", fAccessKeyId), + fmt.Sprintf("SECRETACCESSKEY: %v", fSecretAccessKey), + fmt.Sprintf("REGION: %v", fRegion), + fmt.Sprintf("DISTRIBUTIONID: %v", fDistribuitionId), + }, "\n")) + + deployer, err := provider.New(&provider.AWSCloudFrontDeployerConfig{ + AccessKeyId: fAccessKeyId, + SecretAccessKey: fSecretAccessKey, + Region: fRegion, + DistribuitionId: fDistribuitionId, + }) + if err != nil { + t.Errorf("err: %+v", err) + return + } + + fInputCertData, _ := os.ReadFile(fInputCertPath) + fInputKeyData, _ := os.ReadFile(fInputKeyPath) + res, err := deployer.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData)) + if err != nil { + t.Errorf("err: %+v", err) + return + } + + t.Logf("ok: %v", res) + }) +} diff --git a/internal/pkg/core/deployer/providers/byteplus-cdn/byteplus_cdn.go b/internal/pkg/core/deployer/providers/byteplus-cdn/byteplus_cdn.go index 9497bb6a..2a695513 100644 --- a/internal/pkg/core/deployer/providers/byteplus-cdn/byteplus_cdn.go +++ b/internal/pkg/core/deployer/providers/byteplus-cdn/byteplus_cdn.go @@ -12,7 +12,7 @@ import ( "github.com/usual2970/certimate/internal/pkg/core/deployer" "github.com/usual2970/certimate/internal/pkg/core/logger" "github.com/usual2970/certimate/internal/pkg/core/uploader" - providerCdn "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/byteplus-cdn" + uploaderp "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/byteplus-cdn" ) type BytePlusCDNDeployerConfig struct { @@ -50,7 +50,7 @@ func NewWithLogger(config *BytePlusCDNDeployerConfig, logger logger.Logger) (*By client.Client.SetAccessKey(config.AccessKey) client.Client.SetSecretKey(config.SecretKey) - uploader, err := providerCdn.New(&providerCdn.ByteplusCDNUploaderConfig{ + uploader, err := uploaderp.New(&uploaderp.ByteplusCDNUploaderConfig{ AccessKey: config.AccessKey, SecretKey: config.SecretKey, }) @@ -103,7 +103,7 @@ func (d *BytePlusCDNDeployer) Deploy(ctx context.Context, certPem string, privke if len(describeCertConfigResp.Result.SpecifiedCertConfig) > 0 { // 所有可关联的域名都配置了该证书,跳过部署 } else { - return nil, xerrors.New("domain not found") + return nil, errors.New("domain not found") } } } else { diff --git a/internal/pkg/core/deployer/providers/dogecloud-cdn/dogecloud_cdn.go b/internal/pkg/core/deployer/providers/dogecloud-cdn/dogecloud_cdn.go index 4d9f4ac4..283d9907 100644 --- a/internal/pkg/core/deployer/providers/dogecloud-cdn/dogecloud_cdn.go +++ b/internal/pkg/core/deployer/providers/dogecloud-cdn/dogecloud_cdn.go @@ -10,7 +10,7 @@ import ( "github.com/usual2970/certimate/internal/pkg/core/deployer" "github.com/usual2970/certimate/internal/pkg/core/logger" "github.com/usual2970/certimate/internal/pkg/core/uploader" - providerDoge "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/dogecloud" + uploaderp "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/dogecloud" dogesdk "github.com/usual2970/certimate/internal/pkg/vendors/dogecloud-sdk" ) @@ -47,7 +47,7 @@ func NewWithLogger(config *DogeCloudCDNDeployerConfig, logger logger.Logger) (*D client := dogesdk.NewClient(config.AccessKey, config.SecretKey) - uploader, err := providerDoge.New(&providerDoge.DogeCloudUploaderConfig{ + uploader, err := uploaderp.New(&uploaderp.DogeCloudUploaderConfig{ AccessKey: config.AccessKey, SecretKey: config.SecretKey, }) diff --git a/internal/pkg/core/deployer/providers/huaweicloud-cdn/huaweicloud_cdn.go b/internal/pkg/core/deployer/providers/huaweicloud-cdn/huaweicloud_cdn.go index 5c303ce4..31782af3 100644 --- a/internal/pkg/core/deployer/providers/huaweicloud-cdn/huaweicloud_cdn.go +++ b/internal/pkg/core/deployer/providers/huaweicloud-cdn/huaweicloud_cdn.go @@ -13,7 +13,7 @@ import ( "github.com/usual2970/certimate/internal/pkg/core/deployer" "github.com/usual2970/certimate/internal/pkg/core/logger" "github.com/usual2970/certimate/internal/pkg/core/uploader" - providerScm "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/huaweicloud-scm" + uploaderp "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/huaweicloud-scm" hwsdk "github.com/usual2970/certimate/internal/pkg/vendors/huaweicloud-sdk" ) @@ -59,7 +59,7 @@ func NewWithLogger(config *HuaweiCloudCDNDeployerConfig, logger logger.Logger) ( return nil, xerrors.Wrap(err, "failed to create sdk client") } - uploader, err := providerScm.New(&providerScm.HuaweiCloudSCMUploaderConfig{ + uploader, err := uploaderp.New(&uploaderp.HuaweiCloudSCMUploaderConfig{ AccessKeyId: config.AccessKeyId, SecretAccessKey: config.SecretAccessKey, }) diff --git a/internal/pkg/core/deployer/providers/huaweicloud-elb/huaweicloud_elb.go