feat: add huaweicloud cdn deployer

2025-06-08 05:29:51 +00:00 · 2024-10-19 18:46:02 +08:00 · 2024-10-19 18:46:02 +08:00 · 952c6ef73d
commit 952c6ef73d
parent be3cdbf585
11 changed files with 245 additions and 89 deletions
--- a/README.md
+++ b/README.md
@ -76,7 +76,7 @@ go run main.go serve
 | :--------: | :----------: | :----------: | ------------------------------------------------------------ |
 |   阿里云   |      √       |      √       | 可签发在阿里云注册的域名；可部署到阿里云 OSS、CDN            |
 |   腾讯云   |      √       |      √       | 可签发在腾讯云注册的域名；可部署到腾讯云 CDN                 |
-|   华为云   |      √       |              | 可签发在华为云注册的域名                                     |
+|   华为云   |      √       |      √       | 可签发在华为云注册的域名；可部署到华为云 CDN                 |
 |   七牛云   |              |      √       | 可部署到七牛云 CDN                                           |
 |    AWS     |      √       |              | 可签发在 AWS Route53 托管的域名                              |
 | CloudFlare |      √       |              | 可签发在 CloudFlare 注册的域名；CloudFlare 服务自带 SSL 证书 |
--- a/README_EN.md
+++ b/README_EN.md
@ -75,7 +75,7 @@ password：1234567890
 | :-----------: | :----------: | :--------: | ------------------------------------------------------------------------------------------- |
 | Alibaba Cloud |      √       |     √      | Supports domains registered on Alibaba Cloud; supports deployment to Alibaba Cloud OSS, CDN |
 | Tencent Cloud |      √       |     √      | Supports domains registered on Tencent Cloud; supports deployment to Tencent Cloud CDN      |
-| Huawei Cloud  |      √       |            | Supports domains registered on Huawei Cloud                                                 |
+| Huawei Cloud  |      √       |     √      | Supports domains registered on Huawei; supports deployment to Huawei Cloud CDN              |
 |  Qiniu Cloud  |              |     √      | Supports deployment to Qiniu Cloud CDN                                                      |
 |      AWS      |      √       |            | Supports domains managed on AWS Route53                                                     |
 |  CloudFlare   |      √       |            | Supports domains registered on CloudFlare; CloudFlare services come with SSL certificates   |
--- a/go.mod
+++ b/go.mod
@ -12,6 +12,7 @@ require (
 	github.com/aliyun/aliyun-oss-go-sdk v3.0.2+incompatible
 	github.com/go-acme/lego/v4 v4.19.2
 	github.com/gojek/heimdall/v7 v7.0.3
+	github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.114
 	github.com/labstack/echo/v5 v5.0.0-20230722203903-ec5b858dab61
 	github.com/nikoksr/notify v1.0.0
 	github.com/pkg/sftp v1.13.6
@ -46,7 +47,6 @@ require (
 	github.com/google/gnostic-models v0.6.8 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
-	github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.114 // indirect
 	github.com/imdario/mergo v0.3.6 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
--- a/internal/deployer/deployer.go
+++ b/internal/deployer/deployer.go
@ -15,15 +15,16 @@ import (
 )

 const (
-	targetAliyunOSS  = "aliyun-oss"
-	targetAliyunCDN  = "aliyun-cdn"
-	targetAliyunESA  = "aliyun-dcdn"
-	targetTencentCDN = "tencent-cdn"
-	targetQiniuCdn   = "qiniu-cdn"
-	targetLocal      = "local"
-	targetSSH        = "ssh"
-	targetWebhook    = "webhook"
-	targetK8sSecret  = "k8s-secret"
+	targetAliyunOSS      = "aliyun-oss"
+	targetAliyunCDN      = "aliyun-cdn"
+	targetAliyunESA      = "aliyun-dcdn"
+	targetTencentCDN     = "tencent-cdn"
+	targetHuaweiCloudCDN = "huaweicloud-cdn"
+	targetQiniuCdn       = "qiniu-cdn"
