From 5143823e43965895fdda1493feb521d0d8bdfa0c Mon Sep 17 00:00:00 2001 From: imlonghao Date: Sun, 13 Apr 2025 12:39:02 +0800 Subject: [PATCH 01/18] feat: support bunny as dns and cdn provider --- go.mod | 1 + go.sum | 4 + internal/applicant/providers.go | 16 +++ internal/deployer/providers.go | 16 +++ internal/domain/access.go | 4 + internal/domain/provider.go | 2 + .../acme-dns-01/lego-providers/bunny/bunny.go | 36 ++++++ .../deployer/providers/bunny-cdn/bunny_cdn.go | 70 ++++++++++++ .../providers/bunny-cdn/bunny_cdn_test.go | 75 ++++++++++++ internal/pkg/vendors/bunny-sdk/api.go | 11 ++ internal/pkg/vendors/bunny-sdk/client.go | 66 +++++++++++ internal/pkg/vendors/bunny-sdk/models.go | 8 ++ migrations/1744459000_upgrade.go | 98 ++++++++++++++++ ui/public/imgs/providers/bunny.svg | 108 ++++++++++++++++++ ui/src/components/access/AccessForm.tsx | 3 + .../access/AccessFormBunnyConfig.tsx | 62 ++++++++++ .../workflow/node/DeployNodeConfigForm.tsx | 3 + .../DeployNodeConfigFormBunnyCDNConfig.tsx | 76 ++++++++++++ ui/src/domain/access.ts | 5 + ui/src/domain/provider.ts | 6 + ui/src/i18n/locales/en/nls.access.json | 3 + ui/src/i18n/locales/en/nls.provider.json | 2 + .../i18n/locales/en/nls.workflow.nodes.json | 6 + ui/src/i18n/locales/zh/nls.access.json | 3 + ui/src/i18n/locales/zh/nls.provider.json | 2 + .../i18n/locales/zh/nls.workflow.nodes.json | 6 + 26 files changed, 692 insertions(+) create mode 100644 internal/pkg/core/applicant/acme-dns-01/lego-providers/bunny/bunny.go create mode 100644 internal/pkg/core/deployer/providers/bunny-cdn/bunny_cdn.go create mode 100644 internal/pkg/core/deployer/providers/bunny-cdn/bunny_cdn_test.go create mode 100644 internal/pkg/vendors/bunny-sdk/api.go create mode 100644 internal/pkg/vendors/bunny-sdk/client.go create mode 100644 internal/pkg/vendors/bunny-sdk/models.go create mode 100644 migrations/1744459000_upgrade.go create mode 100644 ui/public/imgs/providers/bunny.svg create mode 100644 ui/src/components/access/AccessFormBunnyConfig.tsx create mode 100644 ui/src/components/workflow/node/DeployNodeConfigFormBunnyCDNConfig.tsx diff --git a/go.mod b/go.mod index 7c8723af..f17c4e51 100644 --- a/go.mod +++ b/go.mod @@ -107,6 +107,7 @@ require ( github.com/mailru/easyjson v0.9.0 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04 // indirect + github.com/nrdcg/bunny-go v0.0.0-20240207213615-dde5bf4577a3 // indirect github.com/nrdcg/desec v0.10.0 // indirect github.com/nrdcg/mailinabox v0.2.0 // indirect github.com/nrdcg/porkbun v0.4.0 // indirect diff --git a/go.sum b/go.sum index 98e8211f..a5cf6ac3 100644 --- a/go.sum +++ b/go.sum @@ -498,6 +498,8 @@ github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9n github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= github.com/hashicorp/go-hclog v0.12.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= github.com/hashicorp/go-hclog v0.16.2/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= +github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k= +github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= @@ -649,6 +651,8 @@ github.com/ncruces/go-strftime v0.1.9/go.mod h1:Fwc5htZGVVkseilnfgOVb9mKy6w1naJm github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= github.com/nikoksr/notify v1.3.0 h1:UxzfxzAYGQD9a5JYLBTVx0lFMxeHCke3rPCkfWdPgLs= github.com/nikoksr/notify v1.3.0/go.mod h1:Xor2hMmkvrCfkCKvXGbcrESez4brac2zQjhd6U2BbeM= +github.com/nrdcg/bunny-go v0.0.0-20240207213615-dde5bf4577a3 h1:ouZ2JWDl8IW5k1qugYbmpbmW8hn85Ig6buSMBRlz3KI= +github.com/nrdcg/bunny-go v0.0.0-20240207213615-dde5bf4577a3/go.mod h1:ZwadWt7mVhMHMbAQ1w8IhDqtWO3eWqWq72W7trnaiE8= github.com/nrdcg/desec v0.10.0 h1:qrEDiqnsvNU9QE7lXIXi/tIHAfyaFXKxF2/8/52O8uM= github.com/nrdcg/desec v0.10.0/go.mod h1:5+4vyhMRTs49V9CNoODF/HwT8Mwxv9DJ6j+7NekUnBs= github.com/nrdcg/mailinabox v0.2.0 h1:IKq8mfKiVwNW2hQii/ng1dJ4yYMMv3HAP3fMFIq2CFk= diff --git a/internal/applicant/providers.go b/internal/applicant/providers.go index 74a12678..ddecad7c 100644 --- a/internal/applicant/providers.go +++ b/internal/applicant/providers.go @@ -11,6 +11,7 @@ import ( pAWSRoute53 "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/aws-route53" pAzureDNS "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/azure-dns" pBaiduCloud "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/baiducloud" + pBunny "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/bunny" pCloudflare "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/cloudflare" pClouDNS "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/cloudns" pCMCCCloud "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/cmcccloud" @@ -128,6 +129,21 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) { return applicant, err } + case domain.ApplyDNSProviderTypeBunny: + { + access := domain.AccessConfigForBunny{} + if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil { + return nil, fmt.Errorf("failed to populate provider access config: %w", err) + } + + applicant, err := pBunny.NewChallengeProvider(&pBunny.ChallengeProviderConfig{ + ApiKey: access.ApiKey, + DnsPropagationTimeout: options.DnsPropagationTimeout, + DnsTTL: options.DnsTTL, + }) + return applicant, err + } + case domain.ApplyDNSProviderTypeCloudflare: { access := domain.AccessConfigForCloudflare{} diff --git a/internal/deployer/providers.go b/internal/deployer/providers.go index fc3c7a37..947e60d3 100644 --- a/internal/deployer/providers.go +++ b/internal/deployer/providers.go @@ -31,6 +31,7 @@ import ( pBaishanCDN "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/baishan-cdn" pBaotaPanelConsole "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/baotapanel-console" pBaotaPanelSite "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/baotapanel-site" + pBunnyCDN "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/bunny-cdn" pBytePlusCDN "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/byteplus-cdn" pCacheFly "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/cachefly" pCdnfly "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/cdnfly" @@ -414,6 +415,21 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) { } } + case domain.DeployProviderTypeBunnyCDN: + { + access := domain.AccessConfigForBunny{} + if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil { + return nil, fmt.Errorf("failed to populate provider access config: %w", err) + } + + deployer, err := pBunnyCDN.NewDeployer(&pBunnyCDN.DeployerConfig{ + ApiKey: access.ApiKey, + PullZoneId: maputil.GetString(options.ProviderDeployConfig, "pullZoneId"), + HostName: maputil.GetString(options.ProviderDeployConfig, "hostName"), + }) + return deployer, err + } + case domain.DeployProviderTypeBytePlusCDN: { access := domain.AccessConfigForBytePlus{} diff --git a/internal/domain/access.go b/internal/domain/access.go index 0d3528ab..0d7f1fea 100644 --- a/internal/domain/access.go +++ b/internal/domain/access.go @@ -64,6 +64,10 @@ type AccessConfigForBytePlus struct { SecretKey string `json:"secretKey"` } +type AccessConfigForBunny struct { + ApiKey string `json:"apiKey"` +} + type AccessConfigForCacheFly struct { ApiToken string `json:"apiToken"` } diff --git a/internal/domain/provider.go b/internal/domain/provider.go index d8726034..6e91eef2 100644 --- a/internal/domain/provider.go +++ b/internal/domain/provider.go @@ -103,6 +103,7 @@ const ( ApplyDNSProviderTypeAzureDNS = ApplyDNSProviderType("azure-dns") ApplyDNSProviderTypeBaiduCloud = ApplyDNSProviderType("baiducloud") // 兼容旧值,等同于 [ApplyDNSProviderTypeBaiduCloudDNS] ApplyDNSProviderTypeBaiduCloudDNS = ApplyDNSProviderType("baiducloud-dns") + ApplyDNSProviderTypeBunny = ApplyDNSProviderType("bunny") ApplyDNSProviderTypeCloudflare = ApplyDNSProviderType("cloudflare") ApplyDNSProviderTypeClouDNS = ApplyDNSProviderType("cloudns") ApplyDNSProviderTypeCMCCCloud = ApplyDNSProviderType("cmcccloud") @@ -167,6 +168,7 @@ const ( DeployProviderTypeBaishanCDN = DeployProviderType("baishan-cdn") DeployProviderTypeBaotaPanelConsole = DeployProviderType("baotapanel-console") DeployProviderTypeBaotaPanelSite = DeployProviderType("baotapanel-site") + DeployProviderTypeBunnyCDN = DeployProviderType("bunny-cdn") DeployProviderTypeBytePlusCDN = DeployProviderType("byteplus-cdn") DeployProviderTypeCacheFly = DeployProviderType("cachefly") DeployProviderTypeCdnfly = DeployProviderType("cdnfly") diff --git a/internal/pkg/core/applicant/acme-dns-01/lego-providers/bunny/bunny.go b/internal/pkg/core/applicant/acme-dns-01/lego-providers/bunny/bunny.go new file mode 100644 index 00000000..558f7773 --- /dev/null +++ b/internal/pkg/core/applicant/acme-dns-01/lego-providers/bunny/bunny.go @@ -0,0 +1,36 @@ +package bunny + +import ( + "time" + + "github.com/go-acme/lego/v4/challenge" + "github.com/go-acme/lego/v4/providers/dns/bunny" +) + +type ChallengeProviderConfig struct { + ApiKey string `json:"apiKey"` + DnsPropagationTimeout int32 `json:"dnsPropagationTimeout,omitempty"` + DnsTTL int32 `json:"dnsTTL,omitempty"` +} + +func NewChallengeProvider(config *ChallengeProviderConfig) (challenge.Provider, error) { + if config == nil { + panic("config is nil") + } + + providerConfig := bunny.NewDefaultConfig() + providerConfig.APIKey = config.ApiKey + if config.DnsPropagationTimeout != 0 { + providerConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second + } + if config.DnsTTL != 0 { + providerConfig.TTL = int(config.DnsTTL) + } + + provider, err := bunny.NewDNSProviderConfig(providerConfig) + if err != nil { + return nil, err + } + + return provider, nil +} diff --git a/internal/pkg/core/deployer/providers/bunny-cdn/bunny_cdn.go b/internal/pkg/core/deployer/providers/bunny-cdn/bunny_cdn.go new file mode 100644 index 00000000..bcf22635 --- /dev/null +++ b/internal/pkg/core/deployer/providers/bunny-cdn/bunny_cdn.go @@ -0,0 +1,70 @@ +package bunnycdn + +import ( + "context" + "encoding/base64" + "log/slog" + + xerrors "github.com/pkg/errors" + + "github.com/usual2970/certimate/internal/pkg/core/deployer" + bunnysdk "github.com/usual2970/certimate/internal/pkg/vendors/bunny-sdk" +) + +type DeployerConfig struct { + // Bunny API Key + ApiKey string `json:"apiKey"` + // Bunny Pull Zone ID + PullZoneId string `json:"pullZoneId"` + // Bunny CDN Hostname(支持泛域名) + HostName string `json:"hostName"` +} + +type DeployerProvider struct { + config *DeployerConfig + logger *slog.Logger + sdkClient *bunnysdk.Client +} + +var _ deployer.Deployer = (*DeployerProvider)(nil) + +func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) { + if config == nil { + panic("config is nil") + } + + return &DeployerProvider{ + config: config, + logger: slog.Default(), + sdkClient: bunnysdk.NewClient(config.ApiKey), + }, nil +} + +func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer { + if logger == nil { + d.logger = slog.Default() + } else { + d.logger = logger + } + return d +} + +func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPem string) (*deployer.DeployResult, error) { + // Prepare + certPemBase64 := base64.StdEncoding.EncodeToString([]byte(certPem)) + privkeyPemBase64 := base64.StdEncoding.EncodeToString([]byte(privkeyPem)) + // 上传证书 + createCertificateReq := &bunnysdk.AddCustomCertificateRequest{ + Hostname: d.config.HostName, + PullZoneId: d.config.PullZoneId, + Certificate: certPemBase64, + CertificateKey: privkeyPemBase64, + } + createCertificateResp, err := d.sdkClient.AddCustomCertificate(createCertificateReq) + d.logger.Debug("sdk request 'bunny-cdn.AddCustomCertificate'", slog.Any("request", createCertificateReq), slog.Any("response", createCertificateResp)) + if err != nil { + return nil, xerrors.Wrap(err, "failed to execute sdk request 'bunny-cdn.AddCustomCertificate'") + } + + return &deployer.DeployResult{}, nil +} diff --git a/internal/pkg/core/deployer/providers/bunny-cdn/bunny_cdn_test.go b/internal/pkg/core/deployer/providers/bunny-cdn/bunny_cdn_test.go new file mode 100644 index 00000000..e4e54a20 --- /dev/null +++ b/internal/pkg/core/deployer/providers/bunny-cdn/bunny_cdn_test.go @@ -0,0 +1,75 @@ +package bunnycdn_test + +import ( + "context" + "flag" + "fmt" + "os" + "strings" + "testing" + + provider "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/bunny-cdn" +) + +var ( + fInputCertPath string + fInputKeyPath string + fApiKey string + fPullZoneId string + fHostName string +) + +func init() { + argsPrefix := "CERTIMATE_DEPLOYER_BUNNYCDN_" + + flag.StringVar(&fInputCertPath, argsPrefix+"INPUTCERTPATH", "", "") + flag.StringVar(&fInputKeyPath, argsPrefix+"INPUTKEYPATH", "", "") + flag.StringVar(&fApiKey, argsPrefix+"APIKEY", "", "") + flag.StringVar(&fPullZoneId, argsPrefix+"PULLZONEID", "", "") + flag.StringVar(&fHostName, argsPrefix+"HOSTNAME", "", "") +} + +/* +Shell command to run this test: + + go test -v ./bunny_cdn_test.go -args \ + --CERTIMATE_DEPLOYER_BUNNYCDN_INPUTCERTPATH="/path/to/your-input-cert.pem" \ + --CERTIMATE_DEPLOYER_BUNNYCDN_INPUTKEYPATH="/path/to/your-input-key.pem" \ + --CERTIMATE_DEPLOYER_BUNNYCDN_APITOKEN="your-api-token" \ + --CERTIMATE_DEPLOYER_BUNNYCDN_PULLZONEID="your-pull-zone-id" \ + --CERTIMATE_DEPLOYER_BUNNYCDN_HOSTNAME="example.com" +*/ +func TestDeploy(t *testing.T) { + flag.Parse() + + t.Run("Deploy", func(t *testing.T) { + t.Log(strings.Join([]string{ + "args:", + fmt.Sprintf("INPUTCERTPATH: %v", fInputCertPath), + fmt.Sprintf("INPUTKEYPATH: %v", fInputKeyPath), + fmt.Sprintf("APIKEY: %v", fApiKey), + fmt.Sprintf("PULLZONEID: %v", fPullZoneId), + fmt.Sprintf("HOSTNAME: %v", fHostName), + }, "\n")) + + deployer, err := provider.NewDeployer(&provider.DeployerConfig{ + ApiKey: fApiKey, + PullZoneId: fPullZoneId, + HostName: fHostName, + }) + if err != nil { + t.Errorf("err: %+v", err) + return + } + + fInputCertData, _ := os.ReadFile(fInputCertPath) + fInputKeyData, _ := os.ReadFile(fInputKeyPath) + res, err := deployer.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData)) + if err != nil { + t.Errorf("err: %+v", err) + return + } + + t.Logf("ok: %v", res) + }) +} diff --git a/internal/pkg/vendors/bunny-sdk/api.go b/internal/pkg/vendors/bunny-sdk/api.go new file mode 100644 index 00000000..8cff90b4 --- /dev/null +++ b/internal/pkg/vendors/bunny-sdk/api.go @@ -0,0 +1,11 @@ +package bunnysdk + +import ( + "fmt" + "net/http" +) + +func (c *Client) AddCustomCertificate(req *AddCustomCertificateRequest) ([]byte, error) { + resp, err := c.sendRequest(http.MethodPost, fmt.Sprintf("/pullzone/%s/addCertificate", req.PullZoneId), req) + return resp.Body(), err +} diff --git a/internal/pkg/vendors/bunny-sdk/client.go b/internal/pkg/vendors/bunny-sdk/client.go new file mode 100644 index 00000000..398d5cb2 --- /dev/null +++ b/internal/pkg/vendors/bunny-sdk/client.go @@ -0,0 +1,66 @@ +package bunnysdk + +import ( + "encoding/json" + "fmt" + "net/http" + "strings" + "time" + + "github.com/go-resty/resty/v2" +) + +type Client struct { + apiToken string + + client *resty.Client +} + +func NewClient(apiToken string) *Client { + client := resty.New() + + return &Client{ + apiToken: apiToken, + client: client, + } +} + +func (c *Client) WithTimeout(timeout time.Duration) *Client { + c.client.SetTimeout(timeout) + return c +} + +func (c *Client) sendRequest(method string, path string, params interface{}) (*resty.Response, error) { + req := c.client.R() + req.Method = method + req.URL = "https://api.bunny.net" + path + req = req.SetHeader("AccessKey", c.apiToken) + if strings.EqualFold(method, http.MethodGet) { + qs := make(map[string]string) + if params != nil { + temp := make(map[string]any) + jsonb, _ := json.Marshal(params) + json.Unmarshal(jsonb, &temp) + for k, v := range temp { + if v != nil { + qs[k] = fmt.Sprintf("%v", v) + } + } + } + + req = req.SetQueryParams(qs) + } else { + req = req. + SetHeader("Content-Type", "application/json"). + SetBody(params) + } + + resp, err := req.Send() + if err != nil { + return resp, fmt.Errorf("bunny api error: failed to send request: %w", err) + } else if resp.IsError() { + return resp, fmt.Errorf("bunny api error: unexpected status code: %d, %s", resp.StatusCode(), resp.Body()) + } + + return resp, nil +} diff --git a/internal/pkg/vendors/bunny-sdk/models.go b/internal/pkg/vendors/bunny-sdk/models.go new file mode 100644 index 00000000..3306cf5b --- /dev/null +++ b/internal/pkg/vendors/bunny-sdk/models.go @@ -0,0 +1,8 @@ +package bunnysdk + +type AddCustomCertificateRequest struct { + Hostname string `json:"Hostname"` + PullZoneId string `json:"-"` + Certificate string `json:"Certificate"` + CertificateKey string `json:"CertificateKey"` +} diff --git a/migrations/1744459000_upgrade.go b/migrations/1744459000_upgrade.go new file mode 100644 index 00000000..d2f95004 --- /dev/null +++ b/migrations/1744459000_upgrade.go @@ -0,0 +1,98 @@ +package migrations + +import ( + "github.com/pocketbase/pocketbase/core" + m "github.com/pocketbase/pocketbase/migrations" +) + +func init() { + m.Register(func(app core.App) error { + // update collection `access` + { + collection, err := app.FindCollectionByNameOrId("4yzbv8urny5ja1e") + if err != nil { + return err + } + + // update field + if err := collection.Fields.AddMarshaledJSONAt(2, []byte(`{ + "hidden": false, + "id": "hwy7m03o", + "maxSelect": 1, + "name": "provider", + "presentable": false, + "required": false, + "system": false, + "type": "select", + "values": [ + "1panel", + "acmehttpreq", + "akamai", + "aliyun", + "aws", + "azure", + "baiducloud", + "baishan", + "baotapanel", + "bunny", + "byteplus", + "buypass", + "cachefly", + "cdnfly", + "cloudflare", + "cloudns", + "cmcccloud", + "ctcccloud", + "cucccloud", + "desec", + "dnsla", + "dogecloud", + "dynv6", + "edgio", + "fastly", + "gname", + "gcore", + "godaddy", + "goedge", + "googletrustservices", + "huaweicloud", + "jdcloud", + "k8s", + "letsencrypt", + "letsencryptstaging", + "local", + "namecheap", + "namedotcom", + "namesilo", + "ns1", + "porkbun", + "powerdns", + "qiniu", + "qingcloud", + "rainyun", + "safeline", + "ssh", + "sslcom", + "tencentcloud", + "ucloud", + "upyun", + "vercel", + "volcengine", + "webhook", + "westcn", + "zerossl" + ] + }`)); err != nil { + return err + } + + if err := app.Save(collection); err != nil { + return err + } + } + + return nil + }, func(app core.App) error { + return nil + }) +} diff --git a/ui/public/imgs/providers/bunny.svg b/ui/public/imgs/providers/bunny.svg new file mode 100644 index 00000000..edbbab32 --- /dev/null +++ b/ui/public/imgs/providers/bunny.svg @@ -0,0 +1,108 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/ui/src/components/access/AccessForm.tsx b/ui/src/components/access/AccessForm.tsx index d5906434..0f28ccbe 100644 --- a/ui/src/components/access/AccessForm.tsx +++ b/ui/src/components/access/AccessForm.tsx @@ -17,6 +17,7 @@ import AccessFormAzureConfig from "./AccessFormAzureConfig"; import AccessFormBaiduCloudConfig from "./AccessFormBaiduCloudConfig"; import AccessFormBaishanConfig from "./AccessFormBaishanConfig"; import AccessFormBaotaPanelConfig from "./AccessFormBaotaPanelConfig"; +import AccessFormBunnyConfig from "./AccessFormBunnyConfig"; import AccessFormBytePlusConfig from "./AccessFormBytePlusConfig"; import AccessFormCacheFlyConfig from "./AccessFormCacheFlyConfig"; import AccessFormCdnflyConfig from "./AccessFormCdnflyConfig"; @@ -161,6 +162,8 @@ const AccessForm = forwardRef(({ className, return ; case ACCESS_PROVIDERS.BAOTAPANEL: return ; + case ACCESS_PROVIDERS.BUNNY: + return ; case ACCESS_PROVIDERS.BYTEPLUS: return ; case ACCESS_PROVIDERS.CACHEFLY: diff --git a/ui/src/components/access/AccessFormBunnyConfig.tsx b/ui/src/components/access/AccessFormBunnyConfig.tsx new file mode 100644 index 00000000..0906d3d0 --- /dev/null +++ b/ui/src/components/access/AccessFormBunnyConfig.tsx @@ -0,0 +1,62 @@ +import { useTranslation } from "react-i18next"; +import { Form, type FormInstance, Input } from "antd"; +import { createSchemaFieldRule } from "antd-zod"; +import { z } from "zod"; + +import { type AccessConfigForBunny } from "@/domain/access"; + +type AccessFormBunnyConfigFieldValues = Nullish; + +export type AccessFormBunnyConfigProps = { + form: FormInstance; + formName: string; + disabled?: boolean; + initialValues?: AccessFormBunnyConfigFieldValues; + onValuesChange?: (values: AccessFormBunnyConfigFieldValues) => void; +}; + +const initFormModel = (): AccessFormBunnyConfigFieldValues => { + return { + apiKey: "", + }; +}; + +const AccessFormBunnyConfig = ({ form: formInst, formName, disabled, initialValues, onValuesChange }: AccessFormBunnyConfigProps) => { + const { t } = useTranslation(); + + const formSchema = z.object({ + apiKey: z + .string() + .nonempty(t("access.form.bunny_api_key.placeholder")) + .trim(), + }); + const formRule = createSchemaFieldRule(formSchema); + + const handleFormChange = (_: unknown, values: z.infer) => { + onValuesChange?.(values); + }; + + return ( +
