diff --git a/internal/deployer/providers.go b/internal/deployer/providers.go
index a83fb681..c6238aff 100644
--- a/internal/deployer/providers.go
+++ b/internal/deployer/providers.go
@@ -61,6 +61,7 @@ import (
pUCloudUCDN "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/ucloud-ucdn"
pUCloudUS3 "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/ucloud-us3"
pUpyunCDN "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/upyun-cdn"
+ pVolcEngineALB "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/volcengine-alb"
pVolcEngineCDN "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/volcengine-cdn"
pVolcEngineCLB "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/volcengine-clb"
pVolcEngineDCDN "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/volcengine-dcdn"
@@ -848,7 +849,7 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) {
}
}
- case domain.DeployProviderTypeVolcEngineCDN, domain.DeployProviderTypeVolcEngineCLB, domain.DeployProviderTypeVolcEngineDCDN, domain.DeployProviderTypeVolcEngineImageX, domain.DeployProviderTypeVolcEngineLive, domain.DeployProviderTypeVolcEngineTOS:
+ case domain.DeployProviderTypeVolcEngineALB, domain.DeployProviderTypeVolcEngineCDN, domain.DeployProviderTypeVolcEngineCLB, domain.DeployProviderTypeVolcEngineDCDN, domain.DeployProviderTypeVolcEngineImageX, domain.DeployProviderTypeVolcEngineLive, domain.DeployProviderTypeVolcEngineTOS:
{
access := domain.AccessConfigForVolcEngine{}
if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -856,6 +857,18 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) {
}
switch options.Provider {
+ case domain.DeployProviderTypeVolcEngineALB:
+ deployer, err := pVolcEngineALB.NewDeployer(&pVolcEngineALB.DeployerConfig{
+ AccessKeyId: access.AccessKeyId,
+ AccessKeySecret: access.SecretAccessKey,
+ Region: maputil.GetString(options.ProviderDeployConfig, "region"),
+ ResourceType: pVolcEngineALB.ResourceType(maputil.GetString(options.ProviderDeployConfig, "resourceType")),
+ LoadbalancerId: maputil.GetString(options.ProviderDeployConfig, "loadbalancerId"),
+ ListenerId: maputil.GetString(options.ProviderDeployConfig, "listenerId"),
+ Domain: maputil.GetString(options.ProviderDeployConfig, "domain"),
+ })
+ return deployer, err
+
case domain.DeployProviderTypeVolcEngineCDN:
deployer, err := pVolcEngineCDN.NewDeployer(&pVolcEngineCDN.DeployerConfig{
AccessKeyId: access.AccessKeyId,
@@ -870,6 +883,7 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) {
AccessKeySecret: access.SecretAccessKey,
Region: maputil.GetString(options.ProviderDeployConfig, "region"),
ResourceType: pVolcEngineCLB.ResourceType(maputil.GetString(options.ProviderDeployConfig, "resourceType")),
+ LoadbalancerId: maputil.GetString(options.ProviderDeployConfig, "loadbalancerId"),
ListenerId: maputil.GetString(options.ProviderDeployConfig, "listenerId"),
})
return deployer, err
diff --git a/internal/domain/provider.go b/internal/domain/provider.go
index addb3c87..d79d5f59 100644
--- a/internal/domain/provider.go
+++ b/internal/domain/provider.go
@@ -168,6 +168,7 @@ const (
DeployProviderTypeUCloudUS3 = DeployProviderType("ucloud-us3")
DeployProviderTypeUpyunCDN = DeployProviderType("upyun-cdn")
DeployProviderTypeUpyunFile = DeployProviderType("upyun-file")
+ DeployProviderTypeVolcEngineALB = DeployProviderType("volcengine-alb")
DeployProviderTypeVolcEngineCDN = DeployProviderType("volcengine-cdn")
DeployProviderTypeVolcEngineCLB = DeployProviderType("volcengine-clb")
DeployProviderTypeVolcEngineDCDN = DeployProviderType("volcengine-dcdn")
diff --git a/internal/pkg/core/deployer/providers/volcengine-alb/consts.go b/internal/pkg/core/deployer/providers/volcengine-alb/consts.go
new file mode 100644
index 00000000..aba1182c
--- /dev/null
+++ b/internal/pkg/core/deployer/providers/volcengine-alb/consts.go
@@ -0,0 +1,10 @@
+package volcenginealb
+
+type ResourceType string
+
+const (
+ // 资源类型:部署到指定负载均衡器。
+ RESOURCE_TYPE_LOADBALANCER = ResourceType("loadbalancer")
+ // 资源类型:部署到指定监听器。
+ RESOURCE_TYPE_LISTENER = ResourceType("listener")
+)
diff --git a/internal/pkg/core/deployer/providers/volcengine-alb/volcengine_alb.go b/internal/pkg/core/deployer/providers/volcengine-alb/volcengine_alb.go
new file mode 100644
index 00000000..0c6ba1b4
--- /dev/null
+++ b/internal/pkg/core/deployer/providers/volcengine-alb/volcengine_alb.go
@@ -0,0 +1,263 @@
+package volcenginealb
+
+import (
+ "context"
+ "errors"
+ "fmt"
+ "log/slog"
+
+ xerrors "github.com/pkg/errors"
+ vealb "github.com/volcengine/volcengine-go-sdk/service/alb"
+ ve "github.com/volcengine/volcengine-go-sdk/volcengine"
+ vesession "github.com/volcengine/volcengine-go-sdk/volcengine/session"
+
+ "github.com/usual2970/certimate/internal/pkg/core/deployer"
+ "github.com/usual2970/certimate/internal/pkg/core/uploader"
+ uploadersp "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/volcengine-certcenter"
