From df1f216b5bb8308f571782d1acba65a2c71617da Mon Sep 17 00:00:00 2001 From: Fu Diwei Date: Tue, 27 May 2025 21:04:25 +0800 Subject: [PATCH] feat: support configuring aliyun resource group id --- internal/deployer/providers.go | 14 ++++++ internal/domain/access.go | 1 + .../providers/aliyun-alb/aliyun_alb.go | 9 ++-- .../providers/aliyun-apigw/aliyun_apigw.go | 21 +++++---- .../aliyun-cas-deploy/aliyun_cas_deploy.go | 43 +++++++++++++------ .../providers/aliyun-cas/aliyun_cas.go | 3 ++ .../providers/aliyun-cdn/aliyun_cdn.go | 2 + .../providers/aliyun-clb/aliyun_clb.go | 9 ++-- .../providers/aliyun-dcdn/aliyun_dcdn.go | 2 + .../providers/aliyun-ddos/aliyun_ddos.go | 9 ++-- .../providers/aliyun-esa/aliyun_esa.go | 9 ++-- .../deployer/providers/aliyun-fc/aliyun_fc.go | 7 ++- .../deployer/providers/aliyun-ga/aliyun_ga.go | 7 ++- .../providers/aliyun-live/aliyun_live.go | 4 +- .../providers/aliyun-nlb/aliyun_nlb.go | 14 +++--- .../providers/aliyun-oss/aliyun_oss.go | 2 + .../providers/aliyun-vod/aliyun_vod.go | 6 ++- .../providers/aliyun-waf/aliyun_waf.go | 27 +++++++----- .../providers/aliyun-cas/aliyun_cas.go | 23 +++++----- .../providers/aliyun-slb/aliyun_slb.go | 9 +++- internal/pkg/utils/type/cast.go | 7 +-- .../access/AccessFormAliyunConfig.tsx | 27 ++++++++++-- .../access/AccessFormHuaweiCloudConfig.tsx | 6 +-- ui/src/domain/access.ts | 1 + ui/src/i18n/locales/en/nls.access.json | 3 ++ ui/src/i18n/locales/zh/nls.access.json | 3 ++ 26 files changed, 186 insertions(+), 82 deletions(-) diff --git a/internal/deployer/providers.go b/internal/deployer/providers.go index 1760ee24..e67c29e0 100644 --- a/internal/deployer/providers.go +++ b/internal/deployer/providers.go @@ -157,6 +157,7 @@ func createDeployerProvider(options *deployerProviderOptions) (deployer.Deployer deployer, err := pAliyunALB.NewDeployer(&pAliyunALB.DeployerConfig{ AccessKeyId: access.AccessKeyId, AccessKeySecret: access.AccessKeySecret, + ResourceGroupId: access.ResourceGroupId, Region: maputil.GetString(options.ProviderServiceConfig, "region"), ResourceType: pAliyunALB.ResourceType(maputil.GetString(options.ProviderServiceConfig, "resourceType")), LoadbalancerId: maputil.GetString(options.ProviderServiceConfig, "loadbalancerId"), @@ -169,6 +170,7 @@ func createDeployerProvider(options *deployerProviderOptions) (deployer.Deployer deployer, err := pAliyunAPIGW.NewDeployer(&pAliyunAPIGW.DeployerConfig{ AccessKeyId: access.AccessKeyId, AccessKeySecret: access.AccessKeySecret, + ResourceGroupId: access.ResourceGroupId, Region: maputil.GetString(options.ProviderServiceConfig, "region"), ServiceType: pAliyunAPIGW.ServiceType(maputil.GetString(options.ProviderServiceConfig, "serviceType")), GatewayId: maputil.GetString(options.ProviderServiceConfig, "gatewayId"), @@ -181,6 +183,7 @@ func createDeployerProvider(options *deployerProviderOptions) (deployer.Deployer deployer, err := pAliyunCAS.NewDeployer(&pAliyunCAS.DeployerConfig{ AccessKeyId: access.AccessKeyId, AccessKeySecret: access.AccessKeySecret, + ResourceGroupId: access.ResourceGroupId, Region: maputil.GetString(options.ProviderServiceConfig, "region"), }) return deployer, err @@ -189,6 +192,7 @@ func createDeployerProvider(options *deployerProviderOptions) (deployer.Deployer deployer, err := pAliyunCASDeploy.NewDeployer(&pAliyunCASDeploy.DeployerConfig{ AccessKeyId: access.AccessKeyId, AccessKeySecret: access.AccessKeySecret, + ResourceGroupId: access.ResourceGroupId, Region: maputil.GetString(options.ProviderServiceConfig, "region"), ResourceIds: sliceutil.Filter(strings.Split(maputil.GetString(options.ProviderServiceConfig, "resourceIds"), ";"), func(s string) bool { return s != "" }), ContactIds: sliceutil.Filter(strings.Split(maputil.GetString(options.ProviderServiceConfig, "contactIds"), ";"), func(s string) bool { return s != "" }), @@ -199,6 +203,7 @@ func createDeployerProvider(options *deployerProviderOptions) (deployer.Deployer deployer, err := pAliyunCDN.NewDeployer(&pAliyunCDN.DeployerConfig{ AccessKeyId: access.AccessKeyId, AccessKeySecret: access.AccessKeySecret, + ResourceGroupId: access.ResourceGroupId, Domain: maputil.GetString(options.ProviderServiceConfig, "domain"), }) return deployer, err @@ -207,6 +212,7 @@ func createDeployerProvider(options *deployerProviderOptions) (deployer.Deployer deployer, err := pAliyunCLB.NewDeployer(&pAliyunCLB.DeployerConfig{ AccessKeyId: access.AccessKeyId, AccessKeySecret: access.AccessKeySecret, + ResourceGroupId: access.ResourceGroupId, Region: maputil.GetString(options.ProviderServiceConfig, "region"), ResourceType: pAliyunCLB.ResourceType(maputil.GetString(options.ProviderServiceConfig, "resourceType")), LoadbalancerId: maputil.GetString(options.ProviderServiceConfig, "loadbalancerId"), @@ -219,6 +225,7 @@ func createDeployerProvider(options *deployerProviderOptions) (deployer.Deployer deployer, err := pAliyunDCDN.NewDeployer(&pAliyunDCDN.DeployerConfig{ AccessKeyId: access.AccessKeyId, AccessKeySecret: access.AccessKeySecret, + ResourceGroupId: access.ResourceGroupId, Domain: maputil.GetString(options.ProviderServiceConfig, "domain"), }) return deployer, err @@ -227,6 +234,7 @@ func createDeployerProvider(options *deployerProviderOptions) (deployer.Deployer deployer, err := pAliyunDDoS.NewDeployer(&pAliyunDDoS.DeployerConfig{ AccessKeyId: access.AccessKeyId, AccessKeySecret: access.AccessKeySecret, + ResourceGroupId: access.ResourceGroupId, Region: maputil.GetString(options.ProviderServiceConfig, "region"), Domain: maputil.GetString(options.ProviderServiceConfig, "domain"), }) @@ -245,6 +253,7 @@ func createDeployerProvider(options *deployerProviderOptions) (deployer.Deployer deployer, err := pAliyunFC.NewDeployer(&pAliyunFC.DeployerConfig{ AccessKeyId: access.AccessKeyId, AccessKeySecret: access.AccessKeySecret, + ResourceGroupId: access.ResourceGroupId, Region: maputil.GetString(options.ProviderServiceConfig, "region"), ServiceVersion: maputil.GetOrDefaultString(options.ProviderServiceConfig, "serviceVersion", "3.0"), Domain: