diff --git a/internal/deployer/providers.go b/internal/deployer/providers.go
index 708dc6d0..dac425f9 100644
--- a/internal/deployer/providers.go
+++ b/internal/deployer/providers.go
@@ -84,6 +84,7 @@ import (
pTencentCloudSCF "github.com/certimate-go/certimate/pkg/core/ssl-deployer/providers/tencentcloud-scf"
pTencentCloudSSL "github.com/certimate-go/certimate/pkg/core/ssl-deployer/providers/tencentcloud-ssl"
pTencentCloudSSLDeploy "github.com/certimate-go/certimate/pkg/core/ssl-deployer/providers/tencentcloud-ssl-deploy"
+ pTencentCloudSSLUpdate "github.com/certimate-go/certimate/pkg/core/ssl-deployer/providers/tencentcloud-ssl-update"
pTencentCloudVOD "github.com/certimate-go/certimate/pkg/core/ssl-deployer/providers/tencentcloud-vod"
pTencentCloudWAF "github.com/certimate-go/certimate/pkg/core/ssl-deployer/providers/tencentcloud-waf"
pUCloudUCDN "github.com/certimate-go/certimate/pkg/core/ssl-deployer/providers/ucloud-ucdn"
@@ -1118,7 +1119,7 @@ func createSSLDeployerProvider(options *deployerProviderOptions) (core.SSLDeploy
return deployer, err
}
- case domain.DeploymentProviderTypeTencentCloudCDN, domain.DeploymentProviderTypeTencentCloudCLB, domain.DeploymentProviderTypeTencentCloudCOS, domain.DeploymentProviderTypeTencentCloudCSS, domain.DeploymentProviderTypeTencentCloudECDN, domain.DeploymentProviderTypeTencentCloudEO, domain.DeploymentProviderTypeTencentCloudGAAP, domain.DeploymentProviderTypeTencentCloudSCF, domain.DeploymentProviderTypeTencentCloudSSL, domain.DeploymentProviderTypeTencentCloudSSLDeploy, domain.DeploymentProviderTypeTencentCloudVOD, domain.DeploymentProviderTypeTencentCloudWAF:
+ case domain.DeploymentProviderTypeTencentCloudCDN, domain.DeploymentProviderTypeTencentCloudCLB, domain.DeploymentProviderTypeTencentCloudCOS, domain.DeploymentProviderTypeTencentCloudCSS, domain.DeploymentProviderTypeTencentCloudECDN, domain.DeploymentProviderTypeTencentCloudEO, domain.DeploymentProviderTypeTencentCloudGAAP, domain.DeploymentProviderTypeTencentCloudSCF, domain.DeploymentProviderTypeTencentCloudSSL, domain.DeploymentProviderTypeTencentCloudSSLDeploy, domain.DeploymentProviderTypeTencentCloudSSLUpdate, domain.DeploymentProviderTypeTencentCloudVOD, domain.DeploymentProviderTypeTencentCloudWAF:
{
access := domain.AccessConfigForTencentCloud{}
if err := xmaps.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -1226,6 +1227,18 @@ func createSSLDeployerProvider(options *deployerProviderOptions) (core.SSLDeploy
})
return deployer, err
+ case domain.DeploymentProviderTypeTencentCloudSSLUpdate:
+ deployer, err := pTencentCloudSSLUpdate.NewSSLDeployerProvider(&pTencentCloudSSLUpdate.SSLDeployerProviderConfig{
+ SecretId: access.SecretId,
+ SecretKey: access.SecretKey,
+ Endpoint: xmaps.GetString(options.ProviderServiceConfig, "endpoint"),
+ CertificiateId: xmaps.GetString(options.ProviderServiceConfig, "certificiateId"),
+ IsReplaced: xmaps.GetBool(options.ProviderServiceConfig, "isReplaced"),
+ ResourceRegions: xslices.Filter(strings.Split(xmaps.GetString(options.ProviderServiceConfig, "resourceRegions"), ";"), func(s string) bool { return s != "" }),
+ ResourceTypes: xslices.Filter(strings.Split(xmaps.GetString(options.ProviderServiceConfig, "resourceTypes"), ";"), func(s string) bool { return s != "" }),
+ })
+ return deployer, err
+
case domain.DeploymentProviderTypeTencentCloudVOD:
deployer, err := pTencentCloudVOD.NewSSLDeployerProvider(&pTencentCloudVOD.SSLDeployerProviderConfig{
SecretId: access.SecretId,
diff --git a/internal/domain/provider.go b/internal/domain/provider.go
index 47ba0e72..3688d5e3 100644
--- a/internal/domain/provider.go
+++ b/internal/domain/provider.go
@@ -257,6 +257,7 @@ const (
DeploymentProviderTypeTencentCloudSCF = DeploymentProviderType(AccessProviderTypeTencentCloud + "-scf")
DeploymentProviderTypeTencentCloudSSL = DeploymentProviderType(AccessProviderTypeTencentCloud + "-ssl")
DeploymentProviderTypeTencentCloudSSLDeploy = DeploymentProviderType(AccessProviderTypeTencentCloud + "-ssldeploy")
+ DeploymentProviderTypeTencentCloudSSLUpdate = DeploymentProviderType(AccessProviderTypeTencentCloud + "-sslupdate")
DeploymentProviderTypeTencentCloudVOD = DeploymentProviderType(AccessProviderTypeTencentCloud + "-vod")
DeploymentProviderTypeTencentCloudWAF = DeploymentProviderType(AccessProviderTypeTencentCloud + "-waf")
DeploymentProviderTypeUCloudUCDN = DeploymentProviderType(AccessProviderTypeUCloud + "-ucdn")
diff --git a/pkg/core/ssl-deployer/providers/tencentcloud-ssl-update/tencentcloud_ssl_update.go b/pkg/core/ssl-deployer/providers/tencentcloud-ssl-update/tencentcloud_ssl_update.go
new file mode 100644
index 00000000..e12f894f
--- /dev/null
+++ b/pkg/core/ssl-deployer/providers/tencentcloud-ssl-update/tencentcloud_ssl_update.go
@@ -0,0 +1,304 @@
+package tencentcloudsslupdate
+
+import (
+ "context"
+ "errors"
+ "fmt"
+ "log/slog"
+ "slices"
+ "time"
+
+ "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common"
+ "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile"
+ tcssl "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl/v20191205"
+
+ "github.com/certimate-go/certimate/pkg/core"
+ sslmgrsp "github.com/certimate-go/certimate/pkg/core/ssl-manager/providers/tencentcloud-ssl"
+)
+
+type SSLDeployerProviderConfig struct {
+ // 腾讯云 SecretId。
+ SecretId string `json:"secretId"`
+ // 腾讯云 SecretKey。
+ SecretKey string `json:"secretKey"`
+ // 腾讯云接口端点。
+ Endpoint string `json:"endpoint,omitempty"`
+ // 原证书 ID。
+ CertificiateId string `json:"certificateId"`
+ // 是否替换原有证书(即保持原证书 ID 不变)。
+ IsReplaced bool `json:"isReplaced,omitempty"`
+ // 云资源类型数组。
+ ResourceTypes []string `json:"resourceTypes"`
+ // 云资源地域数组。
+ ResourceRegions []string `json:"resourceRegions"`
+}
+
+type SSLDeployerProvider struct {
+ config *SSLDeployerProviderConfig
+ logger *slog.Logger
+ sdkClient *tcssl.Client
+ sslManager core.SSLManager
+}
+
+var _ core.SSLDeployer = (*SSLDeployerProvider)(nil)
+
+func NewSSLDeployerProvider(config *SSLDeployerProviderConfig) (*SSLDeployerProvider, error) {
+ if config == nil {
+ return nil, errors.New("the configuration of the ssl deployer provider is nil")
+ }
+
+ client, err := createSDKClient(config.SecretId, config.SecretKey, config.Endpoint)
+ if err != nil {
+ return nil, fmt.Errorf("could not create sdk client: %w", err)
+ }
+
+ sslmgr, err := sslmgrsp.NewSSLManagerProvider(&sslmgrsp.SSLManagerProviderConfig{
+ SecretId: config.SecretId,
+ SecretKey: config.SecretKey,
+ Endpoint: config.Endpoint,
+ })
+ if err != nil {
+ return nil, fmt.Errorf("could not create ssl manager: %w", err)
+ }
+
+ return &SSLDeployerProvider{
+ config: config,
+ logger: slog.Default(),
+ sdkClient: client,
+ sslManager: sslmgr,
+ }, nil
+}
+
+func (d *SSLDeployerProvider) SetLogger(logger *slog.Logger) {