b/internal/pkg/core/deployer/providers/huaweicloud-elb/huaweicloud_elb.go index 5a12e101..3fa17a70 100644 --- a/internal/pkg/core/deployer/providers/huaweicloud-elb/huaweicloud_elb.go +++ b/internal/pkg/core/deployer/providers/huaweicloud-elb/huaweicloud_elb.go @@ -19,7 +19,7 @@ import ( "github.com/usual2970/certimate/internal/pkg/core/deployer" "github.com/usual2970/certimate/internal/pkg/core/logger" "github.com/usual2970/certimate/internal/pkg/core/uploader" - providerElb "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/huaweicloud-elb" + uploaderp "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/huaweicloud-elb" hwsdk "github.com/usual2970/certimate/internal/pkg/vendors/huaweicloud-sdk" ) @@ -70,7 +70,7 @@ func NewWithLogger(config *HuaweiCloudELBDeployerConfig, logger logger.Logger) ( return nil, xerrors.Wrap(err, "failed to create sdk client") } - uploader, err := providerElb.New(&providerElb.HuaweiCloudELBUploaderConfig{ + uploader, err := uploaderp.New(&uploaderp.HuaweiCloudELBUploaderConfig{ AccessKeyId: config.AccessKeyId, SecretAccessKey: config.SecretAccessKey, Region: config.Region, @@ -205,7 +205,7 @@ func (d *HuaweiCloudELBDeployer) deployToLoadbalancer(ctx context.Context, certP // 遍历更新监听器证书 if len(listenerIds) == 0 { - return xerrors.New("listener not found") + return errors.New("listener not found") } else { var errs []error diff --git a/internal/pkg/core/deployer/providers/qiniu-cdn/qiniu_cdn.go b/internal/pkg/core/deployer/providers/qiniu-cdn/qiniu_cdn.go index 03ae1762..6591da1b 100644 --- a/internal/pkg/core/deployer/providers/qiniu-cdn/qiniu_cdn.go +++ b/internal/pkg/core/deployer/providers/qiniu-cdn/qiniu_cdn.go @@ -11,7 +11,7 @@ import ( "github.com/usual2970/certimate/internal/pkg/core/deployer" "github.com/usual2970/certimate/internal/pkg/core/logger" "github.com/usual2970/certimate/internal/pkg/core/uploader" - providerQiniu "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/qiniu-sslcert" + uploaderp "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/qiniu-sslcert" qiniusdk "github.com/usual2970/certimate/internal/pkg/vendors/qiniu-sdk" ) @@ -48,7 +48,7 @@ func NewWithLogger(config *QiniuCDNDeployerConfig, logger logger.Logger) (*Qiniu client := qiniusdk.NewClient(auth.New(config.AccessKey, config.SecretKey)) - uploader, err := providerQiniu.New(&providerQiniu.QiniuSSLCertUploaderConfig{ + uploader, err := uploaderp.New(&uploaderp.QiniuSSLCertUploaderConfig{ AccessKey: config.AccessKey, SecretKey: config.SecretKey, }) diff --git a/internal/pkg/core/deployer/providers/qiniu-pili/qiniu_pili.go b/internal/pkg/core/deployer/providers/qiniu-pili/qiniu_pili.go index 9ae267ba..4530071c 100644 --- a/internal/pkg/core/deployer/providers/qiniu-pili/qiniu_pili.go +++ b/internal/pkg/core/deployer/providers/qiniu-pili/qiniu_pili.go @@ -10,7 +10,7 @@ import ( "github.com/usual2970/certimate/internal/pkg/core/deployer" "github.com/usual2970/certimate/internal/pkg/core/logger" "github.com/usual2970/certimate/internal/pkg/core/uploader" - providerQiniu "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/qiniu-sslcert" + uploaderp "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/qiniu-sslcert" ) type QiniuPiliDeployerConfig struct { @@ -48,7 +48,7 @@ func NewWithLogger(config *QiniuPiliDeployerConfig, logger logger.Logger) (*Qini manager := pili.NewManager(pili.ManagerConfig{AccessKey: config.AccessKey, SecretKey: config.SecretKey}) - uploader, err := providerQiniu.New(&providerQiniu.QiniuSSLCertUploaderConfig{ + uploader, err := uploaderp.New(&uploaderp.QiniuSSLCertUploaderConfig{ AccessKey: config.AccessKey, SecretKey: config.SecretKey, }) diff --git a/internal/pkg/core/deployer/providers/tencentcloud-cdn/tencentcloud_cdn.go b/internal/pkg/core/deployer/providers/tencentcloud-cdn/tencentcloud_cdn.go index a4a05a1b..61418845 100644 --- a/internal/pkg/core/deployer/providers/tencentcloud-cdn/tencentcloud_cdn.go +++ b/internal/pkg/core/deployer/providers/tencentcloud-cdn/tencentcloud_cdn.go @@ -15,7 +15,7 @@ import ( "github.com/usual2970/certimate/internal/pkg/core/deployer" "github.com/usual2970/certimate/internal/pkg/core/logger" "github.com/usual2970/certimate/internal/pkg/core/uploader" - providerSsl "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/tencentcloud-ssl" + uploaderp "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/tencentcloud-ssl" ) type TencentCloudCDNDeployerConfig struct { @@ -59,7 +59,7 @@ func NewWithLogger(config *TencentCloudCDNDeployerConfig, logger logger.Logger) return nil, xerrors.Wrap(err, "failed to create