diff --git a/README.md b/README.md
index ebfc8cce..0c9b73a2 100644
--- a/README.md
+++ b/README.md
@@ -114,22 +114,22 @@ make local.run
[展开查看]
-| 提供商 | 备注 |
-| :-------------------------------------- | :------------------------------------------------------------- |
-| 本地部署 | 可部署到本地服务器 |
-| SSH 部署 | 可部署到远程服务器(通过 SSH+SFTP) |
-| Webhook 回调 | 可部署到 Webhook |
-| [Kubernetes](https://kubernetes.io/) | 可部署到 Kubernetes Secret |
-| [阿里云](https://www.aliyun.com/) | 可部署到阿里云 OSS、CDN、DCDN、SLB(CLB/ALB/NLB)、Live 等服务 |
-| [腾讯云](https://cloud.tencent.com/) | 可部署到腾讯云 COS、CDN、ECDN、EdgeOne、CLB、CSS 等服务 |
-| [百度智能云](https://cloud.baidu.com/) | 可部署到百度智能云 CDN 等服务 |
-| [华为云](https://www.huaweicloud.com/) | 可部署到华为云 CDN、ELB 等服务 |
-| [火山引擎](https://www.volcengine.com/) | 可部署到火山引擎 TOS、CDN、DCDN、CLB、Live 等服务 |
-| [七牛云](https://www.qiniu.com/) | 可部署到七牛云 CDN、直播云等服务 |
-| [多吉云](https://www.dogecloud.com/) | 可部署到多吉云 CDN |
-| [BytePlus](https://www.byteplus.com/) | 可部署到 BytePlus CDN 等服务 |
-| [优刻得](https://www.ucloud.cn/) | 可部署到优刻得 US3、UCDN 等服务 |
-| [Edgio](https://edg.io/) | 可部署到 Edgio Applications 等服务 |
+| 提供商 | 备注 |
+| :-------------------------------------- | :------------------------------------------------------------------ |
+| 本地部署 | 可部署到本地服务器 |
+| SSH 部署 | 可部署到远程服务器(通过 SSH+SFTP) |
+| Webhook 回调 | 可部署到 Webhook |
+| [Kubernetes](https://kubernetes.io/) | 可部署到 Kubernetes Secret |
+| [阿里云](https://www.aliyun.com/) | 可部署到阿里云 OSS、CDN、DCDN、SLB(CLB/ALB/NLB)、WAF、Live 等服务 |
+| [腾讯云](https://cloud.tencent.com/) | 可部署到腾讯云 COS、CDN、ECDN、EdgeOne、CLB、CSS 等服务 |
+| [百度智能云](https://cloud.baidu.com/) | 可部署到百度智能云 CDN 等服务 |
+| [华为云](https://www.huaweicloud.com/) | 可部署到华为云 CDN、ELB 等服务 |
+| [火山引擎](https://www.volcengine.com/) | 可部署到火山引擎 TOS、CDN、DCDN、CLB、Live 等服务 |
+| [七牛云](https://www.qiniu.com/) | 可部署到七牛云 CDN、直播云等服务 |
+| [多吉云](https://www.dogecloud.com/) | 可部署到多吉云 CDN |
+| [BytePlus](https://www.byteplus.com/) | 可部署到 BytePlus CDN 等服务 |
+| [优刻得](https://www.ucloud.cn/) | 可部署到优刻得 US3、UCDN 等服务 |
+| [Edgio](https://edg.io/) | 可部署到 Edgio Applications 等服务 |
diff --git a/README_EN.md b/README_EN.md
index 502062c6..b915cb95 100644
--- a/README_EN.md
+++ b/README_EN.md
@@ -113,22 +113,22 @@ The following hosting providers are supported:
[Fold/Unfold to view ...]
-| Provider | Remarks |
-| :---------------------------------------------- | :-------------------------------------------------------------------------- |
-| Local | Supports deployment to local servers |
-| SSH | Supports deployment to remote servers (via SSH+SFTP) |
-| Webhook | Supports deployment to Webhook |
-| [Kubernetes](https://kubernetes.io/) | Supports deployment to Kubernetes Secret |
-| [Alibaba Cloud](https://www.alibabacloud.com/) | Supports deployment to Alibaba Cloud OSS, CDN, DCDN, SLB(CLB/ALB/NLB), Live |
-| [Tencent Cloud](https://www.tencentcloud.com/) | Supports deployment to Tencent Cloud COS, CDN, ECDN, EdgeOne, CLB, CSS |
-| [Baidu AI Cloud](https://intl.cloud.baidu.com/) | Supports deployment to Baidu AI CLoud CDN |
-| [Huawei Cloud](https://www.huaweicloud.com/) | Supports deployment to Huawei Cloud CDN, ELB |
-| [Volcengine](https://www.volcengine.com/) | Supports deployment to Volcengine TOS, CDN, DCDN, CLB, Live |
-| [Qiniu Cloud](https://www.qiniu.com/) | Supports deployment to Qiniu Cloud CDN, Pili |
-| [Doge Cloud](https://www.dogecloud.com/) | Supports deployment to Doge Cloud CDN |
-| [BytePlus](https://www.byteplus.com/) | Supports deployment to BytePlus CDN |
-| [UCloud](https://www.ucloud-global.com/) | Supports deployment to UCloud US3, UCDN |
-| [Edgio](https://edg.io/) | Supports deployment to Edgio Applications |
+| Provider | Remarks |
