Merge remote-tracking branch 'origin/v2' into v2

# Conflicts: # packages/ui/certd-server/src/plugins/plugin-other/plugins/index.ts
2026-04-23 19:57:27 +08:00 · 2024-09-16 15:52:35 +08:00
parent 48238d929e 830de90317
commit 4c37ec3222
59 changed files with 618 additions and 179 deletions
@@ -1,19 +1,19 @@
 import crypto from 'crypto';
 import querystring from 'querystring';
 import { DogeCloudAccess } from '../access.js';
-import { AxiosInstance } from 'axios';
+import { HttpClient } from '@certd/pipeline';

 export class DogeClient {
  accessKey: string;
  secretKey: string;
-  http: AxiosInstance;
-  constructor(access: DogeCloudAccess, http: AxiosInstance) {
+  http: HttpClient;
+  constructor(access: DogeCloudAccess, http: HttpClient) {
    this.accessKey = access.accessKey;
    this.secretKey = access.secretKey;
    this.http = http;
  }

-  async request(apiPath: string, data: any = {}, jsonMode = false) {
+  async request(apiPath: string, data: any = {}, jsonMode = false, ignoreResNullCode = false) {
    // 这里替换为你的多吉云永久 AccessKey 和 SecretKey，可在用户中心 - 密钥管理中查看
    // 请勿在客户端暴露 AccessKey 和 SecretKey，那样恶意用户将获得账号完全控制权

@@ -34,7 +34,9 @@ export class DogeClient {
      },
    });

-    if (res.code !== 200) {
+    if (res.code == null && ignoreResNullCode) {
+      //ignore
+    } else if (res.code !== 200) {
      throw new Error('API Error: ' + res.msg);
    }
    return res.data;
@@ -44,6 +44,17 @@ export class DogeCloudDeployToCDNPlugin extends AbstractTaskPlugin {
  })
  accessId!: string;

+  @TaskInput({
+    title: '忽略部署接口报错',
+    helper: '当该域名部署后报错，但是实际上已经部署成功时，可以勾选',
+    value: false,
+    component: {
+      name: 'a-switch',
+      type: 'checked',
+    },
+  })
+  ignoreDeployNullCode = false;
+
  dogeClient!: DogeClient;

  async onInstance() {
@@ -66,10 +77,14 @@ export class DogeCloudDeployToCDNPlugin extends AbstractTaskPlugin {
  }

  async bindCert(certId: number) {
-    await this.dogeClient.request('/cdn/cert/bind.json', {
-      id: certId,
-      domain: this.domain,
-    });
+    await this.dogeClient.request(
+      '/cdn/cert/bind.json',
+      {
+        id: certId,
+        domain: this.domain,
+      },
+      this.ignoreDeployNullCode
+    );
  }
 }
 new DogeCloudDeployToCDNPlugin();
@@ -1,2 +1,3 @@
 export * from './plugin-k8s.js';
 export * from './plugin-restart.js';
+export * from './plugin-script.js';
@@ -6,6 +6,7 @@ import { appendTimeSuffix } from '../../plugin-aliyun/utils/index.js';
@IsTaskPlugin({
  name: 'DeployToK8SIngress',
  title: 'K8S Ingress证书部署',
+  desc: '暂不可用',
  group: pluginGroups.other.key,
  default: {
    strategy: {
@@ -0,0 +1,58 @@
+import { AbstractTaskPlugin, IsTaskPlugin, pluginGroups, RunStrategy, TaskInput, TaskInstanceContext } from '@certd/pipeline';
+import { CertInfo, CertReader } from '@certd/plugin-cert';
+
+export type CustomScriptContext = {
+  CertReader: typeof CertReader;
+  self: CustomScriptPlugin;
+} & TaskInstanceContext;
+
+@IsTaskPlugin({
+  name: 'CustomScript',
+  title: '自定义js脚本',
+  desc: '测试',
+  group: pluginGroups.other.key,
+  default: {
+    strategy: {
+      runStrategy: RunStrategy.SkipWhenSucceed,
+    },
+  },
+})
+export class CustomScriptPlugin extends AbstractTaskPlugin {
+  @TaskInput({
+    title: '脚本',
+    helper: '自定义js脚本',
+    component: {
+      name: 'a-textarea',
+      vModel: 'value',
+      rows: 10,
+      style: 'background-color: #000c17;color: #fafafa;',
+    },
+    required: true,
+  })
+  script!: string;
+
+  @TaskInput({
+    title: '域名证书',
+    helper: '请选择前置任务输出的域名证书',
+    component: {
+      name: 'pi-output-selector',
+      from: 'CertApply',
+    },
+    required: true,
+  })
+  cert!: CertInfo;
+
+  async onInstance() {}
+  async execute(): Promise<void> {
+    this.logger.info('执行自定义脚本:\n', this.script);
+    const ctx: CustomScriptContext = {
+      CertReader,
+      self: this,
+      ...this.ctx,
+    };
+    const AsyncFunction = Object.getPrototypeOf(async () => {}).constructor;
+    const func = new AsyncFunction('ctx', this.script);
+    return await func(ctx);
+  }
+}
+new CustomScriptPlugin();
@@ -93,20 +93,20 @@ export class DeployToCdnPlugin extends AbstractTaskPlugin {