+ "github.com/usual2970/certimate/internal/pkg/utils/sliceutil"
+)
+
+type DeployerConfig struct {
+ // 火山引擎 AccessKeyId。
+ AccessKeyId string `json:"accessKeyId"`
+ // 火山引擎 AccessKeySecret。
+ AccessKeySecret string `json:"accessKeySecret"`
+ // 火山引擎地域。
+ Region string `json:"region"`
+ // 部署资源类型。
+ ResourceType ResourceType `json:"resourceType"`
+ // 负载均衡实例 ID。
+ // 部署资源类型为 [RESOURCE_TYPE_LOADBALANCER] 时必填。
+ LoadbalancerId string `json:"loadbalancerId,omitempty"`
+ // 负载均衡监听器 ID。
+ // 部署资源类型为 [RESOURCE_TYPE_LISTENER] 时必填。
+ ListenerId string `json:"listenerId,omitempty"`
+ // SNI 域名(支持泛域名)。
+ // 部署资源类型为 [RESOURCE_TYPE_LOADBALANCER]、[RESOURCE_TYPE_LISTENER] 时选填。
+ Domain string `json:"domain,omitempty"`
+}
+
+type DeployerProvider struct {
+ config *DeployerConfig
+ logger *slog.Logger
+ sdkClient *vealb.ALB
+ sslUploader uploader.Uploader
+}
+
+var _ deployer.Deployer = (*DeployerProvider)(nil)
+
+func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
+ if config == nil {
+ panic("config is nil")
+ }
+
+ client, err := createSdkClient(config.AccessKeyId, config.AccessKeySecret, config.Region)
+ if err != nil {
+ return nil, xerrors.Wrap(err, "failed to create sdk client")
+ }
+
+ uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{
+ AccessKeyId: config.AccessKeyId,
+ AccessKeySecret: config.AccessKeySecret,
+ Region: config.Region,
+ })
+ if err != nil {
+ return nil, xerrors.Wrap(err, "failed to create ssl uploader")
+ }
+
+ return &DeployerProvider{
+ config: config,
+ logger: slog.Default(),
+ sdkClient: client,
+ sslUploader: uploader,
+ }, nil
+}
+
+func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
+ if logger == nil {
+ d.logger = slog.Default()
+ } else {
+ d.logger = logger
+ }
+ d.sslUploader.WithLogger(logger)
+ return d
+}
+
+func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPem string) (*deployer.DeployResult, error) {
+ // 上传证书到证书中心
+ upres, err := d.sslUploader.Upload(ctx, certPem, privkeyPem)
+ if err != nil {
+ return nil, xerrors.Wrap(err, "failed to upload certificate file")
+ } else {
+ d.logger.Info("ssl certificate uploaded", slog.Any("result", upres))
+ }
+
+ // 根据部署资源类型决定部署方式
+ switch d.config.ResourceType {
+ case RESOURCE_TYPE_LOADBALANCER:
+ if err := d.deployToLoadbalancer(ctx, upres.CertId); err != nil {
+ return nil, err
+ }
+
+ case RESOURCE_TYPE_LISTENER:
+ if err := d.deployToListener(ctx, upres.CertId); err != nil {
+ return nil, err
+ }
+
+ default:
+ return nil, fmt.Errorf("unsupported resource type: %s", d.config.ResourceType)
+ }
+
+ return &deployer.DeployResult{}, nil
+}
+
+func (d *DeployerProvider) deployToLoadbalancer(ctx context.Context, cloudCertId string) error {
+ if d.config.LoadbalancerId == "" {
+ return errors.New("config `loadbalancerId` is required")
+ }
+
+ // 查询 ALB 实例的详细信息
+ // REF: https://www.volcengine.com/docs/6767/113596
+ describeLoadBalancerAttributesReq := &vealb.DescribeLoadBalancerAttributesInput{
+ LoadBalancerId: ve.String(d.config.LoadbalancerId),
+ }
+ describeLoadBalancerAttributesResp, err := d.sdkClient.DescribeLoadBalancerAttributes(describeLoadBalancerAttributesReq)
+ d.logger.Debug("sdk request 'alb.DescribeLoadBalancerAttributes'", slog.Any("request", describeLoadBalancerAttributesReq), slog.Any("response", describeLoadBalancerAttributesResp))
+ if err != nil {
+ return xerrors.Wrap(err, "failed to execute sdk request 'alb.DescribeLoadBalancerAttributes'")
+ }
+
+ // 查询 HTTPS 监听器列表
+ // REF: https://www.volcengine.com/docs/6767/113684
+ listenerIds := make([]string, 0)
+ describeListenersPageSize := int64(100)
+ describeListenersPageNumber := int64(1)
+ for {
+ describeListenersReq := &vealb.DescribeListenersInput{
+ LoadBalancerId: ve.String(d.config.LoadbalancerId),
+ Protocol: ve.String("HTTPS"),
+ PageNumber: ve.Int64(describeListenersPageNumber),
+ PageSize: ve.Int64(describeListenersPageSize),
+ }
+ describeListenersResp, err := d.sdkClient.DescribeListeners(describeListenersReq)
+ d.logger.Debug("sdk request 'alb.DescribeListeners'", slog.Any("request", describeListenersReq), slog.Any("response", describeListenersResp))
+ if err != nil {
+ return xerrors.Wrap(err, "failed to execute sdk request 'alb.DescribeListeners'")
+ }
+
+ for _, listener := range describeListenersResp.Listeners {
+ listenerIds = append(listenerIds, *listener.ListenerId)
+ }
+
+ if len(describeListenersResp.Listeners) < int(describeListenersPageSize) {
+ break
+ } else {
+ describeListenersPageNumber++
+ }
+ }
+
+ // 遍历更新监听证书
+ if len(listenerIds) == 0 {
+ d.logger.Info("no alb listeners to deploy")
+ } else {
+ d.logger.Info("found https listeners to deploy", slog.Any("listenerIds", listenerIds))
+ var errs []error
+
+ for _, listenerId := range listenerIds {
+ if err := d.updateListenerCertificate(ctx, listenerId, cloudCertId); err != nil {
+ errs = append(errs, err)
+ }
+ }
+
+ if len(errs) > 0 {
+ return errors.Join(errs...)
