feat: support tencent clb deployment in multiple ways

2025-10-04 21:44:54 +00:00 · 2024-10-31 13:24:43 +08:00
parent 83264a6946
commit 369c146eca
10 changed files with 394 additions and 233 deletions
--- a/internal/deployer/huaweicloud_cdn.go
+++ b/internal/deployer/huaweicloud_cdn.go
@@ -4,7 +4,6 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"time"

 	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/global"
 	hcCdn "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cdn/v2"
@@ -67,6 +66,14 @@ func (d *HuaweiCloudCDNDeployer) GetInfos() []string {
 }

 func (d *HuaweiCloudCDNDeployer) Deploy(ctx context.Context) error {
+	// 上传证书到 SCM
+	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
+	if err != nil {
+		return err
+	}
+
+	d.infos = append(d.infos, toStr("已上传证书", upres))
+
 	// 查询加速域名配置
 	// REF: https://support.huaweicloud.com/api-cdn/ShowDomainFullConfig.html
 	showDomainFullConfigReq := &hcCdnModel.ShowDomainFullConfigRequest{
@@ -85,24 +92,9 @@ func (d *HuaweiCloudCDNDeployer) Deploy(ctx context.Context) error {
 	updateDomainMultiCertificatesReqBodyContent := &hcCdnEx.UpdateDomainMultiCertificatesExRequestBodyContent{}
 	updateDomainMultiCertificatesReqBodyContent.DomainName = d.option.DeployConfig.GetConfigAsString("domain")
 	updateDomainMultiCertificatesReqBodyContent.HttpsSwitch = 1
-	if d.option.DeployConfig.GetConfigAsBool("useSCM") {
-		// 上传证书到 SCM
-		upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
-		if err != nil {
-			return err
-		}
-
-		d.infos = append(d.infos, toStr("已上传证书", upres))
-
-		updateDomainMultiCertificatesReqBodyContent.CertificateType = cast.Int32Ptr(2)
-		updateDomainMultiCertificatesReqBodyContent.SCMCertificateId = cast.StringPtr(upres.CertId)
-		updateDomainMultiCertificatesReqBodyContent.CertName = cast.StringPtr(upres.CertName)
-	} else {
-		updateDomainMultiCertificatesReqBodyContent.CertificateType = cast.Int32Ptr(0)
-		updateDomainMultiCertificatesReqBodyContent.CertName = cast.StringPtr(fmt.Sprintf("certimate-%d", time.Now().UnixMilli()))
-		updateDomainMultiCertificatesReqBodyContent.Certificate = cast.StringPtr(d.option.Certificate.Certificate)
-		updateDomainMultiCertificatesReqBodyContent.PrivateKey = cast.StringPtr(d.option.Certificate.PrivateKey)
-	}
+	updateDomainMultiCertificatesReqBodyContent.CertificateType = cast.Int32Ptr(2)
+	updateDomainMultiCertificatesReqBodyContent.SCMCertificateId = cast.StringPtr(upres.CertId)
+	updateDomainMultiCertificatesReqBodyContent.CertName = cast.StringPtr(upres.CertName)
 	updateDomainMultiCertificatesReqBodyContent = updateDomainMultiCertificatesReqBodyContent.MergeConfig(showDomainFullConfigResp.Configs)
 	updateDomainMultiCertificatesReq := &hcCdnEx.UpdateDomainMultiCertificatesExRequest{
 		Body: &hcCdnEx.UpdateDomainMultiCertificatesExRequestBody{
--- a/internal/deployer/huaweicloud_elb.go
+++ b/internal/deployer/huaweicloud_elb.go
@@ -268,7 +268,7 @@ func (d *HuaweiCloudELBDeployer) deployToLoadbalancer(ctx context.Context) error
 	// 批量更新监听器证书
 	var errs []error
 	for _, hcListenerId := range hcListenerIds {
-		if err := d.updateListenerCertificate(ctx, hcListenerId, upres.CertId); err != nil {
+		if err := d.modifyListenerCertificate(ctx, hcListenerId, upres.CertId); err != nil {
 			errs = append(errs, err)
 		}
 	}
@@ -294,14 +294,14 @@ func (d *HuaweiCloudELBDeployer) deployToListener(ctx context.Context) error {
 	d.infos = append(d.infos, toStr("已上传证书", upres))