+| :---------------------------------------------- | :------------------------------------------------------------------------------- |
+| Local | Supports deployment to local servers |
+| SSH | Supports deployment to remote servers (via SSH+SFTP) |
+| Webhook | Supports deployment to Webhook |
+| [Kubernetes](https://kubernetes.io/) | Supports deployment to Kubernetes Secret |
+| [Alibaba Cloud](https://www.alibabacloud.com/) | Supports deployment to Alibaba Cloud OSS, CDN, DCDN, SLB(CLB/ALB/NLB), WAF, Live |
+| [Tencent Cloud](https://www.tencentcloud.com/) | Supports deployment to Tencent Cloud COS, CDN, ECDN, EdgeOne, CLB, CSS |
+| [Baidu AI Cloud](https://intl.cloud.baidu.com/) | Supports deployment to Baidu AI CLoud CDN |
+| [Huawei Cloud](https://www.huaweicloud.com/) | Supports deployment to Huawei Cloud CDN, ELB |
+| [Volcengine](https://www.volcengine.com/) | Supports deployment to Volcengine TOS, CDN, DCDN, CLB, Live |
+| [Qiniu Cloud](https://www.qiniu.com/) | Supports deployment to Qiniu Cloud CDN, Pili |
+| [Doge Cloud](https://www.dogecloud.com/) | Supports deployment to Doge Cloud CDN |
+| [BytePlus](https://www.byteplus.com/) | Supports deployment to BytePlus CDN |
+| [UCloud](https://www.ucloud-global.com/) | Supports deployment to UCloud US3, UCDN |
+| [Edgio](https://edg.io/) | Supports deployment to Edgio Applications |
diff --git a/go.mod b/go.mod
index 04da51d9..2834a7cc 100644
--- a/go.mod
+++ b/go.mod
@@ -57,6 +57,8 @@ require (
github.com/alibabacloud-go/tea-oss-sdk v1.1.3 // indirect
github.com/alibabacloud-go/tea-oss-utils v1.1.0 // indirect
github.com/alibabacloud-go/tea-utils/v2 v2.0.7 // indirect
+ github.com/alibabacloud-go/waf-openapi-20211001 v1.0.0 // indirect
+ github.com/alibabacloud-go/waf-openapi-20211001/v5 v5.0.4 // indirect
github.com/aws/aws-sdk-go-v2/service/route53 v1.48.1 // indirect
github.com/blinkbean/dingtalk v1.1.3 // indirect
github.com/emicklei/go-restful/v3 v3.12.1 // indirect
diff --git a/go.sum b/go.sum
index 831e78c0..570c46ab 100644
--- a/go.sum
+++ b/go.sum
@@ -123,6 +123,7 @@ github.com/alibabacloud-go/darabonba-encode-util v0.0.2 h1:1uJGrbsGEVqWcWxrS9MyC
github.com/alibabacloud-go/darabonba-encode-util v0.0.2/go.mod h1:JiW9higWHYXm7F4PKuMgEUETNZasrDM6vqVr/Can7H8=
github.com/alibabacloud-go/darabonba-map v0.0.2 h1:qvPnGB4+dJbJIxOOfawxzF3hzMnIpjmafa0qOTp6udc=
github.com/alibabacloud-go/darabonba-map v0.0.2/go.mod h1:28AJaX8FOE/ym8OUFWga+MtEzBunJwQGceGQlvaPGPc=
+github.com/alibabacloud-go/darabonba-openapi v0.1.18/go.mod h1:PB4HffMhJVmAgNKNq3wYbTUlFvPgxJpTzd1F5pTuUsc=
github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.0/go.mod h1:5JHVmnHvGzR2wNdgaW1zDLQG8kOC4Uec8ubkMogW7OQ=
github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.2/go.mod h1:5JHVmnHvGzR2wNdgaW1zDLQG8kOC4Uec8ubkMogW7OQ=
github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.5/go.mod h1:kUe8JqFmoVU7lfBauaDD5taFaW7mBI+xVsyHutYtabg=
@@ -130,6 +131,7 @@ github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.10 h1:GEYkMApgpKEVDn6z12DcH
github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.10/go.mod h1:26a14FGhZVELuz2cc2AolvW4RHmIO3/HRwsdHhaIPDE=
github.com/alibabacloud-go/darabonba-signature-util v0.0.7 h1:UzCnKvsjPFzApvODDNEYqBHMFt1w98wC7FOo0InLyxg=
github.com/alibabacloud-go/darabonba-signature-util v0.0.7/go.mod h1:oUzCYV2fcCH797xKdL6BDH8ADIHlzrtKVjeRtunBNTQ=
+github.com/alibabacloud-go/darabonba-string v1.0.0/go.mod h1:93cTfV3vuPhhEwGGpKKqhVW4jLe7tDpo3LUM0i0g6mA=
github.com/alibabacloud-go/darabonba-string v1.0.2 h1:E714wms5ibdzCqGeYJ9JCFywE5nDyvIXIIQbZVFkkqo=
github.com/alibabacloud-go/darabonba-string v1.0.2/go.mod h1:93cTfV3vuPhhEwGGpKKqhVW4jLe7tDpo3LUM0i0g6mA=
