diff --git a/internal/deployer/providers.go b/internal/deployer/providers.go
index 61d14613..fc3c7a37 100644
--- a/internal/deployer/providers.go
+++ b/internal/deployer/providers.go
@@ -370,8 +370,9 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) {
switch options.Provider {
case domain.DeployProviderTypeBaishanCDN:
deployer, err := pBaishanCDN.NewDeployer(&pBaishanCDN.DeployerConfig{
- ApiToken: access.ApiToken,
- Domain: maputil.GetString(options.ProviderDeployConfig, "domain"),
+ ApiToken: access.ApiToken,
+ Domain: maputil.GetString(options.ProviderDeployConfig, "domain"),
+ CertificateId: maputil.GetString(options.ProviderDeployConfig, "certificateId"),
})
return deployer, err
diff --git a/internal/pkg/core/deployer/providers/baishan-cdn/baishan_cdn.go b/internal/pkg/core/deployer/providers/baishan-cdn/baishan_cdn.go
index e6aec2ab..ce204525 100644
--- a/internal/pkg/core/deployer/providers/baishan-cdn/baishan_cdn.go
+++ b/internal/pkg/core/deployer/providers/baishan-cdn/baishan_cdn.go
@@ -21,6 +21,9 @@ type DeployerConfig struct {
ApiToken string `json:"apiToken"`
// 加速域名(支持泛域名)。
Domain string `json:"domain"`
+ // 证书 ID。
+ // 选填。
+ CertificateId string `json:"certificateId,omitempty"`
}
type DeployerProvider struct {
@@ -62,63 +65,79 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPe
return nil, errors.New("config `domain` is required")
}
- // 查询域名配置
- // REF: https://portal.baishancloud.com/track/document/api/1/1065
- getDomainConfigReq := &bssdk.GetDomainConfigRequest{
- Domains: d.config.Domain,
- Config: []string{"https"},
- }
- getDomainConfigResp, err := d.sdkClient.GetDomainConfig(getDomainConfigReq)
- d.logger.Debug("sdk request 'baishan.GetDomainConfig'", slog.Any("request", getDomainConfigReq), slog.Any("response", getDomainConfigResp))
- if err != nil {
- return nil, xerrors.Wrap(err, "failed to execute sdk request 'baishan.GetDomainConfig'")
- } else if len(getDomainConfigResp.Data) == 0 {
- return nil, errors.New("domain config not found")
- }
-
- // 新增证书
- // REF: https://portal.baishancloud.com/track/document/downloadPdf/1441
- certificateId := ""
- createCertificateReq := &bssdk.CreateCertificateRequest{
- Certificate: certPem,
- Key: privkeyPem,
- Name: fmt.Sprintf("certimate_%d", time.Now().UnixMilli()),
- }
- createCertificateResp, err := d.sdkClient.CreateCertificate(createCertificateReq)
- d.logger.Debug("sdk request 'baishan.CreateCertificate'", slog.Any("request", createCertificateReq), slog.Any("response", createCertificateResp))
- if err != nil {
- if createCertificateResp != nil {
- if createCertificateResp.GetCode() == 400699 && strings.Contains(createCertificateResp.GetMessage(), "this certificate is exists") {
- // 证书已存在,忽略新增证书接口错误
- re := regexp.MustCompile(`\d+`)
- certificateId = re.FindString(createCertificateResp.GetMessage())
+ if d.config.CertificateId == "" {
+ // 新增证书
+ // REF: https://portal.baishancloud.com/track/document/downloadPdf/1441
+ certificateId := ""