 	// 更新监听器证书
-	if err := d.updateListenerCertificate(ctx, hcListenerId, upres.CertId); err != nil {
+	if err := d.modifyListenerCertificate(ctx, hcListenerId, upres.CertId); err != nil {
 		return err
 	}

 	return nil
 }

-func (d *HuaweiCloudELBDeployer) updateListenerCertificate(ctx context.Context, hcListenerId string, hcCertId string) error {
+func (d *HuaweiCloudELBDeployer) modifyListenerCertificate(ctx context.Context, hcListenerId string, hcCertId string) error {
 	// 查询监听器详情
 	// REF: https://support.huaweicloud.com/api-elb/ShowListener.html
 	showListenerReq := &hcElbModel.ShowListenerRequest{
--- a/internal/deployer/tencent_clb.go
+++ b/internal/deployer/tencent_clb.go
@@ -7,6 +7,7 @@ import (
 	"fmt"

 	xerrors "github.com/pkg/errors"
+	tcClb "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/clb/v20180317"
 	"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common"
 	"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile"
 	tcSsl "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl/v20191205"
@@ -25,6 +26,7 @@ type TencentCLBDeployer struct {

 type tencentCLBDeployerSdkClients struct {
 	ssl *tcSsl.Client
+	clb *tcClb.Client
 }

 func NewTencentCLBDeployer(option *DeployerOption) (Deployer, error) {
@@ -69,10 +71,30 @@ func (d *TencentCLBDeployer) GetInfos() []string {
 func (d *TencentCLBDeployer) Deploy(ctx context.Context) error {
 	// TODO: 直接部署方式

-	// 通过 SSL 服务部署到云资源实例
-	err := d.deployToInstanceUseSsl(ctx)
-	if err != nil {
-		return err
+	switch d.option.DeployConfig.GetConfigAsString("resourceType") {
+	case "ssl-deploy":
+		// 通过 SSL 服务部署到云资源实例
+		err := d.deployToInstanceUseSsl(ctx)
+		if err != nil {
+			return err
+		}
+	case "loadbalancer":
+		// 部署到指定负载均衡器
+		if err := d.deployToLoadbalancer(ctx); err != nil {
+			return err
+		}
+	case "listener":
+		// 部署到指定监听器
+		if err := d.deployToListener(ctx); err != nil {
+			return err
+		}
+	case "ruledomain":
+		// 部署到指定七层监听转发规则域名
+		if err := d.deployToRuleDomain(ctx); err != nil {
+			return err
+		}
+	default:
+		return errors.New("unsupported resource type")
 	}

 	return nil
@@ -86,14 +108,20 @@ func (d *TencentCLBDeployer) createSdkClients(secretId, secretKey, region string
 		return nil, err
 	}

+	clbClient, err := tcClb.NewClient(credential, region, profile.NewClientProfile())
+	if err != nil {
+		return nil, err
+	}
+
 	return &tencentCLBDeployerSdkClients{
 		ssl: sslClient,
+		clb: clbClient,
 	}, nil
 }

 func (d *TencentCLBDeployer) deployToInstanceUseSsl(ctx context.Context) error {
-	tcLoadbalancerId := d.option.DeployConfig.GetConfigAsString("clbId")
-	tcListenerId := d.option.DeployConfig.GetConfigAsString("lsnId")
+	tcLoadbalancerId := d.option.DeployConfig.GetConfigAsString("loadbalancerId")
+	tcListenerId := d.option.DeployConfig.GetConfigAsString("listenerId")
 	tcDomain := d.option.DeployConfig.GetConfigAsString("domain")
 	if tcLoadbalancerId == "" {
 		return errors.New("`loadbalancerId` is required")
@@ -132,3 +160,170 @@ func (d *TencentCLBDeployer) deployToInstanceUseSsl(ctx context.Context) error {