github.com/alibabacloud-go/dcdn-20180115/v3 v3.5.0 h1:EQmKhYju6y38kJ1ZvZROeJG2Q1Wk6hlc8KQrVhvGyaw=
@@ -173,6 +175,7 @@ github.com/alibabacloud-go/tea-oss-utils v1.1.0 h1:y65crjjcZ2Pbb6UZtC2deuIZHDVTS
github.com/alibabacloud-go/tea-oss-utils v1.1.0/go.mod h1:PFCF12e9yEKyBUIn7X1IrF/pNjvxgkHy0CgxX4+xRuY=
github.com/alibabacloud-go/tea-utils v1.3.1/go.mod h1:EI/o33aBfj3hETm4RLiAxF/ThQdSngxrpF8rKUDJjPE=
github.com/alibabacloud-go/tea-utils v1.3.6/go.mod h1:EI/o33aBfj3hETm4RLiAxF/ThQdSngxrpF8rKUDJjPE=
+github.com/alibabacloud-go/tea-utils v1.4.3/go.mod h1:KNcT0oXlZZxOXINnZBs6YvgOd5aYp9U67G+E3R8fcQw=
github.com/alibabacloud-go/tea-utils v1.4.5 h1:h0/6Xd2f3bPE4XHTvkpjwxowIwRCJAJOqY6Eq8f3zfA=
github.com/alibabacloud-go/tea-utils v1.4.5/go.mod h1:KNcT0oXlZZxOXINnZBs6YvgOd5aYp9U67G+E3R8fcQw=
github.com/alibabacloud-go/tea-utils/v2 v2.0.0/go.mod h1:U5MTY10WwlquGPS34DOeomUGBB0gXbLueiq5Trwu0C4=
@@ -186,6 +189,10 @@ github.com/alibabacloud-go/tea-xml v1.1.1/go.mod h1:Rq08vgCcCAjHyRi/M7xlHKUykZCE
github.com/alibabacloud-go/tea-xml v1.1.2/go.mod h1:Rq08vgCcCAjHyRi/M7xlHKUykZCEtyBy9+DPF6GgEu8=
github.com/alibabacloud-go/tea-xml v1.1.3 h1:7LYnm+JbOq2B+T/B0fHC4Ies4/FofC4zHzYtqw7dgt0=
github.com/alibabacloud-go/tea-xml v1.1.3/go.mod h1:Rq08vgCcCAjHyRi/M7xlHKUykZCEtyBy9+DPF6GgEu8=
+github.com/alibabacloud-go/waf-openapi-20211001 v1.0.0 h1:CJ2vCd/wy3AVDIEkJdD5TJ7urzbbu9+9ruQ9V+WunN4=
+github.com/alibabacloud-go/waf-openapi-20211001 v1.0.0/go.mod h1:UJvk4Yr8upLmocsvWY1GYJGCQ41A8ea8tfaRqV0itBY=
+github.com/alibabacloud-go/waf-openapi-20211001/v5 v5.0.4 h1:Od0KgA73DyG9X2XFwuZZTkDv2pzA6B5mhYapyyca6QE=
+github.com/alibabacloud-go/waf-openapi-20211001/v5 v5.0.4/go.mod h1:DohGoS8BnMxHXghHebtjPP7+GMdxPsRN19T3nn2HcCU=
github.com/aliyun/alibaba-cloud-sdk-go v1.63.83 h1:YBkf7H5CSgrlb3C1aWcpDt7Vk8UEGFPeD2OOirtt6IM=
github.com/aliyun/alibaba-cloud-sdk-go v1.63.83/go.mod h1:SOSDHfe1kX91v3W5QiBsWSLqeLxImobbMX1mxrFHsVQ=
github.com/aliyun/aliyun-oss-go-sdk v3.0.2+incompatible h1:8psS8a+wKfiLt1iVDX79F7Y6wUM49Lcha2FMXt4UM8g=
@@ -284,6 +291,7 @@ github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6D
github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I=
github.com/clbanning/mxj v1.8.4/go.mod h1:BVjHeAH+rl9rs6f+QIpeRl0tfu10SXn1pUSa5PVGJng=
github.com/clbanning/mxj/v2 v2.5.5/go.mod h1:hNiWqW14h+kc+MdF9C6/YoRfjEJoR3ou6tn/Qo+ve2s=
+github.com/clbanning/mxj/v2 v2.5.6/go.mod h1:hNiWqW14h+kc+MdF9C6/YoRfjEJoR3ou6tn/Qo+ve2s=
github.com/clbanning/mxj/v2 v2.7.0 h1:WA/La7UGCanFe5NpHF0Q3DNtnCsVoxbPKuyBNHWRyME=
github.com/clbanning/mxj/v2 v2.7.0/go.mod h1:hNiWqW14h+kc+MdF9C6/YoRfjEJoR3ou6tn/Qo+ve2s=
github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
diff --git a/internal/deployer/providers.go b/internal/deployer/providers.go
index 4b525b47..fb4d10c6 100644
--- a/internal/deployer/providers.go
+++ b/internal/deployer/providers.go
@@ -12,6 +12,7 @@ import (
providerAliyunLive "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aliyun-live"
providerAliyunNLB "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aliyun-nlb"
providerAliyunOSS "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aliyun-oss"
+ providerAliyunWAF "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aliyun-waf"
providerBaiduCloudCDN "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/baiducloud-cdn"
providerBytePlusCDN "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/byteplus-cdn"
providerDogeCDN "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/dogecloud-cdn"
@@ -49,7 +50,7 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, logger.Logger,
NOTICE: If you add new constant, please keep ASCII order.