+ }
+ }
+
+ return nil
+}
+
+func (d *DeployerProvider) deployToListener(ctx context.Context, cloudCertId string) error {
+ if d.config.ListenerId == "" {
+ return errors.New("config `listenerId` is required")
+ }
+
+ if err := d.updateListenerCertificate(ctx, d.config.LoadbalancerId, cloudCertId); err != nil {
+ return err
+ }
+
+ return nil
+}
+
+func (d *DeployerProvider) updateListenerCertificate(ctx context.Context, cloudListenerId string, cloudCertId string) error {
+ // 查询指定监听器的详细信息
+ // REF: https://www.volcengine.com/docs/6767/113686
+ describeListenerAttributesReq := &vealb.DescribeListenerAttributesInput{
+ ListenerId: ve.String(cloudListenerId),
+ }
+ describeListenerAttributesResp, err := d.sdkClient.DescribeListenerAttributes(describeListenerAttributesReq)
+ d.logger.Debug("sdk request 'alb.DescribeListenerAttributes'", slog.Any("request", describeListenerAttributesReq), slog.Any("response", describeListenerAttributesResp))
+ if err != nil {
+ return xerrors.Wrap(err, "failed to execute sdk request 'alb.DescribeListenerAttributes'")
+ }
+
+ if d.config.Domain == "" {
+ // 未指定 SNI,只需部署到监听器
+
+ // 修改指定监听器
+ // REF: https://www.volcengine.com/docs/6767/113683
+ modifyListenerAttributesReq := &vealb.ModifyListenerAttributesInput{
+ ListenerId: ve.String(cloudListenerId),
+ CertificateSource: ve.String("cert_center"),
+ CertCenterCertificateId: ve.String(cloudCertId),
+ }
+ modifyListenerAttributesResp, err := d.sdkClient.ModifyListenerAttributes(modifyListenerAttributesReq)
+ d.logger.Debug("sdk request 'alb.ModifyListenerAttributes'", slog.Any("request", modifyListenerAttributesReq), slog.Any("response", modifyListenerAttributesResp))
+ if err != nil {
+ return xerrors.Wrap(err, "failed to execute sdk request 'alb.ModifyListenerAttributes'")
+ }
+ } else {
+ // 指定 SNI,需部署到扩展域名
+
+ // 修改指定监听器
+ // REF: https://www.volcengine.com/docs/6767/113683
+ modifyListenerAttributesReq := &vealb.ModifyListenerAttributesInput{
+ ListenerId: ve.String(cloudListenerId),
+ DomainExtensions: sliceutil.Map(
+ sliceutil.Filter(
+ describeListenerAttributesResp.DomainExtensions,
+ func(domain *vealb.DomainExtensionForDescribeListenerAttributesOutput) bool {
+ return *domain.Domain == d.config.Domain
+ },
+ ),
+ func(domain *vealb.DomainExtensionForDescribeListenerAttributesOutput) *vealb.DomainExtensionForModifyListenerAttributesInput {
+ return &vealb.DomainExtensionForModifyListenerAttributesInput{
+ DomainExtensionId: domain.DomainExtensionId,
+ Domain: domain.Domain,
+ CertificateSource: ve.String("cert_center"),
+ CertCenterCertificateId: ve.String(cloudCertId),
+ Action: ve.String("modify"),
+ }
+ }),
+ }
+ modifyListenerAttributesResp, err := d.sdkClient.ModifyListenerAttributes(modifyListenerAttributesReq)
+ d.logger.Debug("sdk request 'alb.ModifyListenerAttributes'", slog.Any("request", modifyListenerAttributesReq), slog.Any("response", modifyListenerAttributesResp))
+ if err != nil {
+ return xerrors.Wrap(err, "failed to execute sdk request 'alb.ModifyListenerAttributes'")
+ }
+ }
+
+ return nil
+}
+
+func createSdkClient(accessKeyId, accessKeySecret, region string) (*vealb.ALB, error) {
+ config := ve.NewConfig().WithRegion(region).WithAkSk(accessKeyId, accessKeySecret)
+
+ session, err := vesession.NewSession(config)
+ if err != nil {
+ return nil, err
+ }
+
+ client := vealb.New(session)
+ return client, nil
+}
diff --git a/internal/pkg/core/deployer/providers/volcengine-alb/volcengine_alb_test.go b/internal/pkg/core/deployer/providers/volcengine-alb/volcengine_alb_test.go
new file mode 100644
index 00000000..23a79200
--- /dev/null
+++ b/internal/pkg/core/deployer/providers/volcengine-alb/volcengine_alb_test.go
@@ -0,0 +1,81 @@
+package volcenginealb_test
+
+import (
+ "context"
+ "flag"
+ "fmt"
+ "os"
+ "strings"
+ "testing"
+
+ provider "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/volcengine-alb"
+)
+
+var (
+ fInputCertPath string
+ fInputKeyPath string
+ fAccessKeyId string
+ fAccessKeySecret string
+ fRegion string
+ fListenerId string
+)
+
+func init() {
+ argsPrefix := "CERTIMATE_DEPLOYER_VOLCENGINEALB_"
+
+ flag.StringVar(&fInputCertPath, argsPrefix+"INPUTCERTPATH", "", "")
+ flag.StringVar(&fInputKeyPath, argsPrefix+"INPUTKEYPATH", "", "")
+ flag.StringVar(&fAccessKeyId, argsPrefix+"ACCESSKEYID", "", "")
