feat: add volcengine cert-center uploader

2025-01-11 23:30:15 +08:00
parent d9f38c38a6
commit 99c5c8339d
16 changed files with 439 additions and 59 deletions
--- a/internal/pkg/core/deployer/providers/huaweicloud-cdn/huaweicloud_cdn.go
+++ b/internal/pkg/core/deployer/providers/huaweicloud-cdn/huaweicloud_cdn.go
@@ -15,7 +15,7 @@ import (
 	"github.com/usual2970/certimate/internal/pkg/core/uploader"
 	providerScm "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/huaweicloud-scm"
 	"github.com/usual2970/certimate/internal/pkg/utils/cast"
-	huaweicloudsdk "github.com/usual2970/certimate/internal/pkg/vendors/huaweicloud-cdn-sdk"
+	hcCdnSdk "github.com/usual2970/certimate/internal/pkg/vendors/huaweicloud-sdk/cdn"
 )

 type HuaweiCloudCDNDeployerConfig struct {
@@ -32,7 +32,7 @@ type HuaweiCloudCDNDeployerConfig struct {
 type HuaweiCloudCDNDeployer struct {
 	config      *HuaweiCloudCDNDeployerConfig
 	logger      logger.Logger
-	sdkClient   *huaweicloudsdk.Client
+	sdkClient   *hcCdnSdk.Client
 	sslUploader uploader.Uploader
 }

@@ -100,15 +100,15 @@ func (d *HuaweiCloudCDNDeployer) Deploy(ctx context.Context, certPem string, pri
 	// 更新加速域名配置
 	// REF: https://support.huaweicloud.com/api-cdn/UpdateDomainMultiCertificates.html
 	// REF: https://support.huaweicloud.com/usermanual-cdn/cdn_01_0306.html
-	updateDomainMultiCertificatesReqBodyContent := &huaweicloudsdk.UpdateDomainMultiCertificatesExRequestBodyContent{}
+	updateDomainMultiCertificatesReqBodyContent := &hcCdnSdk.UpdateDomainMultiCertificatesExRequestBodyContent{}
 	updateDomainMultiCertificatesReqBodyContent.DomainName = d.config.Domain
 	updateDomainMultiCertificatesReqBodyContent.HttpsSwitch = 1
 	updateDomainMultiCertificatesReqBodyContent.CertificateType = cast.Int32Ptr(2)
 	updateDomainMultiCertificatesReqBodyContent.SCMCertificateId = cast.StringPtr(upres.CertId)
 	updateDomainMultiCertificatesReqBodyContent.CertName = cast.StringPtr(upres.CertName)
 	updateDomainMultiCertificatesReqBodyContent = updateDomainMultiCertificatesReqBodyContent.MergeConfig(showDomainFullConfigResp.Configs)
-	updateDomainMultiCertificatesReq := &huaweicloudsdk.UpdateDomainMultiCertificatesExRequest{
-		Body: &huaweicloudsdk.UpdateDomainMultiCertificatesExRequestBody{
+	updateDomainMultiCertificatesReq := &hcCdnSdk.UpdateDomainMultiCertificatesExRequest{
+		Body: &hcCdnSdk.UpdateDomainMultiCertificatesExRequestBody{
 			Https: updateDomainMultiCertificatesReqBodyContent,
 		},
 	}
@@ -122,7 +122,7 @@ func (d *HuaweiCloudCDNDeployer) Deploy(ctx context.Context, certPem string, pri
 	return &deployer.DeployResult{}, nil
 }

-func createSdkClient(accessKeyId, secretAccessKey, region string) (*huaweicloudsdk.Client, error) {
+func createSdkClient(accessKeyId, secretAccessKey, region string) (*hcCdnSdk.Client, error) {
 	if region == "" {
 		region = "cn-north-1" // CDN 服务默认区域：华北一北京
 	}
@@ -148,6 +148,6 @@ func createSdkClient(accessKeyId, secretAccessKey, region string) (*huaweiclouds
 		return nil, err
 	}

