feat: support configuring aliyun resource group id

internal/pkg/core/deployer/providers/aliyun-alb/aliyun_alb.go

@@ -25,6 +25,8 @@ type DeployerConfig struct {
 	AccessKeyId string `json:"accessKeyId"`
 	// 阿里云 AccessKeySecret。
 	AccessKeySecret string `json:"accessKeySecret"`
+	// 阿里云资源组 ID。
+	ResourceGroupId string `json:"resourceGroupId,omitempty"`
 	// 阿里云地域。
 	Region string `json:"region"`
 	// 部署资源类型。
@@ -64,7 +66,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 		return nil, fmt.Errorf("failed to create sdk clients: %w", err)
 	}
 
-	uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.Region)
+	uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.ResourceGroupId, config.Region)
 	if err != nil {
 		return nil, fmt.Errorf("failed to create ssl uploader: %w", err)
 	}
@@ -423,7 +425,7 @@ func createSdkClients(accessKeyId, accessKeySecret, region string) (*wSdkClients
 	// 接入点一览 https://api.aliyun.com/product/Alb
 	var albEndpoint string
 	switch region {
-	case "cn-hangzhou-finance":
+	case "", "cn-hangzhou-finance":
 		albEndpoint = "alb.cn-hangzhou.aliyuncs.com"
 	default:
 		albEndpoint = fmt.Sprintf("alb.%s.aliyuncs.com", region)
@@ -463,7 +465,7 @@ func createSdkClients(accessKeyId, accessKeySecret, region string) (*wSdkClients
 	}, nil
 }
 
-func createSslUploader(accessKeyId, accessKeySecret, region string) (uploader.Uploader, error) {
+func createSslUploader(accessKeyId, accessKeySecret, resourceGroupId, region string) (uploader.Uploader, error) {
 	casRegion := region
 	if casRegion != "" {
 		// 阿里云 CAS 服务接入点是独立于 ALB 服务的
@@ -479,6 +481,7 @@ func createSslUploader(accessKeyId, accessKeySecret, region string) (uploader.Up
 	uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{
 		AccessKeyId:     accessKeyId,
 		AccessKeySecret: accessKeySecret,
+		ResourceGroupId: resourceGroupId,
 		Region:          casRegion,
 	})
 	return uploader, err

internal/pkg/core/deployer/providers/aliyun-apigw/aliyun_apigw.go

@@ -16,6 +16,7 @@ import (
 	"github.com/usual2970/certimate/internal/pkg/core/deployer"
 	"github.com/usual2970/certimate/internal/pkg/core/uploader"
 	uploadersp "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/aliyun-cas"
+	typeutil "github.com/usual2970/certimate/internal/pkg/utils/type"
 )
 
 type DeployerConfig struct {
@@ -23,6 +24,8 @@ type DeployerConfig struct {
 	AccessKeyId string `json:"accessKeyId"`
 	// 阿里云 AccessKeySecret。
 	AccessKeySecret string `json:"accessKeySecret"`
+	// 阿里云资源组 ID。
+	ResourceGroupId string `json:"resourceGroupId,omitempty"`
 	// 阿里云地域。
 	Region string `json:"region"`
 	// 服务类型。
@@ -61,7 +64,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 		return nil, fmt.Errorf("failed to create sdk clients: %w", err)
 	}
 
-	uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.Region)
+	uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.ResourceGroupId, config.Region)
 	if err != nil {
 		return nil, fmt.Errorf("failed to create ssl uploader: %w", err)
 	}
@@ -149,10 +152,11 @@ func (d *DeployerProvider) deployToCloudNative(ctx context.Context, certPEM stri
 		}
 
 		listDomainsReq := &aliapig.ListDomainsRequest{
-			GatewayId:  tea.String(d.config.GatewayId),
-			NameLike:   tea.String(d.config.Domain),
-			PageNumber: tea.Int32(listDomainsPageNumber),
-			PageSize:   tea.Int32(listDomainsPageSize),
+			ResourceGroupId: typeutil.ToPtrOrZeroNil(d.config.ResourceGroupId),
+			GatewayId:       tea.String(d.config.GatewayId),
+			NameLike:        tea.String(d.config.Domain),
+			PageNumber:      tea.Int32(listDomainsPageNumber),
+			PageSize:        tea.Int32(listDomainsPageSize),
 		}
 		listDomainsResp, err := d.sdkClients.CloudNativeAPIGateway.ListDomains(listDomainsReq)
 		d.logger.Debug("sdk request 'apig.ListDomains'", slog.Any("request", listDomainsReq), slog.Any("response", listDomainsResp))
@@ -223,7 +227,7 @@ func (d *DeployerProvider) deployToCloudNative(ctx context.Context, certPEM stri
 
 func createSdkClients(accessKeyId, accessKeySecret, region string) (*wSdkClients, error) {
 	// 接入点一览 https://api.aliyun.com/product/APIG
-	cloudNativeAPIGEndpoint := fmt.Sprintf("apig.%s.aliyuncs.com", region)
+	cloudNativeAPIGEndpoint := strings.ReplaceAll(fmt.Sprintf("apig.%s.aliyuncs.com", region), "..", ".")
 	cloudNativeAPIGConfig := &aliopen.Config{
 		AccessKeyId:     tea.String(accessKeyId),
 		AccessKeySecret: tea.String(accessKeySecret),
@@ -235,7 +239,7 @@ func createSdkClients(accessKeyId, accessKeySecret, region string) (*wSdkClients
 	}
 
