feat: new deployment provider: proxmoxve

2025-10-04 21:44:54 +00:00 · 2025-05-09 20:53:25 +08:00
parent 26359b9d16
commit f63ee41405
27 changed files with 465 additions and 51 deletions
--- a/internal/deployer/providers.go
+++ b/internal/deployer/providers.go
@@ -52,6 +52,7 @@ import (
 	pJDCloudVOD "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/jdcloud-vod"
 	pK8sSecret "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/k8s-secret"
 	pLocal "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/local"
+	pProxmoxVE "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/proxmoxve"
 	pQiniuCDN "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/qiniu-cdn"
 	pQiniuPili "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/qiniu-pili"
 	pRainYunRCDN "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/rainyun-rcdn"
@@ -723,6 +724,24 @@ func createDeployerProvider(options *deployerProviderOptions) (deployer.Deployer
 			return deployer, err
 		}

+	case domain.DeploymentProviderTypeProxmoxVE:
+		{
+			access := domain.AccessConfigForProxmoxVE{}
+			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
+				return nil, fmt.Errorf("failed to populate provider access config: %w", err)
+			}
+
+			deployer, err := pProxmoxVE.NewDeployer(&pProxmoxVE.DeployerConfig{
+				ApiUrl:                   access.ApiUrl,
+				ApiToken:                 access.ApiToken,
+				ApiTokenSecret:           access.ApiTokenSecret,
+				AllowInsecureConnections: access.AllowInsecureConnections,
+				NodeName:                 maputil.GetString(options.ProviderExtendedConfig, "nodeName"),
+				AutoRestart:              maputil.GetBool(options.ProviderExtendedConfig, "autoRestart"),
+			})
+			return deployer, err
+		}
+
 	case domain.DeploymentProviderTypeQiniuCDN, domain.DeploymentProviderTypeQiniuKodo, domain.DeploymentProviderTypeQiniuPili:
 		{
 			access := domain.AccessConfigForQiniu{}
--- a/internal/domain/access.go
+++ b/internal/domain/access.go
@@ -213,6 +213,13 @@ type AccessConfigForPowerDNS struct {
 	AllowInsecureConnections bool   `json:"allowInsecureConnections,omitempty"`
 }

+type AccessConfigForProxmoxVE struct {
+	ApiUrl                   string `json:"apiUrl"`
+	ApiToken                 string `json:"apiToken"`
+	ApiTokenSecret           string `json:"apiTokenSecret,omitempty"`
+	AllowInsecureConnections bool   `json:"allowInsecureConnections,omitempty"`
+}
+
 type AccessConfigForQiniu struct {
 	AccessKey string `json:"accessKey"`
 	SecretKey string `json:"secretKey"`
--- a/internal/domain/provider.go
+++ b/internal/domain/provider.go
@@ -55,6 +55,7 @@ const (
 	AccessProviderTypeNS1                 = AccessProviderType("ns1")
 	AccessProviderTypePorkbun             = AccessProviderType("porkbun")
 	AccessProviderTypePowerDNS            = AccessProviderType("powerdns")
+	AccessProviderTypeProxmoxVE           = AccessProviderType("proxmoxve")
 	AccessProviderTypeQiniu               = AccessProviderType("qiniu")
 	AccessProviderTypeQingCloud           = AccessProviderType("qingcloud") // 青云（预留）
 	AccessProviderTypeRainYun             = AccessProviderType("rainyun")
@@ -197,6 +198,7 @@ const (
 	DeploymentProviderTypeJDCloudVOD            = DeploymentProviderType(AccessProviderTypeJDCloud + "-vod")
