mirror of
https://github.com/usual2970/certimate.git
synced 2025-06-09 05:59:50 +00:00
feat: add tencentcloud ssl uploader
This commit is contained in:
parent
f168bd903d
commit
a4fc8dfc56
@ -6,9 +6,9 @@ import (
|
|||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
|
"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
|
||||||
elb "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/elb/v3"
|
hcElb "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/elb/v3"
|
||||||
elbModel "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/elb/v3/model"
|
hcElbModel "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/elb/v3/model"
|
||||||
elbRegion "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/elb/v3/region"
|
hcElbRegion "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/elb/v3/region"
|
||||||
|
|
||||||
"github.com/usual2970/certimate/internal/pkg/core/uploader"
|
"github.com/usual2970/certimate/internal/pkg/core/uploader"
|
||||||
"github.com/usual2970/certimate/internal/pkg/utils/cast"
|
"github.com/usual2970/certimate/internal/pkg/utils/cast"
|
||||||
@ -24,7 +24,7 @@ type HuaweiCloudELBUploaderConfig struct {
|
|||||||
|
|
||||||
type HuaweiCloudELBUploader struct {
|
type HuaweiCloudELBUploader struct {
|
||||||
config *HuaweiCloudELBUploaderConfig
|
config *HuaweiCloudELBUploaderConfig
|
||||||
sdkClient *elb.ElbClient
|
sdkClient *hcElb.ElbClient
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewHuaweiCloudELBUploader(config *HuaweiCloudELBUploaderConfig) (*HuaweiCloudELBUploader, error) {
|
func NewHuaweiCloudELBUploader(config *HuaweiCloudELBUploaderConfig) (*HuaweiCloudELBUploader, error) {
|
||||||
@ -52,7 +52,7 @@ func (u *HuaweiCloudELBUploader) Upload(ctx context.Context, certPem string, pri
|
|||||||
listCertificatesLimit := int32(2000)
|
listCertificatesLimit := int32(2000)
|
||||||
var listCertificatesMarker *string = nil
|
var listCertificatesMarker *string = nil
|
||||||
for {
|
for {
|
||||||
listCertificatesReq := &elbModel.ListCertificatesRequest{
|
listCertificatesReq := &hcElbModel.ListCertificatesRequest{
|
||||||
Limit: cast.Int32Ptr(listCertificatesLimit),
|
Limit: cast.Int32Ptr(listCertificatesLimit),
|
||||||
Marker: listCertificatesMarker,
|
Marker: listCertificatesMarker,
|
||||||
Type: &[]string{"server"},
|
Type: &[]string{"server"},
|
||||||
@ -97,15 +97,15 @@ func (u *HuaweiCloudELBUploader) Upload(ctx context.Context, certPem string, pri
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// 生成证书名(需符合华为云命名规则)
|
// 生成新证书名(需符合华为云命名规则)
|
||||||
var certId, certName string
|
var certId, certName string
|
||||||
certName = fmt.Sprintf("certimate-%d", time.Now().UnixMilli())
|
certName = fmt.Sprintf("certimate-%d", time.Now().UnixMilli())
|
||||||
|
|
||||||
// 创建新证书
|
// 创建新证书
|
||||||
// REF: https://support.huaweicloud.com/api-elb/CreateCertificate.html
|
// REF: https://support.huaweicloud.com/api-elb/CreateCertificate.html
|
||||||
createCertificateReq := &elbModel.CreateCertificateRequest{
|
createCertificateReq := &hcElbModel.CreateCertificateRequest{
|
||||||
Body: &elbModel.CreateCertificateRequestBody{
|
Body: &hcElbModel.CreateCertificateRequestBody{
|
||||||
Certificate: &elbModel.CreateCertificateOption{
|
Certificate: &hcElbModel.CreateCertificateOption{
|
||||||
ProjectId: cast.StringPtr(u.config.ProjectId),
|
ProjectId: cast.StringPtr(u.config.ProjectId),
|
||||||
Name: cast.StringPtr(certName),
|
Name: cast.StringPtr(certName),
|
||||||
Certificate: cast.StringPtr(certPem),
|
Certificate: cast.StringPtr(certPem),
|
||||||
@ -126,7 +126,7 @@ func (u *HuaweiCloudELBUploader) Upload(ctx context.Context, certPem string, pri
|
|||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (u *HuaweiCloudELBUploader) createSdkClient() (*elb.ElbClient, error) {
|
func (u *HuaweiCloudELBUploader) createSdkClient() (*hcElb.ElbClient, error) {
|
||||||
region := u.config.Region
|
region := u.config.Region
|
||||||
accessKeyId := u.config.AccessKeyId
|
accessKeyId := u.config.AccessKeyId
|
||||||
secretAccessKey := u.config.SecretAccessKey
|
secretAccessKey := u.config.SecretAccessKey
|
||||||
@ -142,12 +142,12 @@ func (u *HuaweiCloudELBUploader) createSdkClient() (*elb.ElbClient, error) {
|
|||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
hcRegion, err := elbRegion.SafeValueOf(region)
|
hcRegion, err := hcElbRegion.SafeValueOf(region)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
hcClient, err := elb.ElbClientBuilder().