-	client := huaweicloudsdk.NewClient(hcClient)
+	client := hcCdnSdk.NewClient(hcClient)
 	return client, nil
 }
--- a/internal/pkg/core/deployer/providers/volcengine-cdn/volcengine_cdn.go
+++ b/internal/pkg/core/deployer/providers/volcengine-cdn/volcengine_cdn.go
@@ -16,10 +16,10 @@ import (
 )

 type VolcEngineCDNDeployerConfig struct {
-	// 火山引擎 AccessKey。
-	AccessKey string `json:"accessKey"`
-	// 火山引擎 SecretKey。
-	SecretKey string `json:"secretKey"`
+	// 火山引擎 AccessKeyId。
+	AccessKeyId string `json:"accessKeyId"`
+	// 火山引擎 AccessKeySecret。
+	AccessKeySecret string `json:"accessKeySecret"`
 	// 加速域名（支持泛域名）。
 	Domain string `json:"domain"`
 }
@@ -47,12 +47,12 @@ func NewWithLogger(config *VolcEngineCDNDeployerConfig, logger logger.Logger) (*
 	}

 	client := veCdn.NewInstance()
-	client.Client.SetAccessKey(config.AccessKey)
-	client.Client.SetSecretKey(config.SecretKey)
+	client.Client.SetAccessKey(config.AccessKeyId)
+	client.Client.SetSecretKey(config.AccessKeySecret)

 	uploader, err := providerCdn.New(&providerCdn.VolcEngineCDNUploaderConfig{
-		AccessKeyId:     config.AccessKey,
-		AccessKeySecret: config.SecretKey,
+		AccessKeyId:     config.AccessKeyId,
+		AccessKeySecret: config.AccessKeySecret,
 	})
 	if err != nil {
 		return nil, xerrors.Wrap(err, "failed to create ssl uploader")
--- a/internal/pkg/core/deployer/providers/volcengine-cdn/volcengine_cdn_test.go
+++ b/internal/pkg/core/deployer/providers/volcengine-cdn/volcengine_cdn_test.go
@@ -12,11 +12,11 @@ import (
 )

 var (
-	fInputCertPath string
-	fInputKeyPath  string
-	fAccessKey     string
-	fSecretKey     string
-	fDomain        string
+	fInputCertPath   string
+	fInputKeyPath    string
+	fAccessKeyId     string
+	fAccessKeySecret string
+	fDomain          string
 )

 func init() {
@@ -24,8 +24,8 @@ func init() {

 	flag.StringVar(&fInputCertPath, argsPrefix+"INPUTCERTPATH", "", "")
 	flag.StringVar(&fInputKeyPath, argsPrefix+"INPUTKEYPATH", "", "")
-	flag.StringVar(&fAccessKey, argsPrefix+"ACCESSKEY", "", "")
-	flag.StringVar(&fSecretKey, argsPrefix+"SECRETKEY", "", "")
+	flag.StringVar(&fAccessKeyId, argsPrefix+"ACCESSKEYID", "", "")
+	flag.StringVar(&fAccessKeySecret, argsPrefix+"ACCESSKEYSECRET", "", "")
 	flag.StringVar(&fDomain, argsPrefix+"DOMAIN", "", "")
 }

@@ -35,8 +35,8 @@ Shell command to run this test:
 	go test -v ./volcengine_cdn_test.go -args \
 	--CERTIMATE_DEPLOYER_VOLCENGINECDN_INPUTCERTPATH="/path/to/your-input-cert.pem" \
 	--CERTIMATE_DEPLOYER_VOLCENGINECDN_INPUTKEYPATH="/path/to/your-input-key.pem" \
-	--CERTIMATE_DEPLOYER_VOLCENGINECDN_ACCESSKEY="your-access-key" \
-	--CERTIMATE_DEPLOYER_VOLCENGINECDN_SECRETKEY="your-secret-key" \
+	--CERTIMATE_DEPLOYER_VOLCENGINECDN_ACCESSKEYID="your-access-key-id" \
+	--CERTIMATE_DEPLOYER_VOLCENGINECDN_ACCESSKEYSECRET="your-access-key-secret" \
 	--CERTIMATE_DEPLOYER_VOLCENGINECDN_DOMAIN="example.com"
 */
 func TestDeploy(t *testing.T) {
@@ -47,15 +47,15 @@ func TestDeploy(t *testing.T) {
 			"args:",
 			fmt.Sprintf("INPUTCERTPATH: %v", fInputCertPath),
 			fmt.Sprintf("INPUTKEYPATH: %v", fInputKeyPath),
-			fmt.Sprintf("ACCESSKEY: %v", fAccessKey),
-			fmt.Sprintf("SECRETKEY: %v", fSecretKey),
+			fmt.Sprintf("ACCESSKEYID: %v", fAccessKeyId),
+			fmt.Sprintf("ACCESSKEYSECRET: %v", fAccessKeySecret),
 			fmt.Sprintf("DOMAIN: %v", fDomain),
 		}, "\n"))