 	DeploymentProviderTypeKubernetesSecret      = DeploymentProviderType(AccessProviderTypeKubernetes + "-secret")
 	DeploymentProviderTypeLocal                 = DeploymentProviderType(AccessProviderTypeLocal)
+	DeploymentProviderTypeProxmoxVE             = DeploymentProviderType(AccessProviderTypeProxmoxVE)
 	DeploymentProviderTypeQiniuCDN              = DeploymentProviderType(AccessProviderTypeQiniu + "-cdn")
 	DeploymentProviderTypeQiniuKodo             = DeploymentProviderType(AccessProviderTypeQiniu + "-kodo")
 	DeploymentProviderTypeQiniuPili             = DeploymentProviderType(AccessProviderTypeQiniu + "-pili")
--- a/internal/pkg/core/deployer/providers/proxmoxve/proxmoxve.go
+++ b/internal/pkg/core/deployer/providers/proxmoxve/proxmoxve.go
@@ -0,0 +1,121 @@
+package proxmoxve
+
+import (
+	"context"
+	"crypto/tls"
+	"errors"
+	"fmt"
+	"log/slog"
+	"net/http"
+	"net/url"
+	"strings"
+
+	"github.com/luthermonson/go-proxmox"
+
+	"github.com/usual2970/certimate/internal/pkg/core/deployer"
+)
+
+type DeployerConfig struct {
+	// Proxmox VE 地址。
+	ApiUrl string `json:"apiUrl"`
+	// Proxmox VE API Token。
+	ApiToken string `json:"apiToken"`
+	// Proxmox VE API Token Secret。
+	ApiTokenSecret string `json:"apiTokenSecret,omitempty"`
+	// 是否允许不安全的连接。
+	AllowInsecureConnections bool `json:"allowInsecureConnections,omitempty"`
+	// 集群节点名称。
+	NodeName string `json:"nodeName"`
+	// 是否自动重启。
+	AutoRestart bool `json:"autoRestart"`
+}
+
+type DeployerProvider struct {
+	config    *DeployerConfig
+	logger    *slog.Logger
+	sdkClient *proxmox.Client
+}
+
+var _ deployer.Deployer = (*DeployerProvider)(nil)
+
+func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
+	if config == nil {
+		panic("config is nil")
+	}
+
+	client, err := createSdkClient(config.ApiUrl, config.ApiToken, config.ApiTokenSecret, config.AllowInsecureConnections)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create sdk client: %w", err)
+	}
+
+	return &DeployerProvider{
+		config:    config,
+		logger:    slog.Default(),
+		sdkClient: client,
+	}, nil
+}
+
+func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
+	if logger == nil {
+		d.logger = slog.Default()
+	} else {
+		d.logger = logger
+	}
+	return d
+}
+
+func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPEM string) (*deployer.DeployResult, error) {
+	if d.config.NodeName == "" {
+		return nil, errors.New("config `nodeName` is required")
+	}
+
+	// 获取节点信息
+	// REF: https://pve.proxmox.com/pve-docs/api-viewer/index.html#/nodes/{node}
+	node, err := d.sdkClient.Node(context.TODO(), d.config.NodeName)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get node '%s': %w", d.config.NodeName, err)
+	}
+
+	// 上传自定义证书
+	// REF: https://pve.proxmox.com/pve-docs/api-viewer/index.html#/nodes/{node}/certificates/custom
+	err = node.UploadCustomCertificate(context.TODO(), &proxmox.CustomCertificate{
+		Certificates: certPEM,
+		Key:          privkeyPEM,
+		Force:        true,
+		Restart:      d.config.AutoRestart,
+	})
+	if err != nil {
+		return nil, fmt.Errorf("failed to upload custom certificate to node '%s': %w", node.Name, err)
+	}
+
+	return &deployer.DeployResult{}, nil
+}
+
+func createSdkClient(apiUrl, apiToken, apiTokenSecret string, skipTlsVerify bool) (*proxmox.Client, error) {