+ + } + > + + + +
+ ); +}; + +export default AccessFormBunnyConfig; diff --git a/ui/src/components/workflow/node/DeployNodeConfigForm.tsx b/ui/src/components/workflow/node/DeployNodeConfigForm.tsx index 33d1012c..c89cfa42 100644 --- a/ui/src/components/workflow/node/DeployNodeConfigForm.tsx +++ b/ui/src/components/workflow/node/DeployNodeConfigForm.tsx @@ -39,6 +39,7 @@ import DeployNodeConfigFormBaiduCloudCDNConfig from "./DeployNodeConfigFormBaidu import DeployNodeConfigFormBaishanCDNConfig from "./DeployNodeConfigFormBaishanCDNConfig"; import DeployNodeConfigFormBaotaPanelConsoleConfig from "./DeployNodeConfigFormBaotaPanelConsoleConfig"; import DeployNodeConfigFormBaotaPanelSiteConfig from "./DeployNodeConfigFormBaotaPanelSiteConfig"; +import DeployNodeConfigFormBunnyCDNConfig from "./DeployNodeConfigFormBunnyCDNConfig.tsx"; import DeployNodeConfigFormBytePlusCDNConfig from "./DeployNodeConfigFormBytePlusCDNConfig"; import DeployNodeConfigFormCdnflyConfig from "./DeployNodeConfigFormCdnflyConfig"; import DeployNodeConfigFormDogeCloudCDNConfig from "./DeployNodeConfigFormDogeCloudCDNConfig"; @@ -217,6 +218,8 @@ const DeployNodeConfigForm = forwardRef; case DEPLOY_PROVIDERS.BAOTAPANEL_SITE: return ; + case DEPLOY_PROVIDERS.BUNNY_CDN: + return ; case DEPLOY_PROVIDERS.BYTEPLUS_CDN: return ; case DEPLOY_PROVIDERS.CDNFLY: diff --git a/ui/src/components/workflow/node/DeployNodeConfigFormBunnyCDNConfig.tsx b/ui/src/components/workflow/node/DeployNodeConfigFormBunnyCDNConfig.tsx new file mode 100644 index 00000000..3b68f811 --- /dev/null +++ b/ui/src/components/workflow/node/DeployNodeConfigFormBunnyCDNConfig.tsx @@ -0,0 +1,76 @@ +import { useTranslation } from "react-i18next"; +import { Form, type FormInstance, Input } from "antd"; +import { createSchemaFieldRule } from "antd-zod"; +import { z } from "zod"; +import { validDomainName } from "@/utils/validators"; + +type DeployNodeConfigFormBunnyCDNConfigFieldValues = Nullish<{ + pullZoneId: string | number; + hostName: string; +}>; + +export type DeployNodeConfigFormBunnyCDNConfigProps = { + form: FormInstance; + formName: string; + disabled?: boolean; + initialValues?: DeployNodeConfigFormBunnyCDNConfigFieldValues; + onValuesChange?: (values: DeployNodeConfigFormBunnyCDNConfigFieldValues) => void; +}; + +const initFormModel = (): DeployNodeConfigFormBunnyCDNConfigFieldValues => { + return {}; +}; + +const DeployNodeConfigFormBunnyCDNConfig = ({ form: formInst, formName, disabled, initialValues, onValuesChange }: DeployNodeConfigFormBunnyCDNConfigProps) => { + const { t } = useTranslation(); + + const formSchema = z.object({ + pullZoneId: z + .union([z.string(), z.number().int()]) + .refine((v) => { + return /^\d+$/.test(v + "") && +v! > 0; + }, t("workflow_node.deploy.form.bunny_cdn_pull_zone_id.placeholder")), + hostName: z + .string({ message: t("workflow_node.deploy.form.bunny_cdn_host_name.placeholder") }) + .nonempty(t("workflow_node.deploy.form.bunny_cdn_host_name.placeholder")) + .refine((v) => { + return !v || validDomainName(v!, { allowWildcard: true }); + }, t("common.errmsg.domain_invalid")), + }); + const formRule = createSchemaFieldRule(formSchema); + + const handleFormChange = (_: unknown, values: z.infer) => { + onValuesChange?.(values); + }; + + return ( +
+ } + > + + + + } + > + + +
+ ); +}; + +export default DeployNodeConfigFormBunnyCDNConfig; diff --git a/ui/src/domain/access.ts b/ui/src/domain/access.ts index 86d644fa..c0ebd971 100644 --- a/ui/src/domain/access.ts +++ b/ui/src/domain/access.ts @@ -14,6 +14,7 @@ export interface AccessModel extends BaseModel { | AccessConfigForBaiduCloud | AccessConfigForBaishan | AccessConfigForBaotaPanel + | AccessConfigForBunny | AccessConfigForBytePlus | AccessConfigForCacheFly | AccessConfigForCdnfly @@ -99,6 +100,10 @@ export type AccessConfigForBaotaPanel = { allowInsecureConnections?: boolean; }; +export type AccessConfigForBunny = { + apiKey: string; +}; + export type AccessConfigForBytePlus = { accessKey: string; secretKey: string; diff --git a/ui/src/domain/provider.ts b/ui/src/domain/provider.ts index 74296917..8d5493f7 100644 --- a/ui/src/domain/provider.ts +++ b/ui/src/domain/provider.ts @@ -12,6 +12,7 @@ export const ACCESS_PROVIDERS = Object.freeze({ BAIDUCLOUD: "baiducloud", BAISHAN: "baishan", BAOTAPANEL: "baotapanel", + BUNNY: "bunny", BYTEPLUS: "byteplus", BUYPASS: "buypass", CACHEFLY: "cachefly", @@ -93,6 +94,7 @@ export const accessProvidersMap: Maphttps://intl.cloud.baidu.com/doc/Reference/s/jjwvz2e3p-en", + "access.form.bunny_api_key.label": "Bunny API Key", + "access.form.bunny_api_key.placeholder": "Please enter Bunny API key", + "access.form.bunny_api_key.tooltip": "For more information, see https://docs.bunny.net/reference/bunnynet-api-overview", "access.form.upyun_username.label": "UPYUN subaccount username", "access.form.upyun_username.placeholder": "Please enter UPYUN subaccount username", "access.form.upyun_username.tooltip": "For more information, see https://console.upyun.com/account/subaccount/", diff --git a/ui/src/i18n/locales/en/nls.provider.json b/ui/src/i18n/locales/en/nls.provider.json index a7b5c292..160284ad 100644 --- a/ui/src/i18n/locales/en/nls.provider.json +++ b/ui/src/i18n/locales/en/nls.provider.json @@ -38,6 +38,8 @@ "provider.baotapanel": "aaPanel (aka BaoTaPanel)", "provider.baotapanel.console": "aaPanel (aka BaoTaPanel) - Console", "provider.baotapanel.site": "aaPanel (aka BaoTaPanel) - Website", + "provider.bunny": "Bunny", + "provider.bunny.cdn": "Bunny - CDN (Content Delivery Network)", "provider.byteplus": "BytePlus", "provider.byteplus.cdn": "BytePlus - CDN (Content Delivery Network)", "provider.buypass": "Buypass AS", diff --git a/ui/src/i18n/locales/en/nls.workflow.nodes.json b/ui/src/i18n/locales/en/nls.workflow.nodes.json index af3a6796..17f0e442 100644 --- a/ui/src/i18n/locales/en/nls.workflow.nodes.json +++ b/ui/src/i18n/locales/en/nls.workflow.nodes.json @@ -289,6 +289,12 @@ "workflow_node.deploy.form.baotapanel_site_names.tooltip": "Usually equal to the websites domain name.", "workflow_node.deploy.form.baotapanel_site_names.multiple_input_modal.title": "Change aaPanel site names", "workflow_node.deploy.form.baotapanel_site_names.multiple_input_modal.placeholder": "Please enter aaPanel site name", + "workflow_node.deploy.form.bunny_cdn_pull_zone_id.label": "Bunny CDN pull zone ID", + "workflow_node.deploy.form.bunny_cdn_pull_zone_id.placeholder": "Please enter Bunny CDN pull zone ID", + "workflow_node.deploy.form.bunny_cdn_pull_zone_id.tooltip": "What is this? See https://dash.bunny.net/cdn", + "workflow_node.deploy.form.bunny_cdn_host_name.label": "Bunny CDN hostname", + "workflow_node.deploy.form.bunny_cdn_host_name.placeholder": "Please enter Bunny CDN hostname", + "workflow_node.deploy.form.bunny_cdn_host_name.tooltip": "What is this? See https://dash.bunny.net/cdn", "workflow_node.deploy.form.byteplus_cdn_domain.label": "BytePlus CDN domain", "workflow_node.deploy.form.byteplus_cdn_domain.placeholder": "Please enter BytePlus CDN domain name", "workflow_node.deploy.form.byteplus_cdn_domain.tooltip": "For more information, see https://console.byteplus.com/cdn", diff --git a/ui/src/i18n/locales/zh/nls.access.json b/ui/src/i18n/locales/zh/nls.access.json index 657c2d68..fb3cd479 100644 --- a/ui/src/i18n/locales/zh/nls.access.json +++ b/ui/src/i18n/locales/zh/nls.access.json @@ -96,6 +96,9 @@ "access.form.baotapanel_allow_insecure_conns.tooltip": "忽略 SSL/TLS 证书错误可能导致数据泄露或被篡改。建议仅在可信网络下启用。", "access.form.baotapanel_allow_insecure_conns.switch.on": "允许", "access.form.baotapanel_allow_insecure_conns.switch.off": "不允许", + "access.form.bunny_api_key.label": "Bunny API Key", + "access.form.bunny_api_key.placeholder": "请输入 Bunny API Key", + "access.form.bunny_api_key.tooltip": "这是什么?请参阅 https://docs.bunny.net/reference/bunnynet-api-overview", "access.form.byteplus_access_key.label": "BytePlus AccessKey", "access.form.byteplus_access_key.placeholder": "请输入 BytePlus AccessKey", "access.form.byteplus_access_key.tooltip": "这是什么?请参阅 https://docs.byteplus.com/zh-CN/docs/byteplus-platform/docs-managing-keys", diff --git a/ui/src/i18n/locales/zh/nls.provider.json b/ui/src/i18n/locales/zh/nls.provider.json index 3d7c1e58..57148fc6 100644 --- a/ui/src/i18n/locales/zh/nls.provider.json +++ b/ui/src/i18n/locales/zh/nls.provider.json @@ -38,6 +38,8 @@ "provider.baotapanel": "宝塔面板", "provider.baotapanel.console": "宝塔面板 - 面板", "provider.baotapanel.site": "宝塔面板 - 网站", + "provider.bunny": "Bunny", + "provider.bunny.cdn": "Bunny - 内容分发网络 CDN", "provider.byteplus": "BytePlus", "provider.byteplus.cdn": "BytePlus - 内容分发网络 CDN", "provider.buypass": "Buypass AS", diff --git a/ui/src/i18n/locales/zh/nls.workflow.nodes.json b/ui/src/i18n/locales/zh/nls.workflow.nodes.json index 7338912f..54986ed5 100644 --- a/ui/src/i18n/locales/zh/nls.workflow.nodes.json +++ b/ui/src/i18n/locales/zh/nls.workflow.nodes.json @@ -288,6 +288,12 @@ "workflow_node.deploy.form.baotapanel_site_names.tooltip": "通常为网站域名。", "workflow_node.deploy.form.baotapanel_site_names.multiple_input_modal.title": "修改宝塔面板网站名称", "workflow_node.deploy.form.baotapanel_site_names.multiple_input_modal.placeholder": "请输入宝塔面板网站名称", + "workflow_node.deploy.form.bunny_cdn_pull_zone_id.label": "Bunny CDN 拉取区域 ID", + "workflow_node.deploy.form.bunny_cdn_pull_zone_id.placeholder": "请输入 Bunny CDN 拉取区域 ID", + "workflow_node.deploy.form.bunny_cdn_pull_zone_id.tooltip": "这是什么?请参阅 https://dash.bunny.net/cdn", + "workflow_node.deploy.form.bunny_cdn_host_name.label": "Bunny CDN 主机名", + "workflow_node.deploy.form.bunny_cdn_host_name.placeholder": "请输入 Bunny CDN 主机名", + "workflow_node.deploy.form.bunny_cdn_host_name.tooltip": "这是什么?请参阅 https://dash.bunny.net/cdn", "workflow_node.deploy.form.byteplus_cdn_domain.label": "BytePlus CDN 域名", "workflow_node.deploy.form.byteplus_cdn_domain.placeholder": "请输入 BytePlus CDN 域名(支持泛域名)", "workflow_node.deploy.form.byteplus_cdn_domain.tooltip": "这是什么?请参阅 https://console.byteplus.com/cdn", From 364ceb23997bc9972be2f8d2049c81d1eb7a8b2e Mon Sep 17 00:00:00 2001 From: fondoger Date: Wed, 16 Apr 2025 21:53:19 +0800 Subject: [PATCH 02/18] Fix Azure KeyVault bug --- internal/deployer/providers.go | 11 +-- .../azure-keyvault/azure_keyvault.go | 13 +-- .../azure-keyvault/azure_keyvault.go | 28 +++++- .../azure-keyvault/azure_keyvault_test.go | 87 +++++++++++++++++++ ...eployNodeConfigFormAzureKeyVaultConfig.tsx | 17 ++++ ui/src/i18n/locales/en/nls.common.json | 1 + .../i18n/locales/en/nls.workflow.nodes.json | 3 + ui/src/i18n/locales/zh/nls.common.json | 1 + .../i18n/locales/zh/nls.workflow.nodes.json | 3 + ui/src/utils/validators.ts | 5 ++ 10 files changed, 155 insertions(+), 14 deletions(-) create mode 100644 internal/pkg/core/uploader/providers/azure-keyvault/azure_keyvault_test.go diff --git a/internal/deployer/providers.go b/internal/deployer/providers.go index c2136d20..f700b213 100644 --- a/internal/deployer/providers.go +++ b/internal/deployer/providers.go @@ -297,11 +297,12 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) { switch options.Provider { case domain.DeployProviderTypeAzureKeyVault: deployer, err := pAzureKeyVault.NewDeployer(&pAzureKeyVault.DeployerConfig{ - TenantId: access.TenantId, - ClientId: access.ClientId, - ClientSecret: access.ClientSecret, - CloudName: access.CloudName, - KeyVaultName: maputil.GetString(options.ProviderDeployConfig, "keyvaultName"), + TenantId: access.TenantId, + ClientId: access.ClientId, + ClientSecret: access.ClientSecret, + CloudName: access.CloudName, + KeyVaultName: maputil.GetString(options.ProviderDeployConfig, "keyvaultName"), + CertificateName: maputil.GetString(options.ProviderDeployConfig, "certificateName"), }) return deployer, err diff --git a/internal/pkg/core/deployer/providers/azure-keyvault/azure_keyvault.go b/internal/pkg/core/deployer/providers/azure-keyvault/azure_keyvault.go index 4439aa68..c39ed892 100644 --- a/internal/pkg/core/deployer/providers/azure-keyvault/azure_keyvault.go +++ b/internal/pkg/core/deployer/providers/azure-keyvault/azure_keyvault.go @@ -22,6 +22,8 @@ type DeployerConfig struct { CloudName string `json:"cloudName,omitempty"` // Key Vault 名称。 KeyVaultName string `json:"keyvaultName"` + // Certificate 名称。 + CertificateName string `json:"certificateName"` } type DeployerProvider struct { @@ -38,11 +40,12 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) { } uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{ - TenantId: config.TenantId, - ClientId: config.ClientId, - ClientSecret: config.ClientSecret, - CloudName: config.CloudName, - KeyVaultName: config.KeyVaultName, + TenantId: config.TenantId, + ClientId: config.ClientId, + ClientSecret: config.ClientSecret, + CloudName: config.CloudName, + KeyVaultName: config.KeyVaultName, + CertificateName: config.CertificateName, }) if err != nil { return nil, xerrors.Wrap(err, "failed to create ssl uploader") diff --git a/internal/pkg/core/uploader/providers/azure-keyvault/azure_keyvault.go b/internal/pkg/core/uploader/providers/azure-keyvault/azure_keyvault.go index 5f6f998a..308cb5d4 100644 --- a/internal/pkg/core/uploader/providers/azure-keyvault/azure_keyvault.go +++ b/internal/pkg/core/uploader/providers/azure-keyvault/azure_keyvault.go @@ -3,6 +3,7 @@ import ( "context" "crypto/x509" + "encoding/base64" "fmt" "log/slog" "time" @@ -29,6 +30,8 @@ type UploaderConfig struct { CloudName string `json:"cloudName,omitempty"` // Key Vault 名称。 KeyVaultName string `json:"keyvaultName"` + // Certificate 名称。 + CertificateName string `json:"certificateName,omitempty"` } type UploaderProvider struct { @@ -88,6 +91,11 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe } for _, certItem := range page.Value { + // 如果已经指定了证书名称,则跳过证书名称不匹配的证书 + if u.config.CertificateName != "" && certItem.ID.Name() != u.config.CertificateName { + continue + } + // 先对比证书有效期 if certItem.Attributes == nil { continue @@ -138,16 +146,28 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe } } - // 生成新证书名(需符合 Azure 命名规则) - certName := fmt.Sprintf("certimate-%d", time.Now().UnixMilli()) + certName := u.config.CertificateName + if certName == "" { + // 未指定证书名称时,生成包含timestamp的新证书名(需符合 Azure 命名规则) + certName = fmt.Sprintf("certimate-%d", time.Now().UnixMilli()) + } + + // Azure Key Vault 不支持导入带有Certificiate Chain的PEM证书。 + // Issue Link: https://github.com/Azure/azure-cli/issues/19017 + // 暂时的解决方法是,将 PEM 证书转换成 PFX 格式,然后再导入。 + pfxCert, err := certutil.TransformCertificateFromPEMToPFX(certPem, privkeyPem, "") + if err != nil { + u.logger.Error("failed to transform certificate from PEM to PFX", slog.String("certPem", certPem), slog.String("privkeyPem", privkeyPem)) + return nil, xerrors.Wrap(err, "failed to transform certificate from PEM to PFX") + } // 导入证书 // REF: https://learn.microsoft.com/en-us/rest/api/keyvault/certificates/import-certificate/import-certificate importCertificateParams := azcertificates.ImportCertificateParameters{ - Base64EncodedCertificate: to.Ptr(certPem), + Base64EncodedCertificate: to.Ptr(base64.StdEncoding.EncodeToString(pfxCert)), CertificatePolicy: &azcertificates.CertificatePolicy{ SecretProperties: &azcertificates.SecretProperties{ - ContentType: to.Ptr("application/x-pem-file"), + ContentType: to.Ptr("application/x-pkcs12"), }, }, Tags: map[string]*string{ diff --git a/internal/pkg/core/uploader/providers/azure-keyvault/azure_keyvault_test.go b/internal/pkg/core/uploader/providers/azure-keyvault/azure_keyvault_test.go new file mode 100644 index 00000000..3a8ff985 --- /dev/null +++ b/internal/pkg/core/uploader/providers/azure-keyvault/azure_keyvault_test.go @@ -0,0 +1,87 @@ +package azurekeyvault_test + +import ( + "context" + "encoding/json" + "flag" + "fmt" + "os" + "strings" + "testing" + + provider "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/azure-keyvault" +) + +var ( + fInputCertPath string + fInputKeyPath string + fTenantId string + fAccessKeyId string + fSecretAccessKey string + fKeyVaultName string + fCertificateName string +) + +func init() { + argsPrefix := "CERTIMATE_UPLOADER_AZUREKEYVAULT_" + + flag.StringVar(&fInputCertPath, argsPrefix+"INPUTCERTPATH", "", "") + flag.StringVar(&fInputKeyPath, argsPrefix+"INPUTKEYPATH", "", "") + flag.StringVar(&fTenantId, argsPrefix+"TENANTID", "", "") + flag.StringVar(&fAccessKeyId, argsPrefix+"ACCESSKEYID", "", "") + flag.StringVar(&fSecretAccessKey, argsPrefix+"SECRETACCESSKEY", "", "") + flag.StringVar(&fKeyVaultName, argsPrefix+"KEYVAULTNAME", "", "") + flag.StringVar(&fCertificateName, argsPrefix+"CERTIFICATENAME", "", "") +} + +/* +Shell command to run this test: + + go test -v ./azure_keyvault_test.go -args \ + --CERTIMATE_UPLOADER_AZUREKEYVAULT_INPUTCERTPATH="/path/to/your-input-cert.pem" \ + --CERTIMATE_UPLOADER_AZUREKEYVAULT_INPUTKEYPATH="/path/to/your-input-key.pem" \ + --CERTIMATE_UPLOADER_AZUREKEYVAULT_TENANTID="your-tenant-id" \ + --CERTIMATE_UPLOADER_AZUREKEYVAULT_ACCESSKEYID="your-app-registration-client-id" \ + --CERTIMATE_UPLOADER_AZUREKEYVAULT_SECRETACCESSKEY="your-app-registration-client-secret" \ + --CERTIMATE_UPLOADER_AZUREKEYVAULT_KEYVAULTNAME="your-keyvault-name" \ + --CERTIMATE_UPLOADER_AZUREKEYVAULT_CERTIFICATENAME="your-certificate-name" +*/ +func TestDeploy(t *testing.T) { + flag.Parse() + + t.Run("Deploy", func(t *testing.T) { + t.Log(strings.Join([]string{ + "args:", + fmt.Sprintf("INPUTCERTPATH: %v", fInputCertPath), + fmt.Sprintf("INPUTKEYPATH: %v", fInputKeyPath), + fmt.Sprintf("TENANTID: %v", fTenantId), + fmt.Sprintf("ACCESSKEYID: %v", fAccessKeyId), + fmt.Sprintf("SECRETACCESSKEY: %v", fSecretAccessKey), + fmt.Sprintf("KEYVAULTNAME: %v", fKeyVaultName), + fmt.Sprintf("CERTIFICATENAME: %v", fCertificateName), + }, "\n")) + + uploader, err := provider.NewUploader(&provider.UploaderConfig{ + TenantId: fTenantId, + ClientId: fAccessKeyId, + ClientSecret: fSecretAccessKey, + KeyVaultName: fKeyVaultName, + CertificateName: fCertificateName, + }) + if err != nil { + t.Errorf("err: %+v", err) + return + } + + fInputCertData, _ := os.ReadFile(fInputCertPath) + fInputKeyData, _ := os.ReadFile(fInputKeyPath) + res, err := uploader.Upload(context.Background(), string(fInputCertData), string(fInputKeyData)) + if err != nil { + t.Errorf("err: %+v", err) + return + } + + sres, _ := json.Marshal(res) + t.Logf("ok: %s", string(sres)) + }) +} diff --git a/ui/src/components/workflow/node/DeployNodeConfigFormAzureKeyVaultConfig.tsx b/ui/src/components/workflow/node/DeployNodeConfigFormAzureKeyVaultConfig.tsx index 91d48cdf..9518fd25 100644 --- a/ui/src/components/workflow/node/DeployNodeConfigFormAzureKeyVaultConfig.tsx +++ b/ui/src/components/workflow/node/DeployNodeConfigFormAzureKeyVaultConfig.tsx @@ -2,9 +2,11 @@ import { useTranslation } from "react-i18next"; import { Form, type FormInstance, Input } from "antd"; import { createSchemaFieldRule } from "antd-zod"; import { z } from "zod"; +import { validAzureKeyVaultCertificateName } from "@/utils/validators"; type DeployNodeConfigFormAzureKeyVaultConfigFieldValues = Nullish<{ keyvaultName: string; + certificateName?: string; }>; export type DeployNodeConfigFormAzureKeyVaultConfigProps = { @@ -33,6 +35,13 @@ const DeployNodeConfigFormAzureKeyVaultConfig = ({ .string({ message: t("workflow_node.deploy.form.azure_keyvault_name.placeholder") }) .nonempty(t("workflow_node.deploy.form.azure_keyvault_name.placeholder")) .trim(), + certificateName: z + .string({ message: t("workflow_node.deploy.form.azure_keyvault_certificate_name.placeholder") }) + .nullish() + .refine((v) =>{ + if (!v) return true; + return validAzureKeyVaultCertificateName(v); + }, t("common.errmsg.azure_keyvault_certificate_name_invalid")), }); const formRule = createSchemaFieldRule(formSchema); @@ -57,6 +66,14 @@ const DeployNodeConfigFormAzureKeyVaultConfig = ({ > + } + > + + ); }; diff --git a/ui/src/i18n/locales/en/nls.common.json b/ui/src/i18n/locales/en/nls.common.json index 0c3cd5df..d72cd687 100644 --- a/ui/src/i18n/locales/en/nls.common.json +++ b/ui/src/i18n/locales/en/nls.common.json @@ -35,6 +35,7 @@ "common.errmsg.port_invalid": "Please enter a valid port", "common.errmsg.ip_invalid": "Please enter a valid IP address", "common.errmsg.url_invalid": "Please enter a valid URL", + "common.errmsg.azure_keyvault_certificate_name_invalid": "Certificate name can only contain letters, numbers, and hyphens (-), with a length limit of 1 to 127 characters", "common.notifier.bark": "Bark", "common.notifier.dingtalk": "DingTalk", diff --git a/ui/src/i18n/locales/en/nls.workflow.nodes.json b/ui/src/i18n/locales/en/nls.workflow.nodes.json index 4ac796b3..d0d88c1e 100644 --- a/ui/src/i18n/locales/en/nls.workflow.nodes.json +++ b/ui/src/i18n/locales/en/nls.workflow.nodes.json @@ -234,6 +234,9 @@ "workflow_node.deploy.form.azure_keyvault_name.label": "Azure KeyVault name", "workflow_node.deploy.form.azure_keyvault_name.placeholder": "Please enter Azure KeyVault name", "workflow_node.deploy.form.azure_keyvault_name.tooltip": "For more information, see https://learn.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates", + "workflow_node.deploy.form.azure_keyvault_certificate_name.label": "Azure KeyVault certificate name (Optional)", + "workflow_node.deploy.form.azure_keyvault_certificate_name.placeholder": "Please enter Azure KeyVault certificate name", + "workflow_node.deploy.form.azure_keyvault_certificate_name.tooltip": "If not filled in, a default name with a timestamp will be automatically generated.", "workflow_node.deploy.form.baiducloud_appblb_resource_type.label": "Resource type", "workflow_node.deploy.form.baiducloud_appblb_resource_type.placeholder": "Please select resource type", "workflow_node.deploy.form.baiducloud_appblb_resource_type.option.loadbalancer.label": "BLB load balancer", diff --git a/ui/src/i18n/locales/zh/nls.common.json b/ui/src/i18n/locales/zh/nls.common.json index fe3a9e06..34a13ead 100644 --- a/ui/src/i18n/locales/zh/nls.common.json +++ b/ui/src/i18n/locales/zh/nls.common.json @@ -35,6 +35,7 @@ "common.errmsg.port_invalid": "请输入正确的端口号", "common.errmsg.ip_invalid": "请输入正确的 IP 地址", "common.errmsg.url_invalid": "请输入正确的 URL 地址", + "common.errmsg.azure_keyvault_certificate_name_invalid": "证书名称只能包含字母、数字和连字符(-),长度限制为 1 到 127 个字符", "common.notifier.bark": "Bark", "common.notifier.dingtalk": "钉钉", diff --git a/ui/src/i18n/locales/zh/nls.workflow.nodes.json b/ui/src/i18n/locales/zh/nls.workflow.nodes.json index 5fcb201d..ea6774e5 100644 --- a/ui/src/i18n/locales/zh/nls.workflow.nodes.json +++ b/ui/src/i18n/locales/zh/nls.workflow.nodes.json @@ -233,6 +233,9 @@ "workflow_node.deploy.form.azure_keyvault_name.label": "Azure KeyVault 名称", "workflow_node.deploy.form.azure_keyvault_name.placeholder": "请输入 Azure KeyVault 名称", "workflow_node.deploy.form.azure_keyvault_name.tooltip": "这是什么?请参阅 https://learn.microsoft.com/zh-cn/azure/key-vault/general/about-keys-secrets-certificates", + "workflow_node.deploy.form.azure_keyvault_certificate_name.label": "Azure KeyVault 证书名称 (可选)", + "workflow_node.deploy.form.azure_keyvault_certificate_name.placeholder": "请输入 Azure KeyVault 证书名称", + "workflow_node.deploy.form.azure_keyvault_certificate_name.tooltip": "不填写时,会自动生成带时间戳的默认名称。", "workflow_node.deploy.form.baiducloud_appblb_resource_type.label": "证书替换方式", "workflow_node.deploy.form.baiducloud_appblb_resource_type.placeholder": "请选择证书替换方式", "workflow_node.deploy.form.baiducloud_appblb_resource_type.option.loadbalancer.label": "替换指定负载均衡器下的全部 HTTPS/SSL 监听的证书", diff --git a/ui/src/utils/validators.ts b/ui/src/utils/validators.ts index 05d43edd..14b49fb7 100644 --- a/ui/src/utils/validators.ts +++ b/ui/src/utils/validators.ts @@ -9,6 +9,11 @@ export const validDomainName = (value: string, { allowWildcard = false }: { allo return re.test(value); }; +export const validAzureKeyVaultCertificateName = (value: string) => { + const re = /^[a-zA-Z0-9-]{1,127}$/; + return re.test(value); +} + export const validEmailAddress = (value: string) => { const re = /^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$/; return re.test(value); From 5fe24465d7abd27a0d446a92c336642bfbdbd90e Mon Sep 17 00:00:00 2001 From: fondoger Date: Thu, 17 Apr 2025 12:54:43 +0800 Subject: [PATCH 03/18] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E7=81=AB=E5=B1=B1?= =?UTF-8?q?=E4=BA=91=E8=AF=81=E4=B9=A6=E4=B8=8A=E4=BC=A0=E8=8E=B7=E5=8F=96?= =?UTF-8?q?=E7=A9=BA=E5=80=BC=E7=9A=84bug?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../volcengine-certcenter/volcengine_certcenter.go | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/internal/pkg/core/uploader/providers/volcengine-certcenter/volcengine_certcenter.go b/internal/pkg/core/uploader/providers/volcengine-certcenter/volcengine_certcenter.go index 990d9550..b802dc25 100644 --- a/internal/pkg/core/uploader/providers/volcengine-certcenter/volcengine_certcenter.go +++ b/internal/pkg/core/uploader/providers/volcengine-certcenter/volcengine_certcenter.go @@ -72,12 +72,17 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe } var certId string - if importCertificateResp.InstanceId != nil { + if importCertificateResp.InstanceId != nil && *importCertificateResp.InstanceId != "" { certId = *importCertificateResp.InstanceId } - if importCertificateResp.RepeatId != nil { + if importCertificateResp.RepeatId != nil && *importCertificateResp.RepeatId != "" { certId = *importCertificateResp.RepeatId } + + if certId == "" { + return nil, xerrors.New("failed to get certId from importCertificateResp, both InstanceId and RepeatId are empty") + } + return &uploader.UploadResult{ CertId: certId, }, nil From 0004eac764074570e140b1b88641020710e4b8bd Mon Sep 17 00:00:00 2001 From: fondoger Date: Thu, 17 Apr 2025 13:09:21 +0800 Subject: [PATCH 04/18] Modify code according to code suggestions --- .../core/deployer/providers/azure-keyvault/azure_keyvault.go | 4 ++-- .../core/uploader/providers/azure-keyvault/azure_keyvault.go | 1 - .../workflow/node/DeployNodeConfigFormAzureKeyVaultConfig.tsx | 2 +- ui/src/i18n/locales/en/nls.common.json | 1 - ui/src/i18n/locales/en/nls.workflow.nodes.json | 1 + ui/src/i18n/locales/zh/nls.common.json | 1 - ui/src/i18n/locales/zh/nls.workflow.nodes.json | 1 + 7 files changed, 5 insertions(+), 6 deletions(-) diff --git a/internal/pkg/core/deployer/providers/azure-keyvault/azure_keyvault.go b/internal/pkg/core/deployer/providers/azure-keyvault/azure_keyvault.go index c39ed892..95daeb7f 100644 --- a/internal/pkg/core/deployer/providers/azure-keyvault/azure_keyvault.go +++ b/internal/pkg/core/deployer/providers/azure-keyvault/azure_keyvault.go @@ -22,8 +22,8 @@ type DeployerConfig struct { CloudName string `json:"cloudName,omitempty"` // Key Vault 名称。 KeyVaultName string `json:"keyvaultName"` - // Certificate 名称。 - CertificateName string `json:"certificateName"` + // Certificate 名称,可选。 + CertificateName string `json:"certificateName,omitempty"` } type DeployerProvider struct { diff --git a/internal/pkg/core/uploader/providers/azure-keyvault/azure_keyvault.go b/internal/pkg/core/uploader/providers/azure-keyvault/azure_keyvault.go index 308cb5d4..78200571 100644 --- a/internal/pkg/core/uploader/providers/azure-keyvault/azure_keyvault.go +++ b/internal/pkg/core/uploader/providers/azure-keyvault/azure_keyvault.go @@ -157,7 +157,6 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe // 暂时的解决方法是,将 PEM 证书转换成 PFX 格式,然后再导入。 pfxCert, err := certutil.TransformCertificateFromPEMToPFX(certPem, privkeyPem, "") if err != nil { - u.logger.Error("failed to transform certificate from PEM to PFX", slog.String("certPem", certPem), slog.String("privkeyPem", privkeyPem)) return nil, xerrors.Wrap(err, "failed to transform certificate from PEM to PFX") } diff --git a/ui/src/components/workflow/node/DeployNodeConfigFormAzureKeyVaultConfig.tsx b/ui/src/components/workflow/node/DeployNodeConfigFormAzureKeyVaultConfig.tsx index 9518fd25..80120fae 100644 --- a/ui/src/components/workflow/node/DeployNodeConfigFormAzureKeyVaultConfig.tsx +++ b/ui/src/components/workflow/node/DeployNodeConfigFormAzureKeyVaultConfig.tsx @@ -41,7 +41,7 @@ const DeployNodeConfigFormAzureKeyVaultConfig = ({ .refine((v) =>{ if (!v) return true; return validAzureKeyVaultCertificateName(v); - }, t("common.errmsg.azure_keyvault_certificate_name_invalid")), + }, t("workflow_node.deploy.form.azure_keyvault_certificate_name.errmsg.invalid")), }); const formRule = createSchemaFieldRule(formSchema); diff --git a/ui/src/i18n/locales/en/nls.common.json b/ui/src/i18n/locales/en/nls.common.json index d72cd687..0c3cd5df 100644 --- a/ui/src/i18n/locales/en/nls.common.json +++ b/ui/src/i18n/locales/en/nls.common.json @@ -35,7 +35,6 @@ "common.errmsg.port_invalid": "Please enter a valid port", "common.errmsg.ip_invalid": "Please enter a valid IP address", "common.errmsg.url_invalid": "Please enter a valid URL", - "common.errmsg.azure_keyvault_certificate_name_invalid": "Certificate name can only contain letters, numbers, and hyphens (-), with a length limit of 1 to 127 characters", "common.notifier.bark": "Bark", "common.notifier.dingtalk": "DingTalk", diff --git a/ui/src/i18n/locales/en/nls.workflow.nodes.json b/ui/src/i18n/locales/en/nls.workflow.nodes.json index d0d88c1e..30dc637c 100644 --- a/ui/src/i18n/locales/en/nls.workflow.nodes.json +++ b/ui/src/i18n/locales/en/nls.workflow.nodes.json @@ -237,6 +237,7 @@ "workflow_node.deploy.form.azure_keyvault_certificate_name.label": "Azure KeyVault certificate name (Optional)", "workflow_node.deploy.form.azure_keyvault_certificate_name.placeholder": "Please enter Azure KeyVault certificate name", "workflow_node.deploy.form.azure_keyvault_certificate_name.tooltip": "If not filled in, a default name with a timestamp will be automatically generated.", + "workflow_node.deploy.form.azure_keyvault_certificate_name.errmsg.invalid": "Certificate name can only contain letters, numbers, and hyphens (-), with a length limit of 1 to 127 characters", "workflow_node.deploy.form.baiducloud_appblb_resource_type.label": "Resource type", "workflow_node.deploy.form.baiducloud_appblb_resource_type.placeholder": "Please select resource type", "workflow_node.deploy.form.baiducloud_appblb_resource_type.option.loadbalancer.label": "BLB load balancer", diff --git a/ui/src/i18n/locales/zh/nls.common.json b/ui/src/i18n/locales/zh/nls.common.json index 34a13ead..fe3a9e06 100644 --- a/ui/src/i18n/locales/zh/nls.common.json +++ b/ui/src/i18n/locales/zh/nls.common.json @@ -35,7 +35,6 @@ "common.errmsg.port_invalid": "请输入正确的端口号", "common.errmsg.ip_invalid": "请输入正确的 IP 地址", "common.errmsg.url_invalid": "请输入正确的 URL 地址", - "common.errmsg.azure_keyvault_certificate_name_invalid": "证书名称只能包含字母、数字和连字符(-),长度限制为 1 到 127 个字符", "common.notifier.bark": "Bark", "common.notifier.dingtalk": "钉钉", diff --git a/ui/src/i18n/locales/zh/nls.workflow.nodes.json b/ui/src/i18n/locales/zh/nls.workflow.nodes.json index ea6774e5..a06e9c58 100644 --- a/ui/src/i18n/locales/zh/nls.workflow.nodes.json +++ b/ui/src/i18n/locales/zh/nls.workflow.nodes.json @@ -236,6 +236,7 @@ "workflow_node.deploy.form.azure_keyvault_certificate_name.label": "Azure KeyVault 证书名称 (可选)", "workflow_node.deploy.form.azure_keyvault_certificate_name.placeholder": "请输入 Azure KeyVault 证书名称", "workflow_node.deploy.form.azure_keyvault_certificate_name.tooltip": "不填写时,会自动生成带时间戳的默认名称。", + "workflow_node.deploy.form.azure_keyvault_certificate_name.errmsg.invalid": "证书名称只能包含字母、数字和连字符(-),长度限制为 1 到 127 个字符", "workflow_node.deploy.form.baiducloud_appblb_resource_type.label": "证书替换方式", "workflow_node.deploy.form.baiducloud_appblb_resource_type.placeholder": "请选择证书替换方式", "workflow_node.deploy.form.baiducloud_appblb_resource_type.option.loadbalancer.label": "替换指定负载均衡器下的全部 HTTPS/SSL 监听的证书", From 6c70b0655a7276993034b5d4de61df2284aaad4c Mon Sep 17 00:00:00 2001 From: RHQYZ Date: Thu, 17 Apr 2025 13:39:04 +0800 Subject: [PATCH 05/18] chore: modify error log --- .../providers/volcengine-certcenter/volcengine_certcenter.