 	// 接入点一览 https://api.aliyun.com/product/CloudAPI
-	traditionalAPIGEndpoint := fmt.Sprintf("apigateway.%s.aliyuncs.com", region)
+	traditionalAPIGEndpoint := strings.ReplaceAll(fmt.Sprintf("apigateway.%s.aliyuncs.com", region), "..", ".")
 	traditionalAPIGConfig := &aliopen.Config{
 		AccessKeyId:     tea.String(accessKeyId),
 		AccessKeySecret: tea.String(accessKeySecret),
@@ -252,7 +256,7 @@ func createSdkClients(accessKeyId, accessKeySecret, region string) (*wSdkClients
 	}, nil
 }
 
-func createSslUploader(accessKeyId, accessKeySecret, region string) (uploader.Uploader, error) {
+func createSslUploader(accessKeyId, accessKeySecret, resourceGroupId, region string) (uploader.Uploader, error) {
 	casRegion := region
 	if casRegion != "" {
 		// 阿里云 CAS 服务接入点是独立于 APIGateway 服务的
@@ -268,6 +272,7 @@ func createSslUploader(accessKeyId, accessKeySecret, region string) (uploader.Up
 	uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{
 		AccessKeyId:     accessKeyId,
 		AccessKeySecret: accessKeySecret,
+		ResourceGroupId: resourceGroupId,
 		Region:          casRegion,
 	})
 	return uploader, err

internal/pkg/core/deployer/providers/aliyun-cas-deploy/aliyun_cas_deploy.go

@@ -22,6 +22,8 @@ type DeployerConfig struct {
 	AccessKeyId string `json:"accessKeyId"`
 	// 阿里云 AccessKeySecret。
 	AccessKeySecret string `json:"accessKeySecret"`
+	// 阿里云资源组 ID。
+	ResourceGroupId string `json:"resourceGroupId,omitempty"`
 	// 阿里云地域。
 	Region string `json:"region"`
 	// 阿里云云产品资源 ID 数组。
@@ -50,11 +52,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 		return nil, fmt.Errorf("failed to create sdk client: %w", err)
 	}
 
-	uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{
-		AccessKeyId:     config.AccessKeyId,
-		AccessKeySecret: config.AccessKeySecret,
-		Region:          config.Region,
-	})
+	uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.ResourceGroupId, config.Region)
 	if err != nil {
 		return nil, fmt.Errorf("failed to create ssl uploader: %w", err)
 	}
@@ -94,9 +92,10 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPE
 	if len(contactIds) == 0 {
 		// 获取联系人列表
 		// REF: https://help.aliyun.com/zh/ssl-certificate/developer-reference/api-cas-2020-04-07-listcontact
-		listContactReq := &alicas.ListContactRequest{}
-		listContactReq.ShowSize = tea.Int32(1)
-		listContactReq.CurrentPage = tea.Int32(1)
+		listContactReq := &alicas.ListContactRequest{
+			ShowSize:    tea.Int32(1),
+			CurrentPage: tea.Int32(1),
+		}
 		listContactResp, err := d.sdkClient.ListContact(listContactReq)
 		d.logger.Debug("sdk request 'cas.ListContact'", slog.Any("request", listContactReq), slog.Any("response", listContactResp))
 		if err != nil {
@@ -157,14 +156,10 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPE
 }
 
 func createSdkClient(accessKeyId, accessKeySecret, region string) (*alicas.Client, error) {
-	if region == "" {
-		region = "cn-hangzhou" // CAS 服务默认区域：华东一杭州
-	}
-
 	// 接入点一览 https://api.aliyun.com/product/cas
 	var endpoint string
 	switch region {
-	case "cn-hangzhou":
+	case "", "cn-hangzhou":
 		endpoint = "cas.aliyuncs.com"
 	default:
 		endpoint = fmt.Sprintf("cas.%s.aliyuncs.com", region)
@@ -183,3 +178,25 @@ func createSdkClient(accessKeyId, accessKeySecret, region string) (*alicas.Clien
 