+	if _, err := url.Parse(apiUrl); err != nil {
+		return nil, errors.New("invalid pve api url")
+	}
+
+	if apiToken == "" {
+		return nil, errors.New("invalid pve api token")
+	}
+
+	httpClient := &http.Client{
+		Transport: http.DefaultTransport,
+		Timeout:   http.DefaultClient.Timeout,
+	}
+	if skipTlsVerify {
+		httpClient.Transport = &http.Transport{
+			TLSClientConfig: &tls.Config{
+				InsecureSkipVerify: true,
+			},
+		}
+	}
+	client := proxmox.NewClient(
+		strings.TrimRight(apiUrl, "/")+"/api2/json",
+		proxmox.WithHTTPClient(httpClient),
+		proxmox.WithAPIToken(apiToken, apiTokenSecret),
+	)
+
+	return client, nil
+}
--- a/internal/pkg/core/deployer/providers/proxmoxve/proxmoxve_test.go
+++ b/internal/pkg/core/deployer/providers/proxmoxve/proxmoxve_test.go
@@ -0,0 +1,82 @@
+package proxmoxve_test
+
+import (
+	"context"
+	"flag"
+	"fmt"
+	"os"
+	"strings"
+	"testing"
+
+	provider "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/proxmoxve"
+)
+
+var (
+	fInputCertPath  string
+	fInputKeyPath   string
+	fApiUrl         string
+	fApiToken       string
+	fApiTokenSecret string
+	fNodeName       string
+)
+
+func init() {
+	argsPrefix := "CERTIMATE_DEPLOYER_PROXMOXVE_"
+
+	flag.StringVar(&fInputCertPath, argsPrefix+"INPUTCERTPATH", "", "")
+	flag.StringVar(&fInputKeyPath, argsPrefix+"INPUTKEYPATH", "", "")
+	flag.StringVar(&fApiUrl, argsPrefix+"APIURL", "", "")
+	flag.StringVar(&fApiToken, argsPrefix+"APITOKEN", "", "")
+	flag.StringVar(&fApiTokenSecret, argsPrefix+"APITOKENSECRET", "", "")
+	flag.StringVar(&fNodeName, argsPrefix+"NODENAME", "", "")
+}
+
+/*
+Shell command to run this test:
+
+	go test -v ./proxmoxve_test.go -args \
+	--CERTIMATE_DEPLOYER_PROXMOXVE_INPUTCERTPATH="/path/to/your-input-cert.pem" \
+	--CERTIMATE_DEPLOYER_PROXMOXVE_INPUTKEYPATH="/path/to/your-input-key.pem" \
+	--CERTIMATE_DEPLOYER_PROXMOXVE_APIURL="http://127.0.0.1:8006" \
+	--CERTIMATE_DEPLOYER_PROXMOXVE_APITOKEN="your-api-token" \
+	--CERTIMATE_DEPLOYER_PROXMOXVE_APITOKENSECRET="your-api-token-secret" \
+	--CERTIMATE_DEPLOYER_PROXMOXVE_NODENAME="your-cluster-node-name"
+*/
+func TestDeploy(t *testing.T) {
+	flag.Parse()
+
+	t.Run("Deploy", func(t *testing.T) {
+		t.Log(strings.Join([]string{
+			"args:",
+			fmt.Sprintf("INPUTCERTPATH: %v", fInputCertPath),
+			fmt.Sprintf("INPUTKEYPATH: %v", fInputKeyPath),
+			fmt.Sprintf("APIURL: %v", fApiUrl),
+			fmt.Sprintf("APITOKEN: %v", fApiToken),
+			fmt.Sprintf("APITOKENSECRET: %v", fApiTokenSecret),
+			fmt.Sprintf("NODENAME: %v", fNodeName),
+		}, "\n"))
+
+		deployer, err := provider.NewDeployer(&provider.DeployerConfig{
+			ApiUrl:                   fApiUrl,
+			ApiToken:                 fApiToken,
+			ApiTokenSecret:           fApiTokenSecret,
+			AllowInsecureConnections: true,
+			NodeName:                 fNodeName,
+			AutoRestart:              true,
+		})
+		if err != nil {
+			t.Errorf("err: %+v", err)
+			return
+		}
+
+		fInputCertData, _ := os.ReadFile(fInputCertPath)
+		fInputKeyData, _ := os.ReadFile(fInputKeyPath)
+		res, err := deployer.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))
+		if err != nil {
+			t.Errorf("err: %+v", err)
+			return
+		}
+
+		t.Logf("ok: %v", res)
+	})
+}