+ if logger == nil {
+ d.logger = slog.New(slog.DiscardHandler)
+ } else {
+ d.logger = logger
+ }
+
+ d.sslManager.SetLogger(logger)
+}
+
+func (d *SSLDeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPEM string) (*core.SSLDeployResult, error) {
+ if d.config.CertificiateId == "" {
+ return nil, errors.New("config `certificateId` is required")
+ }
+ if len(d.config.ResourceTypes) == 0 {
+ return nil, errors.New("config `resourceTypes` is required")
+ }
+
+ if d.config.IsReplaced {
+ if err := d.executeUploadUpdateCertificateInstance(ctx, certPEM, privkeyPEM); err != nil {
+ return nil, err
+ }
+ } else {
+ if err := d.executeUpdateCertificateInstance(ctx, certPEM, privkeyPEM); err != nil {
+ return nil, err
+ }
+ }
+
+ return &core.SSLDeployResult{}, nil
+}
+
+func (d *SSLDeployerProvider) executeUpdateCertificateInstance(ctx context.Context, certPEM string, privkeyPEM string) error {
+ // 上传证书
+ upres, err := d.sslManager.Upload(ctx, certPEM, privkeyPEM)
+ if err != nil {
+ return fmt.Errorf("failed to upload certificate file: %w", err)
+ } else {
+ d.logger.Info("ssl certificate uploaded", slog.Any("result", upres))
+ }
+
+ // 一键更新新旧证书资源
+ // REF: https://cloud.tencent.com/document/product/400/91649
+ var deployRecordId string
+ for {
+ select {
+ case <-ctx.Done():
+ return ctx.Err()
+ default:
+ }
+
+ updateCertificateInstanceReq := tcssl.NewUpdateCertificateInstanceRequest()
+ updateCertificateInstanceReq.OldCertificateId = common.StringPtr(d.config.CertificiateId)
+ updateCertificateInstanceReq.CertificateId = common.StringPtr(upres.CertId)
+ updateCertificateInstanceReq.ResourceTypes = common.StringPtrs(d.config.ResourceTypes)
+ updateCertificateInstanceReq.ResourceTypesRegions = wrapResourceTypeRegions(d.config.ResourceTypes, d.config.ResourceRegions)
+ updateCertificateInstanceResp, err := d.sdkClient.UpdateCertificateInstance(updateCertificateInstanceReq)
+ d.logger.Debug("sdk request 'ssl.UpdateCertificateInstance'", slog.Any("request", updateCertificateInstanceReq), slog.Any("response", updateCertificateInstanceResp))
+ if err != nil {
+ return fmt.Errorf("failed to execute sdk request 'ssl.UpdateCertificateInstance': %w", err)
+ }
+
+ if updateCertificateInstanceResp.Response.DeployStatus == nil {
+ return errors.New("unexpected deployment job status")
+ } else if *updateCertificateInstanceResp.Response.DeployStatus == 1 {
+ deployRecordId = fmt.Sprintf("%d", *updateCertificateInstanceResp.Response.DeployRecordId)
+ break
+ }
+
+ time.Sleep(time.Second * 5)
+ }
+
+ // 循环查询证书云资源更新记录详情,等待任务状态变更
+ // REF: https://cloud.tencent.com/document/api/400/91652
+ for {
+ select {
+ case <-ctx.Done():
+ return ctx.Err()
+ default:
+ }
+
+ describeHostUpdateRecordDetailReq := tcssl.NewDescribeHostUpdateRecordDetailRequest()
+ describeHostUpdateRecordDetailReq.DeployRecordId = common.StringPtr(deployRecordId)
+ describeHostUpdateRecordDetailResp, err := d.sdkClient.DescribeHostUpdateRecordDetail(describeHostUpdateRecordDetailReq)
+ d.logger.Debug("sdk request 'ssl.DescribeHostUpdateRecordDetail'", slog.Any("request", describeHostUpdateRecordDetailReq), slog.Any("response", describeHostUpdateRecordDetailResp))
+ if err != nil {
+ return fmt.Errorf("failed to execute sdk request 'ssl.DescribeHostUpdateRecordDetail': %w", err)
+ }
+
+ var runningCount, succeededCount, failedCount, totalCount int64