+ flag.StringVar(&fAccessKeySecret, argsPrefix+"ACCESSKEYSECRET", "", "")
+ flag.StringVar(&fRegion, argsPrefix+"REGION", "", "")
+ flag.StringVar(&fListenerId, argsPrefix+"LISTENERID", "", "")
+}
+
+/*
+Shell command to run this test:
+
+ go test -v ./volcengine_alb_test.go -args \
+ --CERTIMATE_DEPLOYER_VOLCENGINEALB_INPUTCERTPATH="/path/to/your-input-cert.pem" \
+ --CERTIMATE_DEPLOYER_VOLCENGINEALB_INPUTKEYPATH="/path/to/your-input-key.pem" \
+ --CERTIMATE_DEPLOYER_VOLCENGINEALB_ACCESSKEYID="your-access-key-id" \
+ --CERTIMATE_DEPLOYER_VOLCENGINEALB_ACCESSKEYSECRET="your-access-key-secret" \
+ --CERTIMATE_DEPLOYER_VOLCENGINEALB_REGION="cn-beijing" \
+ --CERTIMATE_DEPLOYER_VOLCENGINEALB_LISTENERID="your-listener-id"
+*/
+func TestDeploy(t *testing.T) {
+ flag.Parse()
+
+ t.Run("Deploy", func(t *testing.T) {
+ t.Log(strings.Join([]string{
+ "args:",
+ fmt.Sprintf("INPUTCERTPATH: %v", fInputCertPath),
+ fmt.Sprintf("INPUTKEYPATH: %v", fInputKeyPath),
+ fmt.Sprintf("ACCESSKEYID: %v", fAccessKeyId),
+ fmt.Sprintf("ACCESSKEYSECRET: %v", fAccessKeySecret),
+ fmt.Sprintf("REGION: %v", fRegion),
+ fmt.Sprintf("LISTENERID: %v", fListenerId),
+ }, "\n"))
+
+ deployer, err := provider.NewDeployer(&provider.DeployerConfig{
+ AccessKeyId: fAccessKeyId,
+ AccessKeySecret: fAccessKeySecret,
+ Region: fRegion,
+ ResourceType: provider.RESOURCE_TYPE_LISTENER,
+ ListenerId: fListenerId,
+ })
+ if err != nil {
+ t.Errorf("err: %+v", err)
+ return
+ }
+
+ fInputCertData, _ := os.ReadFile(fInputCertPath)
+ fInputKeyData, _ := os.ReadFile(fInputKeyPath)
+ res, err := deployer.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))
+ if err != nil {
+ t.Errorf("err: %+v", err)
+ return
+ }
+
+ t.Logf("ok: %v", res)
+ })
+}
diff --git a/internal/pkg/core/deployer/providers/volcengine-clb/consts.go b/internal/pkg/core/deployer/providers/volcengine-clb/consts.go
index dc1e992b..4d9ab1e3 100644
--- a/internal/pkg/core/deployer/providers/volcengine-clb/consts.go
+++ b/internal/pkg/core/deployer/providers/volcengine-clb/consts.go
@@ -3,6 +3,8 @@
type ResourceType string
const (
+ // 资源类型:部署到指定负载均衡器。
+ RESOURCE_TYPE_LOADBALANCER = ResourceType("loadbalancer")
// 资源类型:部署到指定监听器。
RESOURCE_TYPE_LISTENER = ResourceType("listener")
)
diff --git a/internal/pkg/core/deployer/providers/volcengine-clb/volcengine_clb.go b/internal/pkg/core/deployer/providers/volcengine-clb/volcengine_clb.go
index 9af98550..37481a3f 100644
--- a/internal/pkg/core/deployer/providers/volcengine-clb/volcengine_clb.go
+++ b/internal/pkg/core/deployer/providers/volcengine-clb/volcengine_clb.go
@@ -25,6 +25,9 @@ type DeployerConfig struct {
Region string `json:"region"`
// 部署资源类型。
ResourceType ResourceType `json:"resourceType"`
+ // 负载均衡实例 ID。
+ // 部署资源类型为 [RESOURCE_TYPE_LOADBALANCER] 时必填。
+ LoadbalancerId string `json:"loadbalancerId,omitempty"`
// 负载均衡监听器 ID。
// 部署资源类型为 [RESOURCE_TYPE_LISTENER] 时必填。
ListenerId string `json:"listenerId,omitempty"`
@@ -87,6 +90,11 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPe
// 根据部署资源类型决定部署方式
switch d.config.ResourceType {
+ case RESOURCE_TYPE_LOADBALANCER:
+ if err := d.deployToLoadbalancer(ctx, upres.CertId); err != nil {
+ return nil, err
+ }
+
case RESOURCE_TYPE_LISTENER:
if err := d.deployToListener(ctx, upres.CertId); err != nil {
return nil, err
@@ -99,15 +107,89 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPe
return &deployer.DeployResult{}, nil
}
+func (d *DeployerProvider) deployToLoadbalancer(ctx context.Context, cloudCertId string) error {
+ if d.config.LoadbalancerId == "" {
+ return errors.New("config `loadbalancerId` is required")
+ }
+
+ // 查看指定负载均衡实例的详情
+ // REF: https://www.volcengine.com/docs/6406/71773
+ describeLoadBalancerAttributesReq := &veclb.DescribeLoadBalancerAttributesInput{
+ LoadBalancerId: ve.String(d.config.LoadbalancerId),
+ }
+ describeLoadBalancerAttributesResp, err := d.sdkClient.DescribeLoadBalancerAttributes(describeLoadBalancerAttributesReq)
+ d.logger.Debug("sdk request 'clb.DescribeLoadBalancerAttributes'", slog.Any("request", describeLoadBalancerAttributesReq), slog.Any("response", describeLoadBalancerAttributesResp))
+ if err != nil {
+ return xerrors.Wrap(err, "failed to execute sdk request 'clb.DescribeLoadBalancerAttributes'")
+ }
+
+ // 查询 HTTPS 监听器列表
+ // REF: https://www.volcengine.com/docs/6406/71776