maputil.GetString(options.ProviderServiceConfig, "domain"), @@ -255,6 +264,7 @@ func createDeployerProvider(options *deployerProviderOptions) (deployer.Deployer deployer, err := pAliyunGA.NewDeployer(&pAliyunGA.DeployerConfig{ AccessKeyId: access.AccessKeyId, AccessKeySecret: access.AccessKeySecret, + ResourceGroupId: access.ResourceGroupId, ResourceType: pAliyunGA.ResourceType(maputil.GetString(options.ProviderServiceConfig, "resourceType")), AcceleratorId: maputil.GetString(options.ProviderServiceConfig, "acceleratorId"), ListenerId: maputil.GetString(options.ProviderServiceConfig, "listenerId"), @@ -275,6 +285,7 @@ func createDeployerProvider(options *deployerProviderOptions) (deployer.Deployer deployer, err := pAliyunNLB.NewDeployer(&pAliyunNLB.DeployerConfig{ AccessKeyId: access.AccessKeyId, AccessKeySecret: access.AccessKeySecret, + ResourceGroupId: access.ResourceGroupId, Region: maputil.GetString(options.ProviderServiceConfig, "region"), ResourceType: pAliyunNLB.ResourceType(maputil.GetString(options.ProviderServiceConfig, "resourceType")), LoadbalancerId: maputil.GetString(options.ProviderServiceConfig, "loadbalancerId"), @@ -286,6 +297,7 @@ func createDeployerProvider(options *deployerProviderOptions) (deployer.Deployer deployer, err := pAliyunOSS.NewDeployer(&pAliyunOSS.DeployerConfig{ AccessKeyId: access.AccessKeyId, AccessKeySecret: access.AccessKeySecret, + ResourceGroupId: access.ResourceGroupId, Region: maputil.GetString(options.ProviderServiceConfig, "region"), Bucket: maputil.GetString(options.ProviderServiceConfig, "bucket"), Domain: maputil.GetString(options.ProviderServiceConfig, "domain"), @@ -296,6 +308,7 @@ func createDeployerProvider(options *deployerProviderOptions) (deployer.Deployer deployer, err := pAliyunVOD.NewDeployer(&pAliyunVOD.DeployerConfig{ AccessKeyId: access.AccessKeyId, AccessKeySecret: access.AccessKeySecret, + ResourceGroupId: access.ResourceGroupId, Region: maputil.GetString(options.ProviderServiceConfig, "region"), Domain: maputil.GetString(options.ProviderServiceConfig, "domain"), }) @@ -305,6 +318,7 @@ func createDeployerProvider(options *deployerProviderOptions) (deployer.Deployer deployer, err := pAliyunWAF.NewDeployer(&pAliyunWAF.DeployerConfig{ AccessKeyId: access.AccessKeyId, AccessKeySecret: access.AccessKeySecret, + ResourceGroupId: access.ResourceGroupId, Region: maputil.GetString(options.ProviderServiceConfig, "region"), ServiceVersion: maputil.GetOrDefaultString(options.ProviderServiceConfig, "serviceVersion", "3.0"), InstanceId: maputil.GetString(options.ProviderServiceConfig, "instanceId"), diff --git a/internal/domain/access.go b/internal/domain/access.go index d77de3fe..5c96420e 100644 --- a/internal/domain/access.go +++ b/internal/domain/access.go @@ -38,6 +38,7 @@ type AccessConfigForACMEHttpReq struct { type AccessConfigForAliyun struct { AccessKeyId string `json:"accessKeyId"` AccessKeySecret string `json:"accessKeySecret"` + ResourceGroupId string `json:"resourceGroupId,omitempty"` } type AccessConfigForAWS struct { diff --git a/internal/pkg/core/deployer/providers/aliyun-alb/aliyun_alb.go b/internal/pkg/core/deployer/providers/aliyun-alb/aliyun_alb.go index 35b4997c..fec66c0e 100644 --- a/internal/pkg/core/deployer/providers/aliyun-alb/aliyun_alb.go +++ b/internal/pkg/core/deployer/providers/aliyun-alb/aliyun_alb.go @@ -25,6 +25,8 @@ type DeployerConfig struct { AccessKeyId string `json:"accessKeyId"` // 阿里云 AccessKeySecret。 AccessKeySecret string `json:"accessKeySecret"` + // 阿里云资源组 ID。 + ResourceGroupId string `json:"resourceGroupId,omitempty"` // 阿里云地域。 Region string `json:"region"` // 部署资源类型。 @@ -64,7 +66,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) { return nil, fmt.Errorf("failed to create sdk clients: %w", err) } - uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.Region) + uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.ResourceGroupId, config.Region) if err != nil { return nil, fmt.Errorf("failed to create ssl uploader: %w", err) } @@ -423,7 +425,7 @@ func createSdkClients(accessKeyId, accessKeySecret, region string) (*wSdkClients // 接入点一览 https://api.aliyun.com/product/Alb var albEndpoint string switch region { - case "cn-hangzhou-finance": + case "", "cn-hangzhou-finance": albEndpoint = "alb.cn-hangzhou.aliyuncs.com" default: albEndpoint = fmt.Sprintf("alb.%s.aliyuncs.com", region) @@ -463,7 +465,7 @@ func createSdkClients(accessKeyId, accessKeySecret, region string) (*wSdkClients }, nil } -func createSslUploader(accessKeyId, accessKeySecret, region string) (uploader.Uploader, error) { +func createSslUploader(accessKeyId, accessKeySecret, resourceGroupId, region string) (uploader.Uploader, error) { casRegion := region if casRegion != "" { // 阿里云 CAS 服务接入点是独立于 ALB 服务的 @@ -479,6 +481,7 @@ func createSslUploader(accessKeyId, accessKeySecret, region string) (uploader.Up uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{ AccessKeyId: accessKeyId, AccessKeySecret: accessKeySecret, + ResourceGroupId: resourceGroupId, Region: casRegion, }) return uploader, err diff --git a/internal/pkg/core/deployer/providers/aliyun-apigw/aliyun_apigw.go b/internal/pkg/core/deployer/providers/aliyun-apigw/aliyun_apigw.go index d74c7c27..f215e701 100644 --- a/internal/pkg/core/deployer/providers/aliyun-apigw/aliyun_apigw.go +++ b/internal/pkg/core/deployer/providers/aliyun-apigw/aliyun_apigw.go @@ -16,6 +16,7 @@ import ( "github.com/usual2970/certimate/internal/pkg/core/deployer" "github.com/usual2970/certimate/internal/pkg/core/uploader" uploadersp "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/aliyun-cas" + typeutil "github.com/usual2970/certimate/internal/pkg/utils/type" ) type DeployerConfig struct { @@ -23,6 +24,8 @@ type DeployerConfig struct { AccessKeyId string `json:"accessKeyId"` // 阿里云 AccessKeySecret。 AccessKeySecret string `json:"accessKeySecret"` + // 阿里云资源组 ID。 + ResourceGroupId string `json:"resourceGroupId,omitempty"` // 阿里云地域。 Region string `json:"region"` // 服务类型。 @@ -61,7 +64,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) { return nil, fmt.Errorf("failed to create sdk clients: %w", err) } - uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.Region) + uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.ResourceGroupId, config.Region) if err != nil { return nil, fmt.Errorf("failed to create ssl uploader: %w", err) } @@ -149,10 +152,11 @@ func (d *DeployerProvider) deployToCloudNative(ctx context.Context, certPEM stri } listDomainsReq := &aliapig.ListDomainsRequest{ - GatewayId: tea.String(d.config.GatewayId), - NameLike: tea.String(d.config.Domain), - PageNumber: tea.Int32(listDomainsPageNumber), - PageSize: tea.Int32(listDomainsPageSize), + ResourceGroupId: typeutil.ToPtrOrZeroNil(d.config.ResourceGroupId), + GatewayId: tea.String(d.config.GatewayId), + NameLike: tea.String(d.config.Domain), + PageNumber: tea.Int32(listDomainsPageNumber), + PageSize: tea.Int32(listDomainsPageSize), } listDomainsResp, err := d.sdkClients.CloudNativeAPIGateway.ListDomains(listDomainsReq) d.logger.Debug("sdk request 'apig.ListDomains'", slog.Any("request", listDomainsReq), slog.Any("response", listDomainsResp)) @@ -223,7 +227,7 @@ func (d *DeployerProvider) deployToCloudNative(ctx context.Context, certPEM stri func createSdkClients(accessKeyId, accessKeySecret, region string) (*wSdkClients, error) { // 接入点一览 https://api.aliyun.com/product/APIG - cloudNativeAPIGEndpoint := fmt.Sprintf("apig.%s.aliyuncs.com", region) + cloudNativeAPIGEndpoint := strings.ReplaceAll(fmt.Sprintf("apig.%s.aliyuncs.com", region), "..", ".") cloudNativeAPIGConfig := &aliopen.Config{ AccessKeyId: tea.String(accessKeyId), AccessKeySecret: tea.String(accessKeySecret), @@ -235,7 +239,7 @@ func createSdkClients(accessKeyId, accessKeySecret, region string) (*wSdkClients } // 接入点一览 https://api.aliyun.com/product/CloudAPI - traditionalAPIGEndpoint := fmt.Sprintf("apigateway.%s.aliyuncs.com", region) + traditionalAPIGEndpoint := strings.ReplaceAll(fmt.Sprintf("apigateway.%s.aliyuncs.com", region), "..", ".") traditionalAPIGConfig := &aliopen.Config{ AccessKeyId: tea.String(accessKeyId), AccessKeySecret: tea.String(accessKeySecret), @@ -252,7 +256,7 @@ func createSdkClients(accessKeyId, accessKeySecret, region string) (*wSdkClients }, nil } -func createSslUploader(accessKeyId, accessKeySecret, region string) (uploader.Uploader, error) { +func createSslUploader(accessKeyId, accessKeySecret, resourceGroupId, region string) (uploader.Uploader, error) { casRegion := region if casRegion != "" { // 阿里云 CAS 服务接入点是独立于 APIGateway 服务的 @@ -268,6 +272,7 @@ func createSslUploader(accessKeyId, accessKeySecret, region string) (uploader.Up uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{ AccessKeyId: accessKeyId, AccessKeySecret: accessKeySecret, + ResourceGroupId: resourceGroupId, Region: casRegion, }) return uploader, err diff --git a/internal/pkg/core/deployer/providers/aliyun-cas-deploy/aliyun_cas_deploy.go b/internal/pkg/core/deployer/providers/aliyun-cas-deploy/aliyun_cas_deploy.go index 077dea5c..569edaf3 100644 --- a/internal/pkg/core/deployer/providers/aliyun-cas-deploy/aliyun_cas_deploy.go +++ b/internal/pkg/core/deployer/providers/aliyun-cas-deploy/aliyun_cas_deploy.go @@ -22,6 +22,8 @@ type DeployerConfig struct { AccessKeyId string `json:"accessKeyId"` // 阿里云 AccessKeySecret。 AccessKeySecret string `json:"accessKeySecret"` + // 阿里云资源组 ID。 + ResourceGroupId string `json:"resourceGroupId,omitempty"` // 阿里云地域。 Region string `json:"region"` // 阿里云云产品资源 ID 数组。 @@ -50,11 +52,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) { return nil, fmt.Errorf("failed to create sdk client: %w", err) } - uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{ - AccessKeyId: config.AccessKeyId, - AccessKeySecret: config.AccessKeySecret, - Region: config.Region, - }) + uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.ResourceGroupId, config.Region) if err != nil { return nil, fmt.Errorf("failed to create ssl uploader: %w", err) } @@ -94,9 +92,10 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPE if len(contactIds) == 0 { // 获取联系人列表 // REF: https://help.aliyun.com/zh/ssl-certificate/developer-reference/api-cas-2020-04-07-listcontact - listContactReq := &alicas.ListContactRequest{} - listContactReq.ShowSize = tea.Int32(1) - listContactReq.CurrentPage = tea.Int32(1) + listContactReq := &alicas.ListContactRequest{ + ShowSize: tea.Int32(1), + CurrentPage: tea.Int32(1), + } listContactResp, err := d.sdkClient.ListContact(listContactReq) d.logger.Debug("sdk request 'cas.ListContact'", slog.Any("request", listContactReq), slog.Any("response", listContactResp)) if err != nil { @@ -157,14 +156,10 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPE } func createSdkClient(accessKeyId, accessKeySecret, region string) (*alicas.Client, error) { - if region == "" { - region = "cn-hangzhou" // CAS 服务默认区域:华东一杭州 - } - // 接入点一览 https://api.aliyun.com/product/cas var endpoint string switch region { - case "cn-hangzhou": + case "", "cn-hangzhou": endpoint = "cas.aliyuncs.com" default: endpoint = fmt.Sprintf("cas.%s.aliyuncs.com", region) @@ -183,3 +178,25 @@ func createSdkClient(accessKeyId, accessKeySecret, region string) (*alicas.Clien return client, nil } + +func createSslUploader(accessKeyId, accessKeySecret, resourceGroupId, region string) (uploader.Uploader, error) { + casRegion := region + if casRegion != "" { + // 阿里云 CAS 服务接入点是独立于其他服务的 + // 国内版固定接入点:华东一杭州 + // 国际版固定接入点:亚太东南一新加坡 + if !strings.HasPrefix(casRegion, "cn-") { + casRegion = "ap-southeast-1" + } else { + casRegion = "cn-hangzhou" + } + } + + uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{ + AccessKeyId: accessKeyId, + AccessKeySecret: accessKeySecret, + ResourceGroupId: resourceGroupId, + Region: casRegion, + }) + return uploader, err +} diff --git a/internal/pkg/core/deployer/providers/aliyun-cas/aliyun_cas.go b/internal/pkg/core/deployer/providers/aliyun-cas/aliyun_cas.go index 56681e57..73d2d77b 100644 --- a/internal/pkg/core/deployer/providers/aliyun-cas/aliyun_cas.go +++ b/internal/pkg/core/deployer/providers/aliyun-cas/aliyun_cas.go @@ -15,6 +15,8 @@ type DeployerConfig struct { AccessKeyId string `json:"accessKeyId"` // 阿里云 AccessKeySecret。 