+ createCertificateReq := &bssdk.CreateCertificateRequest{
+ Certificate: certPem,
+ Key: privkeyPem,
+ Name: fmt.Sprintf("certimate_%d", time.Now().UnixMilli()),
+ }
+ createCertificateResp, err := d.sdkClient.CreateCertificate(createCertificateReq)
+ d.logger.Debug("sdk request 'baishan.CreateCertificate'", slog.Any("request", createCertificateReq), slog.Any("response", createCertificateResp))
+ if err != nil {
+ if createCertificateResp != nil {
+ if createCertificateResp.GetCode() == 400699 && strings.Contains(createCertificateResp.GetMessage(), "this certificate is exists") {
+ // 证书已存在,忽略新增证书接口错误
+ re := regexp.MustCompile(`\d+`)
+ certificateId = re.FindString(createCertificateResp.GetMessage())
+ }
}
+
+ if certificateId == "" {
+ return nil, xerrors.Wrap(err, "failed to execute sdk request 'baishan.CreateCertificate'")
+ }
+ } else {
+ certificateId = createCertificateResp.Data.CertId.String()
}
- if certificateId == "" {
- return nil, xerrors.Wrap(err, "failed to execute sdk request 'baishan.CreateCertificate'")
+ // 查询域名配置
+ // REF: https://portal.baishancloud.com/track/document/api/1/1065
+ getDomainConfigReq := &bssdk.GetDomainConfigRequest{
+ Domains: d.config.Domain,
+ Config: []string{"https"},
+ }
+ getDomainConfigResp, err := d.sdkClient.GetDomainConfig(getDomainConfigReq)
+ d.logger.Debug("sdk request 'baishan.GetDomainConfig'", slog.Any("request", getDomainConfigReq), slog.Any("response", getDomainConfigResp))
+ if err != nil {
+ return nil, xerrors.Wrap(err, "failed to execute sdk request 'baishan.GetDomainConfig'")
+ } else if len(getDomainConfigResp.Data) == 0 {
+ return nil, errors.New("domain config not found")
+ }
+
+ // 设置域名配置
+ // REF: https://portal.baishancloud.com/track/document/api/1/1045
+ setDomainConfigReq := &bssdk.SetDomainConfigRequest{
+ Domains: d.config.Domain,
+ Config: &bssdk.DomainConfig{
+ Https: &bssdk.DomainConfigHttps{
+ CertId: json.Number(certificateId),
+ ForceHttps: getDomainConfigResp.Data[0].Config.Https.ForceHttps,
+ EnableHttp2: getDomainConfigResp.Data[0].Config.Https.EnableHttp2,
+ EnableOcsp: getDomainConfigResp.Data[0].Config.Https.EnableOcsp,
+ },
+ },
+ }
+ setDomainConfigResp, err := d.sdkClient.SetDomainConfig(setDomainConfigReq)
+ d.logger.Debug("sdk request 'baishan.SetDomainConfig'", slog.Any("request", setDomainConfigReq), slog.Any("response", setDomainConfigResp))
+ if err != nil {
+ return nil, xerrors.Wrap(err, "failed to execute sdk request 'baishan.SetDomainConfig'")
}
} else {
- certificateId = createCertificateResp.Data.CertId.String()
- }
-
- // 设置域名配置
- // REF: https://portal.baishancloud.com/track/document/api/1/1045
- setDomainConfigReq := &bssdk.SetDomainConfigRequest{
- Domains: d.config.Domain,
- Config: &bssdk.DomainConfig{
- Https: &bssdk.DomainConfigHttps{
- CertId: json.Number(certificateId),
- ForceHttps: getDomainConfigResp.Data[0].Config.Https.ForceHttps,
- EnableHttp2: getDomainConfigResp.Data[0].Config.Https.EnableHttp2,
- EnableOcsp: getDomainConfigResp.Data[0].Config.Https.EnableOcsp,
