diff --git a/go.mod b/go.mod index 0f12bd45..bca64be5 100644 --- a/go.mod +++ b/go.mod @@ -85,6 +85,7 @@ require ( github.com/alibabacloud-go/tea-oss-utils v1.1.0 // indirect github.com/alibabacloud-go/tea-utils/v2 v2.0.7 // indirect github.com/avast/retry-go v3.0.0+incompatible // indirect + github.com/aws/aws-sdk-go-v2/service/iam v1.42.0 // indirect github.com/aws/aws-sdk-go-v2/service/route53 v1.50.0 // indirect github.com/buger/goterm v1.0.4 // indirect github.com/diskfs/go-diskfs v1.5.0 // indirect diff --git a/go.sum b/go.sum index 7bbf5848..404e21e4 100644 --- a/go.sum +++ b/go.sum @@ -235,6 +235,8 @@ github.com/aws/aws-sdk-go-v2/service/acm v1.32.0/go.mod h1:3sKYAgRbuBa2QMYGh/WEc github.com/aws/aws-sdk-go-v2/service/cloudfront v1.46.1 h1:6xZNYtuVwzBs8k+TmraERt0vL68Ppg9aUi+aTQmPaVM= github.com/aws/aws-sdk-go-v2/service/cloudfront v1.46.1/go.mod h1:FIBJ48TS+qJb+Ne4qJ+0NeIhtPTVXItXooTeNeVI4Po= github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.8.1/go.mod h1:CM+19rL1+4dFWnOQKwDc7H1KwXTz+h61oUSHyhV0b3o= +github.com/aws/aws-sdk-go-v2/service/iam v1.42.0 h1:G6+UzGvubaet9QOh0664E9JeT+b6Zvop3AChozRqkrA= +github.com/aws/aws-sdk-go-v2/service/iam v1.42.0/go.mod h1:mPJkGQzeCoPs82ElNILor2JzZgYENr4UaSKUT8K27+c= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3 h1:eAh2A4b5IzM/lum78bZ590jy36+d/aFLgKF/4Vd1xPE= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3/go.mod h1:0yKJC/kb8sAnmlYa6Zs3QVYqaC8ug2AbnNChv5Ox3uA= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.15 h1:dM9/92u2F1JbDaGooxTq18wmmFzbJRfXfVfy96/1CXM= diff --git a/internal/applicant/providers.go b/internal/applicant/providers.go index 98561daf..fbf24742 100644 --- a/internal/applicant/providers.go +++ b/internal/applicant/providers.go @@ -16,6 +16,7 @@ import ( pCloudflare "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/cloudflare" pClouDNS "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/cloudns" pCMCCCloud "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/cmcccloud" + pConstellix "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/constellix" pDeSEC "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/desec" pDigitalOcean "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/digitalocean" pDNSLA "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/dnsla" @@ -38,6 +39,7 @@ import ( pRainYun "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/rainyun" pTencentCloud "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/tencentcloud" pTencentCloudEO "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/tencentcloud-eo" + pUCloudUDNR "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/ucloud-udnr" pVercel "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/vercel" pVolcEngine "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/volcengine" pWestcn "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/westcn" @@ -234,6 +236,22 @@ func createApplicantProvider(options *applicantProviderOptions) (challenge.Provi return applicant, err } + case domain.ACMEDns01ProviderTypeConstellix: + { + access := domain.AccessConfigForConstellix{} + if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil { + return nil, fmt.Errorf("failed to populate provider access config: %w", err) + } + + applicant, err := pConstellix.NewChallengeProvider(&pConstellix.ChallengeProviderConfig{ + ApiKey: access.ApiKey, + SecretKey: access.SecretKey, + DnsPropagationTimeout: options.DnsPropagationTimeout, + DnsTTL: options.DnsTTL, + }) + return applicant, err + } + case domain.ACMEDns01ProviderTypeDeSEC: { access := domain.AccessConfigForDeSEC{} @@ -579,6 +597,22 @@ func createApplicantProvider(options *applicantProviderOptions) (challenge.Provi } } + case domain.ACMEDns01ProviderTypeUCloudUDNR: + { + access := domain.AccessConfigForUCloud{} + if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil { + return nil, fmt.Errorf("failed to populate provider access config: %w", err) + } + + applicant, err := pUCloudUDNR.NewChallengeProvider(&pUCloudUDNR.ChallengeProviderConfig{ + PrivateKey: access.PrivateKey, + PublicKey: access.PublicKey, + DnsPropagationTimeout: options.DnsPropagationTimeout, + DnsTTL: options.DnsTTL, + }) + return applicant, err + } + case domain.ACMEDns01ProviderTypeVercel: { access := domain.AccessConfigForVercel{} diff --git a/internal/deployer/providers.go b/internal/deployer/providers.go index e67c29e0..06239710 100644 --- a/internal/deployer/providers.go +++ b/internal/deployer/providers.go @@ -27,6 +27,7 @@ import ( pAliyunWAF "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aliyun-waf" pAWSACM "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aws-acm" pAWSCloudFront "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aws-cloudfront" + pAWSIAM "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aws-iam" pAzureKeyVault "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/azure-keyvault" pBaiduCloudAppBLB "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/baiducloud-appblb" pBaiduCloudBLB "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/baiducloud-blb" @@ -331,7 +332,7 @@ func createDeployerProvider(options *deployerProviderOptions) (deployer.Deployer } } - case domain.DeploymentProviderTypeAWSACM, domain.DeploymentProviderTypeAWSCloudFront: + case domain.DeploymentProviderTypeAWSACM, domain.DeploymentProviderTypeAWSCloudFront, domain.DeploymentProviderTypeAWSIAM: { access := domain.AccessConfigForAWS{} if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil { @@ -350,10 +351,20 @@ func createDeployerProvider(options *deployerProviderOptions) (deployer.Deployer case domain.DeploymentProviderTypeAWSCloudFront: deployer, err := pAWSCloudFront.NewDeployer(&pAWSCloudFront.DeployerConfig{ + AccessKeyId: access.AccessKeyId, + SecretAccessKey: access.SecretAccessKey, + Region: maputil.GetString(options.ProviderServiceConfig, "region"), + DistributionId: maputil.GetString(options.ProviderServiceConfig, "distributionId"), + CertificateSource: maputil.GetOrDefaultString(options.ProviderServiceConfig, "certificateSource", "ACM"), + }) + return deployer, err + + case domain.DeploymentProviderTypeAWSIAM: + deployer, err := pAWSIAM.NewDeployer(&pAWSIAM.DeployerConfig{ AccessKeyId: access.AccessKeyId, SecretAccessKey: access.SecretAccessKey, Region: maputil.GetString(options.ProviderServiceConfig, "region"), - DistributionId: maputil.GetString(options.ProviderServiceConfig, "distributionId"), + CertificatePath: maputil.GetOrDefaultString(options.ProviderServiceConfig, "certificatePath", "/"), }) return deployer, err @@ -986,6 +997,7 @@ func createDeployerProvider(options *deployerProviderOptions) (deployer.Deployer jumpServers[i] = pSSH.JumpServerConfig{ SshHost: jumpServer.Host, SshPort: jumpServer.Port, + SshAuthMethod: jumpServer.AuthMethod, SshUsername: jumpServer.Username, SshPassword: jumpServer.Password, SshKey: jumpServer.Key, @@ -996,6 +1008,7 @@ func createDeployerProvider(options *deployerProviderOptions) (deployer.Deployer deployer, err := pSSH.NewDeployer(&pSSH.DeployerConfig{ SshHost: access.Host, SshPort: access.Port, + SshAuthMethod: access.AuthMethod, SshUsername: access.Username, SshPassword: access.Password, SshKey: access.Key, diff --git a/internal/domain/access.go b/internal/domain/access.go index 0ed9f0ee..c6071aef 100644 --- a/internal/domain/access.go +++ b/internal/domain/access.go @@ -109,6 +109,11 @@ type AccessConfigForCMCCCloud struct { AccessKeySecret string `json:"accessKeySecret"` } +type AccessConfigForConstellix struct { + ApiKey string `json:"apiKey"` + SecretKey string `json:"secretKey"` +} + type AccessConfigForDeSEC struct { Token string `json:"token"` } @@ -310,14 +315,16 @@ type AccessConfigForSlackBot struct { type AccessConfigForSSH struct { Host string `json:"host"` Port int32 `json:"port"` - Username string `json:"username"` + AuthMethod string `json:"authMethod,omitempty"` + Username string `json:"username,omitempty"` Password string `json:"password,omitempty"` Key string `json:"key,omitempty"` KeyPassphrase string `json:"keyPassphrase,omitempty"` JumpServers []struct { Host string `json:"host"` Port int32 `json:"port"` - Username string `json:"username"` + AuthMethod string `json:"authMethod,omitempty"` + Username string `json:"username,omitempty"` Password string `json:"password,omitempty"` Key string `json:"key,omitempty"` KeyPassphrase string `json:"keyPassphrase,omitempty"` diff --git a/internal/domain/provider.go b/internal/domain/provider.go index 55f8b2af..560b08da 100644 --- a/internal/domain/provider.go +++ b/internal/domain/provider.go @@ -28,6 +28,7 @@ const ( AccessProviderTypeCloudflare = AccessProviderType("cloudflare") AccessProviderTypeClouDNS = AccessProviderType("cloudns") AccessProviderTypeCMCCCloud = AccessProviderType("cmcccloud") + AccessProviderTypeConstellix = AccessProviderType("constellix") AccessProviderTypeCTCCCloud = AccessProviderType("ctcccloud") // 天翼云(预留) AccessProviderTypeCUCCCloud = AccessProviderType("cucccloud") // 联通云(预留) AccessProviderTypeDeSEC = AccessProviderType("desec") @@ -131,6 +132,7 @@ const ( ACMEDns01ProviderTypeCloudflare = ACMEDns01ProviderType(AccessProviderTypeCloudflare) ACMEDns01ProviderTypeClouDNS = ACMEDns01ProviderType(AccessProviderTypeClouDNS) ACMEDns01ProviderTypeCMCCCloud = ACMEDns01ProviderType(AccessProviderTypeCMCCCloud) + ACMEDns01ProviderTypeConstellix = ACMEDns01ProviderType(AccessProviderTypeConstellix) ACMEDns01ProviderTypeDeSEC = ACMEDns01ProviderType(AccessProviderTypeDeSEC) ACMEDns01ProviderTypeDigitalOcean = ACMEDns01ProviderType(AccessProviderTypeDigitalOcean) ACMEDns01ProviderTypeDNSLA = ACMEDns01ProviderType(AccessProviderTypeDNSLA) @@ -156,6 +158,7 @@ const ( ACMEDns01ProviderTypeTencentCloud = ACMEDns01ProviderType(AccessProviderTypeTencentCloud) // 兼容旧值,等同于 [ACMEDns01ProviderTypeTencentCloudDNS] ACMEDns01ProviderTypeTencentCloudDNS = ACMEDns01ProviderType(AccessProviderTypeTencentCloud + "-dns") ACMEDns01ProviderTypeTencentCloudEO = ACMEDns01ProviderType(AccessProviderTypeTencentCloud + "-eo") + ACMEDns01ProviderTypeUCloudUDNR = ACMEDns01ProviderType(AccessProviderTypeUCloud + "-udnr") ACMEDns01ProviderTypeVercel = ACMEDns01ProviderType(AccessProviderTypeVercel) ACMEDns01ProviderTypeVolcEngine = ACMEDns01ProviderType(AccessProviderTypeVolcEngine) // 兼容旧值,等同于 [ACMEDns01ProviderTypeVolcEngineDNS] ACMEDns01ProviderTypeVolcEngineDNS = ACMEDns01ProviderType(AccessProviderTypeVolcEngine + "-dns") @@ -192,6 +195,7 @@ const ( DeploymentProviderTypeAliyunWAF = DeploymentProviderType(AccessProviderTypeAliyun + "-waf") DeploymentProviderTypeAWSACM = DeploymentProviderType(AccessProviderTypeAWS + "-acm") DeploymentProviderTypeAWSCloudFront = DeploymentProviderType(AccessProviderTypeAWS + "-cloudfront") + DeploymentProviderTypeAWSIAM = DeploymentProviderType(AccessProviderTypeAWS + "-iam") DeploymentProviderTypeAzureKeyVault = DeploymentProviderType(AccessProviderTypeAzure + "-keyvault") DeploymentProviderTypeBaiduCloudAppBLB = DeploymentProviderType(AccessProviderTypeBaiduCloud + "-appblb") DeploymentProviderTypeBaiduCloudBLB = DeploymentProviderType(AccessProviderTypeBaiduCloud + "-blb") diff --git a/internal/pkg/core/applicant/acme-dns-01/lego-providers/aliyun-esa/internal/lego.go b/internal/pkg/core/applicant/acme-dns-01/lego-providers/aliyun-esa/internal/lego.go index 5a576af1..43c488f5 100644 --- a/internal/pkg/core/applicant/acme-dns-01/lego-providers/aliyun-esa/internal/lego.go +++ b/internal/pkg/core/applicant/acme-dns-01/lego-providers/aliyun-esa/internal/lego.go @@ -1,9 +1,8 @@ -package lego_aliyunesa +package internal import ( "errors" "fmt" - "strings" "sync" "time" @@ -102,13 +101,13 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error { return fmt.Errorf("alicloud-esa: could not find zone for domain %q: %w", domain, err) } - siteName := strings.TrimRight(authZone, ".") + siteName := dns01.UnFqdn(authZone) siteId, err := d.getSiteId(siteName) if err != nil { return fmt.Errorf("alicloud-esa: could not find site for zone %q: %w", siteName, err) } - if err := d.addOrUpdateDNSRecord(siteId, strings.TrimRight(info.EffectiveFQDN, "."), info.Value); err != nil { + if err := d.addOrUpdateDNSRecord(siteId, dns01.UnFqdn(info.EffectiveFQDN), info.Value); err != nil { return fmt.Errorf("alicloud-esa: %w", err) } @@ -123,13 +122,13 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error { return fmt.Errorf("alicloud-esa: could not find zone for domain %q: %w", domain, err) } - siteName := strings.TrimRight(authZone, ".") + siteName := dns01.UnFqdn(authZone) siteId, err := d.getSiteId(siteName) if err != nil { return fmt.Errorf("alicloud-esa: could not find site for zone %q: %w", siteName, err) } - if err := d.removeDNSRecord(siteId, strings.TrimRight(info.EffectiveFQDN, ".")); err != nil { + if err := d.removeDNSRecord(siteId, dns01.UnFqdn(info.EffectiveFQDN)); err != nil { return fmt.Errorf("alicloud-esa: %w", err) } diff --git a/internal/pkg/core/applicant/acme-dns-01/lego-providers/baiducloud/internal/lego.go b/internal/pkg/core/applicant/acme-dns-01/lego-providers/baiducloud/internal/lego.go index f67662b5..4c66f088 100644 --- a/internal/pkg/core/applicant/acme-dns-01/lego-providers/baiducloud/internal/lego.go +++ b/internal/pkg/core/applicant/acme-dns-01/lego-providers/baiducloud/internal/lego.go @@ -1,4 +1,4 @@ -package lego_baiducloud +package internal import ( "errors" diff --git a/internal/pkg/core/applicant/acme-dns-01/lego-providers/constellix/constellix.go b/internal/pkg/core/applicant/acme-dns-01/lego-providers/constellix/constellix.go new file mode 100644 index 00000000..12e7d615 --- /dev/null +++ b/internal/pkg/core/applicant/acme-dns-01/lego-providers/constellix/constellix.go @@ -0,0 +1,38 @@ +package cloudns + +import ( + "time" + + "github.com/go-acme/lego/v4/challenge" + "github.com/go-acme/lego/v4/providers/dns/constellix" +) + +type ChallengeProviderConfig struct { + ApiKey string `json:"apiKey"` + SecretKey string `json:"secretKey"` + DnsPropagationTimeout int32 `json:"dnsPropagationTimeout,omitempty"` + DnsTTL int32 `json:"dnsTTL,omitempty"` +} + +func NewChallengeProvider(config *ChallengeProviderConfig) (challenge.Provider, error) { + if config == nil { + panic("config is nil") + } + + providerConfig := constellix.NewDefaultConfig() + providerConfig.APIKey = config.ApiKey + providerConfig.SecretKey = config.SecretKey + if config.DnsPropagationTimeout != 0 { + providerConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second + } + if config.DnsTTL != 0 { + providerConfig.TTL = int(config.DnsTTL) + } + + provider, err := constellix.NewDNSProviderConfig(providerConfig) + if err != nil { + return nil, err + } + + return provider, nil +} diff --git a/internal/pkg/core/applicant/acme-dns-01/lego-providers/dnsla/internal/lego.go b/internal/pkg/core/applicant/acme-dns-01/lego-providers/dnsla/internal/lego.go index 87cb6cd9..1063ac5f 100644 --- a/internal/pkg/core/applicant/acme-dns-01/lego-providers/dnsla/internal/lego.go +++ b/internal/pkg/core/applicant/acme-dns-01/lego-providers/dnsla/internal/lego.go @@ -1,4 +1,4 @@ -package lego_dnsla +package internal import ( "errors" diff --git a/internal/pkg/core/applicant/acme-dns-01/lego-providers/dynv6/internal/lego.go b/internal/pkg/core/applicant/acme-dns-01/lego-providers/dynv6/internal/lego.go index 8b33cf9e..36a06ffa 100644 --- a/internal/pkg/core/applicant/acme-dns-01/lego-providers/dynv6/internal/lego.go +++ b/internal/pkg/core/applicant/acme-dns-01/lego-providers/dynv6/internal/lego.go @@ -1,4 +1,4 @@ -package lego_dynv6 +package internal import ( "context" diff --git a/internal/pkg/core/applicant/acme-dns-01/lego-providers/gname/internal/lego.go b/internal/pkg/core/applicant/acme-dns-01/lego-providers/gname/internal/lego.go index 7f1f5670..6bfda830 100644 --- a/internal/pkg/core/applicant/acme-dns-01/lego-providers/gname/internal/lego.go +++ b/internal/pkg/core/applicant/acme-dns-01/lego-providers/gname/internal/lego.go @@ -1,4 +1,4 @@ -package lego_gname +package internal import ( "errors" diff --git a/internal/pkg/core/applicant/acme-dns-01/lego-providers/jdcloud/internal/lego.go b/internal/pkg/core/applicant/acme-dns-01/lego-providers/jdcloud/internal/lego.go index a1851a11..0361c7cb 100644 --- a/internal/pkg/core/applicant/acme-dns-01/lego-providers/jdcloud/internal/lego.go +++ b/internal/pkg/core/applicant/acme-dns-01/lego-providers/jdcloud/internal/lego.go @@ -1,4 +1,4 @@ -package lego_jdcloud +package internal import ( "errors" diff --git a/internal/pkg/core/applicant/acme-dns-01/lego-providers/tencentcloud-eo/internal/lego.go b/internal/pkg/core/applicant/acme-dns-01/lego-providers/tencentcloud-eo/internal/lego.go index 692c42d3..69ad8a80 100644 --- a/internal/pkg/core/applicant/acme-dns-01/lego-providers/tencentcloud-eo/internal/lego.go +++ b/internal/pkg/core/applicant/acme-dns-01/lego-providers/tencentcloud-eo/internal/lego.go @@ -1,10 +1,9 @@ -package lego_tencentcloudeo +package internal import ( "errors" "fmt" "math" - "strings" "time" "github.com/go-acme/lego/v4/challenge" @@ -91,7 +90,7 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) { func (d *DNSProvider) Present(domain, token, keyAuth string) error { info := dns01.GetChallengeInfo(domain, keyAuth) - if err := d.addOrUpdateDNSRecord(strings.TrimRight(info.EffectiveFQDN, "."), info.Value); err != nil { + if err := d.addOrUpdateDNSRecord(dns01.UnFqdn(info.EffectiveFQDN), info.Value); err != nil { return fmt.Errorf("tencentcloud-eo: %w", err) } @@ -101,7 +100,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error { func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error { info := dns01.GetChallengeInfo(domain, keyAuth) - if err := d.removeDNSRecord(strings.TrimRight(info.EffectiveFQDN, ".")); err != nil { + if err := d.removeDNSRecord(dns01.UnFqdn(info.EffectiveFQDN)); err != nil { return fmt.Errorf("tencentcloud-eo: %w", err) } diff --git a/internal/pkg/core/applicant/acme-dns-01/lego-providers/ucloud-udnr/internal/lego.go b/internal/pkg/core/applicant/acme-dns-01/lego-providers/ucloud-udnr/internal/lego.go new file mode 100644 index 00000000..e1be56a4 --- /dev/null +++ b/internal/pkg/core/applicant/acme-dns-01/lego-providers/ucloud-udnr/internal/lego.go @@ -0,0 +1,165 @@ +package internal + +import ( + "errors" + "fmt" + "time" + + "github.com/go-acme/lego/v4/challenge" + "github.com/go-acme/lego/v4/challenge/dns01" + "github.com/go-acme/lego/v4/platform/config/env" + "github.com/ucloud/ucloud-sdk-go/ucloud" + "github.com/ucloud/ucloud-sdk-go/ucloud/auth" + + "github.com/usual2970/certimate/internal/pkg/sdk3rd/ucloud/udnr" +) + +const ( + envNamespace = "UCLOUDUDNR_" + + EnvPublicKey = envNamespace + "PUBLIC_KEY" + EnvPrivateKey = envNamespace + "PRIVATE_KEY" + + EnvTTL = envNamespace + "TTL" + EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT" + EnvPollingInterval = envNamespace + "POLLING_INTERVAL" + EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT" +) + +var _ challenge.ProviderTimeout = (*DNSProvider)(nil) + +type Config struct { + PrivateKey string + PublicKey string + + PropagationTimeout time.Duration + PollingInterval time.Duration + TTL int32 + HTTPTimeout time.Duration +} + +type DNSProvider struct { + client *udnr.UDNRClient + config *Config +} + +func NewDefaultConfig() *Config { + return &Config{ + TTL: int32(env.GetOrDefaultInt(EnvTTL, 300)), + PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, 2*time.Minute), + PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval), + HTTPTimeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second), + } +} + +func NewDNSProvider() (*DNSProvider, error) { + values, err := env.Get(EnvPrivateKey, EnvPublicKey) + if err != nil { + return nil, fmt.Errorf("ucloud-udnr: %w", err) + } + + config := NewDefaultConfig() + config.PrivateKey = values[EnvPrivateKey] + config.PublicKey = values[EnvPublicKey] + + return NewDNSProviderConfig(config) +} + +func NewDNSProviderConfig(config *Config) (*DNSProvider, error) { + if config == nil { + return nil, errors.New("ucloud-udnr: the configuration of the DNS provider is nil") + } + + cfg := ucloud.NewConfig() + credential := auth.NewCredential() + credential.PrivateKey = config.PrivateKey + credential.PublicKey = config.PublicKey + client := udnr.NewClient(&cfg, &credential) + + return &DNSProvider{ + client: client, + config: config, + }, nil +} + +func (d *DNSProvider) Present(domain, token, keyAuth string) error { + info := dns01.GetChallengeInfo(domain, keyAuth) + + authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN) + if err != nil { + return fmt.Errorf("ucloud-udnr: could not find zone for domain %q: %w", domain, err) + } + + subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, authZone) + if err != nil { + return fmt.Errorf("ucloud-udnr: %w", err) + } + + udnrDomainDNSQueryReq := d.client.NewQueryDomainDNSRequest() + udnrDomainDNSQueryReq.Dn = ucloud.String(authZone) + if udnrDomainDNSQueryResp, err := d.client.QueryDomainDNS(udnrDomainDNSQueryReq); err != nil { + return fmt.Errorf("ucloud-udnr: %w", err) + } else { + for _, record := range udnrDomainDNSQueryResp.Data { + if record.DnsType == "TXT" && record.RecordName == subDomain { + udnrDomainDNSDeleteReq := d.client.NewDeleteDomainDNSRequest() + udnrDomainDNSDeleteReq.Dn = ucloud.String(authZone) + udnrDomainDNSDeleteReq.DnsType = ucloud.String(record.DnsType) + udnrDomainDNSDeleteReq.RecordName = ucloud.String(record.RecordName) + udnrDomainDNSDeleteReq.Content = ucloud.String(record.Content) + d.client.DeleteDomainDNS(udnrDomainDNSDeleteReq) + break + } + } + } + + udnrDomainDNSAddReq := d.client.NewAddDomainDNSRequest() + udnrDomainDNSAddReq.Dn = ucloud.String(authZone) + udnrDomainDNSAddReq.DnsType = ucloud.String("TXT") + udnrDomainDNSAddReq.RecordName = ucloud.String(subDomain) + udnrDomainDNSAddReq.Content = ucloud.String(info.Value) + udnrDomainDNSAddReq.TTL = ucloud.Int(int(d.config.TTL)) + if _, err := d.client.AddDomainDNS(udnrDomainDNSAddReq); err != nil { + return fmt.Errorf("ucloud-udnr: %w", err) + } + + return nil +} + +func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error { + info := dns01.GetChallengeInfo(domain, keyAuth) + + authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN) + if err != nil { + return fmt.Errorf("ucloud-udnr: could not find zone for domain %q: %w", domain, err) + } + + subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, authZone) + if err != nil { + return fmt.Errorf("ucloud-udnr: %w", err) + } + + udnrDomainDNSQueryReq := d.client.NewQueryDomainDNSRequest() + udnrDomainDNSQueryReq.Dn = ucloud.String(authZone) + if udnrDomainDNSQueryResp, err := d.client.QueryDomainDNS(udnrDomainDNSQueryReq); err != nil { + return fmt.Errorf("ucloud-udnr: %w", err) + } else { + for _, record := range udnrDomainDNSQueryResp.Data { + if record.DnsType == "TXT" && record.RecordName == subDomain { + udnrDomainDNSDeleteReq := d.client.NewDeleteDomainDNSRequest() + udnrDomainDNSDeleteReq.Dn = ucloud.String(authZone) + udnrDomainDNSDeleteReq.DnsType = ucloud.String(record.DnsType) + udnrDomainDNSDeleteReq.RecordName = ucloud.String(record.RecordName) + udnrDomainDNSDeleteReq.Content = ucloud.String(record.Content) + d.client.DeleteDomainDNS(udnrDomainDNSDeleteReq) + break + } + } + } + + return nil +} + +func (d *DNSProvider) Timeout() (timeout, interval time.Duration) { + return d.config.PropagationTimeout, d.config.PollingInterval +} diff --git a/internal/pkg/core/applicant/acme-dns-01/lego-providers/ucloud-udnr/ucloud_udnr.go b/internal/pkg/core/applicant/acme-dns-01/lego-providers/ucloud-udnr/ucloud_udnr.go new file mode 100644 index 00000000..d1902747 --- /dev/null +++ b/internal/pkg/core/applicant/acme-dns-01/lego-providers/ucloud-udnr/ucloud_udnr.go @@ -0,0 +1,40 @@ +package ucloududnr + +import ( + "errors" + "time" + + "github.com/go-acme/lego/v4/challenge" + + "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/ucloud-udnr/internal" +) + +type ChallengeProviderConfig struct { + PrivateKey string `json:"privateKey"` + PublicKey string `json:"publicKey"` + DnsPropagationTimeout int32 `json:"dnsPropagationTimeout,omitempty"` + DnsTTL int32 `json:"dnsTTL,omitempty"` +} + +func NewChallengeProvider(config *ChallengeProviderConfig) (challenge.Provider, error) { + if config == nil { + return nil, errors.New("config is nil") + } + + providerConfig := internal.NewDefaultConfig() + providerConfig.PrivateKey = config.PrivateKey + providerConfig.PublicKey = config.PublicKey + if config.DnsTTL != 0 { + providerConfig.TTL = config.DnsTTL + } + if config.DnsPropagationTimeout != 0 { + providerConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second + } + + provider, err := internal.NewDNSProviderConfig(providerConfig) + if err != nil { + return nil, err + } + + return provider, nil +} diff --git a/internal/pkg/core/deployer/providers/aws-cloudfront/aws_cloudfront.go b/internal/pkg/core/deployer/providers/aws-cloudfront/aws_cloudfront.go index 7ec17044..e5a3f0b2 100644 --- a/internal/pkg/core/deployer/providers/aws-cloudfront/aws_cloudfront.go +++ b/internal/pkg/core/deployer/providers/aws-cloudfront/aws_cloudfront.go @@ -14,7 +14,8 @@ import ( "github.com/usual2970/certimate/internal/pkg/core/deployer" "github.com/usual2970/certimate/internal/pkg/core/uploader" - uploadersp "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/aws-acm" + uploaderspacm "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/aws-acm" + uploaderspiam "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/aws-iam" ) type DeployerConfig struct { @@ -26,6 +27,9 @@ type DeployerConfig struct { Region string `json:"region"` // AWS CloudFront 分配 ID。 DistributionId string `json:"distributionId"` + // AWS CloudFront 证书来源。 + // 可取值 "ACM"、"IAM"。 + CertificateSource string `json:"certificateSource"` } type DeployerProvider struct { @@ -47,13 +51,28 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) { return nil, fmt.Errorf("failed to create sdk client: %w", err) } - uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{ - AccessKeyId: config.AccessKeyId, - SecretAccessKey: config.SecretAccessKey, - Region: config.Region, - }) - if err != nil { - return nil, fmt.Errorf("failed to create ssl uploader: %w", err) + var uploader uploader.Uploader + if config.CertificateSource == "ACM" { + uploader, err = uploaderspacm.NewUploader(&uploaderspacm.UploaderConfig{ + AccessKeyId: config.AccessKeyId, + SecretAccessKey: config.SecretAccessKey, + Region: config.Region, + }) + if err != nil { + return nil, fmt.Errorf("failed to create ssl uploader: %w", err) + } + } else if config.CertificateSource == "IAM" { + uploader, err = uploaderspiam.NewUploader(&uploaderspiam.UploaderConfig{ + AccessKeyId: config.AccessKeyId, + SecretAccessKey: config.SecretAccessKey, + Region: config.Region, + CertificatePath: "/cloudfront/", + }) + if err != nil { + return nil, fmt.Errorf("failed to create ssl uploader: %w", err) + } + } else { + return nil, fmt.Errorf("unsupported certificate source: '%s'", config.CertificateSource) } return &DeployerProvider{ @@ -79,7 +98,7 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPE return nil, errors.New("config `distribuitionId` is required") } - // 上传证书到 ACM + // 上传证书到 ACM/IAM upres, err := d.sslUploader.Upload(ctx, certPEM, privkeyPEM) if err != nil { return nil, fmt.Errorf("failed