feat: add tencentcloud-eo dns-01 applicant

2025-10-04 13:34:52 +00:00 · 2025-03-25 20:27:16 +08:00
parent fd8ac3ae37
commit fa63f2a838
13 changed files with 385 additions and 20 deletions
--- a/internal/applicant/providers.go
+++ b/internal/applicant/providers.go
@@ -30,6 +30,7 @@ import (
 	pPowerDNS "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/powerdns"
 	pRainYun "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/rainyun"
 	pTencentCloud "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/tencentcloud"
+	pTencentCloudEO "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/tencentcloud-eo"
 	pVercel "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/vercel"
 	pVolcEngine "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/volcengine"
 	pWestcn "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/westcn"
@@ -294,7 +295,7 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) {
 			applicant, err := pJDCloud.NewChallengeProvider(&pJDCloud.ChallengeProviderConfig{
 				AccessKeyId:           access.AccessKeyId,
 				AccessKeySecret:       access.AccessKeySecret,
-				RegionId:              maputil.GetString(options.ProviderApplyConfig, "region_id"),
+				RegionId:              maputil.GetString(options.ProviderApplyConfig, "regionId"),
 				DnsPropagationTimeout: options.DnsPropagationTimeout,
 				DnsTTL:                options.DnsTTL,
 			})
@@ -410,20 +411,36 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) {
 			return applicant, err
 		}

-	case domain.ApplyDNSProviderTypeTencentCloud, domain.ApplyDNSProviderTypeTencentCloudDNS:
+	case domain.ApplyDNSProviderTypeTencentCloud, domain.ApplyDNSProviderTypeTencentCloudDNS, domain.ApplyDNSProviderTypeTencentCloudEO:
 		{
 			access := domain.AccessConfigForTencentCloud{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
 				return nil, fmt.Errorf("failed to populate provider access config: %w", err)
 			}

-			applicant, err := pTencentCloud.NewChallengeProvider(&pTencentCloud.ChallengeProviderConfig{
-				SecretId:              access.SecretId,
-				SecretKey:             access.SecretKey,
-				DnsPropagationTimeout: options.DnsPropagationTimeout,
-				DnsTTL:                options.DnsTTL,
-			})
-			return applicant, err
+			switch options.Provider {
+			case domain.ApplyDNSProviderTypeTencentCloud, domain.ApplyDNSProviderTypeTencentCloudDNS:
+				applicant, err := pTencentCloud.NewChallengeProvider(&pTencentCloud.ChallengeProviderConfig{
+					SecretId:              access.SecretId,
+					SecretKey:             access.SecretKey,
+					DnsPropagationTimeout: options.DnsPropagationTimeout,
+					DnsTTL:                options.DnsTTL,
+				})
+				return applicant, err
+
+			case domain.ApplyDNSProviderTypeTencentCloudEO:
+				applicant, err := pTencentCloudEO.NewChallengeProvider(&pTencentCloudEO.ChallengeProviderConfig{
+					SecretId:              access.SecretId,
+					SecretKey:             access.SecretKey,
+					ZoneId:                maputil.GetString(options.ProviderApplyConfig, "zoneId"),
+					DnsPropagationTimeout: options.DnsPropagationTimeout,
+					DnsTTL:                options.DnsTTL,
+				})
+				return applicant, err
+
+			default:
+				break
+			}
 		}