- },
- },
- }
- setDomainConfigResp, err := d.sdkClient.SetDomainConfig(setDomainConfigReq)
- d.logger.Debug("sdk request 'baishan.SetDomainConfig'", slog.Any("request", setDomainConfigReq), slog.Any("response", setDomainConfigResp))
- if err != nil {
- return nil, xerrors.Wrap(err, "failed to execute sdk request 'baishan.SetDomainConfig'")
+ // 替换证书
+ // REF: https://portal.baishancloud.com/track/document/downloadPdf/1441
+ createCertificateReq := &bssdk.CreateCertificateRequest{
+ CertificateId: &d.config.CertificateId,
+ Certificate: certPem,
+ Key: privkeyPem,
+ Name: fmt.Sprintf("certimate_%d", time.Now().UnixMilli()),
+ }
+ createCertificateResp, err := d.sdkClient.CreateCertificate(createCertificateReq)
+ d.logger.Debug("sdk request 'baishan.CreateCertificate'", slog.Any("request", createCertificateReq), slog.Any("response", createCertificateResp))
+ if err != nil {
+ return nil, xerrors.Wrap(err, "failed to execute sdk request 'baishan.CreateCertificate'")
+ }
}
return &deployer.DeployResult{}, nil
diff --git a/internal/pkg/vendors/baishan-sdk/models.go b/internal/pkg/vendors/baishan-sdk/models.go
index b7dfd3f5..397061d4 100644
--- a/internal/pkg/vendors/baishan-sdk/models.go
+++ b/internal/pkg/vendors/baishan-sdk/models.go
@@ -27,9 +27,10 @@ func (r *baseResponse) GetMessage() string {
}
type CreateCertificateRequest struct {
- Certificate string `json:"certificate"`
- Key string `json:"key"`
- Name string `json:"name"`
+ CertificateId *string `json:"cert_id,omitempty"`
+ Certificate string `json:"certificate"`
+ Key string `json:"key"`
+ Name string `json:"name"`
}
type CreateCertificateResponse struct {
diff --git a/ui/src/components/workflow/node/DeployNodeConfigFormBaishanCDNConfig.tsx b/ui/src/components/workflow/node/DeployNodeConfigFormBaishanCDNConfig.tsx
index 828d5845..57b2aacc 100644
--- a/ui/src/components/workflow/node/DeployNodeConfigFormBaishanCDNConfig.tsx
+++ b/ui/src/components/workflow/node/DeployNodeConfigFormBaishanCDNConfig.tsx
@@ -7,6 +7,7 @@ import { validDomainName } from "@/utils/validators";
type DeployNodeConfigFormBaishanCDNConfigFieldValues = Nullish<{
domain: string;
+ certificateId?: string | number;
}>;
export type DeployNodeConfigFormBaishanCDNConfigProps = {
@@ -34,6 +35,13 @@ const DeployNodeConfigFormBaishanCDNConfig = ({
domain: z
.string({ message: t("workflow_node.deploy.form.baishan_cdn_domain.placeholder") })
.refine((v) => validDomainName(v, { allowWildcard: true }), t("common.errmsg.domain_invalid")),
+ certificateId: z
+ .string()
+ .nullish()
+ .refine((v) => {
+ if (!v) return true;
+ return /^\d+$/.test(v + "") && +v > 0;
+ }, t("workflow_node.deploy.form.baishan_cdn_certificate_id.placeholder")),
});
const formRule = createSchemaFieldRule(formSchema);
@@ -58,6 +66,15 @@ const DeployNodeConfigFormBaishanCDNConfig = ({
>
+
+ }
+ >
+
+
);
};
diff --git a/ui/src/i18n/locales/en/nls.workflow.nodes.json b/ui/src/i18n/locales/en/nls.workflow.nodes.json
index d3eec6b0..39c0361c 100644