to upload certificate file: %w", err) @@ -109,7 +128,19 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPE updateDistributionReq.DistributionConfig.ViewerCertificate = &types.ViewerCertificate{} } updateDistributionReq.DistributionConfig.ViewerCertificate.CloudFrontDefaultCertificate = aws.Bool(false) - updateDistributionReq.DistributionConfig.ViewerCertificate.ACMCertificateArn = aws.String(upres.CertId) + if d.config.CertificateSource == "ACM" { + updateDistributionReq.DistributionConfig.ViewerCertificate.ACMCertificateArn = aws.String(upres.CertId) + updateDistributionReq.DistributionConfig.ViewerCertificate.IAMCertificateId = nil + } else if d.config.CertificateSource == "IAM" { + updateDistributionReq.DistributionConfig.ViewerCertificate.ACMCertificateArn = nil + updateDistributionReq.DistributionConfig.ViewerCertificate.IAMCertificateId = aws.String(upres.CertId) + if updateDistributionReq.DistributionConfig.ViewerCertificate.MinimumProtocolVersion == "" { + updateDistributionReq.DistributionConfig.ViewerCertificate.MinimumProtocolVersion = types.MinimumProtocolVersionTLSv1 + } + if updateDistributionReq.DistributionConfig.ViewerCertificate.SSLSupportMethod == "" { + updateDistributionReq.DistributionConfig.ViewerCertificate.SSLSupportMethod = types.SSLSupportMethodSniOnly + } + } updateDistributionResp, err := d.sdkClient.UpdateDistribution(context.TODO(), updateDistributionReq) d.logger.Debug("sdk request 'cloudfront.UpdateDistribution'", slog.Any("request", updateDistributionReq), slog.Any("response", updateDistributionResp)) if err != nil { diff --git a/internal/pkg/core/deployer/providers/aws-iam/aws_iam.go b/internal/pkg/core/deployer/providers/aws-iam/aws_iam.go new file mode 100644 index 00000000..ef6440d3 --- /dev/null +++ b/internal/pkg/core/deployer/providers/aws-iam/aws_iam.go @@ -0,0 +1,75 @@ +package awsiam + +import ( + "context" + "fmt" + "log/slog" + + "github.com/usual2970/certimate/internal/pkg/core/deployer" + "github.com/usual2970/certimate/internal/pkg/core/uploader" + uploadersp "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/aws-iam" +) + +type DeployerConfig struct { + // AWS AccessKeyId。 + AccessKeyId string `json:"accessKeyId"` + // AWS SecretAccessKey。 + SecretAccessKey string `json:"secretAccessKey"` + // AWS 区域。 + Region string `json:"region"` + // IAM 证书路径。 + // 选填。 + CertificatePath string `json:"certificatePath,omitempty"` +} + +type DeployerProvider struct { + config *DeployerConfig + logger *slog.Logger + sslUploader uploader.Uploader +} + +var _ deployer.Deployer = (*DeployerProvider)(nil) + +func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) { + if config == nil { + panic("config is nil") + } + + uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{ + AccessKeyId: config.AccessKeyId, + SecretAccessKey: config.SecretAccessKey, + Region: config.Region, + CertificatePath: config.CertificatePath, + }) + if err != nil { + return nil, fmt.Errorf("failed to create ssl uploader: %w", err) + } + + return &DeployerProvider{ + config: config, + logger: slog.Default(), + sslUploader: uploader, + }, nil +} + +func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer { + if logger == nil { + d.logger = slog.New(slog.DiscardHandler) + } else { + d.logger = logger + } + d.sslUploader.WithLogger(logger) + return d +} + +func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPEM string) (*deployer.DeployResult, error) { + // 上传证书到 IAM + upres, err := d.sslUploader.Upload(ctx, certPEM, privkeyPEM) + if err != nil { + return nil, fmt.Errorf("failed to upload certificate file: %w", err) + } else { + d.logger.Info("ssl certificate uploaded", slog.Any("result", upres)) + } + + return &deployer.DeployResult{}, nil +} diff --git a/internal/pkg/core/deployer/providers/ssh/ssh.go b/internal/pkg/core/deployer/providers/ssh/ssh.go index a52c355e..782b1332 100644 --- a/internal/pkg/core/deployer/providers/ssh/ssh.go +++ b/internal/pkg/core/deployer/providers/ssh/ssh.go @@ -8,6 +8,7 @@ import ( "net" "os" "path/filepath" + "strings" "github.com/pkg/sftp" "github.com/povsister/scp" @@ -24,7 +25,12 @@ type JumpServerConfig struct { // SSH 端口。 // 零值时默认值 22。 SshPort int32 `json:"sshPort,omitempty"` + // SSH 认证方式。 + // 可取值 "none"、"password"、"key"。 + // 零值时根据有无密码或私钥字段决定。 + SshAuthMethod string `json:"sshAuthMethod,omitempty"` // SSH 登录用户名。 + // 零值时默认值 "root"。 SshUsername string `json:"sshUsername,omitempty"` // SSH 登录密码。 SshPassword string `json:"sshPassword,omitempty"` @@ -41,7 +47,12 @@ type DeployerConfig struct { // SSH 端口。 // 零值时默认值 22。 SshPort int32 `json:"sshPort,omitempty"` + // SSH 认证方式。 + // 可取值 "none"、"password" 或 "key"。 + // 零值时根据有无密码或私钥字段决定。 + SshAuthMethod string `json:"sshAuthMethod,omitempty"` // SSH 登录用户名。 + // 零值时默认值 "root"。 SshUsername string `json:"sshUsername,omitempty"` // SSH 登录密码。 SshPassword string `json:"sshPassword,omitempty"` @@ -141,6 +152,7 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPE jumpConn, jumpServerConf.SshHost, jumpServerConf.SshPort, + jumpServerConf.SshAuthMethod, jumpServerConf.SshUsername, jumpServerConf.SshPassword, jumpServerConf.SshKey, @@ -174,6 +186,7 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPE targetConn, d.config.SshHost, d.config.SshPort, + d.config.SshAuthMethod, d.config.SshUsername, d.config.SshPassword, d.config.SshKey, @@ -262,7 +275,7 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPE return &deployer.DeployResult{}, nil } -func createSshClient(conn net.Conn, host string, port int32, username string, password string, key string, keyPassphrase string) (*ssh.Client, error) { +func createSshClient(conn net.Conn, host string, port int32, authMethod string, username, password, key, keyPassphrase string) (*ssh.Client, error) { if host == "" { host = "localhost" } @@ -271,28 +284,65 @@ func createSshClient(conn net.Conn, host string, port int32, username string, pa port = 22 } - var authMethod ssh.AuthMethod - if key != "" { - var signer ssh.Signer - var err error + if username == "" { + username = "root" + } - if keyPassphrase != "" { - signer, err = ssh.ParsePrivateKeyWithPassphrase([]byte(key), []byte(keyPassphrase)) + const AUTH_METHOD_NONE = "none" + const AUTH_METHOD_PASSWORD = "password" + const AUTH_METHOD_KEY = "key" + if authMethod == "" { + if key != "" { + authMethod = AUTH_METHOD_KEY + } else if password != "" { + authMethod = AUTH_METHOD_PASSWORD } else { - signer, err = ssh.ParsePrivateKey([]byte(key)) + authMethod = AUTH_METHOD_NONE + } + } + + authentications := make([]ssh.AuthMethod, 0) + switch authMethod { + case AUTH_METHOD_NONE: + { } - if err != nil { - return nil, err + case AUTH_METHOD_PASSWORD: + { + authentications = append(authentications, ssh.Password(password)) + authentications = append(authentications, ssh.KeyboardInteractive(func(user, instruction string, questions []string, echos []bool) ([]string, error) { + if len(questions) == 1 { + return []string{password}, nil + } + return nil, fmt.Errorf("unexpected keyboard interactive question [%s]", strings.Join(questions, ", ")) + })) } - authMethod = ssh.PublicKeys(signer) - } else { - authMethod = ssh.Password(password) + + case AUTH_METHOD_KEY: + { + var signer ssh.Signer + var err error + + if keyPassphrase != "" { + signer, err = ssh.ParsePrivateKeyWithPassphrase([]byte(key), []byte(keyPassphrase)) + } else { + signer, err = ssh.ParsePrivateKey([]byte(key)) + } + + if err != nil { + return nil, err + } + + authentications = append(authentications, ssh.PublicKeys(signer)) + } + + default: + return nil, fmt.Errorf("unsupported auth method '%s'", authMethod) } sshConn, chans, reqs, err := ssh.NewClientConn(conn, fmt.Sprintf("%s:%d", host, port), &ssh.ClientConfig{ User: username, - Auth: []ssh.AuthMethod{authMethod}, + Auth: authentications, HostKeyCallback: ssh.InsecureIgnoreHostKey(), }) if err != nil { diff --git a/internal/pkg/core/uploader/providers/aws-acm/aws_acm.go b/internal/pkg/core/uploader/providers/aws-acm/aws_acm.go index f68ebadc..4f215266 100644 --- a/internal/pkg/core/uploader/providers/aws-acm/aws_acm.go +++ b/internal/pkg/core/uploader/providers/aws-acm/aws_acm.go @@ -74,7 +74,7 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPEM string, privkeyPE // 获取证书列表,避免重复上传 // REF: https://docs.aws.amazon.com/en_us/acm/latest/APIReference/API_ListCertificates.html var listCertificatesNextToken *string = nil - listCertificatesMaxItems := int32(1000) + var listCertificatesMaxItems int32 = 1000 for { select { case <-ctx.Done(): @@ -107,7 +107,7 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPEM string, privkeyPE } // 最后对比证书内容 - // REF: https://docs.aws.amazon.com/en_us/acm/latest/APIReference/API_ListTagsForCertificate.html + // REF: https://docs.aws.amazon.com/en_us/acm/latest/APIReference/API_GetCertificate.html getCertificateReq := &awsacm.GetCertificateInput{ CertificateArn: certSummary.CertificateArn, } @@ -115,11 +115,7 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPEM string, privkeyPE if err != nil { return nil, fmt.Errorf("failed to execute sdk request 'acm.GetCertificate': %w", err) } else { - oldCertPEM := aws.ToString(getCertificateResp.CertificateChain) - if oldCertPEM == "" { - oldCertPEM = aws.ToString(getCertificateResp.Certificate) - } - + oldCertPEM := aws.ToString(getCertificateResp.Certificate) oldCertX509, err := certutil.ParseCertificateFromPEM(oldCertPEM) if err != nil { continue @@ -158,7 +154,7 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPEM string, privkeyPE } return &uploader.UploadResult{ - CertId: *importCertificateResp.CertificateArn, + CertId: aws.ToString(importCertificateResp.CertificateArn), }, nil } diff --git a/internal/pkg/core/uploader/providers/aws-iam/aws_iam.go b/internal/pkg/core/uploader/providers/aws-iam/aws_iam.go new file mode 100644 index 00000000..10f1a174 --- /dev/null +++ b/internal/pkg/core/uploader/providers/aws-iam/aws_iam.go @@ -0,0 +1,185 @@ +package awsiam + +import ( + "context" + "fmt" + "log/slog" + "time" + + aws "github.com/aws/aws-sdk-go-v2/aws" + awscfg "github.com/aws/aws-sdk-go-v2/config" + awscred "github.com/aws/aws-sdk-go-v2/credentials" + awsiam "github.com/aws/aws-sdk-go-v2/service/iam" + + "github.com/usual2970/certimate/internal/pkg/core/uploader" + certutil "github.com/usual2970/certimate/internal/pkg/utils/cert" +) + +type UploaderConfig struct { + // AWS AccessKeyId。 + AccessKeyId string `json:"accessKeyId"` + // AWS SecretAccessKey。 + SecretAccessKey string `json:"secretAccessKey"` + // AWS 区域。 + Region string `json:"region"` + // IAM 证书路径。 + // 选填。 + CertificatePath string `json:"certificatePath,omitempty"` +} + +type UploaderProvider struct { + config *UploaderConfig + logger *slog.Logger + sdkClient *awsiam.Client +} + +var _ uploader.Uploader = (*UploaderProvider)(nil) + +func NewUploader(config *UploaderConfig) (*UploaderProvider, error) { + if config == nil { + panic("config is nil") + } + + client, err := createSdkClient(config.AccessKeyId, config.SecretAccessKey, config.Region) + if err != nil { + return nil, fmt.Errorf("failed to create sdk client: %w", err) + } + + return &UploaderProvider{ + config: config, + logger: slog.Default(), + sdkClient: client, + }, nil +} + +func (u *UploaderProvider) WithLogger(logger *slog.Logger) uploader.Uploader { + if logger == nil { + u.logger = slog.New(slog.DiscardHandler) + } else { + u.logger = logger + } + return u +} + +func (u *UploaderProvider) Upload(ctx context.Context, certPEM string, privkeyPEM string) (*uploader.UploadResult, error) { + // 解析证书内容 + certX509, err := certutil.ParseCertificateFromPEM(certPEM) + if err != nil { + return nil, err + } + + // 提取服务器证书 + serverCertPEM, intermediaCertPEM, err := certutil.ExtractCertificatesFromPEM(certPEM) + if err != nil { + return nil, fmt.Errorf("failed to extract certs: %w", err) + } + + // 获取证书列表,避免重复上传 + // REF: https://docs.aws.amazon.com/en_us/IAM/latest/APIReference/API_ListServerCertificates.html + var listServerCertificatesMarker *string = nil + var listServerCertificatesMaxItems int32 = 1000 + for { + select { + case <-ctx.Done(): + return nil, ctx.Err() + default: + } + + listServerCertificatesReq := &awsiam.ListServerCertificatesInput{ + Marker: listServerCertificatesMarker, + MaxItems: aws.Int32(listServerCertificatesMaxItems), + } + if u.config.CertificatePath != "" { + listServerCertificatesReq.PathPrefix = aws.String(u.config.CertificatePath) + } + listServerCertificatesResp, err := u.sdkClient.ListServerCertificates(context.TODO(), listServerCertificatesReq) + u.logger.Debug("sdk request 'iam.ListServerCertificates'", slog.Any("request", listServerCertificatesReq), slog.Any("response", listServerCertificatesResp)) + if err != nil { + return nil, fmt.Errorf("failed to execute sdk request 'iam.ListServerCertificates': %w", err) + } + + for _, certMeta := range listServerCertificatesResp.ServerCertificateMetadataList { + // 先对比证书路径 + if u.config.CertificatePath != "" && aws.ToString(certMeta.Path) != u.config.CertificatePath { + continue + } + + // 先对比证书有效期 + if certMeta.Expiration == nil || !certMeta.Expiration.Equal(certX509.NotAfter) { + continue + } + + // 最后对比证书内容 + // REF: https://docs.aws.amazon.com/en_us/IAM/latest/APIReference/API_GetServerCertificate.html + getServerCertificateReq := &awsiam.GetServerCertificateInput{ + ServerCertificateName: certMeta.ServerCertificateName, + } + getServerCertificateResp, err := u.sdkClient.GetServerCertificate(context.TODO(), getServerCertificateReq) + if err != nil { + return nil, fmt.Errorf("failed to execute sdk request 'iam.GetServerCertificate': %w", err) + } else { + oldCertPEM := aws.ToString(getServerCertificateResp.ServerCertificate.CertificateBody) + oldCertX509, err := certutil.ParseCertificateFromPEM(oldCertPEM) + if err != nil { + continue + } + + if !certutil.EqualCertificate(certX509, oldCertX509) { + continue + } + } + + // 如果以上信息都一致,则视为已存在相同证书,直接返回 + u.logger.Info("ssl certificate already exists") + return &uploader.UploadResult{ + CertId: aws.ToString(certMeta.ServerCertificateId), + CertName: aws.ToString(certMeta.ServerCertificateName), + }, nil + } + + if listServerCertificatesResp.Marker == nil || len(listServerCertificatesResp.ServerCertificateMetadataList) < int(listServerCertificatesMaxItems) { + break + } else { + listServerCertificatesMarker = listServerCertificatesResp.Marker + } + } + + // 生成新证书名(需符合 AWS IAM 命名规则) + certName := fmt.Sprintf("certimate-%d", time.Now().UnixMilli()) + + // 导入证书 + // REF: https://docs.aws.amazon.com/en_us/IAM/latest/APIReference/API_UploadServerCertificate.html + uploadServerCertificateReq := &awsiam.UploadServerCertificateInput{ + ServerCertificateName: aws.String(certName), + Path: aws.String(u.config.CertificatePath), + CertificateBody: aws.String(serverCertPEM), + CertificateChain: aws.String(intermediaCertPEM), + PrivateKey: aws.String(privkeyPEM), + } + if u.config.CertificatePath == "" { + uploadServerCertificateReq.Path = aws.String("/") + } + uploadServerCertificateResp, err := u.sdkClient.UploadServerCertificate(context.TODO(), uploadServerCertificateReq) + u.logger.Debug("sdk request 'iam.UploadServerCertificate'", slog.Any("request", uploadServerCertificateReq), slog.Any("response", uploadServerCertificateResp)) + if err != nil { + return nil, fmt.Errorf("failed to execute sdk request 'iam.UploadServerCertificate': %w", err) + } + + return &uploader.UploadResult{ + CertId: aws.ToString(uploadServerCertificateResp.ServerCertificateMetadata.ServerCertificateId), + CertName: certName, + }, nil +} + +func createSdkClient(accessKeyId, secretAccessKey, region string) (*awsiam.Client, error) { + cfg, err := awscfg.LoadDefaultConfig(context.TODO()) + if err != nil { + return nil, err + } + + client := awsiam.NewFromConfig(cfg, func(o *awsiam.Options) { + o.Region = region + o.Credentials = aws.NewCredentialsCache(awscred.NewStaticCredentialsProvider(accessKeyId, secretAccessKey, "")) + }) + return client, nil +} diff --git a/internal/pkg/sdk3rd/ucloud/udnr/apis.go b/internal/pkg/sdk3rd/ucloud/udnr/apis.go new file mode 100644 index 00000000..af878e5b --- /dev/null +++ b/internal/pkg/sdk3rd/ucloud/udnr/apis.go @@ -0,0 +1,115 @@ +package udnr + +import ( + "github.com/ucloud/ucloud-sdk-go/ucloud/request" + "github.com/ucloud/ucloud-sdk-go/ucloud/response" +) + +type QueryDomainDNSRequest struct { + request.CommonBase + + Dn *string `required:"true"` +} + +type QueryDomainDNSResponse struct { + response.CommonBase + + Data []DomainDNSRecord +} + +func (c *UDNRClient) NewQueryDomainDNSRequest() *QueryDomainDNSRequest { + req := &QueryDomainDNSRequest{} + + c.Client.SetupRequest(req) + + req.SetRetryable(false) + return req +} + +func (c *UDNRClient) QueryDomainDNS(req *QueryDomainDNSRequest) (*QueryDomainDNSResponse, error) { + var err error + var res QueryDomainDNSResponse + + reqCopier := *req + + err = c.Client.InvokeAction("UdnrDomainDNSQuery", &reqCopier, &res) + if err != nil { + return &res, err + } + + return &res, nil +} + +type AddDomainDNSRequest struct { + request.CommonBase + + Dn *string `required:"true"` + DnsType *string `required:"true"` + RecordName *string `required:"true"` + Content *string `required:"true"` + TTL *int `required:"true"` + Prio *int `required:"false"` +} + +type AddDomainDNSResponse struct { + response.CommonBase +} + +func (c *UDNRClient) NewAddDomainDNSRequest() *AddDomainDNSRequest { + req := &AddDomainDNSRequest{} + + c.Client.SetupRequest(req) + + req.SetRetryable(false) + return req +} + +func (c *UDNRClient) AddDomainDNS(req *AddDomainDNSRequest) (*AddDomainDNSResponse, error) { + var err error + var res AddDomainDNSResponse + + reqCopier := *req + + err = c.Client.InvokeAction("UdnrDomainDNSAdd", &reqCopier, &res) + if err != nil { + return &res, err + } + + return &res, nil +} + +type DeleteDomainDNSRequest struct { + request.CommonBase + + Dn *string `required:"true"` + DnsType *string `required:"true"` + RecordName *string `required:"true"` + Content *string `required:"true"` +} + +type DeleteDomainDNSResponse struct { + response.CommonBase +} + +func (c *UDNRClient) NewDeleteDomainDNSRequest() *DeleteDomainDNSRequest { + req := &DeleteDomainDNSRequest{} + + c.Client.SetupRequest(req) + + req.SetRetryable(false) + return