*/
switch options.Provider {
- case domain.DeployProviderTypeAliyunALB, domain.DeployProviderTypeAliyunCDN, domain.DeployProviderTypeAliyunCLB, domain.DeployProviderTypeAliyunDCDN, domain.DeployProviderTypeAliyunLive, domain.DeployProviderTypeAliyunNLB, domain.DeployProviderTypeAliyunOSS:
+ case domain.DeployProviderTypeAliyunALB, domain.DeployProviderTypeAliyunCDN, domain.DeployProviderTypeAliyunCLB, domain.DeployProviderTypeAliyunDCDN, domain.DeployProviderTypeAliyunLive, domain.DeployProviderTypeAliyunNLB, domain.DeployProviderTypeAliyunOSS, domain.DeployProviderTypeAliyunWAF:
{
access := domain.AccessConfigForAliyun{}
if err := maps.Decode(options.ProviderAccessConfig, &access); err != nil {
@@ -127,6 +128,15 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, logger.Logger,
}, logger)
return deployer, logger, err
+ case domain.DeployProviderTypeAliyunWAF:
+ deployer, err := providerAliyunWAF.NewWithLogger(&providerAliyunWAF.AliyunWAFDeployerConfig{
+ AccessKeyId: access.AccessKeyId,
+ AccessKeySecret: access.AccessKeySecret,
+ Region: maps.GetValueAsString(options.ProviderDeployConfig, "region"),
+ InstanceId: maps.GetValueAsString(options.ProviderDeployConfig, "instanceId"),
+ }, logger)
+ return deployer, logger, err
+
default:
break
}
diff --git a/internal/domain/provider.go b/internal/domain/provider.go
index c780b934..ea950bbd 100644
--- a/internal/domain/provider.go
+++ b/internal/domain/provider.go
@@ -85,6 +85,7 @@ const (
DeployProviderTypeAliyunLive = DeployProviderType("aliyun-live")
DeployProviderTypeAliyunNLB = DeployProviderType("aliyun-nlb")
DeployProviderTypeAliyunOSS = DeployProviderType("aliyun-oss")
+ DeployProviderTypeAliyunWAF = DeployProviderType("aliyun-waf")
DeployProviderTypeBaiduCloudCDN = DeployProviderType("baiducloud-cdn")
DeployProviderTypeBytePlusCDN = DeployProviderType("byteplus-cdn")
DeployProviderTypeDogeCloudCDN = DeployProviderType("dogecloud-cdn")
diff --git a/internal/pkg/core/deployer/providers/aliyun-alb/aliyun_alb.go b/internal/pkg/core/deployer/providers/aliyun-alb/aliyun_alb.go
index 355f4c0b..072f4a74 100644
--- a/internal/pkg/core/deployer/providers/aliyun-alb/aliyun_alb.go
+++ b/internal/pkg/core/deployer/providers/aliyun-alb/aliyun_alb.go
@@ -73,22 +73,7 @@ func NewWithLogger(config *AliyunALBDeployerConfig, logger logger.Logger) (*Aliy
return nil, xerrors.Wrap(err, "failed to create sdk clients")
}
- aliyunCasRegion := config.Region
- if aliyunCasRegion != "" {
- // 阿里云 CAS 服务接入点是独立于 ALB 服务的
- // 国内版固定接入点:华东一杭州
- // 国际版固定接入点:亚太东南一新加坡
- if !strings.HasPrefix(aliyunCasRegion, "cn-") {
- aliyunCasRegion = "ap-southeast-1"
- } else {
- aliyunCasRegion = "cn-hangzhou"
- }
- }
- uploader, err := providerCas.New(&providerCas.AliyunCASUploaderConfig{
- AccessKeyId: config.AccessKeyId,
- AccessKeySecret: config.AccessKeySecret,
- Region: aliyunCasRegion,
- })
+ uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.Region)
if err != nil {
return nil, xerrors.Wrap(err, "failed to create ssl uploader")
}
@@ -446,3 +431,24 @@ func createSdkClients(accessKeyId, accessKeySecret, region string) (*wSdkClients
cas: casClient,
}, nil
}
+
+func createSslUploader(accessKeyId, accessKeySecret, region string) (uploader.Uploader, error) {
+ casRegion := region
+ if casRegion != "" {
+ // 阿里云 CAS 服务接入点是独立于 ALB 服务的
+ // 国内版固定接入点:华东一杭州
+ // 国际版固定接入点:亚太东南一新加坡
+ if casRegion != "" && !strings.HasPrefix(casRegion, "cn-") {
+ casRegion = "ap-southeast-1"
+ } else {
+ casRegion = "cn-hangzhou"
+ }
+ }
+
+ uploader, err := providerCas.New(&providerCas.AliyunCASUploaderConfig{
+ AccessKeyId: accessKeyId,
+ AccessKeySecret: accessKeySecret,
+ Region: casRegion,
+ })
+ return uploader, err
+}
diff --git a/internal/pkg/core/deployer/providers/aliyun-nlb/aliyun_nlb.go b/internal/pkg/core/deployer/providers/aliyun-nlb/aliyun_nlb.go
index 2b273bc2..35286919 100644
--- a/internal/pkg/core/deployer/providers/aliyun-nlb/aliyun_nlb.go
+++ b/internal/pkg/core/deployer/providers/aliyun-nlb/aliyun_nlb.go
@@ -61,22 +61,7 @@ func NewWithLogger(config *AliyunNLBDeployerConfig, logger logger.Logger) (*Aliy