 	return client, nil
 }
+
+func createSslUploader(accessKeyId, accessKeySecret, resourceGroupId, region string) (uploader.Uploader, error) {
+	casRegion := region
+	if casRegion != "" {
+		// 阿里云 CAS 服务接入点是独立于其他服务的
+		// 国内版固定接入点：华东一杭州
+		// 国际版固定接入点：亚太东南一新加坡
+		if !strings.HasPrefix(casRegion, "cn-") {
+			casRegion = "ap-southeast-1"
+		} else {
+			casRegion = "cn-hangzhou"
+		}
+	}
+
+	uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{
+		AccessKeyId:     accessKeyId,
+		AccessKeySecret: accessKeySecret,
+		ResourceGroupId: resourceGroupId,
+		Region:          casRegion,
+	})
+	return uploader, err
+}

internal/pkg/core/deployer/providers/aliyun-cas/aliyun_cas.go

@@ -15,6 +15,8 @@ type DeployerConfig struct {
 	AccessKeyId string `json:"accessKeyId"`
 	// 阿里云 AccessKeySecret。
 	AccessKeySecret string `json:"accessKeySecret"`
+	// 阿里云资源组 ID。
+	ResourceGroupId string `json:"resourceGroupId,omitempty"`
 	// 阿里云地域。
 	Region string `json:"region"`
 }
@@ -35,6 +37,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 	uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{
 		AccessKeyId:     config.AccessKeyId,
 		AccessKeySecret: config.AccessKeySecret,
+		ResourceGroupId: config.ResourceGroupId,
 		Region:          config.Region,
 	})
 	if err != nil {

internal/pkg/core/deployer/providers/aliyun-cdn/aliyun_cdn.go

@@ -19,6 +19,8 @@ type DeployerConfig struct {
 	AccessKeyId string `json:"accessKeyId"`
 	// 阿里云 AccessKeySecret。
 	AccessKeySecret string `json:"accessKeySecret"`
+	// 阿里云资源组 ID。
+	ResourceGroupId string `json:"resourceGroupId,omitempty"`
 	// 加速域名（支持泛域名）。
 	Domain string `json:"domain"`
 }

internal/pkg/core/deployer/providers/aliyun-clb/aliyun_clb.go

@@ -20,6 +20,8 @@ type DeployerConfig struct {
 	AccessKeyId string `json:"accessKeyId"`
 	// 阿里云 AccessKeySecret。
 	AccessKeySecret string `json:"accessKeySecret"`
+	// 阿里云资源组 ID。
+	ResourceGroupId string `json:"resourceGroupId,omitempty"`
 	// 阿里云地域。
 	Region string `json:"region"`
 	// 部署资源类型。
@@ -54,7 +56,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 		return nil, fmt.Errorf("failed to create sdk client: %w", err)
 	}
 
-	uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.Region)
+	uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.ResourceGroupId, config.Region)
 	if err != nil {
 		return nil, fmt.Errorf("failed to create ssl uploader: %w", err)
 	}
@@ -283,7 +285,7 @@ func createSdkClient(accessKeyId, accessKeySecret, region string) (*alislb.Clien
 	// 接入点一览 https://api.aliyun.com/product/Slb
 	var endpoint string
 	switch region {
-	case
+	case "",
 		"cn-hangzhou",
 		"cn-hangzhou-finance",
 		"cn-shanghai-finance-1",
@@ -307,10 +309,11 @@ func createSdkClient(accessKeyId, accessKeySecret, region string) (*alislb.Clien
 	return client, nil
 }
 
-func createSslUploader(accessKeyId, accessKeySecret, region string) (uploader.Uploader, error) {
+func createSslUploader(accessKeyId, accessKeySecret, resourceGroupId, region string) (uploader.Uploader, error) {
 	uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{
 		AccessKeyId:     accessKeyId,
 		AccessKeySecret: accessKeySecret,
+		ResourceGroupId: resourceGroupId,
 		Region:          region,
 	})
 	return uploader, err

internal/pkg/core/deployer/providers/aliyun-dcdn/aliyun_dcdn.go

@@ -19,6 +19,8 @@ type DeployerConfig struct {
 	AccessKeyId string `json:"accessKeyId"`
 	// 阿里云 AccessKeySecret。
 	AccessKeySecret string `json:"accessKeySecret"`
+	// 阿里云资源组 ID。
+	ResourceGroupId string `json:"resourceGroupId,omitempty"`
 	// 加速域名（支持泛域名）。
 	Domain string `json:"domain"`
 }

internal/pkg/core/deployer/providers/aliyun-ddos/aliyun_ddos.go

@@ -22,6 +22,8 @@ type DeployerConfig struct {
 	AccessKeyId string `json:"accessKeyId"`
 	// 阿里云 AccessKeySecret。
 	AccessKeySecret string `json:"accessKeySecret"`
+	// 阿里云资源组 ID。
+	ResourceGroupId string `json:"resourceGroupId,omitempty"`
 	// 阿里云地域。
 	Region string `json:"region"`
 	// 网站域名（支持泛域名）。
@@ -47,7 +49,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 		return nil, fmt.Errorf("failed to create sdk client: %w", err)
 	}
 