+	targetLocal          = "local"
+	targetSSH            = "ssh"
+	targetWebhook        = "webhook"
+	targetK8sSecret      = "k8s-secret"
 )

 type DeployerOption struct {
@ -104,6 +105,8 @@ func getWithDeployConfig(record *models.Record, cert *applicant.Certificate, dep
 		return NewAliyunESADeployer(option)
 	case targetTencentCDN:
 		return NewTencentCDNDeployer(option)
+	case targetHuaweiCloudCDN:
+		return NewHuaweiCloudCDNDeployer(option)
 	case targetQiniuCdn:
 		return NewQiniuCDNDeployer(option)
 	case targetLocal:
--- a/internal/deployer/huaweicloud_cdn.go
+++ b/internal/deployer/huaweicloud_cdn.go
@ -0,0 +1,150 @@
+package deployer
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+
+	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/global"
+	cdn "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cdn/v2"
+	cdnModel "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cdn/v2/model"
+	cdnRegion "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cdn/v2/region"
+
+	"certimate/internal/domain"
+	"certimate/internal/utils/rand"
+)
+
+type HuaweiCloudCDNDeployer struct {
+	option *DeployerOption
+	infos  []string
+}
+
+func NewHuaweiCloudCDNDeployer(option *DeployerOption) (Deployer, error) {
+	return &HuaweiCloudCDNDeployer{
+		option: option,
+		infos:  make([]string, 0),
+	}, nil
+}
+
+func (d *HuaweiCloudCDNDeployer) GetID() string {
+	return fmt.Sprintf("%s-%s", d.option.AceessRecord.GetString("name"), d.option.AceessRecord.Id)
+}
+
+func (d *HuaweiCloudCDNDeployer) GetInfo() []string {
+	return d.infos
+}
+
+func (d *HuaweiCloudCDNDeployer) Deploy(ctx context.Context) error {
+	access := &domain.HuaweiCloudAccess{}
+	if err := json.Unmarshal([]byte(d.option.Access), access); err != nil {
+		return err
+	}
+
+	client, err := d.createClient(access)
+	if err != nil {
+		return err
+	}
+
+	d.infos = append(d.infos, toStr("HuaweiCloudCdnClient 创建成功", nil))
+
+	// 查询加速域名配置
+	showDomainFullConfigReq := &cdnModel.ShowDomainFullConfigRequest{
+		DomainName: getDeployString(d.option.DeployConfig, "domain"),
+	}
+	showDomainFullConfigResp, err := client.ShowDomainFullConfig(showDomainFullConfigReq)
+	if err != nil {
+		return err
+	}
+
+	d.infos = append(d.infos, toStr("已查询到加速域名配置", showDomainFullConfigResp))
+
+	// 更新加速域名配置
+	certName := fmt.Sprintf("%s-%s", d.option.DomainId, rand.RandStr(12))
+	updateDomainMultiCertificatesReq := &cdnModel.UpdateDomainMultiCertificatesRequest{
+		Body: &cdnModel.UpdateDomainMultiCertificatesRequestBody{
+			Https: mergeHuaweiCloudCDNConfig(showDomainFullConfigResp.Configs, &cdnModel.UpdateDomainMultiCertificatesRequestBodyContent{
+				DomainName:  getDeployString(d.option.DeployConfig, "domain"),
+				HttpsSwitch: 1,
+				CertName:    &certName,
+				Certificate: &d.option.Certificate.Certificate,
+				PrivateKey:  &d.option.Certificate.PrivateKey,
+			}),
+		},
+	}
+	updateDomainMultiCertificatesResp, err := client.UpdateDomainMultiCertificates(updateDomainMultiCertificatesReq)
+	if err != nil {
+		return err
+	}
+
+	d.infos = append(d.infos, toStr("已更新加速域名配置", updateDomainMultiCertificatesResp))
+
+	return nil
+}
+
+func (d *HuaweiCloudCDNDeployer) createClient(access *domain.HuaweiCloudAccess) (*cdn.CdnClient, error) {
+	auth, err := global.NewCredentialsBuilder().
+		WithAk(access.AccessKeyId).
+		WithSk(access.SecretAccessKey).
+		SafeBuild()
+	if err != nil {
+		return nil, err
+	}
+
+	region, err := cdnRegion.SafeValueOf(access.Region)
+	if err != nil {
+		return nil, err
+	}
+
+	hcClient, err := cdn.CdnClientBuilder().
+		WithRegion(region).
+		WithCredential(auth).