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/pkg/core/uploader/providers/volcengine-certcenter/volcengine_certcenter.go b/internal/pkg/core/uploader/providers/volcengine-certcenter/volcengine_certcenter.go index b802dc25..66540699 100644 --- a/internal/pkg/core/uploader/providers/volcengine-certcenter/volcengine_certcenter.go +++ b/internal/pkg/core/uploader/providers/volcengine-certcenter/volcengine_certcenter.go @@ -80,7 +80,7 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe } if certId == "" { - return nil, xerrors.New("failed to get certId from importCertificateResp, both InstanceId and RepeatId are empty") + return nil, xerrors.New("failed to get certificate id, both `InstanceId` and `RepeatId` are empty") } return &uploader.UploadResult{ From 55d7a05af854fe51f9c013f2a96ec2d84c357794 Mon Sep 17 00:00:00 2001 From: Fu Diwei Date: Thu, 17 Apr 2025 21:44:40 +0800 Subject: [PATCH 06/18] fix: #615 --- internal/pkg/core/deployer/providers/ssh/ssh.go | 1 - 1 file changed, 1 deletion(-) diff --git a/internal/pkg/core/deployer/providers/ssh/ssh.go b/internal/pkg/core/deployer/providers/ssh/ssh.go index 8fba9490..3093ab42 100644 --- a/internal/pkg/core/deployer/providers/ssh/ssh.go +++ b/internal/pkg/core/deployer/providers/ssh/ssh.go @@ -243,7 +243,6 @@ func writeFileWithSCP(sshCli *ssh.Client, path string, data []byte) error { if err != nil { return xerrors.Wrap(err, "failed to create scp client") } - defer scpCli.Close() reader := bytes.NewReader(data) err = scpCli.CopyToRemote(reader, path, &scp.FileTransferOption{}) From 50b48d956fde3b6d5c90107fa6ac4d9aa8c464be Mon Sep 17 00:00:00 2001 From: Fu Diwei Date: Thu, 17 Apr 2025 22:08:05 +0800 Subject: [PATCH 07/18] fix: #617 --- internal/deployer/providers.go | 1 + internal/domain/access.go | 1 + .../providers/wangsu-cdnpro/wangsu_cdnpro.go | 8 +++++--- .../providers/wangsu-cdnpro/wangsu_cdnpro_test.go | 5 +++++ internal/pkg/vendors/wangsu-sdk/cdn/api.go | 2 +- .../components/access/AccessFormWangsuConfig.tsx | 15 +++++++++++++++ ui/src/domain/access.ts | 1 + ui/src/i18n/locales/en/nls.access.json | 3 +++ ui/src/i18n/locales/zh/nls.access.json | 3 +++ 9 files changed, 35 insertions(+), 4 deletions(-) diff --git a/internal/deployer/providers.go b/internal/deployer/providers.go index c2136d20..2b408f38 100644 --- a/internal/deployer/providers.go +++ b/internal/deployer/providers.go @@ -1016,6 +1016,7 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) { deployer, err := pWangsuCDNPro.NewDeployer(&pWangsuCDNPro.DeployerConfig{ AccessKeyId: access.AccessKeyId, AccessKeySecret: access.AccessKeySecret, + ApiKey: access.ApiKey, Environment: maputil.GetOrDefaultString(options.ProviderDeployConfig, "environment", "production"), Domain: maputil.GetString(options.ProviderDeployConfig, "domain"), CertificateId: maputil.GetString(options.ProviderDeployConfig, "certificateId"), diff --git a/internal/domain/access.go b/internal/domain/access.go index 9e419eaa..2c1e75a2 100644 --- a/internal/domain/access.go +++ b/internal/domain/access.go @@ -231,6 +231,7 @@ type AccessConfigForVolcEngine struct { type AccessConfigForWangsu struct { AccessKeyId string `json:"accessKeyId"` AccessKeySecret string `json:"accessKeySecret"` + ApiKey string `json:"apiKey"` } type AccessConfigForWebhook struct { diff --git a/internal/pkg/core/deployer/providers/wangsu-cdnpro/wangsu_cdnpro.go b/internal/pkg/core/deployer/providers/wangsu-cdnpro/wangsu_cdnpro.go index c5ac15b9..adcd7416 100644 --- a/internal/pkg/core/deployer/providers/wangsu-cdnpro/wangsu_cdnpro.go +++ b/internal/pkg/core/deployer/providers/wangsu-cdnpro/wangsu_cdnpro.go @@ -28,6 +28,8 @@ type DeployerConfig struct { AccessKeyId string `json:"accessKeyId"` // 网宿云 AccessKeySecret。 AccessKeySecret string `json:"accessKeySecret"` + // 网宿云 API Key。 + ApiKey string `json:"apiKey"` // 网宿云环境。 Environment string `json:"environment"` // 加速域名(支持泛域名)。 @@ -93,7 +95,7 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPe } // 生成网宿云证书参数 - encryptedPrivateKey, err := encryptPrivateKey(privkeyPem, d.config.AccessKeySecret, time.Now().Unix()) + encryptedPrivateKey, err := encryptPrivateKey(privkeyPem, d.config.ApiKey, time.Now().Unix()) if err != nil { return nil, xerrors.Wrap(err, "failed to encrypt private key") } @@ -231,11 +233,11 @@ func createSdkClient(accessKeyId, accessKeySecret string) (*wangsucdn.Client, er return wangsucdn.NewClient(accessKeyId, accessKeySecret), nil } -func encryptPrivateKey(privkeyPem string, secretKey string, timestamp int64) (string, error) { +func encryptPrivateKey(privkeyPem string, apiKey string, timestamp int64) (string, error) { date := time.Unix(timestamp, 0).UTC() dateStr := date.Format("Mon, 02 Jan 2006 15:04:05 GMT") - mac := hmac.New(sha256.New, []byte(secretKey)) + mac := hmac.New(sha256.New, []byte(apiKey)) mac.Write([]byte(dateStr)) aesivkey := mac.Sum(nil) aesivkeyHex := hex.EncodeToString(aesivkey) diff --git a/internal/pkg/core/deployer/providers/wangsu-cdnpro/wangsu_cdnpro_test.go b/internal/pkg/core/deployer/providers/wangsu-cdnpro/wangsu_cdnpro_test.go index 25dd7b1e..30c5edda 100644 --- a/internal/pkg/core/deployer/providers/wangsu-cdnpro/wangsu_cdnpro_test.go +++ b/internal/pkg/core/deployer/providers/wangsu-cdnpro/wangsu_cdnpro_test.go @@ -16,6 +16,7 @@ var ( fInputKeyPath string fAccessKeyId string fAccessKeySecret string + fApiKey string fEnvironment string fDomain string fCertificateId string @@ -29,6 +30,7 @@ func init() { flag.StringVar(&fInputKeyPath, argsPrefix+"INPUTKEYPATH", "", "") flag.StringVar(&fAccessKeyId, argsPrefix+"ACCESSKEYID", "", "") flag.StringVar(&fAccessKeySecret, argsPrefix+"ACCESSKEYSECRET", "", "") + flag.StringVar(&fApiKey, argsPrefix+"APIKEY", "", "") flag.StringVar(&fEnvironment, argsPrefix+"ENVIRONMENT", "production", "") flag.StringVar(&fDomain, argsPrefix+"DOMAIN", "", "") flag.StringVar(&fCertificateId, argsPrefix+"CERTIFICATEID", "", "") @@ -43,6 +45,7 @@ Shell command to run this test: --CERTIMATE_DEPLOYER_WANGSUCDNPRO_INPUTKEYPATH="/path/to/your-input-key.pem" \ --CERTIMATE_DEPLOYER_WANGSUCDNPRO_ACCESSKEYID="your-access-key-id" \ --CERTIMATE_DEPLOYER_WANGSUCDNPRO_ACCESSKEYSECRET="your-access-key-secret" \ + --CERTIMATE_DEPLOYER_WANGSUCDNPRO_APIKEY="your-api-key" \ --CERTIMATE_DEPLOYER_WANGSUCDNPRO_ENVIRONMENT="production" \ --CERTIMATE_DEPLOYER_WANGSUCDNPRO_DOMAIN="example.com" \ --CERTIMATE_DEPLOYER_WANGSUCDNPRO_CERTIFICATEID="your-certificate-id"\ @@ -58,6 +61,7 @@ func TestDeploy(t *testing.T) { fmt.Sprintf("INPUTKEYPATH: %v", fInputKeyPath), fmt.Sprintf("ACCESSKEYID: %v", fAccessKeyId), fmt.Sprintf("ACCESSKEYSECRET: %v", fAccessKeySecret), + fmt.Sprintf("APIKEY: %v", fApiKey), fmt.Sprintf("ENVIRONMENT: %v", fEnvironment), fmt.Sprintf("DOMAIN: %v", fDomain), fmt.Sprintf("CERTIFICATEID: %v", fCertificateId), @@ -67,6 +71,7 @@ func TestDeploy(t *testing.T) { deployer, err := provider.NewDeployer(&provider.DeployerConfig{ AccessKeyId: fAccessKeyId, AccessKeySecret: fAccessKeySecret, + ApiKey: fApiKey, Environment: fEnvironment, Domain: fDomain, CertificateId: fCertificateId, diff --git a/internal/pkg/vendors/wangsu-sdk/cdn/api.go b/internal/pkg/vendors/wangsu-sdk/cdn/api.go index dff719f1..d14e3fb1 100644 --- a/internal/pkg/vendors/wangsu-sdk/cdn/api.go +++ b/internal/pkg/vendors/wangsu-sdk/cdn/api.go @@ -53,6 +53,6 @@ func (c *Client) CreateDeploymentTask(req *CreateDeploymentTaskRequest) (*Create func (c *Client) GetDeploymentTaskDetail(deploymentTaskId string) (*GetDeploymentTaskDetailResponse, error) { resp := &GetDeploymentTaskDetailResponse{} - _, err := c.client.SendRequestWithResult(http.MethodGet, fmt.Sprintf("/cdn/deploymentTasks/%s", deploymentTaskId), nil, resp) + _, err := c.client.SendRequestWithResult(http.MethodGet, fmt.Sprintf("/cdn/deploymentTasks/%s", url.PathEscape(deploymentTaskId)), nil, resp) return resp, err } diff --git a/ui/src/components/access/AccessFormWangsuConfig.tsx b/ui/src/components/access/AccessFormWangsuConfig.tsx index f9676829..bb4f699c 100644 --- a/ui/src/components/access/AccessFormWangsuConfig.tsx +++ b/ui/src/components/access/AccessFormWangsuConfig.tsx @@ -19,6 +19,7 @@ const initFormModel = (): AccessFormWangsuConfigFieldValues => { return { accessKeyId: "", accessKeySecret: "", + apiKey: "", }; }; @@ -36,6 +37,11 @@ const AccessFormWangsuConfig = ({ form: formInst, formName, disabled, initialVal .min(1, t("access.form.wangsu_access_key_secret.placeholder")) .max(64, t("common.errmsg.string_max", { max: 64 })) .trim(), + apiKey: z + .string() + .min(1, t("access.form.wangsu_api_key.placeholder")) + .max(256, t("common.errmsg.string_max", { max: 256 })) + .trim(), }); const formRule = createSchemaFieldRule(formSchema); @@ -69,6 +75,15 @@ const AccessFormWangsuConfig = ({ form: formInst, formName, disabled, initialVal > + + } + > + + ); }; diff --git a/ui/src/domain/access.ts b/ui/src/domain/access.ts index 3015e4d0..b3533fcf 100644 --- a/ui/src/domain/access.ts +++ b/ui/src/domain/access.ts @@ -272,6 +272,7 @@ export type AccessConfigForVolcEngine = { export type AccessConfigForWangsu = { accessKeyId: string; accessKeySecret: string; + apiKey: string; }; export type AccessConfigForWebhook = { diff --git a/ui/src/i18n/locales/en/nls.access.json b/ui/src/i18n/locales/en/nls.access.json index b0b7f140..820d6409 100644 --- a/ui/src/i18n/locales/en/nls.access.json +++ b/ui/src/i18n/locales/en/nls.access.json @@ -304,6 +304,9 @@ "access.form.wangsu_access_key_secret.label": "Wangsu Cloud AccessKeySecret", "access.form.wangsu_access_key_secret.placeholder": "Please enter Wangsu Cloud AccessKeySecret", "access.form.wangsu_access_key_secret.tooltip": "For more information, see https://en.wangsu.com/document/account-manage/15775", + "access.form.wangsu_api_key.label": "Wangsu Cloud API key", + "access.form.wangsu_api_key.placeholder": "Please enter Wangsu Cloud API key", + "access.form.wangsu_api_key.tooltip": "For more information, see https://en.wangsu.com/document/account-manage/15776", "access.form.webhook_url.label": "Webhook URL", "access.form.webhook_url.placeholder": "Please enter Webhook URL", "access.form.webhook_allow_insecure_conns.label": "Insecure SSL/TLS connections", diff --git a/ui/src/i18n/locales/zh/nls.access.json b/ui/src/i18n/locales/zh/nls.access.json index bf068260..f5439aa9 100644 --- a/ui/src/i18n/locales/zh/nls.access.json +++ b/ui/src/i18n/locales/zh/nls.access.json @@ -304,6 +304,9 @@ "access.form.wangsu_access_key_secret.label": "网宿科技 AccessKeySecret", "access.form.wangsu_access_key_secret.placeholder": "请输入网宿科技 AccessKeySecret", "access.form.wangsu_access_key_secret.tooltip": "这是什么?请参阅 https://www.wangsu.com/document/account-manage/15775", + "access.form.wangsu_api_key.label": "网宿科技 API 接口密码", + "access.form.wangsu_api_key.placeholder": "请输入网宿科技 API 接口密码", + "access.form.wangsu_api_key.tooltip": "这是什么?请参阅 https://www.wangsu.com/document/account-manage/15776", "access.form.webhook_url.label": "Webhook 回调地址", "access.form.webhook_url.placeholder": "请输入 Webhook 回调地址", "access.form.webhook_allow_insecure_conns.label": "忽略 SSL/TLS 证书错误", From 7329a221323c911b06495aed08510e8953ac1813 Mon Sep 17 00:00:00 2001 From: Fu Diwei Date: Thu, 17 Apr 2025 22:11:45 +0800 Subject: [PATCH 08/18] chore(ui): improve i18n --- ui/src/i18n/locales/zh/nls.access.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/ui/src/i18n/locales/zh/nls.access.json b/ui/src/i18n/locales/zh/nls.access.json index f5439aa9..61338db2 100644 --- a/ui/src/i18n/locales/zh/nls.access.json +++ b/ui/src/i18n/locales/zh/nls.access.json @@ -299,13 +299,13 @@ "access.form.volcengine_secret_access_key.placeholder": "请输入火山引擎 SecretAccessKey", "access.form.volcengine_secret_access_key.tooltip": "这是什么?请参阅 https://www.volcengine.com/docs/6291/216571", "access.form.wangsu_access_key_id.label": "网宿云 AccessKeyId", - "access.form.wangsu_access_key_id.placeholder": "请输入网宿科技 AccessKeyId", + "access.form.wangsu_access_key_id.placeholder": "请输入网宿云 AccessKeyId", "access.form.wangsu_access_key_id.tooltip": "这是什么?请参阅 https://www.wangsu.com/document/account-manage/15775", - "access.form.wangsu_access_key_secret.label": "网宿科技 AccessKeySecret", - "access.form.wangsu_access_key_secret.placeholder": "请输入网宿科技 AccessKeySecret", + "access.form.wangsu_access_key_secret.label": "网宿云 AccessKeySecret", + "access.form.wangsu_access_key_secret.placeholder": "请输入网宿云 AccessKeySecret", "access.form.wangsu_access_key_secret.tooltip": "这是什么?请参阅 https://www.wangsu.com/document/account-manage/15775", - "access.form.wangsu_api_key.label": "网宿科技 API 接口密码", - "access.form.wangsu_api_key.placeholder": "请输入网宿科技 API 接口密码", + "access.form.wangsu_api_key.label": "网宿云 API 接口密码", + "access.form.wangsu_api_key.placeholder": "请输入网宿云 API 接口密码", "access.form.wangsu_api_key.tooltip": "这是什么?请参阅 https://www.wangsu.com/document/account-manage/15776", "access.form.webhook_url.label": "Webhook 回调地址", "access.form.webhook_url.placeholder": "请输入 Webhook 回调地址", From 283b150d60070cadb8be3aecc822fa6aadf3b8ed Mon Sep 17 00:00:00 2001 From: Fu Diwei Date: Fri, 18 Apr 2025 17:46:40 +0800 Subject: [PATCH 09/18] refactor: re-impl azure keyvault deployer --- .../azure-keyvault/azure_keyvault.go | 119 ++++++++++++++++-- .../azure-keyvault/azure_keyvault.go | 20 +-- .../azure-keyvault/azure_keyvault_test.go | 44 +++---- ...eployNodeConfigFormAzureKeyVaultConfig.tsx | 4 +- .../i18n/locales/en/nls.workflow.nodes.json | 2 +- .../i18n/locales/zh/nls.workflow.nodes.json | 4 +- ui/src/utils/validators.ts | 5 - 7 files changed, 140 insertions(+), 58 deletions(-) diff --git a/internal/pkg/core/deployer/providers/azure-keyvault/azure_keyvault.go b/internal/pkg/core/deployer/providers/azure-keyvault/azure_keyvault.go index 95daeb7f..422d39d5 100644 --- a/internal/pkg/core/deployer/providers/azure-keyvault/azure_keyvault.go +++ b/internal/pkg/core/deployer/providers/azure-keyvault/azure_keyvault.go @@ -2,13 +2,23 @@ import ( "context" + "crypto/x509" + "encoding/base64" + "errors" + "fmt" "log/slog" + "github.com/Azure/azure-sdk-for-go/sdk/azcore" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" + "github.com/Azure/azure-sdk-for-go/sdk/azidentity" + "github.com/Azure/azure-sdk-for-go/sdk/keyvault/azcertificates" xerrors "github.com/pkg/errors" "github.com/usual2970/certimate/internal/pkg/core/deployer" "github.com/usual2970/certimate/internal/pkg/core/uploader" uploadersp "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/azure-keyvault" + "github.com/usual2970/certimate/internal/pkg/utils/certutil" + azcommon "github.com/usual2970/certimate/internal/pkg/vendors/azure-sdk/common" ) type DeployerConfig struct { @@ -22,13 +32,15 @@ type DeployerConfig struct { CloudName string `json:"cloudName,omitempty"` // Key Vault 名称。 KeyVaultName string `json:"keyvaultName"` - // Certificate 名称,可选。 + // Key Vault 证书名称。 + // 选填。 CertificateName string `json:"certificateName,omitempty"` } type DeployerProvider struct { config *DeployerConfig logger *slog.Logger + sdkClient *azcertificates.Client sslUploader uploader.Uploader } @@ -39,13 +51,17 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) { panic("config is nil") } + client, err := createSdkClient(config.TenantId, config.ClientId, config.ClientSecret, config.CloudName, config.KeyVaultName) + if err != nil { + return nil, xerrors.Wrap(err, "failed to create sdk client") + } + uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{ - TenantId: config.TenantId, - ClientId: config.ClientId, - ClientSecret: config.ClientSecret, - CloudName: config.CloudName, - KeyVaultName: config.KeyVaultName, - CertificateName: config.CertificateName, + TenantId: config.TenantId, + ClientId: config.ClientId, + ClientSecret: config.ClientSecret, + CloudName: config.CloudName, + KeyVaultName: config.KeyVaultName, }) if err != nil { return nil, xerrors.Wrap(err, "failed to create ssl uploader") @@ -54,6 +70,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) { return &DeployerProvider{ config: config, logger: slog.Default(), + sdkClient: client, sslUploader: uploader, }, nil } @@ -69,13 +86,93 @@ func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer { } func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPem string) (*deployer.DeployResult, error) { - // 上传证书到 KeyVault - upres, err := d.sslUploader.Upload(ctx, certPem, privkeyPem) + // 解析证书内容 + certX509, err := certutil.ParseCertificateFromPEM(certPem) if err != nil { - return nil, xerrors.Wrap(err, "failed to upload certificate file") + return nil, err + } + + // 转换证书格式 + certPfx, err := certutil.TransformCertificateFromPEMToPFX(certPem, privkeyPem, "") + if err != nil { + return nil, xerrors.Wrap(err, "failed to transform certificate from PEM to PFX") + } + + if d.config.CertificateName == "" { + // 上传证书到 KeyVault + upres, err := d.sslUploader.Upload(ctx, certPem, privkeyPem) + if err != nil { + return nil, xerrors.Wrap(err, "failed to upload certificate file") + } else { + d.logger.Info("ssl certificate uploaded", slog.Any("result", upres)) + } } else { - d.logger.Info("ssl certificate uploaded", slog.Any("result", upres)) + // 获取证书 + // REF: https://learn.microsoft.com/en-us/rest/api/keyvault/certificates/get-certificate/get-certificate + getCertificateResp, err := d.sdkClient.GetCertificate(context.TODO(), d.config.CertificateName, "", nil) + d.logger.Debug("sdk request 'keyvault.GetCertificate'", slog.String("request.certificateName", d.config.CertificateName), slog.Any("response", getCertificateResp)) + if err != nil { + var respErr *azcore.ResponseError + if !errors.As(err, &respErr) || (respErr.ErrorCode != "ResourceNotFound" && respErr.ErrorCode != "CertificateNotFound") { + return nil, xerrors.Wrap(err, "failed to execute sdk request 'keyvault.GetCertificate'") + } + } else { + oldCertX509, err := x509.ParseCertificate(getCertificateResp.CER) + if err == nil { + if certutil.EqualCertificate(certX509, oldCertX509) { + return &deployer.DeployResult{}, nil + } + } + } + + // 导入证书 + // REF: https://learn.microsoft.com/en-us/rest/api/keyvault/certificates/import-certificate/import-certificate + importCertificateParams := azcertificates.ImportCertificateParameters{ + Base64EncodedCertificate: to.Ptr(base64.StdEncoding.EncodeToString(certPfx)), + CertificatePolicy: &azcertificates.CertificatePolicy{ + SecretProperties: &azcertificates.SecretProperties{ + ContentType: to.Ptr("application/x-pkcs12"), + }, + }, + Tags: map[string]*string{ + "certimate/cert-cn": to.Ptr(certX509.Subject.CommonName), + "certimate/cert-sn": to.Ptr(certX509.SerialNumber.Text(16)), + }, + } + importCertificateResp, err := d.sdkClient.ImportCertificate(context.TODO(), d.config.CertificateName, importCertificateParams, nil) + d.logger.Debug("sdk request 'keyvault.ImportCertificate'", slog.String("request.certificateName", d.config.CertificateName), slog.Any("request.parameters", importCertificateParams), slog.Any("response", importCertificateResp)) + if err != nil { + return nil, xerrors.Wrap(err, "failed to execute sdk request 'keyvault.ImportCertificate'") + } } return &deployer.DeployResult{}, nil } + +func createSdkClient(tenantId, clientId, clientSecret, cloudName, keyvaultName string) (*azcertificates.Client, error) { + env, err := azcommon.GetCloudEnvironmentConfiguration(cloudName) + if err != nil { + return nil, err + } + clientOptions := azcore.ClientOptions{Cloud: env} + + credential, err := azidentity.NewClientSecretCredential(tenantId, clientId, clientSecret, + &azidentity.ClientSecretCredentialOptions{ClientOptions: clientOptions}) + if err != nil { + return nil, err + } + + endpoint := fmt.Sprintf("https://%s.vault.azure.net", keyvaultName) + if azcommon.IsEnvironmentGovernment(cloudName) { + endpoint = fmt.Sprintf("https://%s.vault.usgovcloudapi.net", keyvaultName) + } else if azcommon.IsEnvironmentChina(cloudName) { + endpoint = fmt.Sprintf("https://%s.vault.azure.cn", keyvaultName) + } + + client, err := azcertificates.NewClient(endpoint, credential, nil) + if err != nil { + return nil, err + } + + return client, nil +} diff --git a/internal/pkg/core/uploader/providers/azure-keyvault/azure_keyvault.go b/internal/pkg/core/uploader/providers/azure-keyvault/azure_keyvault.go index 78200571..36af11c7 100644 --- a/internal/pkg/core/uploader/providers/azure-keyvault/azure_keyvault.go +++ b/internal/pkg/core/uploader/providers/azure-keyvault/azure_keyvault.go @@ -30,8 +30,6 @@ type UploaderConfig struct { CloudName string `json:"cloudName,omitempty"` // Key Vault 名称。 