--- a/ui/src/i18n/locales/en/nls.workflow.nodes.json
+++ b/ui/src/i18n/locales/en/nls.workflow.nodes.json
@@ -265,6 +265,9 @@
"workflow_node.deploy.form.baishan_cdn_domain.label": "Baishan CDN domain",
"workflow_node.deploy.form.baishan_cdn_domain.placeholder": "Please enter Baishan CDN domain name",
"workflow_node.deploy.form.baishan_cdn_domain.tooltip": "For more information, see https://cdnx.console.baishan.com",
+ "workflow_node.deploy.form.baishan_cdn_certificate_id.label": "Baishan CDN certificate ID (Optional",
+ "workflow_node.deploy.form.baishan_cdn_certificate_id.placeholder": "Please enter Baishan CDN certificate ID",
+ "workflow_node.deploy.form.baishan_cdn_certificate_id.tooltip": "For more information, see https://cdnx.console.baishan.com/#/cdn/cert",
"workflow_node.deploy.form.baotapanel_console_auto_restart.label": "Auto restart after deployment",
"workflow_node.deploy.form.baotapanel_site_type.label": "aaPanel site type",
"workflow_node.deploy.form.baotapanel_site_type.placeholder": "Please select aaPanel site type",
diff --git a/ui/src/i18n/locales/zh/nls.workflow.nodes.json b/ui/src/i18n/locales/zh/nls.workflow.nodes.json
index efab84a2..99382f80 100644
--- a/ui/src/i18n/locales/zh/nls.workflow.nodes.json
+++ b/ui/src/i18n/locales/zh/nls.workflow.nodes.json
@@ -114,7 +114,7 @@
"workflow_node.deploy.form.aliyun_alb_listener_id.tooltip": "这是什么?请参阅 https://slb.console.aliyun.com/alb",
"workflow_node.deploy.form.aliyun_alb_snidomain.label": "阿里云 ALB 扩展域名(可选)",
"workflow_node.deploy.form.aliyun_alb_snidomain.placeholder": "请输入阿里云 ALB 扩展域名(支持泛域名)",
- "workflow_node.deploy.form.aliyun_alb_snidomain.tooltip": "这是什么?请参阅 https://slb.console.aliyun.com/alb
不填写时,将替换监听器的默认证书。",
+ "workflow_node.deploy.form.aliyun_alb_snidomain.tooltip": "这是什么?请参阅 https://slb.console.aliyun.com/alb
不填写时,将替换监听器的默认证书;否则,将替换扩展域名证书。",
"workflow_node.deploy.form.aliyun_cas_region.label": "阿里云 CAS 服务地域",
"workflow_node.deploy.form.aliyun_cas_region.placeholder": "请输入阿里云 CAS 服务地域(例如:cn-hangzhou)",
"workflow_node.deploy.form.aliyun_cas_region.tooltip": "这是什么?请参阅 https://help.aliyun.com/zh/ssl-certificate/developer-reference/endpoints",
@@ -149,7 +149,7 @@
"workflow_node.deploy.form.aliyun_clb_listener_port.tooltip": "这是什么?请参阅 https://slb.console.aliyun.com/clb",
"workflow_node.deploy.form.aliyun_clb_snidomain.label": "阿里云 CLB 扩展域名(可选)",
"workflow_node.deploy.form.aliyun_clb_snidomain.placeholder": "请输入阿里云 CLB 扩展域名(支持泛域名)",
- "workflow_node.deploy.form.aliyun_clb_snidomain.tooltip": "这是什么?请参阅 https://slb.console.aliyun.com/clb
不填写时,将替换监听器的默认证书。",
+ "workflow_node.deploy.form.aliyun_clb_snidomain.tooltip": "这是什么?请参阅 https://slb.console.aliyun.com/clb
不填写时,将替换监听器的默认证书;否则,将替换扩展域名证书。",
"workflow_node.deploy.form.aliyun_cdn_domain.label": "阿里云 CDN 加速域名",
"workflow_node.deploy.form.aliyun_cdn_domain.placeholder": "请输入阿里云 CDN 加速域名(支持泛域名)",
"workflow_node.deploy.form.aliyun_cdn_domain.tooltip": "这是什么?请参阅 https://cdn.console.aliyun.com",
@@ -214,7 +214,7 @@