AccessKeySecret string `json:"accessKeySecret"` + // 阿里云资源组 ID。 + ResourceGroupId string `json:"resourceGroupId,omitempty"` // 阿里云地域。 Region string `json:"region"` } @@ -35,6 +37,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) { uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{ AccessKeyId: config.AccessKeyId, AccessKeySecret: config.AccessKeySecret, + ResourceGroupId: config.ResourceGroupId, Region: config.Region, }) if err != nil { diff --git a/internal/pkg/core/deployer/providers/aliyun-cdn/aliyun_cdn.go b/internal/pkg/core/deployer/providers/aliyun-cdn/aliyun_cdn.go index ce5f9fd8..5fa6eedf 100644 --- a/internal/pkg/core/deployer/providers/aliyun-cdn/aliyun_cdn.go +++ b/internal/pkg/core/deployer/providers/aliyun-cdn/aliyun_cdn.go @@ -19,6 +19,8 @@ type DeployerConfig struct { AccessKeyId string `json:"accessKeyId"` // 阿里云 AccessKeySecret。 AccessKeySecret string `json:"accessKeySecret"` + // 阿里云资源组 ID。 + ResourceGroupId string `json:"resourceGroupId,omitempty"` // 加速域名(支持泛域名)。 Domain string `json:"domain"` } diff --git a/internal/pkg/core/deployer/providers/aliyun-clb/aliyun_clb.go b/internal/pkg/core/deployer/providers/aliyun-clb/aliyun_clb.go index 34c3a49e..ec35a190 100644 --- a/internal/pkg/core/deployer/providers/aliyun-clb/aliyun_clb.go +++ b/internal/pkg/core/deployer/providers/aliyun-clb/aliyun_clb.go @@ -20,6 +20,8 @@ type DeployerConfig struct { AccessKeyId string `json:"accessKeyId"` // 阿里云 AccessKeySecret。 AccessKeySecret string `json:"accessKeySecret"` + // 阿里云资源组 ID。 + ResourceGroupId string `json:"resourceGroupId,omitempty"` // 阿里云地域。 Region string `json:"region"` // 部署资源类型。 @@ -54,7 +56,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) { return nil, fmt.Errorf("failed to create sdk client: %w", err) } - uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.Region) + uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.ResourceGroupId, config.Region) if err != nil { return nil, fmt.Errorf("failed to create ssl uploader: %w", err) } @@ -283,7 +285,7 @@ func createSdkClient(accessKeyId, accessKeySecret, region string) (*alislb.Clien // 接入点一览 https://api.aliyun.com/product/Slb var endpoint string switch region { - case + case "", "cn-hangzhou", "cn-hangzhou-finance", "cn-shanghai-finance-1", @@ -307,10 +309,11 @@ func createSdkClient(accessKeyId, accessKeySecret, region string) (*alislb.Clien return client, nil } -func createSslUploader(accessKeyId, accessKeySecret, region string) (uploader.Uploader, error) { +func createSslUploader(accessKeyId, accessKeySecret, resourceGroupId, region string) (uploader.Uploader, error) { uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{ AccessKeyId: accessKeyId, AccessKeySecret: accessKeySecret, + ResourceGroupId: resourceGroupId, Region: region, }) return uploader, err diff --git a/internal/pkg/core/deployer/providers/aliyun-dcdn/aliyun_dcdn.go b/internal/pkg/core/deployer/providers/aliyun-dcdn/aliyun_dcdn.go index 4eb411fd..f27f4ab9 100644 --- a/internal/pkg/core/deployer/providers/aliyun-dcdn/aliyun_dcdn.go +++ b/internal/pkg/core/deployer/providers/aliyun-dcdn/aliyun_dcdn.go @@ -19,6 +19,8 @@ type DeployerConfig struct { AccessKeyId string `json:"accessKeyId"` // 阿里云 AccessKeySecret。 AccessKeySecret string `json:"accessKeySecret"` + // 阿里云资源组 ID。 + ResourceGroupId string `json:"resourceGroupId,omitempty"` // 加速域名(支持泛域名)。 Domain string `json:"domain"` } diff --git a/internal/pkg/core/deployer/providers/aliyun-ddos/aliyun_ddos.go b/internal/pkg/core/deployer/providers/aliyun-ddos/aliyun_ddos.go index d1cb5b61..83d5d602 100644 --- a/internal/pkg/core/deployer/providers/aliyun-ddos/aliyun_ddos.go +++ b/internal/pkg/core/deployer/providers/aliyun-ddos/aliyun_ddos.go @@ -22,6 +22,8 @@ type DeployerConfig struct { AccessKeyId string `json:"accessKeyId"` // 阿里云 AccessKeySecret。 AccessKeySecret string `json:"accessKeySecret"` + // 阿里云资源组 ID。 + ResourceGroupId string `json:"resourceGroupId,omitempty"` // 阿里云地域。 Region string `json:"region"` // 网站域名(支持泛域名)。 @@ -47,7 +49,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) { return nil, fmt.Errorf("failed to create sdk client: %w", err) } - uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.Region) + uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.ResourceGroupId, config.Region) if err != nil { return nil, fmt.Errorf("failed to create ssl uploader: %w", err) } @@ -104,7 +106,7 @@ func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliddos.Clie config := &aliopen.Config{ AccessKeyId: tea.String(accessKeyId), AccessKeySecret: tea.String(accessKeySecret), - Endpoint: tea.String(fmt.Sprintf("ddoscoo.%s.aliyuncs.com", region)), + Endpoint: tea.String(strings.ReplaceAll(fmt.Sprintf("ddoscoo.%s.aliyuncs.com", region), "..", ".")), } client, err := aliddos.NewClient(config) @@ -115,7 +117,7 @@ func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliddos.Clie return client, nil } -func createSslUploader(accessKeyId, accessKeySecret, region string) (uploader.Uploader, error) { +func createSslUploader(accessKeyId, accessKeySecret, resourceGroupId, region string) (uploader.Uploader, error) { casRegion := region if casRegion != "" { // 阿里云 CAS 服务接入点是独立于 Anti-DDoS 服务的 @@ -131,6 +133,7 @@ func createSslUploader(accessKeyId, accessKeySecret, region string) (uploader.Up uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{ AccessKeyId: accessKeyId, AccessKeySecret: accessKeySecret, + ResourceGroupId: resourceGroupId, Region: casRegion, }) return uploader, err diff --git a/internal/pkg/core/deployer/providers/aliyun-esa/aliyun_esa.go b/internal/pkg/core/deployer/providers/aliyun-esa/aliyun_esa.go index 1f29756f..74d8344b 100644 --- a/internal/pkg/core/deployer/providers/aliyun-esa/aliyun_esa.go +++ b/internal/pkg/core/deployer/providers/aliyun-esa/aliyun_esa.go @@ -22,6 +22,8 @@ type DeployerConfig struct { AccessKeyId string `json:"accessKeyId"` // 阿里云 AccessKeySecret。 