return nil, xerrors.Wrap(err, "failed to create sdk client")
}
- aliyunCasRegion := config.Region
- if aliyunCasRegion != "" {
- // 阿里云 CAS 服务接入点是独立于 NLB 服务的
- // 国内版固定接入点:华东一杭州
- // 国际版固定接入点:亚太东南一新加坡
- if !strings.HasPrefix(aliyunCasRegion, "cn-") {
- aliyunCasRegion = "ap-southeast-1"
- } else {
- aliyunCasRegion = "cn-hangzhou"
- }
- }
- uploader, err := providerCas.New(&providerCas.AliyunCASUploaderConfig{
- AccessKeyId: config.AccessKeyId,
- AccessKeySecret: config.AccessKeySecret,
- Region: aliyunCasRegion,
- })
+ uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.Region)
if err != nil {
return nil, xerrors.Wrap(err, "failed to create ssl uploader")
}
@@ -249,3 +234,24 @@ func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliyunNlb.Cl
return client, nil
}
+
+func createSslUploader(accessKeyId, accessKeySecret, region string) (uploader.Uploader, error) {
+ casRegion := region
+ if casRegion != "" {
+ // 阿里云 CAS 服务接入点是独立于 NLB 服务的
+ // 国内版固定接入点:华东一杭州
+ // 国际版固定接入点:亚太东南一新加坡
+ if casRegion != "" && !strings.HasPrefix(casRegion, "cn-") {
+ casRegion = "ap-southeast-1"
+ } else {
+ casRegion = "cn-hangzhou"
+ }
+ }
+
+ uploader, err := providerCas.New(&providerCas.AliyunCASUploaderConfig{
+ AccessKeyId: accessKeyId,
+ AccessKeySecret: accessKeySecret,
+ Region: casRegion,
+ })
+ return uploader, err
+}
diff --git a/internal/pkg/core/deployer/providers/aliyun-waf/aliyun_waf.go b/internal/pkg/core/deployer/providers/aliyun-waf/aliyun_waf.go
new file mode 100644
index 00000000..58289fc2
--- /dev/null
+++ b/internal/pkg/core/deployer/providers/aliyun-waf/aliyun_waf.go
@@ -0,0 +1,150 @@
+package aliyunwaf
+
+import (
+ "context"
+ "errors"
+ "fmt"
+ "strings"
+
+ aliyunOpen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
+ "github.com/alibabacloud-go/tea/tea"
+ aliyunWaf "github.com/alibabacloud-go/waf-openapi-20211001/v5/client"
+ xerrors "github.com/pkg/errors"
+
+ "github.com/usual2970/certimate/internal/pkg/core/deployer"
+ "github.com/usual2970/certimate/internal/pkg/core/logger"
+ "github.com/usual2970/certimate/internal/pkg/core/uploader"
+ providerCas "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/aliyun-cas"
+)
+
+type AliyunWAFDeployerConfig struct {
+ // 阿里云 AccessKeyId。
+ AccessKeyId string `json:"accessKeyId"`
+ // 阿里云 AccessKeySecret。
+ AccessKeySecret string `json:"accessKeySecret"`
+ // 阿里云地域。
+ Region string `json:"region"`
+ // 阿里云 WAF 实例 ID。
+ InstanceId string `json:"instanceId"`
+}
+
+type AliyunWAFDeployer struct {
+ config *AliyunWAFDeployerConfig
+ logger logger.Logger
+ sdkClient *aliyunWaf.Client
+ sslUploader uploader.Uploader
+}
+
+var _ deployer.Deployer = (*AliyunWAFDeployer)(nil)
+
+func New(config *AliyunWAFDeployerConfig) (*AliyunWAFDeployer, error) {
+ return NewWithLogger(config, logger.NewNilLogger())
+}
+
+func NewWithLogger(config *AliyunWAFDeployerConfig, logger logger.Logger) (*AliyunWAFDeployer, error) {
+ if config == nil {
+ return nil, errors.New("config is nil")
+ }
+
+ if logger == nil {
+ return nil, errors.New("logger is nil")
+ }
+
+ client, err := createSdkClient(config.AccessKeyId, config.AccessKeySecret, config.Region)
+ if err != nil {
+ return nil, xerrors.Wrap(err, "failed to create sdk client")
+ }
+
+ uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.Region)
+ if err != nil {
+ return nil, xerrors.Wrap(err, "failed to create ssl uploader")
+ }
+
+ return &AliyunWAFDeployer{
+ logger: logger,
+ config: config,
+ sdkClient: client,
+ sslUploader: uploader,
+ }, nil
+}
+
+func (d *AliyunWAFDeployer) Deploy(ctx context.Context, certPem string, privkeyPem string) (*deployer.DeployResult, error) {
+ if d.config.InstanceId == "" {
+ return nil, errors.New("config `instanceId` is required")
+ }
+
+ // 上传证书到 CAS
+ upres, err := d.sslUploader.Upload(ctx, certPem, privkeyPem)
+ if err != nil {
+ return nil, xerrors.Wrap(err, "failed to upload certificate file")
+ }
+
+ d.logger.Logt("certificate file uploaded", upres)
+
+ // 查询默认 SSL/TLS 设置
+ // REF: https://help.aliyun.com/zh/waf/web-application-firewall-3-0/developer-reference/api-waf-openapi-2021-10-01-describedefaulthttps