KeyVaultName string `json:"keyvaultName"` - // Certificate 名称。 - CertificateName string `json:"certificateName,omitempty"` } type UploaderProvider struct { @@ -91,11 +89,6 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe } for _, certItem := range page.Value { - // 如果已经指定了证书名称,则跳过证书名称不匹配的证书 - if u.config.CertificateName != "" && certItem.ID.Name() != u.config.CertificateName { - continue - } - // 先对比证书有效期 if certItem.Attributes == nil { continue @@ -146,16 +139,13 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe } } - certName := u.config.CertificateName - if certName == "" { - // 未指定证书名称时,生成包含timestamp的新证书名(需符合 Azure 命名规则) - certName = fmt.Sprintf("certimate-%d", time.Now().UnixMilli()) - } + // 生成新证书名(需符合 Azure 命名规则) + certName := fmt.Sprintf("certimate-%d", time.Now().UnixMilli()) - // Azure Key Vault 不支持导入带有Certificiate Chain的PEM证书。 + // Azure Key Vault 不支持导入带有 Certificiate Chain 的 PEM 证书。 // Issue Link: https://github.com/Azure/azure-cli/issues/19017 // 暂时的解决方法是,将 PEM 证书转换成 PFX 格式,然后再导入。 - pfxCert, err := certutil.TransformCertificateFromPEMToPFX(certPem, privkeyPem, "") + certPfx, err := certutil.TransformCertificateFromPEMToPFX(certPem, privkeyPem, "") if err != nil { return nil, xerrors.Wrap(err, "failed to transform certificate from PEM to PFX") } @@ -163,7 +153,7 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe // 导入证书 // REF: https://learn.microsoft.com/en-us/rest/api/keyvault/certificates/import-certificate/import-certificate importCertificateParams := azcertificates.ImportCertificateParameters{ - Base64EncodedCertificate: to.Ptr(base64.StdEncoding.EncodeToString(pfxCert)), + Base64EncodedCertificate: to.Ptr(base64.StdEncoding.EncodeToString(certPfx)), CertificatePolicy: &azcertificates.CertificatePolicy{ SecretProperties: &azcertificates.SecretProperties{ ContentType: to.Ptr("application/x-pkcs12"), diff --git a/internal/pkg/core/uploader/providers/azure-keyvault/azure_keyvault_test.go b/internal/pkg/core/uploader/providers/azure-keyvault/azure_keyvault_test.go index 3a8ff985..8ef63a80 100644 --- a/internal/pkg/core/uploader/providers/azure-keyvault/azure_keyvault_test.go +++ b/internal/pkg/core/uploader/providers/azure-keyvault/azure_keyvault_test.go @@ -13,13 +13,13 @@ import ( ) var ( - fInputCertPath string - fInputKeyPath string - fTenantId string - fAccessKeyId string - fSecretAccessKey string - fKeyVaultName string - fCertificateName string + fInputCertPath string + fInputKeyPath string + fTenantId string + fClientId string + fClientSecret string + fCloudName string + fKeyVaultName string ) func init() { @@ -28,10 +28,10 @@ func init() { flag.StringVar(&fInputCertPath, argsPrefix+"INPUTCERTPATH", "", "") flag.StringVar(&fInputKeyPath, argsPrefix+"INPUTKEYPATH", "", "") flag.StringVar(&fTenantId, argsPrefix+"TENANTID", "", "") - flag.StringVar(&fAccessKeyId, argsPrefix+"ACCESSKEYID", "", "") - flag.StringVar(&fSecretAccessKey, argsPrefix+"SECRETACCESSKEY", "", "") + flag.StringVar(&fClientId, argsPrefix+"CLIENTID", "", "") + flag.StringVar(&fClientSecret, argsPrefix+"CLIENTSECRET", "", "") + flag.StringVar(&fCloudName, argsPrefix+"CLOUDNAME", "", "") flag.StringVar(&fKeyVaultName, argsPrefix+"KEYVAULTNAME", "", "") - flag.StringVar(&fCertificateName, argsPrefix+"CERTIFICATENAME", "", "") } /* @@ -41,10 +41,10 @@ Shell command to run this test: --CERTIMATE_UPLOADER_AZUREKEYVAULT_INPUTCERTPATH="/path/to/your-input-cert.pem" \ --CERTIMATE_UPLOADER_AZUREKEYVAULT_INPUTKEYPATH="/path/to/your-input-key.pem" \ --CERTIMATE_UPLOADER_AZUREKEYVAULT_TENANTID="your-tenant-id" \ - --CERTIMATE_UPLOADER_AZUREKEYVAULT_ACCESSKEYID="your-app-registration-client-id" \ - --CERTIMATE_UPLOADER_AZUREKEYVAULT_SECRETACCESSKEY="your-app-registration-client-secret" \ - --CERTIMATE_UPLOADER_AZUREKEYVAULT_KEYVAULTNAME="your-keyvault-name" \ - --CERTIMATE_UPLOADER_AZUREKEYVAULT_CERTIFICATENAME="your-certificate-name" + --CERTIMATE_UPLOADER_AZUREKEYVAULT_CLIENTID="your-app-registration-client-id" \ + --CERTIMATE_UPLOADER_AZUREKEYVAULT_CLIENTSECRET="your-app-registration-client-secret" \ + --CERTIMATE_UPLOADER_AZUREKEYVAULT_CLOUDNAME="china" \ + --CERTIMATE_UPLOADER_AZUREKEYVAULT_KEYVAULTNAME="your-keyvault-name" */ func TestDeploy(t *testing.T) { flag.Parse() @@ -55,18 +55,18 @@ func TestDeploy(t *testing.T) { fmt.Sprintf("INPUTCERTPATH: %v", fInputCertPath), fmt.Sprintf("INPUTKEYPATH: %v", fInputKeyPath), fmt.Sprintf("TENANTID: %v", fTenantId), - fmt.Sprintf("ACCESSKEYID: %v", fAccessKeyId), - fmt.Sprintf("SECRETACCESSKEY: %v", fSecretAccessKey), + fmt.Sprintf("CLIENTID: %v", fClientId), + fmt.Sprintf("CLIENTSECRET: %v", fClientSecret), + fmt.Sprintf("CLOUDNAME: %v", fCloudName), fmt.Sprintf("KEYVAULTNAME: %v", fKeyVaultName), - fmt.Sprintf("CERTIFICATENAME: %v", fCertificateName), }, "\n")) uploader, err := provider.NewUploader(&provider.UploaderConfig{ - TenantId: fTenantId, - ClientId: fAccessKeyId, - ClientSecret: fSecretAccessKey, - KeyVaultName: fKeyVaultName, - CertificateName: fCertificateName, + TenantId: fTenantId, + ClientId: fClientId, + ClientSecret: fClientSecret, + CloudName: fCloudName, + KeyVaultName: fKeyVaultName, }) if err != nil { t.Errorf("err: %+v", err) diff --git a/ui/src/components/workflow/node/DeployNodeConfigFormAzureKeyVaultConfig.tsx b/ui/src/components/workflow/node/DeployNodeConfigFormAzureKeyVaultConfig.tsx index 80120fae..6826d277 100644 --- a/ui/src/components/workflow/node/DeployNodeConfigFormAzureKeyVaultConfig.tsx +++ b/ui/src/components/workflow/node/DeployNodeConfigFormAzureKeyVaultConfig.tsx @@ -2,7 +2,6 @@ import { useTranslation } from "react-i18next"; import { Form, type FormInstance, Input } from "antd"; import { createSchemaFieldRule } from "antd-zod"; import { z } from "zod"; -import { validAzureKeyVaultCertificateName } from "@/utils/validators"; type DeployNodeConfigFormAzureKeyVaultConfigFieldValues = Nullish<{ keyvaultName: string; @@ -40,7 +39,7 @@ const DeployNodeConfigFormAzureKeyVaultConfig = ({ .nullish() .refine((v) =>{ if (!v) return true; - return validAzureKeyVaultCertificateName(v); + return /^[a-zA-Z0-9-]{1,127}$/.test(v); }, t("workflow_node.deploy.form.azure_keyvault_certificate_name.errmsg.invalid")), }); const formRule = createSchemaFieldRule(formSchema); @@ -66,6 +65,7 @@ const DeployNodeConfigFormAzureKeyVaultConfig = ({ > + https://learn.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates", "workflow_node.deploy.form.azure_keyvault_certificate_name.label": "Azure KeyVault certificate name (Optional)", "workflow_node.deploy.form.azure_keyvault_certificate_name.placeholder": "Please enter Azure KeyVault certificate name", - "workflow_node.deploy.form.azure_keyvault_certificate_name.tooltip": "If not filled in, a default name with a timestamp will be automatically generated.", + "workflow_node.deploy.form.azure_keyvault_certificate_name.tooltip": "Leave it blank to use a default name generated by Certimate.", "workflow_node.deploy.form.azure_keyvault_certificate_name.errmsg.invalid": "Certificate name can only contain letters, numbers, and hyphens (-), with a length limit of 1 to 127 characters", "workflow_node.deploy.form.baiducloud_appblb_resource_type.label": "Resource type", "workflow_node.deploy.form.baiducloud_appblb_resource_type.placeholder": "Please select resource type", diff --git a/ui/src/i18n/locales/zh/nls.workflow.nodes.json b/ui/src/i18n/locales/zh/nls.workflow.nodes.json index a06e9c58..3b553b47 100644 --- a/ui/src/i18n/locales/zh/nls.workflow.nodes.json +++ b/ui/src/i18n/locales/zh/nls.workflow.nodes.json @@ -233,9 +233,9 @@ "workflow_node.deploy.form.azure_keyvault_name.label": "Azure KeyVault 名称", "workflow_node.deploy.form.azure_keyvault_name.placeholder": "请输入 Azure KeyVault 名称", "workflow_node.deploy.form.azure_keyvault_name.tooltip": "这是什么?请参阅 https://learn.microsoft.com/zh-cn/azure/key-vault/general/about-keys-secrets-certificates", - "workflow_node.deploy.form.azure_keyvault_certificate_name.label": "Azure KeyVault 证书名称 (可选)", + "workflow_node.deploy.form.azure_keyvault_certificate_name.label": "Azure KeyVault 证书名称(可选)", "workflow_node.deploy.form.azure_keyvault_certificate_name.placeholder": "请输入 Azure KeyVault 证书名称", - "workflow_node.deploy.form.azure_keyvault_certificate_name.tooltip": "不填写时,会自动生成带时间戳的默认名称。", + "workflow_node.deploy.form.azure_keyvault_certificate_name.tooltip": "不填写时,将由 Certimate 自动生成证书名称。", "workflow_node.deploy.form.azure_keyvault_certificate_name.errmsg.invalid": "证书名称只能包含字母、数字和连字符(-),长度限制为 1 到 127 个字符", "workflow_node.deploy.form.baiducloud_appblb_resource_type.label": "证书替换方式", "workflow_node.deploy.form.baiducloud_appblb_resource_type.placeholder": "请选择证书替换方式", diff --git a/ui/src/utils/validators.ts b/ui/src/utils/validators.ts index 14b49fb7..05d43edd 100644 --- a/ui/src/utils/validators.ts +++ b/ui/src/utils/validators.ts @@ -9,11 +9,6 @@ export const validDomainName = (value: string, { allowWildcard = false }: { allo return re.test(value); }; -export const validAzureKeyVaultCertificateName = (value: string) => { - const re = /^[a-zA-Z0-9-]{1,127}$/; - return re.test(value); -} - export const validEmailAddress = (value: string) => { const re = /^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$/; return re.test(value); From eb45b56a8729d997b3dace81238efdd8f2ed404e Mon Sep 17 00:00:00 2001 From: Fu Diwei Date: Fri, 18 Apr 2025 17:54:51 +0800 Subject: [PATCH 10/18] fix: ignore wangsu api responses without content --- internal/pkg/vendors/wangsu-sdk/openapi/client.go | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/internal/pkg/vendors/wangsu-sdk/openapi/client.go b/internal/pkg/vendors/wangsu-sdk/openapi/client.go index 6492aba8..709f4e2c 100644 --- a/internal/pkg/vendors/wangsu-sdk/openapi/client.go +++ b/internal/pkg/vendors/wangsu-sdk/openapi/client.go @@ -178,8 +178,11 @@ func (c *Client) SendRequestWithResult(method string, path string, params interf return resp, err } - if err := json.Unmarshal(resp.Body(), &result); err != nil { - return resp, fmt.Errorf("wangsu api error: failed to parse response: %w", err) + respBody := resp.Body() + if len(respBody) != 0 { + if err := json.Unmarshal(respBody, &result); err != nil { + return resp, fmt.Errorf("wangsu api error: failed to parse response: %w", err) + } } result.SetRequestId(resp.Header().Get("x-cnc-request-id")) From c10ceed75345543cc6d2c669988e826c3d93f3c2 Mon Sep 17 00:00:00 2001 From: Fu Diwei Date: Fri, 18 Apr 2025 18:04:52 +0800 Subject: [PATCH 11/18] feat: improve log --- .../core/deployer/providers/wangsu-cdnpro/wangsu_cdnpro.go | 4 ++-- internal/pkg/vendors/wangsu-sdk/cdn/models.go | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/internal/pkg/core/deployer/providers/wangsu-cdnpro/wangsu_cdnpro.go b/internal/pkg/core/deployer/providers/wangsu-cdnpro/wangsu_cdnpro.go index adcd7416..ba0e2cca 100644 --- a/internal/pkg/core/deployer/providers/wangsu-cdnpro/wangsu_cdnpro.go +++ b/internal/pkg/core/deployer/providers/wangsu-cdnpro/wangsu_cdnpro.go @@ -214,8 +214,8 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPe break } - d.logger.Info("waiting for deployment task completion ...") - time.Sleep(time.Second * 15) + d.logger.Info(fmt.Sprintf("waiting for deployment task completion (current status: %s) ...", getDeploymentTaskDetailResp.Status)) + time.Sleep(time.Second * 5) } return &deployer.DeployResult{}, nil diff --git a/internal/pkg/vendors/wangsu-sdk/cdn/models.go b/internal/pkg/vendors/wangsu-sdk/cdn/models.go index 0126418a..765cd613 100644 --- a/internal/pkg/vendors/wangsu-sdk/cdn/models.go +++ b/internal/pkg/vendors/wangsu-sdk/cdn/models.go @@ -97,6 +97,8 @@ type CreateDeploymentTaskResponse struct { type GetDeploymentTaskDetailResponse struct { baseResponse + Id string `json:"id"` + Name string `json:"name"` Target string `json:"target"` Actions []DeploymentTaskAction `json:"actions"` Status string `json:"status"` From 32ff658e841dbd18a2aeacadf03b9c9f4ca033b8 Mon Sep 17 00:00:00 2001 From: Fu Diwei Date: Fri, 18 Apr 2025 18:20:01 +0800 Subject: [PATCH 12/18] fix: #626 --- internal/pkg/vendors/cdnfly-sdk/models.go | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/internal/pkg/vendors/cdnfly-sdk/models.go b/internal/pkg/vendors/cdnfly-sdk/models.go index 07497cd3..9622627a 100644 --- a/internal/pkg/vendors/cdnfly-sdk/models.go +++ b/internal/pkg/vendors/cdnfly-sdk/models.go @@ -1,6 +1,6 @@ package cdnflysdk -import "encoding/json" +import "fmt" type BaseResponse interface { GetCode() string @@ -8,12 +8,24 @@ type BaseResponse interface { } type baseResponse struct { - Code json.Number `json:"code"` - Message string `json:"msg"` + Code any `json:"code"` + Message string `json:"msg"` } func (r *baseResponse) GetCode() string { - return r.Code.String() + if r.Code == nil { + return "" + } + + if code, ok := r.Code.(int); ok { + return fmt.Sprintf("%d", code) + } + + if code, ok := r.Code.(string); ok { + return code + } + + return "" } func (r *baseResponse) GetMessage() string { From 5bce03410ecf2c957b702847ab66bd1fdeebf4e7 Mon Sep 17 00:00:00 2001 From: Fu Diwei Date: Fri, 18 Apr 2025 20:51:23 +0800 Subject: [PATCH 13/18] feat: add aliyun apigw deployer --- go.mod | 2 + go.sum | 4 + internal/deployer/providers.go | 15 +- internal/domain/provider.go | 1 + .../providers/aliyun-apigw/aliyun_apigw.go | 269 ++++++++++++++++++ .../aliyun-apigw/aliyun_apigw_test.go | 95 +++++++ .../deployer/providers/aliyun-apigw/consts.go | 10 + .../workflow/node/DeployNodeConfigForm.tsx | 3 + .../DeployNodeConfigFormAliyunAPIGWConfig.tsx | 133 +++++++++ ui/src/domain/provider.ts | 2 + ui/src/i18n/locales/en/nls.provider.json | 1 + .../i18n/locales/en/nls.workflow.nodes.json | 16 ++ ui/src/i18n/locales/zh/nls.provider.json | 1 + .../i18n/locales/zh/nls.workflow.nodes.json | 16 ++ 14 files changed, 567 insertions(+), 1 deletion(-) create mode 100644 internal/pkg/core/deployer/providers/aliyun-apigw/aliyun_apigw.go create mode 100644 internal/pkg/core/deployer/providers/aliyun-apigw/aliyun_apigw_test.go create mode 100644 internal/pkg/core/deployer/providers/aliyun-apigw/consts.go create mode 100644 ui/src/components/workflow/node/DeployNodeConfigFormAliyunAPIGWConfig.tsx diff --git a/go.mod b/go.mod index c9cdb902..0827c9df 100644 --- a/go.mod +++ b/go.mod @@ -73,6 +73,8 @@ require ( github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resourcegraph/armresourcegraph v0.9.0 // indirect github.com/AzureAD/microsoft-authentication-library-for-go v1.3.3 // indirect github.com/alibabacloud-go/alibabacloud-gateway-fc-util v0.0.7 // indirect + github.com/alibabacloud-go/apig-20240327/v3 v3.2.2 // indirect + github.com/alibabacloud-go/cloudapi-20160714/v5 v5.7.2 // indirect github.com/alibabacloud-go/openplatform-20191219/v2 v2.0.1 // indirect github.com/alibabacloud-go/tea-fileform v1.1.1 // indirect github.com/alibabacloud-go/tea-oss-sdk v1.1.3 // indirect diff --git a/go.sum b/go.sum index f7267783..0b164a0d 100644 --- a/go.sum +++ b/go.sum @@ -95,10 +95,14 @@ github.com/alibabacloud-go/alibabacloud-gateway-pop v0.0.6/go.mod h1:4EUIoxs/do2 github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.4/go.mod h1:sCavSAvdzOjul4cEqeVtvlSaSScfNsTQ+46HwlTL1hc= github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.5 h1:zE8vH9C7JiZLNJJQ5OwjU9mSi4T9ef9u3BURT6LCLC8= github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.5/go.mod h1:tWnyE9AjF8J8qqLk645oUmVUnFybApTQWklQmi5tY6g= +github.com/alibabacloud-go/apig-20240327/v3 v3.2.2 h1:yH84ePgqtA2tF3ly7Tf3AA5ogl2SC8kqCNG4+zz4yo4= +github.com/alibabacloud-go/apig-20240327/v3 v3.2.2/go.mod h1:XLaCapbSH7olJTs42wisDO9JvX9BGy5acZk0bLNejDs= github.com/alibabacloud-go/cas-20200407/v3 v3.0.4 h1:ngRlctbt135zoujwX0lXSv9m4h1/bmg/yalQS0z1EWc= github.com/alibabacloud-go/cas-20200407/v3 v3.0.4/go.mod h1:6n9MZ9SH3HlSzfe2oKwjOqhJx3dxvW2gMDO+lq8t9U4= github.com/alibabacloud-go/cdn-20180510/v5 v5.2.2 h1:+KJOPukTM+xMyiLOW5qBwYKG2df3Ar7coRsqc1juKO8= github.com/alibabacloud-go/cdn-20180510/v5 v5.2.2/go.mod h1:GnPiPL3HlzCi8SGiLiVgKrAFkP1vTtcF4yGtjsl4wfo= +github.com/alibabacloud-go/cloudapi-20160714/v5 v5.7.2 h1:Ug50clztqiQAy5t0R9Vejibz2Xgxm1Tpw2Y6A9eAwRE= +github.com/alibabacloud-go/cloudapi-20160714/v5 v5.7.2/go.mod h1:l9Zd2FanDUO2UqHJSPnOv+cY9DVT+YXcr97zfpSHywo= github.com/alibabacloud-go/darabonba-array v0.1.0 h1:vR8s7b1fWAQIjEjWnuF0JiKsCvclSRTfDzZHTYqfufY= github.com/alibabacloud-go/darabonba-array v0.1.0/go.mod h1:BLKxr0brnggqOJPqT09DFJ8g3fsDshapUD3C3aOEFaI= github.com/alibabacloud-go/darabonba-encode-util v0.0.2 h1:1uJGrbsGEVqWcWxrS9MyC2NG0Ax+GpOM5gtupki31XE= diff --git a/internal/deployer/providers.go b/internal/deployer/providers.go index c2136d20..421ab2f3 100644 --- a/internal/deployer/providers.go +++ b/internal/deployer/providers.go @@ -9,6 +9,7 @@ import ( p1PanelConsole "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/1panel-console" p1PanelSite "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/1panel-site" pAliyunALB "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aliyun-alb" + pAliyunAPIGW "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aliyun-apigw" pAliyunCAS "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aliyun-cas" pAliyunCASDeploy "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aliyun-cas-deploy" pAliyunCDN "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aliyun-cdn" @@ -117,7 +118,7 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) { } } - case