+ if describeHostUpdateRecordDetailResp.Response.TotalCount == nil {
+ return errors.New("unexpected deployment job status")
+ } else {
+ if describeHostUpdateRecordDetailResp.Response.RunningTotalCount != nil {
+ runningCount = *describeHostUpdateRecordDetailResp.Response.RunningTotalCount
+ }
+ if describeHostUpdateRecordDetailResp.Response.SuccessTotalCount != nil {
+ succeededCount = *describeHostUpdateRecordDetailResp.Response.SuccessTotalCount
+ }
+ if describeHostUpdateRecordDetailResp.Response.FailedTotalCount != nil {
+ failedCount = *describeHostUpdateRecordDetailResp.Response.FailedTotalCount
+ }
+ if describeHostUpdateRecordDetailResp.Response.TotalCount != nil {
+ totalCount = *describeHostUpdateRecordDetailResp.Response.TotalCount
+ }
+
+ if succeededCount+failedCount == totalCount {
+ break
+ }
+ }
+
+ d.logger.Info(fmt.Sprintf("waiting for deployment job completion (running: %d, succeeded: %d, failed: %d, total: %d) ...", runningCount, succeededCount, failedCount, totalCount))
+ time.Sleep(time.Second * 5)
+ }
+
+ return nil
+}
+
+func (d *SSLDeployerProvider) executeUploadUpdateCertificateInstance(ctx context.Context, certPEM string, privkeyPEM string) error {
+ // 更新证书内容并更新关联的云资源
+ // REF: https://cloud.tencent.com/document/product/400/119791
+ // var deployRecordId string
+ for {
+ select {
+ case <-ctx.Done():
+ return ctx.Err()
+ default:
+ }
+
+ uploadUpdateCertificateInstanceReq := tcssl.NewUploadUpdateCertificateInstanceRequest()
+ uploadUpdateCertificateInstanceReq.OldCertificateId = common.StringPtr(d.config.CertificiateId)
+ uploadUpdateCertificateInstanceReq.CertificatePublicKey = common.StringPtr(certPEM)
+ uploadUpdateCertificateInstanceReq.CertificatePrivateKey = common.StringPtr(privkeyPEM)
+ uploadUpdateCertificateInstanceReq.ResourceTypes = common.StringPtrs(d.config.ResourceTypes)
+ uploadUpdateCertificateInstanceReq.ResourceTypesRegions = wrapResourceTypeRegions(d.config.ResourceTypes, d.config.ResourceRegions)
+ uploadUpdateCertificateInstanceResp, err := d.sdkClient.UploadUpdateCertificateInstance(uploadUpdateCertificateInstanceReq)
+ d.logger.Debug("sdk request 'ssl.UploadUpdateCertificateInstance'", slog.Any("request", uploadUpdateCertificateInstanceReq), slog.Any("response", uploadUpdateCertificateInstanceResp))
+ if err != nil {
+ return fmt.Errorf("failed to execute sdk request 'ssl.UploadUpdateCertificateInstance': %w", err)
+ }
+
+ if uploadUpdateCertificateInstanceResp.Response.DeployStatus == nil {
+ return errors.New("unexpected deployment job status")
+ } else if *uploadUpdateCertificateInstanceResp.Response.DeployStatus == 1 {
+ // deployRecordId = fmt.Sprintf("%d", *uploadUpdateCertificateInstanceResp.Response.DeployRecordId)
+ break
+ }
+
+ time.Sleep(time.Second * 5)
+ }
+
+ // // 循环查询证书云资源更新记录详情,等待任务状态变更
+ // for {
+ // select {
+ // case <-ctx.Done():
+ // return ctx.Err()
+ // default:
+ // }
+
+ // describeHostUploadUpdateRecordDetailReq := tcssl.NewDescribeHostUploadUpdateRecordDetailRequest()
+ // describeHostUploadUpdateRecordDetailReq.DeployRecordId = common.StringPtr(deployRecordId)
+ // describeHostUploadUpdateRecordDetailResp, err := d.sdkClient.DescribeHostUpdateRecord(describeHostUploadUpdateRecordDetailReq)
+ // d.logger.Debug("sdk request 'ssl.DescribeHostUploadUpdateRecordDetail'", slog.Any("request", describeHostUploadUpdateRecordDetailReq), slog.Any("response", describeHostUploadUpdateRecordDetailResp))