+ listenerIds := make([]string, 0)
+ describeListenersPageSize := int64(100)
+ describeListenersPageNumber := int64(1)
+ for {
+ describeListenersReq := &veclb.DescribeListenersInput{
+ LoadBalancerId: ve.String(d.config.LoadbalancerId),
+ Protocol: ve.String("HTTPS"),
+ PageNumber: ve.Int64(describeListenersPageNumber),
+ PageSize: ve.Int64(describeListenersPageSize),
+ }
+ describeListenersResp, err := d.sdkClient.DescribeListeners(describeListenersReq)
+ d.logger.Debug("sdk request 'clb.DescribeListeners'", slog.Any("request", describeListenersReq), slog.Any("response", describeListenersResp))
+ if err != nil {
+ return xerrors.Wrap(err, "failed to execute sdk request 'clb.DescribeListeners'")
+ }
+
+ for _, listener := range describeListenersResp.Listeners {
+ listenerIds = append(listenerIds, *listener.ListenerId)
+ }
+
+ if len(describeListenersResp.Listeners) < int(describeListenersPageSize) {
+ break
+ } else {
+ describeListenersPageNumber++
+ }
+ }
+
+ // 遍历更新监听证书
+ if len(listenerIds) == 0 {
+ d.logger.Info("no clb listeners to deploy")
+ } else {
+ d.logger.Info("found https listeners to deploy", slog.Any("listenerIds", listenerIds))
+ var errs []error
+
+ for _, listenerId := range listenerIds {
+ if err := d.updateListenerCertificate(ctx, listenerId, cloudCertId); err != nil {
+ errs = append(errs, err)
+ }
+ }
+
+ if len(errs) > 0 {
+ return errors.Join(errs...)
+ }
+ }
+
+ return nil
+}
+
func (d *DeployerProvider) deployToListener(ctx context.Context, cloudCertId string) error {
if d.config.ListenerId == "" {
return errors.New("config `listenerId` is required")
}
- // 修改监听器
+ if err := d.updateListenerCertificate(ctx, d.config.LoadbalancerId, cloudCertId); err != nil {
+ return err
+ }
+
+ return nil
+}
+
+func (d *DeployerProvider) updateListenerCertificate(ctx context.Context, cloudListenerId string, cloudCertId string) error {
+ // 修改指定监听器
// REF: https://www.volcengine.com/docs/6406/71775
modifyListenerAttributesReq := &veclb.ModifyListenerAttributesInput{
- ListenerId: ve.String(d.config.ListenerId),
+ ListenerId: ve.String(cloudListenerId),
CertificateSource: ve.String("cert_center"),
CertCenterCertificateId: ve.String(cloudCertId),
}
diff --git a/internal/pkg/core/deployer/providers/volcengine-clb/volcengine_clb_test.go b/internal/pkg/core/deployer/providers/volcengine-clb/volcengine_clb_test.go
index 0b589f88..9e9e63e2 100644
--- a/internal/pkg/core/deployer/providers/volcengine-clb/volcengine_clb_test.go
+++ b/internal/pkg/core/deployer/providers/volcengine-clb/volcengine_clb_test.go
@@ -40,7 +40,7 @@ Shell command to run this test:
--CERTIMATE_DEPLOYER_VOLCENGINECLB_ACCESSKEYID="your-access-key-id" \
--CERTIMATE_DEPLOYER_VOLCENGINECLB_ACCESSKEYSECRET="your-access-key-secret" \
--CERTIMATE_DEPLOYER_VOLCENGINECLB_REGION="cn-beijing" \
- --CERTIMATE_DEPLOYER_VOLCENGINECLB_LISTENERID="cn-beijing"
+ --CERTIMATE_DEPLOYER_VOLCENGINECLB_LISTENERID="your-listener-id"
*/
func TestDeploy(t *testing.T) {
flag.Parse()
diff --git a/ui/src/components/workflow/node/DeployNodeConfigForm.tsx b/ui/src/components/workflow/node/DeployNodeConfigForm.tsx
index 6b7a6547..fdf0aaa5 100644
--- a/ui/src/components/workflow/node/DeployNodeConfigForm.tsx
+++ b/ui/src/components/workflow/node/DeployNodeConfigForm.tsx
@@ -70,6 +70,7 @@ import DeployNodeConfigFormUCloudUCDNConfig from "./DeployNodeConfigFormUCloudUC
import DeployNodeConfigFormUCloudUS3Config from "./DeployNodeConfigFormUCloudUS3Config.tsx";
import DeployNodeConfigFormUpyunCDNConfig from "./DeployNodeConfigFormUpyunCDNConfig.tsx";
import DeployNodeConfigFormUpyunFileConfig from "./DeployNodeConfigFormUpyunFileConfig.tsx";
+import DeployNodeConfigFormVolcEngineALBConfig from "./DeployNodeConfigFormVolcEngineALBConfig.tsx";
import DeployNodeConfigFormVolcEngineCDNConfig from "./DeployNodeConfigFormVolcEngineCDNConfig.tsx";
import DeployNodeConfigFormVolcEngineCLBConfig from "./DeployNodeConfigFormVolcEngineCLBConfig.tsx";
import DeployNodeConfigFormVolcEngineDCDNConfig from "./DeployNodeConfigFormVolcEngineDCDNConfig.tsx";
@@ -258,6 +259,8 @@ const DeployNodeConfigForm = forwardRef;
case DEPLOY_PROVIDERS.UPYUN_FILE:
return ;
+ case DEPLOY_PROVIDERS.VOLCENGINE_ALB:
+ return ;
case DEPLOY_PROVIDERS.VOLCENGINE_CDN:
return ;
case DEPLOY_PROVIDERS.VOLCENGINE_CLB:
diff --git a/ui/src/components/workflow/node/DeployNodeConfigFormVolcEngineALBConfig.tsx b/ui/src/components/workflow/node/DeployNodeConfigFormVolcEngineALBConfig.tsx
new file mode 100644
index 00000000..d831fd7f
--- /dev/null
+++ b/ui/src/components/workflow/node/DeployNodeConfigFormVolcEngineALBConfig.tsx
@@ -0,0 +1,150 @@
+import { useTranslation } from "react-i18next";
+import { Form, type FormInstance, Input, Select } from "antd";
+import { createSchemaFieldRule } from "antd-zod";
+import { z } from "zod";
+
+import Show from "@/components/Show";
+import { validDomainName } from "@/utils/validators";
+
+type DeployNodeConfigFormVolcEngineALBConfigFieldValues = Nullish<{
+ resourceType: string;
+ region: string;
+ loadbalancerId?: string;
+ listenerId?: string;
+ domain?: string;
+}>;
+
+export type DeployNodeConfigFormVolcEngineALBConfigProps = {
+ form: FormInstance;
+ formName: string;
+ disabled?: boolean;
+ initialValues?: DeployNodeConfigFormVolcEngineALBConfigFieldValues;
+ onValuesChange?: (values: DeployNodeConfigFormVolcEngineALBConfigFieldValues) => void;
+};
+
+const RESOURCE_TYPE_LOADBALANCER = "loadbalancer" as const;
+const RESOURCE_TYPE_LISTENER = "listener" as const;
+
+const initFormModel = (): DeployNodeConfigFormVolcEngineALBConfigFieldValues => {
+ return {
+ resourceType: RESOURCE_TYPE_LISTENER,
+ };
+};
+
+const DeployNodeConfigFormVolcEngineALBConfig = ({
+ form: formInst,
+ formName,
+ disabled,
+ initialValues,
+ onValuesChange,
+}: DeployNodeConfigFormVolcEngineALBConfigProps) => {
+ const { t } = useTranslation();
+
+ const formSchema = z.object({
+ resourceType: z.union([z.literal(RESOURCE_TYPE_LOADBALANCER), z.literal(RESOURCE_TYPE_LISTENER)], {
+ message: t("workflow_node.deploy.form.volcengine_alb_resource_type.placeholder"),
+ }),
+ region: z
+ .string({ message: t("workflow_node.deploy.form.volcengine_alb_region.placeholder") })
+ .nonempty(t("workflow_node.deploy.form.volcengine_alb_region.placeholder"))
+ .trim(),
+ loadbalancerId: z
+ .string()
+ .max(64, t("common.errmsg.string_max", { max: 64 }))
+ .trim()
+ .nullish()
+ .refine(
+ (v) => ![RESOURCE_TYPE_LOADBALANCER].includes(fieldResourceType) || !!v?.trim(),
+ t("workflow_node.deploy.form.volcengine_alb_loadbalancer_id.placeholder")
+ ),
+ listenerId: z
+ .string()
+ .max(64, t("common.errmsg.string_max", { max: 64 }))
+ .trim()
+ .nullish()
+ .refine(
+ (v) => ![RESOURCE_TYPE_LISTENER].includes(fieldResourceType) || !!v?.trim(),
+ t("workflow_node.deploy.form.volcengine_alb_listener_id.placeholder")
+ ),
+ domain: z
+ .string()
+ .nullish()
+ .refine((v) => {
+ if (![RESOURCE_TYPE_LOADBALANCER, RESOURCE_TYPE_LISTENER].includes(fieldResourceType)) return true;
+ return !v || validDomainName(v!, { allowWildcard: true });
+ }, t("common.errmsg.domain_invalid")),
+ });
+ const formRule = createSchemaFieldRule(formSchema);
+
+ const fieldResourceType = Form.useWatch("resourceType", formInst);
+
+ const handleFormChange = (_: unknown, values: z.infer) => {
+ onValuesChange?.(values);
+ };
+
+ return (
+
+ );
+};
+
+export default DeployNodeConfigFormVolcEngineALBConfig;
diff --git a/ui/src/components/workflow/node/DeployNodeConfigFormVolcEngineCLBConfig.tsx b/ui/src/components/workflow/node/DeployNodeConfigFormVolcEngineCLBConfig.tsx
index 1dc0ec7e..c3ddfd03 100644
--- a/ui/src/components/workflow/node/DeployNodeConfigFormVolcEngineCLBConfig.tsx
+++ b/ui/src/components/workflow/node/DeployNodeConfigFormVolcEngineCLBConfig.tsx
@@ -10,7 +10,6 @@ type DeployNodeConfigFormVolcEngineCLBConfigFieldValues = Nullish<{
region: string;
loadbalancerId?: string;
listenerId?: string;
- domain?: string;
}>;
export type DeployNodeConfigFormVolcEngineCLBConfigProps = {
@@ -21,6 +20,7 @@ export type DeployNodeConfigFormVolcEngineCLBConfigProps = {
onValuesChange?: (values: DeployNodeConfigFormVolcEngineCLBConfigFieldValues) => void;
};
+const RESOURCE_TYPE_LOADBALANCER = "loadbalancer" as const;
const RESOURCE_TYPE_LISTENER = "listener" as const;
const initFormModel = (): DeployNodeConfigFormVolcEngineCLBConfigFieldValues => {
@@ -39,11 +39,22 @@ const DeployNodeConfigFormVolcEngineCLBConfig = ({
const { t } = useTranslation();
const formSchema = z.object({
- resourceType: z.literal(RESOURCE_TYPE_LISTENER, { message: t("workflow_node.deploy.form.volcengine_clb_resource_type.placeholder") }),