+ describeDefaultHttpsReq := &aliyunWaf.DescribeDefaultHttpsRequest{
+ InstanceId: tea.String(d.config.InstanceId),
+ RegionId: tea.String(d.config.Region),
+ }
+ describeDefaultHttpsResp, err := d.sdkClient.DescribeDefaultHttps(describeDefaultHttpsReq)
+ if err != nil {
+ return nil, xerrors.Wrap(err, "failed to execute sdk request 'waf.DescribeDefaultHttps'")
+ }
+
+ d.logger.Logt("已查询到默认 SSL/TLS 设置", describeDefaultHttpsResp)
+
+ // 修改默认 SSL/TLS 设置
+ // REF: https://help.aliyun.com/zh/waf/web-application-firewall-3-0/developer-reference/api-waf-openapi-2021-10-01-modifydefaulthttps
+ modifyDefaultHttpsReq := &aliyunWaf.ModifyDefaultHttpsRequest{
+ InstanceId: tea.String(d.config.InstanceId),
+ RegionId: tea.String(d.config.Region),
+ CertId: tea.String(upres.CertId),
+ TLSVersion: describeDefaultHttpsResp.Body.DefaultHttps.TLSVersion,
+ EnableTLSv3: describeDefaultHttpsResp.Body.DefaultHttps.EnableTLSv3,
+ }
+ modifyDefaultHttpsResp, err := d.sdkClient.ModifyDefaultHttps(modifyDefaultHttpsReq)
+ if err != nil {
+ return nil, xerrors.Wrap(err, "failed to execute sdk request 'waf.ModifyDefaultHttps'")
+ }
+
+ d.logger.Logt("已修改默认 SSL/TLS 设置", modifyDefaultHttpsResp)
+
+ return &deployer.DeployResult{}, nil
+}
+
+func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliyunWaf.Client, error) {
+ config := &aliyunOpen.Config{
+ AccessKeyId: tea.String(accessKeyId),
+ AccessKeySecret: tea.String(accessKeySecret),
+ Endpoint: tea.String(fmt.Sprintf("wafopenapi.%s.aliyuncs.com", region)),
+ }
+
+ client, err := aliyunWaf.NewClient(config)
+ if err != nil {
+ return nil, err
+ }
+
+ return client, nil
+}
+
+func createSslUploader(accessKeyId, accessKeySecret, region string) (uploader.Uploader, error) {
+ casRegion := region
+ if casRegion != "" {
+ // 阿里云 CAS 服务接入点是独立于 WAF 服务的
+ // 国内版固定接入点:华东一杭州
+ // 国际版固定接入点:亚太东南一新加坡
+ if casRegion != "" && !strings.HasPrefix(casRegion, "cn-") {
+ casRegion = "ap-southeast-1"
+ } else {
+ casRegion = "cn-hangzhou"
+ }
+ }
+
+ uploader, err := providerCas.New(&providerCas.AliyunCASUploaderConfig{
+ AccessKeyId: accessKeyId,
+ AccessKeySecret: accessKeySecret,
+ Region: casRegion,
+ })
+ return uploader, err
+}
diff --git a/internal/pkg/core/deployer/providers/aliyun-waf/aliyun_waf_test.go b/internal/pkg/core/deployer/providers/aliyun-waf/aliyun_waf_test.go
new file mode 100644
index 00000000..2498beca
--- /dev/null
+++ b/internal/pkg/core/deployer/providers/aliyun-waf/aliyun_waf_test.go
@@ -0,0 +1,80 @@
+package aliyunwaf_test
+
+import (
+ "context"
+ "flag"
+ "fmt"
+ "os"
+ "strings"
+ "testing"
+
+ provider "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aliyun-waf"
+)
+
+var (
+ fInputCertPath string
+ fInputKeyPath string
+ fAccessKeyId string
+ fAccessKeySecret string
+ fRegion string
+ fInstanceId string
+)
+
+func init() {
+ argsPrefix := "CERTIMATE_DEPLOYER_ALIYUNWAF_"
+
+ flag.StringVar(&fInputCertPath, argsPrefix+"INPUTCERTPATH", "", "")
+ flag.StringVar(&fInputKeyPath, argsPrefix+"INPUTKEYPATH", "", "")
+ flag.StringVar(&fAccessKeyId, argsPrefix+"ACCESSKEYID", "", "")
+ flag.StringVar(&fAccessKeySecret, argsPrefix+"ACCESSKEYSECRET", "", "")
+ flag.StringVar(&fRegion, argsPrefix+"REGION", "", "")
+ flag.StringVar(&fInstanceId, argsPrefix+"INSTANCEID", "", "")
+}
+
+/*
+Shell command to run this test:
+
+ go test -v ./aliyun_waf_test.go -args \
+ --CERTIMATE_DEPLOYER_ALIYUNWAF_INPUTCERTPATH="/path/to/your-input-cert.pem" \
+ --CERTIMATE_DEPLOYER_ALIYUNWAF_INPUTKEYPATH="/path/to/your-input-key.pem" \
+ --CERTIMATE_DEPLOYER_ALIYUNWAF_ACCESSKEYID="your-access-key-id" \
+ --CERTIMATE_DEPLOYER_ALIYUNWAF_ACCESSKEYSECRET="your-access-key-secret" \
+ --CERTIMATE_DEPLOYER_ALIYUNOSS_REGION="cn-hangzhou" \
+ --CERTIMATE_DEPLOYER_ALIYUNWAF_INSTANCEID="your-waf-instance-id"
+*/
+func TestDeploy(t *testing.T) {
+ flag.Parse()
+
+ t.Run("Deploy", func(t *testing.T) {
+ t.Log(strings.Join([]string{
+ "args:",
+ fmt.Sprintf("INPUTCERTPATH: %v", fInputCertPath),
+ fmt.Sprintf("INPUTKEYPATH: %v", fInputKeyPath),
+ fmt.Sprintf("ACCESSKEYID: %v", fAccessKeyId),