req +} + +func (c *UDNRClient) DeleteDomainDNS(req *DeleteDomainDNSRequest) (*DeleteDomainDNSResponse, error) { + var err error + var res DeleteDomainDNSResponse + + reqCopier := *req + + err = c.Client.InvokeAction("UdnrDeleteDnsRecord", &reqCopier, &res) + if err != nil { + return &res, err + } + + return &res, nil +} diff --git a/internal/pkg/sdk3rd/ucloud/udnr/client.go b/internal/pkg/sdk3rd/ucloud/udnr/client.go new file mode 100644 index 00000000..5e23f227 --- /dev/null +++ b/internal/pkg/sdk3rd/ucloud/udnr/client.go @@ -0,0 +1,18 @@ +package udnr + +import ( + "github.com/ucloud/ucloud-sdk-go/ucloud" + "github.com/ucloud/ucloud-sdk-go/ucloud/auth" +) + +type UDNRClient struct { + *ucloud.Client +} + +func NewClient(config *ucloud.Config, credential *auth.Credential) *UDNRClient { + meta := ucloud.ClientMeta{Product: "UDNR"} + client := ucloud.NewClientWithMeta(config, credential, meta) + return &UDNRClient{ + client, + } +} diff --git a/internal/pkg/sdk3rd/ucloud/udnr/models.go b/internal/pkg/sdk3rd/ucloud/udnr/models.go new file mode 100644 index 00000000..4d2081f5 --- /dev/null +++ b/internal/pkg/sdk3rd/ucloud/udnr/models.go @@ -0,0 +1,9 @@ +package udnr + +type DomainDNSRecord struct { + DnsType string + RecordName string + Content string + TTL int + Prio int +} diff --git a/migrations/1748959200_upgrade.go b/migrations/1748959200_upgrade.go new file mode 100644 index 00000000..daa6b715 --- /dev/null +++ b/migrations/1748959200_upgrade.go @@ -0,0 +1,62 @@ +package migrations + +import ( + "github.com/pocketbase/pocketbase/core" + m "github.com/pocketbase/pocketbase/migrations" +) + +func init() { + m.Register(func(app core.App) error { + tracer := NewTracer("(v0.3)1748959200") + tracer.Printf("go ...") + + // migrate data + { + collection, err := app.FindCollectionByNameOrId("4yzbv8urny5ja1e") + if err != nil { + return err + } + + records, err := app.FindAllRecords(collection) + if err != nil { + return err + } + + for _, record := range records { + changed := false + + if record.GetString("provider") == "ssh" { + config := make(map[string]any) + if err := record.UnmarshalJSONField("config", &config); err != nil { + return err + } + + if config["authMethod"] == nil || config["authMethod"] == "" { + if config["key"] != nil && config["key"] != "" { + config["authMethod"] = "key" + } else if config["password"] != nil && config["password"] != "" { + config["authMethod"] = "password" + } else { + config["authMethod"] = "none" + } + record.Set("config", config) + changed = true + } + } + + if changed { + if err := app.Save(record); err != nil { + return err + } + + tracer.Printf("record #%s in collection '%s' updated", record.Id, collection.Name) + } + } + } + + tracer.Printf("done") + return nil + }, func(app core.App) error { + return nil + }) +} diff --git a/ui/public/imgs/providers/constellix.png b/ui/public/imgs/providers/constellix.png new file mode 100644 index 00000000..71a8722a Binary files /dev/null and b/ui/public/imgs/providers/constellix.png differ diff --git a/ui/src/components/access/AccessForm.tsx b/ui/src/components/access/AccessForm.tsx index 44e389ed..4bb1d439 100644 --- a/ui/src/components/access/AccessForm.tsx +++ b/ui/src/components/access/AccessForm.tsx @@ -28,6 +28,7 @@ import AccessFormCdnflyConfig from "./AccessFormCdnflyConfig"; import AccessFormCloudflareConfig from "./AccessFormCloudflareConfig"; import AccessFormClouDNSConfig from "./AccessFormClouDNSConfig"; import AccessFormCMCCCloudConfig from "./AccessFormCMCCCloudConfig"; +import AccessFormConstellixConfig from "./AccessFormConstellixConfig"; import AccessFormDeSECConfig from "./AccessFormDeSECConfig"; import AccessFormDigitalOceanConfig from "./AccessFormDigitalOceanConfig"; import AccessFormDingTalkBotConfig from "./AccessFormDingTalkBotConfig"; @@ -219,6 +220,8 @@ const AccessForm = forwardRef(({ className, return ; case ACCESS_PROVIDERS.CMCCCLOUD: return ; + case ACCESS_PROVIDERS.CONSTELLIX: + return ; case ACCESS_PROVIDERS.DESEC: return ; case ACCESS_PROVIDERS.DIGITALOCEAN: diff --git a/ui/src/components/access/AccessFormConstellixConfig.tsx b/ui/src/components/access/AccessFormConstellixConfig.tsx new file mode 100644 index 00000000..5966828a --- /dev/null +++ b/ui/src/components/access/AccessFormConstellixConfig.tsx @@ -0,0 +1,67 @@ +import { useTranslation } from "react-i18next"; +import { Form, type FormInstance, Input } from "antd"; +import { createSchemaFieldRule } from "antd-zod"; +import { z } from "zod"; +import { type AccessConfigForConstellix } from "@/domain/access"; + +type AccessFormConstellixConfigFieldValues = Nullish; + +export type AccessFormConstellixConfigProps = { + form: FormInstance; + formName: string; + disabled?: boolean; + initialValues?: AccessFormConstellixConfigFieldValues; + onValuesChange?: (values: AccessFormConstellixConfigFieldValues) => void; +}; + +const initFormModel = (): AccessFormConstellixConfigFieldValues => { + return { + apiKey: "", + secretKey: "", + }; +}; + +const AccessFormConstellixConfig = ({ form: formInst, formName, disabled, initialValues, onValuesChange: onValuesChange }: AccessFormConstellixConfigProps) => { + const { t } = useTranslation(); + + const formSchema = z.object({ + apiKey: z.string().trim().nonempty(t("access.form.constellix_api_key.placeholder")), + secretKey: z.string().trim().nonempty(t("access.form.constellix_secret_key.placeholder")), + }); + const formRule = createSchemaFieldRule(formSchema); + + const handleFormChange = (_: unknown, values: z.infer) => { + onValuesChange?.(values); + }; + + return ( +
+ } + > + + + + } + > + + +
+ ); +}; + +export default AccessFormConstellixConfig; diff --git a/ui/src/components/access/AccessFormSSHConfig.tsx b/ui/src/components/access/AccessFormSSHConfig.tsx index 84b67e32..56532771 100644 --- a/ui/src/components/access/AccessFormSSHConfig.tsx +++ b/ui/src/components/access/AccessFormSSHConfig.tsx @@ -1,9 +1,10 @@ import { useTranslation } from "react-i18next"; import { ArrowDownOutlined, ArrowUpOutlined, CloseOutlined, PlusOutlined } from "@ant-design/icons"; -import { Button, Collapse, Form, type FormInstance, Input, InputNumber, Space } from "antd"; +import { Button, Collapse, Form, type FormInstance, Input, InputNumber, Select, Space } from "antd"; import { createSchemaFieldRule } from "antd-zod"; import { z } from "zod"; +import Show from "@/components/Show"; import TextFileInput from "@/components/TextFileInput"; import { type AccessConfigForSSH } from "@/domain/access"; import { validDomainName, validIPv4Address, validIPv6Address, validPortNumber } from "@/utils/validators"; @@ -18,10 +19,15 @@ export type AccessFormSSHConfigProps = { onValuesChange?: (values: AccessFormSSHConfigFieldValues) => void; }; +const AUTH_METHOD_NONE = "none" as const; +const AUTH_METHOD_PASSWORD = "password" as const; +const AUTH_METHOD_KEY = "key" as const; + const initFormModel = (): AccessFormSSHConfigFieldValues => { return { host: "127.0.0.1", port: 22, + authMethod: AUTH_METHOD_PASSWORD, username: "root", }; }; @@ -38,6 +44,9 @@ const AccessFormSSHConfig = ({ form: formInst, formName, disabled, initialValues .int(t("access.form.ssh_port.placeholder")) .refine((v) => validPortNumber(v), t("common.errmsg.port_invalid")) ), + authMethod: z.union([z.literal(AUTH_METHOD_NONE), z.literal(AUTH_METHOD_PASSWORD), z.literal(AUTH_METHOD_KEY)], { + message: t("access.form.ssh_auth_method.placeholder"), + }), username: z .string() .min(1, t("access.form.ssh_username.placeholder")) @@ -45,11 +54,13 @@ const AccessFormSSHConfig = ({ form: formInst, formName, disabled, initialValues password: z .string() .max(64, t("common.errmsg.string_max", { max: 64 })) - .nullish(), + .nullish() + .refine((v) => fieldAuthMethod !== AUTH_METHOD_PASSWORD || !!v?.trim(), t("access.form.ssh_password.placeholder")), key: z .string() .max(20480, t("common.errmsg.string_max", { max: 20480 })) - .nullish(), + .nullish() + .refine((v) => fieldAuthMethod !