-	uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.Region)
+	uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.ResourceGroupId, config.Region)
 	if err != nil {
 		return nil, fmt.Errorf("failed to create ssl uploader: %w", err)
 	}
@@ -104,7 +106,7 @@ func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliddos.Clie
 	config := &aliopen.Config{
 		AccessKeyId:     tea.String(accessKeyId),
 		AccessKeySecret: tea.String(accessKeySecret),
-		Endpoint:        tea.String(fmt.Sprintf("ddoscoo.%s.aliyuncs.com", region)),
+		Endpoint:        tea.String(strings.ReplaceAll(fmt.Sprintf("ddoscoo.%s.aliyuncs.com", region), "..", ".")),
 	}
 
 	client, err := aliddos.NewClient(config)
@@ -115,7 +117,7 @@ func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliddos.Clie
 	return client, nil
 }
 
-func createSslUploader(accessKeyId, accessKeySecret, region string) (uploader.Uploader, error) {
+func createSslUploader(accessKeyId, accessKeySecret, resourceGroupId, region string) (uploader.Uploader, error) {
 	casRegion := region
 	if casRegion != "" {
 		// 阿里云 CAS 服务接入点是独立于 Anti-DDoS 服务的
@@ -131,6 +133,7 @@ func createSslUploader(accessKeyId, accessKeySecret, region string) (uploader.Up
 	uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{
 		AccessKeyId:     accessKeyId,
 		AccessKeySecret: accessKeySecret,
+		ResourceGroupId: resourceGroupId,
 		Region:          casRegion,
 	})
 	return uploader, err

internal/pkg/core/deployer/providers/aliyun-esa/aliyun_esa.go

@@ -22,6 +22,8 @@ type DeployerConfig struct {
 	AccessKeyId string `json:"accessKeyId"`
 	// 阿里云 AccessKeySecret。
 	AccessKeySecret string `json:"accessKeySecret"`
+	// 阿里云资源组 ID。
+	ResourceGroupId string `json:"resourceGroupId,omitempty"`
 	// 阿里云地域。
 	Region string `json:"region"`
 	// 阿里云 ESA 站点 ID。
@@ -47,7 +49,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 		return nil, fmt.Errorf("failed to create sdk client: %w", err)
 	}
 
-	uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.Region)
+	uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.ResourceGroupId, config.Region)
 	if err != nil {
 		return nil, fmt.Errorf("failed to create ssl uploader: %w", err)
 	}
@@ -105,7 +107,7 @@ func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliesa.Clien
 	config := &aliopen.Config{
 		AccessKeyId:     tea.String(accessKeyId),
 		AccessKeySecret: tea.String(accessKeySecret),
-		Endpoint:        tea.String(fmt.Sprintf("esa.%s.aliyuncs.com", region)),
+		Endpoint:        tea.String(strings.ReplaceAll(fmt.Sprintf("esa.%s.aliyuncs.com", region), "..", ".")),
 	}
 
 	client, err := aliesa.NewClient(config)
@@ -116,7 +118,7 @@ func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliesa.Clien
 	return client, nil
 }
 
-func createSslUploader(accessKeyId, accessKeySecret, region string) (uploader.Uploader, error) {
+func createSslUploader(accessKeyId, accessKeySecret, resourceGroupId, region string) (uploader.Uploader, error) {
 	casRegion := region
 	if casRegion != "" {
 		// 阿里云 CAS 服务接入点是独立于 ESA 服务的
@@ -132,6 +134,7 @@ func createSslUploader(accessKeyId, accessKeySecret, region string) (uploader.Up
 	uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{
 		AccessKeyId:     accessKeyId,
 		AccessKeySecret: accessKeySecret,
+		ResourceGroupId: resourceGroupId,
 		Region:          casRegion,
 	})
 	return uploader, err

internal/pkg/core/deployer/providers/aliyun-fc/aliyun_fc.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"log/slog"
+	"strings"
 	"time"
 
 	aliopen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
@@ -19,6 +20,8 @@ type DeployerConfig struct {
 	AccessKeyId string `json:"accessKeyId"`
 	// 阿里云 AccessKeySecret。
 	AccessKeySecret string `json:"accessKeySecret"`
+	// 阿里云资源组 ID。
+	ResourceGroupId string `json:"resourceGroupId,omitempty"`
 	// 阿里云地域。
 	Region string `json:"region"`
 	// 服务版本。
@@ -150,6 +153,8 @@ func createSdkClients(accessKeyId, accessKeySecret, region string) (*wSdkClients
 	// 接入点一览 https://api.aliyun.com/product/FC-Open
 	var fc2Endpoint string
 	switch region {
+	case "":
+		fc2Endpoint = "fc.aliyuncs.com"
 	case "cn-hangzhou-finance":
 		fc2Endpoint = fmt.Sprintf("%s.fc.aliyuncs.com", region)
 	default:
@@ -167,7 +172,7 @@ func createSdkClients(accessKeyId, accessKeySecret, region string) (*wSdkClients
 	}
 