+ fmt.Sprintf("ACCESSKEYSECRET: %v", fAccessKeySecret),
+ fmt.Sprintf("REGION: %v", fRegion),
+ fmt.Sprintf("INSTANCEID: %v", fInstanceId),
+ }, "\n"))
+
+ deployer, err := provider.New(&provider.AliyunWAFDeployerConfig{
+ AccessKeyId: fAccessKeyId,
+ AccessKeySecret: fAccessKeySecret,
+ Region: fRegion,
+ InstanceId: fInstanceId,
+ })
+ if err != nil {
+ t.Errorf("err: %+v", err)
+ return
+ }
+
+ fInputCertData, _ := os.ReadFile(fInputCertPath)
+ fInputKeyData, _ := os.ReadFile(fInputKeyPath)
+ res, err := deployer.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))
+ if err != nil {
+ t.Errorf("err: %+v", err)
+ return
+ }
+
+ t.Logf("ok: %v", res)
+ })
+}
diff --git a/internal/pkg/core/deployer/providers/qiniu-pili/qiniu_pili_test.go b/internal/pkg/core/deployer/providers/qiniu-pili/qiniu_pili_test.go
index 86449ce2..06ef47e4 100644
--- a/internal/pkg/core/deployer/providers/qiniu-pili/qiniu_pili_test.go
+++ b/internal/pkg/core/deployer/providers/qiniu-pili/qiniu_pili_test.go
@@ -34,7 +34,7 @@ func init() {
/*
Shell command to run this test:
- go test -v ./qiniu_cdn_test.go -args \
+ go test -v ./qiniu_pili_test.go -args \
--CERTIMATE_DEPLOYER_QINIUPILI_INPUTCERTPATH="/path/to/your-input-cert.pem" \
--CERTIMATE_DEPLOYER_QINIUPILI_INPUTKEYPATH="/path/to/your-input-key.pem" \
--CERTIMATE_DEPLOYER_QINIUPILI_ACCESSKEY="your-access-key" \
diff --git a/ui/src/components/workflow/node/DeployNodeConfigForm.tsx b/ui/src/components/workflow/node/DeployNodeConfigForm.tsx
index bac8b948..77d110c6 100644
--- a/ui/src/components/workflow/node/DeployNodeConfigForm.tsx
+++ b/ui/src/components/workflow/node/DeployNodeConfigForm.tsx
@@ -22,6 +22,7 @@ import DeployNodeConfigFormAliyunDCDNConfig from "./DeployNodeConfigFormAliyunDC
import DeployNodeConfigFormAliyunLiveConfig from "./DeployNodeConfigFormAliyunLiveConfig";
import DeployNodeConfigFormAliyunNLBConfig from "./DeployNodeConfigFormAliyunNLBConfig";
import DeployNodeConfigFormAliyunOSSConfig from "./DeployNodeConfigFormAliyunOSSConfig";
+import DeployNodeConfigFormAliyunWAFConfig from "./DeployNodeConfigFormAliyunWAFConfig";
import DeployNodeConfigFormBaiduCloudCDNConfig from "./DeployNodeConfigFormBaiduCloudCDNConfig";
import DeployNodeConfigFormBytePlusCDNConfig from "./DeployNodeConfigFormBytePlusCDNConfig";
import DeployNodeConfigFormDogeCloudCDNConfig from "./DeployNodeConfigFormDogeCloudCDNConfig";
@@ -133,6 +134,8 @@ const DeployNodeConfigForm = forwardRef;
case DEPLOY_PROVIDERS.ALIYUN_OSS:
return ;
+ case DEPLOY_PROVIDERS.ALIYUN_WAF:
+ return ;
case DEPLOY_PROVIDERS.BAIDUCLOUD_CDN:
return ;
case DEPLOY_PROVIDERS.BYTEPLUS_CDN:
diff --git a/ui/src/components/workflow/node/DeployNodeConfigFormAliyunWAFConfig.tsx b/ui/src/components/workflow/node/DeployNodeConfigFormAliyunWAFConfig.tsx
new file mode 100644
index 00000000..9794f9fd
--- /dev/null
+++ b/ui/src/components/workflow/node/DeployNodeConfigFormAliyunWAFConfig.tsx
@@ -0,0 +1,79 @@
+import { useTranslation } from "react-i18next";
+import { Form, type FormInstance, Input } from "antd";
+import { createSchemaFieldRule } from "antd-zod";
+import { z } from "zod";
+
+type DeployNodeConfigFormAliyunWAFConfigFieldValues = Nullish<{
+ region: string;
+ instanceId: string;
+}>;
+
+export type DeployNodeConfigFormAliyunWAFConfigProps = {
+ form: FormInstance;
+ formName: string;
+ disabled?: boolean;
+ initialValues?: DeployNodeConfigFormAliyunWAFConfigFieldValues;
+ onValuesChange?: (values: DeployNodeConfigFormAliyunWAFConfigFieldValues) => void;
+};
+
+const initFormModel = (): DeployNodeConfigFormAliyunWAFConfigFieldValues => {
+ return {};
+};
+
+const DeployNodeConfigFormAliyunWAFConfig = ({
+ form: formInst,
+ formName,
+ disabled,
+ initialValues,
+ onValuesChange,
+}: DeployNodeConfigFormAliyunWAFConfigProps) => {
+ const { t } = useTranslation();
+
+ const formSchema = z.object({
+ region: z
+ .string({ message: t("workflow_node.deploy.form.aliyun_waf_region.placeholder") })
+ .nonempty(t("workflow_node.deploy.form.aliyun_waf_region.placeholder"))
+ .trim(),
+ instanceId: z
+ .string({ message: t("workflow_node.deploy.form.aliyun_instance_id.placeholder") })