sdk clients") } - uploader, err := providerSsl.New(&providerSsl.TencentCloudSSLUploaderConfig{ + uploader, err := uploaderp.New(&uploaderp.TencentCloudSSLUploaderConfig{ SecretId: config.SecretId, SecretKey: config.SecretKey, }) diff --git a/internal/pkg/core/deployer/providers/tencentcloud-clb/tencentcloud_clb.go b/internal/pkg/core/deployer/providers/tencentcloud-clb/tencentcloud_clb.go index 17958eac..d67eb383 100644 --- a/internal/pkg/core/deployer/providers/tencentcloud-clb/tencentcloud_clb.go +++ b/internal/pkg/core/deployer/providers/tencentcloud-clb/tencentcloud_clb.go @@ -14,7 +14,7 @@ import ( "github.com/usual2970/certimate/internal/pkg/core/deployer" "github.com/usual2970/certimate/internal/pkg/core/logger" "github.com/usual2970/certimate/internal/pkg/core/uploader" - providerSsl "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/tencentcloud-ssl" + uploaderp "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/tencentcloud-ssl" ) type TencentCloudCLBDeployerConfig struct { @@ -69,7 +69,7 @@ func NewWithLogger(config *TencentCloudCLBDeployerConfig, logger logger.Logger) return nil, xerrors.Wrap(err, "failed to create sdk clients") } - uploader, err := providerSsl.New(&providerSsl.TencentCloudSSLUploaderConfig{ + uploader, err := uploaderp.New(&uploaderp.TencentCloudSSLUploaderConfig{ SecretId: config.SecretId, SecretKey: config.SecretKey, }) @@ -183,7 +183,7 @@ func (d *TencentCloudCLBDeployer) deployToLoadbalancer(ctx context.Context, clou // 遍历更新监听器证书 if len(listenerIds) == 0 { - return xerrors.New("listener not found") + return errors.New("listener not found") } else { var errs []error diff --git a/internal/pkg/core/deployer/providers/tencentcloud-cos/tencentcloud_cos.go b/internal/pkg/core/deployer/providers/tencentcloud-cos/tencentcloud_cos.go index 23c2d11a..c2af84fb 100644 --- a/internal/pkg/core/deployer/providers/tencentcloud-cos/tencentcloud_cos.go +++ b/internal/pkg/core/deployer/providers/tencentcloud-cos/tencentcloud_cos.go @@ -13,7 +13,7 @@ import ( "github.com/usual2970/certimate/internal/pkg/core/deployer" "github.com/usual2970/certimate/internal/pkg/core/logger" "github.com/usual2970/certimate/internal/pkg/core/uploader" - providerSsl "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/tencentcloud-ssl" + uploaderp "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/tencentcloud-ssl" ) type TencentCloudCOSDeployerConfig struct { @@ -56,7 +56,7 @@ func NewWithLogger(config *TencentCloudCOSDeployerConfig, logger logger.Logger) return nil, xerrors.Wrap(err, "failed to create sdk clients") } - uploader, err := providerSsl.New(&providerSsl.TencentCloudSSLUploaderConfig{ + uploader, err := uploaderp.New(&uploaderp.TencentCloudSSLUploaderConfig{ SecretId: config.SecretId, SecretKey: config.SecretKey, }) diff --git a/internal/pkg/core/deployer/providers/tencentcloud-css/tencentcloud_css.go b/internal/pkg/core/deployer/providers/tencentcloud-css/tencentcloud_css.go index 391fc05b..31057017 100644 --- a/internal/pkg/core/deployer/providers/tencentcloud-css/tencentcloud_css.go +++ b/internal/pkg/core/deployer/providers/tencentcloud-css/tencentcloud_css.go @@ -12,7 +12,7 @@ import ( "github.com/usual2970/certimate/internal/pkg/core/deployer" "github.com/usual2970/certimate/internal/pkg/core/logger" "github.com/usual2970/certimate/internal/pkg/core/uploader" - providerSsl "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/tencentcloud-ssl" + uploaderp "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/tencentcloud-ssl" ) type TencentCloudCSSDeployerConfig struct { @@ -51,7 +51,7 @@ func NewWithLogger(config *TencentCloudCSSDeployerConfig, logger logger.Logger) return nil, xerrors.Wrap(err, "failed to create sdk client") } - uploader, err := providerSsl.New(&providerSsl.TencentCloudSSLUploaderConfig{ + uploader, err := uploaderp.New(&uploaderp.TencentCloudSSLUploaderConfig{ SecretId: config.SecretId, SecretKey: config.SecretKey, }) diff --git a/internal/pkg/core/deployer/providers/tencentcloud-ecdn/tencentcloud_ecdn.go b/internal/pkg/core/deployer/providers/tencentcloud-ecdn/tencentcloud_ecdn.go index 29f6e33c..4cddbc59 100644 --- a/internal/pkg/core/deployer/providers/tencentcloud-ecdn/tencentcloud_ecdn.go +++ b/internal/pkg/core/deployer/providers/tencentcloud-ecdn/tencentcloud_ecdn.go @@ -14,7 +14,7 @@ import ( "github.com/usual2970/certimate/internal/pkg/core/deployer" "github.com/usual2970/certimate/internal/pkg/core/logger" "github.com/usual2970/certimate/internal/pkg/core/uploader" - providerSsl "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/tencentcloud-ssl" + uploaderp "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/tencentcloud-ssl" ) type TencentCloudECDNDeployerConfig struct { @@ -58,7 +58,7 @@ func NewWithLogger(config *TencentCloudECDNDeployerConfig, logger logger.Logger) return nil, xerrors.Wrap(err, "failed to create sdk clients") } - uploader, err := providerSsl.New(&providerSsl.TencentCloudSSLUploaderConfig{ + uploader, err := uploaderp.New(&uploaderp.TencentCloudSSLUploaderConfig{ SecretId: config.SecretId, SecretKey: config.SecretKey, }) diff --git a/internal/pkg/core/deployer/providers/tencentcloud-eo/tencentcloud_eo.go b/internal/pkg/core/deployer/providers/tencentcloud-eo/tencentcloud_eo.go index fb45ea9e..2de4dcc5 100644 --- a/internal/pkg/core/deployer/providers/tencentcloud-eo/tencentcloud_eo.go +++ b/internal/pkg/core/deployer/providers/tencentcloud-eo/tencentcloud_eo.go @@ -13,7 +13,7 @@ import ( "github.com/usual2970/certimate/internal/pkg/core/deployer" "github.com/usual2970/certimate/internal/pkg/core/logger" "github.com/usual2970/certimate/internal/pkg/core/uploader" - providerSsl "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/tencentcloud-ssl" + uploaderp "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/tencentcloud-ssl" ) type TencentCloudEODeployerConfig struct { @@ -59,7 +59,7 @@ func NewWithLogger(config *TencentCloudEODeployerConfig, logger logger.Logger) ( return nil, xerrors.Wrap(err, "failed to create sdk clients") } - uploader, err := providerSsl.New(&providerSsl.TencentCloudSSLUploaderConfig{ + uploader, err := uploaderp.New(&uploaderp.TencentCloudSSLUploaderConfig{ SecretId: config.SecretId, SecretKey: config.SecretKey, }) @@ -77,7 +77,7 @@ func NewWithLogger(config *TencentCloudEODeployerConfig, logger logger.Logger) ( func (d *TencentCloudEODeployer) Deploy(ctx context.Context, certPem string, privkeyPem string) (*deployer.DeployResult, error) { if d.config.ZoneId == "" { - return nil, xerrors.New("config `zoneId` is required") + return nil, errors.New("config `zoneId` is required") } // 上传证书到 SSL diff --git a/internal/pkg/core/deployer/providers/ucloud-ucdn/ucloud_ucdn.go b/internal/pkg/core/deployer/providers/ucloud-ucdn/ucloud_ucdn.go index ec127f41..fa104ba3 100644 --- a/internal/pkg/core/deployer/providers/ucloud-ucdn/ucloud_ucdn.go +++ b/internal/pkg/core/deployer/providers/ucloud-ucdn/ucloud_ucdn.go @@ -13,7 +13,7 @@ import ( "github.com/usual2970/certimate/internal/pkg/core/deployer" "github.com/usual2970/certimate/internal/pkg/core/logger" "github.com/usual2970/certimate/internal/pkg/core/uploader" - uploaderSsl "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/ucloud-ussl" + uploaderp "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/ucloud-ussl" ) type UCloudUCDNDeployerConfig struct { @@ -54,7 +54,7 @@ func NewWithLogger(config *UCloudUCDNDeployerConfig, logger logger.Logger) (*UCl return nil, xerrors.Wrap(err, "failed to create sdk client") } - uploader, err := uploaderSsl.New(&uploaderSsl.UCloudUSSLUploaderConfig{ + uploader, err := uploaderp.New(&uploaderp.UCloudUSSLUploaderConfig{ PrivateKey: config.PrivateKey, PublicKey: config.PublicKey, ProjectId: config.ProjectId, diff --git a/internal/pkg/core/deployer/providers/ucloud-us3/ucloud_us3.go b/internal/pkg/core/deployer/providers/ucloud-us3/ucloud_us3.go index b55d1acc..ccf03224 100644 --- a/internal/pkg/core/deployer/providers/ucloud-us3/ucloud_us3.go +++ b/internal/pkg/core/deployer/providers/ucloud-us3/ucloud_us3.go @@ -11,7 +11,7 @@ import ( "github.com/usual2970/certimate/internal/pkg/core/deployer" "github.com/usual2970/certimate/internal/pkg/core/logger" "github.com/usual2970/certimate/internal/pkg/core/uploader" - uploaderSsl "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/ucloud-ussl" + uploaderp "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/ucloud-ussl" usdkFile "github.com/usual2970/certimate/internal/pkg/vendors/ucloud-sdk/ufile" ) @@ -57,7 +57,7 @@ func NewWithLogger(config *UCloudUS3DeployerConfig, logger logger.Logger) (*UClo return nil, xerrors.Wrap(err, "failed to create sdk client") } - uploader, err := uploaderSsl.New(&uploaderSsl.UCloudUSSLUploaderConfig{ + uploader, err := uploaderp.New(&uploaderp.UCloudUSSLUploaderConfig{ PrivateKey: config.PrivateKey, PublicKey: config.PublicKey, ProjectId: config.ProjectId, diff --git a/internal/pkg/core/deployer/providers/volcengine-cdn/volcengine_cdn.go b/internal/pkg/core/deployer/providers/volcengine-cdn/volcengine_cdn.go index 02adaf1b..de3e76e4 100644 --- a/internal/pkg/core/deployer/providers/volcengine-cdn/volcengine_cdn.go +++ b/internal/pkg/core/deployer/providers/volcengine-cdn/volcengine_cdn.go @@ -12,7 +12,7 @@ import ( "github.com/usual2970/certimate/internal/pkg/core/deployer" "github.com/usual2970/certimate/internal/pkg/core/logger" "github.com/usual2970/certimate/internal/pkg/core/uploader" - uploaderCdn "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/volcengine-cdn" + uploaderp "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/volcengine-cdn" ) type VolcEngineCDNDeployerConfig struct { @@ -50,7 +50,7 @@ func NewWithLogger(config *VolcEngineCDNDeployerConfig, logger logger.Logger) (* client.Client.SetAccessKey(config.AccessKeyId) client.Client.SetSecretKey(config.AccessKeySecret) - uploader, err := uploaderCdn.New(&uploaderCdn.VolcEngineCDNUploaderConfig{ + uploader, err := uploaderp.New(&uploaderp.VolcEngineCDNUploaderConfig{ AccessKeyId: config.AccessKeyId, AccessKeySecret: config.AccessKeySecret, }) @@ -103,7 +103,7 @@ func (d *VolcEngineCDNDeployer) Deploy(ctx context.Context, certPem string, priv if len(describeCertConfigResp.Result.SpecifiedCertConfig) > 0 { // 所有可关联的域名都配置了该证书,跳过部署 } else { - return nil, xerrors.New("domain not found") + return nil, errors.New("domain not found") } } } else { diff --git a/internal/pkg/core/deployer/providers/volcengine-clb/volcengine_clb.go b/internal/pkg/core/deployer/providers/volcengine-clb/volcengine_clb.go index b4acbfa0..08c096fd 100644 --- a/internal/pkg/core/deployer/providers/volcengine-clb/volcengine_clb.go +++ b/internal/pkg/core/deployer/providers/volcengine-clb/volcengine_clb.go @@ -13,7 +13,7 @@ import ( "github.com/usual2970/certimate/internal/pkg/core/deployer" "github.com/usual2970/certimate/internal/pkg/core/logger" "github.com/usual2970/certimate/internal/pkg/core/uploader" - uploaderCertCenter "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/volcengine-certcenter" + uploaderp "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/volcengine-certcenter" ) type VolcEngineCLBDeployerConfig struct { @@ -57,7 +57,7 @@ func NewWithLogger(config *VolcEngineCLBDeployerConfig, logger logger.Logger) (* return nil, xerrors.Wrap(err, "failed to create sdk client") } - uploader, err := uploaderCertCenter.New(&uploaderCertCenter.VolcEngineCertCenterUploaderConfig{ + uploader, err := uploaderp.New(&uploaderp.VolcEngineCertCenterUploaderConfig{ AccessKeyId: config.AccessKeyId, AccessKeySecret: config.AccessKeySecret, Region: config.Region, diff --git a/internal/pkg/core/deployer/providers/volcengine-dcdn/volcengine_dcdn.go b/internal/pkg/core/deployer/providers/volcengine-dcdn/volcengine_dcdn.go index 86c8776d..0f9f8e51 100644 --- a/internal/pkg/core/deployer/providers/volcengine-dcdn/volcengine_dcdn.go +++ b/internal/pkg/core/deployer/providers/volcengine-dcdn/volcengine_dcdn.go @@ -13,7 +13,7 @@ import ( "github.com/usual2970/certimate/internal/pkg/core/deployer" "github.com/usual2970/certimate/internal/pkg/core/logger" "github.com/usual2970/certimate/internal/pkg/core/uploader" - uploaderCertCenter "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/volcengine-certcenter" + uploaderp "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/volcengine-certcenter" ) type VolcEngineDCDNDeployerConfig struct { @@ -54,7 +54,7 @@ func NewWithLogger(config *VolcEngineDCDNDeployerConfig, logger logger.Logger) ( return nil, xerrors.Wrap(err, "failed to create sdk client") } - uploader, err := uploaderCertCenter.New(&uploaderCertCenter.VolcEngineCertCenterUploaderConfig{ + uploader, err := uploaderp.New(&uploaderp.VolcEngineCertCenterUploaderConfig{ AccessKeyId: config.AccessKeyId, AccessKeySecret: config.AccessKeySecret, Region: config.Region, diff --git a/internal/pkg/core/deployer/providers/volcengine-live/volcengine_live.go b/internal/pkg/core/deployer/providers/volcengine-live/volcengine_live.go index 083837b7..b23f4c6c 100644 --- a/internal/pkg/core/deployer/providers/volcengine-live/volcengine_live.go +++ b/internal/pkg/core/deployer/providers/volcengine-live/volcengine_live.go @@ -13,7 +13,7 @@ import ( "github.com/usual2970/certimate/internal/pkg/core/deployer" "github.com/usual2970/certimate/internal/pkg/core/logger" "github.com/usual2970/certimate/internal/pkg/core/uploader" - uploaderLive "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/volcengine-live" + uploaderp "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/volcengine-live" ) type VolcEngineLiveDeployerConfig struct { @@ -51,7 +51,7 @@ func NewWithLogger(config *VolcEngineLiveDeployerConfig, logger