+ resourceType: z.union([z.literal(RESOURCE_TYPE_LOADBALANCER), z.literal(RESOURCE_TYPE_LISTENER)], {
+ message: t("workflow_node.deploy.form.volcengine_clb_resource_type.placeholder"),
+ }),
region: z
.string({ message: t("workflow_node.deploy.form.volcengine_clb_region.placeholder") })
.nonempty(t("workflow_node.deploy.form.volcengine_clb_region.placeholder"))
.trim(),
+ loadbalancerId: z
+ .string()
+ .max(64, t("common.errmsg.string_max", { max: 64 }))
+ .trim()
+ .nullish()
+ .refine(
+ (v) => ![RESOURCE_TYPE_LOADBALANCER].includes(fieldResourceType) || !!v?.trim(),
+ t("workflow_node.deploy.form.volcengine_clb_loadbalancer_id.placeholder")
+ ),
listenerId: z
.string()
.max(64, t("common.errmsg.string_max", { max: 64 }))
@@ -73,6 +84,9 @@ const DeployNodeConfigFormVolcEngineCLBConfig = ({
>
+
+ }
+ >
+
+
+
+
https://console.upyun.com/services/file/",
+ "workflow_node.deploy.form.volcengine_alb_resource_type.label": "Resource type",
+ "workflow_node.deploy.form.volcengine_alb_resource_type.placeholder": "Please select resource type",
+ "workflow_node.deploy.form.volcengine_alb_resource_type.option.loadbalancer.label": "ALB load balancer",
+ "workflow_node.deploy.form.volcengine_alb_resource_type.option.listener.label": "ALB listener",
+ "workflow_node.deploy.form.volcengine_alb_region.label": "VolcEngine ALB region",
+ "workflow_node.deploy.form.volcengine_alb_region.placeholder": "Please enter VolcEngine ALB region (e.g. cn-beijing)",
+ "workflow_node.deploy.form.volcengine_alb_region.tooltip": "For more information, see https://www.volcengine.com/docs/6767/127501",
+ "workflow_node.deploy.form.volcengine_alb_loadbalancer_id.label": "VolcEngine ALB load balancer ID",
+ "workflow_node.deploy.form.volcengine_alb_loadbalancer_id.placeholder": "Please enter VolcEngine ALB load balancer ID",
+ "workflow_node.deploy.form.volcengine_alb_loadbalancer_id.tooltip": "For more information, see https://console.volcengine.com/alb",
+ "workflow_node.deploy.form.volcengine_alb_listener_id.label": "VolcEngine ALB listener ID",
+ "workflow_node.deploy.form.volcengine_alb_listener_id.placeholder": "Please enter VolcEngine ALB listener ID",
+ "workflow_node.deploy.form.volcengine_alb_listener_id.tooltip": "For more information, see https://console.volcengine.com/alb",
+ "workflow_node.deploy.form.volcengine_clb_snidomain.label": "VolcEngine CLB SNI domain (Optional)",
+ "workflow_node.deploy.form.volcengine_clb_snidomain.placeholder": "Please enter VolcEngine CLB SNI domain name",
+ "workflow_node.deploy.form.volcengine_clb_snidomain.tooltip": "For more information, see https://console.volcengine.com/alb",
"workflow_node.deploy.form.volcengine_cdn_domain.label": "VolcEngine CDN domain",
"workflow_node.deploy.form.volcengine_cdn_domain.placeholder": "Please enter VolcEngine CDN domain name",
"workflow_node.deploy.form.volcengine_cdn_domain.tooltip": "For more information, see https://console.volcengine.com/cdn/homepage",
"workflow_node.deploy.form.volcengine_clb_resource_type.label": "Resource type",
"workflow_node.deploy.form.volcengine_clb_resource_type.placeholder": "Please select resource type",
+ "workflow_node.deploy.form.volcengine_clb_resource_type.option.loadbalancer.label": "CLB load balancer",
"workflow_node.deploy.form.volcengine_clb_resource_type.option.listener.label": "CLB listener",
"workflow_node.deploy.form.volcengine_clb_region.label": "VolcEngine CLB region",
"workflow_node.deploy.form.volcengine_clb_region.placeholder": "Please enter VolcEngine CLB region (e.g. cn-beijing)",
"workflow_node.deploy.form.volcengine_clb_region.tooltip": "For more information, see https://www.volcengine.com/docs/6406/74892",
+ "workflow_node.deploy.form.volcengine_clb_loadbalancer_id.label": "VolcEngine CLB load balancer ID",
+ "workflow_node.deploy.form.volcengine_clb_loadbalancer_id.placeholder": "Please enter VolcEngine CLB load balancer ID",
+ "workflow_node.deploy.form.volcengine_clb_loadbalancer_id.tooltip": "For more information, see https://console.volcengine.com/clb/LoadBalancer",
"workflow_node.deploy.form.volcengine_clb_listener_id.label": "VolcEngine CLB listener ID",
"workflow_node.deploy.form.volcengine_clb_listener_id.placeholder": "Please enter VolcEngine CLB listener ID",