domain.DeployProviderTypeAliyunALB, domain.DeployProviderTypeAliyunCAS, domain.DeployProviderTypeAliyunCASDeploy, domain.DeployProviderTypeAliyunCDN, domain.DeployProviderTypeAliyunCLB, domain.DeployProviderTypeAliyunDCDN, domain.DeployProviderTypeAliyunESA, domain.DeployProviderTypeAliyunFC, domain.DeployProviderTypeAliyunLive, domain.DeployProviderTypeAliyunNLB, domain.DeployProviderTypeAliyunOSS, domain.DeployProviderTypeAliyunVOD, domain.DeployProviderTypeAliyunWAF: + case domain.DeployProviderTypeAliyunALB, domain.DeployProviderTypeAliyunAPIGW, domain.DeployProviderTypeAliyunCAS, domain.DeployProviderTypeAliyunCASDeploy, domain.DeployProviderTypeAliyunCDN, domain.DeployProviderTypeAliyunCLB, domain.DeployProviderTypeAliyunDCDN, domain.DeployProviderTypeAliyunESA, domain.DeployProviderTypeAliyunFC, domain.DeployProviderTypeAliyunLive, domain.DeployProviderTypeAliyunNLB, domain.DeployProviderTypeAliyunOSS, domain.DeployProviderTypeAliyunVOD, domain.DeployProviderTypeAliyunWAF: { access := domain.AccessConfigForAliyun{} if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil { @@ -137,6 +138,18 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) { }) return deployer, err + case domain.DeployProviderTypeAliyunAPIGW: + deployer, err := pAliyunAPIGW.NewDeployer(&pAliyunAPIGW.DeployerConfig{ + AccessKeyId: access.AccessKeyId, + AccessKeySecret: access.AccessKeySecret, + Region: maputil.GetString(options.ProviderDeployConfig, "region"), + ServiceType: pAliyunAPIGW.ServiceType(maputil.GetString(options.ProviderDeployConfig, "serviceType")), + GatewayId: maputil.GetString(options.ProviderDeployConfig, "gatewayId"), + GroupId: maputil.GetString(options.ProviderDeployConfig, "groupId"), + Domain: maputil.GetString(options.ProviderDeployConfig, "domain"), + }) + return deployer, err + case domain.DeployProviderTypeAliyunCAS: deployer, err := pAliyunCAS.NewDeployer(&pAliyunCAS.DeployerConfig{ AccessKeyId: access.AccessKeyId, diff --git a/internal/domain/provider.go b/internal/domain/provider.go index 668612f7..aae360a4 100644 --- a/internal/domain/provider.go +++ b/internal/domain/provider.go @@ -146,6 +146,7 @@ const ( DeployProviderType1PanelConsole = DeployProviderType("1panel-console") DeployProviderType1PanelSite = DeployProviderType("1panel-site") DeployProviderTypeAliyunALB = DeployProviderType("aliyun-alb") + DeployProviderTypeAliyunAPIGW = DeployProviderType("aliyun-apigw") DeployProviderTypeAliyunCAS = DeployProviderType("aliyun-cas") DeployProviderTypeAliyunCASDeploy = DeployProviderType("aliyun-casdeploy") DeployProviderTypeAliyunCDN = DeployProviderType("aliyun-cdn") diff --git a/internal/pkg/core/deployer/providers/aliyun-apigw/aliyun_apigw.go b/internal/pkg/core/deployer/providers/aliyun-apigw/aliyun_apigw.go new file mode 100644 index 00000000..12b43616 --- /dev/null +++ b/internal/pkg/core/deployer/providers/aliyun-apigw/aliyun_apigw.go @@ -0,0 +1,269 @@ +package aliyunapigw + +import ( + "context" + "errors" + "fmt" + "log/slog" + "strings" + "time" + + aliapig "github.com/alibabacloud-go/apig-20240327/v3/client" + alicloudapi "github.com/alibabacloud-go/cloudapi-20160714/v5/client" + aliopen "github.com/alibabacloud-go/darabonba-openapi/v2/client" + "github.com/alibabacloud-go/tea/tea" + xerrors "github.com/pkg/errors" + + "github.com/usual2970/certimate/internal/pkg/core/deployer" + "github.com/usual2970/certimate/internal/pkg/core/uploader" + uploadersp "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/aliyun-cas" +) + +type DeployerConfig struct { + // 阿里云 AccessKeyId。 + AccessKeyId string `json:"accessKeyId"` + // 阿里云 AccessKeySecret。 + AccessKeySecret string `json:"accessKeySecret"` + // 阿里云地域。 + Region string `json:"region"` + // 服务类型。 + ServiceType ServiceType `json:"serviceType"` + // API 网关 ID。 + // 服务类型为 [SERVICE_TYPE_CLOUDNATIVE] 时必填。 + GatewayId string `json:"gatewayId,omitempty"` + // API 分组 ID。 + // 服务类型为 [SERVICE_TYPE_TRADITIONAL] 时必填。 + GroupId string `json:"groupId,omitempty"` + // 自定义域名(支持泛域名)。 + Domain string `json:"domain"` +} + +type DeployerProvider struct { + config *DeployerConfig + logger *slog.Logger + sdkClients *wSdkClients + sslUploader uploader.Uploader +} + +type wSdkClients struct { + CloudNativeAPIGateway *aliapig.Client + TraditionalAPIGateway *alicloudapi.Client +} + +var _ deployer.Deployer = (*DeployerProvider)(nil) + +func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) { + if config == nil { + panic("config is nil") + } + + clients, err := createSdkClients(config.AccessKeyId, config.AccessKeySecret, config.Region) + if err != nil { + return nil, xerrors.Wrap(err, "failed to create sdk clients") + } + + uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.Region) + if err != nil { + return nil, xerrors.Wrap(err, "failed to create ssl uploader") + } + + return &DeployerProvider{ + config: config, + logger: slog.Default(), + sdkClients: clients, + sslUploader: uploader, + }, nil +} + +func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer { + if logger == nil { + d.logger = slog.Default() + } else { + d.logger = logger + } + return d +} + +func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPem string) (*deployer.DeployResult, error) { + switch d.config.ServiceType { + case SERVICE_TYPE_TRADITIONAL: + if err := d.deployToTraditional(ctx, certPem, privkeyPem); err != nil { + return nil, err + } + + case SERVICE_TYPE_CLOUDNATIVE: + if err := d.deployToCloudNative(ctx, certPem, privkeyPem); err != nil { + return nil, err + } + + default: + return nil, xerrors.Errorf("unsupported service type: %s", string(d.config.ServiceType)) + } + + return &deployer.DeployResult{}, nil +} + +func (d *DeployerProvider) deployToTraditional(ctx context.Context, certPem string, privkeyPem string) error { + if d.config.GroupId == "" { + return errors.New("config `groupId` is required") + } + if d.config.Domain == "" { + return errors.New("config `domain` is required") + } + + // 为自定义域名添加 SSL 证书 + // REF: https://help.aliyun.com/zh/api-gateway/traditional-api-gateway/developer-reference/api-cloudapi-2016-07-14-setdomaincertificate + setDomainCertificateReq := &alicloudapi.SetDomainCertificateRequest{ + GroupId: tea.String(d.config.GroupId), + DomainName: tea.String(d.config.Domain), + CertificateName: tea.String(fmt.Sprintf("certimate_%d", time.Now().UnixMilli())), + CertificateBody: tea.String(certPem), + CertificatePrivateKey: tea.String(privkeyPem), + } + setDomainCertificateResp, err := d.sdkClients.TraditionalAPIGateway.SetDomainCertificate(setDomainCertificateReq) + d.logger.Debug("sdk request 'apigateway.SetDomainCertificate'", slog.Any("request", setDomainCertificateReq), slog.Any("response", setDomainCertificateResp)) + if err != nil { + return xerrors.Wrap(err, "failed to execute sdk request 'apigateway.SetDomainCertificate'") + } + + return nil +} + +func (d *DeployerProvider) deployToCloudNative(ctx context.Context, certPem string, privkeyPem string) error { + if d.config.GatewayId == "" { + return errors.New("config `gatewayId` is required") + } + if d.config.Domain == "" { + return errors.New("config `domain` is required") + } + + // 遍历查询域名列表,获取域名 ID + // REF: https://help.aliyun.com/zh/api-gateway/cloud-native-api-gateway/developer-reference/api-apig-2024-03-27-listdomains + var domainId string + listDomainsPageNumber := int32(1) + listDomainsPageSize := int32(10) + for { + listDomainsReq := &aliapig.ListDomainsRequest{ + GatewayId: tea.String(d.config.GatewayId), + NameLike: tea.String(d.config.Domain), + PageNumber: tea.Int32(listDomainsPageNumber), + PageSize: tea.Int32(listDomainsPageSize), + } + listDomainsResp, err := d.sdkClients.CloudNativeAPIGateway.ListDomains(listDomainsReq) + d.logger.Debug("sdk request 'apig.ListDomains'", slog.Any("request", listDomainsReq), slog.Any("response", listDomainsResp)) + if err != nil { + return xerrors.Wrap(err, "failed to execute sdk request 'apig.ListDomains'") + } + + if listDomainsResp.Body.Data.Items != nil { + for _, domainInfo := range listDomainsResp.Body.Data.Items { + if strings.EqualFold(tea.StringValue(domainInfo.Name), d.config.Domain) { + domainId = tea.StringValue(domainInfo.DomainId) + break + } + } + + if domainId != "" { + break + } + } + + if listDomainsResp.Body.Data.Items == nil || len(listDomainsResp.Body.Data.Items) < int(listDomainsPageSize) { + break + } else { + listDomainsPageNumber++ + } + } + if domainId == "" { + return errors.New("domain not found") + } + + // 查询域名 + // REF: https://help.aliyun.com/zh/api-gateway/cloud-native-api-gateway/developer-reference/api-apig-2024-03-27-getdomain + getDomainReq := &aliapig.GetDomainRequest{} + getDomainResp, err := d.sdkClients.CloudNativeAPIGateway.GetDomain(tea.String(domainId), getDomainReq) + d.logger.Debug("sdk request 'apig.GetDomain'", slog.Any("domainId", domainId), slog.Any("request", getDomainReq), slog.Any("response", getDomainResp)) + if err != nil { + return xerrors.Wrap(err, "failed to execute sdk request 'apig.GetDomain'") + } + + // 上传证书到 CAS + upres, err := d.sslUploader.Upload(ctx, certPem, privkeyPem) + if err != nil { + return xerrors.Wrap(err, "failed to upload certificate file") + } else { + d.logger.Info("ssl certificate uploaded", slog.Any("result", upres)) + } + + // 更新域名 + // REF: https://help.aliyun.com/zh/api-gateway/cloud-native-api-gateway/developer-reference/api-apig-2024-03-27-updatedomain + updateDomainReq := &aliapig.UpdateDomainRequest{ + Protocol: tea.String("HTTPS"), + ForceHttps: getDomainResp.Body.Data.ForceHttps, + MTLSEnabled: getDomainResp.Body.Data.MTLSEnabled, + Http2Option: getDomainResp.Body.Data.Http2Option, + TlsMin: getDomainResp.Body.Data.TlsMin, + TlsMax: getDomainResp.Body.Data.TlsMax, + TlsCipherSuitesConfig: getDomainResp.Body.Data.TlsCipherSuitesConfig, + CertIdentifier: tea.String(upres.ExtendedData["certIdentifier"].(string)), + } + updateDomainResp, err := d.sdkClients.CloudNativeAPIGateway.UpdateDomain(tea.String(domainId), updateDomainReq) + d.logger.Debug("sdk request 'apig.UpdateDomain'", slog.Any("domainId", domainId), slog.Any("request", updateDomainReq), slog.Any("response", updateDomainResp)) + if err != nil { + return xerrors.Wrap(err, "failed to execute sdk request 'apig.UpdateDomain'") + } + + return nil +} + +func createSdkClients(accessKeyId, accessKeySecret, region string) (*wSdkClients, error) { + // 接入点一览 https://api.aliyun.com/product/APIG + cloudNativeAPIGEndpoint := fmt.Sprintf("apig.%s.aliyuncs.com", region) + cloudNativeAPIGConfig := &aliopen.Config{ + AccessKeyId: tea.String(accessKeyId), + AccessKeySecret: tea.String(accessKeySecret), + Endpoint: tea.String(cloudNativeAPIGEndpoint), + } + cloudNativeAPIGClient, err := aliapig.NewClient(cloudNativeAPIGConfig) + if err != nil { + return nil, err + } + + // 接入点一览 https://api.aliyun.com/product/CloudAPI + traditionalAPIGEndpoint := fmt.Sprintf("apigateway.%s.aliyuncs.com", region) + traditionalAPIGConfig := &aliopen.Config{ + AccessKeyId: tea.String(accessKeyId), + AccessKeySecret: tea.String(accessKeySecret), + Endpoint: tea.String(traditionalAPIGEndpoint), + } + traditionalAPIGClient, err := alicloudapi.NewClient(traditionalAPIGConfig) + if err != nil { + return nil, err + } + + return &wSdkClients{ + CloudNativeAPIGateway: cloudNativeAPIGClient, + TraditionalAPIGateway: traditionalAPIGClient, + }, nil +} + +func createSslUploader(accessKeyId, accessKeySecret, region string) (uploader.Uploader, error) { + casRegion := region + if casRegion != "" { + // 阿里云 CAS 服务接入点是独立于 APIGateway 服务的 + // 国内版固定接入点:华东一杭州 + // 国际版固定接入点:亚太东南一新加坡 + if casRegion != "" && !strings.HasPrefix(casRegion, "cn-") { + casRegion = "ap-southeast-1" + } else { + casRegion = "cn-hangzhou" + } + } + + uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{ + AccessKeyId: accessKeyId, + AccessKeySecret: accessKeySecret, + Region: casRegion, + }) + return uploader, err +} diff --git a/internal/pkg/core/deployer/providers/aliyun-apigw/aliyun_apigw_test.go b/internal/pkg/core/deployer/providers/aliyun-apigw/aliyun_apigw_test.go new file mode 100644 index 00000000..dab028e2 --- /dev/null +++ b/internal/pkg/core/deployer/providers/aliyun-apigw/aliyun_apigw_test.go @@ -0,0 +1,95 @@ +package aliyunapigw_test + +import ( + "context" + "flag" + "fmt" + "os" + "strings" + "testing" + + provider "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aliyun-apigw" +) + +var ( + fInputCertPath string + fInputKeyPath string + fAccessKeyId string + fAccessKeySecret string + fRegion string + fServiceType string + fGatewayId string + fGroupId string + fDomain string +) + +func init() { + argsPrefix := "CERTIMATE_DEPLOYER_ALIYUNAPIGW_" + + flag.StringVar(&fInputCertPath, argsPrefix+"INPUTCERTPATH", "", "") + flag.StringVar(&fInputKeyPath, argsPrefix+"INPUTKEYPATH", "", "") + flag.StringVar(&fAccessKeyId, argsPrefix+"ACCESSKEYID", "", "") + flag.StringVar(&fAccessKeySecret, argsPrefix+"ACCESSKEYSECRET", "", "") + flag.StringVar(&fRegion, argsPrefix+"REGION", "", "") + flag.StringVar(&fGatewayId, argsPrefix+"GATEWARYID", "", "") + flag.StringVar(&fGroupId, argsPrefix+"GROUPID", "", "") + flag.StringVar(&fServiceType, argsPrefix+"SERVICETYPE", "", "") + flag.StringVar(&fDomain, argsPrefix+"DOMAIN", "", "") +} + +/* +Shell command to run this test: + + go test -v ./aliyun_apigw_test.go -args \ + --CERTIMATE_DEPLOYER_ALIYUNAPIGW_INPUTCERTPATH="/path/to/your-input-cert.pem" \ + --CERTIMATE_DEPLOYER_ALIYUNAPIGW_INPUTKEYPATH="/path/to/your-input-key.pem" \ + --CERTIMATE_DEPLOYER_ALIYUNAPIGW_ACCESSKEYID="your-access-key-id" \ + --CERTIMATE_DEPLOYER_ALIYUNAPIGW_ACCESSKEYSECRET="your-access-key-secret" \ + --CERTIMATE_DEPLOYER_ALIYUNAPIGW_REGION="cn-hangzhou" \ + --CERTIMATE_DEPLOYER_ALIYUNAPIGW_GATEWAYID="your-api-gateway-id" \ + --CERTIMATE_DEPLOYER_ALIYUNAPIGW_GROUPID="your-api-group-id" \ + --CERTIMATE_DEPLOYER_ALIYUNAPIGW_SERVICETYPE="cloudnative" \ + --CERTIMATE_DEPLOYER_ALIYUNAPIGW_DOMAIN="example.com" +*/ +func TestDeploy(t *testing.T) { + flag.Parse() + + t.Run("Deploy", func(t *testing.T) { + t.Log(strings.Join([]string{ + "args:", + fmt.Sprintf("INPUTCERTPATH: %v", fInputCertPath), + fmt.Sprintf("INPUTKEYPATH: %v", fInputKeyPath), + fmt.Sprintf("ACCESSKEYID: %v", fAccessKeyId), + fmt.Sprintf("ACCESSKEYSECRET: %v", fAccessKeySecret), + fmt.Sprintf("REGION: %v", fRegion), + fmt.Sprintf("GATEWAYID: %v", fGatewayId), + fmt.Sprintf("GROUPID: %v", fGroupId), + fmt.Sprintf("SERVICETYPE: %v", fServiceType), + fmt.Sprintf("DOMAIN: %v", fDomain), + }, "\n")) + + deployer, err := provider.NewDeployer(&provider.DeployerConfig{ + AccessKeyId: fAccessKeyId, + AccessKeySecret: fAccessKeySecret, + Region: fRegion, + ServiceType: provider.ServiceType(fServiceType), + GatewayId: fGatewayId, + GroupId: fGroupId, + Domain: fDomain, + }) + if err != nil { + t.Errorf("err: %+v", err) + return + } + + fInputCertData, _ := os.ReadFile(fInputCertPath) + fInputKeyData, _ := os.ReadFile(fInputKeyPath) + res, err := deployer.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData)) + if err != nil { + t.Errorf("err: %+v", err) + return + } + + t.Logf("ok: %v", res) + }) +} diff --git a/internal/pkg/core/deployer/providers/aliyun-apigw/consts.go b/internal/pkg/core/deployer/providers/aliyun-apigw/consts.go new file mode 100644 index 00000000..b53c7645 --- /dev/null +++ b/internal/pkg/core/deployer/providers/aliyun-apigw/consts.go @@ -0,0 +1,10 @@ +package aliyunapigw + +type ServiceType string + +const ( + // 服务类型:原 API 网关。 + SERVICE_TYPE_TRADITIONAL = ServiceType("traditional") + // 服务类型:云原生 API 网关。 + SERVICE_TYPE_CLOUDNATIVE = ServiceType("cloudnative") +) diff --git a/ui/src/components/workflow/node/DeployNodeConfigForm.tsx b/ui/src/components/workflow/node/DeployNodeConfigForm.tsx index 5565c985..893460ff 100644 --- a/ui/src/components/workflow/node/DeployNodeConfigForm.tsx +++ b/ui/src/components/workflow/node/DeployNodeConfigForm.tsx @@ -18,6 +18,7 @@ import { useWorkflowStore } from "@/stores/workflow"; import DeployNodeConfigForm1PanelConsoleConfig from "./DeployNodeConfigForm1PanelConsoleConfig"; import DeployNodeConfigForm1PanelSiteConfig from "./DeployNodeConfigForm1PanelSiteConfig"; import DeployNodeConfigFormAliyunALBConfig from "./DeployNodeConfigFormAliyunALBConfig"; +import DeployNodeConfigFormAliyunAPIGWConfig from "./DeployNodeConfigFormAliyunAPIGWConfig"; import DeployNodeConfigFormAliyunCASConfig from "./DeployNodeConfigFormAliyunCASConfig"; import DeployNodeConfigFormAliyunCASDeployConfig from "./DeployNodeConfigFormAliyunCASDeployConfig"; import DeployNodeConfigFormAliyunCDNConfig from "./DeployNodeConfigFormAliyunCDNConfig"; @@ -177,6 +178,8 @@ const DeployNodeConfigForm = forwardRef; case DEPLOY_PROVIDERS.ALIYUN_ALB: return ; + case DEPLOY_PROVIDERS.ALIYUN_APIGW: + return ; case DEPLOY_PROVIDERS.ALIYUN_CAS: return ; case DEPLOY_PROVIDERS.ALIYUN_CAS_DEPLOY: diff --git a/ui/src/components/workflow/node/DeployNodeConfigFormAliyunAPIGWConfig.tsx b/ui/src/components/workflow/node/DeployNodeConfigFormAliyunAPIGWConfig.tsx new file mode 100644 index 00000000..430859a7 --- /dev/null +++ b/ui/src/components/workflow/node/DeployNodeConfigFormAliyunAPIGWConfig.tsx @@ -0,0 +1,133 @@ +import { useTranslation } from "react-i18next"; +import { Form, type FormInstance, Input, Select } from "antd"; +import { createSchemaFieldRule } from "antd-zod"; +import { z } from "zod"; + +import Show from "@/components/Show"; +import { validDomainName } from "@/utils/validators"; + +type DeployNodeConfigFormAliyunAPIGWConfigFieldValues = Nullish<{ + serviceType: string; + region: string; + gatewayId?: string; + groupId?: string; + domain?: string; +}>; + +export type DeployNodeConfigFormAliyunAPIGWConfigProps = { + form: FormInstance; + formName: string; + disabled?: boolean; + initialValues?: DeployNodeConfigFormAliyunAPIGWConfigFieldValues; + onValuesChange?: (values: DeployNodeConfigFormAliyunAPIGWConfigFieldValues) => void; +}; + +const SERVICE_TYPE_CLOUDNATIVE = "cloudnative" as const; +const SERVICE_TYPE_TRADITIONAL = "traditional" as const; + +const initFormModel = (): DeployNodeConfigFormAliyunAPIGWConfigFieldValues => { + return {}; +}; + +const DeployNodeConfigFormAliyunAPIGWConfig = ({ + form: formInst, + formName, + disabled, + initialValues, + onValuesChange, +}: DeployNodeConfigFormAliyunAPIGWConfigProps) => { + const { t } = useTranslation(); + + const formSchema = z.object({ + serviceType: z.union([z.literal(SERVICE_TYPE_CLOUDNATIVE), z.literal(SERVICE_TYPE_TRADITIONAL)], { + message: t("workflow_node.deploy.form.aliyun_apigw_service_type.placeholder"), + }), + region: z + .string({ message: t("workflow_node.deploy.form.aliyun_apigw_region.placeholder") }) + .nonempty(t("workflow_node.deploy.form.aliyun_apigw_region.placeholder")) + .trim(), + gatewayId: z + .string() + .nullish() + .refine((v) => fieldServiceType !== SERVICE_TYPE_CLOUDNATIVE || !!v?.trim(), t("workflow_node.deploy.form.aliyun_apigw_gateway_id.placeholder")), + groupId: z + .string() + .nullish() + .refine((v) => fieldServiceType !== SERVICE_TYPE_TRADITIONAL || !!v?.trim(), t("workflow_node.deploy.form.aliyun_apigw_group_id.placeholder")), + domain: z + .string() + .nonempty(t("workflow_node.deploy.form.aliyun_apigw_domain.placeholder")) + .refine((v) => validDomainName(v!, { allowWildcard: true }), t("common.errmsg.domain_invalid")), + }); + const formRule = createSchemaFieldRule(formSchema); + + const fieldServiceType = Form.useWatch("serviceType", formInst); + + const handleFormChange = (_: unknown, values: z.infer) => { + onValuesChange?.(values); + }; + + return ( +