logger.Logger) ( client.SetAccessKey(config.AccessKeyId) client.SetSecretKey(config.AccessKeySecret) - uploader, err := uploaderLive.New(&uploaderLive.VolcEngineLiveUploaderConfig{ + uploader, err := uploaderp.New(&uploaderp.VolcEngineLiveUploaderConfig{ AccessKeyId: config.AccessKeyId, AccessKeySecret: config.AccessKeySecret, }) diff --git a/internal/pkg/core/deployer/providers/volcengine-tos/volcengine_tos.go b/internal/pkg/core/deployer/providers/volcengine-tos/volcengine_tos.go index 0c5501ec..9a238f27 100644 --- a/internal/pkg/core/deployer/providers/volcengine-tos/volcengine_tos.go +++ b/internal/pkg/core/deployer/providers/volcengine-tos/volcengine_tos.go @@ -11,7 +11,7 @@ import ( "github.com/usual2970/certimate/internal/pkg/core/deployer" "github.com/usual2970/certimate/internal/pkg/core/logger" "github.com/usual2970/certimate/internal/pkg/core/uploader" - uploaderCertCenter "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/volcengine-certcenter" + uploaderp "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/volcengine-certcenter" ) type VolcEngineTOSDeployerConfig struct { @@ -54,7 +54,7 @@ func NewWithLogger(config *VolcEngineTOSDeployerConfig, logger logger.Logger) (* return nil, xerrors.Wrap(err, "failed to create sdk client") } - uploader, err := uploaderCertCenter.New(&uploaderCertCenter.VolcEngineCertCenterUploaderConfig{ + uploader, err := uploaderp.New(&uploaderp.VolcEngineCertCenterUploaderConfig{ AccessKeyId: config.AccessKeyId, AccessKeySecret: config.AccessKeySecret, Region: config.Region, diff --git a/internal/pkg/core/uploader/providers/aws-acm/aws_acm.go b/internal/pkg/core/uploader/providers/aws-acm/aws_acm.go index e79ab6e7..cac4d833 100644 --- a/internal/pkg/core/uploader/providers/aws-acm/aws_acm.go +++ b/internal/pkg/core/uploader/providers/aws-acm/aws_acm.go @@ -92,6 +92,5 @@ func createSdkClient(accessKeyId, secretAccessKey, region string) (*awsAcm.Clien o.Region = region o.Credentials = aws.NewCredentialsCache(awsCred.NewStaticCredentialsProvider(accessKeyId, secretAccessKey, "")) }) - return client, nil } diff --git a/internal/pkg/utils/certs/converter.go b/internal/pkg/utils/certs/converter.go index eb13a358..74a9a5ab 100644 --- a/internal/pkg/utils/certs/converter.go +++ b/internal/pkg/utils/certs/converter.go @@ -4,6 +4,7 @@ import ( "crypto/ecdsa" "crypto/x509" "encoding/pem" + "errors" xerrors "github.com/pkg/errors" ) @@ -18,7 +19,7 @@ import ( // - err: 错误。 func ConvertCertificateToPEM(cert *x509.Certificate) (certPem string, err error) { if cert == nil { - return "", xerrors.New("cert is nil") + return "", errors.New("`cert` is nil") } block := &pem.Block{ @@ -39,7 +40,7 @@ func ConvertCertificateToPEM(cert *x509.Certificate) (certPem string, err error) // - err: 错误。 func ConvertECPrivateKeyToPEM(privkey *ecdsa.PrivateKey) (privkeyPem string, err error) { if privkey == nil { - return "", xerrors.New("privkey is nil") + return "", errors.New("`privkey` is nil") } data, err := x509.MarshalECPrivateKey(privkey) diff --git a/ui/src/components/workflow/node/DeployNodeConfigForm.tsx b/ui/src/components/workflow/node/DeployNodeConfigForm.tsx index 3d85e6de..c9b70570 100644 --- a/ui/src/components/workflow/node/DeployNodeConfigForm.tsx +++ b/ui/src/components/workflow/node/DeployNodeConfigForm.tsx @@ -23,6 +23,7 @@ import DeployNodeConfigFormAliyunLiveConfig from "./DeployNodeConfigFormAliyunLi import DeployNodeConfigFormAliyunNLBConfig from "./DeployNodeConfigFormAliyunNLBConfig"; import DeployNodeConfigFormAliyunOSSConfig from "./DeployNodeConfigFormAliyunOSSConfig"; import DeployNodeConfigFormAliyunWAFConfig from "./DeployNodeConfigFormAliyunWAFConfig"; +import DeployNodeConfigFormAWSCloudFrontConfig from "./DeployNodeConfigFormAWSCloudFrontConfig"; import DeployNodeConfigFormBaiduCloudCDNConfig from "./DeployNodeConfigFormBaiduCloudCDNConfig"; import DeployNodeConfigFormBytePlusCDNConfig from "./DeployNodeConfigFormBytePlusCDNConfig"; import DeployNodeConfigFormDogeCloudCDNConfig from "./DeployNodeConfigFormDogeCloudCDNConfig"; @@ -136,6 +137,8 @@ const DeployNodeConfigForm = forwardRef; case DEPLOY_PROVIDERS.ALIYUN_WAF: return ; + case DEPLOY_PROVIDERS.AWS_CLOUDFRONT: + return ; case DEPLOY_PROVIDERS.BAIDUCLOUD_CDN: return ; case DEPLOY_PROVIDERS.BYTEPLUS_CDN: diff --git a/ui/src/components/workflow/node/DeployNodeConfigFormAWSCloudFrontConfig.tsx b/ui/src/components/workflow/node/DeployNodeConfigFormAWSCloudFrontConfig.tsx new file mode 100644 index 00000000..f1689ced --- /dev/null +++ b/ui/src/components/workflow/node/DeployNodeConfigFormAWSCloudFrontConfig.tsx @@ -0,0 +1,79 @@ +import { useTranslation } from "react-i18next"; +import { Form, type FormInstance, Input } from "antd"; +import { createSchemaFieldRule } from "antd-zod"; +import { z } from "zod"; + +type DeployNodeConfigFormAWSCloudFrontConfigFieldValues = Nullish<{ + region: string; + distributionId: string; +}>; + +export type DeployNodeConfigFormAWSCloudFrontConfigProps = { + form: FormInstance; + formName: string; + disabled?: boolean; + initialValues?: DeployNodeConfigFormAWSCloudFrontConfigFieldValues; + onValuesChange?: (values: DeployNodeConfigFormAWSCloudFrontConfigFieldValues) => void; +}; + +const initFormModel = (): DeployNodeConfigFormAWSCloudFrontConfigFieldValues => { + return {}; +}; + +const DeployNodeConfigFormAWSCloudFrontConfig = ({ + form: formInst, + formName, + disabled, + initialValues, + onValuesChange, +}: DeployNodeConfigFormAWSCloudFrontConfigProps) => { + const { t } = useTranslation(); + + const formSchema = z.object({ + region: z + .string({ message: t("workflow_node.deploy.form.aws_cloudfront_region.placeholder") }) + .nonempty(t("workflow_node.deploy.form.aws_cloudfront_region.placeholder")) + .trim(), + distributionId: z + .string({ message: t("workflow_node.deploy.form.aws_cloudfront_distribution_id.placeholder") }) + .nonempty(t("workflow_node.deploy.form.aws_cloudfront_distribution_id.placeholder")) + .max(64, t("common.errmsg.string_max", { max: 64 })) + .trim(), + }); + const formRule = createSchemaFieldRule(formSchema); + + const handleFormChange = (_: unknown, values: z.infer) => { + onValuesChange?.(values); + }; + + return ( +
+ } + > + + + + } + > + + +
+ ); +}; + +export default DeployNodeConfigFormAWSCloudFrontConfig; diff --git a/ui/src/components/workflow/node/DeployNodeConfigFormAliyunWAFConfig.tsx b/ui/src/components/workflow/node/DeployNodeConfigFormAliyunWAFConfig.tsx index 9794f9fd..b7206d04 100644 --- a/ui/src/components/workflow/node/DeployNodeConfigFormAliyunWAFConfig.tsx +++ b/ui/src/components/workflow/node/DeployNodeConfigFormAliyunWAFConfig.tsx @@ -35,8 +35,8 @@ const DeployNodeConfigFormAliyunWAFConfig = ({ .nonempty(t("workflow_node.deploy.form.aliyun_waf_region.placeholder")) .trim(), instanceId: z - .string({ message: t("workflow_node.deploy.form.aliyun_instance_id.placeholder") }) - .nonempty(t("workflow_node.deploy.form.aliyun_instance_id.placeholder")) + .string({ message: t("workflow_node.deploy.form.aliyun_waf_instance_id.placeholder") }) + .nonempty(t("workflow_node.deploy.form.aliyun_waf_instance_id.placeholder")) .max(64, t("common.errmsg.string_max", { max: 64 })) .trim(), }); diff --git a/ui/src/domain/provider.ts b/ui/src/domain/provider.ts index 9a05d180..16fe5da6 100644 --- a/ui/src/domain/provider.ts +++ b/ui/src/domain/provider.ts @@ -63,13 +63,13 @@ export const accessProvidersMap: Map [ type, diff --git a/ui/src/i18n/locales/en/nls.common.json b/ui/src/i18n/locales/en/nls.common.json index dbe271e7..4fb7e387 100644 --- a/ui/src/i18n/locales/en/nls.common.json +++ b/ui/src/i18n/locales/en/nls.common.json @@ -47,6 +47,7 @@ "common.provider.aliyun.oss": "Alibaba Cloud - OSS (Object Storage Service)", "common.provider.aliyun.waf": "Alibaba Cloud - WAF (Web Application Firewall)", "common.provider.aws": "AWS", + "common.provider.aws.cloudfront": "AWS - CloudFront", "common.provider.aws.route53": "AWS - Route53", "common.provider.azure": "Azure", "common.provider.azure.dns": "Azure - DNS", diff --git a/ui/src/i18n/locales/en/nls.workflow.nodes.json b/ui/src/i18n/locales/en/nls.workflow.nodes.json index bafac2e2..7ba7e643 100644 --- a/ui/src/i18n/locales/en/nls.workflow.nodes.json +++ b/ui/src/i18n/locales/en/nls.workflow.nodes.json @@ -37,8 +37,8 @@ "workflow_node.apply.form.provider_access.placeholder": "Please select an authorization of DNS provider", "workflow_node.apply.form.provider_access.tooltip": "Used to manage DNS records during ACME DNS-01 authentication.", "workflow_node.apply.form.provider_access.button": "Create", - "workflow_node.apply.form.aws_route53_region.label": "AWS Route53 Region", - "workflow_node.apply.form.aws_route53_region.placeholder": "Please enter AWS Route53 region (e.g. us-east-1)", + "workflow_node.apply.form.aws_route53_region.label": "AWS Region", + "workflow_node.apply.form.aws_route53_region.placeholder": "Please enter AWS region (e.g. us-east-1)", "workflow_node.apply.form.aws_route53_region.tooltip": "For more information, see https://docs.aws.amazon.com/en_us/general/latest/gr/rande.html#regional-endpoints", "workflow_node.apply.form.aws_route53_hosted_zone_id.label": "AWS