AccessKeySecret string `json:"accessKeySecret"` + // 阿里云资源组 ID。 + ResourceGroupId string `json:"resourceGroupId,omitempty"` // 阿里云地域。 Region string `json:"region"` // 阿里云 ESA 站点 ID。 @@ -47,7 +49,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) { return nil, fmt.Errorf("failed to create sdk client: %w", err) } - uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.Region) + uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.ResourceGroupId, config.Region) if err != nil { return nil, fmt.Errorf("failed to create ssl uploader: %w", err) } @@ -105,7 +107,7 @@ func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliesa.Clien config := &aliopen.Config{ AccessKeyId: tea.String(accessKeyId), AccessKeySecret: tea.String(accessKeySecret), - Endpoint: tea.String(fmt.Sprintf("esa.%s.aliyuncs.com", region)), + Endpoint: tea.String(strings.ReplaceAll(fmt.Sprintf("esa.%s.aliyuncs.com", region), "..", ".")), } client, err := aliesa.NewClient(config) @@ -116,7 +118,7 @@ func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliesa.Clien return client, nil } -func createSslUploader(accessKeyId, accessKeySecret, region string) (uploader.Uploader, error) { +func createSslUploader(accessKeyId, accessKeySecret, resourceGroupId, region string) (uploader.Uploader, error) { casRegion := region if casRegion != "" { // 阿里云 CAS 服务接入点是独立于 ESA 服务的 @@ -132,6 +134,7 @@ func createSslUploader(accessKeyId, accessKeySecret, region string) (uploader.Up uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{ AccessKeyId: accessKeyId, AccessKeySecret: accessKeySecret, + ResourceGroupId: resourceGroupId, Region: casRegion, }) return uploader, err diff --git a/internal/pkg/core/deployer/providers/aliyun-fc/aliyun_fc.go b/internal/pkg/core/deployer/providers/aliyun-fc/aliyun_fc.go index 426aa3a6..c1e8c5a0 100644 --- a/internal/pkg/core/deployer/providers/aliyun-fc/aliyun_fc.go +++ b/internal/pkg/core/deployer/providers/aliyun-fc/aliyun_fc.go @@ -4,6 +4,7 @@ import ( "context" "fmt" "log/slog" + "strings" "time" aliopen "github.com/alibabacloud-go/darabonba-openapi/v2/client" @@ -19,6 +20,8 @@ type DeployerConfig struct { AccessKeyId string `json:"accessKeyId"` // 阿里云 AccessKeySecret。 AccessKeySecret string `json:"accessKeySecret"` + // 阿里云资源组 ID。 + ResourceGroupId string `json:"resourceGroupId,omitempty"` // 阿里云地域。 Region string `json:"region"` // 服务版本。 @@ -150,6 +153,8 @@ func createSdkClients(accessKeyId, accessKeySecret, region string) (*wSdkClients // 接入点一览 https://api.aliyun.com/product/FC-Open var fc2Endpoint string switch region { + case "": + fc2Endpoint = "fc.aliyuncs.com" case "cn-hangzhou-finance": fc2Endpoint = fmt.Sprintf("%s.fc.aliyuncs.com", region) default: @@ -167,7 +172,7 @@ func createSdkClients(accessKeyId, accessKeySecret, region string) (*wSdkClients } // 接入点一览 https://api.aliyun.com/product/FC-Open - fc3Endpoint := fmt.Sprintf("fcv3.%s.aliyuncs.com", region) + fc3Endpoint := strings.ReplaceAll(fmt.Sprintf("fcv3.%s.aliyuncs.com", region), "..", ".") fc3Config := &aliopen.Config{ AccessKeyId: tea.String(accessKeyId), AccessKeySecret: tea.String(accessKeySecret), diff --git a/internal/pkg/core/deployer/providers/aliyun-ga/aliyun_ga.go b/internal/pkg/core/deployer/providers/aliyun-ga/aliyun_ga.go index f69660a8..c7385863 100644 --- a/internal/pkg/core/deployer/providers/aliyun-ga/aliyun_ga.go +++ b/internal/pkg/core/deployer/providers/aliyun-ga/aliyun_ga.go @@ -22,6 +22,8 @@ type DeployerConfig struct { AccessKeyId string `json:"accessKeyId"` // 阿里云 AccessKeySecret。 AccessKeySecret string `json:"accessKeySecret"` + // 阿里云资源组 ID。 + ResourceGroupId string `json:"resourceGroupId,omitempty"` // 部署资源类型。 ResourceType ResourceType `json:"resourceType"` // 全球加速实例 ID。 @@ -53,7 +55,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) { return nil, fmt.Errorf("failed to create sdk client: %w", err) } - uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret) + uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.ResourceGroupId) if err != nil { return nil, fmt.Errorf("failed to create ssl uploader: %w", err) } @@ -312,10 +314,11 @@ func createSdkClient(accessKeyId, accessKeySecret string) (*aliga.Client, error) return client, nil } -func createSslUploader(accessKeyId, accessKeySecret string) (uploader.Uploader, error) { +func createSslUploader(accessKeyId, accessKeySecret, resourceGroupId string) (uploader.Uploader, error) { uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{ AccessKeyId: accessKeyId, AccessKeySecret: accessKeySecret, + ResourceGroupId: resourceGroupId, Region: "cn-hangzhou", }) return uploader, err diff --git a/internal/pkg/core/deployer/providers/aliyun-live/aliyun_live.go b/internal/pkg/core/deployer/providers/aliyun-live/aliyun_live.go index 354c9601..0481f3bf 100644 --- a/internal/pkg/core/deployer/providers/aliyun-live/aliyun_live.go +++ b/internal/pkg/core/deployer/providers/aliyun-live/aliyun_live.go @@ -19,6 +19,8 @@ type DeployerConfig struct { AccessKeyId string `json:"accessKeyId"` // 阿里云 AccessKeySecret。 AccessKeySecret string `json:"accessKeySecret"` + // 阿里云资源组 ID。 + ResourceGroupId string `json:"resourceGroupId,omitempty"` // 阿里云地域。 Region string `json:"region"` // 直播流域名(支持泛域名)。 @@ -86,7 +88,7 @@ func createSdkClient(accessKeyId, accessKeySecret, region string) (*alilive.Clie // 接入点一览 https://api.aliyun.com/product/live var endpoint string switch region { - case + case "", "cn-qingdao", "cn-beijing", "cn-shanghai", diff --git a/internal/pkg/core/deployer/providers/aliyun-nlb/aliyun_nlb.go b/internal/pkg/core/deployer/providers/aliyun-nlb/aliyun_nlb.go index 58015f3d..e4e80db9 100644 --- a/internal/pkg/core/deployer/providers/aliyun-nlb/aliyun_nlb.go +++ b/internal/pkg/core/deployer/providers/aliyun-nlb/aliyun_nlb.go @@ -21,6 +21,8 @@ type DeployerConfig struct { AccessKeyId string `json:"accessKeyId"` // 阿里云 AccessKeySecret。 