 		deployer, err := provider.New(&provider.VolcEngineCDNDeployerConfig{
-			AccessKey: fAccessKey,
-			SecretKey: fSecretKey,
-			Domain:    fDomain,
+			AccessKeyId:     fAccessKeyId,
+			AccessKeySecret: fAccessKeySecret,
+			Domain:          fDomain,
 		})
 		if err != nil {
 			t.Errorf("err: %+v", err)
--- a/internal/pkg/core/deployer/providers/volcengine-live/volcengine_live.go
+++ b/internal/pkg/core/deployer/providers/volcengine-live/volcengine_live.go
@@ -17,10 +17,10 @@ import (
 )

 type VolcEngineLiveDeployerConfig struct {
-	// 火山引擎 AccessKey。
-	AccessKey string `json:"accessKey"`
-	// 火山引擎 SecretKey。
-	SecretKey string `json:"secretKey"`
+	// 火山引擎 AccessKeyId。
+	AccessKeyId string `json:"accessKeyId"`
+	// 火山引擎 AccessKeySecret。
+	AccessKeySecret string `json:"accessKeySecret"`
 	// 加速域名（支持泛域名）。
 	Domain string `json:"domain"`
 }
@@ -48,12 +48,12 @@ func NewWithLogger(config *VolcEngineLiveDeployerConfig, logger logger.Logger) (
 	}

 	client := veLive.NewInstance()
-	client.SetAccessKey(config.AccessKey)
-	client.SetSecretKey(config.SecretKey)
+	client.SetAccessKey(config.AccessKeyId)
+	client.SetSecretKey(config.AccessKeySecret)

 	uploader, err := providerLive.New(&providerLive.VolcEngineLiveUploaderConfig{
-		AccessKeyId:     config.AccessKey,
-		AccessKeySecret: config.SecretKey,
+		AccessKeyId:     config.AccessKeyId,
+		AccessKeySecret: config.AccessKeySecret,
 	})
 	if err != nil {
 		return nil, xerrors.Wrap(err, "failed to create ssl uploader")
--- a/internal/pkg/core/deployer/providers/volcengine-live/volcengine_live_test.go
+++ b/internal/pkg/core/deployer/providers/volcengine-live/volcengine_live_test.go
@@ -12,11 +12,11 @@ import (
 )

 var (
-	fInputCertPath string
-	fInputKeyPath  string
-	fAccessKey     string
-	fSecretKey     string
-	fDomain        string
+	fInputCertPath   string
+	fInputKeyPath    string
+	fAccessKeyId     string
+	fAccessKeySecret string
+	fDomain          string
 )

 func init() {
@@ -24,8 +24,8 @@ func init() {

 	flag.StringVar(&fInputCertPath, argsPrefix+"INPUTCERTPATH", "", "")
 	flag.StringVar(&fInputKeyPath, argsPrefix+"INPUTKEYPATH", "", "")
-	flag.StringVar(&fAccessKey, argsPrefix+"ACCESSKEY", "", "")
-	flag.StringVar(&fSecretKey, argsPrefix+"SECRETKEY", "", "")
+	flag.StringVar(&fAccessKeyId, argsPrefix+"ACCESSKEYID", "", "")
+	flag.StringVar(&fAccessKeySecret, argsPrefix+"ACCESSKEYSECRET", "", "")
 	flag.StringVar(&fDomain, argsPrefix+"DOMAIN", "", "")
 }