+ .nonempty(t("workflow_node.deploy.form.aliyun_instance_id.placeholder"))
+ .max(64, t("common.errmsg.string_max", { max: 64 }))
+ .trim(),
+ });
+ const formRule = createSchemaFieldRule(formSchema);
+
+ const handleFormChange = (_: unknown, values: z.infer) => {
+ onValuesChange?.(values);
+ };
+
+ return (
+ }
+ >
+
+
+
+ }
+ >
+
+
+
+ );
+};
+
+export default DeployNodeConfigFormAliyunWAFConfig;
diff --git a/ui/src/domain/provider.ts b/ui/src/domain/provider.ts
index a13011be..b6004053 100644
--- a/ui/src/domain/provider.ts
+++ b/ui/src/domain/provider.ts
@@ -174,6 +174,7 @@ export const DEPLOY_PROVIDERS = Object.freeze({
ALIYUN_LIVE: `${ACCESS_PROVIDERS.ALIYUN}-live`,
ALIYUN_NLB: `${ACCESS_PROVIDERS.ALIYUN}-nlb`,
ALIYUN_OSS: `${ACCESS_PROVIDERS.ALIYUN}-oss`,
+ ALIYUN_WAF: `${ACCESS_PROVIDERS.ALIYUN}-waf`,
BAIDUCLOUD_CDN: `${ACCESS_PROVIDERS.BAIDUCLOUD}-cdn`,
BYTEPLUS_CDN: `${ACCESS_PROVIDERS.BYTEPLUS}-cdn`,
DOGECLOUD_CDN: `${ACCESS_PROVIDERS.DOGECLOUD}-cdn`,
@@ -226,6 +227,7 @@ export const deployProvidersMap: Maphttps://oss.console.aliyun.com",
+ "workflow_node.deploy.form.aliyun_waf_region.label": "Alibaba Cloud region",
+ "workflow_node.deploy.form.aliyun_waf_region.placeholder": "Please enter Alibaba Cloud region (e.g. cn-hangzhou)",
+ "workflow_node.deploy.form.aliyun_waf_region.tooltip": "For more information, see https://www.alibabacloud.com/help/en/waf/web-application-firewall-3-0/developer-reference/api-waf-openapi-2021-10-01-endpoint",
+ "workflow_node.deploy.form.aliyun_waf_instance_id.label": "Alibaba Cloud WAF instance ID",
+ "workflow_node.deploy.form.aliyun_waf_instance_id.placeholder": "Please enter Alibaba Cloud WAF instance ID",
+ "workflow_node.deploy.form.aliyun_waf_instance_id.tooltip": "For more information, see https://waf.console.aliyun.com",
"workflow_node.deploy.form.baiducloud_cdn_domain.label": "Baidu Cloud CDN domain",
"workflow_node.deploy.form.baiducloud_cdn_domain.placeholder": "Please enter Baidu Cloud CDN domain name",
"workflow_node.deploy.form.baiducloud_cdn_domain.tooltip": "For more information, see https://console.bce.baidu.com/cdn",
diff --git a/ui/src/i18n/locales/zh/nls.common.json b/ui/src/i18n/locales/zh/nls.common.json
index 48fa3bbc..e7e742b8 100644
--- a/ui/src/i18n/locales/zh/nls.common.json
+++ b/ui/src/i18n/locales/zh/nls.common.json
@@ -45,6 +45,7 @@
"common.provider.aliyun.live": "阿里云 - 视频直播 Live",
"common.provider.aliyun.nlb": "阿里云 - 网络型负载均衡 NLB",
"common.provider.aliyun.oss": "阿里云 - 对象存储 OSS",
+ "common.provider.aliyun.waf": "阿里云 - Web 应用防火墙 WAF",
"common.provider.aws": "AWS",
"common.provider.aws.route53": "AWS - Route53",
"common.provider.azure": "Azure",
diff --git a/ui/src/i18n/locales/zh/nls.workflow.nodes.json b/ui/src/i18n/locales/zh/nls.workflow.nodes.json
index 144c0b58..2d43d042 100644
--- a/ui/src/i18n/locales/zh/nls.workflow.nodes.json
+++ b/ui/src/i18n/locales/zh/nls.workflow.nodes.json
@@ -153,6 +153,12 @@
"workflow_node.deploy.form.aliyun_oss_domain.label": "阿里云 OSS 自定义域名",
"workflow_node.deploy.form.aliyun_oss_domain.placeholder": "请输入阿里云 OSS 自定义域名",
"workflow_node.deploy.form.aliyun_oss_domain.tooltip": "这是什么?请参阅 see https://oss.console.aliyun.com",
+ "workflow_node.deploy.form.aliyun_waf_region.label": "阿里云地域",
+ "workflow_node.deploy.form.aliyun_waf_region.placeholder": "请输入阿里云地域(例如:cn-hangzhou)",
+ "workflow_node.deploy.form.aliyun_waf_region.tooltip": "这是什么?请参阅 https://help.aliyun.com/zh/waf/web-application-firewall-3-0/developer-reference/api-waf-openapi-2021-10-01-endpoint",
+ "workflow_node.deploy.form.aliyun_waf_instance_id.label": "阿里云 WAF 实例 ID",
+ "workflow_node.deploy.form.aliyun_waf_instance_id.placeholder": "请输入阿里云 WAF 实例 ID",
+ "workflow_node.deploy.form.aliyun_waf_instance_id.tooltip": "这是什么?请参阅 https://waf.console.aliyun.com",
"workflow_node.deploy.form.baiducloud_cdn_domain.label": "百度智能云 CDN 加速域名(支持泛域名)",
"workflow_node.deploy.form.baiducloud_cdn_domain.placeholder": "请输入百度智能云 CDN 加速域名",
"workflow_node.deploy.form.baiducloud_cdn_domain.tooltip": "这是什么?请参阅 https://console.bce.baidu.com/cdn
泛域名表示形式为:*.example.com",