 	// 接入点一览 https://api.aliyun.com/product/FC-Open
-	fc3Endpoint := fmt.Sprintf("fcv3.%s.aliyuncs.com", region)
+	fc3Endpoint := strings.ReplaceAll(fmt.Sprintf("fcv3.%s.aliyuncs.com", region), "..", ".")
 	fc3Config := &aliopen.Config{
 		AccessKeyId:     tea.String(accessKeyId),
 		AccessKeySecret: tea.String(accessKeySecret),

internal/pkg/core/deployer/providers/aliyun-ga/aliyun_ga.go

@@ -22,6 +22,8 @@ type DeployerConfig struct {
 	AccessKeyId string `json:"accessKeyId"`
 	// 阿里云 AccessKeySecret。
 	AccessKeySecret string `json:"accessKeySecret"`
+	// 阿里云资源组 ID。
+	ResourceGroupId string `json:"resourceGroupId,omitempty"`
 	// 部署资源类型。
 	ResourceType ResourceType `json:"resourceType"`
 	// 全球加速实例 ID。
@@ -53,7 +55,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 		return nil, fmt.Errorf("failed to create sdk client: %w", err)
 	}
 
-	uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret)
+	uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.ResourceGroupId)
 	if err != nil {
 		return nil, fmt.Errorf("failed to create ssl uploader: %w", err)
 	}
@@ -312,10 +314,11 @@ func createSdkClient(accessKeyId, accessKeySecret string) (*aliga.Client, error)
 	return client, nil
 }
 
-func createSslUploader(accessKeyId, accessKeySecret string) (uploader.Uploader, error) {
+func createSslUploader(accessKeyId, accessKeySecret, resourceGroupId string) (uploader.Uploader, error) {
 	uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{
 		AccessKeyId:     accessKeyId,
 		AccessKeySecret: accessKeySecret,
+		ResourceGroupId: resourceGroupId,
 		Region:          "cn-hangzhou",
 	})
 	return uploader, err

internal/pkg/core/deployer/providers/aliyun-live/aliyun_live.go

@@ -19,6 +19,8 @@ type DeployerConfig struct {
 	AccessKeyId string `json:"accessKeyId"`
 	// 阿里云 AccessKeySecret。
 	AccessKeySecret string `json:"accessKeySecret"`
+	// 阿里云资源组 ID。
+	ResourceGroupId string `json:"resourceGroupId,omitempty"`
 	// 阿里云地域。
 	Region string `json:"region"`
 	// 直播流域名（支持泛域名）。
@@ -86,7 +88,7 @@ func createSdkClient(accessKeyId, accessKeySecret, region string) (*alilive.Clie
 	// 接入点一览 https://api.aliyun.com/product/live
 	var endpoint string
 	switch region {
-	case
+	case "",
 		"cn-qingdao",
 		"cn-beijing",
 		"cn-shanghai",

internal/pkg/core/deployer/providers/aliyun-nlb/aliyun_nlb.go

@@ -21,6 +21,8 @@ type DeployerConfig struct {
 	AccessKeyId string `json:"accessKeyId"`
 	// 阿里云 AccessKeySecret。
 	AccessKeySecret string `json:"accessKeySecret"`
+	// 阿里云资源组 ID。
+	ResourceGroupId string `json:"resourceGroupId,omitempty"`
 	// 阿里云地域。
 	Region string `json:"region"`
 	// 部署资源类型。
@@ -52,7 +54,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 		return nil, fmt.Errorf("failed to create sdk client: %w", err)
 	}
 
-	uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.Region)
+	uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.ResourceGroupId, config.Region)
 	if err != nil {
 		return nil, fmt.Errorf("failed to create ssl uploader: %w", err)
 	}
@@ -224,12 +226,7 @@ func (d *DeployerProvider) updateListenerCertificate(ctx context.Context, cloudL
 
 func createSdkClient(accessKeyId, accessKeySecret, region string) (*alinlb.Client, error) {
 	// 接入点一览 https://api.aliyun.com/product/Nlb
-	var endpoint string
-	switch region {
-	default:
-		endpoint = fmt.Sprintf("nlb.%s.aliyuncs.com", region)
-	}
-
+	endpoint := strings.ReplaceAll(fmt.Sprintf("nlb.%s.aliyuncs.com", region), "..", ".")
 	config := &aliopen.Config{
 		AccessKeyId:     tea.String(accessKeyId),
 		AccessKeySecret: tea.String(accessKeySecret),
@@ -244,7 +241,7 @@ func createSdkClient(accessKeyId, accessKeySecret, region string) (*alinlb.Clien
 	return client, nil
 }
 