"workflow_node.deploy.form.volcengine_clb_listener_id.tooltip": "For more information, see https://console.volcengine.com/clb/LoadBalancer",
diff --git a/ui/src/i18n/locales/zh/nls.provider.json b/ui/src/i18n/locales/zh/nls.provider.json
index 7b7098f9..1b8f4e24 100644
--- a/ui/src/i18n/locales/zh/nls.provider.json
+++ b/ui/src/i18n/locales/zh/nls.provider.json
@@ -103,6 +103,7 @@
"provider.upyun.cdn": "又拍云 - 云分发 CDN",
"provider.upyun.file": "又拍云 - 云存储",
"provider.volcengine": "火山引擎",
+ "provider.volcengine.alb": "火山引擎 - 应用型负载均衡 ALB",
"provider.volcengine.cdn": "火山引擎 - 内容分发网络 CDN",
"provider.volcengine.clb": "火山引擎 - 负载均衡 CLB",
"provider.volcengine.dcdn": "火山引擎 - 全站加速 DCDN",
diff --git a/ui/src/i18n/locales/zh/nls.workflow.nodes.json b/ui/src/i18n/locales/zh/nls.workflow.nodes.json
index ff324942..1f7ce4a5 100644
--- a/ui/src/i18n/locales/zh/nls.workflow.nodes.json
+++ b/ui/src/i18n/locales/zh/nls.workflow.nodes.json
@@ -528,15 +528,35 @@
"workflow_node.deploy.form.upyun_file_domain.label": "又拍云云存储加速域名",
"workflow_node.deploy.form.upyun_file_domain.placeholder": "请输入又拍云云存储加速域名",
"workflow_node.deploy.form.upyun_file_domain.tooltip": "这是什么?请参阅 https://console.upyun.com/services/file/",
+ "workflow_node.deploy.form.volcengine_alb_resource_type.label": "证书替换方式",
+ "workflow_node.deploy.form.volcengine_alb_resource_type.placeholder": "请选择证书替换方式",
+ "workflow_node.deploy.form.volcengine_alb_resource_type.option.loadbalancer.label": "替换指定负载均衡器下的全部 HTTPS 监听的证书",
+ "workflow_node.deploy.form.volcengine_alb_resource_type.option.listener.label": "替换指定监听器的证书",
+ "workflow_node.deploy.form.volcengine_alb_region.label": "火山引擎 ALB 服务地域",
+ "workflow_node.deploy.form.volcengine_alb_region.placeholder": "请输入火山引擎 ALB 服务地域(例如:cn-beijing)",
+ "workflow_node.deploy.form.volcengine_alb_region.tooltip": "这是什么?请参阅 https://www.volcengine.com/docs/6767/127501",
+ "workflow_node.deploy.form.volcengine_alb_loadbalancer_id.label": "火山引擎 ALB 负载均衡器 ID",
+ "workflow_node.deploy.form.volcengine_alb_loadbalancer_id.placeholder": "请输入火山引擎 ALB 负载均衡器 ID",
+ "workflow_node.deploy.form.volcengine_alb_loadbalancer_id.tooltip": "这是什么?请参阅 https://console.volcengine.com/alb",
+ "workflow_node.deploy.form.volcengine_alb_listener_id.label": "火山引擎 ALB 监听器 ID",
+ "workflow_node.deploy.form.volcengine_alb_listener_id.placeholder": "请输入火山引擎 ALB 监听器 ID",
+ "workflow_node.deploy.form.volcengine_alb_listener_id.tooltip": "这是什么?请参阅 https://console.volcengine.com/alb",
+ "workflow_node.deploy.form.volcengine_clb_snidomain.label": "火山引擎 ALB 扩展域名(可选)",
+ "workflow_node.deploy.form.volcengine_clb_snidomain.placeholder": "请输入火山引擎 ALB 扩展域名(支持泛域名)",
+ "workflow_node.deploy.form.volcengine_clb_snidomain.tooltip": "这是什么?请参阅 https://console.volcengine.com/alb
不填写时,将替换监听器的默认证书。",
"workflow_node.deploy.form.volcengine_cdn_domain.label": "火山引擎 CDN 加速域名",
"workflow_node.deploy.form.volcengine_cdn_domain.placeholder": "请输入火山引擎 CDN 加速域名(支持泛域名)",
"workflow_node.deploy.form.volcengine_cdn_domain.tooltip": "这是什么?请参阅 https://console.volcengine.com/cdn/homepage",
"workflow_node.deploy.form.volcengine_clb_resource_type.label": "证书替换方式",
"workflow_node.deploy.form.volcengine_clb_resource_type.placeholder": "请选择证书替换方式",
+ "workflow_node.deploy.form.volcengine_clb_resource_type.option.loadbalancer.label": "替换指定负载均衡器下的全部 HTTPS 监听的证书",
"workflow_node.deploy.form.volcengine_clb_resource_type.option.listener.label": "替换指定监听器的证书",
"workflow_node.deploy.form.volcengine_clb_region.label": "火山引擎 CLB 服务地域",
"workflow_node.deploy.form.volcengine_clb_region.placeholder": "请输入火山引擎 CLB 服务地域(例如:cn-beijing)",
"workflow_node.deploy.form.volcengine_clb_region.tooltip": "这是什么?请参阅 https://www.volcengine.com/docs/6406/74892",
+ "workflow_node.deploy.form.volcengine_clb_loadbalancer_id.label": "火山引擎 CLB 负载均衡器 ID",
+ "workflow_node.deploy.form.volcengine_clb_loadbalancer_id.placeholder": "请输入火山引擎 CLB 负载均衡器 ID",
+ "workflow_node.deploy.form.volcengine_clb_loadbalancer_id.tooltip": "这是什么?请参阅 https://console.volcengine.com/clb/LoadBalancer",
"workflow_node.deploy.form.volcengine_clb_listener_id.label": "火山引擎 CLB 监听器 ID",
"workflow_node.deploy.form.volcengine_clb_listener_id.placeholder": "请输入火山引擎 CLB 监听器 ID",
"workflow_node.deploy.form.volcengine_clb_listener_id.tooltip": "这是什么?请参阅 https://console.volcengine.com/clb/LoadBalancer",