From c15d6783c66e71220acd77d4905e3a37106ca4ef Mon Sep 17 00:00:00 2001 From: Fu Diwei Date: Wed, 29 Oct 2025 21:10:03 +0800 Subject: [PATCH 01/10] refactor: clean code --- internal/certificate/service.go | 3 +- internal/domain/acme_account.go | 2 +- internal/workflow/engine/executor_bizapply.go | 3 +- .../workflow/engine/executor_bizupload.go | 5 +- pkg/utils/cert/parser.go | 70 +------------------ 5 files changed, 7 insertions(+), 76 deletions(-) diff --git a/internal/certificate/service.go b/internal/certificate/service.go index f6936c99..c2fdf1e7 100644 --- a/internal/certificate/service.go +++ b/internal/certificate/service.go @@ -9,7 +9,6 @@ import ( "strings" "time" - "github.com/go-acme/lego/v4/certcrypto" "github.com/pocketbase/dbx" "github.com/certimate-go/certimate/internal/app" @@ -181,7 +180,7 @@ func (s *CertificateService) ValidateCertificate(ctx context.Context, req *dtos. } func (s *CertificateService) ValidatePrivateKey(ctx context.Context, req *dtos.CertificateValidatePrivateKeyReq) (*dtos.CertificateValidatePrivateKeyResp, error) { - _, err := certcrypto.ParsePEMPrivateKey([]byte(req.PrivateKey)) + _, err := xcert.ParsePrivateKeyFromPEM(req.PrivateKey) if err != nil { return nil, err } diff --git a/internal/domain/acme_account.go b/internal/domain/acme_account.go index e15c40cc..04c7477d 100644 --- a/internal/domain/acme_account.go +++ b/internal/domain/acme_account.go @@ -41,6 +41,6 @@ func (a *ACMEAccount) GetPrivateKey() crypto.PrivateKey { return nil } - rs, _ := xcert.ParseECPrivateKeyFromPEM(a.PrivateKey) + rs, _ := xcert.ParsePrivateKeyFromPEM(a.PrivateKey) return rs } diff --git a/internal/workflow/engine/executor_bizapply.go b/internal/workflow/engine/executor_bizapply.go index ca926b9b..306b90f7 100644 --- a/internal/workflow/engine/executor_bizapply.go +++ b/internal/workflow/engine/executor_bizapply.go @@ -10,7 +10,6 @@ import ( "strings" "time" - "github.com/go-acme/lego/v4/certcrypto" legocertifier "github.com/go-acme/lego/v4/certificate" "github.com/go-acme/lego/v4/lego" legolog "github.com/go-acme/lego/v4/log" @@ -300,7 +299,7 @@ func (ne *bizApplyNodeExecutor) executeObtain(execCtx *NodeExecutionContext, nod return "" } - oldCertX509, err := certcrypto.ParsePEMCertificate([]byte(lastCertificate.Certificate)) + oldCertX509, err := xcert.ParseCertificateFromPEM(lastCertificate.Certificate) if err != nil { return "" } diff --git a/internal/workflow/engine/executor_bizupload.go b/internal/workflow/engine/executor_bizupload.go index 10d68096..d17da8ce 100644 --- a/internal/workflow/engine/executor_bizupload.go +++ b/internal/workflow/engine/executor_bizupload.go @@ -12,7 +12,6 @@ import ( "strings" "time" - "github.com/go-acme/lego/v4/certcrypto" "github.com/go-resty/resty/v2" "github.com/certimate-go/certimate/internal/domain" @@ -127,7 +126,7 @@ func (ne *bizUploadNodeExecutor) Execute(execCtx *NodeExecutionContext) (*NodeEx } // 验证证书 - certX509, err := certcrypto.ParsePEMCertificate([]byte(certPEM)) + certX509, err := xcert.ParseCertificateFromPEM(certPEM) if err != nil { return execRes, err } else if certX509.NotAfter.Before(time.Now()) { @@ -135,7 +134,7 @@ func (ne *bizUploadNodeExecutor) Execute(execCtx *NodeExecutionContext) (*NodeEx } // 验证私钥 - privkey, err := certcrypto.ParsePEMPrivateKey([]byte(privkeyPEM)) + privkey, err := xcert.ParsePrivateKeyFromPEM(privkeyPEM) if err != nil { return nil, err } else { diff --git a/pkg/utils/cert/parser.go b/pkg/utils/cert/parser.go index 698bf7e9..1202db39 100644 --- a/pkg/utils/cert/parser.go +++ b/pkg/utils/cert/parser.go @@ -2,12 +2,7 @@ package cert import ( "crypto" - "crypto/ecdsa" - "crypto/rsa" "crypto/x509" - "encoding/pem" - "errors" - "fmt" "github.com/go-acme/lego/v4/certcrypto" ) @@ -22,19 +17,7 @@ import ( // - cert: x509.Certificate 对象。 // - err: 错误。 func ParseCertificateFromPEM(certPEM string) (_cert *x509.Certificate, _err error) { - pemData := []byte(certPEM) - - block, _ := pem.Decode(pemData) - if block == nil { - return nil, errors.New("failed to decode PEM block") - } - - cert, err := x509.ParseCertificate(block.Bytes) - if err != nil { - return nil, fmt.Errorf("failed to parse certificate: %w", err) - } - - return cert, nil + return certcrypto.ParsePEMCertificate([]byte(certPEM)) } // 从 PEM 编码的私钥字符串解析并返回一个 crypto.PrivateKey 对象。 @@ -46,54 +29,5 @@ func ParseCertificateFromPEM(certPEM string) (_cert *x509.Certificate, _err erro // - privkey: crypto.PrivateKey 对象,可能是 rsa.PrivateKey、ecdsa.PrivateKey 或 ed25519.PrivateKey。 // - err: 错误。 func ParsePrivateKeyFromPEM(privkeyPEM string) (_privkey crypto.PrivateKey, _err error) { - pemData := []byte(privkeyPEM) - return certcrypto.ParsePEMPrivateKey(pemData) -} - -// 从 PEM 编码的私钥字符串解析并返回一个 ecdsa.PrivateKey 对象。 -// -// 入参: -// - privkeyPEM: 私钥 PEM 内容。 -// -// 出参: -// - privkey: ecdsa.PrivateKey 对象。 -// - err: 错误。 -func ParseECPrivateKeyFromPEM(privkeyPEM string) (_privkey *ecdsa.PrivateKey, _err error) { - pemData := []byte(privkeyPEM) - - block, _ := pem.Decode(pemData) - if block == nil { - return nil, errors.New("failed to decode PEM block") - } - - privkey, err := x509.ParseECPrivateKey(block.Bytes) - if err != nil { - return nil, fmt.Errorf("failed to parse private key: %w", err) - } - - return privkey, nil -} - -// 从 PEM 编码的私钥字符串解析并返回一个 rsa.PrivateKey 对象。 -// -// 入参: -// - privkeyPEM: 私钥 PEM 内容。 -// -// 出参: -// - privkey: rsa.PrivateKey 对象。 -// - err: 错误。 -func ParsePKCS1PrivateKeyFromPEM(privkeyPEM string) (_privkey *rsa.PrivateKey, _err error) { - pemData := []byte(privkeyPEM) - - block, _ := pem.Decode(pemData) - if block == nil { - return nil, errors.New("failed to decode PEM block") - } - - privkey, err := x509.ParsePKCS1PrivateKey(block.Bytes) - if err != nil { - return nil, fmt.Errorf("failed to parse private key: %w", err) - } - - return privkey, nil + return certcrypto.ParsePEMPrivateKey([]byte(privkeyPEM)) } From 5513dc76d6f36b8bfd858d6aae93e77d2f26645c Mon Sep 17 00:00:00 2001 From: Fu Diwei Date: Thu, 30 Oct 2025 20:18:14 +0800 Subject: [PATCH 02/10] chore(deps): upgrade gomod dependencies --- go.mod | 44 ++++---- go.sum | 100 ++++++++---------- .../providers/aliyun-apigw/aliyun_apigw.go | 2 +- 3 files changed, 70 insertions(+), 76 deletions(-) diff --git a/go.mod b/go.mod index 4c05262a..919e1275 100644 --- a/go.mod +++ b/go.mod @@ -10,29 +10,29 @@ require ( github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azcertificates v1.4.0 github.com/G-Core/gcorelabscdn-go v1.0.34 github.com/alibabacloud-go/alb-20200616/v2 v2.2.9 - github.com/alibabacloud-go/apig-20240327/v4 v4.4.0 + github.com/alibabacloud-go/apig-20240327/v5 v5.0.1 github.com/alibabacloud-go/cas-20200407/v4 v4.0.3 github.com/alibabacloud-go/cdn-20180510/v8 v8.0.2 github.com/alibabacloud-go/cloudapi-20160714/v5 v5.7.7 github.com/alibabacloud-go/darabonba-openapi/v2 v2.1.13 github.com/alibabacloud-go/ddoscoo-20200101/v4 v4.0.2 - github.com/alibabacloud-go/esa-20240910/v2 v2.39.0 - github.com/alibabacloud-go/fc-20230330/v4 v4.6.2 + github.com/alibabacloud-go/esa-20240910/v2 v2.39.2 + github.com/alibabacloud-go/fc-20230330/v4 v4.6.3 github.com/alibabacloud-go/fc-open-20210406/v2 v2.0.12 github.com/alibabacloud-go/ga-20191120/v3 v3.1.8 - github.com/alibabacloud-go/live-20161101/v2 v2.2.0 + github.com/alibabacloud-go/live-20161101/v2 v2.3.0 github.com/alibabacloud-go/nlb-20220430/v4 v4.1.0 github.com/alibabacloud-go/slb-20140515/v4 v4.0.10 github.com/alibabacloud-go/tea v1.3.13 github.com/alibabacloud-go/vod-20170321/v4 v4.10.0 - github.com/alibabacloud-go/waf-openapi-20211001/v6 v6.3.0 + github.com/alibabacloud-go/waf-openapi-20211001/v6 v6.6.0 github.com/aliyun/aliyun-oss-go-sdk v3.0.2+incompatible github.com/aws/aws-sdk-go-v2/service/acm v1.37.6 - github.com/aws/aws-sdk-go-v2/service/cloudfront v1.54.3 - github.com/aws/aws-sdk-go-v2/service/iam v1.47.7 - github.com/baidubce/bce-sdk-go v0.9.248 + github.com/aws/aws-sdk-go-v2/service/cloudfront v1.55.2 + github.com/aws/aws-sdk-go-v2/service/iam v1.49.0 + github.com/baidubce/bce-sdk-go v0.9.250 github.com/blinkbean/dingtalk v1.1.3 - github.com/byteplus-sdk/byteplus-sdk-golang v1.0.56 + github.com/byteplus-sdk/byteplus-sdk-golang v1.0.58 github.com/go-acme/lego/v4 v4.27.0 github.com/go-cmd/cmd v1.4.3 github.com/go-lark/lark v1.16.0 @@ -45,26 +45,26 @@ require ( github.com/libdns/libdns v0.2.3 github.com/luthermonson/go-proxmox v0.2.3 github.com/pavlo-v-chernykh/keystore-go/v4 v4.5.0 - github.com/pkg/sftp v1.13.9 + github.com/pkg/sftp v1.13.10 github.com/pocketbase/dbx v1.11.0 - github.com/pocketbase/pocketbase v0.30.4 + github.com/pocketbase/pocketbase v0.31.0 github.com/povsister/scp v0.0.0-20250701154629-777cf82de5df github.com/qiniu/go-sdk/v7 v7.25.4 github.com/samber/lo v1.52.0 - github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdn v1.1.30 + github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdn v1.1.47 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/clb v1.1.28 - github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.1.41 + github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.1.48 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/gaap v1.0.1200 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/live v1.1.27 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/scf v1.1.0 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl v1.1.10 - github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo v1.1.33 + github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo v1.1.47 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vod v1.1.13 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/waf v1.1.36 - github.com/ucloud/ucloud-sdk-go v0.22.47 + github.com/ucloud/ucloud-sdk-go v0.22.54 github.com/volcengine/ve-tos-golang-sdk/v2 v2.7.21 - github.com/volcengine/volc-sdk-golang v1.0.223 - github.com/volcengine/volcengine-go-sdk v1.1.37 + github.com/volcengine/volc-sdk-golang v1.0.224 + github.com/volcengine/volcengine-go-sdk v1.1.44 github.com/xhit/go-str2duration/v2 v2.1.0 gitlab.ecloud.com/ecloud/ecloudsdkclouddns v1.0.1 gitlab.ecloud.com/ecloud/ecloudsdkcore v1.0.0 @@ -145,7 +145,7 @@ require ( go.mongodb.org/mongo-driver v1.17.2 // indirect go.yaml.in/yaml/v2 v2.4.2 // indirect go.yaml.in/yaml/v3 v3.0.4 // indirect - golang.org/x/exp v0.0.0-20251009144603-d2f985daa21b // indirect + golang.org/x/exp v0.0.0-20251017212417-90e834f514db // indirect golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect @@ -171,19 +171,19 @@ require ( github.com/alibabacloud-go/tea-xml v1.1.3 // indirect github.com/aliyun/credentials-go v1.4.7 // indirect github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect - github.com/aws/aws-sdk-go-v2 v1.39.2 + github.com/aws/aws-sdk-go-v2 v1.39.4 github.com/aws/aws-sdk-go-v2/config v1.31.12 github.com/aws/aws-sdk-go-v2/credentials v1.18.16 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.9 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.9 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.9 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.11 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.11 // indirect github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 // indirect github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.1 // indirect github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.9 // indirect github.com/aws/aws-sdk-go-v2/service/sso v1.29.6 // indirect github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.1 // indirect github.com/aws/aws-sdk-go-v2/service/sts v1.38.6 // indirect - github.com/aws/smithy-go v1.23.0 // indirect + github.com/aws/smithy-go v1.23.1 // indirect github.com/cenkalti/backoff/v4 v4.3.0 // indirect github.com/clbanning/mxj/v2 v2.7.0 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect diff --git a/go.sum b/go.sum index bbfa9e05..fd1e7004 100644 --- a/go.sum +++ b/go.sum @@ -94,8 +94,8 @@ github.com/alibabacloud-go/alibabacloud-gateway-pop v0.0.6/go.mod h1:4EUIoxs/do2 github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.4/go.mod h1:sCavSAvdzOjul4cEqeVtvlSaSScfNsTQ+46HwlTL1hc= github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.5 h1:zE8vH9C7JiZLNJJQ5OwjU9mSi4T9ef9u3BURT6LCLC8= github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.5/go.mod h1:tWnyE9AjF8J8qqLk645oUmVUnFybApTQWklQmi5tY6g= -github.com/alibabacloud-go/apig-20240327/v4 v4.4.0 h1:lbBLhwuyUiLSnUzteMCEfYeuQ1Dyz1J5fMa7vKeciKU= -github.com/alibabacloud-go/apig-20240327/v4 v4.4.0/go.mod h1:2wxFMlKmuHN5kJHXyP+EkPcK3fL/eeT9i8RbKCCIV8w= +github.com/alibabacloud-go/apig-20240327/v5 v5.0.1 h1:2Oar/WXh9JNCPdwXXkuomcUOQ5W526G1s/WUaxbsqDA= +github.com/alibabacloud-go/apig-20240327/v5 v5.0.1/go.mod h1:9M9nutBGX1LK/W1U4zOAPZrn9Bigf3ZP3ToR9Dl8Xoc= github.com/alibabacloud-go/cas-20200407/v4 v4.0.3 h1:dGM9+DZwb1bnMgxBlI4SvRlnI7r9lr3Zi6cI0zt8uWM= github.com/alibabacloud-go/cas-20200407/v4 v4.0.3/go.mod h1:Kh6ECWAcOACsfBFHkHtKNgdtybfOaPIejX7ot7XNWIc= github.com/alibabacloud-go/cdn-20180510/v8 v8.0.2 h1:IAkEE7tlPQ+G89fNOEv6fHMpLsgOys48rd5TupbEYZI= @@ -134,16 +134,16 @@ github.com/alibabacloud-go/debug v1.0.1/go.mod h1:8gfgZCCAC3+SCzjWtY053FrOcd4/ql github.com/alibabacloud-go/endpoint-util v1.1.0/go.mod h1:O5FuCALmCKs2Ff7JFJMudHs0I5EBgecXXxZRyswlEjE= github.com/alibabacloud-go/endpoint-util v1.1.1 h1:ZkBv2/jnghxtU0p+upSU0GGzW1VL9GQdZO3mcSUTUy8= github.com/alibabacloud-go/endpoint-util v1.1.1/go.mod h1:O5FuCALmCKs2Ff7JFJMudHs0I5EBgecXXxZRyswlEjE= -github.com/alibabacloud-go/esa-20240910/v2 v2.39.0 h1:5/7Ny+Ba6OJvmlJsb4FUYUL6SBWPceBzTznu9zlaKwM= -github.com/alibabacloud-go/esa-20240910/v2 v2.39.0/go.mod h1:JC3mQdUf5taJpmyaPbBqlWGnYZTKlc6iCHWo/xIslP8= -github.com/alibabacloud-go/fc-20230330/v4 v4.6.2 h1:kYHaI6aEDe602ntE6upflrjXKV+Xwp8vSQ6zMrzdQKY= -github.com/alibabacloud-go/fc-20230330/v4 v4.6.2/go.mod h1:6sNOzf5xYO2xSkllbHCGPrptDfJKupHpDnFYZPwmjg0= +github.com/alibabacloud-go/esa-20240910/v2 v2.39.2 h1:sMirucmOGBacxGdMPNYlr0XJneV+8Z18EkAyEnioIQU= +github.com/alibabacloud-go/esa-20240910/v2 v2.39.2/go.mod h1:JC3mQdUf5taJpmyaPbBqlWGnYZTKlc6iCHWo/xIslP8= +github.com/alibabacloud-go/fc-20230330/v4 v4.6.3 h1:OcStT72BGdgf0pov2iUvCcnCrq0MkYdiLXWpXIgd6Kc= +github.com/alibabacloud-go/fc-20230330/v4 v4.6.3/go.mod h1:OzdLxJQl4D5dsXKZQZubEZoqYL68M++hyD6n1qIsMHM= github.com/alibabacloud-go/fc-open-20210406/v2 v2.0.12 h1:A3D8Mp6qf8DfR6Dt5MpS8aDVaWfS4N85T5CvGUvgrjM= github.com/alibabacloud-go/fc-open-20210406/v2 v2.0.12/go.mod h1:F5c0E5UB3k8v6neTtw3FBcJ1YCNFzVoL1JPRHTe33u4= github.com/alibabacloud-go/ga-20191120/v3 v3.1.8 h1:5GF0PXijDhxRQ3gTg9Ee/CVPtglkxuVdz4yIQgYLPgw= github.com/alibabacloud-go/ga-20191120/v3 v3.1.8/go.mod h1:RVpR9VL4YECKoZCQijTYfPk8k52O61v6hSRekjxF0kw= -github.com/alibabacloud-go/live-20161101/v2 v2.2.0 h1:UjSI0XnXJ4VS5An7iguOng1ah8WEOCA02jTrcBytWLI= -github.com/alibabacloud-go/live-20161101/v2 v2.2.0/go.mod h1:/rJhfuA39UqVbzUETDlZUFScwBDz0U3Gjj8zwKohdk8= +github.com/alibabacloud-go/live-20161101/v2 v2.3.0 h1:ApGoDlqh05wG8AIWUCCBZT3MzxUfPUajXrAMcXeFihM= +github.com/alibabacloud-go/live-20161101/v2 v2.3.0/go.mod h1:1BN//Z4vOkdEplf0pWcpF1GuIqaPJOwYuPCShljY+nI= github.com/alibabacloud-go/nlb-20220430/v4 v4.1.0 h1:iuoiJUMz0SUWbLxZdyp/IdbtGKuniftnV776FUwMEyU= github.com/alibabacloud-go/nlb-20220430/v4 v4.1.0/go.mod h1:OxNPeLl4eV3s2ZoMcuUoI9sSzwe03n4N9UmQH1H3SUw= github.com/alibabacloud-go/openapi-util v0.0.11/go.mod h1:sQuElr4ywwFRlCCberQwKRFhRzIyG4QTP/P4y1CJ6Ws= @@ -193,8 +193,8 @@ github.com/alibabacloud-go/tea-xml v1.1.3 h1:7LYnm+JbOq2B+T/B0fHC4Ies4/FofC4zHzY github.com/alibabacloud-go/tea-xml v1.1.3/go.mod h1:Rq08vgCcCAjHyRi/M7xlHKUykZCEtyBy9+DPF6GgEu8= github.com/alibabacloud-go/vod-20170321/v4 v4.10.0 h1:e28BNu9IRhCtHI5HA+2ZRG4r9SDftAyp258q9py2tRU= github.com/alibabacloud-go/vod-20170321/v4 v4.10.0/go.mod h1:IkHD+fJL2oWvs9oxyp5Dc651AO5eptIP5PRsH0ofraA= -github.com/alibabacloud-go/waf-openapi-20211001/v6 v6.3.0 h1:RHVPXvbh92CsELkpRWFP4rZlxGafWwlwN8ViWAlLhxo= -github.com/alibabacloud-go/waf-openapi-20211001/v6 v6.3.0/go.mod h1:5TaM2MgF4MBURdC2yc+6FKV75QkOKXNclaSk1WLTK6Q= +github.com/alibabacloud-go/waf-openapi-20211001/v6 v6.6.0 h1:UCKCmA7hnnSlGUCVF31Z8v/+3UloJtyqNGV/ITAtr7U= +github.com/alibabacloud-go/waf-openapi-20211001/v6 v6.6.0/go.mod h1:Pi1XJ9yMR6weUxPMDqVaT+mhHeeSPRdMZh2fl4VCKLs= github.com/aliyun/aliyun-oss-go-sdk v3.0.2+incompatible h1:8psS8a+wKfiLt1iVDX79F7Y6wUM49Lcha2FMXt4UM8g= github.com/aliyun/aliyun-oss-go-sdk v3.0.2+incompatible/go.mod h1:T/Aws4fEfogEE9v+HPhhw+CntffsBHJ8nXQCwKr0/g8= github.com/aliyun/credentials-go v1.1.2/go.mod h1:ozcZaMR5kLM7pwtCMEpVmQ242suV6qTJya2bDq4X1Tw= @@ -218,27 +218,27 @@ github.com/avast/retry-go v3.0.0+incompatible h1:4SOWQ7Qs+oroOTQOYnAHqelpCO0biHS github.com/avast/retry-go v3.0.0+incompatible/go.mod h1:XtSnn+n/sHqQIpZ10K1qAevBhOOCWBLXXy3hyiqqBrY= github.com/aws/aws-sdk-go v1.40.45/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= github.com/aws/aws-sdk-go-v2 v1.9.1/go.mod h1:cK/D0BBs0b/oWPIcX/Z/obahJK1TT7IPVjy53i/mX/4= -github.com/aws/aws-sdk-go-v2 v1.39.2 h1:EJLg8IdbzgeD7xgvZ+I8M1e0fL0ptn/M47lianzth0I= -github.com/aws/aws-sdk-go-v2 v1.39.2/go.mod h1:sDioUELIUO9Znk23YVmIk86/9DOpkbyyVb1i/gUNFXY= +github.com/aws/aws-sdk-go-v2 v1.39.4 h1:qTsQKcdQPHnfGYBBs+Btl8QwxJeoWcOcPcixK90mRhg= +github.com/aws/aws-sdk-go-v2 v1.39.4/go.mod h1:yWSxrnioGUZ4WVv9TgMrNUeLV3PFESn/v+6T/Su8gnM= github.com/aws/aws-sdk-go-v2/config v1.31.12 h1:pYM1Qgy0dKZLHX2cXslNacbcEFMkDMl+Bcj5ROuS6p8= github.com/aws/aws-sdk-go-v2/config v1.31.12/go.mod h1:/MM0dyD7KSDPR+39p9ZNVKaHDLb9qnfDurvVS2KAhN8= github.com/aws/aws-sdk-go-v2/credentials v1.18.16 h1:4JHirI4zp958zC026Sm+V4pSDwW4pwLefKrc0bF2lwI= github.com/aws/aws-sdk-go-v2/credentials v1.18.16/go.mod h1:qQMtGx9OSw7ty1yLclzLxXCRbrkjWAM7JnObZjmCB7I= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.9 h1:Mv4Bc0mWmv6oDuSWTKnk+wgeqPL5DRFu5bQL9BGPQ8Y= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.9/go.mod h1:IKlKfRppK2a1y0gy1yH6zD+yX5uplJ6UuPlgd48dJiQ= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.9 h1:se2vOWGD3dWQUtfn4wEjRQJb1HK1XsNIt825gskZ970= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.9/go.mod h1:hijCGH2VfbZQxqCDN7bwz/4dzxV+hkyhjawAtdPWKZA= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.9 h1:6RBnKZLkJM4hQ+kN6E7yWFveOTg8NLPHAkqrs4ZPlTU= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.9/go.mod h1:V9rQKRmK7AWuEsOMnHzKj8WyrIir1yUJbZxDuZLFvXI= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.11 h1:7AANQZkF3ihM8fbdftpjhken0TP9sBzFbV/Ze/Y4HXA= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.11/go.mod h1:NTF4QCGkm6fzVwncpkFQqoquQyOolcyXfbpC98urj+c= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.11 h1:ShdtWUZT37LCAA4Mw2kJAJtzaszfSHFb5n25sdcv4YE= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.11/go.mod h1:7bUb2sSr2MZ3M/N+VyETLTQtInemHXb/Fl3s8CLzm0Y= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 h1:bIqFDwgGXXN1Kpp99pDOdKMTTb5d2KyU5X/BZxjOkRo= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3/go.mod h1:H5O/EsxDWyU+LP/V8i5sm8cxoZgc2fdNR9bxlOFrQTo= github.com/aws/aws-sdk-go-v2/service/acm v1.37.6 h1:48oGbMpBSzihrU145gpjrxySIs+VNGCXu9kLTLAdJJg= github.com/aws/aws-sdk-go-v2/service/acm v1.37.6/go.mod h1:4Xgg9iUMFMpWd19UokmUwBCU6fqNJ7LPo11YYt3/xl4= -github.com/aws/aws-sdk-go-v2/service/cloudfront v1.54.3 h1:JgzZxb/9UhqBwkRXrEVyHZMeGsjyovdERq15L3U9A0I= -github.com/aws/aws-sdk-go-v2/service/cloudfront v1.54.3/go.mod h1:uaoE1dsE7W/qZbWnAAfX46QEKpB4rrbdfnp3HRN4dDI= +github.com/aws/aws-sdk-go-v2/service/cloudfront v1.55.2 h1:MnDEmZz8maF6Ge2GaK6T16jqPDhyesUODhMheFqUBqU= +github.com/aws/aws-sdk-go-v2/service/cloudfront v1.55.2/go.mod h1:Ql3i8VKmdfYCcDhG6OpVkGM60IN9fPDV/7aMHCH3lds= github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.8.1/go.mod h1:CM+19rL1+4dFWnOQKwDc7H1KwXTz+h61oUSHyhV0b3o= -github.com/aws/aws-sdk-go-v2/service/iam v1.47.7 h1:0EDAdmMTzsgXl++8a0JZ+Yx0/dOqT8o/EONknxlQK94= -github.com/aws/aws-sdk-go-v2/service/iam v1.47.7/go.mod h1:NkNbn/8/mFrPUq0Kg6EM6c0+GaTLG+aPzXxwB7RF5xo= +github.com/aws/aws-sdk-go-v2/service/iam v1.49.0 h1:3wiwzsfXBaykcbC4c6vaWkx9B46LXhFR8jyVMCZXK/k= +github.com/aws/aws-sdk-go-v2/service/iam v1.49.0/go.mod h1:QvuzFFqvuknv43XjhxdWTMHt1ESYlQPaLJtb6iBlD3M= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.1 h1:oegbebPEMA/1Jny7kvwejowCaHz1FWZAQ94WXFNCyTM= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.1/go.mod h1:kemo5Myr9ac0U9JfSjMo9yHLtw+pECEHsFtJ9tqCEI8= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.9 h1:5r34CgVOD4WZudeEKZ9/iKpiT6cM1JyEROpXjOcdWv8= @@ -252,10 +252,10 @@ github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.1/go.mod h1:xBEjWD13h+6nq+z4A github.com/aws/aws-sdk-go-v2/service/sts v1.38.6 h1:p3jIvqYwUZgu/XYeI48bJxOhvm47hZb5HUQ0tn6Q9kA= github.com/aws/aws-sdk-go-v2/service/sts v1.38.6/go.mod h1:WtKK+ppze5yKPkZ0XwqIVWD4beCwv056ZbPQNoeHqM8= github.com/aws/smithy-go v1.8.0/go.mod h1:SObp3lf9smib00L/v3U2eAKG8FyQ7iLrJnQiAmR5n+E= -github.com/aws/smithy-go v1.23.0 h1:8n6I3gXzWJB2DxBDnfxgBaSX6oe0d/t10qGz7OKqMCE= -github.com/aws/smithy-go v1.23.0/go.mod h1:t1ufH5HMublsJYulve2RKmHDC15xu1f26kHCp/HgceI= -github.com/baidubce/bce-sdk-go v0.9.248 h1:vB5OMuEC2xnO197M6OWUi24C8mYOZHKXT/8HuKQJUhU= -github.com/baidubce/bce-sdk-go v0.9.248/go.mod h1:zbYJMQwE4IZuyrJiFO8tO8NbtYiKTFTbwh4eIsqjVdg= +github.com/aws/smithy-go v1.23.1 h1:sLvcH6dfAFwGkHLZ7dGiYF7aK6mg4CgKA/iDKjLDt9M= +github.com/aws/smithy-go v1.23.1/go.mod h1:LEj2LM3rBRQJxPZTB4KuzZkaZYnZPnvgIhb4pu07mx0= +github.com/baidubce/bce-sdk-go v0.9.250 h1:fnvV5clsNCAP6pCauj0eNaUnoLVmjQGnco7rcMqp984= +github.com/baidubce/bce-sdk-go v0.9.250/go.mod h1:zbYJMQwE4IZuyrJiFO8tO8NbtYiKTFTbwh4eIsqjVdg= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= @@ -265,8 +265,8 @@ github.com/blinkbean/dingtalk v1.1.3 h1:MbidFZYom7DTFHD/YIs+eaI7kRy52kmWE/sy0xjo github.com/blinkbean/dingtalk v1.1.3/go.mod h1:9BaLuGSBqY3vT5hstValh48DbsKO7vaHaJnG9pXwbto= github.com/buger/goterm v1.0.4 h1:Z9YvGmOih81P0FbVtEYTFF6YsSgxSUKEhf/f9bTMXbY= github.com/buger/goterm v1.0.4/go.mod h1:HiFWV3xnkolgrBV3mY8m0X0Pumt4zg4QhbdOzQtB8tE= -github.com/byteplus-sdk/byteplus-sdk-golang v1.0.56 h1:tYsUBhrqTtS1Q/vDkoJwvjwzAlv1RbbapEbNPHl8ezs= -github.com/byteplus-sdk/byteplus-sdk-golang v1.0.56/go.mod h1:CIL/T2dxgbIA79os+wl0Fq0vCbADTZNIddV6PNYB6DY= +github.com/byteplus-sdk/byteplus-sdk-golang v1.0.58 h1:i+HIFn/0FdSAMxsbcGMy8ScJpwdWN60g8gGozILRtHA= +github.com/byteplus-sdk/byteplus-sdk-golang v1.0.58/go.mod h1:CIL/T2dxgbIA79os+wl0Fq0vCbADTZNIddV6PNYB6DY= github.com/casbin/casbin/v2 v2.37.0/go.mod h1:vByNa/Fchek0KZUgG5wEsl7iFsiviAYKRtgrQfcJqHg= github.com/cenkalti/backoff/v4 v4.1.1/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw= github.com/cenkalti/backoff/v4 v4.1.2/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw= @@ -491,8 +491,8 @@ github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hf github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e h1:ijClszYn+mADRFY17kjQEVQ1XRhq2/JR1M3sGqeJoxs= -github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e/go.mod h1:boTsfXsheKC2y+lKOCMpSfarhxDeIzfZG1jqGcPl3cA= +github.com/google/pprof v0.0.0-20251007162407-5df77e3f7d1d h1:KJIErDwbSHjnp/SGzE5ed8Aol7JsKiI5X7yWKAtzhM0= +github.com/google/pprof v0.0.0-20251007162407-5df77e3f7d1d/go.mod h1:I6V7YzU0XDpsHqbsyrghnFZLO1gwK6NPTNvmetQIk9U= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= @@ -745,8 +745,8 @@ github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA= -github.com/pkg/sftp v1.13.9 h1:4NGkvGudBL7GteO3m6qnaQ4pC0Kvf0onSVc9gR3EWBw= -github.com/pkg/sftp v1.13.9/go.mod h1:OBN7bVXdstkFFN/gdnHPUb5TE8eb8G1Rp9wCItqjkkA= +github.com/pkg/sftp v1.13.10 h1:+5FbKNTe5Z9aspU88DPIKJ9z2KZoaGCu6Sr6kKR/5mU= +github.com/pkg/sftp v1.13.10/go.mod h1:bJ1a7uDhrX/4OII+agvy28lzRvQrmIQuaHrcI1HbeGA= github.com/pkg/xattr v0.4.9 h1:5883YPCtkSd8LFbs13nXplj9g9tlrwoJRjgpgMu1/fE= github.com/pkg/xattr v0.4.9/go.mod h1:di8WF84zAKk8jzR1UBTEWh9AUlIZZ7M/JNt8e9B6ktU= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= @@ -754,8 +754,8 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRI github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pocketbase/dbx v1.11.0 h1:LpZezioMfT3K4tLrqA55wWFw1EtH1pM4tzSVa7kgszU= github.com/pocketbase/dbx v1.11.0/go.mod h1:xXRCIAKTHMgUCyCKZm55pUOdvFziJjQfXaWKhu2vhMs= -github.com/pocketbase/pocketbase v0.30.4 h1:UT8WnRmG3b7hXFIjDPzSIKkDED/mK1CJC+LsGiJUE4w= -github.com/pocketbase/pocketbase v0.30.4/go.mod h1:qsI0S4J/3uRSGv5Z4ce8wu8FXe5dyvyGBEItFRyV7lE= +github.com/pocketbase/pocketbase v0.31.0 h1:JaOtSDytdA+a0r4689Mrjda4rmq+BaHgEJkPeOIydms= +github.com/pocketbase/pocketbase v0.31.0/go.mod h1:p4a83n+DlBcTvvqhC7QDy0KDmQ2la2c6dgxdIBWwKiE= github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s= github.com/povsister/scp v0.0.0-20250701154629-777cf82de5df h1:zEgSHrxo8f6hGG1xCaqunfBq8hlfDmFd1JM0QXiQi7o= @@ -845,8 +845,8 @@ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U= github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= -github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdn v1.1.30 h1:HDqoZ0iLqVUO9CefUkpbNMutpzA9MnV9lj6fVI6X/0M= -github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdn v1.1.30/go.mod h1:HMdRQNnM4Dkxj7Us23cx/mfxCQWBjwiWV4uaW9316vU= +github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdn v1.1.47 h1:I1I/0prwy8kfpLS+i6kPGvUw2F07fZ7il1eYdeCUBw8= +github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdn v1.1.47/go.mod h1:p3FMCJFGihLx4Q5iY2Q6P5DGwbGzQt8Duj60RcAihTI= github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/clb v1.1.28 h1:9E6jbXFzC5rH5BxSHSBWMxoXiT9TuhaB98+NZfRjiCU= github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/clb v1.1.28/go.mod h1:HZNkFH4OY80ecEYt8Hd9dXZkm0b6N3oJwfxYX5nppmY= github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1200/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0= @@ -855,11 +855,10 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.1.10/go.mod h github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.1.13/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0= github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.1.27/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0= github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.1.28/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0= -github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.1.30/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0= -github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.1.33/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0= github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.1.36/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0= -github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.1.41 