-func createSslUploader(accessKeyId, accessKeySecret, region string) (uploader.Uploader, error) {
+func createSslUploader(accessKeyId, accessKeySecret, resourceGroupId, region string) (uploader.Uploader, error) {
 	casRegion := region
 	if casRegion != "" {
 		// 阿里云 CAS 服务接入点是独立于 NLB 服务的
@@ -260,6 +257,7 @@ func createSslUploader(accessKeyId, accessKeySecret, region string) (uploader.Up
 	uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{
 		AccessKeyId:     accessKeyId,
 		AccessKeySecret: accessKeySecret,
+		ResourceGroupId: resourceGroupId,
 		Region:          casRegion,
 	})
 	return uploader, err

internal/pkg/core/deployer/providers/aliyun-oss/aliyun_oss.go

@@ -16,6 +16,8 @@ type DeployerConfig struct {
 	AccessKeyId string `json:"accessKeyId"`
 	// 阿里云 AccessKeySecret。
 	AccessKeySecret string `json:"accessKeySecret"`
+	// 阿里云资源组 ID。
+	ResourceGroupId string `json:"resourceGroupId,omitempty"`
 	// 阿里云地域。
 	Region string `json:"region"`
 	// 存储桶名。

internal/pkg/core/deployer/providers/aliyun-vod/aliyun_vod.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"log/slog"
+	"strings"
 	"time"
 
 	aliopen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
@@ -18,6 +19,8 @@ type DeployerConfig struct {
 	AccessKeyId string `json:"accessKeyId"`
 	// 阿里云 AccessKeySecret。
 	AccessKeySecret string `json:"accessKeySecret"`
+	// 阿里云资源组 ID。
+	ResourceGroupId string `json:"resourceGroupId,omitempty"`
 	// 阿里云地域。
 	Region string `json:"region"`
 	// 点播加速域名（不支持泛域名）。
@@ -80,8 +83,7 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPE
 
 func createSdkClient(accessKeyId, accessKeySecret, region string) (*alivod.Client, error) {
 	// 接入点一览 https://api.aliyun.com/product/vod
-	endpoint := fmt.Sprintf("vod.%s.aliyuncs.com", region)
-
+	endpoint := strings.ReplaceAll(fmt.Sprintf("vod.%s.aliyuncs.com", region), "..", ".")
 	config := &aliopen.Config{
 		AccessKeyId:     tea.String(accessKeyId),
 		AccessKeySecret: tea.String(accessKeySecret),

internal/pkg/core/deployer/providers/aliyun-waf/aliyun_waf.go

@@ -15,6 +15,7 @@ import (
 	"github.com/usual2970/certimate/internal/pkg/core/uploader"
 	uploadersp "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/aliyun-cas"
 	sliceutil "github.com/usual2970/certimate/internal/pkg/utils/slice"
+	typeutil "github.com/usual2970/certimate/internal/pkg/utils/type"
 )
 
 type DeployerConfig struct {
@@ -22,6 +23,8 @@ type DeployerConfig struct {
 	AccessKeyId string `json:"accessKeyId"`
 	// 阿里云 AccessKeySecret。
 	AccessKeySecret string `json:"accessKeySecret"`
+	// 阿里云资源组 ID。
+	ResourceGroupId string `json:"resourceGroupId,omitempty"`
 	// 阿里云地域。
 	Region string `json:"region"`
 	// 服务版本。
@@ -51,7 +54,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 		return nil, fmt.Errorf("failed to create sdk client: %w", err)
 	}
 