== AUTH_METHOD_KEY || !!v?.trim(), t("access.form.ssh_key.placeholder")), keyPassphrase: z .string() .max(20480, t("common.errmsg.string_max", { max: 20480 })) @@ -57,47 +68,43 @@ const AccessFormSSHConfig = ({ form: formInst, formName, disabled, initialValues .refine((v) => !v || formInst.getFieldValue("key"), t("access.form.ssh_key.placeholder")), jumpServers: z .array( - z - .object({ - host: z.string().refine((v) => validDomainName(v) || validIPv4Address(v) || validIPv6Address(v), t("common.errmsg.host_invalid")), - port: z.preprocess( - (v) => Number(v), - z - .number() - .int(t("access.form.ssh_port.placeholder")) - .refine((v) => validPortNumber(v), t("common.errmsg.port_invalid")) - ), - username: z - .string() - .min(1, t("access.form.ssh_username.placeholder")) - .max(64, t("common.errmsg.string_max", { max: 64 })), - password: z - .string() - .max(64, t("common.errmsg.string_max", { max: 64 })) - .nullish(), - key: z - .string() - .max(20480, t("common.errmsg.string_max", { max: 20480 })) - .nullish(), - keyPassphrase: z - .string() - .max(20480, t("common.errmsg.string_max", { max: 20480 })) - .nullish(), - }) - .superRefine((data, ctx) => { - if (data.keyPassphrase && !data.key) { - ctx.addIssue({ - path: ["keyPassphrase"], - code: z.ZodIssueCode.custom, - message: t("access.form.ssh_key.placeholder"), - }); - } - }) + z.object({ + host: z.string().refine((v) => validDomainName(v) || validIPv4Address(v) || validIPv6Address(v), t("common.errmsg.host_invalid")), + port: z.preprocess( + (v) => Number(v), + z + .number() + .int(t("access.form.ssh_port.placeholder")) + .refine((v) => validPortNumber(v), t("common.errmsg.port_invalid")) + ), + authMethod: z.union([z.literal(AUTH_METHOD_NONE), z.literal(AUTH_METHOD_PASSWORD), z.literal(AUTH_METHOD_KEY)], { + message: t("access.form.ssh_auth_method.placeholder"), + }), + username: z + .string() + .min(1, t("access.form.ssh_username.placeholder")) + .max(64, t("common.errmsg.string_max", { max: 64 })), + password: z + .string() + .max(64, t("common.errmsg.string_max", { max: 64 })) + .nullish(), + key: z + .string() + .max(20480, t("common.errmsg.string_max", { max: 20480 })) + .nullish(), + keyPassphrase: z + .string() + .max(20480, t("common.errmsg.string_max", { max: 20480 })) + .nullish(), + }), + { message: t("access.form.ssh_jump_servers.errmsg.invalid") } ) .nullish(), }); const formRule = createSchemaFieldRule(formSchema); + const fieldAuthMethod = Form.useWatch("authMethod", formInst); + const handleFormChange = (_: unknown, values: z.infer) => { onValuesChange?.(values); }; @@ -125,36 +132,39 @@ const AccessFormSSHConfig = ({ form: formInst, formName, disabled, initialValues + + + + - } - > - - + + + + + - } - > - - + + + + - } - > - - + + + + @@ -174,6 +184,60 @@ const AccessFormSSHConfig = ({ form: formInst, formName, disabled, initialValues ); }; + const Fields = () => { + const authMethod = Form.useWatch(["jumpServers", field.name, "authMethod"], formInst); + return ( + <> +
+
+ + + +
+
+ + + +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + ); + }; + return { key: field.key, label: + + + + ); }; diff --git a/ui/src/components/workflow/node/DeployNodeConfigFormAWSIAMConfig.tsx b/ui/src/components/workflow/node/DeployNodeConfigFormAWSIAMConfig.tsx new file mode 100644 index 00000000..1013153a --- /dev/null +++ b/ui/src/components/workflow/node/DeployNodeConfigFormAWSIAMConfig.tsx @@ -0,0 +1,77 @@ +import { useTranslation } from "react-i18next"; +import { Form, type FormInstance, Input } from "antd"; +import { createSchemaFieldRule } from "antd-zod"; +import { z } from "zod"; + +type DeployNodeConfigFormAWSIAMConfigFieldValues = Nullish<{ + region: string; + certificatePath?: string; +}>; + +export type DeployNodeConfigFormAWSIAMConfigProps = { + form: FormInstance; + formName: string; + disabled?: boolean; + initialValues?: DeployNodeConfigFormAWSIAMConfigFieldValues; + onValuesChange?: (values: DeployNodeConfigFormAWSIAMConfigFieldValues) => void; +}; + +const initFormModel = (): DeployNodeConfigFormAWSIAMConfigFieldValues => { + return { + certificatePath: "/", + }; +}; + +const DeployNodeConfigFormAWSIAMConfig = ({ form: formInst, formName, disabled, initialValues, onValuesChange }: DeployNodeConfigFormAWSIAMConfigProps) => { + const { t } = useTranslation(); + + const formSchema = z.object({ + region: z + .string({ message: t("workflow_node.deploy.form.aws_iam_region.placeholder") }) + .nonempty(t("workflow_node.deploy.form.aws_iam_region.placeholder")) + .trim(), + certificatePath: z + .string() + .nullish() + .refine((v) => { + if (!v) return true; + return v.startsWith("/") && v.endsWith("/"); + }, t("workflow_node.deploy.form.aws_iam_certificate_path.errmsg.invalid")), + }); + const formRule = createSchemaFieldRule(formSchema); + + const handleFormChange = (_: unknown, values: z.infer) => { + onValuesChange?.(values); + }; + + return ( +
+ } + > + + + + } + > + + +
+ ); +}; + +export default DeployNodeConfigFormAWSIAMConfig; diff --git a/ui/src/domain/access.ts b/ui/src/domain/access.ts index fe9f12e3..1ab660a3 100644 --- a/ui/src/domain/access.ts +++ b/ui/src/domain/access.ts @@ -23,6 +23,7 @@ export interface AccessModel extends BaseModel { | AccessConfigForCloudflare | AccessConfigForClouDNS | AccessConfigForCMCCCloud + | AccessConfigForConstellix | AccessConfigForDeSEC | AccessConfigForDigitalOcean | AccessConfigForDingTalkBot @@ -172,6 +173,11 @@ export type AccessConfigForCMCCCloud = { accessKeySecret: string; }; +export type AccessConfigForConstellix = { + apiKey: string; + secretKey: string; +}; + export type AccessConfigForDeSEC = { token: string; }; @@ -373,7 +379,8 @@ export type AccessConfigForSlackBot = { export type AccessConfigForSSH = { host: string; port: number; - username: string; + authMethod?: string; + username?: string; password?: string; key?: string; keyPassphrase?: string; diff --git a/ui/src/domain/provider.ts b/ui/src/domain/provider.ts index bb550691..c74a13ba 100644 --- a/ui/src/domain/provider.ts +++ b/ui/src/domain/provider.ts @@ -22,6 +22,7 @@ export const ACCESS_PROVIDERS = Object.freeze({ CLOUDFLARE: "cloudflare", CLOUDNS: "cloudns", CMCCCLOUD: "cmcccloud", + CONSTELLIX: "constellix", DESEC: "desec", DIGITALOCEAN: "digitalocean", DINGTALKBOT: "dingtalkbot", @@ -120,6 +121,7 @@ export const accessProvidersMap: Maphttps://ecloud.10086.cn/op-help-center/doc/article/49739", + "access.form.constellix_api_key.label": "Constellix API key", + "access.form.constellix_api_key.placeholder": "Please enter Constellix API key", + "access.form.constellix_api_key.tooltip": "For more information, see https://support.constellix.com/hc/en-us/articles/34574197390491-How-to-Generate-an-API-Key", + "access.form.constellix_secret_key.label": "Constellix API secret key", + "access.form.constellix_secret_key.placeholder": "Please enter Constellix API secret key", + "access.form.constellix_secret_key.tooltip": "For more information, see https://support.constellix.com/hc/en-us/articles/34574197390491-How-to-Generate-an-API-Key", "access.form.desec_token.label": "deSEC token", "access.form.desec_token.placeholder": "Please enter deSEC token", "access.form.desec_token.tooltip": "For more information, see https://desec.readthedocs.io/en/latest/auth/tokens.html", @@ -372,18 +378,21 @@ "access.form.ssh_host.placeholder": "Please enter server host", "access.form.ssh_port.label": "Server port", "access.form.ssh_port.placeholder": "Please enter server port", + "access.form.ssh_auth_method.label": "Authentication method", + "access.form.ssh_auth_method.placeholder": "Please select authentication method", + "access.form.ssh_auth_method.option.none.label": "None", + "access.form.ssh_auth_method.option.password.label": "Password", + "access.form.ssh_auth_method.option.key.label": "SSH key", "access.form.ssh_username.label": "Username", "access.form.ssh_username.placeholder": "Please enter username", - "access.form.ssh_password.label": "Password (Optional)", + "access.form.ssh_password.label": "Password", "access.form.ssh_password.placeholder": "Please enter password", - "access.form.ssh_password.tooltip": "Required when using password to connect to SSH.", - "access.form.ssh_key.label": "SSH key (Optional)", + "access.form.ssh_key.label": "SSH key", "access.form.ssh_key.placeholder": "Please enter SSH key", - "access.form.ssh_key.tooltip": "Required when using key to connect to SSH.", "access.form.ssh_key_passphrase.label": "SSH key passphrase (Optional)", "access.form.ssh_key_passphrase.placeholder": "Please enter SSH key passphrase", - "access.form.ssh_key_passphrase.tooltip": "Optional when using key to connect to SSH.", "access.form.ssh_jump_servers.label": "SSH jump server (Optional)", + "access.form.ssh_jump_servers.errmsg.invalid": "Please configure a valid jump server", "access.form.ssh_jump_servers.item.label": "Jump server", "access.form.ssh_jump_servers.add": "Add jump server", "access.form.sslcom_eab_kid.label": "ACME EAB KID", diff --git a/ui/src/i18n/locales/en/nls.provider.json b/ui/src/i18n/locales/en/nls.provider.json index 9e59d9d0..bac03fee 100644 --- a/ui/src/i18n/locales/en/nls.provider.json +++ b/ui/src/i18n/locales/en/nls.provider.json @@ -27,13 +27,14 @@ "provider.aws": "AWS", "provider.aws.acm": "AWS - ACM (Amazon Certificate Manager)", "provider.aws.cloudfront": "AWS - CloudFront", + "provider.aws.iam": "AWS - IAM (Identity and Access Management)", "provider.aws.route53": "AWS - Route53", "provider.azure": "Azure", "provider.azure.dns": "Azure - DNS", "provider.azure.keyvault": "Azure - KeyVault", "provider.baiducloud": "Baidu Cloud", "provider.baiducloud.appblb": "Baidu Cloud - AppBLB (Application Baidu Load Balancer)", - "provider.baiducloud.blb": "Baidu Cloud - BLB (Baidu Load Balancer)", + "provider.baiducloud.blb": "Baidu Cloud - BLB (Load Balancer)", "provider.baiducloud.cdn": "Baidu Cloud - CDN (Content Delivery Network)", "provider.baiducloud.cert_upload": "Baidu Cloud - Upload to SSL Certificate Service", "provider.baiducloud.dns": "Baidu Cloud - DNS (Domain Name Service)", @@ -55,6 +56,7 @@ "provider.cloudflare": "Cloudflare", "provider.cloudns": "ClouDNS", "provider.cmcccloud": "China Mobile Cloud (ECloud)", + "provider.constellix": "Constellix", "provider.ctcccloud": "China Telecom Cloud (State Cloud)", "provider.cucccloud": "China Unicom Cloud", "provider.desec": "deSEC", @@ -113,7 +115,7 @@ "provider.qiniu.kodo": "Qiniu - Kodo", "provider.qiniu.pili": "Qiniu - Pili", "provider.rainyun": "Rain Yun", - "provider.rainyun.rcdn": "Rain Yun - RCDN (Rain Content Delivery Network)", + "provider.rainyun.rcdn": "Rain Yun - RCDN (Content Delivery Network)", "provider.ratpanel": "RatPanel", "provider.ratpanel.console": "RatPanel - Console", "provider.ratpanel.site": "RatPanel - Website", @@ -136,8 +138,9 @@ "provider.tencentcloud.vod": "Tencent Cloud - VOD (Video on Demand)", "provider.tencentcloud.waf": "Tencent Cloud - WAF (Web Application Firewall)", "provider.ucloud": "UCloud", - "provider.ucloud.ucdn": "UCloud - UCDN (UCloud Content Delivery Network)", - "provider.ucloud.us3": "UCloud - US3 (UCloud Object-based Storage)", + "provider.ucloud.ucdn": "UCloud - UCDN (Content Delivery Network)", + "provider.ucloud.udnr": "UCloud - UDNR (Domain Name Registrar)", + "provider.ucloud.us3": "UCloud - US3 (Object-based Storage)", "provider.unicloud": "uniCloud (DCloud)", "provider.unicloud.webhost": "uniCloud (DCloud) - Web Host", "provider.upyun": "UPYUN", diff --git a/ui/src/i18n/locales/en/nls.workflow.nodes.json b/ui/src/i18n/locales/en/nls.workflow.nodes.json index 0c44f107..88d3dc15 100644 --- a/ui/src/i18n/locales/en/nls.workflow.nodes.json +++ b/ui/src/i18n/locales/en/nls.workflow.nodes.json @@ -297,6 +297,15 @@ "workflow_node.deploy.form.aws_cloudfront_distribution_id.label": "AWS CloudFront distribution ID", "workflow_node.deploy.form.aws_cloudfront_distribution_id.placeholder": "Please enter AWS CloudFront distribution ID", "workflow_node.deploy.form.aws_cloudfront_distribution_id.tooltip": "For more information, see https://docs.aws.amazon.com/en_us/AmazonCloudFront/latest/DeveloperGuide/distribution-working-with.html", + "workflow_node.deploy.form.aws_cloudfront_certificate_source.label": "AWS CloudFront certificate source", + "workflow_node.deploy.form.aws_cloudfront_certificate_source.placeholder": "Please select AWS CloudFront certificate source", + "workflow_node.deploy.form.aws_iam_region.label": "AWS IAM Region", + "workflow_node.deploy.form.aws_iam_region.placeholder": "Please enter AWS IAM region (e.g. us-east-1)", + "workflow_node.deploy.form.aws_iam_region.tooltip": "For more information, see https://docs.aws.amazon.com/en_us/general/latest/gr/rande.html#regional-endpoints", + "workflow_node.deploy.form.aws_iam_certificate_path.label": "AWS IAM certificate path (Optional)", + "workflow_node.deploy.form.aws_iam_certificate_path.placeholder": "Please enter AWS IAM certificate path", + "workflow_node.deploy.form.aws_iam_certificate_path.errmsg.invalid": "Please enter a valid AWS IAM certificate path", + "workflow_node.deploy.form.aws_iam_certificate_path.tooltip": "For more information, see https://docs.aws.amazon.com/en_us/IAM/latest/UserGuide/reference_identifiers.html", "workflow_node.deploy.form.azure_keyvault_name.label": "Azure KeyVault name", "workflow_node.deploy.form.azure_keyvault_name.placeholder": "Please enter Azure KeyVault name", "workflow_node.deploy.form.azure_keyvault_name.tooltip": "For more information, see https://learn.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates", diff --git a/ui/src/i18n/locales/zh/nls.access.json b/ui/src/i18n/locales/zh/nls.access.json index 66563f32..cbf0c7db 100644 --- a/ui/src/i18n/locales/zh/nls.access.json +++ b/ui/src/i18n/locales/zh/nls.access.json @@ -146,6 +146,12 @@ "access.form.cmcccloud_access_key_secret.label": "移动云 AccessKeySecret", "access.form.cmcccloud_access_key_secret.placeholder": "请输入移动云 AccessKeySecret", "access.form.cmcccloud_access_key_secret.tooltip": "这是什么?请参阅 https://ecloud.10086.cn/op-help-center/doc/article/49739", + "access.form.constellix_api_key.label": "Constellix API Key", + "access.form.constellix_api_key.placeholder": "请输入 Constellix API Key", + "access.form.constellix_api_key.tooltip": "这是什么?请参阅 https://support.constellix.com/hc/en-us/articles/34574197390491-How-to-Generate-an-API-Key", + "access.form.constellix_secret_key.label": "Constellix Secret Key", + "access.form.constellix_secret_key.placeholder": "请输入 Constellix Secret Key", + "access.form.constellix_secret_key.tooltip": "这是什么?请参阅 https://support.constellix.com/hc/en-us/articles/34574197390491-How-to-Generate-an-API-Key", "access.form.desec_token.label": "deSEC Token", "access.form.desec_token.placeholder": "请输入 deSEC Token", "access.form.desec_token.tooltip": "这是什么?请参阅 https://desec.readthedocs.io/en/latest/auth/tokens.html", @@ -372,18 +378,21 @@ "access.form.ssh_host.placeholder": "请输入服务器地址", "access.form.ssh_port.label": "服务器端口", "access.form.ssh_port.placeholder": "请输入服务器端口", + "access.form.ssh_auth_method.label": "认证方式", + "access.form.ssh_auth_method.placeholder": "请选择认证方式", + "access.form.ssh_auth_method.option.none.label": "无", + "access.form.ssh_auth_method.option.password.label": "密码", + "access.form.ssh_auth_method.option.key.label": "密钥", "access.form.ssh_username.label": "用户名", "access.form.ssh_username.placeholder": "请输入用户名", - "access.form.ssh_password.label": "密码(可选)", + "access.form.ssh_password.label": "密码", "access.form.ssh_password.placeholder": "请输入密码", - "access.form.ssh_password.tooltip": "使用密码连接到 SSH 时必填。
该字段与密钥文件字段二选一,如果同时填写优先使用 SSH 密钥登录。", - "access.form.ssh_key.label": "SSH 密钥(可选)", + "access.form.ssh_key.label": "SSH 密钥", "access.form.ssh_key.placeholder": "请输入 SSH 密钥文件内容", - "access.form.ssh_key.tooltip": "使用 SSH 密钥连接到 SSH 时必填。
该字段与密码字段二选一,如果同时填写优先使用 SSH 密钥登录。", "access.form.ssh_key_passphrase.label": "SSH 密钥口令(可选)", "access.form.ssh_key_passphrase.placeholder": "请输入 SSH 密钥口令", - "access.form.ssh_key_passphrase.tooltip": "使用 SSH 密钥连接到 SSH 时选填。", "access.form.ssh_jump_servers.label": "SSH 跳板机(可选)", + "access.form.ssh_jump_servers.errmsg.invalid": "请配置有效的 SSH 跳板机", "access.form.ssh_jump_servers.item.label": "跳板机", "access.form.ssh_jump_servers.add": "添加跳板机", "access.form.sslcom_eab_kid.label": "ACME EAB KID", diff --git a/ui/src/i18n/locales/zh/nls.provider.json b/ui/src/i18n/locales/zh/nls.provider.json index 27aa8d0e..79af14fc 100644 --- a/ui/src/i18n/locales/zh/nls.provider.json +++ b/ui/src/i18n/locales/zh/nls.provider.json @@ -27,6 +27,7 @@ "provider.aws": "AWS", "provider.aws.acm": "AWS - ACM (Amazon Certificate Manager)", "provider.aws.cloudfront": "AWS - CloudFront", + "provider.aws.iam": "AWS - IAM (Identity and Access Management)", "provider.aws.route53": "AWS - Route53", "provider.azure": "Azure", "provider.azure.dns": "Azure - DNS", @@ -55,6 +56,7 @@ "provider.cloudflare": "Cloudflare", "provider.cloudns": "ClouDNS", "provider.cmcccloud": "移动云", + "provider.constellix": "Constellix", "provider.ctcccloud": "联通云", "provider.cucccloud": "天翼云", "provider.desec": "deSEC", @@ -137,6 +139,7 @@ "provider.tencentcloud.waf": "腾讯云 - Web 应用防火墙 WAF", "provider.ucloud": "优刻得", "provider.ucloud.ucdn": "优刻得 - 内容分发 UCDN", + "provider.ucloud.udnr": "优刻得 - 域名服务 UDNR", "provider.ucloud.us3": "优刻得 - 对象存储 US3", "provider.unicloud": "uniCloud (DCloud)", "provider.unicloud.webhost": "uniCloud (DCloud) - 前端网页托管", diff --git a/ui/src/i18n/locales/zh/nls.workflow.nodes.json b/ui/src/i18n/locales/zh/nls.workflow.nodes.json index 9f244ef2..9a8be8af 100644 --- a/ui/src/i18n/locales/zh/nls.workflow.nodes.json +++ b/ui/src/i18n/locales/zh/nls.workflow.nodes.json @@ -296,6 +296,15 @@ "workflow_node.deploy.form.aws_cloudfront_distribution_id.label": "AWS CloudFront 分配 ID", "workflow_node.deploy.form.aws_cloudfront_distribution_id.placeholder": "请输入 AWS CloudFront 分配 ID", "workflow_node.deploy.form.aws_cloudfront_distribution_id.tooltip": "这是什么?请参阅 https://docs.aws.amazon.com/zh_cn/AmazonCloudFront/latest/DeveloperGuide/distribution-working-with.html", + "workflow_node.deploy.form.aws_cloudfront_certificate_source.label": "AWS CloudFront 证书来源", + "workflow_node.deploy.form.aws_cloudfront_certificate_source.placeholder": "请选择 AWS CloudFront 证书来源", + "workflow_node.deploy.form.aws_iam_region.label": "AWS IAM 服务区域", + "workflow_node.deploy.form.aws_iam_region.placeholder": "请输入 AWS IAM 服务区域(例如:us-east-1)", + "workflow_node.deploy.form.aws_iam_region.tooltip": "这是什么?请参阅 https://docs.aws.amazon.com/zh_cn/general/latest/gr/rande.html#regional-endpoints", + "workflow_node.deploy.form.aws_iam_certificate_path.label": "AWS IAM 证书路径(可选)", + "workflow_node.deploy.form.aws_iam_certificate_path.placeholder": "请输入 AWS IAM 证书路径", + "workflow_node.deploy.form.aws_iam_certificate_path.errmsg.invalid": "请输入正确的 AWS IAM 证书路径", + "workflow_node.deploy.form.aws_iam_certificate_path.tooltip": "这是什么?请参阅 https://docs.aws.amazon.com/zh_cn/IAM/latest/UserGuide/reference_identifiers.html", "workflow_node.deploy.form.azure_keyvault_name.label": "Azure KeyVault 名称", "workflow_node.deploy.form.azure_keyvault_name.placeholder": "请输入 Azure KeyVault 名称", "workflow_node.deploy.form.azure_keyvault_name.tooltip": "这是什么?请参阅 https://learn.microsoft.com/zh-cn/azure/key-vault/general/about-keys-secrets-certificates",