"workflow_node.deploy.form.aliyun_waf_instance_id.tooltip": "这是什么?请参阅 https://waf.console.aliyun.com
仅支持 CNAME 接入。",
"workflow_node.deploy.form.aliyun_waf_domain.label": "阿里云 WAF 接入域名(可选)",
"workflow_node.deploy.form.aliyun_waf_domain.placeholder": "请输入阿里云 WAF 接入域名(支持泛域名)",
- "workflow_node.deploy.form.aliyun_waf_domain.tooltip": "这是什么?请参阅 waf.console.aliyun.com
不填写时,将替换实例的默认证书。",
+ "workflow_node.deploy.form.aliyun_waf_domain.tooltip": "这是什么?请参阅 waf.console.aliyun.com
不填写时,将替换实例的默认证书;否则,将替换扩展域名证书。",
"workflow_node.deploy.form.aws_acm_region.label": "AWS ACM 服务区域",
"workflow_node.deploy.form.aws_acm_region.placeholder": "请输入 AWS ACM 服务区域(例如:us-east-1)",
"workflow_node.deploy.form.aws_acm_region.tooltip": "这是什么?请参阅 https://docs.aws.amazon.com/zh_cn/general/latest/gr/rande.html#regional-endpoints",
@@ -242,7 +242,7 @@
"workflow_node.deploy.form.baiducloud_appblb_listener_port.tooltip": "这是什么?请参阅 https://console.bce.baidu.com/blb/#/appblb/list",
"workflow_node.deploy.form.baiducloud_appblb_snidomain.label": "百度智能云 BLB 扩展域名(可选)",
"workflow_node.deploy.form.baiducloud_appblb_snidomain.placeholder": "请输入百度智能云 BLB 扩展域名(支持泛域名)",
- "workflow_node.deploy.form.baiducloud_appblb_snidomain.tooltip": "这是什么?请参阅 https://console.bce.baidu.com/blb/#/appblb/list
不填写时,将替换监听器的默认证书。",
+ "workflow_node.deploy.form.baiducloud_appblb_snidomain.tooltip": "这是什么?请参阅 https://console.bce.baidu.com/blb/#/appblb/list
不填写时,将替换监听器的默认证书;否则,将替换扩展域名证书。",
"workflow_node.deploy.form.baiducloud_blb_resource_type.label": "证书替换方式",
"workflow_node.deploy.form.baiducloud_blb_resource_type.placeholder": "请选择证书替换方式",
"workflow_node.deploy.form.baiducloud_blb_resource_type.option.loadbalancer.label": "替换指定负载均衡器下的全部 HTTPS/SSL 监听的证书",
@@ -258,13 +258,16 @@
"workflow_node.deploy.form.baiducloud_blb_listener_port.tooltip": "这是什么?请参阅 https://console.bce.baidu.com/blb/#/blb/list",
"workflow_node.deploy.form.baiducloud_blb_snidomain.label": "百度智能云 BLB 扩展域名(可选)",
"workflow_node.deploy.form.baiducloud_blb_snidomain.placeholder": "请输入百度智能云 BLB 扩展域名(支持泛域名)",
- "workflow_node.deploy.form.baiducloud_blb_snidomain.tooltip": "这是什么?请参阅 https://console.bce.baidu.com/blb/#/blb/list
不填写时,将替换监听器的默认证书。",
+ "workflow_node.deploy.form.baiducloud_blb_snidomain.tooltip": "这是什么?请参阅 https://console.bce.baidu.com/blb/#/blb/list
不填写时,将替换监听器的默认证书;否则,将替换扩展域名证书。",
"workflow_node.deploy.form.baiducloud_cdn_domain.label": "百度智能云 CDN 加速域名",
"workflow_node.deploy.form.baiducloud_cdn_domain.placeholder": "请输入百度智能云 CDN 加速域名(支持泛域名)",
"workflow_node.deploy.form.baiducloud_cdn_domain.tooltip": "这是什么?请参阅 https://console.bce.baidu.com/cdn",
"workflow_node.deploy.form.baishan_cdn_domain.label": "白山云 CDN 加速域名",
"workflow_node.deploy.form.baishan_cdn_domain.placeholder": "请输入白山云 CDN 加速域名(支持泛域名)",
"workflow_node.deploy.form.baishan_cdn_domain.tooltip": "这是什么?请参阅 https://cdnx.console.baishan.com",
+ "workflow_node.deploy.form.baishan_cdn_certificate_id.label": "白山云 CDN 原证书 ID(可选)",
+ "workflow_node.deploy.form.baishan_cdn_certificate_id.placeholder": "请输入白山云 CDN 原证书 ID",