+ // if err != nil {
+ // return fmt.Errorf("failed to execute sdk request 'ssl.DescribeHostUploadUpdateRecordDetail': %w", err)
+ // }
+
+ // var runningCount, succeededCount, failedCount, totalCount int64
+ // if describeHostUploadUpdateRecordDetailResp.Response.TotalCount == nil {
+ // return errors.New("unexpected deployment job status")
+ // } else {
+ // for _, record := range describeHostUploadUpdateRecordDetailResp.Response.DeployRecordDetail {
+ // if record.RunningTotalCount != nil {
+ // runningCount = *record.RunningTotalCount
+ // }
+ // if record.SuccessTotalCount != nil {
+ // succeededCount = *record.SuccessTotalCount
+ // }
+ // if record.FailedTotalCount != nil {
+ // failedCount = *record.FailedTotalCount
+ // }
+ // if record.TotalCount != nil {
+ // totalCount = *record.TotalCount
+ // }
+ // }
+
+ // if succeededCount+failedCount == totalCount {
+ // break
+ // }
+ // }
+
+ // d.logger.Info(fmt.Sprintf("waiting for deployment job completion (running: %d, succeeded: %d, failed: %d, total: %d) ...", runningCount, succeededCount, failedCount, totalCount))
+ // time.Sleep(time.Second * 5)
+ // }
+
+ return nil
+}
+
+func createSDKClient(secretId, secretKey, endpoint string) (*tcssl.Client, error) {
+ credential := common.NewCredential(secretId, secretKey)
+
+ cpf := profile.NewClientProfile()
+ if endpoint != "" {
+ cpf.HttpProfile.Endpoint = endpoint
+ }
+
+ client, err := tcssl.NewClient(credential, "", cpf)
+ if err != nil {
+ return nil, err
+ }
+
+ return client, nil
+}
+
+func wrapResourceTypeRegions(resourceTypes, resourceRegions []string) []*tcssl.ResourceTypeRegions {
+ if len(resourceTypes) == 0 || len(resourceRegions) == 0 {
+ return nil
+ }
+
+ // 仅以下云资源类型支持地域
+ resourceTypesRequireRegion := []string{"apigateway", "clb", "cos", "tcb", "tke", "tse", "waf"}
+
+ temp := make([]*tcssl.ResourceTypeRegions, 0)
+ for _, resourceType := range resourceTypes {
+ if slices.Contains(resourceTypesRequireRegion, resourceType) {
+ temp = append(temp, &tcssl.ResourceTypeRegions{
+ ResourceType: common.StringPtr(resourceType),
+ Regions: common.StringPtrs(resourceRegions),
+ })
+ }
+ }
+
+ return temp
+}
diff --git a/ui/src/components/workflow/node/DeployNodeConfigForm.tsx b/ui/src/components/workflow/node/DeployNodeConfigForm.tsx
index 16e587ea..baf4dcf4 100644
--- a/ui/src/components/workflow/node/DeployNodeConfigForm.tsx
+++ b/ui/src/components/workflow/node/DeployNodeConfigForm.tsx
@@ -87,6 +87,7 @@ import DeployNodeConfigFormTencentCloudGAAPConfig from "./DeployNodeConfigFormTe
import DeployNodeConfigFormTencentCloudSCFConfig from "./DeployNodeConfigFormTencentCloudSCFConfig";
import DeployNodeConfigFormTencentCloudSSLConfig from "./DeployNodeConfigFormTencentCloudSSLConfig";
import DeployNodeConfigFormTencentCloudSSLDeployConfig from "./DeployNodeConfigFormTencentCloudSSLDeployConfig";
+import DeployNodeConfigFormTencentCloudSSLUpdateConfig from "./DeployNodeConfigFormTencentCloudSSLUpdateConfig";
import DeployNodeConfigFormTencentCloudVODConfig from "./DeployNodeConfigFormTencentCloudVODConfig";
import DeployNodeConfigFormTencentCloudWAFConfig from "./DeployNodeConfigFormTencentCloudWAFConfig";
import DeployNodeConfigFormUCloudUCDNConfig from "./DeployNodeConfigFormUCloudUCDNConfig.tsx";
@@ -347,6 +348,8 @@ const DeployNodeConfigForm = forwardRef