|
hcClient, err := hcElb.ElbClientBuilder().
|
||||||
WithRegion(hcRegion).
|
WithRegion(hcRegion).
|
||||||
WithCredential(auth).
|
WithCredential(auth).
|
||||||
SafeBuild()
|
SafeBuild()
|
||||||
@ -155,6 +155,6 @@ func (u *HuaweiCloudELBUploader) createSdkClient() (*elb.ElbClient, error) {
|
|||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
client := elb.NewElbClient(hcClient)
|
client := hcElb.NewElbClient(hcClient)
|
||||||
return client, nil
|
return client, nil
|
||||||
}
|
}
|
||||||
|
@ -6,9 +6,9 @@ import (
|
|||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
|
"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
|
||||||
scm "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/scm/v3"
|
hcScm "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/scm/v3"
|
||||||
scmModel "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/scm/v3/model"
|
hcScmModel "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/scm/v3/model"
|
||||||
scmRegion "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/scm/v3/region"
|
hcScmRegion "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/scm/v3/region"
|
||||||
|
|
||||||
"github.com/usual2970/certimate/internal/pkg/core/uploader"
|
"github.com/usual2970/certimate/internal/pkg/core/uploader"
|
||||||
"github.com/usual2970/certimate/internal/pkg/utils/cast"
|
"github.com/usual2970/certimate/internal/pkg/utils/cast"
|
||||||
@ -23,7 +23,7 @@ type HuaweiCloudSCMUploaderConfig struct {
|
|||||||
|
|
||||||
type HuaweiCloudSCMUploader struct {
|
type HuaweiCloudSCMUploader struct {
|
||||||
config *HuaweiCloudSCMUploaderConfig
|
config *HuaweiCloudSCMUploaderConfig
|
||||||
sdkClient *scm.ScmClient
|
sdkClient *hcScm.ScmClient
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewHuaweiCloudSCMUploader(config *HuaweiCloudSCMUploaderConfig) (*HuaweiCloudSCMUploader, error) {
|
func NewHuaweiCloudSCMUploader(config *HuaweiCloudSCMUploaderConfig) (*HuaweiCloudSCMUploader, error) {
|
||||||
@ -52,7 +52,7 @@ func (u *HuaweiCloudSCMUploader) Upload(ctx context.Context, certPem string, pri
|
|||||||
listCertificatesLimit := int32(50)
|
listCertificatesLimit := int32(50)
|
||||||
listCertificatesOffset := int32(0)
|
listCertificatesOffset := int32(0)
|
||||||
for {
|
for {
|
||||||
listCertificatesReq := &scmModel.ListCertificatesRequest{
|
listCertificatesReq := &hcScmModel.ListCertificatesRequest{
|
||||||
Limit: cast.Int32Ptr(listCertificatesLimit),
|
Limit: cast.Int32Ptr(listCertificatesLimit),
|
||||||
Offset: cast.Int32Ptr(listCertificatesOffset),
|
Offset: cast.Int32Ptr(listCertificatesOffset),
|
||||||
SortDir: cast.StringPtr("DESC"),
|
SortDir: cast.StringPtr("DESC"),
|
||||||
@ -65,7 +65,7 @@ func (u *HuaweiCloudSCMUploader) Upload(ctx context.Context, certPem string, pri