 	return nil
 }
+
+func (d *TencentCLBDeployer) deployToLoadbalancer(ctx context.Context) error {
+	tcLoadbalancerId := d.option.DeployConfig.GetConfigAsString("loadbalancerId")
+	tcListenerIds := make([]string, 0)
+	if tcLoadbalancerId == "" {
+		return errors.New("`loadbalancerId` is required")
+	}
+
+	// 查询负载均衡器详细信息
+	// REF: https://cloud.tencent.com/document/api/214/46916
+	describeLoadBalancersDetailReq := tcClb.NewDescribeLoadBalancersDetailRequest()
+	describeLoadBalancersDetailResp, err := d.sdkClients.clb.DescribeLoadBalancersDetail(describeLoadBalancersDetailReq)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'clb.DescribeLoadBalancersDetail'")
+	}
+
+	d.infos = append(d.infos, toStr("已查询到负载均衡详细信息", describeLoadBalancersDetailResp))
+
+	// 查询监听器列表
+	// REF: https://cloud.tencent.com/document/api/214/30686
+	describeListenersReq := tcClb.NewDescribeListenersRequest()
+	describeListenersReq.LoadBalancerId = common.StringPtr(tcLoadbalancerId)
+	describeListenersResp, err := d.sdkClients.clb.DescribeListeners(describeListenersReq)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'clb.DescribeListeners'")
+	} else {
+		if describeListenersResp.Response.Listeners != nil {
+			for _, listener := range describeListenersResp.Response.Listeners {
+				if listener.Protocol == nil || (*listener.Protocol != "HTTPS" && *listener.Protocol != "TCP_SSL" && *listener.Protocol != "QUIC") {
+					continue
+				}
+
+				tcListenerIds = append(tcListenerIds, *listener.ListenerId)
+			}
+		}
+	}
+
+	d.infos = append(d.infos, toStr("已查询到负载均衡器下的监听器", tcListenerIds))
+
+	// 上传证书到 SCM
+	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
+	if err != nil {
+		return err
+	}
+
+	d.infos = append(d.infos, toStr("已上传证书", upres))
+
+	// 批量更新监听器证书
+	var errs []error
+	for _, tcListenerId := range tcListenerIds {
+		if err := d.modifyListenerCertificate(ctx, tcLoadbalancerId, tcListenerId, upres.CertId); err != nil {
+			errs = append(errs, err)
+		}
+	}
+	if len(errs) > 0 {
+		return errors.Join(errs...)
+	}
+
+	return nil
+}
+
+func (d *TencentCLBDeployer) deployToListener(ctx context.Context) error {
+	tcLoadbalancerId := d.option.DeployConfig.GetConfigAsString("loadbalancerId")
+	tcListenerId := d.option.DeployConfig.GetConfigAsString("listenerId")
+	if tcLoadbalancerId == "" {
+		return errors.New("`loadbalancerId` is required")
+	}
+	if tcListenerId == "" {
+		return errors.New("`listenerId` is required")
+	}
+
+	// 上传证书到 SSL
+	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
+	if err != nil {
+		return err
+	}
+
+	d.infos = append(d.infos, toStr("已上传证书", upres))
+
+	// 更新监听器证书
+	if err := d.modifyListenerCertificate(ctx, tcLoadbalancerId, tcListenerId, upres.CertId); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (d *TencentCLBDeployer) deployToRuleDomain(ctx context.Context) error {
+	tcLoadbalancerId := d.option.DeployConfig.GetConfigAsString("loadbalancerId")
+	tcListenerId := d.option.DeployConfig.GetConfigAsString("listenerId")
+	tcDomain := d.option.DeployConfig.GetConfigAsString("domain")
+	if tcLoadbalancerId == "" {
