mirror of
https://github.com/usual2970/certimate.git
synced 2025-06-08 21:49:52 +00:00
fix: #542
This commit is contained in:
Fu Diwei
parent
82735f3c02
commit
9667f3309b
@ -291,24 +291,28 @@ func (d *DeployerProvider) updateListenerCertificate(ctx context.Context, cloudL
|
|||||||
// 遍历查询监听证书,并找出需要解除关联的证书
|
// 遍历查询监听证书,并找出需要解除关联的证书
|
||||||
// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-listlistenercertificates
|
// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-listlistenercertificates
|
||||||
// REF: https://help.aliyun.com/zh/ssl-certificate/developer-reference/api-cas-2020-04-07-getusercertificatedetail
|
// REF: https://help.aliyun.com/zh/ssl-certificate/developer-reference/api-cas-2020-04-07-getusercertificatedetail
|
||||||
certificateIsAssociated := false
|
certificateIsAlreadyAssociated := false
|
||||||
certificateIdsExpired := make([]string, 0)
|
certificateIdsToDissociate := make([]string, 0)
|
||||||
if len(listenerCertificates) > 0 {
|
if len(listenerCertificates) > 0 {
|
||||||
d.logger.Info("found listener certificates to deploy", slog.Any("listenerCertificates", listenerCertificates))
|
d.logger.Info("found listener certificates to deploy", slog.Any("listenerCertificates", listenerCertificates))
|
||||||
var errs []error
|
var errs []error
|
||||||
|
|
||||||
for _, listenerCertificate := range listenerCertificates {
|
for _, listenerCertificate := range listenerCertificates {
|
||||||
// 监听证书 ID 格式:${证书 ID}-${地域}
|
if tea.BoolValue(listenerCertificate.IsDefault) {
|
||||||
certificateId := strings.Split(*listenerCertificate.CertificateId, "-")[0]
|
|
||||||
if certificateId == cloudCertId {
|
|
||||||
certificateIsAssociated = true
|
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
if *listenerCertificate.IsDefault || !strings.EqualFold(*listenerCertificate.Status, "Associated") {
|
if !strings.EqualFold(tea.StringValue(listenerCertificate.Status), "Associated") {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// 监听证书 ID 格式:${证书 ID}-${地域}
|
||||||
|
certificateId := strings.Split(tea.StringValue(listenerCertificate.CertificateId), "-")[0]
|
||||||
|
if certificateId == cloudCertId {
|
||||||
|
certificateIsAlreadyAssociated = true
|
||||||
|
break
|
||||||
|
}
|
||||||
|
|
||||||
certificateIdAsInt64, err := strconv.ParseInt(certificateId, 10, 64)
|
certificateIdAsInt64, err := strconv.ParseInt(certificateId, 10, 64)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
errs = append(errs, err)
|
errs = append(errs, err)
|
||||||
@ -321,22 +325,28 @@ func (d *DeployerProvider) updateListenerCertificate(ctx context.Context, cloudL
|
|||||||
getUserCertificateDetailResp, err := d.sdkClients.CAS.GetUserCertificateDetail(getUserCertificateDetailReq)
|
getUserCertificateDetailResp, err := d.sdkClients.CAS.GetUserCertificateDetail(getUserCertificateDetailReq)
|
||||||
d.logger.Debug("sdk request 'cas.GetUserCertificateDetail'", slog.Any("request", getUserCertificateDetailReq), slog.Any("response", getUserCertificateDetailResp))
|
d.logger.Debug("sdk request 'cas.GetUserCertificateDetail'", slog.Any("request", getUserCertificateDetailReq), slog.Any("response", getUserCertificateDetailResp))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
if sdkerr, ok := err.(*tea.SDKError); ok {
|
||||||
|
if tea.IntValue(sdkerr.StatusCode) == 400 && tea.StringValue(sdkerr.Code) == "NotFound" {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
errs = append(errs, xerrors.Wrap(err, "failed to execute sdk request 'cas.GetUserCertificateDetail'"))
|
errs = append(errs, xerrors.Wrap(err, "failed to execute sdk request 'cas.GetUserCertificateDetail'"))