 	case domain.ApplyDNSProviderTypeVercel:
--- a/internal/domain/provider.go
+++ b/internal/domain/provider.go
@@ -101,6 +101,7 @@ const (
 	ApplyDNSProviderTypeRainYun         = ApplyDNSProviderType("rainyun")
 	ApplyDNSProviderTypeTencentCloud    = ApplyDNSProviderType("tencentcloud") // 兼容旧值，等同于 [ApplyDNSProviderTypeTencentCloudDNS]
 	ApplyDNSProviderTypeTencentCloudDNS = ApplyDNSProviderType("tencentcloud-dns")
+	ApplyDNSProviderTypeTencentCloudEO  = ApplyDNSProviderType("tencentcloud-eo")
 	ApplyDNSProviderTypeVercel          = ApplyDNSProviderType("vercel")
 	ApplyDNSProviderTypeVolcEngine      = ApplyDNSProviderType("volcengine") // 兼容旧值，等同于 [ApplyDNSProviderTypeVolcEngineDNS]
 	ApplyDNSProviderTypeVolcEngineDNS   = ApplyDNSProviderType("volcengine-dns")
--- a/internal/pkg/core/applicant/acme-dns-01/lego-providers/cmcccloud/internal/lego.go
+++ b/internal/pkg/core/applicant/acme-dns-01/lego-providers/cmcccloud/internal/lego.go
@@ -106,6 +106,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
 	if err != nil {
 		return err
 	}
+
 	if record == nil {
 		// add new record
 		resp, err := d.client.CreateRecordOpenapi(&model.CreateRecordOpenapiRequest{
--- a/internal/pkg/core/applicant/acme-dns-01/lego-providers/tencentcloud-eo/internal/lego.go
+++ b/internal/pkg/core/applicant/acme-dns-01/lego-providers/tencentcloud-eo/internal/lego.go
@@ -0,0 +1,207 @@
+package lego_tencentcloudeo
+
+import (
+	"errors"
+	"fmt"
+	"math"
+	"strings"
+	"time"
+
+	"github.com/go-acme/lego/v4/challenge"
+	"github.com/go-acme/lego/v4/challenge/dns01"
+	"github.com/go-acme/lego/v4/platform/config/env"
+	"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common"
+	"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile"
+	teo "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo/v20220901"
+)
+
+const (
+	envNamespace = "TENCENTCLOUDEO_"
+
+	EnvSecretID  = envNamespace + "SECRET_ID"
+	EnvSecretKey = envNamespace + "SECRET_KEY"
+	EnvZoneId    = envNamespace + "ZONE_ID"
+
+	EnvTTL                = envNamespace + "TTL"
+	EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
+	EnvPollingInterval    = envNamespace + "POLLING_INTERVAL"
+	EnvHTTPTimeout        = envNamespace + "HTTP_TIMEOUT"
+)
+
+var _ challenge.ProviderTimeout = (*DNSProvider)(nil)
+
+type Config struct {
+	SecretID  string
+	SecretKey string
+	ZoneId    string
+
+	PropagationTimeout time.Duration
+	PollingInterval    time.Duration
+	TTL                int32
+	HTTPTimeout        time.Duration
+}
+
+type DNSProvider struct {
+	client *teo.Client
+	config *Config
+}
+
+func NewDefaultConfig() *Config {
+	return &Config{
+		TTL:                int32(env.GetOrDefaultInt(EnvTTL, 300)),
+		PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, 2*time.Minute),
+		PollingInterval:    env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval),
+		HTTPTimeout:        env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),
+	}
+}
+
+func NewDNSProvider() (*DNSProvider, error) {
+	values, err := env.Get(EnvSecretID, EnvSecretKey, EnvZoneId)
+	if err != nil {
+		return nil, fmt.Errorf("tencentcloud-eo: %w", err)
+	}
+
+	config := NewDefaultConfig()
+	config.SecretID = values[EnvSecretID]
+	config.SecretKey = values[EnvSecretKey]
+	config.ZoneId = values[EnvSecretKey]
+
+	return NewDNSProviderConfig(config)
+}
+
+func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
+	if config == nil {
+		return nil, errors.New("tencentcloud-eo: the configuration of the DNS provider is nil")
+	}
+
+	credential := common.NewCredential(config.SecretID, config.SecretKey)
+	cpf := profile.NewClientProfile()
+	cpf.HttpProfile.ReqTimeout = int(math.Round(config.HTTPTimeout.Seconds()))
+	client, err := teo.NewClient(credential, "", cpf)
+	if err != nil {
+		return nil, err
+	}
+
+	return &DNSProvider{
+		client: client,
+		config: config,
+	}, nil
+}
+
+func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+	info := dns01.GetChallengeInfo(domain, keyAuth)
+
+	if err := d.addOrUpdateDNSRecord(strings.TrimRight(info.EffectiveFQDN, "."), info.Value); err != nil {
+		return fmt.Errorf("tencentcloud-eo: %w", err)
+	}
+
+	return nil
+}
+
+func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+	info := dns01.GetChallengeInfo(domain, keyAuth)
+
+	if err := d.removeDNSRecord(strings.TrimRight(info.EffectiveFQDN, ".")); err != nil {
+		return fmt.Errorf("tencentcloud-eo: %w", err)
+	}
+
+	return nil
+}
+
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+	return d.config.PropagationTimeout, d.config.PollingInterval
+}
+
+func (d *DNSProvider) getDNSRecord(effectiveFQDN string) (*teo.DnsRecord, error) {
+	pageOffset := 0
+	pageLimit := 1000
+	for {
+		request := teo.NewDescribeDnsRecordsRequest()
+		request.ZoneId = common.StringPtr(d.config.ZoneId)
+		request.Offset = common.Int64Ptr(int64(pageOffset))
+		request.Limit = common.Int64Ptr(int64(pageLimit))
+		request.Filters = []*teo.AdvancedFilter{