|
|||||||
|
|
||||||
if listCertificatesResp.Certificates != nil {
|
if listCertificatesResp.Certificates != nil {
|
||||||
for _, certDetail := range *listCertificatesResp.Certificates {
|
for _, certDetail := range *listCertificatesResp.Certificates {
|
||||||
exportCertificateReq := &scmModel.ExportCertificateRequest{
|
exportCertificateReq := &hcScmModel.ExportCertificateRequest{
|
||||||
CertificateId: certDetail.Id,
|
CertificateId: certDetail.Id,
|
||||||
}
|
}
|
||||||
exportCertificateResp, err := u.sdkClient.ExportCertificate(exportCertificateReq)
|
exportCertificateResp, err := u.sdkClient.ExportCertificate(exportCertificateReq)
|
||||||
@ -109,14 +109,14 @@ func (u *HuaweiCloudSCMUploader) Upload(ctx context.Context, certPem string, pri
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// 生成证书名(需符合华为云命名规则)
|
// 生成新证书名(需符合华为云命名规则)
|
||||||
var certId, certName string
|
var certId, certName string
|
||||||
certName = fmt.Sprintf("certimate-%d", time.Now().UnixMilli())
|
certName = fmt.Sprintf("certimate-%d", time.Now().UnixMilli())
|
||||||
|
|
||||||
// 上传新证书
|
// 上传新证书
|
||||||
// REF: https://support.huaweicloud.com/api-ccm/ImportCertificate.html
|
// REF: https://support.huaweicloud.com/api-ccm/ImportCertificate.html
|
||||||
importCertificateReq := &scmModel.ImportCertificateRequest{
|
importCertificateReq := &hcScmModel.ImportCertificateRequest{
|
||||||
Body: &scmModel.ImportCertificateRequestBody{
|
Body: &hcScmModel.ImportCertificateRequestBody{
|
||||||
Name: certName,
|
Name: certName,
|
||||||
Certificate: certPem,
|
Certificate: certPem,
|
||||||
PrivateKey: privkeyPem,
|
PrivateKey: privkeyPem,
|
||||||
@ -134,7 +134,7 @@ func (u *HuaweiCloudSCMUploader) Upload(ctx context.Context, certPem string, pri
|
|||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (u *HuaweiCloudSCMUploader) createSdkClient() (*scm.ScmClient, error) {
|
func (u *HuaweiCloudSCMUploader) createSdkClient() (*hcScm.ScmClient, error) {
|
||||||
region := u.config.Region
|
region := u.config.Region
|
||||||
accessKeyId := u.config.AccessKeyId
|
accessKeyId := u.config.AccessKeyId
|
||||||
secretAccessKey := u.config.SecretAccessKey
|
secretAccessKey := u.config.SecretAccessKey
|
||||||
@ -150,12 +150,12 @@ func (u *HuaweiCloudSCMUploader) createSdkClient() (*scm.ScmClient, error) {
|
|||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
hcRegion, err := scmRegion.SafeValueOf(region)
|
hcRegion, err := hcScmRegion.SafeValueOf(region)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
hcClient, err := scm.ScmClientBuilder().
|
hcClient, err := hcScm.ScmClientBuilder().
|
||||||
WithRegion(hcRegion).
|
WithRegion(hcRegion).
|
||||||
WithCredential(auth).
|
WithCredential(auth).