|
||||||
continue
|
continue
|
||||||
}
|
} else {
|
||||||
|
certCNMatched := tea.StringValue(getUserCertificateDetailResp.Body.Common) == d.config.Domain
|
||||||
certCnMatched := getUserCertificateDetailResp.Body.Common != nil && *getUserCertificateDetailResp.Body.Common == d.config.Domain
|
certSANMatched := slices.Contains(strings.Split(tea.StringValue(getUserCertificateDetailResp.Body.Sans), ","), d.config.Domain)
|
||||||
certSanMatched := getUserCertificateDetailResp.Body.Sans != nil && slices.Contains(strings.Split(*getUserCertificateDetailResp.Body.Sans, ","), d.config.Domain)
|
if !certCNMatched && !certSANMatched {
|
||||||
if !certCnMatched && !certSanMatched {
|
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
certEndDate, _ := time.Parse("2006-01-02", *getUserCertificateDetailResp.Body.EndDate)
|
certEndDate, _ := time.Parse("2006-01-02", tea.StringValue(getUserCertificateDetailResp.Body.EndDate))
|
||||||
if time.Now().Before(certEndDate) {
|
if time.Now().Before(certEndDate) {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
certificateIdsExpired = append(certificateIdsExpired, certificateId)
|
certificateIdsToDissociate = append(certificateIdsToDissociate, certificateId)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if len(errs) > 0 {
|
if len(errs) > 0 {
|
||||||
@ -346,7 +356,7 @@ func (d *DeployerProvider) updateListenerCertificate(ctx context.Context, cloudL
|
|||||||
|
|
||||||
// 关联监听和扩展证书
|
// 关联监听和扩展证书
|
||||||
// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-associateadditionalcertificateswithlistener
|
// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-associateadditionalcertificateswithlistener
|
||||||
if !certificateIsAssociated {
|
if !certificateIsAlreadyAssociated {
|
||||||
associateAdditionalCertificatesFromListenerReq := &alialb.AssociateAdditionalCertificatesWithListenerRequest{
|
associateAdditionalCertificatesFromListenerReq := &alialb.AssociateAdditionalCertificatesWithListenerRequest{
|
||||||
ListenerId: tea.String(cloudListenerId),
|
ListenerId: tea.String(cloudListenerId),
|
||||||
Certificates: []*alialb.AssociateAdditionalCertificatesWithListenerRequestCertificates{
|
Certificates: []*alialb.AssociateAdditionalCertificatesWithListenerRequestCertificates{
|
||||||
@ -364,9 +374,9 @@ func (d *DeployerProvider) updateListenerCertificate(ctx context.Context, cloudL
|
|||||||
|
|
||||||
// 解除关联监听和扩展证书
|
// 解除关联监听和扩展证书
|
||||||
// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-dissociateadditionalcertificatesfromlistener
|
// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-dissociateadditionalcertificatesfromlistener
|
||||||
if len(certificateIdsExpired) > 0 {
|
if !certificateIsAlreadyAssociated && len(certificateIdsToDissociate) > 0 {
|
||||||
dissociateAdditionalCertificates := make([]*alialb.DissociateAdditionalCertificatesFromListenerRequestCertificates, 0)
|
dissociateAdditionalCertificates := make([]*alialb.DissociateAdditionalCertificatesFromListenerRequestCertificates, 0)
|
||||||
for _, certificateId := range certificateIdsExpired {
|
for _, certificateId := range certificateIdsToDissociate {
|
||||||
dissociateAdditionalCertificates = append(dissociateAdditionalCertificates, &alialb.DissociateAdditionalCertificatesFromListenerRequestCertificates{
|
dissociateAdditionalCertificates = append(dissociateAdditionalCertificates, &alialb.DissociateAdditionalCertificatesFromListenerRequestCertificates{
|
||||||
CertificateId: tea.String(certificateId),
|
CertificateId: tea.String(certificateId),
|
||||||
})
|
})
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user