+		return errors.New("`loadbalancerId` is required")
+	}
+	if tcListenerId == "" {
+		return errors.New("`listenerId` is required")
+	}
+	if tcDomain == "" {
+		return errors.New("`domain` is required")
+	}
+
+	// 上传证书到 SSL
+	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
+	if err != nil {
+		return err
+	}
+
+	d.infos = append(d.infos, toStr("已上传证书", upres))
+
+	// 修改负载均衡七层监听器转发规则的域名级别属性
+	// REF: https://cloud.tencent.com/document/api/214/38092
+	modifyDomainAttributesReq := tcClb.NewModifyDomainAttributesRequest()
+	modifyDomainAttributesReq.LoadBalancerId = common.StringPtr(tcLoadbalancerId)
+	modifyDomainAttributesReq.ListenerId = common.StringPtr(tcListenerId)
+	modifyDomainAttributesReq.Domain = common.StringPtr(tcDomain)
+	modifyDomainAttributesReq.Certificate = &tcClb.CertificateInput{
+		SSLMode: common.StringPtr("UNIDIRECTIONAL"),
+		CertId:  common.StringPtr(upres.CertId),
+	}
+	modifyDomainAttributesResp, err := d.sdkClients.clb.ModifyDomainAttributes(modifyDomainAttributesReq)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'clb.ModifyDomainAttributes'")
+	}
+
+	d.infos = append(d.infos, toStr("已修改七层监听器转发规则的域名级别属性", modifyDomainAttributesResp.Response))
+
+	return nil
+}
+
+func (d *TencentCLBDeployer) modifyListenerCertificate(ctx context.Context, tcLoadbalancerId, tcListenerId, tcCertId string) error {
+	// 查询监听器列表
+	// REF: https://cloud.tencent.com/document/api/214/30686
+	describeListenersReq := tcClb.NewDescribeListenersRequest()
+	describeListenersReq.LoadBalancerId = common.StringPtr(tcLoadbalancerId)
+	describeListenersReq.ListenerIds = common.StringPtrs([]string{tcListenerId})
+	describeListenersResp, err := d.sdkClients.clb.DescribeListeners(describeListenersReq)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'clb.DescribeListeners'")
+	}
+	if len(describeListenersResp.Response.Listeners) == 0 {
+		d.infos = append(d.infos, toStr("未找到监听器", nil))
+		return errors.New("listener not found")
+	}
+
+	d.infos = append(d.infos, toStr("已查询到监听器属性", describeListenersResp.Response))
+
+	// 修改监听器属性
+	// REF: https://cloud.tencent.com/document/product/214/30681
+	modifyListenerReq := tcClb.NewModifyListenerRequest()
+	modifyListenerReq.LoadBalancerId = common.StringPtr(tcLoadbalancerId)
+	modifyListenerReq.ListenerId = common.StringPtr(tcListenerId)
+	modifyListenerReq.Certificate = &tcClb.CertificateInput{CertId: common.StringPtr(tcCertId)}
+	if describeListenersResp.Response.Listeners[0].Certificate != nil && describeListenersResp.Response.Listeners[0].Certificate.SSLMode != nil {
+		modifyListenerReq.Certificate.SSLMode = describeListenersResp.Response.Listeners[0].Certificate.SSLMode
+		modifyListenerReq.Certificate.CertCaId = describeListenersResp.Response.Listeners[0].Certificate.CertCaId
+	} else {
+		modifyListenerReq.Certificate.SSLMode = common.StringPtr("UNIDIRECTIONAL")
+	}
+	modifyListenerResp, err := d.sdkClients.clb.ModifyListener(modifyListenerReq)
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'clb.ModifyListener'")
+	}
+
+	d.infos = append(d.infos, toStr("已修改监听器属性", modifyListenerResp.Response))
+
+	return nil
+}