AccessKeySecret string `json:"accessKeySecret"` + // 阿里云资源组 ID。 + ResourceGroupId string `json:"resourceGroupId,omitempty"` // 阿里云地域。 Region string `json:"region"` // 部署资源类型。 @@ -52,7 +54,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) { return nil, fmt.Errorf("failed to create sdk client: %w", err) } - uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.Region) + uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.ResourceGroupId, config.Region) if err != nil { return nil, fmt.Errorf("failed to create ssl uploader: %w", err) } @@ -224,12 +226,7 @@ func (d *DeployerProvider) updateListenerCertificate(ctx context.Context, cloudL func createSdkClient(accessKeyId, accessKeySecret, region string) (*alinlb.Client, error) { // 接入点一览 https://api.aliyun.com/product/Nlb - var endpoint string - switch region { - default: - endpoint = fmt.Sprintf("nlb.%s.aliyuncs.com", region) - } - + endpoint := strings.ReplaceAll(fmt.Sprintf("nlb.%s.aliyuncs.com", region), "..", ".") config := &aliopen.Config{ AccessKeyId: tea.String(accessKeyId), AccessKeySecret: tea.String(accessKeySecret), @@ -244,7 +241,7 @@ func createSdkClient(accessKeyId, accessKeySecret, region string) (*alinlb.Clien return client, nil } -func createSslUploader(accessKeyId, accessKeySecret, region string) (uploader.Uploader, error) { +func createSslUploader(accessKeyId, accessKeySecret, resourceGroupId, region string) (uploader.Uploader, error) { casRegion := region if casRegion != "" { // 阿里云 CAS 服务接入点是独立于 NLB 服务的 @@ -260,6 +257,7 @@ func createSslUploader(accessKeyId, accessKeySecret, region string) (uploader.Up uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{ AccessKeyId: accessKeyId, AccessKeySecret: accessKeySecret, + ResourceGroupId: resourceGroupId, Region: casRegion, }) return uploader, err diff --git a/internal/pkg/core/deployer/providers/aliyun-oss/aliyun_oss.go b/internal/pkg/core/deployer/providers/aliyun-oss/aliyun_oss.go index 474fe5b3..d810c0f9 100644 --- a/internal/pkg/core/deployer/providers/aliyun-oss/aliyun_oss.go +++ b/internal/pkg/core/deployer/providers/aliyun-oss/aliyun_oss.go @@ -16,6 +16,8 @@ type DeployerConfig struct { AccessKeyId string `json:"accessKeyId"` // 阿里云 AccessKeySecret。 AccessKeySecret string `json:"accessKeySecret"` + // 阿里云资源组 ID。 + ResourceGroupId string `json:"resourceGroupId,omitempty"` // 阿里云地域。 Region string `json:"region"` // 存储桶名。 diff --git a/internal/pkg/core/deployer/providers/aliyun-vod/aliyun_vod.go b/internal/pkg/core/deployer/providers/aliyun-vod/aliyun_vod.go index 48e52c26..b340e0a3 100644 --- a/internal/pkg/core/deployer/providers/aliyun-vod/aliyun_vod.go +++ b/internal/pkg/core/deployer/providers/aliyun-vod/aliyun_vod.go @@ -4,6 +4,7 @@ import ( "context" "fmt" "log/slog" + "strings" "time" aliopen "github.com/alibabacloud-go/darabonba-openapi/v2/client" @@ -18,6 +19,8 @@ type DeployerConfig struct { AccessKeyId string `json:"accessKeyId"` // 阿里云 AccessKeySecret。 AccessKeySecret string `json:"accessKeySecret"` + // 阿里云资源组 ID。 + ResourceGroupId string `json:"resourceGroupId,omitempty"` // 阿里云地域。 Region string `json:"region"` // 点播加速域名(不支持泛域名)。 @@ -80,8 +83,7 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPE func createSdkClient(accessKeyId, accessKeySecret, region string) (*alivod.Client, error) { // 接入点一览 https://api.aliyun.com/product/vod - endpoint := fmt.Sprintf("vod.%s.aliyuncs.com", region) - + endpoint := strings.ReplaceAll(fmt.Sprintf("vod.%s.aliyuncs.com", region), "..", ".") config := &aliopen.Config{ AccessKeyId: tea.String(accessKeyId), AccessKeySecret: tea.String(accessKeySecret), diff --git a/internal/pkg/core/deployer/providers/aliyun-waf/aliyun_waf.go b/internal/pkg/core/deployer/providers/aliyun-waf/aliyun_waf.go index 26dbd008..c8ec310a 100644 --- a/internal/pkg/core/deployer/providers/aliyun-waf/aliyun_waf.go +++ b/internal/pkg/core/deployer/providers/aliyun-waf/aliyun_waf.go @@ -15,6 +15,7 @@ import ( "github.com/usual2970/certimate/internal/pkg/core/uploader" uploadersp "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/aliyun-cas" sliceutil "github.com/usual2970/certimate/internal/pkg/utils/slice" + typeutil "github.com/usual2970/certimate/internal/pkg/utils/type" ) type DeployerConfig struct { @@ -22,6 +23,8 @@ type DeployerConfig struct { AccessKeyId string `json:"accessKeyId"` // 阿里云 AccessKeySecret。 AccessKeySecret string `json:"accessKeySecret"` + // 阿里云资源组 ID。 + ResourceGroupId string `json:"resourceGroupId,omitempty"` // 阿里云地域。 Region string `json:"region"` // 服务版本。 @@ -51,7 +54,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) { return nil, fmt.Errorf("failed to create sdk client: %w", err) } - uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.Region) + uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.ResourceGroupId, config.Region) if err != nil { return nil, fmt.Errorf("failed to create ssl uploader: %w", err) } @@ -107,8 +110,9 @@ func (d *DeployerProvider) deployToWAF3(ctx context.Context, certPEM string, pri // 查询默认 SSL/TLS 设置 // REF: https://help.aliyun.com/zh/waf/web-application-firewall-3-0/developer-reference/api-waf-openapi-2021-10-01-describedefaulthttps describeDefaultHttpsReq := &aliwaf.DescribeDefaultHttpsRequest{ - InstanceId: tea.String(d.config.InstanceId), - RegionId: tea.String(d.config.Region), + ResourceManagerResourceGroupId: typeutil.ToPtrOrZeroNil(d.config.ResourceGroupId), + InstanceId: tea.String(d.config.InstanceId), + RegionId: tea.String(d.config.Region), } describeDefaultHttpsResp, err := d.sdkClient.DescribeDefaultHttps(describeDefaultHttpsReq) d.logger.Debug("sdk request 'waf.DescribeDefaultHttps'", slog.Any("request", describeDefaultHttpsReq), slog.Any("response", describeDefaultHttpsResp)) @@ -119,11 +123,12 @@ func (d *DeployerProvider) deployToWAF3(ctx context.Context, certPEM string, pri // 修改默认 SSL/TLS 设置 // REF: https://help.aliyun.com/zh/waf/web-application-firewall-3-0/developer-reference/api-waf-openapi-2021-10-01-modifydefaulthttps