@@ -35,8 +35,8 @@ Shell command to run this test:
 	go test -v ./volcengine_live_test.go -args \
 	--CERTIMATE_DEPLOYER_VOLCENGINELIVE_INPUTCERTPATH="/path/to/your-input-cert.pem" \
 	--CERTIMATE_DEPLOYER_VOLCENGINELIVE_INPUTKEYPATH="/path/to/your-input-key.pem" \
-	--CERTIMATE_DEPLOYER_VOLCENGINELIVE_ACCESSKEY="your-access-key" \
-	--CERTIMATE_DEPLOYER_VOLCENGINELIVE_SECRETKEY="your-secret-key" \
+	--CERTIMATE_DEPLOYER_VOLCENGINELIVE_ACCESSKEYID="your-access-key-id" \
+	--CERTIMATE_DEPLOYER_VOLCENGINELIVE_ACCESSKEYSECRET="your-access-key-secret" \
 	--CERTIMATE_DEPLOYER_VOLCENGINELIVE_DOMAIN="example.com"
 */
 func TestDeploy(t *testing.T) {
@@ -47,15 +47,15 @@ func TestDeploy(t *testing.T) {
 			"args:",
 			fmt.Sprintf("INPUTCERTPATH: %v", fInputCertPath),
 			fmt.Sprintf("INPUTKEYPATH: %v", fInputKeyPath),
-			fmt.Sprintf("ACCESSKEY: %v", fAccessKey),
-			fmt.Sprintf("SECRETKEY: %v", fSecretKey),
+			fmt.Sprintf("ACCESSKEYID: %v", fAccessKeyId),
+			fmt.Sprintf("ACCESSKEYSECRET: %v", fAccessKeySecret),
 			fmt.Sprintf("DOMAIN: %v", fDomain),
 		}, "\n"))

