feat: add volcengine alb deployer

2025-03-23 21:29:03 +08:00
parent 12102ef641
commit 74b431481d
16 changed files with 681 additions and 6 deletions
--- a/internal/pkg/core/deployer/providers/volcengine-clb/consts.go
+++ b/internal/pkg/core/deployer/providers/volcengine-clb/consts.go
@@ -3,6 +3,8 @@
 type ResourceType string

 const (
+	// 资源类型：部署到指定负载均衡器。
+	RESOURCE_TYPE_LOADBALANCER = ResourceType("loadbalancer")
 	// 资源类型：部署到指定监听器。
 	RESOURCE_TYPE_LISTENER = ResourceType("listener")
 )
--- a/internal/pkg/core/deployer/providers/volcengine-clb/volcengine_clb.go
+++ b/internal/pkg/core/deployer/providers/volcengine-clb/volcengine_clb.go
@@ -25,6 +25,9 @@ type DeployerConfig struct {
 	Region string `json:"region"`
 	// 部署资源类型。
 	ResourceType ResourceType `json:"resourceType"`
+	// 负载均衡实例 ID。
+	// 部署资源类型为 [RESOURCE_TYPE_LOADBALANCER] 时必填。
+	LoadbalancerId string `json:"loadbalancerId,omitempty"`
 	// 负载均衡监听器 ID。
 	// 部署资源类型为 [RESOURCE_TYPE_LISTENER] 时必填。
 	ListenerId string `json:"listenerId,omitempty"`
@@ -87,6 +90,11 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPe

 	// 根据部署资源类型决定部署方式
 	switch d.config.ResourceType {
+	case RESOURCE_TYPE_LOADBALANCER:
+		if err := d.deployToLoadbalancer(ctx, upres.CertId); err != nil {
+			return nil, err
+		}
+
 	case RESOURCE_TYPE_LISTENER:
 		if err := d.deployToListener(ctx, upres.CertId); err != nil {
 			return nil, err
@@ -99,15 +107,89 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPe
 	return &deployer.DeployResult{}, nil
 }

+func (d *DeployerProvider) deployToLoadbalancer(ctx context.Context, cloudCertId string) error {
+	if d.config.LoadbalancerId == "" {
+		return errors.New("config `loadbalancerId` is required")
+	}
+
+	// 查看指定负载均衡实例的详情
+	// REF: https://www.volcengine.com/docs/6406/71773
+	describeLoadBalancerAttributesReq := &veclb.DescribeLoadBalancerAttributesInput{
+		LoadBalancerId: ve.String(d.config.LoadbalancerId),
+	}
+	describeLoadBalancerAttributesResp, err := d.sdkClient.DescribeLoadBalancerAttributes(describeLoadBalancerAttributesReq)
+	d.logger.Debug("sdk request 'clb.DescribeLoadBalancerAttributes'", slog.Any("request", describeLoadBalancerAttributesReq), slog.Any("response", describeLoadBalancerAttributesResp))
+	if err != nil {
+		return xerrors.Wrap(err, "failed to execute sdk request 'clb.DescribeLoadBalancerAttributes'")
+	}
+
+	// 查询 HTTPS 监听器列表
+	// REF: https://www.volcengine.com/docs/6406/71776
+	listenerIds := make([]string, 0)
+	describeListenersPageSize := int64(100)
+	describeListenersPageNumber := int64(1)
+	for {
+		describeListenersReq := &veclb.DescribeListenersInput{
+			LoadBalancerId: ve.String(d.config.LoadbalancerId),
+			Protocol:       ve.String("HTTPS"),
+			PageNumber:     ve.Int64(describeListenersPageNumber),
+			PageSize:       ve.Int64(describeListenersPageSize),
+		}
+		describeListenersResp, err := d.sdkClient.DescribeListeners(describeListenersReq)
+		d.logger.Debug("sdk request 'clb.DescribeListeners'", slog.Any("request", describeListenersReq), slog.Any("response", describeListenersResp))
+		if err != nil {
+			return xerrors.Wrap(err, "failed to execute sdk request 'clb.DescribeListeners'")
+		}
+
+		for _, listener := range describeListenersResp.Listeners {
+			listenerIds = append(listenerIds, *listener.ListenerId)
+		}
+
+		if len(describeListenersResp.Listeners) < int(describeListenersPageSize) {
+			break
+		} else {
+			describeListenersPageNumber++
+		}
+	}
+
+	// 遍历更新监听证书
+	if len(listenerIds) == 0 {
+		d.logger.Info("no clb listeners to deploy")
+	} else {
+		d.logger.Info("found https listeners to deploy", slog.Any("listenerIds", listenerIds))
+		var errs []error
+
+		for _, listenerId := range listenerIds {
+			if err := d.updateListenerCertificate(ctx, listenerId, cloudCertId); err != nil {
+				errs = append(errs, err)
+			}
+		}
+
+		if len(errs) > 0 {
+			return errors.Join(errs...)
+		}
+	}
+
+	return nil
+}
+
 func (d *DeployerProvider) deployToListener(ctx context.Context, cloudCertId string) error {
 	if d.config.ListenerId == "" {
 		return errors.New("config `listenerId` is required")
 	}

-	// 修改监听器
+	if err := d.updateListenerCertificate(ctx, d.config.LoadbalancerId, cloudCertId); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (d *DeployerProvider) updateListenerCertificate(ctx context.Context, cloudListenerId string, cloudCertId string) error {
+	// 修改指定监听器
 	// REF: https://www.volcengine.com/docs/6406/71775
 	modifyListenerAttributesReq := &veclb.ModifyListenerAttributesInput{
-		ListenerId:              ve.String(d.config.ListenerId),
+		ListenerId:              ve.String(cloudListenerId),
 		CertificateSource:       ve.String("cert_center"),
 		CertCenterCertificateId: ve.String(cloudCertId),
 	}
--- a/internal/pkg/core/deployer/providers/volcengine-clb/volcengine_clb_test.go
+++ b/internal/pkg/core/deployer/providers/volcengine-clb/volcengine_clb_test.go
@@ -40,7 +40,7 @@ Shell command to run this test:
 	--CERTIMATE_DEPLOYER_VOLCENGINECLB_ACCESSKEYID="your-access-key-id" \
 	--CERTIMATE_DEPLOYER_VOLCENGINECLB_ACCESSKEYSECRET="your-access-key-secret" \
 	--CERTIMATE_DEPLOYER_VOLCENGINECLB_REGION="cn-beijing" \
-	--CERTIMATE_DEPLOYER_VOLCENGINECLB_LISTENERID="cn-beijing"
+	--CERTIMATE_DEPLOYER_VOLCENGINECLB_LISTENERID="your-listener-id"
 */
 func TestDeploy(t *testing.T) {
 	flag.Parse()