+		SafeBuild()
+	if err != nil {
+		return nil, err
+	}
+
+	client := cdn.NewCdnClient(hcClient)
+	return client, nil
+}
+
+func mergeHuaweiCloudCDNConfig(src *cdnModel.ConfigsGetBody, dest *cdnModel.UpdateDomainMultiCertificatesRequestBodyContent) *cdnModel.UpdateDomainMultiCertificatesRequestBodyContent {
+	if src == nil {
+		return dest
+	}
+
+	// 华为云 API 中不传的字段表示使用默认值、而非保留原值，因此这里需要把原配置中的参数重新赋值回去
+	// 而且蛋疼的是查询接口返回的数据结构和更新接口传入的参数结构不一致，需要做很多转化
+	// REF: https://support.huaweicloud.com/api-cdn/ShowDomainFullConfig.html
+	// REF: https://support.huaweicloud.com/api-cdn/UpdateDomainMultiCertificates.html
+
+	if *src.OriginProtocol == "follow" {
+		accessOriginWay := int32(1)
+		dest.AccessOriginWay = &accessOriginWay
+	} else if *src.OriginProtocol == "http" {
+		accessOriginWay := int32(2)
+		dest.AccessOriginWay = &accessOriginWay
+	} else if *src.OriginProtocol == "https" {
+		accessOriginWay := int32(3)
+		dest.AccessOriginWay = &accessOriginWay
+	}
+
+	if src.ForceRedirect != nil {
+		dest.ForceRedirectConfig = &cdnModel.ForceRedirect{}
+
+		if src.ForceRedirect.Status == "on" {
+			dest.ForceRedirectConfig.Switch = 1
+			dest.ForceRedirectConfig.RedirectType = src.ForceRedirect.Type
+		} else {
+			dest.ForceRedirectConfig.Switch = 0
+		}
+	}
+
+	if src.Https != nil {
+		if *src.Https.Http2Status == "on" {
+			http2 := int32(1)
+			dest.Http2 = &http2
+		}
+	}
+
+	return dest
+}
--- a/ui/dist/assets/index-tBXwi-8W.js
+++ b/ui/dist/assets/index-tBXwi-8W.js
--- a/ui/dist/index.html
+++ b/ui/dist/index.html
@ -1,14 +1,14 @@
-<!doctype html>
-<html lang="en">
-  <head>
-    <meta charset="UTF-8" />
-    <link rel="icon" type="image/svg+xml" href="/vite.svg" />
-    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-    <title>Certimate - Your Trusted SSL Automation Partner</title>
-    <script type="module" crossorigin src="/assets/index-C9KsIpHj.js"></script>
+<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <link rel="icon" type="image/svg+xml" href="/vite.svg" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <title>Certimate - Your Trusted SSL Automation Partner</title>
+    <script type="module" crossorigin src="/assets/index-tBXwi-8W.js"></script>
    <link rel="stylesheet" crossorigin href="/assets/index-YqBWA4KK.css">
-  </head>
-  <body class="bg-background">
-    <div id="root"></div>
-  </body>
-</html>
+  </head>
+  <body class="bg-background">
+    <div id="root"></div>
+  </body>
+</html>
--- a/ui/src/domain/domain.ts
+++ b/ui/src/domain/domain.ts
@ -71,6 +71,7 @@ export const targetTypeMap: Map<string, [string, string]> = new Map([
  ["aliyun-cdn", ["common.provider.aliyun.cdn", "/imgs/providers/aliyun.svg"]],
  ["aliyun-dcdn", ["common.provider.aliyun.dcdn", "/imgs/providers/aliyun.svg"]],
  ["tencent-cdn", ["common.provider.tencent.cdn", "/imgs/providers/tencent.svg"]],
+  ["huaweicloud-cdn", ["common.provider.huaweicloud.cdn", "/imgs/providers/huaweicloud.svg"]],
  ["qiniu-cdn", ["common.provider.qiniu.cdn", "/imgs/providers/qiniu.svg"]],
  ["local", ["common.provider.local", "/imgs/providers/local.svg"]],
  ["ssh", ["common.provider.ssh", "/imgs/providers/ssh.svg"]],
--- a/ui/src/i18n/locales/en/nls.common.json
+++ b/ui/src/i18n/locales/en/nls.common.json
@ -59,6 +59,7 @@
  "common.provider.tencent": "Tencent",
  "common.provider.tencent.cdn": "Tencent - CDN",
  "common.provider.huaweicloud": "Huawei Cloud",
+  "common.provider.huaweicloud.cdn": "Huawei Cloud - CDN",
  "common.provider.qiniu": "Qiniu",
  "common.provider.qiniu.cdn": "Qiniu - CDN",
  "common.provider.aws": "AWS",
--- a/ui/src/i18n/locales/en/nls.domain.json
+++ b/ui/src/i18n/locales/en/nls.domain.json
@ -13,7 +13,7 @@
  "domain.deploy.started.tips": "Deployment initiated, please check the deployment log later.",
  "domain.deploy.failed.message": "Execution Failed",
  "domain.deploy.failed.tips": "Execution failed, please check the details in <1>Deployment History</1>.",
-  "domain.deploy_forced": "Force Deployment",
+  "domain.deploy_forced": "Force Deploy",

  "domain.props.expiry": "Validity Period",
  "domain.props.expiry.date1": "Valid for {{date}} days",
--- a/ui/src/i18n/locales/zh/nls.common.json
+++ b/ui/src/i18n/locales/zh/nls.common.json
@ -59,6 +59,7 @@
  "common.provider.aliyun.cdn": "阿里云 - CDN",
  "common.provider.aliyun.dcdn": "阿里云 - DCDN",
  "common.provider.huaweicloud": "华为云",
+  "common.provider.huaweicloud.cdn": "华为云 - CDN",
  "common.provider.qiniu": "七牛云",
  "common.provider.qiniu.cdn": "七牛云 - CDN",
  "common.provider.aws": "AWS",