  buildParams() {
    return {
-      Https: {
-        Switch: 'on',
-        CertInfo: {
+      Domain: this.domainName,
+      Route: 'Https.CertInfo',
+      Value: JSON.stringify({
+        update: {
          Certificate: this.cert.crt,
          PrivateKey: this.cert.key,
        },
-      },
-      Domain: this.domainName,
+      }),
    };
  }

  async doRequest(params: any) {
    const client = await this.getClient();
-    const ret = await client.UpdateDomainConfig(params);
+    const ret = await client.ModifyDomainConfig(params);
    this.checkRet(ret);
    this.logger.info('设置腾讯云CDN证书成功:', ret.RequestId);
    return ret.RequestId;
@@ -6,7 +6,7 @@ import dayjs from 'dayjs';
  name: 'DeployCertToTencentCLB',
  title: '部署到腾讯云CLB',
  group: pluginGroups.tencent.key,
-  desc: '暂时只支持单向认证证书，暂时只支持通用负载均衡',
+  desc: '暂时只支持单向认证证书，暂时只支持通用负载均衡，必须开启sni',
  default: {
    strategy: {
      runStrategy: RunStrategy.SkipWhenSucceed,
@@ -93,14 +93,13 @@ export class DeployToClbPlugin extends AbstractTaskPlugin {
  accessId!: string;

  client: any;
-  ClbClient: any;
  async onInstance() {
    this.client = await this.getClient();
  }

  async getClient() {
    const sdk = await import('tencentcloud-sdk-nodejs/tencentcloud/services/clb/v20180317/index.js');
-    this.ClbClient = sdk.v20180317.Client;
+    const ClbClient = sdk.v20180317.Client;

    const accessProvider = (await this.accessService.getById(this.accessId)) as TencentAccess;

@@ -118,7 +117,7 @@ export class DeployToClbPlugin extends AbstractTaskPlugin {
      },
    };

-    return new this.ClbClient(clientConfig);
+    return new ClbClient(clientConfig);
  }

  async execute(): Promise<void> {
@@ -38,6 +38,7 @@ export class DeployToEOPlugin extends AbstractTaskPlugin {
  @TaskInput({
    title: '站点ID',
    helper: '类似于zone-xxxx的字符串，在站点概览页面左上角，或者，站点列表页面站点名称下方',
+    required: true,
  })
  zoneId!: string;

@@ -89,19 +89,16 @@ export class DeployCertToTencentTKEIngressPlugin extends AbstractTaskPlugin {
  })
  cert!: any;

-  TkeClient: any;
  K8sClient: any;

  async onInstance() {
    //  const TkeClient = this.tencentcloud.tke.v20180525.Client;
-    const sdk = await import('tencentcloud-sdk-nodejs/tencentcloud/services/tke/v20220501/index.js');
-    this.TkeClient = sdk.v20220501.Client;
    const k8sSdk = await import('@certd/lib-k8s');
    this.K8sClient = k8sSdk.K8sClient;
  }
  async execute(): Promise<void> {
    const accessProvider = await this.accessService.getById(this.accessId);
-    const tkeClient = this.getTkeClient(accessProvider, this.region);
+    const tkeClient = await this.getTkeClient(accessProvider, this.region);
    const kubeConfigStr = await this.getTkeKubeConfig(tkeClient, this.clusterId);

    this.logger.info('kubeconfig已成功获取');
@@ -127,7 +124,9 @@ export class DeployCertToTencentTKEIngressPlugin extends AbstractTaskPlugin {
    await this.restartIngress({ k8sClient });
  }

-  getTkeClient(accessProvider: any, region = 'ap-guangzhou') {
+  async getTkeClient(accessProvider: any, region = 'ap-guangzhou') {
+    const sdk = await import('tencentcloud-sdk-nodejs/tencentcloud/services/tke/v20180525/index.js');
+    const TkeClient = sdk.v20180525.Client;
    const clientConfig = {
      credential: {
        secretId: accessProvider.secretId,
@@ -141,7 +140,7 @@ export class DeployCertToTencentTKEIngressPlugin extends AbstractTaskPlugin {
      },
    };

-    return new this.TkeClient(clientConfig);
+    return new TkeClient(clientConfig);
  }

  async getTkeKubeConfig(client: any, clusterId: string) {