Route53 hosted zone ID", "workflow_node.apply.form.aws_route53_hosted_zone_id.placeholder": "Please enter AWS Route53 hosted zone ID", @@ -159,6 +159,12 @@ "workflow_node.deploy.form.aliyun_waf_instance_id.label": "Alibaba Cloud WAF instance ID", "workflow_node.deploy.form.aliyun_waf_instance_id.placeholder": "Please enter Alibaba Cloud WAF instance ID", "workflow_node.deploy.form.aliyun_waf_instance_id.tooltip": "For more information, see https://waf.console.aliyun.com", + "workflow_node.deploy.form.aws_cloudfront_region.label": "AWS Region", + "workflow_node.deploy.form.aws_cloudfront_region.placeholder": "Please enter AWS region (e.g. us-east-1)", + "workflow_node.deploy.form.aws_cloudfront_region.tooltip": "For more information, see https://docs.aws.amazon.com/en_us/general/latest/gr/rande.html#regional-endpoints", + "workflow_node.deploy.form.aws_cloudfront_distribution_id.label": "AWS CloudFront distribution ID", + "workflow_node.deploy.form.aws_cloudfront_distribution_id.placeholder": "Please enter AWS CloudFront distribution ID", + "workflow_node.deploy.form.aws_cloudfront_distribution_id.tooltip": "For more information, see https://docs.aws.amazon.com/en_us/AmazonCloudFront/latest/DeveloperGuide/distribution-working-with.html", "workflow_node.deploy.form.baiducloud_cdn_domain.label": "Baidu Cloud CDN domain", "workflow_node.deploy.form.baiducloud_cdn_domain.placeholder": "Please enter Baidu Cloud CDN domain name", "workflow_node.deploy.form.baiducloud_cdn_domain.tooltip": "For more information, see https://console.bce.baidu.com/cdn", diff --git a/ui/src/i18n/locales/zh/nls.common.json b/ui/src/i18n/locales/zh/nls.common.json index 45072e74..3035e533 100644 --- a/ui/src/i18n/locales/zh/nls.common.json +++ b/ui/src/i18n/locales/zh/nls.common.json @@ -47,6 +47,7 @@ "common.provider.aliyun.oss": "阿里云 - 对象存储 OSS", "common.provider.aliyun.waf": "阿里云 - Web 应用防火墙 WAF", "common.provider.aws": "AWS", + "common.provider.aws.cloudfront": "AWS - CloudFront", "common.provider.aws.route53": "AWS - Route53", "common.provider.azure": "Azure", "common.provider.azure.dns": "Azure - DNS", diff --git a/ui/src/i18n/locales/zh/nls.workflow.nodes.json b/ui/src/i18n/locales/zh/nls.workflow.nodes.json index 2d43d042..147bb63a 100644 --- a/ui/src/i18n/locales/zh/nls.workflow.nodes.json +++ b/ui/src/i18n/locales/zh/nls.workflow.nodes.json @@ -38,8 +38,8 @@ "workflow_node.apply.form.provider_access.tooltip": "用于 ACME DNS-01 认证时操作域名解析记录,注意与部署阶段所需的主机提供商相区分。", "workflow_node.apply.form.provider_access.button": "新建", "workflow_node.deploy.form.provider_access.guide_for_local": "小贴士:由于表单限制,你同样需要为本地部署选择一个授权 —— 即使它是空白的。", - "workflow_node.apply.form.aws_route53_region.label": "AWS Route53 区域", - "workflow_node.apply.form.aws_route53_region.placeholder": "请输入 AWS Route53 区域(例如:us-east-1)", + "workflow_node.apply.form.aws_route53_region.label": "AWS 区域", + "workflow_node.apply.form.aws_route53_region.placeholder": "请输入 AWS 区域(例如:us-east-1)", "workflow_node.apply.form.aws_route53_region.tooltip": "这是什么?请参阅 https://docs.aws.amazon.com/zh_cn/general/latest/gr/rande.html#regional-endpoints", "workflow_node.apply.form.aws_route53_hosted_zone_id.label": "AWS Route53 托管区域 ID", "workflow_node.apply.form.aws_route53_hosted_zone_id.placeholder": "请输入 AWS Route53 托管区域 ID", @@ -159,6 +159,12 @@ "workflow_node.deploy.form.aliyun_waf_instance_id.label": "阿里云 WAF 实例 ID", "workflow_node.deploy.form.aliyun_waf_instance_id.placeholder": "请输入阿里云 WAF 实例 ID", "workflow_node.deploy.form.aliyun_waf_instance_id.tooltip": "这是什么?请参阅 https://waf.console.aliyun.com", + "workflow_node.deploy.form.aws_cloudfront_region.label": "AWS 区域", + "workflow_node.deploy.form.aws_cloudfront_region.placeholder": "请输入 AWS 区域(例如:us-east-1)", + "workflow_node.deploy.form.aws_cloudfront_region.tooltip": "这是什么?请参阅 https://docs.aws.amazon.com/zh_cn/general/latest/gr/rande.html#regional-endpoints", + "workflow_node.deploy.form.aws_cloudfront_distribution_id.label": "AWS CloudFront 分配 ID", + "workflow_node.deploy.form.aws_cloudfront_distribution_id.placeholder": "请输入 AWS CloudFront 分配 ID", + "workflow_node.deploy.form.aws_cloudfront_distribution_id.tooltip": "这是什么?请参阅 https://docs.aws.amazon.com/zh_cn/AmazonCloudFront/latest/DeveloperGuide/distribution-working-with.html", "workflow_node.deploy.form.baiducloud_cdn_domain.label": "百度智能云 CDN 加速域名(支持泛域名)", "workflow_node.deploy.form.baiducloud_cdn_domain.placeholder": "请输入百度智能云 CDN 加速域名", "workflow_node.deploy.form.baiducloud_cdn_domain.tooltip": "这是什么?请参阅 https://console.bce.baidu.com/cdn

泛域名表示形式为:*.example.com",