+			{
+				Name:   common.StringPtr("type"),
+				Values: []*string{common.StringPtr("TXT")},
+			},
+		}
+
+		response, err := d.client.DescribeDnsRecords(request)
+		if err != nil {
+			return nil, err
+		}
+
+		if response.Response == nil {
+			break
+		} else {
+			for _, record := range response.Response.DnsRecords {
+				if *record.Name == effectiveFQDN {
+					return record, nil
+				}
+			}
+
+			if len(response.Response.DnsRecords) < int(pageLimit) {
+				break
+			}
+
+			pageOffset += len(response.Response.DnsRecords)
+		}
+	}
+
+	return nil, nil
+}
+
+func (d *DNSProvider) addOrUpdateDNSRecord(effectiveFQDN, value string) error {
+	record, err := d.getDNSRecord(effectiveFQDN)
+	if err != nil {
+		return err
+	}
+
+	if record == nil {
+		request := teo.NewCreateDnsRecordRequest()
+		request.ZoneId = common.StringPtr(d.config.ZoneId)
+		request.Name = common.StringPtr(effectiveFQDN)
+		request.Type = common.StringPtr("TXT")
+		request.Content = common.StringPtr(value)
+		request.TTL = common.Int64Ptr(int64(d.config.TTL))
+		_, err := d.client.CreateDnsRecord(request)
+		return err
+	} else {
+		record.Content = common.StringPtr(value)
+		request := teo.NewModifyDnsRecordsRequest()
+		request.ZoneId = common.StringPtr(d.config.ZoneId)
+		request.DnsRecords = []*teo.DnsRecord{record}
+		if _, err := d.client.ModifyDnsRecords(request); err != nil {
+			return err
+		}
+
+		if *record.Status == "disable" {
+			request := teo.NewModifyDnsRecordsStatusRequest()
+			request.ZoneId = common.StringPtr(d.config.ZoneId)
+			request.RecordsToEnable = []*string{record.RecordId}
+			if _, err = d.client.ModifyDnsRecordsStatus(request); err != nil {
+				return err
+			}
+		}
+
+		return nil
+	}
+}
+
+func (d *DNSProvider) removeDNSRecord(effectiveFQDN string) error {
+	record, err := d.getDNSRecord(effectiveFQDN)
+	if err != nil {
+		return err
+	}
+
+	if record == nil {
+		return nil
+	} else {
+		request := teo.NewDeleteDnsRecordsRequest()
+		request.ZoneId = common.StringPtr(d.config.ZoneId)
+		request.RecordIds = []*string{record.RecordId}
+		_, err = d.client.DeleteDnsRecords(request)
+		return err
+	}
+}
--- a/internal/pkg/core/applicant/acme-dns-01/lego-providers/tencentcloud-eo/tencentcloud_eo.go
+++ b/internal/pkg/core/applicant/acme-dns-01/lego-providers/tencentcloud-eo/tencentcloud_eo.go
@@ -0,0 +1,41 @@
+package tencentcloudeo
+
+import (
+	"time"
+
+	"github.com/go-acme/lego/v4/challenge"
+
+	internal "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/tencentcloud-eo/internal"
+)
+
+type ChallengeProviderConfig struct {
+	SecretId              string `json:"secretId"`
+	SecretKey             string `json:"secretKey"`
+	ZoneId                string `json:"zoneId"`
+	DnsPropagationTimeout int32  `json:"dnsPropagationTimeout,omitempty"`
+	DnsTTL                int32  `json:"dnsTTL,omitempty"`
+}
+
+func NewChallengeProvider(config *ChallengeProviderConfig) (challenge.Provider, error) {
+	if config == nil {
+		panic("config is nil")
+	}
+
+	providerConfig := internal.NewDefaultConfig()
+	providerConfig.SecretID = config.SecretId
+	providerConfig.SecretKey = config.SecretKey
+	providerConfig.ZoneId = config.ZoneId
+	if config.DnsPropagationTimeout != 0 {
+		providerConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second
+	}
+	if config.DnsTTL != 0 {
+		providerConfig.TTL = config.DnsTTL
+	}
+
+	provider, err := internal.NewDNSProviderConfig(providerConfig)
+	if err != nil {
+		return nil, err
+	}
+
+	return provider, nil
+}
--- a/internal/workflow/node-processor/apply_node.go
+++ b/internal/workflow/node-processor/apply_node.go
@@ -45,7 +45,7 @@ func (n *applyNode) Process(ctx context.Context) error {
 		n.logger.Info(fmt.Sprintf("skip this application, because %s", skipReason))
 		return nil
 	} else if skipReason != "" {
-		n.logger.Info(fmt.Sprintf("continue to apply, because %s", skipReason))
+		n.logger.Info(fmt.Sprintf("re-apply, because %s", skipReason))
 	}

 	// 初始化申请器
--- a/internal/workflow/node-processor/deploy_node.go
+++ b/internal/workflow/node-processor/deploy_node.go
@@ -58,7 +58,7 @@ func (n *deployNode) Process(ctx context.Context) error {
 			n.logger.Info(fmt.Sprintf("skip this deployment, because %s", skipReason))
 			return nil
 		} else if skipReason != "" {
-			n.logger.Info(fmt.Sprintf("continue to deploy, because %s", skipReason))
+			n.logger.Info(fmt.Sprintf("re-deploy, because %s", skipReason))
 		}
 	}

--- a/internal/workflow/node-processor/upload_node.go
+++ b/internal/workflow/node-processor/upload_node.go
@@ -43,7 +43,7 @@ func (n *uploadNode) Process(ctx context.Context) error {
 		n.logger.Info(fmt.Sprintf("skip this upload, because %s", skipReason))
 		return nil
 	} else if skipReason != "" {
-		n.logger.Info(fmt.Sprintf("continue to upload, because %s", skipReason))
+		n.logger.Info(fmt.Sprintf("re-upload, because %s", skipReason))
 	}

 	// 生成证书实体