mirror of
https://github.com/usual2970/certimate.git
synced 2025-10-05 14:04:54 +00:00
feat: support using scm service on deployment to huaweicloud cdn
This commit is contained in:
Fu Diwei
@@ -4,6 +4,7 @@ import (
|
||||
"context"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"time"
|
||||
|
||||
"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/global"
|
||||
cdn "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cdn/v2"
|
||||
@@ -11,7 +12,7 @@ import (
|
||||
cdnRegion "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cdn/v2/region"
|
||||
|
||||
"certimate/internal/domain"
|
||||
"certimate/internal/utils/rand"
|
||||
uploaderImpl "certimate/internal/pkg/core/uploader/impl"
|
||||
)
|
||||
|
||||
type HuaweiCloudCDNDeployer struct {
|
||||
@@ -45,11 +46,12 @@ func (d *HuaweiCloudCDNDeployer) Deploy(ctx context.Context) error {
|
||||
return err
|
||||
}
|
||||
|
||||
d.infos = append(d.infos, toStr("HuaweiCloudCdnClient 创建成功", nil))
|
||||
d.infos = append(d.infos, toStr("SDK 客户端创建成功", nil))
|
||||
|
||||
// 查询加速域名配置
|
||||
// REF: https://support.huaweicloud.com/api-cdn/ShowDomainFullConfig.html
|
||||
showDomainFullConfigReq := &cdnModel.ShowDomainFullConfigRequest{
|
||||
DomainName: getDeployString(d.option.DeployConfig, "domain"),
|
||||
DomainName: d.option.DeployConfig.GetConfigAsString("domain"),
|
||||
}
|
||||
showDomainFullConfigResp, err := client.ShowDomainFullConfig(showDomainFullConfigReq)
|
||||
if err != nil {
|
||||
@@ -59,19 +61,45 @@ func (d *HuaweiCloudCDNDeployer) Deploy(ctx context.Context) error {
|
||||
d.infos = append(d.infos, toStr("已查询到加速域名配置", showDomainFullConfigResp))
|
||||
|
||||
// 更新加速域名配置
|
||||
certName := fmt.Sprintf("%s-%s", d.option.DomainId, rand.RandStr(12))
|
||||
updateDomainMultiCertificatesReq := &cdnModel.UpdateDomainMultiCertificatesRequest{
|
||||
Body: &cdnModel.UpdateDomainMultiCertificatesRequestBody{
|
||||
Https: mergeHuaweiCloudCDNConfig(showDomainFullConfigResp.Configs, &cdnModel.UpdateDomainMultiCertificatesRequestBodyContent{
|
||||
DomainName: getDeployString(d.option.DeployConfig, "domain"),
|
||||
HttpsSwitch: 1,
|
||||
CertName: &certName,
|
||||
Certificate: &d.option.Certificate.Certificate,
|
||||
PrivateKey: &d.option.Certificate.PrivateKey,
|
||||
}),
|
||||
// REF: https://support.huaweicloud.com/api-cdn/UpdateDomainMultiCertificates.html
|
||||
updateDomainMultiCertificatesReqBodyContent := &huaweicloudCDNUpdateDomainMultiCertificatesRequestBodyContent{}
|
||||
updateDomainMultiCertificatesReqBodyContent.DomainName = d.option.DeployConfig.GetConfigAsString("domain")
|
||||
updateDomainMultiCertificatesReqBodyContent.HttpsSwitch = 1
|
||||
var updateDomainMultiCertificatesResp *cdnModel.UpdateDomainMultiCertificatesResponse
|
||||
if d.option.DeployConfig.GetConfigAsBool("useSCM") {
|
||||
uploader, err := uploaderImpl.NewHuaweiCloudSCMUploader(&uploaderImpl.HuaweiCloudSCMUploaderConfig{
|
||||
Region: "", // TODO: SCM 服务与 CDN 服务的区域不一致,这里暂时不传而是使用默认值,仅支持华为云国内版
|
||||
AccessKeyId: access.AccessKeyId,
|
||||
SecretAccessKey: access.SecretAccessKey,
|
||||
})
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// 上传证书到 SCM
|
||||
uploadResult, err := uploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
d.infos = append(d.infos, toStr("已上传证书", uploadResult))
|
||||
|
||||
updateDomainMultiCertificatesReqBodyContent.CertificateType = int32Ptr(2)
|
||||
updateDomainMultiCertificatesReqBodyContent.SCMCertificateId = stringPtr(uploadResult.CertId)
|
||||
updateDomainMultiCertificatesReqBodyContent.CertName = stringPtr(uploadResult.CertName)
|
||||
} else {
|
||||
updateDomainMultiCertificatesReqBodyContent.CertificateType = int32Ptr(0)
|
||||
updateDomainMultiCertificatesReqBodyContent.CertName = stringPtr(fmt.Sprintf("certimate-%d", time.Now().UnixMilli()))
|
||||
updateDomainMultiCertificatesReqBodyContent.Certificate = stringPtr(d.option.Certificate.Certificate)
|
||||