h1:XQDGrLX6v4McMP+2myhgQcy5JaPqSgwpLM1qa7ngUII= -github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.1.41/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0= +github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.1.47/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0= +github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.1.48 h1:aoRUrz2ag27jQWcOKHgeE+toSti6/xPqHKMLruOtJuM= +github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.1.48/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0= github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/gaap v1.0.1200 h1:SqfiAwdDQx1SG2XKMBBxwUTZSBlVNFCVt/hynkl6JHM= github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/gaap v1.0.1200/go.mod h1:zwjcd7dfjsmAPD7yEHHY36tnDM5ts5rUgThXGvsZ+OE= github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/live v1.1.27 h1:0oCJYtJWxfHpgOZxbDsutbBRSii8TI4JY4JTggXZ/BY= @@ -868,8 +867,8 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/scf v1.1.0 h1:tBrYIRge/ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/scf v1.1.0/go.mod h1:q904dfEmrK/ETugTjgL7j1spCT08ioeLUV5JA4Bj8Xk= github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl v1.1.10 h1:dj7PUBNAK1D4aSWxSxAbPxmJ12M8Etos8lYVJWyIdGs= github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl v1.1.10/go.mod h1:Xt/9WKwki9CCfSAG8e848Sk54HfNa9ZApFhLHxBr1W8= -github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo v1.1.33 h1:PEGg3WIeUE9AfhTjsX041jo6fFDlHB6lWtuoqcass28= -github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo v1.1.33/go.mod h1:ShPtMelnZXiK6w2ecm8Y9zdkrsbmwfEvyOaIdg3fn8E= +github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo v1.1.47 h1:QimGh/5LnP7jPND1YqHK5ftXMv9CJz4XiPFdZYcH0ZM= +github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo v1.1.47/go.mod h1:bghJsLqEEfc06/zUs2qql6f9enbdtx69ZJKUDftd4Vo= github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vod v1.1.13 h1:eU1aa13vM0YWPP4DC/2HSeAVGP+U/Qdqb/syrepIroI= github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vod v1.1.13/go.mod h1:q8AXovSiUhSct/xncaNrz1Br0Rfg0IiZrLaRIuYz3rI= github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/waf v1.1.36 h1:d4Cjrt+VkS0OElToWZuojkj55z07ECvqfSyeyLOziF4= @@ -884,18 +883,18 @@ github.com/tjfoc/gmsm v1.3.2/go.mod h1:HaUcFuY0auTiaHB9MHFGCPx5IaLhTUd2atbCFBQXn github.com/tjfoc/gmsm v1.4.1 h1:aMe1GlZb+0bLjn+cKTPEvvn9oUEBlJitaZiiBwsbgho= github.com/tjfoc/gmsm v1.4.1/go.mod h1:j4INPkHWMrhJb38G+J6W4Tw0AbuN8Thu3PbdVYhVcTE= github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM= -github.com/ucloud/ucloud-sdk-go v0.22.47 h1:0Pd2Di0BK8D35oXlckvEbZeh+CUc5bEQ2Ct6+LF9f18= -github.com/ucloud/ucloud-sdk-go v0.22.47/go.mod h1:dyLmFHmUfgb4RZKYQP9IArlvQ2pxzFthfhwxRzOEPIw= +github.com/ucloud/ucloud-sdk-go v0.22.54 h1:eNZeYApGPWm22sXoHOFd3fP+mNqwyeFGR5E3CnOXxv8= +github.com/ucloud/ucloud-sdk-go v0.22.54/go.mod h1:dyLmFHmUfgb4RZKYQP9IArlvQ2pxzFthfhwxRzOEPIw= github.com/ulikunitz/xz v0.5.11 h1:kpFauv27b6ynzBNT/Xy+1k+fK4WswhN/6PN5WhFAGw8= github.com/ulikunitz/xz v0.5.11/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= github.com/urfave/cli/v2 v2.3.0/go.mod h1:LJmUH05zAU44vOAcrfzZQKsZbVcdbOG8rtL3/XcUArI= github.com/volcengine/ve-tos-golang-sdk/v2 v2.7.21 h1:t6OkemY2V5wi6YNWB5ezqTrQM+/+bu0Bf35H9XrP5kQ= github.com/volcengine/ve-tos-golang-sdk/v2 v2.7.21/go.mod h1:IrjK84IJJTuOZOTMv/P18Ydjy/x+ow7fF7q11jAxXLM= github.com/volcengine/volc-sdk-golang v1.0.23/go.mod h1:AfG/PZRUkHJ9inETvbjNifTDgut25Wbkm2QoYBTbvyU= -github.com/volcengine/volc-sdk-golang v1.0.223 h1:1EEK6VOUaA2Tu0VBD4VC5iSTTFag+KuNo+Vix469Tz4= -github.com/volcengine/volc-sdk-golang v1.0.223/go.mod h1:zHJlaqiMbIB+0mcrsZPTwOb3FB7S/0MCfqlnO8R7hlM= -github.com/volcengine/volcengine-go-sdk v1.1.37 h1:5TvqawYmqO3zIx9dJmzq7fYHypacDoVmUL8Y0NQ4Kxw= -github.com/volcengine/volcengine-go-sdk v1.1.37/go.mod h1:oxoVo+A17kvkwPkIeIHPVLjSw7EQAm+l/Vau1YGHN+A= +github.com/volcengine/volc-sdk-golang v1.0.224 h1:k9Vtg64tQAgFTOGWzhyL0b0axuTuExXbLNVlslWlBZI= +github.com/volcengine/volc-sdk-golang v1.0.224/go.mod h1:zHJlaqiMbIB+0mcrsZPTwOb3FB7S/0MCfqlnO8R7hlM= +github.com/volcengine/volcengine-go-sdk v1.1.44 h1:WLoLlzt67ZlJeow55PPx65/Mh52DewVXqkHcFSodM9w= +github.com/volcengine/volcengine-go-sdk v1.1.44/go.mod h1:oxoVo+A17kvkwPkIeIHPVLjSw7EQAm+l/Vau1YGHN+A= github.com/vultr/govultr/v3 v3.24.0 h1:fTTTj0VBve+Miy+wGhlb90M2NMDfpGFi6Frlj3HVy6M= github.com/vultr/govultr/v3 v3.24.0/go.mod h1:9WwnWGCKnwDlNjHjtt+j+nP+0QWq6hQXzaHgddqrLWY= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= @@ -969,7 +968,6 @@ golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDf golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= -golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= golang.org/x/crypto v0.43.0 h1:dduJYIi3A3KOfdGOHX8AVZ/jGiyPa3IbBozJ5kNuE04= golang.org/x/crypto v0.43.0/go.mod h1:BFbav4mRNlXJL4wNeejLpWxB7wMbc79PdRGhWKncxR0= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -985,8 +983,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20251009144603-d2f985daa21b h1:18qgiDvlvH7kk8Ioa8Ov+K6xCi0GMvmGfGW0sgd/SYA= -golang.org/x/exp v0.0.0-20251009144603-d2f985daa21b/go.mod h1:j/pmGrbnkbPtQfxEe5D0VQhZC6qKbfKifgD0oM7sR70= +golang.org/x/exp v0.0.0-20251017212417-90e834f514db h1:by6IehL4BH5k3e3SJmcoNbOobMey2SLpAF79iPOEBvw= +golang.org/x/exp v0.0.0-20251017212417-90e834f514db/go.mod h1:j/pmGrbnkbPtQfxEe5D0VQhZC6qKbfKifgD0oM7sR70= golang.org/x/image v0.0.0-20180708004352-c73c2afc3b81/go.mod h1:ux5Hcp/YLpHSI86hEcLt0YII63i6oz57MZXIpbrjZUs= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= @@ -1101,7 +1099,6 @@ golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug= golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -1182,7 +1179,6 @@ golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.37.0 h1:fdNQudmxPjkdUTPnLn5mdQv7Zwvbvpaxqs831goi9kQ= golang.org/x/sys v0.37.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE= @@ -1199,7 +1195,6 @@ golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= -golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM= golang.org/x/term v0.36.0 h1:zMPR+aF8gfksFprF/Nc/rd1wRS1EI6nDBGyWAvDzx2Q= golang.org/x/term v0.36.0/go.mod h1:Qu394IJq6V6dCBRgwqshf3mPF85AqzYEzofzRdZkWss= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -1219,7 +1214,6 @@ golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= -golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= golang.org/x/text v0.30.0 h1:yznKA/E9zq54KzlzBEAWn1NXSQ8DIp/NYMy88xJjl4k= golang.org/x/text v0.30.0/go.mod h1:yDdHFIX9t+tORqspjENWgzaCVXgk0yYnYuSZ8UzzBVM= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= diff --git a/pkg/core/ssl-deployer/providers/aliyun-apigw/aliyun_apigw.go b/pkg/core/ssl-deployer/providers/aliyun-apigw/aliyun_apigw.go index 34b448c8..686f64d0 100644 --- a/pkg/core/ssl-deployer/providers/aliyun-apigw/aliyun_apigw.go +++ b/pkg/core/ssl-deployer/providers/aliyun-apigw/aliyun_apigw.go @@ -8,7 +8,7 @@ import ( "strings" "time" - aliapig "github.com/alibabacloud-go/apig-20240327/v4/client" + aliapig "github.com/alibabacloud-go/apig-20240327/v5/client" alicloudapi "github.com/alibabacloud-go/cloudapi-20160714/v5/client" aliopen "github.com/alibabacloud-go/darabonba-openapi/v2/client" "github.com/alibabacloud-go/tea/tea" From a0a808fd4473b6f3670ea62de12e24ecd77d9d31 Mon Sep 17 00:00:00 2001 From: Fu Diwei Date: Thu, 30 Oct 2025 20:18:14 +0800 Subject: [PATCH 03/10] chore(deps): migrate alibabacloud-oss-go-sdk to v2 --- go.mod | 2 +- go.sum | 4 +-- .../providers/aliyun-oss/aliyun_oss.go | 36 ++++++++++++------- 3 files changed, 26 insertions(+), 16 deletions(-) diff --git a/go.mod b/go.mod index 919e1275..1e0fdaae 100644 --- a/go.mod +++ b/go.mod @@ -26,7 +26,7 @@ require ( github.com/alibabacloud-go/tea v1.3.13 github.com/alibabacloud-go/vod-20170321/v4 v4.10.0 github.com/alibabacloud-go/waf-openapi-20211001/v6 v6.6.0 - github.com/aliyun/aliyun-oss-go-sdk v3.0.2+incompatible + github.com/aliyun/alibabacloud-oss-go-sdk-v2 v1.3.0 github.com/aws/aws-sdk-go-v2/service/acm v1.37.6 github.com/aws/aws-sdk-go-v2/service/cloudfront v1.55.2 github.com/aws/aws-sdk-go-v2/service/iam v1.49.0 diff --git a/go.sum b/go.sum index fd1e7004..a02ce544 100644 --- a/go.sum +++ b/go.sum @@ -195,8 +195,8 @@ github.com/alibabacloud-go/vod-20170321/v4 v4.10.0 h1:e28BNu9IRhCtHI5HA+2ZRG4r9S github.com/alibabacloud-go/vod-20170321/v4 v4.10.0/go.mod h1:IkHD+fJL2oWvs9oxyp5Dc651AO5eptIP5PRsH0ofraA= github.com/alibabacloud-go/waf-openapi-20211001/v6 v6.6.0 h1:UCKCmA7hnnSlGUCVF31Z8v/+3UloJtyqNGV/ITAtr7U= github.com/alibabacloud-go/waf-openapi-20211001/v6 v6.6.0/go.mod h1:Pi1XJ9yMR6weUxPMDqVaT+mhHeeSPRdMZh2fl4VCKLs= -github.com/aliyun/aliyun-oss-go-sdk v3.0.2+incompatible h1:8psS8a+wKfiLt1iVDX79F7Y6wUM49Lcha2FMXt4UM8g= -github.com/aliyun/aliyun-oss-go-sdk v3.0.2+incompatible/go.mod h1:T/Aws4fEfogEE9v+HPhhw+CntffsBHJ8nXQCwKr0/g8= +github.com/aliyun/alibabacloud-oss-go-sdk-v2 v1.3.0 h1:wQlqotpyjYPjJz+Noh5bRu7Snmydk8SKC5Z6u1CR20Y= +github.com/aliyun/alibabacloud-oss-go-sdk-v2 v1.3.0/go.mod h1:FTzydeQVmR24FI0D6XWUOMKckjXehM/jgMn1xC+DA9M= github.com/aliyun/credentials-go v1.1.2/go.mod h1:ozcZaMR5kLM7pwtCMEpVmQ242suV6qTJya2bDq4X1Tw= github.com/aliyun/credentials-go v1.3.1/go.mod h1:8jKYhQuDawt8x2+fusqa1Y6mPxemTsBEN04dgcAcYz0= github.com/aliyun/credentials-go v1.3.6/go.mod h1:1LxUuX7L5YrZUWzBrRyk0SwSdH4OmPrib8NVePL3fxM= diff --git a/pkg/core/ssl-deployer/providers/aliyun-oss/aliyun_oss.go b/pkg/core/ssl-deployer/providers/aliyun-oss/aliyun_oss.go index d732261e..152f1686 100644 --- a/pkg/core/ssl-deployer/providers/aliyun-oss/aliyun_oss.go +++ b/pkg/core/ssl-deployer/providers/aliyun-oss/aliyun_oss.go @@ -6,7 +6,10 @@ import ( "fmt" "log/slog" - "github.com/aliyun/aliyun-oss-go-sdk/oss" + "github.com/alibabacloud-go/tea/tea" + "github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss" + "github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/credentials" + "github.com/certimate-go/certimate/pkg/core" ) @@ -68,18 +71,21 @@ func (d *SSLDeployerProvider) Deploy(ctx context.Context, certPEM string, privke // 为存储空间绑定自定义域名 // REF: https://help.aliyun.com/zh/oss/developer-reference/putcname - putBucketCnameWithCertificateReq := oss.PutBucketCname{ - Cname: d.config.Domain, - CertificateConfiguration: &oss.CertificateConfiguration{ - Certificate: certPEM, - PrivateKey: privkeyPEM, - Force: true, + putCnameReq := &oss.PutCnameRequest{ + Bucket: tea.String(d.config.Bucket), + BucketCnameConfiguration: &oss.BucketCnameConfiguration{ + Domain: tea.String(d.config.Domain), + CertificateConfiguration: &oss.CertificateConfiguration{ + Certificate: tea.String(certPEM), + PrivateKey: tea.String(privkeyPEM), + Force: tea.Bool(true), + }, }, } - err := d.sdkClient.PutBucketCnameWithCertificate(d.config.Bucket, putBucketCnameWithCertificateReq) - d.logger.Debug("sdk request 'oss.PutBucketCnameWithCertificate'", slog.Any("bucket", d.config.Bucket), slog.Any("request", putBucketCnameWithCertificateReq)) + putCnameResp, err := d.sdkClient.PutCname(context.TODO(), putCnameReq) + d.logger.Debug("sdk request 'oss.PutCname'", slog.Any("request", putCnameReq), slog.Any("response", putCnameResp)) if err != nil { - return nil, fmt.Errorf("failed to execute sdk request 'oss.PutBucketCnameWithCertificate': %w", err) + return nil, fmt.Errorf("failed to execute sdk request 'oss.PutCname': %w", err) } return &core.SSLDeployResult{}, nil @@ -106,10 +112,14 @@ func createSDKClient(accessKeyId, accessKeySecret, region string) (*oss.Client, endpoint = fmt.Sprintf("oss-%s.aliyuncs.com", region) } - client, err := oss.New(endpoint, accessKeyId, accessKeySecret) - if err != nil { - return nil, err + provider := credentials.NewStaticCredentialsProvider(accessKeyId, accessKeySecret) + config := oss.LoadDefaultConfig(). + WithCredentialsProvider(provider). + WithEndpoint(endpoint) + if region != "" { + config = config.WithRegion(region) } + client := oss.NewClient(config) return client, nil } From d9bd39aa87443684451e7ac530562456dc1d202a Mon Sep 17 00:00:00 2001 From: Fu Diwei Date: Thu, 30 Oct 2025 20:18:14 +0800 Subject: [PATCH 04/10] chore(deps): migrate volc-sdk-golang to volcengine-go-sdk --- .../volcengine-alb/volcengine_alb.go | 4 +- .../volcengine-cdn/volcengine_cdn.go | 59 +++++--- .../volcengine-clb/volcengine_clb.go | 4 +- .../volcengine-dcdn/volcengine_dcdn.go | 4 +- .../volcengine-cdn/volcengine_cdn.go | 59 +++++--- .../volcengine_certcenter.go | 16 ++- .../certcenter/api_import_certificate.go | 129 ------------------ pkg/sdk3rd/volcengine/certcenter/interface.go | 14 -- pkg/sdk3rd/volcengine/certcenter/service.go | 71 ---------- 9 files changed, 92 insertions(+), 268 deletions(-) delete mode 100644 pkg/sdk3rd/volcengine/certcenter/api_import_certificate.go delete mode 100644 pkg/sdk3rd/volcengine/certcenter/interface.go delete mode 100644 pkg/sdk3rd/volcengine/certcenter/service.go diff --git a/pkg/core/ssl-deployer/providers/volcengine-alb/volcengine_alb.go b/pkg/core/ssl-deployer/providers/volcengine-alb/volcengine_alb.go index 592e963d..14bdf3d6 100644 --- a/pkg/core/ssl-deployer/providers/volcengine-alb/volcengine_alb.go +++ b/pkg/core/ssl-deployer/providers/volcengine-alb/volcengine_alb.go @@ -260,7 +260,9 @@ func (d *SSLDeployerProvider) updateListenerCertificate(ctx context.Context, clo } func createSDKClient(accessKeyId, accessKeySecret, region string) (*vealb.ALB, error) { - config := ve.NewConfig().WithRegion(region).WithAkSk(accessKeyId, accessKeySecret) + config := ve.NewConfig(). + WithAkSk(accessKeyId, accessKeySecret). + WithRegion(region) session, err := vesession.NewSession(config) if err != nil { diff --git a/pkg/core/ssl-deployer/providers/volcengine-cdn/volcengine_cdn.go b/pkg/core/ssl-deployer/providers/volcengine-cdn/volcengine_cdn.go index 67c369c6..07dc46f6 100644 --- a/pkg/core/ssl-deployer/providers/volcengine-cdn/volcengine_cdn.go +++ b/pkg/core/ssl-deployer/providers/volcengine-cdn/volcengine_cdn.go @@ -7,8 +7,9 @@ import ( "log/slog" "strings" - vecdn "github.com/volcengine/volc-sdk-golang/service/cdn" + vecdn "github.com/volcengine/volcengine-go-sdk/service/cdn" ve "github.com/volcengine/volcengine-go-sdk/volcengine" + vesession "github.com/volcengine/volcengine-go-sdk/volcengine/session" "github.com/certimate-go/certimate/pkg/core" sslmgrsp "github.com/certimate-go/certimate/pkg/core/ssl-manager/providers/volcengine-cdn" @@ -41,9 +42,10 @@ func NewSSLDeployerProvider(config *SSLDeployerProviderConfig) (*SSLDeployerProv return nil, errors.New("the configuration of the ssl deployer provider is nil") } - client := vecdn.NewInstance() - client.Client.SetAccessKey(config.AccessKeyId) - client.Client.SetSecretKey(config.AccessKeySecret) + client, err := createSDKClient(config.AccessKeyId, config.AccessKeySecret) + if err != nil { + return nil, fmt.Errorf("could not create sdk client: %w", err) + } sslmgr, err := sslmgrsp.NewSSLManagerProvider(&sslmgrsp.SSLManagerProviderConfig{ AccessKeyId: config.AccessKeyId, @@ -164,7 +166,7 @@ func (d *SSLDeployerProvider) getMatchedDomainsByWildcard(ctx context.Context, w default: } - listCdnDomainsReq := &vecdn.ListCdnDomainsRequest{ + listCdnDomainsReq := &vecdn.ListCdnDomainsInput{ Domain: ve.String(strings.TrimPrefix(wildcardDomain, "*.")), Status: ve.String("online"), PageNum: ve.Int64(listCdnDomainsPageNum), @@ -176,15 +178,15 @@ func (d *SSLDeployerProvider) getMatchedDomainsByWildcard(ctx context.Context, w return nil, fmt.Errorf("failed to execute sdk request 'cdn.ListCdnDomains': %w", err) } - if listCdnDomainsResp.Result.Data != nil { - for _, domain := range listCdnDomainsResp.Result.Data { - if xcert.MatchHostname(wildcardDomain, domain.Domain) { - domains = append(domains, domain.Domain) + if listCdnDomainsResp.Data != nil { + for _, domain := range listCdnDomainsResp.Data { + if xcert.MatchHostname(wildcardDomain, ve.StringValue(domain.Domain)) { + domains = append(domains, ve.StringValue(domain.Domain)) } } } - if len(listCdnDomainsResp.Result.Data) < int(listCdnDomainsPageSize) { + if len(listCdnDomainsResp.Data) < int(listCdnDomainsPageSize) { break } else { listCdnDomainsPageSize++ @@ -199,8 +201,8 @@ func (d *SSLDeployerProvider) getMatchedDomainsByCertId(ctx context.Context, clo // 获取指定证书可关联的域名 // REF: https://www.volcengine.com/docs/6454/125711 - describeCertConfigReq := &vecdn.DescribeCertConfigRequest{ - CertId: cloudCertId, + describeCertConfigReq := &vecdn.DescribeCertConfigInput{ + CertId: ve.String(cloudCertId), } describeCertConfigResp, err := d.sdkClient.DescribeCertConfig(describeCertConfigReq) d.logger.Debug("sdk request 'cdn.DescribeCertConfig'", slog.Any("request", describeCertConfigReq), slog.Any("response", describeCertConfigResp)) @@ -208,20 +210,20 @@ func (d *SSLDeployerProvider) getMatchedDomainsByCertId(ctx context.Context, clo return nil, fmt.Errorf("failed to execute sdk request 'cdn.DescribeCertConfig': %w", err) } - if describeCertConfigResp.Result.CertNotConfig != nil { - for i := range describeCertConfigResp.Result.CertNotConfig { - domains = append(domains, describeCertConfigResp.Result.CertNotConfig[i].Domain) + if describeCertConfigResp.CertNotConfig != nil { + for i := range describeCertConfigResp.CertNotConfig { + domains = append(domains, ve.StringValue(describeCertConfigResp.CertNotConfig[i].Domain)) } } - if describeCertConfigResp.Result.OtherCertConfig != nil { - for i := range describeCertConfigResp.Result.OtherCertConfig { - domains = append(domains, describeCertConfigResp.Result.OtherCertConfig[i].Domain) + if describeCertConfigResp.OtherCertConfig != nil { + for i := range describeCertConfigResp.OtherCertConfig { + domains = append(domains, ve.StringValue(describeCertConfigResp.OtherCertConfig[i].Domain)) } } if len(domains) == 0 { - if len(describeCertConfigResp.Result.SpecifiedCertConfig) == 0 { + if len(describeCertConfigResp.SpecifiedCertConfig) == 0 { return nil, errors.New("domains not found") } } @@ -232,9 +234,9 @@ func (d *SSLDeployerProvider) getMatchedDomainsByCertId(ctx context.Context, clo func (d *SSLDeployerProvider) bindCert(ctx context.Context, domain string, cloudCertId string) error { // 关联证书与加速域名 // REF: https://www.volcengine.com/docs/6454/125712 - batchDeployCertReq := &vecdn.BatchDeployCertRequest{ - CertId: cloudCertId, - Domain: domain, + batchDeployCertReq := &vecdn.BatchDeployCertInput{ + Domain: ve.String(domain), + CertId: ve.String(cloudCertId), } batchDeployCertResp, err := d.sdkClient.BatchDeployCert(batchDeployCertReq) d.logger.Debug("sdk request 'cdn.BatchDeployCert'", slog.Any("request", batchDeployCertReq), slog.Any("response", batchDeployCertResp)) @@ -244,3 +246,16 @@ func (d *SSLDeployerProvider) bindCert(ctx context.Context, domain string, cloud return nil } + +func createSDKClient(accessKeyId, accessKeySecret string) (*vecdn.CDN, error) { + config := ve.NewConfig(). + WithAkSk(accessKeyId, accessKeySecret) + + session, err := vesession.NewSession(config) + if err != nil { + return nil, err + } + + client := vecdn.New(session) + return client, nil +} diff --git a/pkg/core/ssl-deployer/providers/volcengine-clb/volcengine_clb.go b/pkg/core/ssl-deployer/providers/volcengine-clb/volcengine_clb.go index 82a0ba5a..1eb92c11 100644 --- a/pkg/core/ssl-deployer/providers/volcengine-clb/volcengine_clb.go +++ b/pkg/core/ssl-deployer/providers/volcengine-clb/volcengine_clb.go @@ -212,7 +212,9 @@ func (d *SSLDeployerProvider) updateListenerCertificate(ctx context.Context, clo } func createSDKClient(accessKeyId, accessKeySecret, region string) (*veclb.CLB, error) { - config := ve.NewConfig().WithRegion(region).WithAkSk(accessKeyId, accessKeySecret) + config := ve.NewConfig(). + WithAkSk(accessKeyId, accessKeySecret). + WithRegion(region) session, err := vesession.NewSession(config) if err != nil { diff --git a/pkg/core/ssl-deployer/providers/volcengine-dcdn/volcengine_dcdn.go b/pkg/core/ssl-deployer/providers/volcengine-dcdn/volcengine_dcdn.go index 5481e47f..8ab5c631 100644 --- a/pkg/core/ssl-deployer/providers/volcengine-dcdn/volcengine_dcdn.go +++ b/pkg/core/ssl-deployer/providers/volcengine-dcdn/volcengine_dcdn.go @@ -109,7 +109,9 @@ func createSDKClient(accessKeyId, accessKeySecret, region string) (*vedcdn.DCDN, region = "cn-beijing" // DCDN 服务默认区域:北京 } - config := ve.NewConfig().WithRegion(region).WithAkSk(accessKeyId, accessKeySecret) + config := ve.NewConfig(). + WithAkSk(accessKeyId, accessKeySecret). + WithRegion(region) session, err := vesession.NewSession(config) if err != nil { diff --git a/pkg/core/ssl-manager/providers/volcengine-cdn/volcengine_cdn.go b/pkg/core/ssl-manager/providers/volcengine-cdn/volcengine_cdn.go index fd12f830..712adff0 100644 --- a/pkg/core/ssl-manager/providers/volcengine-cdn/volcengine_cdn.go +++ b/pkg/core/ssl-manager/providers/volcengine-cdn/volcengine_cdn.go @@ -11,8 +11,9 @@ import ( "strings" "time" - vecdn "github.com/volcengine/volc-sdk-golang/service/cdn" + vecdn "github.com/volcengine/volcengine-go-sdk/service/cdn" ve "github.com/volcengine/volcengine-go-sdk/volcengine" + vesession "github.com/volcengine/volcengine-go-sdk/volcengine/session" "github.com/certimate-go/certimate/pkg/core" xcert "github.com/certimate-go/certimate/pkg/utils/cert" @@ -38,9 +39,10 @@ func NewSSLManagerProvider(config *SSLManagerProviderConfig) (*SSLManagerProvide return nil, errors.New("the configuration of the ssl manager provider is nil") } - client := vecdn.NewInstance() - client.Client.SetAccessKey(config.AccessKeyId) - client.Client.SetSecretKey(config.AccessKeySecret) + client, err := createSDKClient(config.AccessKeyId, config.AccessKeySecret) + if err != nil { + return nil, fmt.Errorf("could not create sdk client: %w", err) + } return &SSLManagerProvider{ config: config, @@ -66,13 +68,13 @@ func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkey // 查询证书列表,避免重复上传 // REF: https://www.volcengine.com/docs/6454/125709 - listCertInfoPageNum := int64(1) - listCertInfoPageSize := int64(100) + listCertInfoPageNum := int32(1) + listCertInfoPageSize := int32(100) listCertInfoTotal := 0 - listCertInfoReq := &vecdn.ListCertInfoRequest{ - PageNum: ve.Int64(listCertInfoPageNum), - PageSize: ve.Int64(listCertInfoPageSize), - Source: "volc_cert_center", + listCertInfoReq := &vecdn.ListCertInfoInput{ + Source: ve.String("volc_cert_center"), + PageNum: ve.Int32(listCertInfoPageNum), + PageSize: ve.Int32(listCertInfoPageSize), } for { select { @@ -87,25 +89,25 @@ func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkey return nil, fmt.Errorf("failed to execute sdk request 'cdn.ListCertInfo': %w", err) } - if listCertInfoResp.Result.CertInfo != nil { - for _, certInfo := range listCertInfoResp.Result.CertInfo { + if listCertInfoResp.CertInfo != nil { + for _, certInfo := range listCertInfoResp.CertInfo { fingerprintSha1 := sha1.Sum(certX509.Raw) fingerprintSha256 := sha256.Sum256(certX509.Raw) - isSameCert := strings.EqualFold(hex.EncodeToString(fingerprintSha1[:]), certInfo.CertFingerprint.Sha1) && - strings.EqualFold(hex.EncodeToString(fingerprintSha256[:]), certInfo.CertFingerprint.Sha256) + isSameCert := strings.EqualFold(hex.EncodeToString(fingerprintSha1[:]), ve.StringValue(certInfo.CertFingerprint.Sha1)) && + strings.EqualFold(hex.EncodeToString(fingerprintSha256[:]), ve.StringValue(certInfo.CertFingerprint.Sha256)) // 如果已存在相同证书,直接返回 if isSameCert { m.logger.Info("ssl certificate already exists") return &core.SSLManageUploadResult{ - CertId: certInfo.CertId, - CertName: certInfo.Desc, + CertId: ve.StringValue(certInfo.CertId), + CertName: ve.StringValue(certInfo.Desc), }, nil } } } - listCertInfoLen := len(listCertInfoResp.Result.CertInfo) - if listCertInfoLen < int(listCertInfoPageSize) || int(listCertInfoResp.Result.Total) <= listCertInfoTotal+listCertInfoLen { + listCertInfoLen := len(listCertInfoResp.CertInfo) + if listCertInfoLen < int(listCertInfoPageSize) || int(ve.Int64Value(listCertInfoResp.Total)) <= listCertInfoTotal+listCertInfoLen { break } else { listCertInfoPageNum++ @@ -118,10 +120,10 @@ func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkey // 上传新证书 // REF: https://www.volcengine.com/docs/6454/1245763 - addCertificateReq := &vecdn.AddCertificateRequest{ - Certificate: certPEM, - PrivateKey: privkeyPEM, + addCertificateReq := &vecdn.AddCertificateInput{ Source: ve.String("volc_cert_center"), + Certificate: ve.String(certPEM), + PrivateKey: ve.String(privkeyPEM), Desc: ve.String(certName), } addCertificateResp, err := m.sdkClient.AddCertificate(addCertificateReq) @@ -131,7 +133,20 @@ func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkey } return &core.SSLManageUploadResult{ - CertId: addCertificateResp.Result.CertId, + CertId: ve.StringValue(addCertificateResp.CertId), CertName: certName, }, nil } + +func createSDKClient(accessKeyId, accessKeySecret string) (*vecdn.CDN, error) { + config := ve.NewConfig(). + WithAkSk(accessKeyId, accessKeySecret) + + session, err := vesession.NewSession(config) + if err != nil { + return nil, err + } + + client := vecdn.New(session) + return client, nil +} diff --git a/pkg/core/ssl-manager/providers/volcengine-certcenter/volcengine_certcenter.go b/pkg/core/ssl-manager/providers/volcengine-certcenter/volcengine_certcenter.go index cd70da9c..5cc3bd64 100644 --- a/pkg/core/ssl-manager/providers/volcengine-certcenter/volcengine_certcenter.go +++ b/pkg/core/ssl-manager/providers/volcengine-certcenter/volcengine_certcenter.go @@ -6,11 +6,11 @@ import ( "fmt" "log/slog" + vecs "github.com/volcengine/volcengine-go-sdk/service/certificateservice" ve "github.com/volcengine/volcengine-go-sdk/volcengine" vesession "github.com/volcengine/volcengine-go-sdk/volcengine/session" "github.com/certimate-go/certimate/pkg/core" - veccsdk "github.com/certimate-go/certimate/pkg/sdk3rd/volcengine/certcenter" ) type SSLManagerProviderConfig struct { @@ -25,7 +25,7 @@ type SSLManagerProviderConfig struct { type SSLManagerProvider struct { config *SSLManagerProviderConfig logger *slog.Logger - sdkClient *veccsdk.CertCenter + sdkClient *vecs.CERTIFICATESERVICE } var _ core.SSLManager = (*SSLManagerProvider)(nil) @@ -58,8 +58,8 @@ func (m *SSLManagerProvider) SetLogger(logger *slog.Logger) { func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkeyPEM string) (*core.SSLManageUploadResult, error) { // 上传证书 // REF: https://www.volcengine.com/docs/6638/1365580 - importCertificateReq := &veccsdk.ImportCertificateInput{ - CertificateInfo: &veccsdk.ImportCertificateInputCertificateInfo{ + importCertificateReq := &vecs.ImportCertificateInput{ + CertificateInfo: &vecs.CertificateInfoForImportCertificateInput{ CertificateChain: ve.String(certPEM), PrivateKey: ve.String(privkeyPEM), }, @@ -88,18 +88,20 @@ func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkey }, nil } -func createSDKClient(accessKeyId, accessKeySecret, region string) (*veccsdk.CertCenter, error) { +func createSDKClient(accessKeyId, accessKeySecret, region string) (*vecs.CERTIFICATESERVICE, error) { if region == "" { region = "cn-beijing" // 证书中心默认区域:北京 } - config := ve.NewConfig().WithRegion(region).WithAkSk(accessKeyId, accessKeySecret) + config := ve.NewConfig(). + WithAkSk(accessKeyId, accessKeySecret). + WithRegion(region) session, err := vesession.NewSession(config) if err != nil { return nil, err } - client := veccsdk.New(session) + client := vecs.New(session) return client, nil } diff --git a/pkg/sdk3rd/volcengine/certcenter/api_import_certificate.go b/pkg/sdk3rd/volcengine/certcenter/api_import_certificate.go deleted file mode 100644 index 6212508a..00000000 --- a/pkg/sdk3rd/volcengine/certcenter/api_import_certificate.go +++ /dev/null @@ -1,129 +0,0 @@ -package certcenter - -import ( - "github.com/volcengine/volcengine-go-sdk/volcengine" - "github.com/volcengine/volcengine-go-sdk/volcengine/request" - "github.com/volcengine/volcengine-go-sdk/volcengine/response" - "github.com/volcengine/volcengine-go-sdk/volcengine/volcengineutil" -) - -const opImportCertificateCommon = "ImportCertificate" - -func (c *CertCenter) ImportCertificateCommonRequest(input *map[string]interface{}) (req *request.Request, output *map[string]interface{}) { - op := &request.Operation{ - Name: opImportCertificateCommon, - HTTPMethod: "POST", - HTTPPath: "/", - } - - if input == nil { - input = &map[string]interface{}{} - } - - output = &map[string]interface{}{} - req = c.newRequest(op, input, output) - - req.HTTPRequest.Header.Set("Content-Type", "application/json; charset=utf-8") - - return -} - -func (c *CertCenter) ImportCertificateCommon(input *map[string]interface{}) (*map[string]interface{}, error) { - req, out := c.ImportCertificateCommonRequest(input) - return out, req.Send() -} - -func (c *CertCenter) ImportCertificateCommonWithContext(ctx volcengine.Context, input *map[string]interface{}, opts ...request.Option) (*map[string]interface{}, error) { - req, out := c.ImportCertificateCommonRequest(input) - req.SetContext(ctx) - req.ApplyOptions(opts...) - return out, req.Send() -} - -const opImportCertificate = "ImportCertificate" - -func (c *CertCenter) ImportCertificateRequest(input *ImportCertificateInput) (req *request.Request, output *ImportCertificateOutput) { - op := &request.Operation{ - Name: opImportCertificate, - HTTPMethod: "POST", - HTTPPath: "/", - } - - if input == nil { - input = &ImportCertificateInput{} - } - - output = &ImportCertificateOutput{} - req = c.newRequest(op, input, output) - - req.HTTPRequest.Header.Set("Content-Type", "application/json; charset=utf-8") - - return -} - -func (c *CertCenter) ImportCertificate(input *ImportCertificateInput) (*ImportCertificateOutput, error) { - req, out := c.ImportCertificateRequest(input) - return out, req.Send() -} - -func (c *CertCenter) ImportCertificateWithContext(ctx volcengine.Context, input *ImportCertificateInput, opts ...request.Option) (*ImportCertificateOutput, error) { - req, out := c.ImportCertificateRequest(input) - req.SetContext(ctx) - req.ApplyOptions(opts...) - return out, req.Send() -} - -type ImportCertificateInput struct { - _ struct{} `type:"structure" json:",omitempty"` - - Tag *string `type:"string" json:",omitempty"` - - ProjectName *string `type:"string" json:",omitempty"` - - Repeatable *bool `type:"boolean" json:",omitempty"` - - NoVerifyAndFixChain *bool `type:"boolean" json:",omitempty"` - - CertificateInfo *ImportCertificateInputCertificateInfo `type:"structure" json:",omitempty"` - - Tags *[]ImportCertificateInputTag `type:"list" json:",omitempty"` -} - -func (s ImportCertificateInput) String() string { - return volcengineutil.Prettify(s) -} - -func (s *ImportCertificateInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "ImportCertificateInput"} - - if invalidParams.Len() > 0 { - return invalidParams - } - return nil -} - -type ImportCertificateInputCertificateInfo struct { - CertificateChain *string `type:"string" json:",omitempty"` - - PrivateKey *string `type:"string" json:",omitempty"` -} - -type ImportCertificateInputTag struct { - Key *string `type:"string" json:",omitempty" required:"true"` - - Value *string `type:"string" json:",omitempty" required:"true"` -} - -type ImportCertificateOutput struct { - _ struct{} `type:"structure" json:",omitempty"` - - Metadata *response.ResponseMetadata - - InstanceId *string `type:"string" json:",omitempty"` - - RepeatId *string `type:"string" json:",omitempty"` -} - -func (s ImportCertificateOutput) String() string { - return volcengineutil.Prettify(s) -} diff --git a/pkg/sdk3rd/volcengine/certcenter/interface.go b/pkg/sdk3rd/volcengine/certcenter/interface.go deleted file mode 100644 index 75ba3729..00000000 --- a/pkg/sdk3rd/volcengine/certcenter/interface.go +++ /dev/null @@ -1,14 +0,0 @@ -package certcenter - -import ( - "github.com/volcengine/volcengine-go-sdk/volcengine" - "github.com/volcengine/volcengine-go-sdk/volcengine/request" -) - -type CertCenterAPI interface { - ImportCertificate(*ImportCertificateInput) (*ImportCertificateOutput, error) - ImportCertificateWithContext(volcengine.Context, *ImportCertificateInput, ...request.Option) (*ImportCertificateOutput, error) - ImportCertificateRequest(*ImportCertificateInput) (*request.Request, *ImportCertificateOutput) -} - -var _ CertCenterAPI = (*CertCenter)(nil) diff --git a/pkg/sdk3rd/volcengine/certcenter/service.go b/pkg/sdk3rd/volcengine/certcenter/service.go deleted file mode 100644 index 494e2995..00000000 --- a/pkg/sdk3rd/volcengine/certcenter/service.go +++ /dev/null @@ -1,71 +0,0 @@ -package certcenter - -import ( - "github.com/volcengine/volcengine-go-sdk/volcengine" - "github.com/volcengine/volcengine-go-sdk/volcengine/client" - "github.com/volcengine/volcengine-go-sdk/volcengine/client/metadata" - "github.com/volcengine/volcengine-go-sdk/volcengine/corehandlers" - "github.com/volcengine/volcengine-go-sdk/volcengine/request" - "github.com/volcengine/volcengine-go-sdk/volcengine/signer/volc" - "github.com/volcengine/volcengine-go-sdk/volcengine/volcenginequery" -) - -type CertCenter struct { - *client.Client -} - -var initClient func(*client.Client) - -var initRequest func(*request.Request) - -const ( - ServiceName = "certificate_service" - EndpointsID = ServiceName - ServiceID = "certificate_service" -) - -func New(p client.ConfigProvider, cfgs ...*volcengine.Config) *CertCenter { - c := p.ClientConfig(EndpointsID, cfgs...) - return newClient(*c.Config, c.Handlers, c.Endpoint, c.SigningRegion, c.SigningName) -} - -func newClient(cfg volcengine.Config, handlers request.Handlers, endpoint, signingRegion, signingName string) *CertCenter { - svc := &CertCenter{ - Client: client.New( - cfg, - metadata.ClientInfo{ - ServiceName: ServiceName, - ServiceID: ServiceID, - SigningName: signingName, - SigningRegion: signingRegion, - Endpoint: endpoint, - APIVersion: "2024-10-01", - }, - handlers, - ), - } - - svc.Handlers.Build.PushBackNamed(corehandlers.SDKVersionUserAgentHandler) - svc.Handlers.Build.PushBackNamed(corehandlers.AddHostExecEnvUserAgentHandler) - svc.Handlers.Sign.PushBackNamed(volc.SignRequestHandler) - svc.Handlers.Build.PushBackNamed(volcenginequery.BuildHandler) - svc.Handlers.Unmarshal.PushBackNamed(volcenginequery.UnmarshalHandler) - svc.Handlers.UnmarshalMeta.PushBackNamed(volcenginequery.UnmarshalMetaHandler) - svc.Handlers.UnmarshalError.PushBackNamed(volcenginequery.UnmarshalErrorHandler) - - if initClient != nil { - initClient(svc.Client) - } - - return svc -} - -func (c *CertCenter) newRequest(op *request.Operation, params, data interface{}) *request.Request { - req := c.NewRequest(op, params, data) - - if initRequest != nil { - initRequest(req) - } - - return req -} From 0ec3596745f1c89fe9c1c708fcb1889743d56850 Mon Sep 17 00:00:00 2001 From: Fu Diwei Date: Thu, 30 Oct 2025 20:18:14 +0800 Subject: [PATCH 05/10] refactor: clean code --- .../workflow/engine/executor_bizupload.go | 3 +- .../azure-keyvault/azure_keyvault.go | 9 ++--- .../providers/aliyun-cas/aliyun_cas.go | 32 ++++++----------- .../providers/aliyun-slb/aliyun_slb.go | 6 ++-- .../ssl-manager/providers/aws-acm/aws_acm.go | 8 +---- .../ssl-manager/providers/aws-iam/aws_iam.go | 8 +---- .../azure-keyvault/azure_keyvault.go | 8 +---- .../baiducloud-cert/baiducloud_cert.go | 6 +--- .../providers/ctcccloud-ao/ctcccloud_ao.go | 29 ++++++--------- .../providers/ctcccloud-cdn/ctcccloud_cdn.go | 29 ++++++--------- .../providers/ctcccloud-elb/ctcccloud_elb.go | 20 +---------- .../ctcccloud-icdn/ctcccloud_icdn.go | 29 ++++++--------- .../ctcccloud-lvdn/ctcccloud_lvdn.go | 29 ++++++--------- .../huaweicloud-elb/huaweicloud_elb.go | 20 +---------- .../huaweicloud-scm/huaweicloud_scm.go | 30 ++++++---------- .../huaweicloud-waf/huaweicloud_waf.go | 20 +---------- .../rainyun-sslcenter/rainyun_sslcenter.go | 26 ++++---------- .../volcengine-live/volcengine_live.go | 22 ++---------- pkg/utils/cert/common.go | 24 +------------ pkg/utils/cert/comparer.go | 35 +++++++++++++++++++ pkg/utils/cert/extractor.go | 2 +- pkg/utils/cert/transformer.go | 6 ++-- 22 files changed, 125 insertions(+), 276 deletions(-) create mode 100644 pkg/utils/cert/comparer.go diff --git a/internal/workflow/engine/executor_bizupload.go b/internal/workflow/engine/executor_bizupload.go index d17da8ce..c2222337 100644 --- a/internal/workflow/engine/executor_bizupload.go +++ b/internal/workflow/engine/executor_bizupload.go @@ -160,8 +160,7 @@ func (ne *bizUploadNodeExecutor) Execute(execCtx *NodeExecutionContext) (*NodeEx // 二次检测是否可以跳过执行 if lastCertificate != nil { - lastCertX509, err := xcert.ParseCertificateFromPEM(lastCertificate.Certificate) - if err == nil && xcert.EqualCertificates(certX509, lastCertX509) { + if xcert.EqualCertificatesFromPEM(certPEM, lastCertificate.Certificate) { ne.logger.Info("skip this uploading, because the last uploaded certificate already exists") return execRes, nil } diff --git a/pkg/core/ssl-deployer/providers/azure-keyvault/azure_keyvault.go b/pkg/core/ssl-deployer/providers/azure-keyvault/azure_keyvault.go index dd0dd3b3..bd113189 100644 --- a/pkg/core/ssl-deployer/providers/azure-keyvault/azure_keyvault.go +++ b/pkg/core/ssl-deployer/providers/azure-keyvault/azure_keyvault.go @@ -2,7 +2,6 @@ package azurekeyvault import ( "context" - "crypto/x509" "encoding/base64" "errors" "fmt" @@ -115,11 +114,9 @@ func (d *SSLDeployerProvider) Deploy(ctx context.Context, certPEM string, privke return nil, fmt.Errorf("failed to execute sdk request 'keyvault.GetCertificate': %w", err) } } else { - oldCertX509, err := x509.ParseCertificate(getCertificateResp.CER) - if err == nil { - if xcert.EqualCertificates(certX509, oldCertX509) { - return &core.SSLDeployResult{}, nil - } + // 如果已存在相同证书,直接返回 + if xcert.EqualCertificatesFromPEM(certPEM, string(getCertificateResp.CER)) { + return &core.SSLDeployResult{}, nil } } diff --git a/pkg/core/ssl-manager/providers/aliyun-cas/aliyun_cas.go b/pkg/core/ssl-manager/providers/aliyun-cas/aliyun_cas.go index 15c4e940..4682e4d4 100644 --- a/pkg/core/ssl-manager/providers/aliyun-cas/aliyun_cas.go +++ b/pkg/core/ssl-manager/providers/aliyun-cas/aliyun_cas.go @@ -115,32 +115,22 @@ func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkey m.logger.Debug("sdk request 'cas.GetUserCertificateDetail'", slog.Any("request", getUserCertificateDetailReq), slog.Any("response", getUserCertificateDetailResp)) if err != nil { return nil, fmt.Errorf("failed to execute sdk request 'cas.GetUserCertificateDetail': %w", err) - } - - var isSameCert bool - if *getUserCertificateDetailResp.Body.Cert == certPEM { - isSameCert = true } else { - oldCertX509, err := xcert.ParseCertificateFromPEM(*getUserCertificateDetailResp.Body.Cert) - if err != nil { + if !xcert.EqualCertificatesFromPEM(certPEM, tea.StringValue(getUserCertificateDetailResp.Body.Cert)) { continue } - - isSameCert = xcert.EqualCertificates(certX509, oldCertX509) } - // 如果已存在相同证书,直接返回 - if isSameCert { - m.logger.Info("ssl certificate already exists") - return &core.SSLManageUploadResult{ - CertId: fmt.Sprintf("%d", tea.Int64Value(certOrder.CertificateId)), - CertName: *certOrder.Name, - ExtendedData: map[string]any{ - "InstanceId": tea.StringValue(getUserCertificateDetailResp.Body.InstanceId), - "CertIdentifier": tea.StringValue(getUserCertificateDetailResp.Body.CertIdentifier), - }, - }, nil - } + // 如果以上信息都一致,则视为已存在相同证书,直接返回 + m.logger.Info("ssl certificate already exists") + return &core.SSLManageUploadResult{ + CertId: fmt.Sprintf("%d", tea.Int64Value(certOrder.CertificateId)), + CertName: *certOrder.Name, + ExtendedData: map[string]any{ + "InstanceId": tea.StringValue(getUserCertificateDetailResp.Body.InstanceId), + "CertIdentifier": tea.StringValue(getUserCertificateDetailResp.Body.CertIdentifier), + }, + }, nil } } diff --git a/pkg/core/ssl-manager/providers/aliyun-slb/aliyun_slb.go b/pkg/core/ssl-manager/providers/aliyun-slb/aliyun_slb.go index a761dcc6..572dd02d 100644 --- a/pkg/core/ssl-manager/providers/aliyun-slb/aliyun_slb.go +++ b/pkg/core/ssl-manager/providers/aliyun-slb/aliyun_slb.go @@ -87,9 +87,9 @@ func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkey fingerprint := sha256.Sum256(certX509.Raw) fingerprintHex := hex.EncodeToString(fingerprint[:]) for _, serverCert := range describeServerCertificatesResp.Body.ServerCertificates.ServerCertificate { - isSameCert := *serverCert.IsAliCloudCertificate == 0 && - strings.EqualFold(fingerprintHex, strings.ReplaceAll(*serverCert.Fingerprint, ":", "")) && - strings.EqualFold(certX509.Subject.CommonName, *serverCert.CommonName) + isSameCert := tea.Int32Value(serverCert.IsAliCloudCertificate) == 0 && + strings.EqualFold(fingerprintHex, strings.ReplaceAll(tea.StringValue(serverCert.Fingerprint), ":", "")) && + strings.EqualFold(certX509.Subject.CommonName, tea.StringValue(serverCert.CommonName)) // 如果已存在相同证书,直接返回 if isSameCert { m.logger.Info("ssl certificate already exists") diff --git a/pkg/core/ssl-manager/providers/aws-acm/aws_acm.go b/pkg/core/ssl-manager/providers/aws-acm/aws_acm.go index b421d43e..0050210c 100644 --- a/pkg/core/ssl-manager/providers/aws-acm/aws_acm.go +++ b/pkg/core/ssl-manager/providers/aws-acm/aws_acm.go @@ -115,13 +115,7 @@ func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkey if err != nil { return nil, fmt.Errorf("failed to execute sdk request 'acm.GetCertificate': %w", err) } else { - oldCertPEM := aws.ToString(getCertificateResp.Certificate) - oldCertX509, err := xcert.ParseCertificateFromPEM(oldCertPEM) - if err != nil { - continue - } - - if !xcert.EqualCertificates(certX509, oldCertX509) { + if !xcert.EqualCertificatesFromPEM(certPEM, aws.ToString(getCertificateResp.Certificate)) { continue } } diff --git a/pkg/core/ssl-manager/providers/aws-iam/aws_iam.go b/pkg/core/ssl-manager/providers/aws-iam/aws_iam.go index cff65a05..236283d6 100644 --- a/pkg/core/ssl-manager/providers/aws-iam/aws_iam.go +++ b/pkg/core/ssl-manager/providers/aws-iam/aws_iam.go @@ -118,13 +118,7 @@ func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkey if err != nil { return nil, fmt.Errorf("failed to execute sdk request 'iam.GetServerCertificate': %w", err) } else { - oldCertPEM := aws.ToString(getServerCertificateResp.ServerCertificate.CertificateBody) - oldCertX509, err := xcert.ParseCertificateFromPEM(oldCertPEM) - if err != nil { - continue - } - - if !xcert.EqualCertificates(certX509, oldCertX509) { + if !xcert.EqualCertificatesFromPEM(certPEM, aws.ToString(getServerCertificateResp.ServerCertificate.CertificateBody)) { continue } } diff --git a/pkg/core/ssl-manager/providers/azure-keyvault/azure_keyvault.go b/pkg/core/ssl-manager/providers/azure-keyvault/azure_keyvault.go index 72979937..beda6541 100644 --- a/pkg/core/ssl-manager/providers/azure-keyvault/azure_keyvault.go +++ b/pkg/core/ssl-manager/providers/azure-keyvault/azure_keyvault.go @@ -2,7 +2,6 @@ package azurekeyvault import ( "context" - "crypto/x509" "encoding/base64" "errors" "fmt" @@ -119,12 +118,7 @@ func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkey if err != nil { return nil, fmt.Errorf("failed to execute sdk request 'keyvault.GetCertificate': %w", err) } else { - oldCertX509, err := x509.ParseCertificate(getCertificateResp.CER) - if err != nil { - continue - } - - if !xcert.EqualCertificates(certX509, oldCertX509) { + if !xcert.EqualCertificatesFromPEM(certPEM, string(getCertificateResp.CER)) { continue } } diff --git a/pkg/core/ssl-manager/providers/baiducloud-cert/baiducloud_cert.go b/pkg/core/ssl-manager/providers/baiducloud-cert/baiducloud_cert.go index 3fe0c689..a99b1a8d 100644 --- a/pkg/core/ssl-manager/providers/baiducloud-cert/baiducloud_cert.go +++ b/pkg/core/ssl-manager/providers/baiducloud-cert/baiducloud_cert.go @@ -91,11 +91,7 @@ func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkey if err != nil { return nil, fmt.Errorf("failed to execute sdk request 'cert.GetCertRawData': %w", err) } else { - oldCertX509, err := xcert.ParseCertificateFromPEM(getCertDetailResp.CertServerData) - if err != nil { - continue - } - if !xcert.EqualCertificates(certX509, oldCertX509) { + if !xcert.EqualCertificatesFromPEM(certPEM, getCertDetailResp.CertServerData) { continue } } diff --git a/pkg/core/ssl-manager/providers/ctcccloud-ao/ctcccloud_ao.go b/pkg/core/ssl-manager/providers/ctcccloud-ao/ctcccloud_ao.go index 30f6ef94..3814a372 100644 --- a/pkg/core/ssl-manager/providers/ctcccloud-ao/ctcccloud_ao.go +++ b/pkg/core/ssl-manager/providers/ctcccloud-ao/ctcccloud_ao.go @@ -104,6 +104,7 @@ func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkey continue } + // 最后对比证书内容 // 查询证书详情 // REF: https://eop.ctyun.cn/ebp/ctapiDocument/search?sid=113&api=13015&data=174&isNormal=1&vid=167 queryCertReq := &ctyunao.QueryCertRequest{ @@ -114,27 +115,17 @@ func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkey if err != nil { return nil, fmt.Errorf("failed to execute sdk request 'ao.QueryCert': %w", err) } else if queryCertResp.ReturnObj != nil && queryCertResp.ReturnObj.Result != nil { - var isSameCert bool - if queryCertResp.ReturnObj.Result.Certs == certPEM { - isSameCert = true - } else { - oldCertX509, err := xcert.ParseCertificateFromPEM(queryCertResp.ReturnObj.Result.Certs) - if err != nil { - continue - } - - isSameCert = xcert.EqualCertificates(certX509, oldCertX509) - } - - // 如果已存在相同证书,直接返回 - if isSameCert { - m.logger.Info("ssl certificate already exists") - return &core.SSLManageUploadResult{ - CertId: fmt.Sprintf("%d", queryCertResp.ReturnObj.Result.Id), - CertName: queryCertResp.ReturnObj.Result.Name, - }, nil + if !xcert.EqualCertificatesFromPEM(certPEM, queryCertResp.ReturnObj.Result.Certs) { + continue } } + + // 如果以上信息都一致,则视为已存在相同证书,直接返回 + m.logger.Info("ssl certificate already exists") + return &core.SSLManageUploadResult{ + CertId: fmt.Sprintf("%d", queryCertResp.ReturnObj.Result.Id), + CertName: queryCertResp.ReturnObj.Result.Name, + }, nil } } diff --git a/pkg/core/ssl-manager/providers/ctcccloud-cdn/ctcccloud_cdn.go b/pkg/core/ssl-manager/providers/ctcccloud-cdn/ctcccloud_cdn.go index 6bc4f1df..b5647cc3 100644 --- a/pkg/core/ssl-manager/providers/ctcccloud-cdn/ctcccloud_cdn.go +++ b/pkg/core/ssl-manager/providers/ctcccloud-cdn/ctcccloud_cdn.go @@ -104,6 +104,7 @@ func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkey continue } + // 最后对比证书内容 // 查询证书详情 // REF: https://eop.ctyun.cn/ebp/ctapiDocument/search?sid=108&api=10899&data=161&isNormal=1&vid=154 queryCertDetailReq := &ctyuncdn.QueryCertDetailRequest{ @@ -114,27 +115,17 @@ func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkey if err != nil { return nil, fmt.Errorf("failed to execute sdk request 'cdn.QueryCertDetail': %w", err) } else if queryCertDetailResp.ReturnObj != nil && queryCertDetailResp.ReturnObj.Result != nil { - var isSameCert bool - if queryCertDetailResp.ReturnObj.Result.Certs == certPEM { - isSameCert = true - } else { - oldCertX509, err := xcert.ParseCertificateFromPEM(queryCertDetailResp.ReturnObj.Result.Certs) - if err != nil { - continue - } - - isSameCert = xcert.EqualCertificates(certX509, oldCertX509) - } - - // 如果已存在相同证书,直接返回 - if isSameCert { - m.logger.Info("ssl certificate already exists") - return &core.SSLManageUploadResult{ - CertId: fmt.Sprintf("%d", queryCertDetailResp.ReturnObj.Result.Id), - CertName: queryCertDetailResp.ReturnObj.Result.Name, - }, nil + if !xcert.EqualCertificatesFromPEM(certPEM, queryCertDetailResp.ReturnObj.Result.Certs) { + continue } } + + // 如果以上信息都一致,则视为已存在相同证书,直接返回 + m.logger.Info("ssl certificate already exists") + return &core.SSLManageUploadResult{ + CertId: fmt.Sprintf("%d", queryCertDetailResp.ReturnObj.Result.Id), + CertName: queryCertDetailResp.ReturnObj.Result.Name, + }, nil } } diff --git a/pkg/core/ssl-manager/providers/ctcccloud-elb/ctcccloud_elb.go b/pkg/core/ssl-manager/providers/ctcccloud-elb/ctcccloud_elb.go index 43104d00..9c8dbef3 100644 --- a/pkg/core/ssl-manager/providers/ctcccloud-elb/ctcccloud_elb.go +++ b/pkg/core/ssl-manager/providers/ctcccloud-elb/ctcccloud_elb.go @@ -58,12 +58,6 @@ func (m *SSLManagerProvider) SetLogger(logger *slog.Logger) { } func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkeyPEM string) (*core.SSLManageUploadResult, error) { - // 解析证书内容 - certX509, err := xcert.ParseCertificateFromPEM(certPEM) - if err != nil { - return nil, err - } - // 查询证书列表,避免重复上传 // REF: https://eop.ctyun.cn/ebp/ctapiDocument/search?sid=24&api=5692&data=88&isNormal=1&vid=82 listCertificatesReq := &ctyunelb.ListCertificatesRequest{ @@ -75,20 +69,8 @@ func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkey return nil, fmt.Errorf("failed to execute sdk request 'elb.ListCertificates': %w", err) } else { for _, certRecord := range listCertificatesResp.ReturnObj { - var isSameCert bool - if certRecord.Certificate == certPEM { - isSameCert = true - } else { - oldCertX509, err := xcert.ParseCertificateFromPEM(certRecord.Certificate) - if err != nil { - continue - } - - isSameCert = xcert.EqualCertificates(certX509, oldCertX509) - } - // 如果已存在相同证书,直接返回 - if isSameCert { + if xcert.EqualCertificatesFromPEM(certPEM, certRecord.Certificate) { m.logger.Info("ssl certificate already exists") return &core.SSLManageUploadResult{ CertId: certRecord.ID, diff --git a/pkg/core/ssl-manager/providers/ctcccloud-icdn/ctcccloud_icdn.go b/pkg/core/ssl-manager/providers/ctcccloud-icdn/ctcccloud_icdn.go index d42d1be5..ebe8ee40 100644 --- a/pkg/core/ssl-manager/providers/ctcccloud-icdn/ctcccloud_icdn.go +++ b/pkg/core/ssl-manager/providers/ctcccloud-icdn/ctcccloud_icdn.go @@ -104,6 +104,7 @@ func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkey continue } + // 最后对比证书内容 // 查询证书详情 // REF: https://eop.ctyun.cn/ebp/ctapiDocument/search?sid=112&api=10837&data=173&isNormal=1&vid=166 queryCertDetailReq := &ctyunicdn.QueryCertDetailRequest{ @@ -114,27 +115,17 @@ func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkey if err != nil { return nil, fmt.Errorf("failed to execute sdk request 'icdn.QueryCertDetail': %w", err) } else if queryCertDetailResp.ReturnObj != nil && queryCertDetailResp.ReturnObj.Result != nil { - var isSameCert bool - if queryCertDetailResp.ReturnObj.Result.Certs == certPEM { - isSameCert = true - } else { - oldCertX509, err := xcert.ParseCertificateFromPEM(queryCertDetailResp.ReturnObj.Result.Certs) - if err != nil { - continue - } - - isSameCert = xcert.EqualCertificates(certX509, oldCertX509) - } - - // 如果已存在相同证书,直接返回 - if isSameCert { - m.logger.Info("ssl certificate already exists") - return &core.SSLManageUploadResult{ - CertId: fmt.Sprintf("%d", queryCertDetailResp.ReturnObj.Result.Id), - CertName: queryCertDetailResp.ReturnObj.Result.Name, - }, nil + if !xcert.EqualCertificatesFromPEM(certPEM, queryCertDetailResp.ReturnObj.Result.Certs) { + continue } } + + // 如果以上信息都一致,则视为已存在相同证书,直接返回 + m.logger.Info("ssl certificate already exists") + return &core.SSLManageUploadResult{ + CertId: fmt.Sprintf("%d", queryCertDetailResp.ReturnObj.Result.Id), + CertName: queryCertDetailResp.ReturnObj.Result.Name, + }, nil } } diff --git a/pkg/core/ssl-manager/providers/ctcccloud-lvdn/ctcccloud_lvdn.go b/pkg/core/ssl-manager/providers/ctcccloud-lvdn/ctcccloud_lvdn.go index 94faf178..dafa4c03 100644 --- a/pkg/core/ssl-manager/providers/ctcccloud-lvdn/ctcccloud_lvdn.go +++ b/pkg/core/ssl-manager/providers/ctcccloud-lvdn/ctcccloud_lvdn.go @@ -104,6 +104,7 @@ func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkey continue } + // 最后对比证书内容 // 查询证书详情 // REF: https://eop.ctyun.cn/ebp/ctapiDocument/search?sid=125&api=11449&data=183&isNormal=1&vid=261 queryCertDetailReq := &ctyunlvdn.QueryCertDetailRequest{ @@ -114,27 +115,17 @@ func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkey if err != nil { return nil, fmt.Errorf("failed to execute sdk request 'lvdn.QueryCertDetail': %w", err) } else if queryCertDetailResp.ReturnObj != nil && queryCertDetailResp.ReturnObj.Result != nil { - var isSameCert bool - if queryCertDetailResp.ReturnObj.Result.Certs == certPEM { - isSameCert = true - } else { - oldCertX509, err := xcert.ParseCertificateFromPEM(queryCertDetailResp.ReturnObj.Result.Certs) - if err != nil { - continue - } - - isSameCert = xcert.EqualCertificates(certX509, oldCertX509) - } - - // 如果已存在相同证书,直接返回 - if isSameCert { - m.logger.Info("ssl certificate already exists") - return &core.SSLManageUploadResult{ - CertId: fmt.Sprintf("%d", queryCertDetailResp.ReturnObj.Result.Id), - CertName: queryCertDetailResp.ReturnObj.Result.Name, - }, nil + if !xcert.EqualCertificatesFromPEM(certPEM, queryCertDetailResp.ReturnObj.Result.Certs) { + continue } } + + // 如果以上信息都一致,则视为已存在相同证书,直接返回 + m.logger.Info("ssl certificate already exists") + return &core.SSLManageUploadResult{ + CertId: fmt.Sprintf("%d", queryCertDetailResp.ReturnObj.Result.Id), + CertName: queryCertDetailResp.ReturnObj.Result.Name, + }, nil } } diff --git a/pkg/core/ssl-manager/providers/huaweicloud-elb/huaweicloud_elb.go b/pkg/core/ssl-manager/providers/huaweicloud-elb/huaweicloud_elb.go index bc9e2436..ed525e7c 100644 --- a/pkg/core/ssl-manager/providers/huaweicloud-elb/huaweicloud_elb.go +++ b/pkg/core/ssl-manager/providers/huaweicloud-elb/huaweicloud_elb.go @@ -66,12 +66,6 @@ func (m *SSLManagerProvider) SetLogger(logger *slog.Logger) { } func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkeyPEM string) (*core.SSLManageUploadResult, error) { - // 解析证书内容 - certX509, err := xcert.ParseCertificateFromPEM(certPEM) - if err != nil { - return nil, err - } - // 遍历查询已有证书,避免重复上传 // REF: https://support.huaweicloud.com/api-elb/ListCertificates.html listCertificatesLimit := int32(2000) @@ -96,20 +90,8 @@ func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkey if listCertificatesResp.Certificates != nil { for _, certInfo := range *listCertificatesResp.Certificates { - var isSameCert bool - if certInfo.Certificate == certPEM { - isSameCert = true - } else { - oldCertX509, err := xcert.ParseCertificateFromPEM(certInfo.Certificate) - if err != nil { - continue - } - - isSameCert = xcert.EqualCertificates(certX509, oldCertX509) - } - // 如果已存在相同证书,直接返回 - if isSameCert { + if xcert.EqualCertificatesFromPEM(certPEM, certInfo.Certificate) { m.logger.Info("ssl certificate already exists") return &core.SSLManageUploadResult{ CertId: certInfo.Id, diff --git a/pkg/core/ssl-manager/providers/huaweicloud-scm/huaweicloud_scm.go b/pkg/core/ssl-manager/providers/huaweicloud-scm/huaweicloud_scm.go index 6f17d27a..2ef5c318 100644 --- a/pkg/core/ssl-manager/providers/huaweicloud-scm/huaweicloud_scm.go +++ b/pkg/core/ssl-manager/providers/huaweicloud-scm/huaweicloud_scm.go @@ -107,6 +107,8 @@ func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkey } // 最后对比证书内容 + // 导出证书 + // REF: https://support.huaweicloud.com/api-ccm/ExportCertificate_0.html exportCertificateReq := &hcscmmodel.ExportCertificateRequest{ CertificateId: certDetail.Id, } @@ -118,27 +120,17 @@ func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkey } return nil, fmt.Errorf("failed to execute sdk request 'scm.ExportCertificate': %w", err) } else { - var isSameCert bool - if *exportCertificateResp.Certificate == certPEM { - isSameCert = true - } else { - oldCertX509, err := xcert.ParseCertificateFromPEM(*exportCertificateResp.Certificate) - if err != nil { - continue - } - - isSameCert = xcert.EqualCertificates(certX509, oldCertX509) - } - - // 如果已存在相同证书,直接返回 - if isSameCert { - m.logger.Info("ssl certificate already exists") - return &core.SSLManageUploadResult{ - CertId: certDetail.Id, - CertName: certDetail.Name, - }, nil + if !xcert.EqualCertificatesFromPEM(certPEM, lo.FromPtr(exportCertificateResp.Certificate)) { + continue } } + + // 如果以上信息都一致,则视为已存在相同证书,直接返回 + m.logger.Info("ssl certificate already exists") + return &core.SSLManageUploadResult{ + CertId: certDetail.Id, + CertName: certDetail.Name, + }, nil } } diff --git a/pkg/core/ssl-manager/providers/huaweicloud-waf/huaweicloud_waf.go b/pkg/core/ssl-manager/providers/huaweicloud-waf/huaweicloud_waf.go index 4daa7d36..9151b425 100644 --- a/pkg/core/ssl-manager/providers/huaweicloud-waf/huaweicloud_waf.go +++ b/pkg/core/ssl-manager/providers/huaweicloud-waf/huaweicloud_waf.go @@ -66,12 +66,6 @@ func (m *SSLManagerProvider) SetLogger(logger *slog.Logger) { } func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkeyPEM string) (*core.SSLManageUploadResult, error) { - // 解析证书内容 - certX509, err := xcert.ParseCertificateFromPEM(certPEM) - if err != nil { - return nil, err - } - // 遍历查询已有证书,避免重复上传 // REF: https://support.huaweicloud.com/api-waf/ListCertificates.html // REF: https://support.huaweicloud.com/api-waf/ShowCertificate.html @@ -107,20 +101,8 @@ func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkey return nil, fmt.Errorf("failed to execute sdk request 'waf.ShowCertificate': %w", err) } - var isSameCert bool - if *showCertificateResp.Content == certPEM { - isSameCert = true - } else { - oldCertX509, err := xcert.ParseCertificateFromPEM(*showCertificateResp.Content) - if err != nil { - continue - } - - isSameCert = xcert.EqualCertificates(certX509, oldCertX509) - } - // 如果已存在相同证书,直接返回 - if isSameCert { + if xcert.EqualCertificatesFromPEM(certPEM, lo.FromPtr(showCertificateResp.Content)) { m.logger.Info("ssl certificate already exists") return &core.SSLManageUploadResult{ CertId: certItem.Id, diff --git a/pkg/core/ssl-manager/providers/rainyun-sslcenter/rainyun_sslcenter.go b/pkg/core/ssl-manager/providers/rainyun-sslcenter/rainyun_sslcenter.go index 82b9c9a4..9b56fcb2 100644 --- a/pkg/core/ssl-manager/providers/rainyun-sslcenter/rainyun_sslcenter.go +++ b/pkg/core/ssl-manager/providers/rainyun-sslcenter/rainyun_sslcenter.go @@ -129,28 +129,16 @@ func (m *SSLManagerProvider) findCertIfExists(ctx context.Context, certPEM strin sslCenterGetResp, err := m.sdkClient.SslCenterGet(sslRecord.ID) if err != nil { return nil, fmt.Errorf("failed to execute sdk request 'sslcenter.Get': %w", err) - } - - var isSameCert bool - if sslCenterGetResp.Data != nil { - if sslCenterGetResp.Data.Cert == certPEM { - isSameCert = true - } else { - oldCertX509, err := xcert.ParseCertificateFromPEM(sslCenterGetResp.Data.Cert) - if err != nil { - continue - } - - isSameCert = xcert.EqualCertificates(certX509, oldCertX509) + } else { + if !xcert.EqualCertificatesFromPEM(certPEM, sslCenterGetResp.Data.Cert) { + continue } } - // 如果已存在相同证书,直接返回 - if isSameCert { - return &core.SSLManageUploadResult{ - CertId: fmt.Sprintf("%d", sslRecord.ID), - }, nil - } + // 如果以上信息都一致,则视为已存在相同证书,直接返回 + return &core.SSLManageUploadResult{ + CertId: fmt.Sprintf("%d", sslRecord.ID), + }, nil } } diff --git a/pkg/core/ssl-manager/providers/volcengine-live/volcengine_live.go b/pkg/core/ssl-manager/providers/volcengine-live/volcengine_live.go index baf7e0c4..6ba85333 100644 --- a/pkg/core/ssl-manager/providers/volcengine-live/volcengine_live.go +++ b/pkg/core/ssl-manager/providers/volcengine-live/volcengine_live.go @@ -55,12 +55,6 @@ func (m *SSLManagerProvider) SetLogger(logger *slog.Logger) { } func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkeyPEM string) (*core.SSLManageUploadResult, error) { - // 解析证书内容 - certX509, err := xcert.ParseCertificateFromPEM(certPEM) - if err != nil { - return nil, err - } - // 查询证书列表,避免重复上传 // REF: https://www.volcengine.com/docs/6469/1186278#%E6%9F%A5%E8%AF%A2%E8%AF%81%E4%B9%A6%E5%88%97%E8%A1%A8 listCertReq := &velive.ListCertV2Body{} @@ -82,21 +76,9 @@ func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkey continue } - var isSameCert bool - certificate := strings.Join(describeCertDetailSecretResp.Result.SSL.Chain, "\n\n") - if certificate == certPEM { - isSameCert = true - } else { - oldCertX509, err := xcert.ParseCertificateFromPEM(certificate) - if err != nil { - continue - } - - isSameCert = xcert.EqualCertificates(certX509, oldCertX509) - } - + oldCertPEM := strings.Join(describeCertDetailSecretResp.Result.SSL.Chain, "\n\n") // 如果已存在相同证书,直接返回 - if isSameCert { + if xcert.EqualCertificatesFromPEM(certPEM, oldCertPEM) { m.logger.Info("ssl certificate already exists") return &core.SSLManageUploadResult{ CertId: certInfo.ChainID, diff --git a/pkg/utils/cert/common.go b/pkg/utils/cert/common.go index fbae6301..631d5ea0 100644 --- a/pkg/utils/cert/common.go +++ b/pkg/utils/cert/common.go @@ -1,32 +1,10 @@ package cert import ( - "crypto/x509" "encoding/pem" ) -// 比较两个 x509.Certificate 对象,判断它们是否是同一张证书。 -// 注意,这不是精确比较,而只是基于证书序列号和数字签名的快速判断,但对于权威 CA 签发的证书来说不会存在误判。 -// -// 入参: -// - a: 待比较的第一个 x509.Certificate 对象。 -// - b: 待比较的第二个 x509.Certificate 对象。 -// -// 出参: -// - 是否相同。 -func EqualCertificates(a, b *x509.Certificate) bool { - if a == nil || b == nil { - return false - } - - return string(a.Signature) == string(b.Signature) && - a.SignatureAlgorithm == b.SignatureAlgorithm && - a.SerialNumber.String() == b.SerialNumber.String() && - a.Issuer.SerialNumber == b.Issuer.SerialNumber && - a.Subject.SerialNumber == b.Subject.SerialNumber -} - -func decodePEM(data []byte) []*pem.Block { +func decodePEMBlocks(data []byte) []*pem.Block { blocks := make([]*pem.Block, 0) for { block, rest := pem.Decode(data) diff --git a/pkg/utils/cert/comparer.go b/pkg/utils/cert/comparer.go new file mode 100644 index 00000000..59873bd6 --- /dev/null +++ b/pkg/utils/cert/comparer.go @@ -0,0 +1,35 @@ +package cert + +import ( + "crypto/x509" +) + +// 比较两个 x509.Certificate 对象,判断它们是否是同一张证书。 +// +// 入参: +// - a: 待比较的第一个 x509.Certificate 对象。 +// - b: 待比较的第二个 x509.Certificate 对象。 +// +// 出参: +// - 是否相同。 +func EqualCertificates(a, b *x509.Certificate) bool { + if a == nil || b == nil { + return false + } + + return a.Equal(b) +} + +// 与 [EqualCertificates] 方法类似,但入参是 PEM 编码的证书字符串。 +// +// 入参: +// - a: 待比较的第一个证书 PEM 内容。 +// - b: 待比较的第二个证书 PEM 内容。 +// +// 出参: +// - 是否相同。 +func EqualCertificatesFromPEM(a, b string) bool { + aCert, _ := ParseCertificateFromPEM(a) + bCert, _ := ParseCertificateFromPEM(b) + return EqualCertificates(aCert, bCert) +} diff --git a/pkg/utils/cert/extractor.go b/pkg/utils/cert/extractor.go index b9e4607f..70adcfbc 100644 --- a/pkg/utils/cert/extractor.go +++ b/pkg/utils/cert/extractor.go @@ -16,7 +16,7 @@ import ( // - intermediaCertPEM: 中间证书的 PEM 内容。 // - err: 错误。 func ExtractCertificatesFromPEM(certPEM string) (_serverCertPEM string, _intermediaCertPEM string, _err error) { - blocks := decodePEM([]byte(certPEM)) + blocks := decodePEMBlocks([]byte(certPEM)) for i, block := range blocks { if block.Type != "CERTIFICATE" { return "", "", fmt.Errorf("invalid PEM block type at %d, expected 'CERTIFICATE', got '%s'", i, block.Type) diff --git a/pkg/utils/cert/transformer.go b/pkg/utils/cert/transformer.go index 690ae19f..d75f0880 100644 --- a/pkg/utils/cert/transformer.go +++ b/pkg/utils/cert/transformer.go @@ -22,7 +22,7 @@ import ( // - data: PFX 格式的证书数据。 // - err: 错误。 func TransformCertificateFromPEMToPFX(certPEM string, privkeyPEM string, pfxPassword string) ([]byte, error) { - blocks := decodePEM([]byte(certPEM)) + blocks := decodePEMBlocks([]byte(certPEM)) certs := make([]*x509.Certificate, 0, len(blocks)) for i, block := range blocks { @@ -67,12 +67,12 @@ func TransformCertificateFromPEMToPFX(certPEM string, privkeyPEM string, pfxPass // - data: JKS 格式的证书数据。 // - err: 错误。 func TransformCertificateFromPEMToJKS(certPEM string, privkeyPEM string, jksAlias string, jksKeypass string, jksStorepass string) ([]byte, error) { - certBlocks := decodePEM([]byte(certPEM)) + certBlocks := decodePEMBlocks([]byte(certPEM)) if len(certBlocks) == 0 { return nil, errors.New("failed to decode certificate PEM") } - privkeyBlocks := decodePEM([]byte(privkeyPEM)) + privkeyBlocks := decodePEMBlocks([]byte(privkeyPEM)) if len(privkeyBlocks) == 0 { return nil, errors.New("failed to decode private key PEM") } From 1ae61549a15c48bca403e9560b216aa56f4683ca Mon Sep 17 00:00:00 2001 From: Fu Diwei Date: Thu, 30 Oct 2025 20:18:14 +0800 Subject: [PATCH 06/10] refactor: reimplement dingtalkbot notifier, drop thrird-party deps --- .../providers/dingtalkbot/dingtalkbot.go | 72 +++++++++++++++---- 1 file changed, 59 insertions(+), 13 deletions(-) diff --git a/pkg/core/notifier/providers/dingtalkbot/dingtalkbot.go b/pkg/core/notifier/providers/dingtalkbot/dingtalkbot.go index 7cdbfc49..081251a6 100644 --- a/pkg/core/notifier/providers/dingtalkbot/dingtalkbot.go +++ b/pkg/core/notifier/providers/dingtalkbot/dingtalkbot.go @@ -2,12 +2,18 @@ package dingtalkbot import ( "context" + "crypto/hmac" + "crypto/sha256" + "encoding/base64" + "encoding/json" "errors" "fmt" "log/slog" + "net/http" "net/url" + "time" - "github.com/blinkbean/dingtalk" + "github.com/go-resty/resty/v2" "github.com/certimate-go/certimate/pkg/core" ) @@ -20,8 +26,9 @@ type NotifierProviderConfig struct { } type NotifierProvider struct { - config *NotifierProviderConfig - logger *slog.Logger + config *NotifierProviderConfig + logger *slog.Logger + httpClient *resty.Client } var _ core.Notifier = (*NotifierProvider)(nil) @@ -31,9 +38,30 @@ func NewNotifierProvider(config *NotifierProviderConfig) (*NotifierProvider, err return nil, errors.New("the configuration of the notifier provider is nil") } + client := resty.New(). + SetHeader("Content-Type", "application/json"). + SetHeader("User-Agent", "certimate"). + SetPreRequestHook(func(c *resty.Client, req *http.Request) error { + if config.Secret != "" { + timestamp := fmt.Sprintf("%d", time.Now().UnixMilli()) + + h := hmac.New(sha256.New, []byte(config.Secret)) + h.Write([]byte(fmt.Sprintf("%s\n%s", timestamp, config.Secret))) + sign := base64.StdEncoding.EncodeToString(h.Sum(nil)) + + qs := req.URL.Query() + qs.Set("timestamp", timestamp) + qs.Set("sign", sign) + req.URL.RawQuery = qs.Encode() + } + + return nil + }) + return &NotifierProvider{ - config: config, - logger: slog.Default(), + config: config, + logger: slog.Default(), + httpClient: client, }, nil } @@ -49,17 +77,35 @@ func (n *NotifierProvider) Notify(ctx context.Context, subject string, message s webhookUrl, err := url.Parse(n.config.WebhookUrl) if err != nil { return nil, fmt.Errorf("dingtalk api error: invalid webhook url: %w", err) - } - - var bot *dingtalk.DingTalk - if n.config.Secret == "" { - bot = dingtalk.InitDingTalk([]string{webhookUrl.Query().Get("access_token")}, "") } else { - bot = dingtalk.InitDingTalkWithSecret(webhookUrl.Query().Get("access_token"), n.config.Secret) + const hostname = "oapi.dingtalk.com" + if webhookUrl.Hostname() != hostname { + n.logger.Warn(fmt.Sprintf("the webhook url hostname is not '%s', please make sure it is correct", hostname)) + } } - if err := bot.SendTextMessage(subject + "\n" + message); err != nil { - return nil, fmt.Errorf("dingtalk api error: %w", err) + // REF: https://open.dingtalk.com/document/development/custom-robots-send-group-messages + var result struct { + ErrorCode int `json:"errcode"` + ErrorMessage string `json:"errmsg"` + } + req := n.httpClient.R(). + SetContext(ctx). + SetBody(map[string]any{ + "msgtype": "text", + "text": map[string]string{ + "content": subject + "\n\n" + message, + }, + }) + resp, err := req.Post(webhookUrl.String()) + if err != nil { + return nil, fmt.Errorf("dingtalk api error: failed to send request: %w", err) + } else if resp.IsError() { + return nil, fmt.Errorf("dingtalk api error: unexpected status code: %d, resp: %s", resp.StatusCode(), resp.String()) + } else if err := json.Unmarshal(resp.Body(), &result); err != nil { + return nil, fmt.Errorf("dingtalk api error: failed to unmarshal response: %w", err) + } else if result.ErrorCode != 0 { + return nil, fmt.Errorf("dingtalk api error: errcode='%d', errmsg='%s'", result.ErrorCode, result.ErrorMessage) } return &core.NotifyResult{}, nil From ecb2da4fe01d1f1d41848d5e3e420fafd215954c Mon Sep 17 00:00:00 2001 From: Fu Diwei Date: Thu, 30 Oct 2025 20:18:15 +0800 Subject: [PATCH 07/10] refactor: reimplement larkbot notifier, drop thrird-party deps --- .../notifier/providers/larkbot/larkbot.go | 61 ++++++++++++++----- 1 file changed, 46 insertions(+), 15 deletions(-) diff --git a/pkg/core/notifier/providers/larkbot/larkbot.go b/pkg/core/notifier/providers/larkbot/larkbot.go index 96a570d2..c297cf5c 100644 --- a/pkg/core/notifier/providers/larkbot/larkbot.go +++ b/pkg/core/notifier/providers/larkbot/larkbot.go @@ -2,11 +2,13 @@ package larkbot import ( "context" + "encoding/json" "errors" "fmt" "log/slog" + "net/url" - "github.com/go-lark/lark" + "github.com/go-resty/resty/v2" "github.com/certimate-go/certimate/pkg/core" ) @@ -17,8 +19,9 @@ type NotifierProviderConfig struct { } type NotifierProvider struct { - config *NotifierProviderConfig - logger *slog.Logger + config *NotifierProviderConfig + logger *slog.Logger + httpClient *resty.Client } var _ core.Notifier = (*NotifierProvider)(nil) @@ -28,9 +31,14 @@ func NewNotifierProvider(config *NotifierProviderConfig) (*NotifierProvider, err return nil, errors.New("the configuration of the notifier provider is nil") } + client := resty.New(). + SetHeader("Content-Type", "application/json"). + SetHeader("User-Agent", "certimate") + return &NotifierProvider{ - config: config, - logger: slog.Default(), + config: config, + logger: slog.Default(), + httpClient: client, }, nil } @@ -43,17 +51,40 @@ func (n *NotifierProvider) SetLogger(logger *slog.Logger) { } func (n *NotifierProvider) Notify(ctx context.Context, subject string, message string) (*core.NotifyResult, error) { - bot := lark.NewNotificationBot(n.config.WebhookUrl) - content := lark.NewPostBuilder(). - Title(subject). - TextTag(message, 1, false). - Render() - msg := lark.NewMsgBuffer(lark.MsgPost).Post(content) - resp, err := bot.PostNotificationV2(msg.Build()) + webhookUrl, err := url.Parse(n.config.WebhookUrl) if err != nil { - return nil, fmt.Errorf("lark api error: %w", err) - } else if resp.Code != 0 { - return nil, fmt.Errorf("lark api error: code='%d', message='%s'", resp.Code, resp.Msg) + return nil, fmt.Errorf("lark api error: invalid webhook url: %w", err) + } else { + const hostname = "open.larksuite.com" + const hostname_cn = "open.feishu.cn" + if webhookUrl.Hostname() != hostname && webhookUrl.Hostname() != hostname_cn { + n.logger.Warn(fmt.Sprintf("the webhook url hostname is not '%s' or '%s', please make sure it is correct", hostname, hostname_cn)) + } + } + + // REF: https://open.feishu.cn/document/client-docs/bot-v3/add-custom-bot + // REF: https://open.larksuite.com/document/client-docs/bot-v3/add-custom-bot + var result struct { + Code int `json:"code"` + Message string `json:"msg"` + } + req := n.httpClient.R(). + SetContext(ctx). + SetBody(map[string]any{ + "msg_type": "text", + "content": map[string]string{ + "text": subject + "\n\n" + message, + }, + }) + resp, err := req.Post(webhookUrl.String()) + if err != nil { + return nil, fmt.Errorf("lark api error: failed to send request: %w", err) + } else if resp.IsError() { + return nil, fmt.Errorf("lark api error: unexpected status code: %d, resp: %s", resp.StatusCode(), resp.String()) + } else if err := json.Unmarshal(resp.Body(), &result); err != nil { + return nil, fmt.Errorf("lark api error: failed to unmarshal response: %w", err) + } else if result.Code != 0 { + return nil, fmt.Errorf("lark api error: code='%d', msg='%s'", result.Code, result.Message) } return &core.NotifyResult{}, nil From 091c3db5205b029d348d8f4ef6aa015f98e1699d Mon Sep 17 00:00:00 2001 From: Fu Diwei Date: Thu, 30 Oct 2025 20:18:15 +0800 Subject: [PATCH 08/10] refactor: remove unused code --- go.mod | 2 - go.sum | 6 -- pkg/core/notifier/providers/bark/bark.go | 76 ------------------ pkg/core/notifier/providers/bark/bark_test.go | 64 --------------- .../providers/discordbot/discordbot.go | 8 +- pkg/core/notifier/providers/gotify/gotify.go | 76 ------------------ .../notifier/providers/gotify/gotify_test.go | 68 ---------------- .../providers/mattermost/mattermost.go | 8 +- .../notifier/providers/pushover/pushover.go | 71 ----------------- .../providers/pushover/pushover_test.go | 62 --------------- .../notifier/providers/pushplus/pushplus.go | 79 ------------------- .../providers/pushplus/pushplus_test.go | 56 ------------- .../providers/serverchan/serverchan.go | 67 ---------------- .../providers/serverchan/serverchan_test.go | 57 ------------- .../notifier/providers/slackbot/slackbot.go | 8 +- .../providers/telegrambot/telegrambot.go | 6 +- .../notifier/providers/wecombot/wecombot.go | 28 ++++++- .../providers/wangsu-cdnpro/wangsu_cdnpro.go | 6 +- 18 files changed, 41 insertions(+), 707 deletions(-) delete mode 100644 pkg/core/notifier/providers/bark/bark.go delete mode 100644 pkg/core/notifier/providers/bark/bark_test.go delete mode 100644 pkg/core/notifier/providers/gotify/gotify.go delete mode 100644 pkg/core/notifier/providers/gotify/gotify_test.go delete mode 100644 pkg/core/notifier/providers/pushover/pushover.go delete mode 100644 pkg/core/notifier/providers/pushover/pushover_test.go delete mode 100644 pkg/core/notifier/providers/pushplus/pushplus.go delete mode 100644 pkg/core/notifier/providers/pushplus/pushplus_test.go delete mode 100644 pkg/core/notifier/providers/serverchan/serverchan.go delete mode 100644 pkg/core/notifier/providers/serverchan/serverchan_test.go diff --git a/go.mod b/go.mod index 1e0fdaae..7318e37c 100644 --- a/go.mod +++ b/go.mod @@ -31,11 +31,9 @@ require ( github.com/aws/aws-sdk-go-v2/service/cloudfront v1.55.2 github.com/aws/aws-sdk-go-v2/service/iam v1.49.0 github.com/baidubce/bce-sdk-go v0.9.250 - github.com/blinkbean/dingtalk v1.1.3 github.com/byteplus-sdk/byteplus-sdk-golang v1.0.58 github.com/go-acme/lego/v4 v4.27.0 github.com/go-cmd/cmd v1.4.3 - github.com/go-lark/lark v1.16.0 github.com/go-resty/resty/v2 v2.16.5 github.com/go-viper/mapstructure/v2 v2.4.0 github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.172 diff --git a/go.sum b/go.sum index a02ce544..902855f0 100644 --- a/go.sum +++ b/go.sum @@ -261,8 +261,6 @@ github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= -github.com/blinkbean/dingtalk v1.1.3 h1:MbidFZYom7DTFHD/YIs+eaI7kRy52kmWE/sy0xjo6E4= -github.com/blinkbean/dingtalk v1.1.3/go.mod h1:9BaLuGSBqY3vT5hstValh48DbsKO7vaHaJnG9pXwbto= github.com/buger/goterm v1.0.4 h1:Z9YvGmOih81P0FbVtEYTFF6YsSgxSUKEhf/f9bTMXbY= github.com/buger/goterm v1.0.4/go.mod h1:HiFWV3xnkolgrBV3mY8m0X0Pumt4zg4QhbdOzQtB8tE= github.com/byteplus-sdk/byteplus-sdk-golang v1.0.58 h1:i+HIFn/0FdSAMxsbcGMy8ScJpwdWN60g8gGozILRtHA= @@ -369,8 +367,6 @@ github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2 github.com/go-kit/kit v0.12.0/go.mod h1:lHd+EkCZPIwYItmGDDRdhinkzX2A1sj+M9biaEaizzs= github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= github.com/go-kit/log v0.2.0/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0= -github.com/go-lark/lark v1.16.0 h1:U6BwkLM9wrZedSM7cIiMofganr8PCvJN+M75w2lf2Gg= -github.com/go-lark/lark v1.16.0/go.mod h1:6ltbSztPZRT6IaO9ZIQyVaY5pVp/KeMizDYtfZkU+vM= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= @@ -576,8 +572,6 @@ github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9Y github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= -github.com/joho/godotenv v1.3.0 h1:Zjp+RcGpHhGlrMbJzXTrZZPrWj+1vfm90La1wgB6Bhc= -github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= diff --git a/pkg/core/notifier/providers/bark/bark.go b/pkg/core/notifier/providers/bark/bark.go deleted file mode 100644 index 0378bd90..00000000 --- a/pkg/core/notifier/providers/bark/bark.go +++ /dev/null @@ -1,76 +0,0 @@ -package bark - -import ( - "context" - "errors" - "fmt" - "log/slog" - - "github.com/go-resty/resty/v2" - - "github.com/certimate-go/certimate/pkg/core" -) - -type NotifierProviderConfig struct { - // Bark 服务地址。 - // 零值时使用官方服务器。 - ServerUrl string `json:"serverUrl"` - // Bark 设备密钥。 - DeviceKey string `json:"deviceKey"` -} - -type NotifierProvider struct { - config *NotifierProviderConfig - logger *slog.Logger - httpClient *resty.Client -} - -var _ core.Notifier = (*NotifierProvider)(nil) - -func NewNotifierProvider(config *NotifierProviderConfig) (*NotifierProvider, error) { - if config == nil { - return nil, errors.New("the configuration of the notifier provider is nil") - } - - client := resty.New() - - return &NotifierProvider{ - config: config, - logger: slog.Default(), - httpClient: client, - }, nil -} - -func (n *NotifierProvider) SetLogger(logger *slog.Logger) { - if logger == nil { - n.logger = slog.New(slog.DiscardHandler) - } else { - n.logger = logger - } -} - -func (n *NotifierProvider) Notify(ctx context.Context, subject string, message string) (*core.NotifyResult, error) { - const defaultServerURL = "https://api.day.app/" - serverUrl := defaultServerURL - if n.config.ServerUrl != "" { - serverUrl = n.config.ServerUrl - } - - // REF: https://bark.day.app/#/tutorial - req := n.httpClient.R(). - SetContext(ctx). - SetHeader("Content-Type", "application/json"). - SetBody(map[string]any{ - "title": subject, - "body": message, - "device_key": n.config.DeviceKey, - }) - resp, err := req.Post(serverUrl) - if err != nil { - return nil, fmt.Errorf("bark api error: failed to send request: %w", err) - } else if resp.IsError() { - return nil, fmt.Errorf("bark api error: unexpected status code: %d, resp: %s", resp.StatusCode(), resp.String()) - } - - return &core.NotifyResult{}, nil -} diff --git a/pkg/core/notifier/providers/bark/bark_test.go b/pkg/core/notifier/providers/bark/bark_test.go deleted file mode 100644 index 6a1bc7cd..00000000 --- a/pkg/core/notifier/providers/bark/bark_test.go +++ /dev/null @@ -1,64 +0,0 @@ -package bark_test - -import ( - "context" - "flag" - "fmt" - "strings" - "testing" - - provider "github.com/certimate-go/certimate/pkg/core/notifier/providers/bark" -) - -const ( - mockSubject = "test_subject" - mockMessage = "test_message" -) - -var ( - fServerUrl string - fDeviceKey string -) - -func init() { - argsPrefix := "CERTIMATE_NOTIFIER_BARK_" - - flag.StringVar(&fServerUrl, argsPrefix+"SERVERURL", "", "") - flag.StringVar(&fDeviceKey, argsPrefix+"DEVICEKEY", "", "") -} - -/* -Shell command to run this test: - - go test -v ./bark_test.go -args \ - --CERTIMATE_NOTIFIER_BARK_SERVERURL="https://example.com/your-server-url" \ - --CERTIMATE_NOTIFIER_BARK_DEVICEKEY="your-device-key" -*/ -func TestNotify(t *testing.T) { - flag.Parse() - - t.Run("Notify", func(t *testing.T) { - t.Log(strings.Join([]string{ - "args:", - fmt.Sprintf("SERVERURL: %v", fServerUrl), - fmt.Sprintf("DEVICEKEY: %v", fDeviceKey), - }, "\n")) - - notifier, err := provider.NewNotifierProvider(&provider.NotifierProviderConfig{ - ServerUrl: fServerUrl, - DeviceKey: fDeviceKey, - }) - if err != nil { - t.Errorf("err: %+v", err) - return - } - - res, err := notifier.Notify(context.Background(), mockSubject, mockMessage) - if err != nil { - t.Errorf("err: %+v", err) - return - } - - t.Logf("ok: %v", res) - }) -} diff --git a/pkg/core/notifier/providers/discordbot/discordbot.go b/pkg/core/notifier/providers/discordbot/discordbot.go index 6d5ec9fc..2dc27aa7 100644 --- a/pkg/core/notifier/providers/discordbot/discordbot.go +++ b/pkg/core/notifier/providers/discordbot/discordbot.go @@ -31,7 +31,10 @@ func NewNotifierProvider(config *NotifierProviderConfig) (*NotifierProvider, err return nil, errors.New("the configuration of the notifier provider is nil") } - client := resty.New() + client := resty.New(). + SetHeader("Authorization", fmt.Sprintf("Bot %s", config.BotToken)). + SetHeader("Content-Type", "application/json"). + SetHeader("User-Agent", "certimate") return &NotifierProvider{ config: config, @@ -52,9 +55,6 @@ func (n *NotifierProvider) Notify(ctx context.Context, subject string, message s // REF: https://discord.com/developers/docs/resources/message#create-message req := n.httpClient.R(). SetContext(ctx). - SetHeader("Authorization", "Bot "+n.config.BotToken). - SetHeader("Content-Type", "application/json"). - SetHeader("User-Agent", "certimate"). SetBody(map[string]any{ "content": subject + "\n" + message, }) diff --git a/pkg/core/notifier/providers/gotify/gotify.go b/pkg/core/notifier/providers/gotify/gotify.go deleted file mode 100644 index 97d69ba9..00000000 --- a/pkg/core/notifier/providers/gotify/gotify.go +++ /dev/null @@ -1,76 +0,0 @@ -package gotify - -import ( - "context" - "errors" - "fmt" - "log/slog" - "strings" - - "github.com/go-resty/resty/v2" - - "github.com/certimate-go/certimate/pkg/core" -) - -type NotifierProviderConfig struct { - // Gotify 服务地址。 - ServerUrl string `json:"serverUrl"` - // Gotify Token。 - Token string `json:"token"` - // Gotify 消息优先级。 - Priority int64 `json:"priority,omitempty"` -} - -type NotifierProvider struct { - config *NotifierProviderConfig - logger *slog.Logger - httpClient *resty.Client -} - -var _ core.Notifier = (*NotifierProvider)(nil) - -func NewNotifierProvider(config *NotifierProviderConfig) (*NotifierProvider, error) { - if config == nil { - return nil, errors.New("the configuration of the notifier provider is nil") - } - - client := resty.New() - - return &NotifierProvider{ - config: config, - logger: slog.Default(), - httpClient: client, - }, nil -} - -func (n *NotifierProvider) SetLogger(logger *slog.Logger) { - if logger == nil { - n.logger = slog.New(slog.DiscardHandler) - } else { - n.logger = logger - } -} - -func (n *NotifierProvider) Notify(ctx context.Context, subject string, message string) (*core.NotifyResult, error) { - serverUrl := strings.TrimRight(n.config.ServerUrl, "/") - - // REF: https://gotify.net/api-docs#/message/createMessage - req := n.httpClient.R(). - SetContext(ctx). - SetHeader("Authorization", "Bearer "+n.config.Token). - SetHeader("Content-Type", "application/json"). - SetHeader("User-Agent", "certimate"). - SetBody(map[string]any{ - "title": subject, - "message": message, - "priority": n.config.Priority, - }) - resp, err := req.Post(fmt.Sprintf("%s/message", serverUrl)) - if err != nil { - return nil, fmt.Errorf("gotify api error: failed to send request: %w", err) - } else if resp.IsError() { - return nil, fmt.Errorf("gotify api error: unexpected status code: %d, resp: %s", resp.StatusCode(), resp.String()) - } - - return &core.NotifyResult{}, nil -} diff --git a/pkg/core/notifier/providers/gotify/gotify_test.go b/pkg/core/notifier/providers/gotify/gotify_test.go deleted file mode 100644 index a96142b2..00000000 --- a/pkg/core/notifier/providers/gotify/gotify_test.go +++ /dev/null @@ -1,68 +0,0 @@ -package gotify_test - -import ( - "context" - "flag" - "fmt" - "strings" - "testing" - - provider "github.com/certimate-go/certimate/pkg/core/notifier/providers/gotify" -) - -const ( - mockSubject = "test_subject" - mockMessage = "test_message" -) - -var ( - fUrl string - fToken string - fPriority int64 -) - -func init() { - argsPrefix := "CERTIMATE_NOTIFIER_GOTIFY_" - flag.StringVar(&fUrl, argsPrefix+"URL", "", "") - flag.StringVar(&fToken, argsPrefix+"TOKEN", "", "") - flag.Int64Var(&fPriority, argsPrefix+"PRIORITY", 0, "") -} - -/* -Shell command to run this test: - - go test -v ./gotify_test.go -args \ - --CERTIMATE_NOTIFIER_GOTIFY_URL="https://example.com" \ - --CERTIMATE_NOTIFIER_GOTIFY_TOKEN="your-gotify-application-token" \ - --CERTIMATE_NOTIFIER_GOTIFY_PRIORITY="your-message-priority" -*/ -func TestNotify(t *testing.T) { - flag.Parse() - - t.Run("Notify", func(t *testing.T) { - t.Log(strings.Join([]string{ - "args:", - fmt.Sprintf("URL: %v", fUrl), - fmt.Sprintf("TOKEN: %v", fToken), - fmt.Sprintf("PRIORITY: %d", fPriority), - }, "\n")) - - notifier, err := provider.NewNotifierProvider(&provider.NotifierProviderConfig{ - ServerUrl: fUrl, - Token: fToken, - Priority: fPriority, - }) - if err != nil { - t.Errorf("err: %+v", err) - return - } - - res, err := notifier.Notify(context.Background(), mockSubject, mockMessage) - if err != nil { - t.Errorf("err: %+v", err) - return - } - - t.Logf("ok: %v", res) - }) -} diff --git a/pkg/core/notifier/providers/mattermost/mattermost.go b/pkg/core/notifier/providers/mattermost/mattermost.go index c936306c..7dcde754 100644 --- a/pkg/core/notifier/providers/mattermost/mattermost.go +++ b/pkg/core/notifier/providers/mattermost/mattermost.go @@ -36,7 +36,9 @@ func NewNotifierProvider(config *NotifierProviderConfig) (*NotifierProvider, err return nil, errors.New("the configuration of the notifier provider is nil") } - client := resty.New() + client := resty.New(). + SetHeader("Content-Type", "application/json"). + SetHeader("User-Agent", "certimate") return &NotifierProvider{ config: config, @@ -59,8 +61,6 @@ func (n *NotifierProvider) Notify(ctx context.Context, subject string, message s // REF: https://developers.mattermost.com/api-documentation/#/operations/Login loginReq := n.httpClient.R(). SetContext(ctx). - SetHeader("Content-Type", "application/json"). - SetHeader("User-Agent", "certimate"). SetBody(map[string]any{ "login_id": n.config.Username, "password": n.config.Password, @@ -78,8 +78,6 @@ func (n *NotifierProvider) Notify(ctx context.Context, subject string, message s postReq := n.httpClient.R(). SetContext(ctx). SetHeader("Authorization", "Bearer "+loginResp.Header().Get("Token")). - SetHeader("Content-Type", "application/json"). - SetHeader("User-Agent", "certimate"). SetBody(map[string]any{ "channel_id": n.config.ChannelId, "props": map[string]interface{}{ diff --git a/pkg/core/notifier/providers/pushover/pushover.go b/pkg/core/notifier/providers/pushover/pushover.go deleted file mode 100644 index 5eea6375..00000000 --- a/pkg/core/notifier/providers/pushover/pushover.go +++ /dev/null @@ -1,71 +0,0 @@ -package pushover - -import ( - "context" - "errors" - "fmt" - "log/slog" - - "github.com/go-resty/resty/v2" - - "github.com/certimate-go/certimate/pkg/core" -) - -type NotifierProviderConfig struct { - // Pushover API Token。 - Token string `json:"token"` - // 用户或分组标识。 - User string `json:"user"` -} - -type NotifierProvider struct { - config *NotifierProviderConfig - logger *slog.Logger - httpClient *resty.Client -} - -var _ core.Notifier = (*NotifierProvider)(nil) - -func NewNotifierProvider(config *NotifierProviderConfig) (*NotifierProvider, error) { - if config == nil { - return nil, errors.New("the configuration of the notifier provider is nil") - } - - client := resty.New() - - return &NotifierProvider{ - config: config, - logger: slog.Default(), - httpClient: client, - }, nil -} - -func (n *NotifierProvider) SetLogger(logger *slog.Logger) { - if logger == nil { - n.logger = slog.New(slog.DiscardHandler) - } else { - n.logger = logger - } -} - -func (n *NotifierProvider) Notify(ctx context.Context, subject string, message string) (*core.NotifyResult, error) { - // REF: https://pushover.net/api - req := n.httpClient.R(). - SetContext(ctx). - SetHeader("Content-Type", "application/json"). - SetHeader("User-Agent", "certimate"). - SetBody(map[string]any{ - "title": subject, - "message": message, - "token": n.config.Token, - "user": n.config.User, - }) - resp, err := req.Post("https://api.pushover.net/1/messages.json") - if err != nil { - return nil, fmt.Errorf("pushover api error: failed to send request: %w", err) - } else if resp.IsError() { - return nil, fmt.Errorf("pushover api error: unexpected status code: %d, resp: %s", resp.StatusCode(), resp.String()) - } - - return &core.NotifyResult{}, nil -} diff --git a/pkg/core/notifier/providers/pushover/pushover_test.go b/pkg/core/notifier/providers/pushover/pushover_test.go deleted file mode 100644 index 25d4288b..00000000 --- a/pkg/core/notifier/providers/pushover/pushover_test.go +++ /dev/null @@ -1,62 +0,0 @@ -package pushover_test - -import ( - "context" - "flag" - "fmt" - "strings" - "testing" - - provider "github.com/certimate-go/certimate/pkg/core/notifier/providers/pushover" -) - -const ( - mockSubject = "test_subject" - mockMessage = "test_message" -) - -var ( - fToken string - fUser string -) - -func init() { - argsPrefix := "CERTIMATE_NOTIFIER_PUSHOVER_" - flag.StringVar(&fToken, argsPrefix+"TOKEN", "", "") - flag.StringVar(&fUser, argsPrefix+"USER", "", "") -} - -/* -Shell command to run this test: - - go test -v ./pushover_test.go -args \ - --CERTIMATE_NOTIFIER_PUSHOVER_TOKEN="your-pushover-token" \ - --CERTIMATE_NOTIFIER_PUSHOVER_USER="your-pushover-user" \ -*/ -func TestNotify(t *testing.T) { - flag.Parse() - - t.Run("Notify", func(t *testing.T) { - t.Log(strings.Join([]string{ - "args:", - fmt.Sprintf("TOKEN: %v", fToken), - }, "\n")) - - notifier, err := provider.NewNotifierProvider(&provider.NotifierProviderConfig{ - Token: fToken, - User: fUser, - }) - if err != nil { - t.Errorf("err: %+v", err) - return - } - - res, err := notifier.Notify(context.Background(), mockSubject, mockMessage) - if err != nil { - t.Errorf("err: %+v", err) - return - } - - t.Logf("ok: %v", res) - }) -} diff --git a/pkg/core/notifier/providers/pushplus/pushplus.go b/pkg/core/notifier/providers/pushplus/pushplus.go deleted file mode 100644 index 559603f7..00000000 --- a/pkg/core/notifier/providers/pushplus/pushplus.go +++ /dev/null @@ -1,79 +0,0 @@ -package pushplus - -import ( - "context" - "encoding/json" - "errors" - "fmt" - "log/slog" - - "github.com/go-resty/resty/v2" - - "github.com/certimate-go/certimate/pkg/core" -) - -type NotifierProviderConfig struct { - // PushPlus Token。 - Token string `json:"token"` -} - -type NotifierProvider struct { - config *NotifierProviderConfig - logger *slog.Logger - httpClient *resty.Client -} - -var _ core.Notifier = (*NotifierProvider)(nil) - -func NewNotifierProvider(config *NotifierProviderConfig) (*NotifierProvider, error) { - if config == nil { - return nil, errors.New("the configuration of the notifier provider is nil") - } - - client := resty.New() - - return &NotifierProvider{ - config: config, - logger: slog.Default(), - httpClient: client, - }, nil -} - -func (n *NotifierProvider) SetLogger(logger *slog.Logger) { - if logger == nil { - n.logger = slog.New(slog.DiscardHandler) - } else { - n.logger = logger - } -} - -func (n *NotifierProvider) Notify(ctx context.Context, subject string, message string) (*core.NotifyResult, error) { - // REF: https://pushplus.plus/doc/guide/api.html#%E4%B8%80%E3%80%81%E5%8F%91%E9%80%81%E6%B6%88%E6%81%AF%E6%8E%A5%E5%8F%A3 - req := n.httpClient.R(). - SetContext(ctx). - SetHeader("Content-Type", "application/json"). - SetHeader("User-Agent", "certimate"). - SetBody(map[string]any{ - "title": subject, - "content": message, - "token": n.config.Token, - }) - resp, err := req.Post("https://www.pushplus.plus/send") - if err != nil { - return nil, fmt.Errorf("pushplus api error: failed to send request: %w", err) - } else if resp.IsError() { - return nil, fmt.Errorf("pushplus api error: unexpected status code: %d, resp: %s", resp.StatusCode(), resp.String()) - } - - var errorResponse struct { - Code int `json:"code"` - Message string `json:"msg"` - } - if err := json.Unmarshal(resp.Body(), &errorResponse); err != nil { - return nil, fmt.Errorf("pushplus api error: failed to unmarshal response: %w", err) - } else if errorResponse.Code != 200 { - return nil, fmt.Errorf("pushplus api error: code='%d', message='%s'", errorResponse.Code, errorResponse.Message) - } - - return &core.NotifyResult{}, nil -} diff --git a/pkg/core/notifier/providers/pushplus/pushplus_test.go b/pkg/core/notifier/providers/pushplus/pushplus_test.go deleted file mode 100644 index 6fca9ccf..00000000 --- a/pkg/core/notifier/providers/pushplus/pushplus_test.go +++ /dev/null @@ -1,56 +0,0 @@ -package pushplus_test - -import ( - "context" - "flag" - "fmt" - "strings" - "testing" - - provider "github.com/certimate-go/certimate/pkg/core/notifier/providers/pushplus" -) - -const ( - mockSubject = "test_subject" - mockMessage = "test_message" -) - -var fToken string - -func init() { - argsPrefix := "CERTIMATE_NOTIFIER_PUSHPLUS_" - flag.StringVar(&fToken, argsPrefix+"TOKEN", "", "") -} - -/* -Shell command to run this test: - - go test -v ./pushplus_test.go -args \ - --CERTIMATE_NOTIFIER_PUSHPLUS_TOKEN="your-pushplus-token" \ -*/ -func TestNotify(t *testing.T) { - flag.Parse() - - t.Run("Notify", func(t *testing.T) { - t.Log(strings.Join([]string{ - "args:", - fmt.Sprintf("TOKEN: %v", fToken), - }, "\n")) - - notifier, err := provider.NewNotifierProvider(&provider.NotifierProviderConfig{ - Token: fToken, - }) - if err != nil { - t.Errorf("err: %+v", err) - return - } - - res, err := notifier.Notify(context.Background(), mockSubject, mockMessage) - if err != nil { - t.Errorf("err: %+v", err) - return - } - - t.Logf("ok: %v", res) - }) -} diff --git a/pkg/core/notifier/providers/serverchan/serverchan.go b/pkg/core/notifier/providers/serverchan/serverchan.go deleted file mode 100644 index 20f7cdd7..00000000 --- a/pkg/core/notifier/providers/serverchan/serverchan.go +++ /dev/null @@ -1,67 +0,0 @@ -package serverchan - -import ( - "context" - "errors" - "fmt" - "log/slog" - - "github.com/go-resty/resty/v2" - - "github.com/certimate-go/certimate/pkg/core" -) - -type NotifierProviderConfig struct { - // ServerChan 服务地址。 - ServerUrl string `json:"serverUrl"` -} - -type NotifierProvider struct { - config *NotifierProviderConfig - logger *slog.Logger - httpClient *resty.Client -} - -var _ core.Notifier = (*NotifierProvider)(nil) - -func NewNotifierProvider(config *NotifierProviderConfig) (*NotifierProvider, error) { - if config == nil { - return nil, errors.New("the configuration of the notifier provider is nil") - } - - client := resty.New() - - return &NotifierProvider{ - config: config, - logger: slog.Default(), - httpClient: client, - }, nil -} - -func (n *NotifierProvider) SetLogger(logger *slog.Logger) { - if logger == nil { - n.logger = slog.New(slog.DiscardHandler) - } else { - n.logger = logger - } -} - -func (n *NotifierProvider) Notify(ctx context.Context, subject string, message string) (*core.NotifyResult, error) { - // REF: https://sct.ftqq.com/ - req := n.httpClient.R(). - SetContext(ctx). - SetHeader("Content-Type", "application/json"). - SetHeader("User-Agent", "certimate"). - SetBody(map[string]any{ - "text": subject, - "desp": message, - }) - resp, err := req.Post(n.config.ServerUrl) - if err != nil { - return nil, fmt.Errorf("serverchan api error: failed to send request: %w", err) - } else if resp.IsError() { - return nil, fmt.Errorf("serverchan api error: unexpected status code: %d, resp: %s", resp.StatusCode(), resp.String()) - } - - return &core.NotifyResult{}, nil -} diff --git a/pkg/core/notifier/providers/serverchan/serverchan_test.go b/pkg/core/notifier/providers/serverchan/serverchan_test.go deleted file mode 100644 index 2ea4acaa..00000000 --- a/pkg/core/notifier/providers/serverchan/serverchan_test.go +++ /dev/null @@ -1,57 +0,0 @@ -package serverchan_test - -import ( - "context" - "flag" - "fmt" - "strings" - "testing" - - provider "github.com/certimate-go/certimate/pkg/core/notifier/providers/serverchan" -) - -const ( - mockSubject = "test_subject" - mockMessage = "test_message" -) - -var fUrl string - -func init() { - argsPrefix := "CERTIMATE_NOTIFIER_SERVERCHAN_" - - flag.StringVar(&fUrl, argsPrefix+"URL", "", "") -} - -/* -Shell command to run this test: - - go test -v ./serverchan_test.go -args \ - --CERTIMATE_NOTIFIER_SERVERCHAN_URL="https://example.com/your-webhook-url" \ -*/ -func TestNotify(t *testing.T) { - flag.Parse() - - t.Run("Notify", func(t *testing.T) { - t.Log(strings.Join([]string{ - "args:", - fmt.Sprintf("URL: %v", fUrl), - }, "\n")) - - notifier, err := provider.NewNotifierProvider(&provider.NotifierProviderConfig{ - ServerUrl: fUrl, - }) - if err != nil { - t.Errorf("err: %+v", err) - return - } - - res, err := notifier.Notify(context.Background(), mockSubject, mockMessage) - if err != nil { - t.Errorf("err: %+v", err) - return - } - - t.Logf("ok: %v", res) - }) -} diff --git a/pkg/core/notifier/providers/slackbot/slackbot.go b/pkg/core/notifier/providers/slackbot/slackbot.go index f8706cd4..a332f9fd 100644 --- a/pkg/core/notifier/providers/slackbot/slackbot.go +++ b/pkg/core/notifier/providers/slackbot/slackbot.go @@ -31,7 +31,10 @@ func NewNotifierProvider(config *NotifierProviderConfig) (*NotifierProvider, err return nil, errors.New("the configuration of the notifier provider is nil") } - client := resty.New() + client := resty.New(). + SetHeader("Authorization", fmt.Sprintf("Bearer %s", config.BotToken)). + SetHeader("Content-Type", "application/json"). + SetHeader("User-Agent", "certimate") return &NotifierProvider{ config: config, @@ -52,9 +55,6 @@ func (n *NotifierProvider) Notify(ctx context.Context, subject string, message s // REF: https://docs.slack.dev/messaging/sending-and-scheduling-messages#publishing req := n.httpClient.R(). SetContext(ctx). - SetHeader("Authorization", "Bearer "+n.config.BotToken). - SetHeader("Content-Type", "application/json"). - SetHeader("User-Agent", "certimate"). SetBody(map[string]any{ "token": n.config.BotToken, "channel": n.config.ChannelId, diff --git a/pkg/core/notifier/providers/telegrambot/telegrambot.go b/pkg/core/notifier/providers/telegrambot/telegrambot.go index a2c077eb..5b3f5083 100644 --- a/pkg/core/notifier/providers/telegrambot/telegrambot.go +++ b/pkg/core/notifier/providers/telegrambot/telegrambot.go @@ -31,7 +31,9 @@ func NewNotifierProvider(config *NotifierProviderConfig) (*NotifierProvider, err return nil, errors.New("the configuration of the notifier provider is nil") } - client := resty.New() + client := resty.New(). + SetHeader("Content-Type", "application/json"). + SetHeader("User-Agent", "certimate") return &NotifierProvider{ config: config, @@ -52,8 +54,6 @@ func (n *NotifierProvider) Notify(ctx context.Context, subject string, message s // REF: https://core.telegram.org/bots/api#sendmessage req := n.httpClient.R(). SetContext(ctx). - SetHeader("Content-Type", "application/json"). - SetHeader("User-Agent", "certimate"). SetBody(map[string]any{ "chat_id": n.config.ChatId, "text": subject + "\n" + message, diff --git a/pkg/core/notifier/providers/wecombot/wecombot.go b/pkg/core/notifier/providers/wecombot/wecombot.go index 991168b4..4aa5ce9e 100644 --- a/pkg/core/notifier/providers/wecombot/wecombot.go +++ b/pkg/core/notifier/providers/wecombot/wecombot.go @@ -2,9 +2,11 @@ package wecombot import ( "context" + "encoding/json" "errors" "fmt" "log/slog" + "net/url" "github.com/go-resty/resty/v2" @@ -29,7 +31,9 @@ func NewNotifierProvider(config *NotifierProviderConfig) (*NotifierProvider, err return nil, errors.New("the configuration of the notifier provider is nil") } - client := resty.New() + client := resty.New(). + SetHeader("Content-Type", "application/json"). + SetHeader("User-Agent", "certimate") return &NotifierProvider{ config: config, @@ -47,22 +51,38 @@ func (n *NotifierProvider) SetLogger(logger *slog.Logger) { } func (n *NotifierProvider) Notify(ctx context.Context, subject string, message string) (*core.NotifyResult, error) { + webhookUrl, err := url.Parse(n.config.WebhookUrl) + if err != nil { + return nil, fmt.Errorf("dingtalk api error: invalid webhook url: %w", err) + } else { + const hostname = "qyapi.weixin.qq.com" + if webhookUrl.Hostname() != hostname { + n.logger.Warn(fmt.Sprintf("the webhook url hostname is not '%s', please make sure it is correct", hostname)) + } + } + // REF: https://developer.work.weixin.qq.com/document/path/91770 + var result struct { + ErrorCode int `json:"errcode"` + ErrorMessage string `json:"errmsg"` + } req := n.httpClient.R(). SetContext(ctx). - SetHeader("Content-Type", "application/json"). - SetHeader("User-Agent", "certimate"). SetBody(map[string]any{ "msgtype": "text", "text": map[string]string{ "content": subject + "\n\n" + message, }, }) - resp, err := req.Post(n.config.WebhookUrl) + resp, err := req.Post(webhookUrl.String()) if err != nil { return nil, fmt.Errorf("wecom api error: failed to send request: %w", err) } else if resp.IsError() { return nil, fmt.Errorf("wecom api error: unexpected status code: %d, resp: %s", resp.StatusCode(), resp.String()) + } else if err := json.Unmarshal(resp.Body(), &result); err != nil { + return nil, fmt.Errorf("wecom api error: failed to unmarshal response: %w", err) + } else if result.ErrorCode != 0 { + return nil, fmt.Errorf("wecom api error: errcode='%d', errmsg='%s'", result.ErrorCode, result.ErrorMessage) } return &core.NotifyResult{}, nil diff --git a/pkg/core/ssl-deployer/providers/wangsu-cdnpro/wangsu_cdnpro.go b/pkg/core/ssl-deployer/providers/wangsu-cdnpro/wangsu_cdnpro.go index 7bd65129..4c06d5a4 100644 --- a/pkg/core/ssl-deployer/providers/wangsu-cdnpro/wangsu_cdnpro.go +++ b/pkg/core/ssl-deployer/providers/wangsu-cdnpro/wangsu_cdnpro.go @@ -232,9 +232,9 @@ func encryptPrivateKey(privkeyPEM string, apiKey string, timestamp int64) (strin date := time.Unix(timestamp, 0).UTC() dateStr := date.Format("Mon, 02 Jan 2006 15:04:05 GMT") - mac := hmac.New(sha256.New, []byte(apiKey)) - mac.Write([]byte(dateStr)) - aesivkey := mac.Sum(nil) + h := hmac.New(sha256.New, []byte(apiKey)) + h.Write([]byte(dateStr)) + aesivkey := h.Sum(nil) aesivkeyHex := hex.EncodeToString(aesivkey) if len(aesivkeyHex) != 64 { From ae18f64d35bcb9ba70932358f329bccf7301eb6d Mon Sep 17 00:00:00 2001 From: Fu Diwei Date: Thu, 30 Oct 2025 20:18:15 +0800 Subject: [PATCH 09/10] feat: support larkbot with secret --- internal/domain/access.go | 3 +- internal/notify/notifiers/sp_larkbot.go | 1 + .../notifier/providers/larkbot/larkbot.go | 30 +++++++++++++++---- .../providers/larkbot/larkbot_test.go | 11 +++++-- .../AccessConfigFieldsProviderDingTalkBot.tsx | 2 +- .../AccessConfigFieldsProviderLarkBot.tsx | 12 ++++++++ ui/src/i18n/locales/en/nls.access.json | 5 +++- ui/src/i18n/locales/zh/nls.access.json | 9 ++++-- 8 files changed, 59 insertions(+), 14 deletions(-) diff --git a/internal/domain/access.go b/internal/domain/access.go index 422ba921..991e55ab 100644 --- a/internal/domain/access.go +++ b/internal/domain/access.go @@ -159,7 +159,7 @@ type AccessConfigForDigitalOcean struct { type AccessConfigForDingTalkBot struct { WebhookUrl string `json:"webhookUrl"` - Secret string `json:"secret"` + Secret string `json:"secret,omitempty"` } type AccessConfigForDiscordBot struct { @@ -279,6 +279,7 @@ type AccessConfigForKubernetes struct { type AccessConfigForLarkBot struct { WebhookUrl string `json:"webhookUrl"` + Secret string `json:"secret,omitempty"` } type AccessConfigForLeCDN struct { diff --git a/internal/notify/notifiers/sp_larkbot.go b/internal/notify/notifiers/sp_larkbot.go index bce1c173..a5165d7d 100644 --- a/internal/notify/notifiers/sp_larkbot.go +++ b/internal/notify/notifiers/sp_larkbot.go @@ -18,6 +18,7 @@ func init() { provider, err := larkbot.NewNotifierProvider(&larkbot.NotifierProviderConfig{ WebhookUrl: credentials.WebhookUrl, + Secret: credentials.Secret, }) return provider, err }); err != nil { diff --git a/pkg/core/notifier/providers/larkbot/larkbot.go b/pkg/core/notifier/providers/larkbot/larkbot.go index c297cf5c..15db010d 100644 --- a/pkg/core/notifier/providers/larkbot/larkbot.go +++ b/pkg/core/notifier/providers/larkbot/larkbot.go @@ -2,11 +2,15 @@ package larkbot import ( "context" + "crypto/hmac" + "crypto/sha256" + "encoding/base64" "encoding/json" "errors" "fmt" "log/slog" "net/url" + "time" "github.com/go-resty/resty/v2" @@ -16,6 +20,8 @@ import ( type NotifierProviderConfig struct { // 飞书机器人 Webhook 地址。 WebhookUrl string `json:"webhookUrl"` + // 飞书机器人的 Secret。 + Secret string `json:"secret"` } type NotifierProvider struct { @@ -62,6 +68,23 @@ func (n *NotifierProvider) Notify(ctx context.Context, subject string, message s } } + payload := map[string]any{ + "msg_type": "text", + "content": map[string]string{ + "text": subject + "\n\n" + message, + }, + } + if n.config.Secret != "" { + timestamp := fmt.Sprintf("%d", time.Now().UnixMilli()) + + h := hmac.New(sha256.New, []byte(n.config.Secret)) + h.Write([]byte(fmt.Sprintf("%s\n%s", timestamp, n.config.Secret))) + sign := base64.StdEncoding.EncodeToString(h.Sum(nil)) + + payload["timestamp"] = timestamp + payload["sign"] = sign + } + // REF: https://open.feishu.cn/document/client-docs/bot-v3/add-custom-bot // REF: https://open.larksuite.com/document/client-docs/bot-v3/add-custom-bot var result struct { @@ -70,12 +93,7 @@ func (n *NotifierProvider) Notify(ctx context.Context, subject string, message s } req := n.httpClient.R(). SetContext(ctx). - SetBody(map[string]any{ - "msg_type": "text", - "content": map[string]string{ - "text": subject + "\n\n" + message, - }, - }) + SetBody(payload) resp, err := req.Post(webhookUrl.String()) if err != nil { return nil, fmt.Errorf("lark api error: failed to send request: %w", err) diff --git a/pkg/core/notifier/providers/larkbot/larkbot_test.go b/pkg/core/notifier/providers/larkbot/larkbot_test.go index 8fd73bb8..b88c98b3 100644 --- a/pkg/core/notifier/providers/larkbot/larkbot_test.go +++ b/pkg/core/notifier/providers/larkbot/larkbot_test.go @@ -15,19 +15,24 @@ const ( mockMessage = "test_message" ) -var fWebhookUrl string +var ( + fWebhookUrl string + fSecret string +) func init() { argsPrefix := "CERTIMATE_NOTIFIER_LARKBOT_" flag.StringVar(&fWebhookUrl, argsPrefix+"WEBHOOKURL", "", "") + flag.StringVar(&fSecret, argsPrefix+"SECRET", "", "") } /* Shell command to run this test: go test -v ./larkbot_test.go -args \ - --CERTIMATE_NOTIFIER_LARKBOT_WEBHOOKURL="https://example.com/your-webhook-url" + --CERTIMATE_NOTIFIER_LARKBOT_WEBHOOKURL="https://example.com/your-webhook-url" \ + --CERTIMATE_NOTIFIER_LARKBOT_SECRET="your-secret" */ func TestNotify(t *testing.T) { flag.Parse() @@ -36,10 +41,12 @@ func TestNotify(t *testing.T) { t.Log(strings.Join([]string{ "args:", fmt.Sprintf("WEBHOOKURL: %v", fWebhookUrl), + fmt.Sprintf("SECRET: %v", fSecret), }, "\n")) notifier, err := provider.NewNotifierProvider(&provider.NotifierProviderConfig{ WebhookUrl: fWebhookUrl, + Secret: fSecret, }) if err != nil { t.Errorf("err: %+v", err) diff --git a/ui/src/components/access/forms/AccessConfigFieldsProviderDingTalkBot.tsx b/ui/src/components/access/forms/AccessConfigFieldsProviderDingTalkBot.tsx index c9c8591d..528b3e5c 100644 --- a/ui/src/components/access/forms/AccessConfigFieldsProviderDingTalkBot.tsx +++ b/ui/src/components/access/forms/AccessConfigFieldsProviderDingTalkBot.tsx @@ -52,7 +52,7 @@ const getSchema = ({ i18n = getI18n() }: { i18n: ReturnType }) = return z.object({ webhookUrl: z.url(t("common.errmsg.url_invalid")), - secret: z.string().nonempty(t("access.form.dingtalkbot_secret.placeholder")), + secret: z.string().nullish(), }); }; diff --git a/ui/src/components/access/forms/AccessConfigFieldsProviderLarkBot.tsx b/ui/src/components/access/forms/AccessConfigFieldsProviderLarkBot.tsx index 6966a978..eacb2d8d 100644 --- a/ui/src/components/access/forms/AccessConfigFieldsProviderLarkBot.tsx +++ b/ui/src/components/access/forms/AccessConfigFieldsProviderLarkBot.tsx @@ -26,6 +26,16 @@ const AccessConfigFormFieldsProviderLarkBot = () => { > + + } + > + + ); }; @@ -33,6 +43,7 @@ const AccessConfigFormFieldsProviderLarkBot = () => { const getInitialValues = (): Nullish>> => { return { webhookUrl: "", + secret: "", }; }; @@ -41,6 +52,7 @@ const getSchema = ({ i18n = getI18n() }: { i18n: ReturnType }) = return z.object({ webhookUrl: z.url(t("common.errmsg.url_invalid")), + secret: z.string().nullish(), }); }; diff --git a/ui/src/i18n/locales/en/nls.access.json b/ui/src/i18n/locales/en/nls.access.json index a186bbcd..90cb5847 100644 --- a/ui/src/i18n/locales/en/nls.access.json +++ b/ui/src/i18n/locales/en/nls.access.json @@ -331,7 +331,10 @@ "access.form.kong_api_token.tooltip": "For more information, see https://developer.konghq.com/admin-api/", "access.form.larkbot_webhook_url.label": "Lark bot Webhook URL", "access.form.larkbot_webhook_url.placeholder": "Please enter Lark bot Webhook URL", - "access.form.larkbot_webhook_url.tooltip": "For more information, see https://www.feishu.cn/hc/en-US/articles/807992406756", + "access.form.larkbot_webhook_url.tooltip": "For more information, see https://open.larksuite.com/document/client-docs/bot-v3/add-custom-bot", + "access.form.larkbot_secret.label": "Lark bot secret", + "access.form.larkbot_secret.placeholder": "Please enter Lark bot secret", + "access.form.larkbot_secret.tooltip": "For more information, see https://open.larksuite.com/document/client-docs/bot-v3/add-custom-bot", "access.form.lecdn_server_url.label": "LeCDN server URL", "access.form.lecdn_server_url.placeholder": "Please enter LeCDN server URL", "access.form.lecdn_api_version.label": "LeCDN version", diff --git a/ui/src/i18n/locales/zh/nls.access.json b/ui/src/i18n/locales/zh/nls.access.json index 0838810f..d394d680 100644 --- a/ui/src/i18n/locales/zh/nls.access.json +++ b/ui/src/i18n/locales/zh/nls.access.json @@ -204,8 +204,8 @@ "access.form.dingtalkbot_webhook_url.label": "钉钉群机器人 Webhook 地址", "access.form.dingtalkbot_webhook_url.placeholder": "请输入钉钉群机器人 Webhook 地址", "access.form.dingtalkbot_webhook_url.tooltip": "这是什么?