+ "workflow_node.deploy.form.baishan_cdn_certificate_id.tooltip": "这是什么?请参阅 https://cdnx.console.baishan.com/#/cdn/cert
不填写时,将上传新证书;否则,将替换原证书。",
"workflow_node.deploy.form.baotapanel_console_auto_restart.label": "部署后自动重启面板服务",
"workflow_node.deploy.form.baotapanel_site_type.label": "宝塔面板网站类型",
"workflow_node.deploy.form.baotapanel_site_type.placeholder": "请选择宝塔面板网站类型",
@@ -351,7 +354,7 @@
"workflow_node.deploy.form.jdcloud_alb_listener_id.tooltip": "这是什么?请参阅 https://cns-console.jdcloud.com/host/loadBalance/list",
"workflow_node.deploy.form.jdcloud_alb_snidomain.label": "京东云 ALB 扩展域名(可选)",
"workflow_node.deploy.form.jdcloud_alb_snidomain.placeholder": "请输入京东云 ALB 扩展域名(支持泛域名)",
- "workflow_node.deploy.form.jdcloud_alb_snidomain.tooltip": "这是什么?请参阅 https://cns-console.jdcloud.com/host/loadBalance/list
不填写时,将替换监听器的默认证书。",
+ "workflow_node.deploy.form.jdcloud_alb_snidomain.tooltip": "这是什么?请参阅 https://cns-console.jdcloud.com/host/loadBalance/list
不填写时,将替换监听器的默认证书;否则,将替换扩展域名证书。",
"workflow_node.deploy.form.jdcloud_cdn_domain.label": "京东云 CDN 加速域名",
"workflow_node.deploy.form.jdcloud_cdn_domain.placeholder": "请输入京东云 CDN 加速域名(支持泛域名)",
"workflow_node.deploy.form.jdcloud_cdn_domain.tooltip": "这是什么?请参阅 https://cdn-console.jdcloud.com/",
@@ -485,7 +488,7 @@
"workflow_node.deploy.form.tencentcloud_clb_listener_id.tooltip": "这是什么?请参阅 https://console.cloud.tencent.com/clb",
"workflow_node.deploy.form.tencentcloud_clb_snidomain.label": "腾讯云 CLB SNI 域名(可选)",
"workflow_node.deploy.form.tencentcloud_clb_snidomain.placeholder": "请输入腾讯云 CLB SNI 域名",
- "workflow_node.deploy.form.tencentcloud_clb_snidomain.tooltip": "这是什么?请参阅 https://console.cloud.tencent.com/clb
不填写时,将替换监听器的默认证书。",
+ "workflow_node.deploy.form.tencentcloud_clb_snidomain.tooltip": "这是什么?请参阅 https://console.cloud.tencent.com/clb
不填写时,将替换监听器的默认证书;否则,将替换扩展域名证书。",
"workflow_node.deploy.form.tencentcloud_clb_ruledomain.label": "腾讯云 CLB 七层转发规则域名",
"workflow_node.deploy.form.tencentcloud_clb_ruledomain.placeholder": "请输入腾讯云 CLB 七层转发规则域名",
"workflow_node.deploy.form.tencentcloud_clb_ruledomain.tooltip": "这是什么?请参阅 https://console.cloud.tencent.com/clb",
@@ -580,7 +583,7 @@
"workflow_node.deploy.form.volcengine_alb_listener_id.tooltip": "这是什么?请参阅 https://console.volcengine.com/alb",
"workflow_node.deploy.form.volcengine_alb_snidomain.label": "火山引擎 ALB 扩展域名(可选)",
"workflow_node.deploy.form.volcengine_alb_snidomain.placeholder": "请输入火山引擎 ALB 扩展域名(支持泛域名)",
- "workflow_node.deploy.form.volcengine_alb_snidomain.tooltip": "这是什么?请参阅 https://console.volcengine.com/alb
不填写时,将替换监听器的默认证书。",
+ "workflow_node.deploy.form.volcengine_alb_snidomain.tooltip": "这是什么?请参阅 https://console.volcengine.com/alb
不填写时,将替换监听器的默认证书;否则,将替换扩展域名证书。",
"workflow_node.deploy.form.volcengine_cdn_domain.label": "火山引擎 CDN 加速域名",
"workflow_node.deploy.form.volcengine_cdn_domain.placeholder": "请输入火山引擎 CDN 加速域名(支持泛域名)",
"workflow_node.deploy.form.volcengine_cdn_domain.tooltip": "这是什么?请参阅 https://console.volcengine.com/cdn/homepage",