+ + + + + } + > + + + + + } + > + + + + + + } + > + + + + + } + > + + +
+ ); +}; + +export default DeployNodeConfigFormAliyunAPIGWConfig; diff --git a/ui/src/domain/provider.ts b/ui/src/domain/provider.ts index dbd81a0f..830bc369 100644 --- a/ui/src/domain/provider.ts +++ b/ui/src/domain/provider.ts @@ -305,6 +305,7 @@ export const DEPLOY_PROVIDERS = Object.freeze({ ["1PANEL_CONSOLE"]: `${ACCESS_PROVIDERS["1PANEL"]}-console`, ["1PANEL_SITE"]: `${ACCESS_PROVIDERS["1PANEL"]}-site`, ALIYUN_ALB: `${ACCESS_PROVIDERS.ALIYUN}-alb`, + ALIYUN_APIGW: `${ACCESS_PROVIDERS.ALIYUN}-apigw`, ALIYUN_CAS: `${ACCESS_PROVIDERS.ALIYUN}-cas`, ALIYUN_CAS_DEPLOY: `${ACCESS_PROVIDERS.ALIYUN}-casdeploy`, ALIYUN_CDN: `${ACCESS_PROVIDERS.ALIYUN}-cdn`, @@ -422,6 +423,7 @@ export const deployProvidersMap: Maphttps://slb.console.aliyun.com/alb", + "workflow_node.deploy.form.aliyun_apigw_service_type.label": "Alibaba Cloud API gateway type", + "workflow_node.deploy.form.aliyun_apigw_service_type.placeholder": "Please select Alibaba Cloud API gateway type", + "workflow_node.deploy.form.aliyun_apigw_service_type.option.cloudnative.label": "Cloud-native API gateway", + "workflow_node.deploy.form.aliyun_apigw_service_type.option.traditional.label": "Traditional API gateway", + "workflow_node.deploy.form.aliyun_apigw_region.label": "Alibaba Cloud API gateway region", + "workflow_node.deploy.form.aliyun_apigw_region.placeholder": "Please enter Alibaba Cloud API gateway region (e.g. cn-hangzhou)", + "workflow_node.deploy.form.aliyun_apigw_region.tooltip": "For more information, see https://www.alibabacloud.com/help/en/api-gateway/cloud-native-api-gateway/product-overview/regions", + "workflow_node.deploy.form.aliyun_apigw_gateway_id.label": "Alibaba Cloud API gateway ID", + "workflow_node.deploy.form.aliyun_apigw_gateway_id.placeholder": "Please enter Alibaba Cloud API gateway ID", + "workflow_node.deploy.form.aliyun_apigw_gateway_id.tooltip": "For more information, see https://apigw.console.aliyun.com", + "workflow_node.deploy.form.aliyun_apigw_group_id.label": "Alibaba Cloud API group ID", + "workflow_node.deploy.form.aliyun_apigw_group_id.placeholder": "Please enter Alibaba Cloud API group ID", + "workflow_node.deploy.form.aliyun_apigw_group_id.tooltip": "For more information, see https://apigateway.console.aliyun.com", + "workflow_node.deploy.form.aliyun_apigw_domain.label": "Alibaba Cloud API gateway domain", + "workflow_node.deploy.form.aliyun_apigw_domain.placeholder": "Please enter Alibaba Cloud API gateway domain", + "workflow_node.deploy.form.aliyun_apigw_domain.tooltip": "For more information, see https://apigw.console.aliyun.com or https://apigateway.console.aliyun.com", "workflow_node.deploy.form.aliyun_cas_region.label": "Alibaba Cloud CAS region", "workflow_node.deploy.form.aliyun_cas_region.placeholder": "Please enter Alibaba Cloud CAS region (e.g. cn-hangzhou)", "workflow_node.deploy.form.aliyun_cas_region.tooltip": "For more information, see https://www.alibabacloud.com/help/en/ssl-certificate/developer-reference/endpoints", diff --git a/ui/src/i18n/locales/zh/nls.provider.json b/ui/src/i18n/locales/zh/nls.provider.json index 216d3363..25679334 100644 --- a/ui/src/i18n/locales/zh/nls.provider.json +++ b/ui/src/i18n/locales/zh/nls.provider.json @@ -5,6 +5,7 @@ "provider.acmehttpreq": "Http Request (ACME Proxy)", "provider.aliyun": "阿里云", "provider.aliyun.alb": "阿里云 - 应用型负载均衡 ALB", + "provider.aliyun.apigw": "阿里云 - API 网关", "provider.aliyun.cas_upload": "阿里云 - 上传到数字证书管理服务 CAS", "provider.aliyun.cas_deploy": "阿里云 - 通过数字证书管理服务 CAS 创建部署任务", "provider.aliyun.cdn": "阿里云 - 内容分发网络 CDN", diff --git a/ui/src/i18n/locales/zh/nls.workflow.nodes.json b/ui/src/i18n/locales/zh/nls.workflow.nodes.json index 5fcb201d..03ce4875 100644 --- a/ui/src/i18n/locales/zh/nls.workflow.nodes.json +++ b/ui/src/i18n/locales/zh/nls.workflow.nodes.json @@ -121,6 +121,22 @@ "workflow_node.deploy.form.aliyun_alb_snidomain.label": "阿里云 ALB 扩展域名(可选)", "workflow_node.deploy.form.aliyun_alb_snidomain.placeholder": "请输入阿里云 ALB 扩展域名(支持泛域名)", "workflow_node.deploy.form.aliyun_alb_snidomain.tooltip": "这是什么?请参阅 https://slb.console.aliyun.com/alb

不填写时,将替换监听器的默认证书;否则,将替换扩展域名证书。", + "workflow_node.deploy.form.aliyun_apigw_service_type.label": "阿里云 API 网关服务类型", + "workflow_node.deploy.form.aliyun_apigw_service_type.placeholder": "请选择阿里云 API 网关服务类型", + "workflow_node.deploy.form.aliyun_apigw_service_type.option.cloudnative.label": "云原生 API 网关", + "workflow_node.deploy.form.aliyun_apigw_service_type.option.traditional.label": "原 API 网关", + "workflow_node.deploy.form.aliyun_apigw_region.label": "阿里云 API 网关服务地域", + "workflow_node.deploy.form.aliyun_apigw_region.placeholder": "请输入阿里云 API 网关地域(例如:cn-hangzhou)", + "workflow_node.deploy.form.aliyun_apigw_region.tooltip": "这是什么?请参阅 https://help.aliyun.com/zh/api-gateway/cloud-native-api-gateway/product-overview/regions", + "workflow_node.deploy.form.aliyun_apigw_gateway_id.label": "阿里云 API 网关 ID", + "workflow_node.deploy.form.aliyun_apigw_gateway_id.placeholder": "请输入阿里云 API 网关 ID", + "workflow_node.deploy.form.aliyun_apigw_gateway_id.tooltip": "这是什么?请参阅 https://apigw.console.aliyun.com", + "workflow_node.deploy.form.aliyun_apigw_group_id.label": "阿里云 API 分组 ID", + "workflow_node.deploy.form.aliyun_apigw_group_id.placeholder": "请输入阿里云 API 分组 ID", + "workflow_node.deploy.form.aliyun_apigw_group_id.tooltip": "这是什么?请参阅 https://apigateway.console.aliyun.com", + "workflow_node.deploy.form.aliyun_apigw_domain.label": "阿里云 API 网关自定义域名", + "workflow_node.deploy.form.aliyun_apigw_domain.placeholder": "请输入阿里云 API 网关自定义域名(支持泛域名)", + "workflow_node.deploy.form.aliyun_apigw_domain.tooltip": "这是什么?请参阅 https://apigw.console.aliyun.comhttps://apigateway.console.aliyun.com", "workflow_node.deploy.form.aliyun_cas_region.label": "阿里云 CAS 服务地域", "workflow_node.deploy.form.aliyun_cas_region.placeholder": "请输入阿里云 CAS 服务地域(例如:cn-hangzhou)", "workflow_node.deploy.form.aliyun_cas_region.tooltip": "这是什么?请参阅 https://help.aliyun.com/zh/ssl-certificate/developer-reference/endpoints", From 8f4d854b0d484f4ee50ed606a0444f1abf2a38cf Mon Sep 17 00:00:00 2001 From: Fu Diwei Date: Sat, 19 Apr 2025 14:02:55 +0800 Subject: [PATCH 14/18] feat: support replacing old certificate on deployment to 1panel site --- internal/deployer/providers.go | 4 +- .../providers/1panel-site/1panel_site.go | 73 ++++++++++++++++-- .../providers/1panel-site/1panel_site_test.go | 17 +++-- .../deployer/providers/1panel-site/consts.go | 10 +++ internal/pkg/vendors/1panel-sdk/api.go | 6 ++ internal/pkg/vendors/1panel-sdk/models.go | 22 ++++++ .../DeployNodeConfigForm1PanelSiteConfig.tsx | 75 +++++++++++++++---- .../node/DeployNodeConfigFormCdnflyConfig.tsx | 12 ++- .../i18n/locales/en/nls.workflow.nodes.json | 7 ++ .../i18n/locales/zh/nls.workflow.nodes.json | 7 ++ 10 files changed, 202 insertions(+), 31 deletions(-) create mode 100644 internal/pkg/core/deployer/providers/1panel-site/consts.go diff --git a/internal/deployer/providers.go b/internal/deployer/providers.go index 421ab2f3..6b1ffa25 100644 --- a/internal/deployer/providers.go +++ b/internal/deployer/providers.go @@ -109,7 +109,9 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) { ApiUrl: access.ApiUrl, ApiKey: access.ApiKey, AllowInsecureConnections: access.AllowInsecureConnections, + ResourceType: p1PanelSite.ResourceType(maputil.GetOrDefaultString(options.ProviderDeployConfig, "resourceType", string(p1PanelSite.RESOURCE_TYPE_WEBSITE))), WebsiteId: maputil.GetInt64(options.ProviderDeployConfig, "websiteId"), + CertificateId: maputil.GetInt64(options.ProviderDeployConfig, "certificateId"), }) return deployer, err @@ -474,7 +476,7 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) { ApiUrl: access.ApiUrl, ApiKey: access.ApiKey, ApiSecret: access.ApiSecret, - ResourceType: pCdnfly.ResourceType(maputil.GetString(options.ProviderDeployConfig, "resourceType")), + ResourceType: pCdnfly.ResourceType(maputil.GetOrDefaultString(options.ProviderDeployConfig, "resourceType", string(pCdnfly.RESOURCE_TYPE_SITE))), SiteId: maputil.GetString(options.ProviderDeployConfig, "siteId"), CertificateId: maputil.GetString(options.ProviderDeployConfig, "certificateId"), }) diff --git a/internal/pkg/core/deployer/providers/1panel-site/1panel_site.go b/internal/pkg/core/deployer/providers/1panel-site/1panel_site.go index 6aa34607..24f5daa3 100644 --- a/internal/pkg/core/deployer/providers/1panel-site/1panel_site.go +++ b/internal/pkg/core/deployer/providers/1panel-site/1panel_site.go @@ -4,6 +4,7 @@ import ( "context" "crypto/tls" "errors" + "fmt" "log/slog" "net/url" "strconv" @@ -23,8 +24,14 @@ type DeployerConfig struct { ApiKey string `json:"apiKey"` // 是否允许不安全的连接。 AllowInsecureConnections bool `json:"allowInsecureConnections,omitempty"` + // 部署资源类型。 + ResourceType ResourceType `json:"resourceType"` // 网站 ID。 - WebsiteId int64 `json:"websiteId"` + // 部署资源类型为 [RESOURCE_TYPE_WEBSITE] 时必填。 + WebsiteId int64 `json:"websiteId,omitempty"` + // 证书 ID。 + // 部署资源类型为 [RESOURCE_TYPE_CERTIFICATE] 时必填。 + CertificateId int64 `json:"certificateId,omitempty"` } type DeployerProvider struct { @@ -73,6 +80,30 @@ func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer { } func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPem string) (*deployer.DeployResult, error) { + // 根据部署资源类型决定部署方式 + switch d.config.ResourceType { + case RESOURCE_TYPE_WEBSITE: + if err := d.deployToWebsite(ctx, certPem, privkeyPem); err != nil { + return nil, err + } + + case RESOURCE_TYPE_CERTIFICATE: + if err := d.deployToCertificate(ctx, certPem, privkeyPem); err != nil { + return nil, err + } + + default: + return nil, fmt.Errorf("unsupported resource type: %s", d.config.ResourceType) + } + + return &deployer.DeployResult{}, nil +} + +func (d *DeployerProvider) deployToWebsite(ctx context.Context, certPem string, privkeyPem string) error { + if d.config.WebsiteId == 0 { + return errors.New("config `websiteId` is required") + } + // 获取网站 HTTPS 配置 getHttpsConfReq := &opsdk.GetHttpsConfRequest{ WebsiteID: d.config.WebsiteId, @@ -80,13 +111,13 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPe getHttpsConfResp, err := d.sdkClient.GetHttpsConf(getHttpsConfReq) d.logger.Debug("sdk request '1panel.GetHttpsConf'", slog.Any("request", getHttpsConfReq), slog.Any("response", getHttpsConfResp)) if err != nil { - return nil, xerrors.Wrap(err, "failed to execute sdk request '1panel.GetHttpsConf'") + return xerrors.Wrap(err, "failed to execute sdk request '1panel.GetHttpsConf'") } // 上传证书到面板 upres, err := d.sslUploader.Upload(ctx, certPem, privkeyPem) if err != nil { - return nil, xerrors.Wrap(err, "failed to upload certificate file") + return xerrors.Wrap(err, "failed to upload certificate file") } else { d.logger.Info("ssl certificate uploaded", slog.Any("result", upres)) } @@ -106,10 +137,42 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPe updateHttpsConfResp, err := d.sdkClient.UpdateHttpsConf(updateHttpsConfReq) d.logger.Debug("sdk request '1panel.UpdateHttpsConf'", slog.Any("request", updateHttpsConfReq), slog.Any("response", updateHttpsConfResp)) if err != nil { - return nil, xerrors.Wrap(err, "failed to execute sdk request '1panel.UpdateHttpsConf'") + return xerrors.Wrap(err, "failed to execute sdk request '1panel.UpdateHttpsConf'") } - return &deployer.DeployResult{}, nil + return nil +} + +func (d *DeployerProvider) deployToCertificate(ctx context.Context, certPem string, privkeyPem string) error { + if d.config.CertificateId == 0 { + return errors.New("config `certificateId` is required") + } + + // 获取证书详情 + getWebsiteSSLReq := &opsdk.GetWebsiteSSLRequest{ + SSLID: d.config.CertificateId, + } + getWebsiteSSLResp, err := d.sdkClient.GetWebsiteSSL(getWebsiteSSLReq) + d.logger.Debug("sdk request '1panel.GetWebsiteSSL'", slog.Any("request", getWebsiteSSLReq), slog.Any("response", getWebsiteSSLResp)) + if err != nil { + return xerrors.Wrap(err, "failed to execute sdk request '1panel.GetWebsiteSSL'") + } + + // 更新证书 + uploadWebsiteSSLReq := &opsdk.UploadWebsiteSSLRequest{ + Type: "paste", + SSLID: d.config.CertificateId, + Description: getWebsiteSSLResp.Data.Description, + Certificate: certPem, + PrivateKey: privkeyPem, + } + uploadWebsiteSSLResp, err := d.sdkClient.UploadWebsiteSSL(uploadWebsiteSSLReq) + d.logger.Debug("sdk request '1panel.UploadWebsiteSSL'", slog.Any("request", uploadWebsiteSSLReq), slog.Any("response", uploadWebsiteSSLResp)) + if err != nil { + return xerrors.Wrap(err, "failed to execute sdk request '1panel.UploadWebsiteSSL'") + } + + return nil } func createSdkClient(apiUrl, apiKey string, allowInsecure bool) (*opsdk.Client, error) { diff --git a/internal/pkg/core/deployer/providers/1panel-site/1panel_site_test.go b/internal/pkg/core/deployer/providers/1panel-site/1panel_site_test.go index 1be2444d..5815fd5e 100644 --- a/internal/pkg/core/deployer/providers/1panel-site/1panel_site_test.go +++ b/internal/pkg/core/deployer/providers/1panel-site/1panel_site_test.go @@ -20,7 +20,7 @@ var ( ) func init() { - argsPrefix := "CERTIMATE_DEPLOYER_1PANELCONSOLE_" + argsPrefix := "CERTIMATE_DEPLOYER_1PANELSITE_" flag.StringVar(&fInputCertPath, argsPrefix+"INPUTCERTPATH", "", "") flag.StringVar(&fInputKeyPath, argsPrefix+"INPUTKEYPATH", "", "") @@ -32,12 +32,12 @@ func init() { /* Shell command to run this test: - go test -v ./1panel_console_test.go -args \ - --CERTIMATE_DEPLOYER_1PANELCONSOLE_INPUTCERTPATH="/path/to/your-input-cert.pem" \ - --CERTIMATE_DEPLOYER_1PANELCONSOLE_INPUTKEYPATH="/path/to/your-input-key.pem" \ - --CERTIMATE_DEPLOYER_1PANELCONSOLE_APIURL="http://127.0.0.1:20410" \ - --CERTIMATE_DEPLOYER_1PANELCONSOLE_APIKEY="your-api-key" \ - --CERTIMATE_DEPLOYER_1PANELCONSOLE_WEBSITEID="your-website-id" + go test -v ./1panel_site_test.go -args \ + --CERTIMATE_DEPLOYER_1PANELSITE_INPUTCERTPATH="/path/to/your-input-cert.pem" \ + --CERTIMATE_DEPLOYER_1PANELSITE_INPUTKEYPATH="/path/to/your-input-key.pem" \ + --CERTIMATE_DEPLOYER_1PANELSITE_APIURL="http://127.0.0.1:20410" \ + --CERTIMATE_DEPLOYER_1PANELSITE_APIKEY="your-api-key" \ + --CERTIMATE_DEPLOYER_1PANELSITE_WEBSITEID="your-website-id" */ func TestDeploy(t *testing.T) { flag.Parse() @@ -55,8 +55,9 @@ func TestDeploy(t *testing.T) { deployer, err := provider.NewDeployer(&provider.DeployerConfig{ ApiUrl: fApiUrl, ApiKey: fApiKey, - WebsiteId: fWebsiteId, AllowInsecureConnections: true, + ResourceType: provider.RESOURCE_TYPE_WEBSITE, + WebsiteId: fWebsiteId, }) if err != nil { t.Errorf("err: %+v", err) diff --git a/internal/pkg/core/deployer/providers/1panel-site/consts.go b/internal/pkg/core/deployer/providers/1panel-site/consts.go new file mode 100644 index 00000000..caba1d5c --- /dev/null +++ b/internal/pkg/core/deployer/providers/1panel-site/consts.go @@ -0,0 +1,10 @@ +package onepanelsite + +type ResourceType string + +const ( + // 资源类型:替换指定网站的证书。 + RESOURCE_TYPE_WEBSITE = ResourceType("website") + // 资源类型:替换指定证书。 + RESOURCE_TYPE_CERTIFICATE = ResourceType("certificate") +) diff --git a/internal/pkg/vendors/1panel-sdk/api.go b/internal/pkg/vendors/1panel-sdk/api.go index 8b0a6d09..8fa15393 100644 --- a/internal/pkg/vendors/1panel-sdk/api.go +++ b/internal/pkg/vendors/1panel-sdk/api.go @@ -17,6 +17,12 @@ func (c *Client) SearchWebsiteSSL(req *SearchWebsiteSSLRequest) (*SearchWebsiteS return resp, err } +func (c *Client) GetWebsiteSSL(req *GetWebsiteSSLRequest) (*GetWebsiteSSLResponse, error) { + resp := &GetWebsiteSSLResponse{} + err := c.sendRequestWithResult(http.MethodGet, fmt.Sprintf("/websites/ssl/%d", req.SSLID), req, resp) + return resp, err +} + func (c *Client) UploadWebsiteSSL(req *UploadWebsiteSSLRequest) (*UploadWebsiteSSLResponse, error) { resp := &UploadWebsiteSSLResponse{} err := c.sendRequestWithResult(http.MethodPost, "/websites/ssl/upload", req, resp) diff --git a/internal/pkg/vendors/1panel-sdk/models.go b/internal/pkg/vendors/1panel-sdk/models.go index af1bdbe9..13f144d9 100644 --- a/internal/pkg/vendors/1panel-sdk/models.go +++ b/internal/pkg/vendors/1panel-sdk/models.go @@ -59,6 +59,28 @@ type SearchWebsiteSSLResponse struct { } `json:"data,omitempty"` } +type GetWebsiteSSLRequest struct { + SSLID int64 `json:"-"` +} + +type GetWebsiteSSLResponse struct { + baseResponse + Data *struct { + ID int64 `json:"id"` + Provider string `json:"provider"` + Description string `json:"description"` + PrimaryDomain string `json:"primaryDomain"` + Domains string `json:"domains"` + Type string `json:"type"` + Organization string `json:"organization"` + Status string `json:"status"` + StartDate string `json:"startDate"` + ExpireDate string `json:"expireDate"` + CreatedAt string `json:"createdAt"` + UpdatedAt string `json:"updatedAt"` + } `json:"data,omitempty"` +} + type UploadWebsiteSSLRequest struct { Type string `json:"type"` SSLID int64 `json:"sslID"` diff --git a/ui/src/components/workflow/node/DeployNodeConfigForm1PanelSiteConfig.tsx b/ui/src/components/workflow/node/DeployNodeConfigForm1PanelSiteConfig.tsx index f5a26450..94a9bce2 100644 --- a/ui/src/components/workflow/node/DeployNodeConfigForm1PanelSiteConfig.tsx +++ b/ui/src/components/workflow/node/DeployNodeConfigForm1PanelSiteConfig.tsx @@ -1,10 +1,14 @@ import { useTranslation } from "react-i18next"; -import { Form, type FormInstance, Input } from "antd"; +import { Form, type FormInstance, Input, Select } from "antd"; import { createSchemaFieldRule } from "antd-zod"; import { z } from "zod"; +import Show from "@/components/Show"; + type DeployNodeConfigForm1PanelSiteConfigFieldValues = Nullish<{ - websiteId: string | number; + resourceType: string; + websiteId?: string | number; + certificateId?: string | number; }>; export type DeployNodeConfigForm1PanelSiteConfigProps = { @@ -15,8 +19,13 @@ export type DeployNodeConfigForm1PanelSiteConfigProps = { onValuesChange?: (values: DeployNodeConfigForm1PanelSiteConfigFieldValues) => void; }; +const RESOURCE_TYPE_WEBSITE = "website" as const; +const RESOURCE_TYPE_CERTIFICATE = "certificate" as const; + const initFormModel = (): DeployNodeConfigForm1PanelSiteConfigFieldValues => { - return {}; + return { + resourceType: RESOURCE_TYPE_WEBSITE, + }; }; const DeployNodeConfigForm1PanelSiteConfig = ({ @@ -29,12 +38,28 @@ const DeployNodeConfigForm1PanelSiteConfig = ({ const { t } = useTranslation(); const formSchema = z.object({ - websiteId: z.union([z.string(), z.number()]).refine((v) => { - return /^\d+$/.test(v + "") && +v > 0; - }, t("workflow_node.deploy.form.1panel_site_website_id.placeholder")), + resourceType: z.union([z.literal(RESOURCE_TYPE_WEBSITE), z.literal(RESOURCE_TYPE_CERTIFICATE)], { + message: t("workflow_node.deploy.form.1panel_site_resource_type.placeholder"), + }), + websiteId: z + .union([z.string(), z.number().int()]) + .nullish() + .refine((v) => { + if (fieldResourceType !