modifyDefaultHttpsReq := &aliwaf.ModifyDefaultHttpsRequest{ - InstanceId: tea.String(d.config.InstanceId), - RegionId: tea.String(d.config.Region), - CertId: tea.String(upres.CertId), - TLSVersion: tea.String("tlsv1"), - EnableTLSv3: tea.Bool(false), + ResourceManagerResourceGroupId: typeutil.ToPtrOrZeroNil(d.config.ResourceGroupId), + InstanceId: tea.String(d.config.InstanceId), + RegionId: tea.String(d.config.Region), + CertId: tea.String(upres.CertId), + TLSVersion: tea.String("tlsv1"), + EnableTLSv3: tea.Bool(false), } if describeDefaultHttpsResp.Body != nil && describeDefaultHttpsResp.Body.DefaultHttps != nil { modifyDefaultHttpsReq.TLSVersion = describeDefaultHttpsResp.Body.DefaultHttps.TLSVersion @@ -172,10 +177,11 @@ func (d *DeployerProvider) deployToWAF3(ctx context.Context, certPEM string, pri func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliwaf.Client, error) { // 接入点一览:https://api.aliyun.com/product/waf-openapi + endpoint := strings.ReplaceAll(fmt.Sprintf("wafopenapi.%s.aliyuncs.com", region), "..", ".") config := &aliopen.Config{ AccessKeyId: tea.String(accessKeyId), AccessKeySecret: tea.String(accessKeySecret), - Endpoint: tea.String(fmt.Sprintf("wafopenapi.%s.aliyuncs.com", region)), + Endpoint: tea.String(endpoint), } client, err := aliwaf.NewClient(config) @@ -186,7 +192,7 @@ func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliwaf.Clien return client, nil } -func createSslUploader(accessKeyId, accessKeySecret, region string) (uploader.Uploader, error) { +func createSslUploader(accessKeyId, accessKeySecret, resourceGroupId, region string) (uploader.Uploader, error) { casRegion := region if casRegion != "" { // 阿里云 CAS 服务接入点是独立于 WAF 服务的 @@ -202,6 +208,7 @@ func createSslUploader(accessKeyId, accessKeySecret, region string) (uploader.Up uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{ AccessKeyId: accessKeyId, AccessKeySecret: accessKeySecret, + ResourceGroupId: resourceGroupId, Region: casRegion, }) return uploader, err diff --git a/internal/pkg/core/uploader/providers/aliyun-cas/aliyun_cas.go b/internal/pkg/core/uploader/providers/aliyun-cas/aliyun_cas.go index 9d7be223..f5f490a3 100644 --- a/internal/pkg/core/uploader/providers/aliyun-cas/aliyun_cas.go +++ b/internal/pkg/core/uploader/providers/aliyun-cas/aliyun_cas.go @@ -13,6 +13,7 @@ import ( "github.com/usual2970/certimate/internal/pkg/core/uploader" certutil "github.com/usual2970/certimate/internal/pkg/utils/cert" + typeutil "github.com/usual2970/certimate/internal/pkg/utils/type" ) type UploaderConfig struct { @@ -20,6 +21,8 @@ type UploaderConfig struct { AccessKeyId string `json:"accessKeyId"` // 阿里云 AccessKeySecret。 AccessKeySecret string `json:"accessKeySecret"` + // 阿里云资源组 ID。 + ResourceGroupId string `json:"resourceGroupId,omitempty"` // 阿里云地域。 Region string `json:"region"` } @@ -78,9 +81,10 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPEM string, privkeyPE } listUserCertificateOrderReq := &alicas.ListUserCertificateOrderRequest{ - CurrentPage: tea.Int64(listUserCertificateOrderPage), - ShowSize: tea.Int64(listUserCertificateOrderLimit), - OrderType: tea.String("CERT"), + ResourceGroupId: typeutil.ToPtrOrZeroNil(u.config.ResourceGroupId), + CurrentPage: tea.Int64(listUserCertificateOrderPage), + ShowSize: tea.Int64(listUserCertificateOrderLimit), + OrderType: tea.String("CERT"), } listUserCertificateOrderResp, err := u.sdkClient.ListUserCertificateOrder(listUserCertificateOrderReq) u.logger.Debug("sdk request 'cas.ListUserCertificateOrder'", slog.Any("request", listUserCertificateOrderReq), slog.Any("response", listUserCertificateOrderResp)) @@ -143,9 +147,10 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPEM string, privkeyPE // 上传新证书 // REF: https://help.aliyun.com/zh/ssl-certificate/developer-reference/api-cas-2020-04-07-uploadusercertificate uploadUserCertificateReq := &alicas.UploadUserCertificateRequest{ - Name: tea.String(certName), - Cert: tea.String(certPEM), - Key: tea.String(privkeyPEM), + ResourceGroupId: typeutil.ToPtrOrZeroNil(u.config.ResourceGroupId), + Name: tea.String(certName), + Cert: tea.String(certPEM), + Key: tea.String(privkeyPEM), } uploadUserCertificateResp, err := u.sdkClient.UploadUserCertificate(uploadUserCertificateReq) u.logger.Debug("sdk request 'cas.UploadUserCertificate'", slog.Any("request", uploadUserCertificateReq), slog.Any("response", uploadUserCertificateResp)) @@ -176,14 +181,10 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPEM string, privkeyPE } func createSdkClient(accessKeyId, accessKeySecret, region string) (*alicas.Client, error) { - if region == "" { - region = "cn-hangzhou" // CAS 服务默认区域:华东一杭州 - } - // 接入点一览 https://api.aliyun.com/product/cas var endpoint string switch region { - case "cn-hangzhou": + case "", "cn-hangzhou": endpoint = "cas.aliyuncs.com" default: endpoint = fmt.Sprintf("cas.%s.aliyuncs.com", region) diff --git a/internal/pkg/core/uploader/providers/aliyun-slb/aliyun_slb.go b/internal/pkg/core/uploader/providers/aliyun-slb/aliyun_slb.go index cc1544c1..933bc51e 100644 --- a/internal/pkg/core/uploader/providers/aliyun-slb/aliyun_slb.go +++ b/internal/pkg/core/uploader/providers/aliyun-slb/aliyun_slb.go @@ -16,6 +16,7 @@ import ( "github.com/usual2970/certimate/internal/pkg/core/uploader" certutil "github.com/usual2970/certimate/internal/pkg/utils/cert" + typeutil "github.com/usual2970/certimate/internal/pkg/utils/type" ) type UploaderConfig struct { @@ -23,6 +24,8 @@ type UploaderConfig struct { AccessKeyId string `json:"accessKeyId"` // 阿里云 AccessKeySecret。 AccessKeySecret string `json:"accessKeySecret"` + // 阿里云资源组 ID。 + ResourceGroupId string `json:"resourceGroupId,omitempty"` // 阿里云地域。 