updateDomainMultiCertificatesReqBodyContent.PrivateKey = stringPtr(d.option.Certificate.PrivateKey)
|
||||
}
|
||||
updateDomainMultiCertificatesReqBodyContent = mergeHuaweiCloudCDNConfig(showDomainFullConfigResp.Configs, updateDomainMultiCertificatesReqBodyContent)
|
||||
updateDomainMultiCertificatesReq := &huaweicloudCDNUpdateDomainMultiCertificatesRequest{
|
||||
Body: &huaweicloudCDNUpdateDomainMultiCertificatesRequestBody{
|
||||
Https: updateDomainMultiCertificatesReqBodyContent,
|
||||
},
|
||||
}
|
||||
updateDomainMultiCertificatesResp, err := client.UpdateDomainMultiCertificates(updateDomainMultiCertificatesReq)
|
||||
updateDomainMultiCertificatesResp, err = executeHuaweiCloudCDNUploadDomainMultiCertificates(client, updateDomainMultiCertificatesReq)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -107,25 +135,47 @@ func (d *HuaweiCloudCDNDeployer) createClient(access *domain.HuaweiCloudAccess)
|
||||
return client, nil
|
||||
}
|
||||
|
||||
func mergeHuaweiCloudCDNConfig(src *cdnModel.ConfigsGetBody, dest *cdnModel.UpdateDomainMultiCertificatesRequestBodyContent) *cdnModel.UpdateDomainMultiCertificatesRequestBodyContent {
|
||||
type huaweicloudCDNUpdateDomainMultiCertificatesRequestBodyContent struct {
|
||||
cdnModel.UpdateDomainMultiCertificatesRequestBodyContent `json:",inline"`
|
||||
|
||||
SCMCertificateId *string `json:"scm_certificate_id,omitempty"`
|
||||
}
|
||||
|
||||
type huaweicloudCDNUpdateDomainMultiCertificatesRequestBody struct {
|
||||
Https *huaweicloudCDNUpdateDomainMultiCertificatesRequestBodyContent `json:"https,omitempty"`
|
||||
}
|
||||
|
||||
type huaweicloudCDNUpdateDomainMultiCertificatesRequest struct {
|
||||
Body *huaweicloudCDNUpdateDomainMultiCertificatesRequestBody `json:"body,omitempty"`
|
||||
}
|
||||
|
||||
func executeHuaweiCloudCDNUploadDomainMultiCertificates(client *cdn.CdnClient, request *huaweicloudCDNUpdateDomainMultiCertificatesRequest) (*cdnModel.UpdateDomainMultiCertificatesResponse, error) {
|
||||
// 华为云官方 SDK 中目前提供的字段缺失,这里暂时先需自定义请求
|
||||
// 可能需要等之后 SDK 更新
|
||||
|
||||
requestDef := cdn.GenReqDefForUpdateDomainMultiCertificates()
|
||||
|
||||
if resp, err := client.HcClient.Sync(request, requestDef); err != nil {
|
||||
return nil, err
|
||||
} else {
|
||||
return resp.(*cdnModel.UpdateDomainMultiCertificatesResponse), nil
|
||||
}
|
||||
}
|
||||
|
||||
func mergeHuaweiCloudCDNConfig(src *cdnModel.ConfigsGetBody, dest *huaweicloudCDNUpdateDomainMultiCertificatesRequestBodyContent) *huaweicloudCDNUpdateDomainMultiCertificatesRequestBodyContent {
|
||||
if src == nil {
|
||||
return dest
|
||||
}
|
||||
|
||||
// 华为云 API 中不传的字段表示使用默认值、而非保留原值,因此这里需要把原配置中的参数重新赋值回去
|
||||
// 而且蛋疼的是查询接口返回的数据结构和更新接口传入的参数结构不一致,需要做很多转化
|
||||
// REF: https://support.huaweicloud.com/api-cdn/ShowDomainFullConfig.html
|
||||
// REF: https://support.huaweicloud.com/api-cdn/UpdateDomainMultiCertificates.html
|
||||
|
||||
if *src.OriginProtocol == "follow" {
|
||||
accessOriginWay := int32(1)
|
||||
dest.AccessOriginWay = &accessOriginWay
|
||||
dest.AccessOriginWay = int32Ptr(1)
|
||||
} else if *src.OriginProtocol == "http" {
|
||||
accessOriginWay := int32(2)
|
||||
dest.AccessOriginWay = &accessOriginWay
|
||||
dest.AccessOriginWay = int32Ptr(2)
|
||||
} else if *src.OriginProtocol == "https" {
|
||||
accessOriginWay := int32(3)
|
||||
dest.AccessOriginWay = &accessOriginWay
|
||||
dest.AccessOriginWay = int32Ptr(3)
|
||||
}
|
||||
|
||||
if src.ForceRedirect != nil {
|
||||
@@ -141,10 +191,17 @@ func mergeHuaweiCloudCDNConfig(src *cdnModel.ConfigsGetBody, dest *cdnModel.Upda
|
||||
|
||||
if src.Https != nil {
|
||||
if *src.Https.Http2Status == "on" {
|
||||
http2 := int32(1)
|
||||
dest.Http2 = &http2
|
||||
dest.Http2 = int32Ptr(1)
|
||||
}
|
||||
}
|
||||
|
||||
return dest
|
||||
}
|
||||
|
||||
func int32Ptr(i int32) *int32 {
|
||||
return &i
|
||||
}
|
||||
|
||||
func stringPtr(s string) *string {
|
||||
return &s
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user