-	uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.Region)
+	uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.ResourceGroupId, config.Region)
 	if err != nil {
 		return nil, fmt.Errorf("failed to create ssl uploader: %w", err)
 	}
@@ -107,8 +110,9 @@ func (d *DeployerProvider) deployToWAF3(ctx context.Context, certPEM string, pri
 		// 查询默认 SSL/TLS 设置
 		// REF: https://help.aliyun.com/zh/waf/web-application-firewall-3-0/developer-reference/api-waf-openapi-2021-10-01-describedefaulthttps
 		describeDefaultHttpsReq := &aliwaf.DescribeDefaultHttpsRequest{
-			InstanceId: tea.String(d.config.InstanceId),
-			RegionId:   tea.String(d.config.Region),
+			ResourceManagerResourceGroupId: typeutil.ToPtrOrZeroNil(d.config.ResourceGroupId),
+			InstanceId:                     tea.String(d.config.InstanceId),
+			RegionId:                       tea.String(d.config.Region),
 		}
 		describeDefaultHttpsResp, err := d.sdkClient.DescribeDefaultHttps(describeDefaultHttpsReq)
 		d.logger.Debug("sdk request 'waf.DescribeDefaultHttps'", slog.Any("request", describeDefaultHttpsReq), slog.Any("response", describeDefaultHttpsResp))
@@ -119,11 +123,12 @@ func (d *DeployerProvider) deployToWAF3(ctx context.Context, certPEM string, pri
 		// 修改默认 SSL/TLS 设置
 		// REF: https://help.aliyun.com/zh/waf/web-application-firewall-3-0/developer-reference/api-waf-openapi-2021-10-01-modifydefaulthttps
 		modifyDefaultHttpsReq := &aliwaf.ModifyDefaultHttpsRequest{
-			InstanceId:  tea.String(d.config.InstanceId),
-			RegionId:    tea.String(d.config.Region),
-			CertId:      tea.String(upres.CertId),
-			TLSVersion:  tea.String("tlsv1"),
-			EnableTLSv3: tea.Bool(false),
+			ResourceManagerResourceGroupId: typeutil.ToPtrOrZeroNil(d.config.ResourceGroupId),
+			InstanceId:                     tea.String(d.config.InstanceId),
+			RegionId:                       tea.String(d.config.Region),
+			CertId:                         tea.String(upres.CertId),
+			TLSVersion:                     tea.String("tlsv1"),
+			EnableTLSv3:                    tea.Bool(false),
 		}
 		if describeDefaultHttpsResp.Body != nil && describeDefaultHttpsResp.Body.DefaultHttps != nil {
 			modifyDefaultHttpsReq.TLSVersion = describeDefaultHttpsResp.Body.DefaultHttps.TLSVersion
@@ -172,10 +177,11 @@ func (d *DeployerProvider) deployToWAF3(ctx context.Context, certPEM string, pri
 
 func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliwaf.Client, error) {
 	// 接入点一览：https://api.aliyun.com/product/waf-openapi
+	endpoint := strings.ReplaceAll(fmt.Sprintf("wafopenapi.%s.aliyuncs.com", region), "..", ".")
 	config := &aliopen.Config{
 		AccessKeyId:     tea.String(accessKeyId),
 		AccessKeySecret: tea.String(accessKeySecret),
-		Endpoint:        tea.String(fmt.Sprintf("wafopenapi.%s.aliyuncs.com", region)),
+		Endpoint:        tea.String(endpoint),
 	}
 
 	client, err := aliwaf.NewClient(config)
@@ -186,7 +192,7 @@ func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliwaf.Clien
 	return client, nil
 }
 
-func createSslUploader(accessKeyId, accessKeySecret, region string) (uploader.Uploader, error) {
+func createSslUploader(accessKeyId, accessKeySecret, resourceGroupId, region string) (uploader.Uploader, error) {
 	casRegion := region
 	if casRegion != "" {
 		// 阿里云 CAS 服务接入点是独立于 WAF 服务的
@@ -202,6 +208,7 @@ func createSslUploader(accessKeyId, accessKeySecret, region string) (uploader.Up
 	uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{
 		AccessKeyId:     accessKeyId,
 		AccessKeySecret: accessKeySecret,
+		ResourceGroupId: resourceGroupId,
 		Region:          casRegion,
 	})
 	return uploader, err

internal/pkg/core/uploader/providers/aliyun-cas/aliyun_cas.go

@@ -13,6 +13,7 @@ import (
 
 	"github.com/usual2970/certimate/internal/pkg/core/uploader"
 	certutil "github.com/usual2970/certimate/internal/pkg/utils/cert"
+	typeutil "github.com/usual2970/certimate/internal/pkg/utils/type"
 )
 
 type UploaderConfig struct {
@@ -20,6 +21,8 @@ type UploaderConfig struct {
 	AccessKeyId string `json:"accessKeyId"`
 	// 阿里云 AccessKeySecret。
 	AccessKeySecret string `json:"accessKeySecret"`
+	// 阿里云资源组 ID。
+	ResourceGroupId string `json:"resourceGroupId,omitempty"`
 	// 阿里云地域。
 	Region string `json:"region"`
 }
@@ -78,9 +81,10 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPEM string, privkeyPE
 		}
 