Region string `json:"region"` } @@ -71,7 +74,8 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPEM string, privkeyPE // 查询证书列表,避免重复上传 // REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-describeservercertificates describeServerCertificatesReq := &alislb.DescribeServerCertificatesRequest{ - RegionId: tea.String(u.config.Region), + ResourceGroupId: typeutil.ToPtrOrZeroNil(u.config.ResourceGroupId), + RegionId: tea.String(u.config.Region), } describeServerCertificatesResp, err := u.sdkClient.DescribeServerCertificates(describeServerCertificatesReq) u.logger.Debug("sdk request 'slb.DescribeServerCertificates'", slog.Any("request", describeServerCertificatesReq), slog.Any("response", describeServerCertificatesResp)) @@ -110,6 +114,7 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPEM string, privkeyPE // 上传新证书 // REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-uploadservercertificate uploadServerCertificateReq := &alislb.UploadServerCertificateRequest{ + ResourceGroupId: typeutil.ToPtrOrZeroNil(u.config.ResourceGroupId), RegionId: tea.String(u.config.Region), ServerCertificateName: tea.String(certName), ServerCertificate: tea.String(certPEM), @@ -132,7 +137,7 @@ func createSdkClient(accessKeyId, accessKeySecret, region string) (*alislb.Clien // 接入点一览 https://api.aliyun.com/product/Slb var endpoint string switch region { - case + case "", "cn-hangzhou", "cn-hangzhou-finance", "cn-shanghai-finance-1", diff --git a/internal/pkg/utils/type/cast.go b/internal/pkg/utils/type/cast.go index 1acd4765..77eb9dad 100644 --- a/internal/pkg/utils/type/cast.go +++ b/internal/pkg/utils/type/cast.go @@ -22,10 +22,11 @@ func ToPtr[T any](v T) (p *T) { // 出参: // - 返回对象的指针。 func ToPtrOrZeroNil[T any](v T) (p *T) { - if !reflect.ValueOf(v).IsZero() { - return &v + if reflect.ValueOf(v).IsZero() { + return nil } - return nil + + return &v } // 将指针转换为对象。 diff --git a/ui/src/components/access/AccessFormAliyunConfig.tsx b/ui/src/components/access/AccessFormAliyunConfig.tsx index b3c0fbd0..4904b072 100644 --- a/ui/src/components/access/AccessFormAliyunConfig.tsx +++ b/ui/src/components/access/AccessFormAliyunConfig.tsx @@ -28,14 +28,15 @@ const AccessFormAliyunConfig = ({ form: formInst, formName, disabled, initialVal const formSchema = z.object({ accessKeyId: z .string() + .trim() .min(1, t("access.form.aliyun_access_key_id.placeholder")) - .max(64, t("common.errmsg.string_max", { max: 64 })) - .trim(), + .max(64, t("common.errmsg.string_max", { max: 64 })), accessKeySecret: z .string() + .trim() .min(1, t("access.form.aliyun_access_key_secret.placeholder")) - .max(64, t("common.errmsg.string_max", { max: 64 })) - .trim(), + .max(64, t("common.errmsg.string_max", { max: 64 })), + resourceGroupId: z.string().nullish(), }); const formRule = createSchemaFieldRule(formSchema); @@ -69,6 +70,24 @@ const AccessFormAliyunConfig = ({ form: formInst, formName, disabled, initialVal > + + } + > + + + + } + > + + ); }; diff --git a/ui/src/components/access/AccessFormHuaweiCloudConfig.tsx b/ui/src/components/access/AccessFormHuaweiCloudConfig.tsx index c460f473..ca83febd 100644 --- a/ui/src/components/access/AccessFormHuaweiCloudConfig.tsx +++ b/ui/src/components/access/AccessFormHuaweiCloudConfig.tsx @@ -36,11 +36,7 @@ const AccessFormHuaweiCloudConfig = ({ form: formInst, formName, disabled, initi .trim() .min(1, t("access.form.huaweicloud_secret_access_key.placeholder")) .max(64, t("common.errmsg.string_max", { max: 64 })), - enterpriseProjectId: z - .string() - .trim() - .max(64, t("common.errmsg.string_max", { max: 64 })) - .nullish(), + enterpriseProjectId: z.string().nullish(), }); const formRule = createSchemaFieldRule(formSchema); diff --git a/ui/src/domain/access.ts b/ui/src/domain/access.ts index 51398e7f..fe9f12e3 100644 --- a/ui/src/domain/access.ts +++ b/ui/src/domain/access.ts @@ -101,6 +101,7 @@ export type AccessConfigForACMEHttpReq = { export type AccessConfigForAliyun = { accessKeyId: string; accessKeySecret: string; + resourceGroupId?: string; }; export type AccessConfigForAWS = { diff --git a/ui/src/i18n/locales/en/nls.access.json b/ui/src/i18n/locales/en/nls.access.json index 13c9c5eb..1e570779 100644 --- a/ui/src/i18n/locales/en/nls.access.json +++ b/ui/src/i18n/locales/en/nls.access.json @@ -69,6 +69,9 @@ "access.form.aliyun_access_key_secret.label": "Aliyun AccessKeySecret", "access.form.aliyun_access_key_secret.placeholder": "Please enter Aliyun AccessKeySecret", "access.form.aliyun_access_key_secret.tooltip": "For more information, see https://www.alibabacloud.com/help/en/acr/create-and-obtain-an-accesskey-pair", + "access.form.aliyun_resource_group_id.label": "Aliyun resource group ID (Optional)", + "access.form.aliyun_resource_group_id.placeholder": "Please enter Aliyun resource group ID", + "access.form.aliyun_resource_group_id.tooltip": "For more information, see https://www.alibabacloud.com/help/en/resource-management/product-overview", "access.form.aws_access_key_id.label": "AWS AccessKeyId", "access.form.aws_access_key_id.placeholder": "Please enter AWS AccessKeyId", "access.form.aws_access_key_id.tooltip": "For more information, see https://docs.aws.amazon.com/en_us/IAM/latest/UserGuide/id_credentials_access-keys.html", diff --git a/ui/src/i18n/locales/zh/nls.access.json b/ui/src/i18n/locales/zh/nls.access.json index 43305dda..7e5abf8e 100644 --- a/ui/src/i18n/locales/zh/nls.access.json +++ b/ui/src/i18n/locales/zh/nls.access.json @@ -69,6 +69,9 @@ "access.form.aliyun_access_key_secret.label": "阿里云 AccessKeySecret", "access.form.aliyun_access_key_secret.placeholder": "请输入阿里云 AccessKeySecret", "access.form.aliyun_access_key_secret.tooltip": "这是什么?请参阅 https://help.aliyun.com/zh/ram/user-guide/create-an-accesskey-pair", + "access.form.aliyun_resource_group_id.label": "阿里云资源组 ID(可选)", + "access.form.aliyun_resource_group_id.placeholder": "请输入阿里云资源组 ID", + "access.form.aliyun_resource_group_id.tooltip": "这是什么?请参阅 https://help.aliyun.com/zh/resource-management/resource-group/product-overview", "access.form.aws_access_key_id.label": "AWS AccessKeyId", "access.form.aws_access_key_id.placeholder": "请输入 AWS AccessKeyId", "access.form.aws_access_key_id.tooltip": "这是什么?请参阅 https://docs.aws.amazon.com/zh_cn/IAM/latest/UserGuide/id_credentials_access-keys.html",