 		deployer, err := provider.New(&provider.VolcEngineLiveDeployerConfig{
-			AccessKey: fAccessKey,
-			SecretKey: fSecretKey,
-			Domain:    fDomain,
+			AccessKeyId:     fAccessKeyId,
+			AccessKeySecret: fAccessKeySecret,
+			Domain:          fDomain,
 		})
 		if err != nil {
 			t.Errorf("err: %+v", err)
--- a/internal/pkg/core/uploader/providers/volcengine-certcenter/volcengine_certcenter.go
+++ b/internal/pkg/core/uploader/providers/volcengine-certcenter/volcengine_certcenter.go
@@ -0,0 +1,88 @@
+package volcenginecertcenter
+
+import (
+	"context"
+	"errors"
+
+	xerrors "github.com/pkg/errors"
+	ve "github.com/volcengine/volcengine-go-sdk/volcengine"
+	veSession "github.com/volcengine/volcengine-go-sdk/volcengine/session"
+
+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
+	veCertCenter "github.com/usual2970/certimate/internal/pkg/vendors/volcengine-sdk/certcenter"
+)
+
+type VolcEngineCertCenterUploaderConfig struct {
+	// 火山引擎 AccessKeyId。
+	AccessKeyId string `json:"accessKeyId"`
+	// 火山引擎 AccessKeySecret。
+	AccessKeySecret string `json:"accessKeySecret"`
+	// 火山引擎区域。
+	Region string `json:"region"`
+}
+
+type VolcEngineCertCenterUploader struct {
+	config    *VolcEngineCertCenterUploaderConfig
+	sdkClient *veCertCenter.CertCenter
+}
+
+var _ uploader.Uploader = (*VolcEngineCertCenterUploader)(nil)
+
+func New(config *VolcEngineCertCenterUploaderConfig) (*VolcEngineCertCenterUploader, error) {
+	if config == nil {
+		return nil, errors.New("config is nil")
+	}
+
+	client, err := createSdkClient(config.AccessKeyId, config.AccessKeySecret, config.Region)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create sdk client: %w")
+	}
+
+	return &VolcEngineCertCenterUploader{
+		config:    config,
+		sdkClient: client,
+	}, nil
+}
+
+func (u *VolcEngineCertCenterUploader) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
+	// 上传证书
+	// REF: https://www.volcengine.com/docs/6638/1365580
+	importCertificateReq := &veCertCenter.ImportCertificateInput{
+		CertificateInfo: &veCertCenter.ImportCertificateInputCertificateInfo{
+			CertificateChain: ve.String(certPem),
+			PrivateKey:       ve.String(privkeyPem),
+		},
+		Repeatable: ve.Bool(false),
+	}
+	importCertificateResp, err := u.sdkClient.ImportCertificate(importCertificateReq)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to execute sdk request 'certcenter.ImportCertificate'")
+	}
+
+	var certId string
+	if importCertificateResp.InstanceId != nil {
+		certId = *importCertificateResp.InstanceId
+	}
+	if importCertificateResp.RepeatId != nil {
+		certId = *importCertificateResp.RepeatId
+	}
+	return &uploader.UploadResult{
+		CertId: certId,
+	}, nil
+}
+
+func createSdkClient(accessKeyId, accessKeySecret, region string) (*veCertCenter.CertCenter, error) {
+	if region == "" {
+		region = "cn-beijing"
+	}
+
+	config := ve.NewConfig().WithRegion(region).WithAkSk(accessKeyId, accessKeySecret)
+
+	session, err := veSession.NewSession(config)
+	if err != nil {
+		return nil, err
+	}
+
+	client := veCertCenter.New(session)
+	return client, nil
+}
--- a/internal/pkg/core/uploader/providers/volcengine-certcenter/volcengine_certcenter_test.go
+++ b/internal/pkg/core/uploader/providers/volcengine-certcenter/volcengine_certcenter_test.go
@@ -0,0 +1,72 @@
+package volcenginecertcenter_test
+
+import (
+	"context"
+	"encoding/json"
+	"flag"
+	"fmt"
+	"os"
+	"strings"
+	"testing"
+
+	provider "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/volcengine-certcenter"
+)
+
+var (
+	fInputCertPath   string
+	fInputKeyPath    string
+	fAccessKeyId     string
+	fAccessKeySecret string
+)
+
+func init() {
+	argsPrefix := "CERTIMATE_UPLOADER_VOLCENGINECERTCENTER_"
+
+	flag.StringVar(&fInputCertPath, argsPrefix+"INPUTCERTPATH", "", "")
+	flag.StringVar(&fInputKeyPath, argsPrefix+"INPUTKEYPATH", "", "")
+	flag.StringVar(&fAccessKeyId, argsPrefix+"ACCESSKEYID", "", "")
+	flag.StringVar(&fAccessKeySecret, argsPrefix+"ACCESSKEYSECRET", "", "")
+}
+
+/*
+Shell command to run this test:
+
+	go test -v ./volcengine_certcenter_test.go -args \
+	--CERTIMATE_UPLOADER_VOLCENGINECERTCENTER_INPUTCERTPATH="/path/to/your-input-cert.pem" \
+	--CERTIMATE_UPLOADER_VOLCENGINECERTCENTER_INPUTKEYPATH="/path/to/your-input-key.pem" \
+	--CERTIMATE_UPLOADER_VOLCENGINECERTCENTER_ACCESSKEYID="your-access-key-id" \
+	--CERTIMATE_UPLOADER_VOLCENGINECERTCENTER_ACCESSKEYSECRET="your-access-key-secret"
+*/
+func TestDeploy(t *testing.T) {
+	flag.Parse()
+
+	t.Run("Deploy", func(t *testing.T) {
+		t.Log(strings.Join([]string{
+			"args:",
+			fmt.Sprintf("INPUTCERTPATH: %v", fInputCertPath),
+			fmt.Sprintf("INPUTKEYPATH: %v", fInputKeyPath),
+			fmt.Sprintf("ACCESSKEYID: %v", fAccessKeyId),
+			fmt.Sprintf("ACCESSKEYSECRET: %v", fAccessKeySecret),
+		}, "\n"))
+
+		uploader, err := provider.New(&provider.VolcEngineCertCenterUploaderConfig{
+			AccessKeyId:     fAccessKeyId,
+			AccessKeySecret: fAccessKeySecret,
+		})
+		if err != nil {
+			t.Errorf("err: %+v", err)
+			return
+		}
+
+		fInputCertData, _ := os.ReadFile(fInputCertPath)
+		fInputKeyData, _ := os.ReadFile(fInputKeyPath)
+		res, err := uploader.Upload(context.Background(), string(fInputCertData), string(fInputKeyData))
+		if err != nil {
+			t.Errorf("err: %+v", err)
+			return
+		}
+
+		sres, _ := json.Marshal(res)
+		t.Logf("ok: %s", string(sres))
+	})
+}