 		listUserCertificateOrderReq := &alicas.ListUserCertificateOrderRequest{
-			CurrentPage: tea.Int64(listUserCertificateOrderPage),
-			ShowSize:    tea.Int64(listUserCertificateOrderLimit),
-			OrderType:   tea.String("CERT"),
+			ResourceGroupId: typeutil.ToPtrOrZeroNil(u.config.ResourceGroupId),
+			CurrentPage:     tea.Int64(listUserCertificateOrderPage),
+			ShowSize:        tea.Int64(listUserCertificateOrderLimit),
+			OrderType:       tea.String("CERT"),
 		}
 		listUserCertificateOrderResp, err := u.sdkClient.ListUserCertificateOrder(listUserCertificateOrderReq)
 		u.logger.Debug("sdk request 'cas.ListUserCertificateOrder'", slog.Any("request", listUserCertificateOrderReq), slog.Any("response", listUserCertificateOrderResp))
@@ -143,9 +147,10 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPEM string, privkeyPE
 	// 上传新证书
 	// REF: https://help.aliyun.com/zh/ssl-certificate/developer-reference/api-cas-2020-04-07-uploadusercertificate
 	uploadUserCertificateReq := &alicas.UploadUserCertificateRequest{
-		Name: tea.String(certName),
-		Cert: tea.String(certPEM),
-		Key:  tea.String(privkeyPEM),
+		ResourceGroupId: typeutil.ToPtrOrZeroNil(u.config.ResourceGroupId),
+		Name:            tea.String(certName),
+		Cert:            tea.String(certPEM),
+		Key:             tea.String(privkeyPEM),
 	}
 	uploadUserCertificateResp, err := u.sdkClient.UploadUserCertificate(uploadUserCertificateReq)
 	u.logger.Debug("sdk request 'cas.UploadUserCertificate'", slog.Any("request", uploadUserCertificateReq), slog.Any("response", uploadUserCertificateResp))
@@ -176,14 +181,10 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPEM string, privkeyPE
 }
 
 func createSdkClient(accessKeyId, accessKeySecret, region string) (*alicas.Client, error) {
-	if region == "" {
-		region = "cn-hangzhou" // CAS 服务默认区域：华东一杭州
-	}
-
 	// 接入点一览 https://api.aliyun.com/product/cas
 	var endpoint string
 	switch region {
-	case "cn-hangzhou":
+	case "", "cn-hangzhou":
 		endpoint = "cas.aliyuncs.com"
 	default:
 		endpoint = fmt.Sprintf("cas.%s.aliyuncs.com", region)

internal/pkg/core/uploader/providers/aliyun-slb/aliyun_slb.go

@@ -16,6 +16,7 @@ import (
 
 	"github.com/usual2970/certimate/internal/pkg/core/uploader"
 	certutil "github.com/usual2970/certimate/internal/pkg/utils/cert"
+	typeutil "github.com/usual2970/certimate/internal/pkg/utils/type"
 )
 
 type UploaderConfig struct {
@@ -23,6 +24,8 @@ type UploaderConfig struct {
 	AccessKeyId string `json:"accessKeyId"`
 	// 阿里云 AccessKeySecret。
 	AccessKeySecret string `json:"accessKeySecret"`
+	// 阿里云资源组 ID。
+	ResourceGroupId string `json:"resourceGroupId,omitempty"`
 	// 阿里云地域。
 	Region string `json:"region"`
 }
@@ -71,7 +74,8 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPEM string, privkeyPE
 	// 查询证书列表，避免重复上传
 	// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-describeservercertificates
 	describeServerCertificatesReq := &alislb.DescribeServerCertificatesRequest{
-		RegionId: tea.String(u.config.Region),
+		ResourceGroupId: typeutil.ToPtrOrZeroNil(u.config.ResourceGroupId),
+		RegionId:        tea.String(u.config.Region),
 	}
 	describeServerCertificatesResp, err := u.sdkClient.DescribeServerCertificates(describeServerCertificatesReq)
 	u.logger.Debug("sdk request 'slb.DescribeServerCertificates'", slog.Any("request", describeServerCertificatesReq), slog.Any("response", describeServerCertificatesResp))
@@ -110,6 +114,7 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPEM string, privkeyPE
 	// 上传新证书
 	// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-uploadservercertificate
 	uploadServerCertificateReq := &alislb.UploadServerCertificateRequest{
+		ResourceGroupId:       typeutil.ToPtrOrZeroNil(u.config.ResourceGroupId),
 		RegionId:              tea.String(u.config.Region),
 		ServerCertificateName: tea.String(certName),
 		ServerCertificate:     tea.String(certPEM),
@@ -132,7 +137,7 @@ func createSdkClient(accessKeyId, accessKeySecret, region string) (*alislb.Clien
 	// 接入点一览 https://api.aliyun.com/product/Slb
 	var endpoint string
 	switch region {
-	case
+	case "",
 		"cn-hangzhou",
 		"cn-hangzhou-finance",
 		"cn-shanghai-finance-1",

internal/pkg/utils/type/cast.go

@@ -22,10 +22,11 @@ func ToPtr[T any](v T) (p *T) {
 // 出参：
 //   - 返回对象的指针。
 func ToPtrOrZeroNil[T any](v T) (p *T) {
-	if !reflect.ValueOf(v).IsZero() {
-		return &v
+	if reflect.ValueOf(v).IsZero() {
+		return nil
 	}
-	return nil
+
+	return &v
 }
 
 // 将指针转换为对象。