请参阅 https://open.dingtalk.com/document/orgapp/obtain-the-webhook-address-of-a-custom-robot", - "access.form.dingtalkbot_secret.label": "钉钉群机器人加签密钥", - "access.form.dingtalkbot_secret.placeholder": "请输入钉钉群机器人加签密钥", + "access.form.dingtalkbot_secret.label": "钉钉群机器人签名密钥(可选)", + "access.form.dingtalkbot_secret.placeholder": "请输入钉钉群机器人签名密钥", "access.form.dingtalkbot_secret.tooltip": "这是什么?请参阅 https://open.dingtalk.com/document/orgapp/customize-robot-security-settings", "access.form.discordbot_token.label": "Discord 机器人 API Token", "access.form.discordbot_token.placeholder": "请输入 Discord 机器人 API Token", @@ -330,7 +330,10 @@ "access.form.kong_api_token.tooltip": "这是什么?请参阅 https://developer.konghq.com/admin-api/", "access.form.larkbot_webhook_url.label": "飞书群机器人 Webhook 地址", "access.form.larkbot_webhook_url.placeholder": "请输入飞书群机器人 Webhook 地址", - "access.form.larkbot_webhook_url.tooltip": "这是什么?请参阅 https://www.feishu.cn/hc/zh-CN/articles/807992406756", + "access.form.larkbot_webhook_url.tooltip": "这是什么?请参阅 https://open.feishu.cn/document/client-docs/bot-v3/add-custom-bot", + "access.form.larkbot_secret.label": "飞书群机器人签名密钥(可选)", + "access.form.larkbot_secret.placeholder": "请输入飞书群机器人签名密钥", + "access.form.larkbot_secret.tooltip": "这是什么?请参阅 https://open.feishu.cn/document/client-docs/bot-v3/add-custom-bot", "access.form.lecdn_server_url.label": "LeCDN 服务地址", "access.form.lecdn_server_url.placeholder": "请输入 LeCDN 服务地址", "access.form.lecdn_api_version.label": "LeCDN 版本", From 08c3a5600613aa6cc156679d83d82cad1dd1e6da Mon Sep 17 00:00:00 2001 From: Fu Diwei Date: Thu, 30 Oct 2025 20:18:15 +0800 Subject: [PATCH 10/10] refactor: clean code --- .../certdeploy/deployers/sp_1panel_site.go | 2 +- .../certdeploy/deployers/sp_aliyun_alb.go | 2 +- .../certdeploy/deployers/sp_aliyun_apigw.go | 2 +- .../certdeploy/deployers/sp_aliyun_clb.go | 2 +- internal/certdeploy/deployers/sp_aliyun_ga.go | 2 +- .../certdeploy/deployers/sp_aliyun_nlb.go | 2 +- internal/certdeploy/deployers/sp_apisix.go | 2 +- .../deployers/sp_baiducloud_appblb.go | 2 +- .../certdeploy/deployers/sp_baiducloud_blb.go | 2 +- internal/certdeploy/deployers/sp_cdnfly.go | 2 +- .../certdeploy/deployers/sp_ctcccloud_elb.go | 2 +- internal/certdeploy/deployers/sp_flexcdn.go | 2 +- internal/certdeploy/deployers/sp_goedge.go | 2 +- .../deployers/sp_huaweicloud_elb.go | 2 +- .../deployers/sp_huaweicloud_waf.go | 2 +- .../certdeploy/deployers/sp_jdcloud_alb.go | 2 +- internal/certdeploy/deployers/sp_kong.go | 2 +- internal/certdeploy/deployers/sp_lecdn.go | 2 +- internal/certdeploy/deployers/sp_local.go | 4 +- internal/certdeploy/deployers/sp_safeline.go | 2 +- internal/certdeploy/deployers/sp_ssh.go | 2 +- .../deployers/sp_tencentcloud_clb.go | 2 +- .../deployers/sp_tencentcloud_gaap.go | 2 +- .../certdeploy/deployers/sp_volcengine_alb.go | 2 +- .../certdeploy/deployers/sp_volcengine_clb.go | 2 +- .../acme-http01/providers/ssh/consts.go | 7 ++++ .../acme-http01/providers/ssh/ssh.go | 3 -- .../providers/1panel-site/1panel_site.go | 2 +- .../providers/1panel-site/consts.go | 6 +-- .../providers/aliyun-alb/aliyun_alb.go | 2 +- .../providers/aliyun-alb/consts.go | 6 +-- .../providers/aliyun-apigw/aliyun_apigw.go | 2 +- .../aliyun-apigw/aliyun_apigw_test.go | 2 +- .../providers/aliyun-apigw/consts.go | 6 +-- .../providers/aliyun-clb/aliyun_clb.go | 2 +- .../providers/aliyun-clb/consts.go | 6 +-- .../providers/aliyun-ga/aliyun_ga.go | 2 +- .../providers/aliyun-ga/consts.go | 6 +-- .../providers/aliyun-nlb/aliyun_nlb.go | 2 +- .../providers/aliyun-nlb/consts.go | 6 +-- .../ssl-deployer/providers/apisix/apisix.go | 2 +- .../ssl-deployer/providers/apisix/consts.go | 4 +- .../aws-cloudfront/aws_cloudfront.go | 15 +++++--- .../providers/aws-cloudfront/consts.go | 6 +++ .../baiducloud-appblb/baiducloud_appblb.go | 2 +- .../providers/baiducloud-appblb/consts.go | 6 +-- .../baiducloud-blb/baiducloud_blb.go | 2 +- .../providers/baiducloud-blb/consts.go | 6 +-- .../ssl-deployer/providers/cdnfly/cdnfly.go | 2 +- .../ssl-deployer/providers/cdnfly/consts.go | 6 +-- .../providers/ctcccloud-elb/consts.go | 6 +-- .../providers/ctcccloud-elb/ctcccloud_elb.go | 2 +- .../ssl-deployer/providers/flexcdn/consts.go | 4 +- .../ssl-deployer/providers/flexcdn/flexcdn.go | 2 +- .../ssl-deployer/providers/goedge/consts.go | 4 +- .../ssl-deployer/providers/goedge/goedge.go | 2 +- .../providers/huaweicloud-elb/consts.go | 8 ++-- .../huaweicloud-elb/huaweicloud_elb.go | 2 +- .../providers/huaweicloud-waf/consts.go | 10 ++--- .../huaweicloud-waf/huaweicloud_waf.go | 12 +++--- .../huaweicloud-waf/huaweicloud_waf_test.go | 2 +- .../providers/jdcloud-alb/consts.go | 6 +-- .../providers/jdcloud-alb/jdcloud_alb.go | 2 +- .../ssl-deployer/providers/kong/consts.go | 4 +- pkg/core/ssl-deployer/providers/kong/kong.go | 2 +- .../ssl-deployer/providers/lecdn/consts.go | 4 +- .../ssl-deployer/providers/lecdn/lecdn.go | 2 +- .../ssl-deployer/providers/local/consts.go | 13 +++++++ .../ssl-deployer/providers/local/defines.go | 17 --------- .../ssl-deployer/providers/local/local.go | 20 +++++----- .../providers/local/local_test.go | 2 +- .../ssl-deployer/providers/safeline/consts.go | 4 +- .../providers/safeline/safeline.go | 2 +- pkg/core/ssl-deployer/providers/ssh/consts.go | 13 +++++++ .../ssl-deployer/providers/ssh/defines.go | 9 ----- pkg/core/ssl-deployer/providers/ssh/ssh.go | 5 +-- .../providers/tencentcloud-cdn/consts.go | 6 +-- .../tencentcloud-cdn/tencentcloud_cdn.go | 8 ++-- .../providers/tencentcloud-clb/consts.go | 8 ++-- .../tencentcloud-clb/tencentcloud_clb.go | 2 +- .../tencentcloud-clb/tencentcloud_clb_test.go | 38 ------------------- .../providers/tencentcloud-ecdn/consts.go | 6 +-- .../tencentcloud-ecdn/tencentcloud_ecdn.go | 8 ++-- .../providers/tencentcloud-eo/consts.go | 4 +- .../tencentcloud-eo/tencentcloud_eo.go | 6 +-- .../providers/tencentcloud-gaap/consts.go | 4 +- .../tencentcloud-gaap/tencentcloud_gaap.go | 2 +- .../providers/volcengine-alb/consts.go | 6 +-- .../volcengine-alb/volcengine_alb.go | 2 +- .../providers/volcengine-cdn/consts.go | 6 +-- .../volcengine-cdn/volcengine_cdn.go | 8 ++-- .../providers/volcengine-clb/consts.go | 6 +-- .../volcengine-clb/volcengine_clb.go | 2 +- .../providers/volcengine-live/consts.go | 4 +- .../volcengine-live/volcengine_live.go | 6 +-- 95 files changed, 191 insertions(+), 263 deletions(-) create mode 100644 pkg/core/ssl-applicator/acme-http01/providers/ssh/consts.go create mode 100644 pkg/core/ssl-deployer/providers/aws-cloudfront/consts.go create mode 100644 pkg/core/ssl-deployer/providers/local/consts.go delete mode 100644 pkg/core/ssl-deployer/providers/local/defines.go create mode 100644 pkg/core/ssl-deployer/providers/ssh/consts.go delete mode 100644 pkg/core/ssl-deployer/providers/ssh/defines.go diff --git a/internal/certdeploy/deployers/sp_1panel_site.go b/internal/certdeploy/deployers/sp_1panel_site.go index 145fefc1..83ce11df 100644 --- a/internal/certdeploy/deployers/sp_1panel_site.go +++ b/internal/certdeploy/deployers/sp_1panel_site.go @@ -22,7 +22,7 @@ func init() { ApiKey: credentials.ApiKey, AllowInsecureConnections: credentials.AllowInsecureConnections, NodeName: xmaps.GetString(options.ProviderExtendedConfig, "nodeName"), - ResourceType: opsite.ResourceType(xmaps.GetOrDefaultString(options.ProviderExtendedConfig, "resourceType", string(opsite.RESOURCE_TYPE_WEBSITE))), + ResourceType: xmaps.GetString(options.ProviderExtendedConfig, "resourceType"), WebsiteId: xmaps.GetInt64(options.ProviderExtendedConfig, "websiteId"), CertificateId: xmaps.GetInt64(options.ProviderExtendedConfig, "certificateId"), }) diff --git a/internal/certdeploy/deployers/sp_aliyun_alb.go b/internal/certdeploy/deployers/sp_aliyun_alb.go index b2bc3401..74625b7c 100644 --- a/internal/certdeploy/deployers/sp_aliyun_alb.go +++ b/internal/certdeploy/deployers/sp_aliyun_alb.go @@ -21,7 +21,7 @@ func init() { AccessKeySecret: credentials.AccessKeySecret, ResourceGroupId: credentials.ResourceGroupId, Region: xmaps.GetString(options.ProviderExtendedConfig, "region"), - ResourceType: aliyunalb.ResourceType(xmaps.GetString(options.ProviderExtendedConfig, "resourceType")), + ResourceType: xmaps.GetString(options.ProviderExtendedConfig, "resourceType"), LoadbalancerId: xmaps.GetString(options.ProviderExtendedConfig, "loadbalancerId"), ListenerId: xmaps.GetString(options.ProviderExtendedConfig, "listenerId"), Domain: xmaps.GetString(options.ProviderExtendedConfig, "domain"), diff --git a/internal/certdeploy/deployers/sp_aliyun_apigw.go b/internal/certdeploy/deployers/sp_aliyun_apigw.go index 30eb6b29..c4ae825f 100644 --- a/internal/certdeploy/deployers/sp_aliyun_apigw.go +++ b/internal/certdeploy/deployers/sp_aliyun_apigw.go @@ -21,7 +21,7 @@ func init() { AccessKeySecret: credentials.AccessKeySecret, ResourceGroupId: credentials.ResourceGroupId, Region: xmaps.GetString(options.ProviderExtendedConfig, "region"), - ServiceType: aliyunapigw.ServiceType(xmaps.GetString(options.ProviderExtendedConfig, "serviceType")), + ServiceType: xmaps.GetString(options.ProviderExtendedConfig, "serviceType"), GatewayId: xmaps.GetString(options.ProviderExtendedConfig, "gatewayId"), GroupId: xmaps.GetString(options.ProviderExtendedConfig, "groupId"), Domain: xmaps.GetString(options.ProviderExtendedConfig, "domain"), diff --git a/internal/certdeploy/deployers/sp_aliyun_clb.go b/internal/certdeploy/deployers/sp_aliyun_clb.go index b642e506..a3061738 100644 --- a/internal/certdeploy/deployers/sp_aliyun_clb.go +++ b/internal/certdeploy/deployers/sp_aliyun_clb.go @@ -21,7 +21,7 @@ func init() { AccessKeySecret: credentials.AccessKeySecret, ResourceGroupId: credentials.ResourceGroupId, Region: xmaps.GetString(options.ProviderExtendedConfig, "region"), - ResourceType: aliyunclb.ResourceType(xmaps.GetString(options.ProviderExtendedConfig, "resourceType")), + ResourceType: xmaps.GetString(options.ProviderExtendedConfig, "resourceType"), LoadbalancerId: xmaps.GetString(options.ProviderExtendedConfig, "loadbalancerId"), ListenerPort: xmaps.GetOrDefaultInt32(options.ProviderExtendedConfig, "listenerPort", 443), Domain: xmaps.GetString(options.ProviderExtendedConfig, "domain"), diff --git a/internal/certdeploy/deployers/sp_aliyun_ga.go b/internal/certdeploy/deployers/sp_aliyun_ga.go index ef7fbd34..b353de30 100644 --- a/internal/certdeploy/deployers/sp_aliyun_ga.go +++ b/internal/certdeploy/deployers/sp_aliyun_ga.go @@ -20,7 +20,7 @@ func init() { AccessKeyId: credentials.AccessKeyId, AccessKeySecret: credentials.AccessKeySecret, ResourceGroupId: credentials.ResourceGroupId, - ResourceType: aliyunga.ResourceType(xmaps.GetString(options.ProviderExtendedConfig, "resourceType")), + ResourceType: xmaps.GetString(options.ProviderExtendedConfig, "resourceType"), AcceleratorId: xmaps.GetString(options.ProviderExtendedConfig, "acceleratorId"), ListenerId: xmaps.GetString(options.ProviderExtendedConfig, "listenerId"), Domain: xmaps.GetString(options.ProviderExtendedConfig, "domain"), diff --git a/internal/certdeploy/deployers/sp_aliyun_nlb.go b/internal/certdeploy/deployers/sp_aliyun_nlb.go index 5985754b..7feb79af 100644 --- a/internal/certdeploy/deployers/sp_aliyun_nlb.go +++ b/internal/certdeploy/deployers/sp_aliyun_nlb.go @@ -21,7 +21,7 @@ func init() { AccessKeySecret: credentials.AccessKeySecret, ResourceGroupId: credentials.ResourceGroupId, Region: xmaps.GetString(options.ProviderExtendedConfig, "region"), - ResourceType: aliyunnlb.ResourceType(xmaps.GetString(options.ProviderExtendedConfig, "resourceType")), + ResourceType: xmaps.GetString(options.ProviderExtendedConfig, "resourceType"), LoadbalancerId: xmaps.GetString(options.ProviderExtendedConfig, "loadbalancerId"), ListenerId: xmaps.GetString(options.ProviderExtendedConfig, "listenerId"), }) diff --git a/internal/certdeploy/deployers/sp_apisix.go b/internal/certdeploy/deployers/sp_apisix.go index 98e7f201..641aaaca 100644 --- a/internal/certdeploy/deployers/sp_apisix.go +++ b/internal/certdeploy/deployers/sp_apisix.go @@ -20,7 +20,7 @@ func init() { ServerUrl: credentials.ServerUrl, ApiKey: credentials.ApiKey, AllowInsecureConnections: credentials.AllowInsecureConnections, - ResourceType: apisix.ResourceType(xmaps.GetString(options.ProviderExtendedConfig, "resourceType")), + ResourceType: xmaps.GetString(options.ProviderExtendedConfig, "resourceType"), CertificateId: xmaps.GetString(options.ProviderExtendedConfig, "certificateId"), }) return provider, err diff --git a/internal/certdeploy/deployers/sp_baiducloud_appblb.go b/internal/certdeploy/deployers/sp_baiducloud_appblb.go index efd4431f..f5d70c20 100644 --- a/internal/certdeploy/deployers/sp_baiducloud_appblb.go +++ b/internal/certdeploy/deployers/sp_baiducloud_appblb.go @@ -20,7 +20,7 @@ func init() { AccessKeyId: credentials.AccessKeyId, SecretAccessKey: credentials.SecretAccessKey, Region: xmaps.GetString(options.ProviderExtendedConfig, "region"), - ResourceType: baiducloudappblb.ResourceType(xmaps.GetString(options.ProviderExtendedConfig, "resourceType")), + ResourceType: xmaps.GetString(options.ProviderExtendedConfig, "resourceType"), LoadbalancerId: xmaps.GetString(options.ProviderExtendedConfig, "loadbalancerId"), ListenerPort: xmaps.GetInt32(options.ProviderExtendedConfig, "listenerPort"), Domain: xmaps.GetString(options.ProviderExtendedConfig, "domain"), diff --git a/internal/certdeploy/deployers/sp_baiducloud_blb.go b/internal/certdeploy/deployers/sp_baiducloud_blb.go index 8d65b33e..1a611205 100644 --- a/internal/certdeploy/deployers/sp_baiducloud_blb.go +++ b/internal/certdeploy/deployers/sp_baiducloud_blb.go @@ -20,7 +20,7 @@ func init() { AccessKeyId: credentials.AccessKeyId, SecretAccessKey: credentials.SecretAccessKey, Region: xmaps.GetString(options.ProviderExtendedConfig, "region"), - ResourceType: baiducloudblb.ResourceType(xmaps.GetString(options.ProviderExtendedConfig, "resourceType")), + ResourceType: xmaps.GetString(options.ProviderExtendedConfig, "resourceType"), LoadbalancerId: xmaps.GetString(options.ProviderExtendedConfig, "loadbalancerId"), ListenerPort: xmaps.GetInt32(options.ProviderExtendedConfig, "listenerPort"), Domain: xmaps.GetString(options.ProviderExtendedConfig, "domain"), diff --git a/internal/certdeploy/deployers/sp_cdnfly.go b/internal/certdeploy/deployers/sp_cdnfly.go index 25e3fff3..ad69ed8b 100644 --- a/internal/certdeploy/deployers/sp_cdnfly.go +++ b/internal/certdeploy/deployers/sp_cdnfly.go @@ -21,7 +21,7 @@ func init() { ApiKey: credentials.ApiKey, ApiSecret: credentials.ApiSecret, AllowInsecureConnections: credentials.AllowInsecureConnections, - ResourceType: cdnfly.ResourceType(xmaps.GetOrDefaultString(options.ProviderExtendedConfig, "resourceType", string(cdnfly.RESOURCE_TYPE_SITE))), + ResourceType: xmaps.GetString(options.ProviderExtendedConfig, "resourceType"), SiteId: xmaps.GetString(options.ProviderExtendedConfig, "siteId"), CertificateId: xmaps.GetString(options.ProviderExtendedConfig, "certificateId"), }) diff --git a/internal/certdeploy/deployers/sp_ctcccloud_elb.go b/internal/certdeploy/deployers/sp_ctcccloud_elb.go index f21a30c2..253700d7 100644 --- a/internal/certdeploy/deployers/sp_ctcccloud_elb.go +++ b/internal/certdeploy/deployers/sp_ctcccloud_elb.go @@ -20,7 +20,7 @@ func init() { AccessKeyId: credentials.AccessKeyId, SecretAccessKey: credentials.SecretAccessKey, RegionId: xmaps.GetString(options.ProviderExtendedConfig, "regionId"), - ResourceType: ctcccloudelb.ResourceType(xmaps.GetString(options.ProviderExtendedConfig, "resourceType")), + ResourceType: xmaps.GetString(options.ProviderExtendedConfig, "resourceType"), LoadbalancerId: xmaps.GetString(options.ProviderExtendedConfig, "loadbalancerId"), ListenerId: xmaps.GetString(options.ProviderExtendedConfig, "listenerId"), }) diff --git a/internal/certdeploy/deployers/sp_flexcdn.go b/internal/certdeploy/deployers/sp_flexcdn.go index 9db33000..2c505c74 100644 --- a/internal/certdeploy/deployers/sp_flexcdn.go +++ b/internal/certdeploy/deployers/sp_flexcdn.go @@ -22,7 +22,7 @@ func init() { AccessKeyId: credentials.AccessKeyId, AccessKey: credentials.AccessKey, AllowInsecureConnections: credentials.AllowInsecureConnections, - ResourceType: flexcdn.ResourceType(xmaps.GetString(options.ProviderExtendedConfig, "resourceType")), + ResourceType: xmaps.GetString(options.ProviderExtendedConfig, "resourceType"), CertificateId: xmaps.GetInt64(options.ProviderExtendedConfig, "certificateId"), }) return provider, err diff --git a/internal/certdeploy/deployers/sp_goedge.go b/internal/certdeploy/deployers/sp_goedge.go index afdfc9a9..24e2866b 100644 --- a/internal/certdeploy/deployers/sp_goedge.go +++ b/internal/certdeploy/deployers/sp_goedge.go @@ -22,7 +22,7 @@ func init() { AccessKeyId: credentials.AccessKeyId, AccessKey: credentials.AccessKey, AllowInsecureConnections: credentials.AllowInsecureConnections, - ResourceType: goedge.ResourceType(xmaps.GetString(options.ProviderExtendedConfig, "resourceType")), + ResourceType: xmaps.GetString(options.ProviderExtendedConfig, "resourceType"), CertificateId: xmaps.GetInt64(options.ProviderExtendedConfig, "certificateId"), }) return provider, err diff --git a/internal/certdeploy/deployers/sp_huaweicloud_elb.go b/internal/certdeploy/deployers/sp_huaweicloud_elb.go index 41d91b7d..c806b297 100644 --- a/internal/certdeploy/deployers/sp_huaweicloud_elb.go +++ b/internal/certdeploy/deployers/sp_huaweicloud_elb.go @@ -21,7 +21,7 @@ func init() { SecretAccessKey: credentials.SecretAccessKey, EnterpriseProjectId: credentials.EnterpriseProjectId, Region: xmaps.GetString(options.ProviderExtendedConfig, "region"), - ResourceType: huaweicloudelb.ResourceType(xmaps.GetString(options.ProviderExtendedConfig, "resourceType")), + ResourceType: xmaps.GetString(options.ProviderExtendedConfig, "resourceType"), CertificateId: xmaps.GetString(options.ProviderExtendedConfig, "certificateId"), LoadbalancerId: xmaps.GetString(options.ProviderExtendedConfig, "loadbalancerId"), ListenerId: xmaps.GetString(options.ProviderExtendedConfig, "listenerId"), diff --git a/internal/certdeploy/deployers/sp_huaweicloud_waf.go b/internal/certdeploy/deployers/sp_huaweicloud_waf.go index 2ad5aeeb..3f05f700 100644 --- a/internal/certdeploy/deployers/sp_huaweicloud_waf.go +++ b/internal/certdeploy/deployers/sp_huaweicloud_waf.go @@ -21,7 +21,7 @@ func init() { SecretAccessKey: credentials.SecretAccessKey, EnterpriseProjectId: credentials.EnterpriseProjectId, Region: xmaps.GetString(options.ProviderExtendedConfig, "region"), - ResourceType: huaweicloudwaf.ResourceType(xmaps.GetString(options.ProviderExtendedConfig, "resourceType")), + ResourceType: xmaps.GetString(options.ProviderExtendedConfig, "resourceType"), CertificateId: xmaps.GetString(options.ProviderExtendedConfig, "certificateId"), Domain: xmaps.GetString(options.ProviderExtendedConfig, "domain"), }) diff --git a/internal/certdeploy/deployers/sp_jdcloud_alb.go b/internal/certdeploy/deployers/sp_jdcloud_alb.go index 813a6c9a..1770e53d 100644 --- a/internal/certdeploy/deployers/sp_jdcloud_alb.go +++ b/internal/certdeploy/deployers/sp_jdcloud_alb.go @@ -20,7 +20,7 @@ func init() { AccessKeyId: credentials.AccessKeyId, AccessKeySecret: credentials.AccessKeySecret, RegionId: xmaps.GetString(options.ProviderExtendedConfig, "regionId"), - ResourceType: jdcloudalb.ResourceType(xmaps.GetString(options.ProviderExtendedConfig, "resourceType")), + ResourceType: xmaps.GetString(options.ProviderExtendedConfig, "resourceType"), LoadbalancerId: xmaps.GetString(options.ProviderExtendedConfig, "loadbalancerId"), ListenerId: xmaps.GetString(options.ProviderExtendedConfig, "listenerId"), }) diff --git a/internal/certdeploy/deployers/sp_kong.go b/internal/certdeploy/deployers/sp_kong.go index 54d0c810..701e3254 100644 --- a/internal/certdeploy/deployers/sp_kong.go +++ b/internal/certdeploy/deployers/sp_kong.go @@ -20,7 +20,7 @@ func init() { ServerUrl: credentials.ServerUrl, ApiToken: credentials.ApiToken, AllowInsecureConnections: credentials.AllowInsecureConnections, - ResourceType: kong.ResourceType(xmaps.GetString(options.ProviderExtendedConfig, "resourceType")), + ResourceType: xmaps.GetString(options.ProviderExtendedConfig, "resourceType"), Workspace: xmaps.GetString(options.ProviderExtendedConfig, "workspace"), CertificateId: xmaps.GetString(options.ProviderExtendedConfig, "certificateId"), }) diff --git a/internal/certdeploy/deployers/sp_lecdn.go b/internal/certdeploy/deployers/sp_lecdn.go index 3f7d4167..d7fdf504 100644 --- a/internal/certdeploy/deployers/sp_lecdn.go +++ b/internal/certdeploy/deployers/sp_lecdn.go @@ -23,7 +23,7 @@ func init() { Username: credentials.Username, Password: credentials.Password, AllowInsecureConnections: credentials.AllowInsecureConnections, - ResourceType: lecdn.ResourceType(xmaps.GetString(options.ProviderExtendedConfig, "resourceType")), + ResourceType: xmaps.GetString(options.ProviderExtendedConfig, "resourceType"), CertificateId: xmaps.GetInt64(options.ProviderExtendedConfig, "certificateId"), ClientId: xmaps.GetInt64(options.ProviderExtendedConfig, "clientId"), }) diff --git a/internal/certdeploy/deployers/sp_local.go b/internal/certdeploy/deployers/sp_local.go index 7fecea65..cb873b17 100644 --- a/internal/certdeploy/deployers/sp_local.go +++ b/internal/certdeploy/deployers/sp_local.go @@ -10,10 +10,10 @@ import ( func init() { if err := Registries.Register(domain.DeploymentProviderTypeLocal, func(options *ProviderFactoryOptions) (core.SSLDeployer, error) { provider, err := local.NewSSLDeployerProvider(&local.SSLDeployerProviderConfig{ - ShellEnv: local.ShellEnvType(xmaps.GetString(options.ProviderExtendedConfig, "shellEnv")), + ShellEnv: xmaps.GetString(options.ProviderExtendedConfig, "shellEnv"), PreCommand: xmaps.GetString(options.ProviderExtendedConfig, "preCommand"), PostCommand: xmaps.GetString(options.ProviderExtendedConfig, "postCommand"), - OutputFormat: local.OutputFormatType(xmaps.GetOrDefaultString(options.ProviderExtendedConfig, "format", string(local.OUTPUT_FORMAT_PEM))), + OutputFormat: xmaps.GetOrDefaultString(options.ProviderExtendedConfig, "format", local.OUTPUT_FORMAT_PEM), OutputCertPath: xmaps.GetString(options.ProviderExtendedConfig, "certPath"), OutputServerCertPath: xmaps.GetString(options.ProviderExtendedConfig, "certPathForServerOnly"), OutputIntermediaCertPath: xmaps.GetString(options.ProviderExtendedConfig, "certPathForIntermediaOnly"), diff --git a/internal/certdeploy/deployers/sp_safeline.go b/internal/certdeploy/deployers/sp_safeline.go index 6b528fd3..c604b735 100644 --- a/internal/certdeploy/deployers/sp_safeline.go +++ b/internal/certdeploy/deployers/sp_safeline.go @@ -20,7 +20,7 @@ func init() { ServerUrl: credentials.ServerUrl, ApiToken: credentials.ApiToken, AllowInsecureConnections: credentials.AllowInsecureConnections, - ResourceType: safeline.ResourceType(xmaps.GetString(options.ProviderExtendedConfig, "resourceType")), + ResourceType: xmaps.GetString(options.ProviderExtendedConfig, "resourceType"), CertificateId: xmaps.GetInt32(options.ProviderExtendedConfig, "certificateId"), }) return provider, err diff --git a/internal/certdeploy/deployers/sp_ssh.go b/internal/certdeploy/deployers/sp_ssh.go index d2591905..259cfd85 100644 --- a/internal/certdeploy/deployers/sp_ssh.go +++ b/internal/certdeploy/deployers/sp_ssh.go @@ -43,7 +43,7 @@ func init() { UseSCP: xmaps.GetBool(options.ProviderExtendedConfig, "useSCP"), PreCommand: xmaps.GetString(options.ProviderExtendedConfig, "preCommand"), PostCommand: xmaps.GetString(options.ProviderExtendedConfig, "postCommand"), - OutputFormat: ssh.OutputFormatType(xmaps.GetOrDefaultString(options.ProviderExtendedConfig, "format", string(ssh.OUTPUT_FORMAT_PEM))), + OutputFormat: xmaps.GetOrDefaultString(options.ProviderExtendedConfig, "format", ssh.OUTPUT_FORMAT_PEM), OutputKeyPath: xmaps.GetString(options.ProviderExtendedConfig, "keyPath"), OutputCertPath: xmaps.GetString(options.ProviderExtendedConfig, "certPath"), OutputServerCertPath: xmaps.GetString(options.ProviderExtendedConfig, "certPathForServerOnly"), diff --git a/internal/certdeploy/deployers/sp_tencentcloud_clb.go b/internal/certdeploy/deployers/sp_tencentcloud_clb.go index c7731db1..e8bf4a69 100644 --- a/internal/certdeploy/deployers/sp_tencentcloud_clb.go +++ b/internal/certdeploy/deployers/sp_tencentcloud_clb.go @@ -21,7 +21,7 @@ func init() { SecretKey: credentials.SecretKey, Endpoint: xmaps.GetString(options.ProviderExtendedConfig, "endpoint"), Region: xmaps.GetString(options.ProviderExtendedConfig, "region"), - ResourceType: tencentcloudclb.ResourceType(xmaps.GetString(options.ProviderExtendedConfig, "resourceType")), + ResourceType: xmaps.GetString(options.ProviderExtendedConfig, "resourceType"), LoadbalancerId: xmaps.GetString(options.ProviderExtendedConfig, "loadbalancerId"), ListenerId: xmaps.GetString(options.ProviderExtendedConfig, "listenerId"), Domain: xmaps.GetString(options.ProviderExtendedConfig, "domain"), diff --git a/internal/certdeploy/deployers/sp_tencentcloud_gaap.go b/internal/certdeploy/deployers/sp_tencentcloud_gaap.go index c7c2ce9e..b1c3f950 100644 --- a/internal/certdeploy/deployers/sp_tencentcloud_gaap.go +++ b/internal/certdeploy/deployers/sp_tencentcloud_gaap.go @@ -20,7 +20,7 @@ func init() { SecretId: credentials.SecretId, SecretKey: credentials.SecretKey, Endpoint: xmaps.GetString(options.ProviderExtendedConfig, "endpoint"), - ResourceType: tencentcloudgaap.ResourceType(xmaps.GetString(options.ProviderExtendedConfig, "resourceType")), + ResourceType: xmaps.GetString(options.ProviderExtendedConfig, "resourceType"), ProxyId: xmaps.GetString(options.ProviderExtendedConfig, "proxyId"), ListenerId: xmaps.GetString(options.ProviderExtendedConfig, "listenerId"), }) diff --git a/internal/certdeploy/deployers/sp_volcengine_alb.go b/internal/certdeploy/deployers/sp_volcengine_alb.go index a167d23c..0f5e538a 100644 --- a/internal/certdeploy/deployers/sp_volcengine_alb.go +++ b/internal/certdeploy/deployers/sp_volcengine_alb.go @@ -20,7 +20,7 @@ func init() { AccessKeyId: credentials.AccessKeyId, AccessKeySecret: credentials.SecretAccessKey, Region: xmaps.GetString(options.ProviderExtendedConfig, "region"), - ResourceType: volcenginealb.ResourceType(xmaps.GetString(options.ProviderExtendedConfig, "resourceType")), + ResourceType: xmaps.GetString(options.ProviderExtendedConfig, "resourceType"), LoadbalancerId: xmaps.GetString(options.ProviderExtendedConfig, "loadbalancerId"), ListenerId: xmaps.GetString(options.ProviderExtendedConfig, "listenerId"), Domain: xmaps.GetString(options.ProviderExtendedConfig, "domain"), diff --git a/internal/certdeploy/deployers/sp_volcengine_clb.go b/internal/certdeploy/deployers/sp_volcengine_clb.go index 2f7f87fe..a1e89499 100644 --- a/internal/certdeploy/deployers/sp_volcengine_clb.go +++ b/internal/certdeploy/deployers/sp_volcengine_clb.go @@ -20,7 +20,7 @@ func init() { AccessKeyId: credentials.AccessKeyId, AccessKeySecret: credentials.SecretAccessKey, Region: xmaps.GetString(options.ProviderExtendedConfig, "region"), - ResourceType: volcengineclb.ResourceType(xmaps.GetString(options.ProviderExtendedConfig, "resourceType")), + ResourceType: xmaps.GetString(options.ProviderExtendedConfig, "resourceType"), LoadbalancerId: xmaps.GetString(options.ProviderExtendedConfig, "loadbalancerId"), ListenerId: xmaps.GetString(options.ProviderExtendedConfig, "listenerId"), }) diff --git a/pkg/core/ssl-applicator/acme-http01/providers/ssh/consts.go b/pkg/core/ssl-applicator/acme-http01/providers/ssh/consts.go new file mode 100644 index 00000000..17204b74 --- /dev/null +++ b/pkg/core/ssl-applicator/acme-http01/providers/ssh/consts.go @@ -0,0 +1,7 @@ +package ssh + +const ( + AUTH_METHOD_NONE = "none" + AUTH_METHOD_PASSWORD = "password" + AUTH_METHOD_KEY = "key" +) diff --git a/pkg/core/ssl-applicator/acme-http01/providers/ssh/ssh.go b/pkg/core/ssl-applicator/acme-http01/providers/ssh/ssh.go index d23055ab..197bc1e2 100644 --- a/pkg/core/ssl-applicator/acme-http01/providers/ssh/ssh.go +++ b/pkg/core/ssl-applicator/acme-http01/providers/ssh/ssh.go @@ -225,9 +225,6 @@ func (p *provider) createSshClient(conn net.Conn, host string, port int32, authM username = "root" } - const AUTH_METHOD_NONE = "none" - const AUTH_METHOD_PASSWORD = "password" - const AUTH_METHOD_KEY = "key" if authMethod == "" { if key != "" { authMethod = AUTH_METHOD_KEY diff --git a/pkg/core/ssl-deployer/providers/1panel-site/1panel_site.go b/pkg/core/ssl-deployer/providers/1panel-site/1panel_site.go index ffce4d26..94bdc1bf 100644 --- a/pkg/core/ssl-deployer/providers/1panel-site/1panel_site.go +++ b/pkg/core/ssl-deployer/providers/1panel-site/1panel_site.go @@ -28,7 +28,7 @@ type SSLDeployerProviderConfig struct { // 选填。 NodeName string `json:"nodeName,omitempty"` // 部署资源类型。 - ResourceType ResourceType `json:"resourceType"` + ResourceType string `json:"resourceType"` // 网站 ID。 // 部署资源类型为 [RESOURCE_TYPE_WEBSITE] 时必填。 WebsiteId int64 `json:"websiteId,omitempty"` diff --git a/pkg/core/ssl-deployer/providers/1panel-site/consts.go b/pkg/core/ssl-deployer/providers/1panel-site/consts.go index 85f85a0d..ab403c50 100644 --- a/pkg/core/ssl-deployer/providers/1panel-site/consts.go +++ b/pkg/core/ssl-deployer/providers/1panel-site/consts.go @@ -1,10 +1,8 @@ package onepanelsite -type ResourceType string - const ( // 资源类型:替换指定网站的证书。 - RESOURCE_TYPE_WEBSITE = ResourceType("website") + RESOURCE_TYPE_WEBSITE = "website" // 资源类型:替换指定证书。 - RESOURCE_TYPE_CERTIFICATE = ResourceType("certificate") + RESOURCE_TYPE_CERTIFICATE = "certificate" ) diff --git a/pkg/core/ssl-deployer/providers/aliyun-alb/aliyun_alb.go b/pkg/core/ssl-deployer/providers/aliyun-alb/aliyun_alb.go index 7fe2deba..44de3e7b 100644 --- a/pkg/core/ssl-deployer/providers/aliyun-alb/aliyun_alb.go +++ b/pkg/core/ssl-deployer/providers/aliyun-alb/aliyun_alb.go @@ -29,7 +29,7 @@ type SSLDeployerProviderConfig struct { // 阿里云地域。 Region string `json:"region"` // 部署资源类型。 - ResourceType ResourceType `json:"resourceType"` + ResourceType string `json:"resourceType"` // 负载均衡实例 ID。 // 部署资源类型为 [RESOURCE_TYPE_LOADBALANCER] 时必填。 LoadbalancerId string `json:"loadbalancerId,omitempty"` diff --git a/pkg/core/ssl-deployer/providers/aliyun-alb/consts.go b/pkg/core/ssl-deployer/providers/aliyun-alb/consts.go index 286aef00..33232ccf 100644 --- a/pkg/core/ssl-deployer/providers/aliyun-alb/consts.go +++ b/pkg/core/ssl-deployer/providers/aliyun-alb/consts.go @@ -1,10 +1,8 @@ package aliyunalb -type ResourceType string - const ( // 资源类型:部署到指定负载均衡器。 - RESOURCE_TYPE_LOADBALANCER = ResourceType("loadbalancer") + RESOURCE_TYPE_LOADBALANCER = "loadbalancer" // 资源类型:部署到指定监听器。 - RESOURCE_TYPE_LISTENER = ResourceType("listener") + RESOURCE_TYPE_LISTENER = "listener" ) diff --git a/pkg/core/ssl-deployer/providers/aliyun-apigw/aliyun_apigw.go b/pkg/core/ssl-deployer/providers/aliyun-apigw/aliyun_apigw.go index 686f64d0..fb2a44b1 100644 --- a/pkg/core/ssl-deployer/providers/aliyun-apigw/aliyun_apigw.go +++ b/pkg/core/ssl-deployer/providers/aliyun-apigw/aliyun_apigw.go @@ -28,7 +28,7 @@ type SSLDeployerProviderConfig struct { // 阿里云地域。 Region string `json:"region"` // 服务类型。 - ServiceType ServiceType `json:"serviceType"` + ServiceType string `json:"serviceType"` // API 网关 ID。 // 服务类型为 [SERVICE_TYPE_CLOUDNATIVE] 时必填。 GatewayId string `json:"gatewayId,omitempty"` diff --git a/pkg/core/ssl-deployer/providers/aliyun-apigw/aliyun_apigw_test.go b/pkg/core/ssl-deployer/providers/aliyun-apigw/aliyun_apigw_test.go index 62d437c6..ef522b00 100644 --- a/pkg/core/ssl-deployer/providers/aliyun-apigw/aliyun_apigw_test.go +++ b/pkg/core/ssl-deployer/providers/aliyun-apigw/aliyun_apigw_test.go @@ -72,7 +72,7 @@ func TestDeploy(t *testing.T) { AccessKeyId: fAccessKeyId, AccessKeySecret: fAccessKeySecret, Region: fRegion, - ServiceType: provider.ServiceType(fServiceType), + ServiceType: fServiceType, GatewayId: fGatewayId, GroupId: fGroupId, Domain: fDomain, diff --git a/pkg/core/ssl-deployer/providers/aliyun-apigw/consts.go b/pkg/core/ssl-deployer/providers/aliyun-apigw/consts.go index 1abe97e3..7a767b08 100644 --- a/pkg/core/ssl-deployer/providers/aliyun-apigw/consts.go +++ b/pkg/core/ssl-deployer/providers/aliyun-apigw/consts.go @@ -1,10 +1,8 @@ package aliyunapigw -type ServiceType string - const ( // 服务类型:原 API 网关。 - SERVICE_TYPE_TRADITIONAL = ServiceType("traditional") + SERVICE_TYPE_TRADITIONAL = "traditional" // 服务类型:云原生 API 网关。 - SERVICE_TYPE_CLOUDNATIVE = ServiceType("cloudnative") + SERVICE_TYPE_CLOUDNATIVE = "cloudnative" ) diff --git a/pkg/core/ssl-deployer/providers/aliyun-clb/aliyun_clb.go b/pkg/core/ssl-deployer/providers/aliyun-clb/aliyun_clb.go index 5d5448c4..783b511f 100644 --- a/pkg/core/ssl-deployer/providers/aliyun-clb/aliyun_clb.go +++ b/pkg/core/ssl-deployer/providers/aliyun-clb/aliyun_clb.go @@ -24,7 +24,7 @@ type SSLDeployerProviderConfig struct { // 阿里云地域。 Region string `json:"region"` // 部署资源类型。 - ResourceType ResourceType `json:"resourceType"` + ResourceType string `json:"resourceType"` // 负载均衡实例 ID。 // 部署资源类型为 [RESOURCE_TYPE_LOADBALANCER]、[RESOURCE_TYPE_LISTENER] 时必填。 LoadbalancerId string `json:"loadbalancerId,omitempty"` diff --git a/pkg/core/ssl-deployer/providers/aliyun-clb/consts.go b/pkg/core/ssl-deployer/providers/aliyun-clb/consts.go index 9d901095..cd8aa861 100644 --- a/pkg/core/ssl-deployer/providers/aliyun-clb/consts.go +++ b/pkg/core/ssl-deployer/providers/aliyun-clb/consts.go @@ -1,10 +1,8 @@ package aliyunclb -type ResourceType string - const ( // 资源类型:部署到指定负载均衡器。 - RESOURCE_TYPE_LOADBALANCER = ResourceType("loadbalancer") + RESOURCE_TYPE_LOADBALANCER = "loadbalancer" // 资源类型:部署到指定监听器。 - RESOURCE_TYPE_LISTENER = ResourceType("listener") + RESOURCE_TYPE_LISTENER = "listener" ) diff --git a/pkg/core/ssl-deployer/providers/aliyun-ga/aliyun_ga.go b/pkg/core/ssl-deployer/providers/aliyun-ga/aliyun_ga.go index 6cd00d6e..9ffa312f 100644 --- a/pkg/core/ssl-deployer/providers/aliyun-ga/aliyun_ga.go +++ b/pkg/core/ssl-deployer/providers/aliyun-ga/aliyun_ga.go @@ -24,7 +24,7 @@ type SSLDeployerProviderConfig struct { // 阿里云资源组 ID。 ResourceGroupId string `json:"resourceGroupId,omitempty"` // 部署资源类型。 - ResourceType ResourceType `json:"resourceType"` + ResourceType string `json:"resourceType"` // 全球加速实例 ID。 AcceleratorId string `json:"acceleratorId"` // 全球加速监听 ID。 diff --git a/pkg/core/ssl-deployer/providers/aliyun-ga/consts.go b/pkg/core/ssl-deployer/providers/aliyun-ga/consts.go index f96d98d5..568599fe 100644 --- a/pkg/core/ssl-deployer/providers/aliyun-ga/consts.go +++ b/pkg/core/ssl-deployer/providers/aliyun-ga/consts.go @@ -1,10 +1,8 @@ package aliyunga -type ResourceType string - const ( // 资源类型:部署到指定全球加速器。 - RESOURCE_TYPE_ACCELERATOR = ResourceType("accelerator") + RESOURCE_TYPE_ACCELERATOR = "accelerator" // 资源类型:部署到指定监听器。 - RESOURCE_TYPE_LISTENER = ResourceType("listener") + RESOURCE_TYPE_LISTENER = "listener" ) diff --git a/pkg/core/ssl-deployer/providers/aliyun-nlb/aliyun_nlb.go b/pkg/core/ssl-deployer/providers/aliyun-nlb/aliyun_nlb.go index e55ac290..aeccdd8e 100644 --- a/pkg/core/ssl-deployer/providers/aliyun-nlb/aliyun_nlb.go +++ b/pkg/core/ssl-deployer/providers/aliyun-nlb/aliyun_nlb.go @@ -26,7 +26,7 @@ type SSLDeployerProviderConfig struct { // 阿里云地域。 Region string `json:"region"` // 部署资源类型。 - ResourceType ResourceType `json:"resourceType"` + ResourceType string `json:"resourceType"` // 负载均衡实例 ID。 // 部署资源类型为 [RESOURCE_TYPE_LOADBALANCER] 时必填。 LoadbalancerId string `json:"loadbalancerId,omitempty"` diff --git a/pkg/core/ssl-deployer/providers/aliyun-nlb/consts.go b/pkg/core/ssl-deployer/providers/aliyun-nlb/consts.go index 40724727..d8e13239 100644 --- a/pkg/core/ssl-deployer/providers/aliyun-nlb/consts.go +++ b/pkg/core/ssl-deployer/providers/aliyun-nlb/consts.go @@ -1,10 +1,8 @@ package aliyunnlb -type ResourceType string - const ( // 资源类型:部署到指定负载均衡器。 - RESOURCE_TYPE_LOADBALANCER = ResourceType("loadbalancer") + RESOURCE_TYPE_LOADBALANCER = "loadbalancer" // 资源类型:部署到指定监听器。 - RESOURCE_TYPE_LISTENER = ResourceType("listener") + RESOURCE_TYPE_LISTENER = "listener" ) diff --git a/pkg/core/ssl-deployer/providers/apisix/apisix.go b/pkg/core/ssl-deployer/providers/apisix/apisix.go index 5867be48..43c5e9fa 100644 --- a/pkg/core/ssl-deployer/providers/apisix/apisix.go +++ b/pkg/core/ssl-deployer/providers/apisix/apisix.go @@ -22,7 +22,7 @@ type SSLDeployerProviderConfig struct { // 是否允许不安全的连接。 AllowInsecureConnections bool `json:"allowInsecureConnections,omitempty"` // 部署资源类型。 - ResourceType ResourceType `json:"resourceType"` + ResourceType string `json:"resourceType"` // 证书 ID。 // 部署资源类型为 [RESOURCE_TYPE_CERTIFICATE] 时必填。 CertificateId string `json:"certificateId,omitempty"` diff --git a/pkg/core/ssl-deployer/providers/apisix/consts.go b/pkg/core/ssl-deployer/providers/apisix/consts.go index 75aa1b60..c781a930 100644 --- a/pkg/core/ssl-deployer/providers/apisix/consts.go +++ b/pkg/core/ssl-deployer/providers/apisix/consts.go @@ -1,8 +1,6 @@ package apisix -type ResourceType string - const ( // 资源类型:替换指定证书。 - RESOURCE_TYPE_CERTIFICATE = ResourceType("certificate") + RESOURCE_TYPE_CERTIFICATE = "certificate" ) diff --git a/pkg/core/ssl-deployer/providers/aws-cloudfront/aws_cloudfront.go b/pkg/core/ssl-deployer/providers/aws-cloudfront/aws_cloudfront.go index a9ce2f7c..753f37a9 100644 --- a/pkg/core/ssl-deployer/providers/aws-cloudfront/aws_cloudfront.go +++ b/pkg/core/ssl-deployer/providers/aws-cloudfront/aws_cloudfront.go @@ -51,7 +51,8 @@ func NewSSLDeployerProvider(config *SSLDeployerProviderConfig) (*SSLDeployerProv } var sslmgr core.SSLManager - if config.CertificateSource == "ACM" { + switch config.CertificateSource { + case CERTIFICATE_SOURCE_ACM: sslmgr, err = sslmgrspacm.NewSSLManagerProvider(&sslmgrspacm.SSLManagerProviderConfig{ AccessKeyId: config.AccessKeyId, SecretAccessKey: config.SecretAccessKey, @@ -60,7 +61,8 @@ func NewSSLDeployerProvider(config *SSLDeployerProviderConfig) (*SSLDeployerProv if err != nil { return nil, fmt.Errorf("could not create ssl manager: %w", err) } - } else if config.CertificateSource == "IAM" { + + case CERTIFICATE_SOURCE_IAM: sslmgr, err = sslmgrspiam.NewSSLManagerProvider(&sslmgrspiam.SSLManagerProviderConfig{ AccessKeyId: config.AccessKeyId, SecretAccessKey: config.SecretAccessKey, @@ -70,7 +72,8 @@ func NewSSLDeployerProvider(config *SSLDeployerProviderConfig) (*SSLDeployerProv if err != nil { return nil, fmt.Errorf("could not create ssl manager: %w", err) } - } else { + + default: return nil, fmt.Errorf("unsupported certificate source: '%s'", config.CertificateSource) } @@ -127,10 +130,12 @@ func (d *SSLDeployerProvider) Deploy(ctx context.Context, certPEM string, privke updateDistributionReq.DistributionConfig.ViewerCertificate = &types.ViewerCertificate{} } updateDistributionReq.DistributionConfig.ViewerCertificate.CloudFrontDefaultCertificate = aws.Bool(false) - if d.config.CertificateSource == "ACM" { + switch d.config.CertificateSource { + case CERTIFICATE_SOURCE_ACM: updateDistributionReq.DistributionConfig.ViewerCertificate.ACMCertificateArn = aws.String(upres.CertId) updateDistributionReq.DistributionConfig.ViewerCertificate.IAMCertificateId = nil - } else if d.config.CertificateSource == "IAM" { + + case CERTIFICATE_SOURCE_IAM: updateDistributionReq.DistributionConfig.ViewerCertificate.ACMCertificateArn = nil updateDistributionReq.DistributionConfig.ViewerCertificate.IAMCertificateId = aws.String(upres.CertId) if updateDistributionReq.DistributionConfig.ViewerCertificate.MinimumProtocolVersion == "" { diff --git a/pkg/core/ssl-deployer/providers/aws-cloudfront/consts.go b/pkg/core/ssl-deployer/providers/aws-cloudfront/consts.go new file mode 100644 index 00000000..9f93cb98 --- /dev/null +++ b/pkg/core/ssl-deployer/providers/aws-cloudfront/consts.go @@ -0,0 +1,6 @@ +package awscloudfront + +const ( + CERTIFICATE_SOURCE_ACM = "ACM" + CERTIFICATE_SOURCE_IAM = "IAM" +) diff --git a/pkg/core/ssl-deployer/providers/baiducloud-appblb/baiducloud_appblb.go b/pkg/core/ssl-deployer/providers/baiducloud-appblb/baiducloud_appblb.go index 207d2b0a..b03ce85d 100644 --- a/pkg/core/ssl-deployer/providers/baiducloud-appblb/baiducloud_appblb.go +++ b/pkg/core/ssl-deployer/providers/baiducloud-appblb/baiducloud_appblb.go @@ -24,7 +24,7 @@ type SSLDeployerProviderConfig struct { // 百度智能云区域。 Region string `json:"region"` // 部署资源类型。 - ResourceType ResourceType `json:"resourceType"` + ResourceType string `json:"resourceType"` // 负载均衡实例 ID。 // 部署资源类型为 [RESOURCE_TYPE_LOADBALANCER]、[RESOURCE_TYPE_LISTENER] 时必填。 LoadbalancerId string `json:"loadbalancerId,omitempty"` diff --git a/pkg/core/ssl-deployer/providers/baiducloud-appblb/consts.go b/pkg/core/ssl-deployer/providers/baiducloud-appblb/consts.go index 8e49730b..c8d8dcac 100644 --- a/pkg/core/ssl-deployer/providers/baiducloud-appblb/consts.go +++ b/pkg/core/ssl-deployer/providers/baiducloud-appblb/consts.go @@ -1,10 +1,8 @@ package baiducloudappblb -type ResourceType string - const ( // 资源类型:部署到指定负载均衡器。 - RESOURCE_TYPE_LOADBALANCER = ResourceType("loadbalancer") + RESOURCE_TYPE_LOADBALANCER = "loadbalancer" // 资源类型:部署到指定监听器。 - RESOURCE_TYPE_LISTENER = ResourceType("listener") + RESOURCE_TYPE_LISTENER = "listener" ) diff --git a/pkg/core/ssl-deployer/providers/baiducloud-blb/baiducloud_blb.go b/pkg/core/ssl-deployer/providers/baiducloud-blb/baiducloud_blb.go index 7ce9460a..954ece86 100644 --- a/pkg/core/ssl-deployer/providers/baiducloud-blb/baiducloud_blb.go +++ b/pkg/core/ssl-deployer/providers/baiducloud-blb/baiducloud_blb.go @@ -24,7 +24,7 @@ type SSLDeployerProviderConfig struct { // 百度智能云区域。 Region string `json:"region"` // 部署资源类型。 - ResourceType ResourceType `json:"resourceType"` + ResourceType string `json:"resourceType"` // 负载均衡实例 ID。 // 部署资源类型为 [RESOURCE_TYPE_LOADBALANCER]、[RESOURCE_TYPE_LISTENER] 时必填。 LoadbalancerId string `json:"loadbalancerId,omitempty"` diff --git a/pkg/core/ssl-deployer/providers/baiducloud-blb/consts.go b/pkg/core/ssl-deployer/providers/baiducloud-blb/consts.go index 7af2d812..7f2c21fc 100644 --- a/pkg/core/ssl-deployer/providers/baiducloud-blb/consts.go +++ b/pkg/core/ssl-deployer/providers/baiducloud-blb/consts.go @@ -1,10 +1,8 @@ package baiducloudblb -type ResourceType string - const ( // 资源类型:部署到指定负载均衡器。 - RESOURCE_TYPE_LOADBALANCER = ResourceType("loadbalancer") + RESOURCE_TYPE_LOADBALANCER = "loadbalancer" // 资源类型:部署到指定监听器。 - RESOURCE_TYPE_LISTENER = ResourceType("listener") + RESOURCE_TYPE_LISTENER = "listener" ) diff --git a/pkg/core/ssl-deployer/providers/cdnfly/cdnfly.go b/pkg/core/ssl-deployer/providers/cdnfly/cdnfly.go index 491a7761..15684878 100644 --- a/pkg/core/ssl-deployer/providers/cdnfly/cdnfly.go +++ b/pkg/core/ssl-deployer/providers/cdnfly/cdnfly.go @@ -25,7 +25,7 @@ type SSLDeployerProviderConfig struct { // 是否允许不安全的连接。 AllowInsecureConnections bool `json:"allowInsecureConnections,omitempty"` // 部署资源类型。 - ResourceType ResourceType `json:"resourceType"` + ResourceType string `json:"resourceType"` // 网站 ID。 // 部署资源类型为 [RESOURCE_TYPE_SITE] 时必填。 SiteId string `json:"siteId,omitempty"` diff --git a/pkg/core/ssl-deployer/providers/cdnfly/consts.go b/pkg/core/ssl-deployer/providers/cdnfly/consts.go index 07d896b8..72e83843 100644 --- a/pkg/core/ssl-deployer/providers/cdnfly/consts.go +++ b/pkg/core/ssl-deployer/providers/cdnfly/consts.go @@ -1,10 +1,8 @@ package cdnfly -type ResourceType string - const ( // 资源类型:替换指定网站的证书。 - RESOURCE_TYPE_SITE = ResourceType("site") + RESOURCE_TYPE_SITE = "site" // 资源类型:替换指定证书。 - RESOURCE_TYPE_CERTIFICATE = ResourceType("certificate") + RESOURCE_TYPE_CERTIFICATE = "certificate" ) diff --git a/pkg/core/ssl-deployer/providers/ctcccloud-elb/consts.go b/pkg/core/ssl-deployer/providers/ctcccloud-elb/consts.go index 263e66ed..e5ad9740 100644 --- a/pkg/core/ssl-deployer/providers/ctcccloud-elb/consts.go +++ b/pkg/core/ssl-deployer/providers/ctcccloud-elb/consts.go @@ -1,10 +1,8 @@ package ctcccloudelb -type ResourceType string - const ( // 资源类型:部署到指定负载均衡器。 - RESOURCE_TYPE_LOADBALANCER = ResourceType("loadbalancer") + RESOURCE_TYPE_LOADBALANCER = "loadbalancer" // 资源类型:部署到指定监听器。 - RESOURCE_TYPE_LISTENER = ResourceType("listener") + RESOURCE_TYPE_LISTENER = "listener" ) diff --git a/pkg/core/ssl-deployer/providers/ctcccloud-elb/ctcccloud_elb.go b/pkg/core/ssl-deployer/providers/ctcccloud-elb/ctcccloud_elb.go index e4ab99d4..805255cb 100644 --- a/pkg/core/ssl-deployer/providers/ctcccloud-elb/ctcccloud_elb.go +++ b/pkg/core/ssl-deployer/providers/ctcccloud-elb/ctcccloud_elb.go @@ -22,7 +22,7 @@ type SSLDeployerProviderConfig struct { // 天翼云资源池 ID。 RegionId string `json:"regionId"` // 部署资源类型。 - ResourceType ResourceType `json:"resourceType"` + ResourceType string `json:"resourceType"` // 负载均衡实例 ID。 // 部署资源类型为 [RESOURCE_TYPE_LOADBALANCER] 时必填。 LoadbalancerId string `json:"loadbalancerId,omitempty"` diff --git a/pkg/core/ssl-deployer/providers/flexcdn/consts.go b/pkg/core/ssl-deployer/providers/flexcdn/consts.go index be55a475..9261211b 100644 --- a/pkg/core/ssl-deployer/providers/flexcdn/consts.go +++ b/pkg/core/ssl-deployer/providers/flexcdn/consts.go @@ -1,8 +1,6 @@ package flexcdn -type ResourceType string - const ( // 资源类型:替换指定证书。 - RESOURCE_TYPE_CERTIFICATE = ResourceType("certificate") + RESOURCE_TYPE_CERTIFICATE = "certificate" ) diff --git a/pkg/core/ssl-deployer/providers/flexcdn/flexcdn.go b/pkg/core/ssl-deployer/providers/flexcdn/flexcdn.go index 7aa20024..4ca7b12e 100644 --- a/pkg/core/ssl-deployer/providers/flexcdn/flexcdn.go +++ b/pkg/core/ssl-deployer/providers/flexcdn/flexcdn.go @@ -27,7 +27,7 @@ type SSLDeployerProviderConfig struct { // 是否允许不安全的连接。 AllowInsecureConnections bool `json:"allowInsecureConnections,omitempty"` // 部署资源类型。 - ResourceType ResourceType `json:"resourceType"` + ResourceType string `json:"resourceType"` // 证书 ID。 // 部署资源类型为 [RESOURCE_TYPE_CERTIFICATE] 时必填。 CertificateId int64 `json:"certificateId,omitempty"` diff --git a/pkg/core/ssl-deployer/providers/goedge/consts.go b/pkg/core/ssl-deployer/providers/goedge/consts.go index 91eaa9a3..fe615d6c 100644 --- a/pkg/core/ssl-deployer/providers/goedge/consts.go +++ b/pkg/core/ssl-deployer/providers/goedge/consts.go @@ -1,8 +1,6 @@ package goedge -type ResourceType string - const ( // 资源类型:替换指定证书。 - RESOURCE_TYPE_CERTIFICATE = ResourceType("certificate") + RESOURCE_TYPE_CERTIFICATE = "certificate" ) diff --git a/pkg/core/ssl-deployer/providers/goedge/goedge.go b/pkg/core/ssl-deployer/providers/goedge/goedge.go index 918d850a..6ec31a4e 100644 --- a/pkg/core/ssl-deployer/providers/goedge/goedge.go +++ b/pkg/core/ssl-deployer/providers/goedge/goedge.go @@ -27,7 +27,7 @@ type SSLDeployerProviderConfig struct { // 是否允许不安全的连接。 AllowInsecureConnections bool `json:"allowInsecureConnections,omitempty"` // 部署资源类型。 - ResourceType ResourceType `json:"resourceType"` + ResourceType string `json:"resourceType"` // 证书 ID。 // 部署资源类型为 [RESOURCE_TYPE_CERTIFICATE] 时必填。 CertificateId int64 `json:"certificateId,omitempty"` diff --git a/pkg/core/ssl-deployer/providers/huaweicloud-elb/consts.go b/pkg/core/ssl-deployer/providers/huaweicloud-elb/consts.go index ecd3987d..a4d20efe 100644 --- a/pkg/core/ssl-deployer/providers/huaweicloud-elb/consts.go +++ b/pkg/core/ssl-deployer/providers/huaweicloud-elb/consts.go @@ -1,12 +1,10 @@ package huaweicloudelb -type ResourceType string - const ( // 资源类型:替换指定证书。 - RESOURCE_TYPE_CERTIFICATE = ResourceType("certificate") + RESOURCE_TYPE_CERTIFICATE = "certificate" // 资源类型:部署到指定负载均衡器。 - RESOURCE_TYPE_LOADBALANCER = ResourceType("loadbalancer") + RESOURCE_TYPE_LOADBALANCER = "loadbalancer" // 资源类型:部署到指定监听器。 - RESOURCE_TYPE_LISTENER = ResourceType("listener") + RESOURCE_TYPE_LISTENER = "listener" ) diff --git a/pkg/core/ssl-deployer/providers/huaweicloud-elb/huaweicloud_elb.go b/pkg/core/ssl-deployer/providers/huaweicloud-elb/huaweicloud_elb.go index c1ea0b60..0f4a2f0b 100644 --- a/pkg/core/ssl-deployer/providers/huaweicloud-elb/huaweicloud_elb.go +++ b/pkg/core/ssl-deployer/providers/huaweicloud-elb/huaweicloud_elb.go @@ -31,7 +31,7 @@ type SSLDeployerProviderConfig struct { // 华为云区域。 Region string `json:"region"` // 部署资源类型。 - ResourceType ResourceType `json:"resourceType"` + ResourceType string `json:"resourceType"` // 证书 ID。 // 部署资源类型为 [RESOURCE_TYPE_CERTIFICATE] 时必填。 CertificateId string `json:"certificateId,omitempty"` diff --git a/pkg/core/ssl-deployer/providers/huaweicloud-waf/consts.go b/pkg/core/ssl-deployer/providers/huaweicloud-waf/consts.go index 8f1b59c4..e52a4a6c 100644 --- a/pkg/core/ssl-deployer/providers/huaweicloud-waf/consts.go +++ b/pkg/core/ssl-deployer/providers/huaweicloud-waf/consts.go @@ -1,12 +1,10 @@ package huaweicloudwaf -type ResourceType string - const ( - // 资源类型:替换指定证书。 - RESOURCE_TYPE_CERTIFICATE = ResourceType("certificate") // 资源类型:部署到云模式防护网站。 - RESOURCE_TYPE_CLOUDSERVER = ResourceType("cloudserver") + RESOURCE_TYPE_CLOUDSERVER = "cloudserver" // 资源类型:部署到独享模式防护网站。 - RESOURCE_TYPE_PREMIUMHOST = ResourceType("premiumhost") + RESOURCE_TYPE_PREMIUMHOST = "premiumhost" + // 资源类型:替换指定证书。 + RESOURCE_TYPE_CERTIFICATE = "certificate" ) diff --git a/pkg/core/ssl-deployer/providers/huaweicloud-waf/huaweicloud_waf.go b/pkg/core/ssl-deployer/providers/huaweicloud-waf/huaweicloud_waf.go index a0950ef5..b5a7a5e0 100644 --- a/pkg/core/ssl-deployer/providers/huaweicloud-waf/huaweicloud_waf.go +++ b/pkg/core/ssl-deployer/providers/huaweicloud-waf/huaweicloud_waf.go @@ -31,7 +31,7 @@ type SSLDeployerProviderConfig struct { // 华为云区域。 Region string `json:"region"` // 部署资源类型。 - ResourceType ResourceType `json:"resourceType"` + ResourceType string `json:"resourceType"` // 证书 ID。 // 部署资源类型为 [RESOURCE_TYPE_CERTIFICATE] 时必填。 