|
||||||
SafeBuild()
|
SafeBuild()
|
||||||
@ -163,6 +163,6 @@ func (u *HuaweiCloudSCMUploader) createSdkClient() (*scm.ScmClient, error) {
|
|||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
client := scm.NewScmClient(hcClient)
|
client := hcScm.NewScmClient(hcClient)
|
||||||
return client, nil
|
return client, nil
|
||||||
}
|
}
|
||||||
|
97
internal/pkg/core/uploader/impl/tencentcloud_ssl.go
Normal file
97
internal/pkg/core/uploader/impl/tencentcloud_ssl.go
Normal file
@ -0,0 +1,97 @@
|
|||||||
|
package impl
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"fmt"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common"
|
||||||
|
"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile"
|
||||||
|
tcSsl "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl/v20191205"
|
||||||
|
|
||||||
|
"github.com/usual2970/certimate/internal/pkg/core/uploader"
|
||||||
|
"github.com/usual2970/certimate/internal/pkg/utils/cast"
|
||||||
|
)
|
||||||
|
|
||||||
|
type TencentCloudSSLUploaderConfig struct {
|
||||||
|
Region string `json:"region"`
|
||||||
|
SecretId string `json:"secretId"`
|
||||||
|
SecretKey string `json:"secretKey"`
|
||||||
|
}
|
||||||
|
|
||||||
|
type TencentCloudSSLUploader struct {
|
||||||
|
config *TencentCloudSSLUploaderConfig
|
||||||
|
sdkClient *tcSsl.Client
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewTencentCloudSSLUploader(config *TencentCloudSSLUploaderConfig) (*TencentCloudSSLUploader, error) {
|
||||||
|
client, err := (&TencentCloudSSLUploader{config: config}).createSdkClient()
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("failed to create sdk client: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
return &TencentCloudSSLUploader{
|
||||||
|
config: config,
|
||||||
|
sdkClient: client,
|
||||||
|
}, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (u *TencentCloudSSLUploader) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
|
||||||
|
// 生成新证书名(需符合腾讯云命名规则)
|
||||||
|
var certId, certName string
|
||||||
|
certName = fmt.Sprintf("certimate-%d", time.Now().UnixMilli())
|
||||||
|
|
||||||
|
// 上传新证书
|
||||||
|
// REF: https://cloud.tencent.com/document/product/400/41665
|
||||||
|
uploadCertificateReq := &tcSsl.UploadCertificateRequest{
|
||||||
|
Alias: cast.StringPtr(certName),
|
||||||
|
CertificatePublicKey: cast.StringPtr(certPem),
|
||||||
|
CertificatePrivateKey: cast.StringPtr(privkeyPem),
|
||||||
|
Repeatable: cast.BoolPtr(false),
|
||||||
|
}
|
||||||
|
uploadCertificateResp, err := u.sdkClient.UploadCertificate(uploadCertificateReq)
|
||||||
|
if uploadCertificateResp != nil && uploadCertificateResp.Response != nil && uploadCertificateResp.Response.RepeatCertId != nil {
|
||||||
|
// 获取重复证书
|
||||||
|
// REF: https://cloud.tencent.com/document/api/400/41673
|
||||||
|
describeCertificateDetailReq := &tcSsl.DescribeCertificateDetailRequest{
|
||||||
|
CertificateId: uploadCertificateResp.Response.RepeatCertId,
|
||||||
|
}
|
||||||
|
describeCertificateDetailResp, err := u.sdkClient.DescribeCertificateDetail(describeCertificateDetailReq)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("failed to execute sdk request 'ssl.DescribeCertificateDetail': %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
certId = *uploadCertificateResp.Response.RepeatCertId
|
||||||
|
certName = *describeCertificateDetailResp.Response.Alias
|
||||||
|
return &uploader.UploadResult{
|
||||||
|
CertId: certId,
|
||||||
|
CertName: certName,
|
||||||
|
}, nil
|
||||||
|
}
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("failed to execute sdk request 'ssl.UploadCertificate': %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
certId = *uploadCertificateResp.Response.CertificateId
|
||||||
|
return &uploader.UploadResult{
|
||||||
|
CertId: certId,
|
||||||
|
CertName: certName,
|
||||||
|
}, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (u *TencentCloudSSLUploader) createSdkClient() (*tcSsl.Client, error) {
|
||||||
|
region := u.config.Region
|
||||||
|
secretId := u.config.SecretId
|
||||||
|
secretKey := u.config.SecretKey
|
||||||
|
if region == "" {
|
||||||
|
region = "ap-guangzhou" // SSL 服务默认区域:广州
|
||||||
|
}
|
||||||
|
|
||||||
|
credential := common.NewCredential(secretId, secretKey)
|
||||||
|
client, err := tcSsl.NewClient(credential, region, profile.NewClientProfile())
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
return client, nil
|
||||||
|
}
|
@ -4,6 +4,22 @@ func Int32Ptr(i int32) *int32 {
|
|||||||
return &i
|
return &i
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func Int64Ptr(i int64) *int64 {
|
||||||
|
return &i
|
||||||
|
}
|
||||||
|
|
||||||
|
func UInt32Ptr(i uint32) *uint32 {
|
||||||
|
return &i
|
||||||
|
}
|
||||||
|
|
||||||
|
func UInt64Ptr(i uint64) *uint64 {
|
||||||
|
return &i
|
||||||
|
}
|
||||||
|
|
||||||
func StringPtr(s string) *string {
|
func StringPtr(s string) *string {
|
||||||
return &s
|
return &s
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func BoolPtr(b bool) *bool {
|
||||||
|
return &b
|
||||||
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user