== RESOURCE_TYPE_WEBSITE) return true; + return /^\d+$/.test(v + "") && +v! > 0; + }, t("workflow_node.deploy.form.1panel_site_website_id.placeholder")), + certificateId: z + .union([z.string(), z.number().int()]) + .nullish() + .refine((v) => { + if (fieldResourceType !== RESOURCE_TYPE_CERTIFICATE) return true; + return /^\d+$/.test(v + "") && +v! > 0; + }, t("workflow_node.deploy.form.1panel_site_certificate_id.placeholder")), }); const formRule = createSchemaFieldRule(formSchema); + const fieldResourceType = Form.useWatch("resourceType", formInst); + const handleFormChange = (_: unknown, values: z.infer) => { onValuesChange?.(values); }; @@ -48,14 +73,38 @@ const DeployNodeConfigForm1PanelSiteConfig = ({ name={formName} onValuesChange={handleFormChange} > - } - > - + + + + + } + > + + + + + + } + > + + + ); }; diff --git a/ui/src/components/workflow/node/DeployNodeConfigFormCdnflyConfig.tsx b/ui/src/components/workflow/node/DeployNodeConfigFormCdnflyConfig.tsx index 4ce459ac..45662e75 100644 --- a/ui/src/components/workflow/node/DeployNodeConfigFormCdnflyConfig.tsx +++ b/ui/src/components/workflow/node/DeployNodeConfigFormCdnflyConfig.tsx @@ -7,6 +7,7 @@ import Show from "@/components/Show"; type DeployNodeConfigFormCdnflyConfigFieldValues = Nullish<{ resourceType: string; + siteId?: string | number; certificateId?: string | number; }>; @@ -34,10 +35,13 @@ const DeployNodeConfigFormCdnflyConfig = ({ form: formInst, formName, disabled, resourceType: z.union([z.literal(RESOURCE_TYPE_SITE), z.literal(RESOURCE_TYPE_CERTIFICATE)], { message: t("workflow_node.deploy.form.cdnfly_resource_type.placeholder"), }), - siteId: z.union([z.string(), z.number().int()]).refine((v) => { - if (fieldResourceType !== RESOURCE_TYPE_SITE) return true; - return /^\d+$/.test(v + "") && +v > 0; - }, t("workflow_node.deploy.form.cdnfly_site_id.placeholder")), + siteId: z + .union([z.string(), z.number().int()]) + .nullish() + .refine((v) => { + if (fieldResourceType !== RESOURCE_TYPE_SITE) return true; + return /^\d+$/.test(v + "") && +v! > 0; + }, t("workflow_node.deploy.form.cdnfly_site_id.placeholder")), certificateId: z .union([z.string(), z.number().int()]) .nullish() diff --git a/ui/src/i18n/locales/en/nls.workflow.nodes.json b/ui/src/i18n/locales/en/nls.workflow.nodes.json index cf44e2c5..887ff208 100644 --- a/ui/src/i18n/locales/en/nls.workflow.nodes.json +++ b/ui/src/i18n/locales/en/nls.workflow.nodes.json @@ -103,9 +103,16 @@ "workflow_node.deploy.form.certificate.tooltip": "The certificate to be deployed comes from the previous nodes of application or upload.", "workflow_node.deploy.form.params_config.label": "Parameter settings", "workflow_node.deploy.form.1panel_console_auto_restart.label": "Auto restart after deployment", + "workflow_node.deploy.form.1panel_site_resource_type.label": "Resource type", + "workflow_node.deploy.form.1panel_site_resource_type.placeholder": "Please select resource type", + "workflow_node.deploy.form.1panel_site_resource_type.option.website.label": "Website", + "workflow_node.deploy.form.1panel_site_resource_type.option.certificate.label": "Certificate", "workflow_node.deploy.form.1panel_site_website_id.label": "1Panel website ID", "workflow_node.deploy.form.1panel_site_website_id.placeholder": "Please enter 1Panel website ID", "workflow_node.deploy.form.1panel_site_website_id.tooltip": "You can find it on 1Panel WebUI.", + "workflow_node.deploy.form.1panel_site_certificate_id.label": "1Panel certificate ID", + "workflow_node.deploy.form.1panel_site_certificate_id.placeholder": "Please enter 1Panel certificate ID", + "workflow_node.deploy.form.1panel_site_certificate_id.tooltip": "You can find it on 1Panel WebUI.", "workflow_node.deploy.form.aliyun_alb_resource_type.label": "Resource type", "workflow_node.deploy.form.aliyun_alb_resource_type.placeholder": "Please select resource type", "workflow_node.deploy.form.aliyun_alb_resource_type.option.loadbalancer.label": "ALB load balancer", diff --git a/ui/src/i18n/locales/zh/nls.workflow.nodes.json b/ui/src/i18n/locales/zh/nls.workflow.nodes.json index 03ce4875..50a93795 100644 --- a/ui/src/i18n/locales/zh/nls.workflow.nodes.json +++ b/ui/src/i18n/locales/zh/nls.workflow.nodes.json @@ -102,9 +102,16 @@ "workflow_node.deploy.form.certificate.tooltip": "待部署证书来自之前的申请或上传节点。如果选项为空请先确保前序节点配置正确。", "workflow_node.deploy.form.params_config.label": "参数设置", "workflow_node.deploy.form.1panel_console_auto_restart.label": "部署后自动重启面板服务", + "workflow_node.deploy.form.1panel_site_resource_type.label": "证书替换方式", + "workflow_node.deploy.form.1panel_site_resource_type.placeholder": "请选择证书替换方式", + "workflow_node.deploy.form.1panel_site_resource_type.option.website.label": "替换指定网站的证书", + "workflow_node.deploy.form.1panel_site_resource_type.option.certificate.label": "替换指定证书", "workflow_node.deploy.form.1panel_site_website_id.label": "1Panel 网站 ID", "workflow_node.deploy.form.1panel_site_website_id.placeholder": "请输入 1Panel 网站 ID", "workflow_node.deploy.form.1panel_site_website_id.tooltip": "请在 1Panel 管理面板查看。", + "workflow_node.deploy.form.1panel_site_certificate_id.label": "1Panel 证书 ID", + "workflow_node.deploy.form.1panel_site_certificate_id.placeholder": "请输入 1Panel 证书 ID", + "workflow_node.deploy.form.1panel_site_certificate_id.tooltip": "请在 1Panel 管理面板查看。", "workflow_node.deploy.form.aliyun_alb_resource_type.label": "证书替换方式", "workflow_node.deploy.form.aliyun_alb_resource_type.placeholder": "请选择证书替换方式", "workflow_node.deploy.form.aliyun_alb_resource_type.option.loadbalancer.label": "替换指定负载均衡器下的全部 HTTPS/QUIC 监听的证书", From 347695cf66cc236804e65d404ba14ff6c04e4ebd Mon Sep 17 00:00:00 2001 From: Fu Diwei Date: Sat, 19 Apr 2025 14:04:06 +0800 Subject: [PATCH 15/18] feat: update default certificate paths on deployment to local and ssh --- .../workflow/node/DeployNodeConfigFormLocalConfig.tsx | 4 ++-- .../workflow/node/DeployNodeConfigFormSSHConfig.tsx | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ui/src/components/workflow/node/DeployNodeConfigFormLocalConfig.tsx b/ui/src/components/workflow/node/DeployNodeConfigFormLocalConfig.tsx index 1ca2fe8c..afde53b3 100644 --- a/ui/src/components/workflow/node/DeployNodeConfigFormLocalConfig.tsx +++ b/ui/src/components/workflow/node/DeployNodeConfigFormLocalConfig.tsx @@ -39,8 +39,8 @@ const SHELLENV_POWERSHELL = "powershell" as const; const initFormModel = (): DeployNodeConfigFormLocalConfigFieldValues => { return { format: FORMAT_PEM, - certPath: "/etc/ssl/certs/cert.crt", - keyPath: "/etc/ssl/certs/cert.key", + certPath: "/etc/ssl/certimate/cert.crt", + keyPath: "/etc/ssl/certimate/cert.key", shellEnv: SHELLENV_SH, }; }; diff --git a/ui/src/components/workflow/node/DeployNodeConfigFormSSHConfig.tsx b/ui/src/components/workflow/node/DeployNodeConfigFormSSHConfig.tsx index 65a7df7b..c6d5db5a 100644 --- a/ui/src/components/workflow/node/DeployNodeConfigFormSSHConfig.tsx +++ b/ui/src/components/workflow/node/DeployNodeConfigFormSSHConfig.tsx @@ -35,8 +35,8 @@ const FORMAT_JKS = CERTIFICATE_FORMATS.JKS; const initFormModel = (): DeployNodeConfigFormSSHConfigFieldValues => { return { format: FORMAT_PEM, - certPath: "/etc/ssl/certs/cert.crt", - keyPath: "/etc/ssl/certs/cert.key", + certPath: "/etc/ssl/certimate/cert.crt", + keyPath: "/etc/ssl/certimate/cert.key", }; }; From 54ae378e30fc682ce71923ee76ce25b16d6c001d Mon Sep 17 00:00:00 2001 From: Fu Diwei Date: Sat, 19 Apr 2025 19:37:31 +0800 Subject: [PATCH 16/18] fix: handle deployment task status check on deployment to wangsu cdnpro --- .../pkg/core/deployer/providers/wangsu-cdnpro/wangsu_cdnpro.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/pkg/core/deployer/providers/wangsu-cdnpro/wangsu_cdnpro.go b/internal/pkg/core/deployer/providers/wangsu-cdnpro/wangsu_cdnpro.go index ba0e2cca..a9d931ed 100644 --- a/internal/pkg/core/deployer/providers/wangsu-cdnpro/wangsu_cdnpro.go +++ b/internal/pkg/core/deployer/providers/wangsu-cdnpro/wangsu_cdnpro.go @@ -210,7 +210,7 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPe if getDeploymentTaskDetailResp.Status == "failed" { return nil, errors.New("unexpected deployment task status") - } else if getDeploymentTaskDetailResp.Status == "succeeded" { + } else if getDeploymentTaskDetailResp.Status == "succeeded" || getDeploymentTaskDetailResp.FinishTime != "" { break } From ff58b9a317411cbde12b7b858ae3b3418e17f178 Mon Sep 17 00:00:00 2001 From: Fu Diwei Date: Mon, 21 Apr 2025 09:17:52 +0800 Subject: [PATCH 17/18] fix: wangsu api error --- .../providers/wangsu-cdnpro/wangsu_cdnpro.go | 15 +++++++++------ .../providers/wangsu-cdnpro/wangsu_cdnpro_test.go | 2 +- internal/pkg/vendors/wangsu-sdk/cdn/api.go | 12 ++++++++++++ internal/pkg/vendors/wangsu-sdk/cdn/models.go | 3 +-- internal/pkg/vendors/wangsu-sdk/openapi/client.go | 2 +- 5 files changed, 24 insertions(+), 10 deletions(-) diff --git a/internal/pkg/core/deployer/providers/wangsu-cdnpro/wangsu_cdnpro.go b/internal/pkg/core/deployer/providers/wangsu-cdnpro/wangsu_cdnpro.go index a9d931ed..a0c1e586 100644 --- a/internal/pkg/core/deployer/providers/wangsu-cdnpro/wangsu_cdnpro.go +++ b/internal/pkg/core/deployer/providers/wangsu-cdnpro/wangsu_cdnpro.go @@ -13,6 +13,7 @@ import ( "fmt" "log/slog" "regexp" + "strconv" "time" "github.com/alibabacloud-go/tea/tea" @@ -113,7 +114,8 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPe // http://open.chinanetcenter.com/cdn/certificates/5dca2205f9e9cc0001df7b33 // http://open.chinanetcenter.com/cdn/certificates/329f12c1fe6708c23c31e91f/versions/5 var wangsuCertUrl string - var wangsuCertId, wangsuCertVer string + var wangsuCertId string + var wangsuCertVer int32 // 如果原证书 ID 为空,则创建证书;否则更新证书。 timestamp := time.Now().Unix() @@ -139,7 +141,7 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPe wangsuCertId = wangsuCertIdMatches[1] } - wangsuCertVer = "1" + wangsuCertVer = 1 } else { // 更新证书 updateCertificateReq := &wangsucdn.UpdateCertificateRequest{ @@ -164,7 +166,8 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPe wangsuCertVerMatches := regexp.MustCompile(`/versions/(\d+)`).FindStringSubmatch(wangsuCertUrl) if len(wangsuCertVerMatches) > 1 { - wangsuCertVer = wangsuCertVerMatches[1] + n, _ := strconv.ParseInt(wangsuCertVerMatches[1], 10, 32) + wangsuCertVer = int32(n) } } @@ -177,7 +180,7 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPe { Action: tea.String("deploy_cert"), CertificateId: tea.String(wangsuCertId), - Version: tea.String(wangsuCertVer), + Version: tea.Int32(wangsuCertVer), }, }, } @@ -193,7 +196,7 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPe // 循环获取部署任务详细信息,等待任务状态变更 // REF: https://www.wangsu.com/document/api-doc/27038 var wangsuTaskId string - wangsuTaskMatches := regexp.MustCompile(`/deploymentTasks/([a-zA-Z0-9-]+)`).FindStringSubmatch(wangsuCertUrl) + wangsuTaskMatches := regexp.MustCompile(`/deploymentTasks/([a-zA-Z0-9-]+)`).FindStringSubmatch(createDeploymentTaskResp.DeploymentTaskUrl) if len(wangsuTaskMatches) > 1 { wangsuTaskId = wangsuTaskMatches[1] } @@ -203,7 +206,7 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPe } getDeploymentTaskDetailResp, err := d.sdkClient.GetDeploymentTaskDetail(wangsuTaskId) - d.logger.Debug("sdk request 'cdn.GetDeploymentTaskDetail'", slog.Any("taskId", wangsuTaskId), slog.Any("response", getDeploymentTaskDetailResp)) + d.logger.Info("sdk request 'cdn.GetDeploymentTaskDetail'", slog.Any("taskId", wangsuTaskId), slog.Any("response", getDeploymentTaskDetailResp)) if err != nil { return nil, xerrors.Wrap(err, "failed to execute sdk request 'cdn.GetDeploymentTaskDetail'") } diff --git a/internal/pkg/core/deployer/providers/wangsu-cdnpro/wangsu_cdnpro_test.go b/internal/pkg/core/deployer/providers/wangsu-cdnpro/wangsu_cdnpro_test.go index 30c5edda..2a868fab 100644 --- a/internal/pkg/core/deployer/providers/wangsu-cdnpro/wangsu_cdnpro_test.go +++ b/internal/pkg/core/deployer/providers/wangsu-cdnpro/wangsu_cdnpro_test.go @@ -48,7 +48,7 @@ Shell command to run this test: --CERTIMATE_DEPLOYER_WANGSUCDNPRO_APIKEY="your-api-key" \ --CERTIMATE_DEPLOYER_WANGSUCDNPRO_ENVIRONMENT="production" \ --CERTIMATE_DEPLOYER_WANGSUCDNPRO_DOMAIN="example.com" \ - --CERTIMATE_DEPLOYER_WANGSUCDNPRO_CERTIFICATEID="your-certificate-id"\ + --CERTIMATE_DEPLOYER_WANGSUCDNPRO_CERTIFICATEID="your-certificate-id" \ --CERTIMATE_DEPLOYER_WANGSUCDNPRO_WEBHOOKID="your-webhook-id" */ func TestDeploy(t *testing.T) { diff --git a/internal/pkg/vendors/wangsu-sdk/cdn/api.go b/internal/pkg/vendors/wangsu-sdk/cdn/api.go index d14e3fb1..92a05cfa 100644 --- a/internal/pkg/vendors/wangsu-sdk/cdn/api.go +++ b/internal/pkg/vendors/wangsu-sdk/cdn/api.go @@ -22,6 +22,10 @@ func (c *Client) CreateCertificate(req *CreateCertificateRequest) (*CreateCertif } func (c *Client) UpdateCertificate(certificateId string, req *UpdateCertificateRequest) (*UpdateCertificateResponse, error) { + if certificateId == "" { + return nil, fmt.Errorf("invalid parameter: certificateId") + } + resp := &UpdateCertificateResponse{} r, err := c.client.SendRequestWithResult(http.MethodPatch, fmt.Sprintf("/cdn/certificates/%s", url.PathEscape(certificateId)), req, resp, func(r *resty.Request) { r.SetHeader("x-cnc-timestamp", fmt.Sprintf("%d", req.Timestamp)) @@ -35,6 +39,10 @@ func (c *Client) UpdateCertificate(certificateId string, req *UpdateCertificateR } func (c *Client) GetHostnameDetail(hostname string) (*GetHostnameDetailResponse, error) { + if hostname == "" { + return nil, fmt.Errorf("invalid parameter: hostname") + } + resp := &GetHostnameDetailResponse{} _, err := c.client.SendRequestWithResult(http.MethodGet, fmt.Sprintf("/cdn/hostnames/%s", url.PathEscape(hostname)), nil, resp) return resp, err @@ -52,6 +60,10 @@ func (c *Client) CreateDeploymentTask(req *CreateDeploymentTaskRequest) (*Create } func (c *Client) GetDeploymentTaskDetail(deploymentTaskId string) (*GetDeploymentTaskDetailResponse, error) { + if deploymentTaskId == "" { + return nil, fmt.Errorf("invalid parameter: deploymentTaskId") + } + resp := &GetDeploymentTaskDetailResponse{} _, err := c.client.SendRequestWithResult(http.MethodGet, fmt.Sprintf("/cdn/deploymentTasks/%s", url.PathEscape(deploymentTaskId)), nil, resp) return resp, err diff --git a/internal/pkg/vendors/wangsu-sdk/cdn/models.go b/internal/pkg/vendors/wangsu-sdk/cdn/models.go index 765cd613..2bebced2 100644 --- a/internal/pkg/vendors/wangsu-sdk/cdn/models.go +++ b/internal/pkg/vendors/wangsu-sdk/cdn/models.go @@ -80,7 +80,7 @@ type DeploymentTaskAction struct { Action *string `json:"action,omitempty" required:"true"` PropertyId *string `json:"propertyId,omitempty"` CertificateId *string `json:"certificateId,omitempty"` - Version *string `json:"version,omitempty"` + Version *int32 `json:"version,omitempty"` } type CreateDeploymentTaskRequest struct { @@ -97,7 +97,6 @@ type CreateDeploymentTaskResponse struct { type GetDeploymentTaskDetailResponse struct { baseResponse - Id string `json:"id"` Name string `json:"name"` Target string `json:"target"` Actions []DeploymentTaskAction `json:"actions"` diff --git a/internal/pkg/vendors/wangsu-sdk/openapi/client.go b/internal/pkg/vendors/wangsu-sdk/openapi/client.go index 709f4e2c..d63c20c7 100644 --- a/internal/pkg/vendors/wangsu-sdk/openapi/client.go +++ b/internal/pkg/vendors/wangsu-sdk/openapi/client.go @@ -111,7 +111,7 @@ func NewClient(accessKey, secretKey string) *Client { signHex := strings.ToLower(hex.EncodeToString(sign)) // Step 9: Add headers to request - req.Header.Set("x-cnc-accessKey", accessKey) + req.Header.Set("x-cnc-accesskey", accessKey) req.Header.Set("x-cnc-timestamp", timestampString) req.Header.Set("x-cnc-auth-method", "AKSK") req.Header.Set("Authorization", fmt.Sprintf("%s Credential=%s, SignedHeaders=%s, Signature=%s", SignAlgorithmHeader, accessKey, signedHeaders, signHex)) From 8fe942d8d5b28e8045f0a740e79bc3f460ba69b3 Mon Sep 17 00:00:00 2001 From: "Yoan.liu" Date: Mon, 21 Apr 2025 21:27:13 +0800 Subject: [PATCH 18/18] update to version v0.3.9 --- ui/src/domain/version.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ui/src/domain/version.ts b/ui/src/domain/version.ts index 8818dd83..3c1813b7 100644 --- a/ui/src/domain/version.ts +++ b/ui/src/domain/version.ts @@ -1 +1 @@ -export const version = "v0.3.8"; +export const version = "v0.3.9";