CertificateId string `json:"certificateId,omitempty"` @@ -98,11 +98,6 @@ func (d *SSLDeployerProvider) Deploy(ctx context.Context, certPEM string, privke // 根据部署资源类型决定部署方式 switch d.config.ResourceType { - case RESOURCE_TYPE_CERTIFICATE: - if err := d.deployToCertificate(ctx, certPEM, privkeyPEM); err != nil { - return nil, err - } - case RESOURCE_TYPE_CLOUDSERVER: if err := d.deployToCloudServer(ctx, certPEM, privkeyPEM); err != nil { return nil, err @@ -113,6 +108,11 @@ func (d *SSLDeployerProvider) Deploy(ctx context.Context, certPEM string, privke return nil, err } + case RESOURCE_TYPE_CERTIFICATE: + if err := d.deployToCertificate(ctx, certPEM, privkeyPEM); err != nil { + return nil, err + } + default: return nil, fmt.Errorf("unsupported resource type '%s'", d.config.ResourceType) } diff --git a/pkg/core/ssl-deployer/providers/huaweicloud-waf/huaweicloud_waf_test.go b/pkg/core/ssl-deployer/providers/huaweicloud-waf/huaweicloud_waf_test.go index c1b7007e..effce4be 100644 --- a/pkg/core/ssl-deployer/providers/huaweicloud-waf/huaweicloud_waf_test.go +++ b/pkg/core/ssl-deployer/providers/huaweicloud-waf/huaweicloud_waf_test.go @@ -63,7 +63,7 @@ func TestDeploy(t *testing.T) { AccessKeyId: fAccessKeyId, SecretAccessKey: fSecretAccessKey, Region: fRegion, - ResourceType: provider.ResourceType(fResourceType), + ResourceType: fResourceType, Domain: fDomain, }) if err != nil { diff --git a/pkg/core/ssl-deployer/providers/jdcloud-alb/consts.go b/pkg/core/ssl-deployer/providers/jdcloud-alb/consts.go index de6e4ef0..0e2a78e0 100644 --- a/pkg/core/ssl-deployer/providers/jdcloud-alb/consts.go +++ b/pkg/core/ssl-deployer/providers/jdcloud-alb/consts.go @@ -1,10 +1,8 @@ package jdcloudalb -type ResourceType string - const ( // 资源类型:部署到指定负载均衡器。 - RESOURCE_TYPE_LOADBALANCER = ResourceType("loadbalancer") + RESOURCE_TYPE_LOADBALANCER = "loadbalancer" // 资源类型:部署到指定监听器。 - RESOURCE_TYPE_LISTENER = ResourceType("listener") + RESOURCE_TYPE_LISTENER = "listener" ) diff --git a/pkg/core/ssl-deployer/providers/jdcloud-alb/jdcloud_alb.go b/pkg/core/ssl-deployer/providers/jdcloud-alb/jdcloud_alb.go index c6b0e325..81896fea 100644 --- a/pkg/core/ssl-deployer/providers/jdcloud-alb/jdcloud_alb.go +++ b/pkg/core/ssl-deployer/providers/jdcloud-alb/jdcloud_alb.go @@ -26,7 +26,7 @@ type SSLDeployerProviderConfig struct { // 京东云地域 ID。 RegionId string `json:"regionId"` // 部署资源类型。 - ResourceType ResourceType `json:"resourceType"` + ResourceType string `json:"resourceType"` // 负载均衡器 ID。 // 部署资源类型为 [RESOURCE_TYPE_LOADBALANCER] 时必填。 LoadbalancerId string `json:"loadbalancerId,omitempty"` diff --git a/pkg/core/ssl-deployer/providers/kong/consts.go b/pkg/core/ssl-deployer/providers/kong/consts.go index 91b462bb..cbc34ee8 100644 --- a/pkg/core/ssl-deployer/providers/kong/consts.go +++ b/pkg/core/ssl-deployer/providers/kong/consts.go @@ -1,8 +1,6 @@ package kong -type ResourceType string - const ( // 资源类型:替换指定证书。 - RESOURCE_TYPE_CERTIFICATE = ResourceType("certificate") + RESOURCE_TYPE_CERTIFICATE = "certificate" ) diff --git a/pkg/core/ssl-deployer/providers/kong/kong.go b/pkg/core/ssl-deployer/providers/kong/kong.go index d2855ccf..77511f98 100644 --- a/pkg/core/ssl-deployer/providers/kong/kong.go +++ b/pkg/core/ssl-deployer/providers/kong/kong.go @@ -23,7 +23,7 @@ type SSLDeployerProviderConfig struct { // 是否允许不安全的连接。 AllowInsecureConnections bool `json:"allowInsecureConnections,omitempty"` // 部署资源类型。 - ResourceType ResourceType `json:"resourceType"` + ResourceType string `json:"resourceType"` // 工作空间。 // 选填。 Workspace string `json:"workspace,omitempty"` diff --git a/pkg/core/ssl-deployer/providers/lecdn/consts.go b/pkg/core/ssl-deployer/providers/lecdn/consts.go index f5b7c0c9..f2aad824 100644 --- a/pkg/core/ssl-deployer/providers/lecdn/consts.go +++ b/pkg/core/ssl-deployer/providers/lecdn/consts.go @@ -1,8 +1,6 @@ package lecdn -type ResourceType string - const ( // 资源类型:替换指定证书。 - RESOURCE_TYPE_CERTIFICATE = ResourceType("certificate") + RESOURCE_TYPE_CERTIFICATE = "certificate" ) diff --git a/pkg/core/ssl-deployer/providers/lecdn/lecdn.go b/pkg/core/ssl-deployer/providers/lecdn/lecdn.go index a98a56fc..a8609e6d 100644 --- a/pkg/core/ssl-deployer/providers/lecdn/lecdn.go +++ b/pkg/core/ssl-deployer/providers/lecdn/lecdn.go @@ -29,7 +29,7 @@ type SSLDeployerProviderConfig struct { // 是否允许不安全的连接。 AllowInsecureConnections bool `json:"allowInsecureConnections,omitempty"` // 部署资源类型。 - ResourceType ResourceType `json:"resourceType"` + ResourceType string `json:"resourceType"` // 证书 ID。 // 部署资源类型为 [RESOURCE_TYPE_CERTIFICATE] 时必填。 CertificateId int64 `json:"certificateId,omitempty"` diff --git a/pkg/core/ssl-deployer/providers/local/consts.go b/pkg/core/ssl-deployer/providers/local/consts.go new file mode 100644 index 00000000..01a05949 --- /dev/null +++ b/pkg/core/ssl-deployer/providers/local/consts.go @@ -0,0 +1,13 @@ +package local + +const ( + OUTPUT_FORMAT_PEM = "PEM" + OUTPUT_FORMAT_PFX = "PFX" + OUTPUT_FORMAT_JKS = "JKS" +) + +const ( + SHELL_ENV_SH = "sh" + SHELL_ENV_CMD = "cmd" + SHELL_ENV_POWERSHELL = "powershell" +) diff --git a/pkg/core/ssl-deployer/providers/local/defines.go b/pkg/core/ssl-deployer/providers/local/defines.go deleted file mode 100644 index 2021f1ea..00000000 --- a/pkg/core/ssl-deployer/providers/local/defines.go +++ /dev/null @@ -1,17 +0,0 @@ -package local - -type OutputFormatType string - -const ( - OUTPUT_FORMAT_PEM = OutputFormatType("PEM") - OUTPUT_FORMAT_PFX = OutputFormatType("PFX") - OUTPUT_FORMAT_JKS = OutputFormatType("JKS") -) - -type ShellEnvType string - -const ( - SHELL_ENV_SH = ShellEnvType("sh") - SHELL_ENV_CMD = ShellEnvType("cmd") - SHELL_ENV_POWERSHELL = ShellEnvType("powershell") -) diff --git a/pkg/core/ssl-deployer/providers/local/local.go b/pkg/core/ssl-deployer/providers/local/local.go index bdb89a16..583ce0f9 100644 --- a/pkg/core/ssl-deployer/providers/local/local.go +++ b/pkg/core/ssl-deployer/providers/local/local.go @@ -17,13 +17,13 @@ import ( type SSLDeployerProviderConfig struct { // Shell 执行环境。 // 零值时根据操作系统决定。 - ShellEnv ShellEnvType `json:"shellEnv,omitempty"` + ShellEnv string `json:"shellEnv,omitempty"` // 前置命令。 PreCommand string `json:"preCommand,omitempty"` // 后置命令。 PostCommand string `json:"postCommand,omitempty"` // 输出证书格式。 - OutputFormat OutputFormatType `json:"outputFormat,omitempty"` + OutputFormat string `json:"outputFormat,omitempty"` // 输出证书文件路径。 OutputCertPath string `json:"outputCertPath,omitempty"` // 输出服务器证书文件路径。 @@ -157,10 +157,17 @@ func (d *SSLDeployerProvider) Deploy(ctx context.Context, certPEM string, privke return &core.SSLDeployResult{}, nil } -func execCommand(shellEnv ShellEnvType, command string) (string, string, error) { +func execCommand(shellEnv string, command string) (string, string, error) { var cmd *exec.Cmd switch shellEnv { + case "": + if runtime.GOOS == "windows" { + cmd = exec.Command("cmd", "/C", command) + } else { + cmd = exec.Command("sh", "-c", command) + } + case SHELL_ENV_SH: cmd = exec.Command("sh", "-c", command) @@ -170,13 +177,6 @@ func execCommand(shellEnv ShellEnvType, command string) (string, string, error) case SHELL_ENV_POWERSHELL: cmd = exec.Command("powershell", "-Command", command) - case ShellEnvType(""): - if runtime.GOOS == "windows" { - cmd = exec.Command("cmd", "/C", command) - } else { - cmd = exec.Command("sh", "-c", command) - } - default: return "", "", fmt.Errorf("unsupported shell env '%s'", shellEnv) } diff --git a/pkg/core/ssl-deployer/providers/local/local_test.go b/pkg/core/ssl-deployer/providers/local/local_test.go index a100d22d..acb2cd48 100644 --- a/pkg/core/ssl-deployer/providers/local/local_test.go +++ b/pkg/core/ssl-deployer/providers/local/local_test.go @@ -76,7 +76,7 @@ func TestDeploy(t *testing.T) { OutputFormat: provider.OUTPUT_FORMAT_PEM, OutputCertPath: fOutputCertPath + ".pem", OutputKeyPath: fOutputKeyPath + ".pem", - ShellEnv: provider.ShellEnvType(fShellEnv), + ShellEnv: fShellEnv, PreCommand: fPreCommand, PostCommand: fPostCommand, }) diff --git a/pkg/core/ssl-deployer/providers/safeline/consts.go b/pkg/core/ssl-deployer/providers/safeline/consts.go index 1777a32e..6fdf947f 100644 --- a/pkg/core/ssl-deployer/providers/safeline/consts.go +++ b/pkg/core/ssl-deployer/providers/safeline/consts.go @@ -1,8 +1,6 @@ package safeline -type ResourceType string - const ( // 资源类型:替换指定证书。 - RESOURCE_TYPE_CERTIFICATE = ResourceType("certificate") + RESOURCE_TYPE_CERTIFICATE = "certificate" ) diff --git a/pkg/core/ssl-deployer/providers/safeline/safeline.go b/pkg/core/ssl-deployer/providers/safeline/safeline.go index 3bba0f66..a39e2aec 100644 --- a/pkg/core/ssl-deployer/providers/safeline/safeline.go +++ b/pkg/core/ssl-deployer/providers/safeline/safeline.go @@ -19,7 +19,7 @@ type SSLDeployerProviderConfig struct { // 是否允许不安全的连接。 AllowInsecureConnections bool `json:"allowInsecureConnections,omitempty"` // 部署资源类型。 - ResourceType ResourceType `json:"resourceType"` + ResourceType string `json:"resourceType"` // 证书 ID。 // 部署资源类型为 [RESOURCE_TYPE_CERTIFICATE] 时必填。 CertificateId int32 `json:"certificateId,omitempty"` diff --git a/pkg/core/ssl-deployer/providers/ssh/consts.go b/pkg/core/ssl-deployer/providers/ssh/consts.go new file mode 100644 index 00000000..ce43ebd3 --- /dev/null +++ b/pkg/core/ssl-deployer/providers/ssh/consts.go @@ -0,0 +1,13 @@ +package ssh + +const ( + AUTH_METHOD_NONE = "none" + AUTH_METHOD_PASSWORD = "password" + AUTH_METHOD_KEY = "key" +) + +const ( + OUTPUT_FORMAT_PEM = "PEM" + OUTPUT_FORMAT_PFX = "PFX" + OUTPUT_FORMAT_JKS = "JKS" +) diff --git a/pkg/core/ssl-deployer/providers/ssh/defines.go b/pkg/core/ssl-deployer/providers/ssh/defines.go deleted file mode 100644 index de1b255f..00000000 --- a/pkg/core/ssl-deployer/providers/ssh/defines.go +++ /dev/null @@ -1,9 +0,0 @@ -package ssh - -type OutputFormatType string - -const ( - OUTPUT_FORMAT_PEM = OutputFormatType("PEM") - OUTPUT_FORMAT_PFX = OutputFormatType("PFX") - OUTPUT_FORMAT_JKS = OutputFormatType("JKS") -) diff --git a/pkg/core/ssl-deployer/providers/ssh/ssh.go b/pkg/core/ssl-deployer/providers/ssh/ssh.go index 3ff297f2..d866dd40 100644 --- a/pkg/core/ssl-deployer/providers/ssh/ssh.go +++ b/pkg/core/ssl-deployer/providers/ssh/ssh.go @@ -50,7 +50,7 @@ type SSLDeployerProviderConfig struct { // 后置命令。 PostCommand string `json:"postCommand,omitempty"` // 输出证书格式。 - OutputFormat OutputFormatType `json:"outputFormat,omitempty"` + OutputFormat string `json:"outputFormat,omitempty"` // 输出私钥文件路径。 OutputKeyPath string `json:"outputKeyPath,omitempty"` // 输出证书文件路径。 @@ -268,9 +268,6 @@ func createSshClient(conn net.Conn, host string, port int32, authMethod string, username = "root" } - const AUTH_METHOD_NONE = "none" - const AUTH_METHOD_PASSWORD = "password" - const AUTH_METHOD_KEY = "key" if authMethod == "" { if key != "" { authMethod = AUTH_METHOD_KEY diff --git a/pkg/core/ssl-deployer/providers/tencentcloud-cdn/consts.go b/pkg/core/ssl-deployer/providers/tencentcloud-cdn/consts.go index 50ef02ff..29fac245 100644 --- a/pkg/core/ssl-deployer/providers/tencentcloud-cdn/consts.go +++ b/pkg/core/ssl-deployer/providers/tencentcloud-cdn/consts.go @@ -2,9 +2,9 @@ package tencentcloudcdn const ( // 匹配模式:精确匹配。 - MatchPatternExact = "exact" + MATCH_PATTERN_EXACT = "exact" // 匹配模式:通配符匹配。 - MatchPatternWildcard = "wildcard" + MATCH_PATTERN_WILDCARD = "wildcard" // 匹配模式:证书 SAN 匹配。 - MatchPatternCertSAN = "certsan" + MATCH_PATTERN_CERTSAN = "certsan" ) diff --git a/pkg/core/ssl-deployer/providers/tencentcloud-cdn/tencentcloud_cdn.go b/pkg/core/ssl-deployer/providers/tencentcloud-cdn/tencentcloud_cdn.go index 20789ec6..de91f5f5 100644 --- a/pkg/core/ssl-deployer/providers/tencentcloud-cdn/tencentcloud_cdn.go +++ b/pkg/core/ssl-deployer/providers/tencentcloud-cdn/tencentcloud_cdn.go @@ -26,7 +26,7 @@ type SSLDeployerProviderConfig struct { // 腾讯云接口端点。 Endpoint string `json:"endpoint,omitempty"` // 域名匹配模式。 - // 零值时默认值 [MatchPatternExact]。 + // 零值时默认值 [MATCH_PATTERN_EXACT]。 MatchPattern string `json:"matchPattern,omitempty"` // 加速域名(支持泛域名)。 Domain string `json:"domain"` @@ -97,7 +97,7 @@ func (d *SSLDeployerProvider) Deploy(ctx context.Context, certPEM string, privke // 获取待部署的 CDN 实例 domains := make([]string, 0) switch d.config.MatchPattern { - case "", MatchPatternExact: + case "", MATCH_PATTERN_EXACT: { if d.config.Domain == "" { return nil, errors.New("config `domain` is required") @@ -106,7 +106,7 @@ func (d *SSLDeployerProvider) Deploy(ctx context.Context, certPEM string, privke domains = append(domains, d.config.Domain) } - case MatchPatternWildcard: + case MATCH_PATTERN_WILDCARD: { if d.config.Domain == "" { return nil, errors.New("config `domain` is required") @@ -124,7 +124,7 @@ func (d *SSLDeployerProvider) Deploy(ctx context.Context, certPEM string, privke } } - case MatchPatternCertSAN: + case MATCH_PATTERN_CERTSAN: { temp, err := d.getMatchedDomainsByCertId(ctx, upres.CertId) if err != nil { diff --git a/pkg/core/ssl-deployer/providers/tencentcloud-clb/consts.go b/pkg/core/ssl-deployer/providers/tencentcloud-clb/consts.go index 56f4889f..78020e2c 100644 --- a/pkg/core/ssl-deployer/providers/tencentcloud-clb/consts.go +++ b/pkg/core/ssl-deployer/providers/tencentcloud-clb/consts.go @@ -1,12 +1,10 @@ package tencentcloudclb -type ResourceType string - const ( // 资源类型:部署到指定负载均衡器。 - RESOURCE_TYPE_LOADBALANCER = ResourceType("loadbalancer") + RESOURCE_TYPE_LOADBALANCER = "loadbalancer" // 资源类型:部署到指定监听器。 - RESOURCE_TYPE_LISTENER = ResourceType("listener") + RESOURCE_TYPE_LISTENER = "listener" // 资源类型:部署到指定转发规则域名。 - RESOURCE_TYPE_RULEDOMAIN = ResourceType("ruledomain") + RESOURCE_TYPE_RULEDOMAIN = "ruledomain" ) diff --git a/pkg/core/ssl-deployer/providers/tencentcloud-clb/tencentcloud_clb.go b/pkg/core/ssl-deployer/providers/tencentcloud-clb/tencentcloud_clb.go index 0cd514cb..13a9a7cf 100644 --- a/pkg/core/ssl-deployer/providers/tencentcloud-clb/tencentcloud_clb.go +++ b/pkg/core/ssl-deployer/providers/tencentcloud-clb/tencentcloud_clb.go @@ -27,7 +27,7 @@ type SSLDeployerProviderConfig struct { // 腾讯云地域。 Region string `json:"region"` // 部署资源类型。 - ResourceType ResourceType `json:"resourceType"` + ResourceType string `json:"resourceType"` // 负载均衡器 ID。 // 部署资源类型为 [RESOURCE_TYPE_SSLDEPLOY]、[RESOURCE_TYPE_LOADBALANCER]、[RESOURCE_TYPE_RULEDOMAIN] 时必填。 LoadbalancerId string `json:"loadbalancerId,omitempty"` diff --git a/pkg/core/ssl-deployer/providers/tencentcloud-clb/tencentcloud_clb_test.go b/pkg/core/ssl-deployer/providers/tencentcloud-clb/tencentcloud_clb_test.go index 10e19262..f2fdebcc 100644 --- a/pkg/core/ssl-deployer/providers/tencentcloud-clb/tencentcloud_clb_test.go +++ b/pkg/core/ssl-deployer/providers/tencentcloud-clb/tencentcloud_clb_test.go @@ -51,44 +51,6 @@ Shell command to run this test: func TestDeploy(t *testing.T) { flag.Parse() - t.Run("Deploy_UseSslDeploy", func(t *testing.T) { - t.Log(strings.Join([]string{ - "args:", - fmt.Sprintf("INPUTCERTPATH: %v", fInputCertPath), - fmt.Sprintf("INPUTKEYPATH: %v", fInputKeyPath), - fmt.Sprintf("SECRETID: %v", fSecretId), - fmt.Sprintf("SECRETKEY: %v", fSecretKey), - fmt.Sprintf("REGION: %v", fRegion), - fmt.Sprintf("LOADBALANCERID: %v", fLoadbalancerId), - fmt.Sprintf("LISTENERID: %v", fListenerId), - fmt.Sprintf("DOMAIN: %v", fDomain), - }, "\n")) - - deployer, err := provider.NewSSLDeployerProvider(&provider.SSLDeployerProviderConfig{ - SecretId: fSecretId, - SecretKey: fSecretKey, - Region: fRegion, - ResourceType: provider.RESOURCE_TYPE_VIA_SSLDEPLOY, - LoadbalancerId: fLoadbalancerId, - ListenerId: fListenerId, - Domain: fDomain, - }) - if err != nil { - t.Errorf("err: %+v", err) - return - } - - fInputCertData, _ := os.ReadFile(fInputCertPath) - fInputKeyData, _ := os.ReadFile(fInputKeyPath) - res, err := deployer.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData)) - if err != nil { - t.Errorf("err: %+v", err) - return - } - - t.Logf("ok: %v", res) - }) - t.Run("Deploy_ToLoadbalancer", func(t *testing.T) { t.Log(strings.Join([]string{ "args:", diff --git a/pkg/core/ssl-deployer/providers/tencentcloud-ecdn/consts.go b/pkg/core/ssl-deployer/providers/tencentcloud-ecdn/consts.go index 0fc19885..7a45f8a8 100644 --- a/pkg/core/ssl-deployer/providers/tencentcloud-ecdn/consts.go +++ b/pkg/core/ssl-deployer/providers/tencentcloud-ecdn/consts.go @@ -2,9 +2,9 @@ package tencentcloudecdn const ( // 匹配模式:精确匹配。 - MatchPatternExact = "exact" + MATCH_PATTERN_EXACT = "exact" // 匹配模式:通配符匹配。 - MatchPatternWildcard = "wildcard" + MATCH_PATTERN_WILDCARD = "wildcard" // 匹配模式:证书 SAN 匹配。 - MatchPatternCertSAN = "certsan" + MATCH_PATTERN_CERTSAN = "certsan" ) diff --git a/pkg/core/ssl-deployer/providers/tencentcloud-ecdn/tencentcloud_ecdn.go b/pkg/core/ssl-deployer/providers/tencentcloud-ecdn/tencentcloud_ecdn.go index 48e15054..19dedd91 100644 --- a/pkg/core/ssl-deployer/providers/tencentcloud-ecdn/tencentcloud_ecdn.go +++ b/pkg/core/ssl-deployer/providers/tencentcloud-ecdn/tencentcloud_ecdn.go @@ -26,7 +26,7 @@ type SSLDeployerProviderConfig struct { // 腾讯云接口端点。 Endpoint string `json:"endpoint,omitempty"` // 域名匹配模式。 - // 零值时默认值 [MatchPatternExact]。 + // 零值时默认值 [MATCH_PATTERN_EXACT]。 MatchPattern string `json:"matchPattern,omitempty"` // 加速域名(支持泛域名)。 Domain string `json:"domain"` @@ -97,7 +97,7 @@ func (d *SSLDeployerProvider) Deploy(ctx context.Context, certPEM string, privke // 获取待部署的 ECDN 实例 domains := make([]string, 0) switch d.config.MatchPattern { - case "", MatchPatternExact: + case "", MATCH_PATTERN_EXACT: { if d.config.Domain == "" { return nil, errors.New("config `domain` is required") @@ -106,7 +106,7 @@ func (d *SSLDeployerProvider) Deploy(ctx context.Context, certPEM string, privke domains = append(domains, d.config.Domain) } - case MatchPatternWildcard: + case MATCH_PATTERN_WILDCARD: { if d.config.Domain == "" { return nil, errors.New("config `domain` is required") @@ -124,7 +124,7 @@ func (d *SSLDeployerProvider) Deploy(ctx context.Context, certPEM string, privke } } - case MatchPatternCertSAN: + case MATCH_PATTERN_CERTSAN: { temp, err := d.getMatchedDomainsByCertId(ctx, upres.CertId) if err != nil { diff --git a/pkg/core/ssl-deployer/providers/tencentcloud-eo/consts.go b/pkg/core/ssl-deployer/providers/tencentcloud-eo/consts.go index c57c63ff..63536b9b 100644 --- a/pkg/core/ssl-deployer/providers/tencentcloud-eo/consts.go +++ b/pkg/core/ssl-deployer/providers/tencentcloud-eo/consts.go @@ -2,7 +2,7 @@ package tencentcloudeo const ( // 匹配模式:精确匹配。 - MatchPatternExact = "exact" + MATCH_PATTERN_EXACT = "exact" // 匹配模式:通配符匹配。 - MatchPatternWildcard = "wildcard" + MATCH_PATTERN_WILDCARD = "wildcard" ) diff --git a/pkg/core/ssl-deployer/providers/tencentcloud-eo/tencentcloud_eo.go b/pkg/core/ssl-deployer/providers/tencentcloud-eo/tencentcloud_eo.go index e04dc89f..823ec44e 100644 --- a/pkg/core/ssl-deployer/providers/tencentcloud-eo/tencentcloud_eo.go +++ b/pkg/core/ssl-deployer/providers/tencentcloud-eo/tencentcloud_eo.go @@ -27,7 +27,7 @@ type SSLDeployerProviderConfig struct { // 站点 ID。 ZoneId string `json:"zoneId"` // 域名匹配模式。 - // 零值时默认值 [MatchPatternExact]。 + // 零值时默认值 [MATCH_PATTERN_EXACT]。 MatchPattern string `json:"matchPattern,omitempty"` // 加速域名列表(支持泛域名)。 Domains []string `json:"domains"` @@ -99,7 +99,7 @@ func (d *SSLDeployerProvider) Deploy(ctx context.Context, certPEM string, privke var domains []string switch d.config.MatchPattern { - case "", MatchPatternExact: + case "", MATCH_PATTERN_EXACT: { if len(d.config.Domains) == 0 { return nil, errors.New("config `domains` is required") @@ -108,7 +108,7 @@ func (d *SSLDeployerProvider) Deploy(ctx context.Context, certPEM string, privke domains = d.config.Domains } - case MatchPatternWildcard: + case MATCH_PATTERN_WILDCARD: { if len(d.config.Domains) == 0 { return nil, errors.New("config `domains` is required") diff --git a/pkg/core/ssl-deployer/providers/tencentcloud-gaap/consts.go b/pkg/core/ssl-deployer/providers/tencentcloud-gaap/consts.go index 37a8a94a..3f45716c 100644 --- a/pkg/core/ssl-deployer/providers/tencentcloud-gaap/consts.go +++ b/pkg/core/ssl-deployer/providers/tencentcloud-gaap/consts.go @@ -1,8 +1,6 @@ package tencentcloudgaap -type ResourceType string - const ( // 资源类型:部署到指定监听器。 - RESOURCE_TYPE_LISTENER = ResourceType("listener") + RESOURCE_TYPE_LISTENER = "listener" ) diff --git a/pkg/core/ssl-deployer/providers/tencentcloud-gaap/tencentcloud_gaap.go b/pkg/core/ssl-deployer/providers/tencentcloud-gaap/tencentcloud_gaap.go index f1299a9e..9514c2a1 100644 --- a/pkg/core/ssl-deployer/providers/tencentcloud-gaap/tencentcloud_gaap.go +++ b/pkg/core/ssl-deployer/providers/tencentcloud-gaap/tencentcloud_gaap.go @@ -24,7 +24,7 @@ type SSLDeployerProviderConfig struct { // 腾讯云接口端点。 Endpoint string `json:"endpoint,omitempty"` // 部署资源类型。 - ResourceType ResourceType `json:"resourceType"` + ResourceType string `json:"resourceType"` // 通道 ID。 // 选填。 ProxyId string `json:"proxyId,omitempty"` diff --git a/pkg/core/ssl-deployer/providers/volcengine-alb/consts.go b/pkg/core/ssl-deployer/providers/volcengine-alb/consts.go index 11944379..8a96cd70 100644 --- a/pkg/core/ssl-deployer/providers/volcengine-alb/consts.go +++ b/pkg/core/ssl-deployer/providers/volcengine-alb/consts.go @@ -1,10 +1,8 @@ package volcenginealb -type ResourceType string - const ( // 资源类型:部署到指定负载均衡器。 - RESOURCE_TYPE_LOADBALANCER = ResourceType("loadbalancer") + RESOURCE_TYPE_LOADBALANCER = "loadbalancer" // 资源类型:部署到指定监听器。 - RESOURCE_TYPE_LISTENER = ResourceType("listener") + RESOURCE_TYPE_LISTENER = "listener" ) diff --git a/pkg/core/ssl-deployer/providers/volcengine-alb/volcengine_alb.go b/pkg/core/ssl-deployer/providers/volcengine-alb/volcengine_alb.go index 14bdf3d6..5394991d 100644 --- a/pkg/core/ssl-deployer/providers/volcengine-alb/volcengine_alb.go +++ b/pkg/core/ssl-deployer/providers/volcengine-alb/volcengine_alb.go @@ -23,7 +23,7 @@ type SSLDeployerProviderConfig struct { // 火山引擎地域。 Region string `json:"region"` // 部署资源类型。 - ResourceType ResourceType `json:"resourceType"` + ResourceType string `json:"resourceType"` // 负载均衡实例 ID。 // 部署资源类型为 [RESOURCE_TYPE_LOADBALANCER] 时必填。 LoadbalancerId string `json:"loadbalancerId,omitempty"` diff --git a/pkg/core/ssl-deployer/providers/volcengine-cdn/consts.go b/pkg/core/ssl-deployer/providers/volcengine-cdn/consts.go index dce96568..8a2c444f 100644 --- a/pkg/core/ssl-deployer/providers/volcengine-cdn/consts.go +++ b/pkg/core/ssl-deployer/providers/volcengine-cdn/consts.go @@ -2,9 +2,9 @@ package volcenginecdn const ( // 匹配模式:精确匹配。 - MatchPatternExact = "exact" + MATCH_PATTERN_EXACT = "exact" // 匹配模式:通配符匹配。 - MatchPatternWildcard = "wildcard" + MATCH_PATTERN_WILDCARD = "wildcard" // 匹配模式:证书 SAN 匹配。 - MatchPatternCertSAN = "certsan" + MATCH_PATTERN_CERTSAN = "certsan" ) diff --git a/pkg/core/ssl-deployer/providers/volcengine-cdn/volcengine_cdn.go b/pkg/core/ssl-deployer/providers/volcengine-cdn/volcengine_cdn.go index 07dc46f6..16a60085 100644 --- a/pkg/core/ssl-deployer/providers/volcengine-cdn/volcengine_cdn.go +++ b/pkg/core/ssl-deployer/providers/volcengine-cdn/volcengine_cdn.go @@ -22,7 +22,7 @@ type SSLDeployerProviderConfig struct { // 火山引擎 AccessKeySecret。 AccessKeySecret string `json:"accessKeySecret"` // 域名匹配模式。 - // 零值时默认值 [MatchPatternExact]。 + // 零值时默认值 [MATCH_PATTERN_EXACT]。 MatchPattern string `json:"matchPattern,omitempty"` // 加速域名(支持泛域名)。 Domain string `json:"domain"` @@ -85,7 +85,7 @@ func (d *SSLDeployerProvider) Deploy(ctx context.Context, certPEM string, privke // 获取待部署的 CDN 实例 domains := make([]string, 0) switch d.config.MatchPattern { - case "", MatchPatternExact: + case "", MATCH_PATTERN_EXACT: { if d.config.Domain == "" { return nil, errors.New("config `domain` is required") @@ -94,7 +94,7 @@ func (d *SSLDeployerProvider) Deploy(ctx context.Context, certPEM string, privke domains = append(domains, d.config.Domain) } - case MatchPatternWildcard: + case MATCH_PATTERN_WILDCARD: { if d.config.Domain == "" { return nil, errors.New("config `domain` is required") @@ -112,7 +112,7 @@ func (d *SSLDeployerProvider) Deploy(ctx context.Context, certPEM string, privke } } - case MatchPatternCertSAN: + case MATCH_PATTERN_CERTSAN: { temp, err := d.getMatchedDomainsByCertId(ctx, upres.CertId) if err != nil { diff --git a/pkg/core/ssl-deployer/providers/volcengine-clb/consts.go b/pkg/core/ssl-deployer/providers/volcengine-clb/consts.go index 3dc0f557..a59a3aa5 100644 --- a/pkg/core/ssl-deployer/providers/volcengine-clb/consts.go +++ b/pkg/core/ssl-deployer/providers/volcengine-clb/consts.go @@ -1,10 +1,8 @@ package volcengineclb -type ResourceType string - const ( // 资源类型:部署到指定负载均衡器。 - RESOURCE_TYPE_LOADBALANCER = ResourceType("loadbalancer") + RESOURCE_TYPE_LOADBALANCER = "loadbalancer" // 资源类型:部署到指定监听器。 - RESOURCE_TYPE_LISTENER = ResourceType("listener") + RESOURCE_TYPE_LISTENER = "listener" ) diff --git a/pkg/core/ssl-deployer/providers/volcengine-clb/volcengine_clb.go b/pkg/core/ssl-deployer/providers/volcengine-clb/volcengine_clb.go index 1eb92c11..fbd05424 100644 --- a/pkg/core/ssl-deployer/providers/volcengine-clb/volcengine_clb.go +++ b/pkg/core/ssl-deployer/providers/volcengine-clb/volcengine_clb.go @@ -22,7 +22,7 @@ type SSLDeployerProviderConfig struct { // 火山引擎地域。 Region string `json:"region"` // 部署资源类型。 - ResourceType ResourceType `json:"resourceType"` + ResourceType string `json:"resourceType"` // 负载均衡实例 ID。 // 部署资源类型为 [RESOURCE_TYPE_LOADBALANCER] 时必填。 LoadbalancerId string `json:"loadbalancerId,omitempty"` diff --git a/pkg/core/ssl-deployer/providers/volcengine-live/consts.go b/pkg/core/ssl-deployer/providers/volcengine-live/consts.go index 825027a5..ed415d25 100644 --- a/pkg/core/ssl-deployer/providers/volcengine-live/consts.go +++ b/pkg/core/ssl-deployer/providers/volcengine-live/consts.go @@ -2,7 +2,7 @@ package volcenginelive const ( // 匹配模式:精确匹配。 - MatchPatternExact = "exact" + MATCH_PATTERN_EXACT = "exact" // 匹配模式:通配符匹配。 - MatchPatternWildcard = "wildcard" + MATCH_PATTERN_WILDCARD = "wildcard" ) diff --git a/pkg/core/ssl-deployer/providers/volcengine-live/volcengine_live.go b/pkg/core/ssl-deployer/providers/volcengine-live/volcengine_live.go index a0f5ded8..2bacf3e4 100644 --- a/pkg/core/ssl-deployer/providers/volcengine-live/volcengine_live.go +++ b/pkg/core/ssl-deployer/providers/volcengine-live/volcengine_live.go @@ -21,7 +21,7 @@ type SSLDeployerProviderConfig struct { // 火山引擎 AccessKeySecret。 AccessKeySecret string `json:"accessKeySecret"` // 域名匹配模式。 - // 零值时默认值 [MatchPatternExact]。 + // 零值时默认值 [MATCH_PATTERN_EXACT]。 MatchPattern string `json:"matchPattern,omitempty"` // 直播流域名(支持泛域名)。 Domain string `json:"domain"` @@ -83,7 +83,7 @@ func (d *SSLDeployerProvider) Deploy(ctx context.Context, certPEM string, privke // 获取待部署的直播实例 domains := make([]string, 0) switch d.config.MatchPattern { - case "", MatchPatternExact: + case "", MATCH_PATTERN_EXACT: { if d.config.Domain == "" { return nil, errors.New("config `domain` is required") @@ -92,7 +92,7 @@ func (d *SSLDeployerProvider) Deploy(ctx context.Context, certPEM string, privke domains = append(domains, d.config.Domain) } - case MatchPatternWildcard: + case MATCH_PATTERN_WILDCARD: { if d.config.Domain == "" { return nil, errors.New("config `domain` is required")