diff --git a/packages/ui/certd-server/src/plugins/plugin-ucloud/access.ts b/packages/ui/certd-server/src/plugins/plugin-ucloud/access.ts index 6daf5ea9c..1440d7f1e 100644 --- a/packages/ui/certd-server/src/plugins/plugin-ucloud/access.ts +++ b/packages/ui/certd-server/src/plugins/plugin-ucloud/access.ts @@ -151,7 +151,7 @@ export class UCloudAccess extends BaseAccess { const crtBase64 = this.ctx.utils.hash.base64(cert.crt) const keyBase64 = this.ctx.utils.hash.base64(cert.key) const allDomains = certReader.getAllDomains().join(",") - + this.ctx.logger.info(`----------- 上传USSL证书,certName:${certName},domains:${allDomains}`); try { const resp = await this.invoke({ @@ -162,15 +162,15 @@ export class UCloudAccess extends BaseAccess { "SslMD5": this.ctx.utils.hash.md5(crtBase64 + keyBase64) }); this.ctx.logger.info(`----------- 上传USSL证书成功,certId:${resp.CertificateID}`); - return { type: "ussl", id: resp.CertificateID, name: certName, resourceId: resp.LongResourceID,domains:allDomains } + return { type: "ussl", id: resp.CertificateID, name: certName, resourceId: resp.LongResourceID, domains: allDomains } } catch (err) { - if(err.message.includes("重复上传证书")){ + if (err.message.includes("重复上传证书")) { //查找证书 const certList = await this.SslGetCertList(certReader.getMainDomain()); - + const cert = certList.find((item: any) => item.Domains === allDomains) - if(cert){ + if (cert) { this.ctx.logger.info(`----------- 找到已存在证书,certId:${cert.CertificateID}`); return { type: "ussl", id: cert.CertificateID, name: certName, domains: cert.Domains } } @@ -188,9 +188,21 @@ export class UCloudAccess extends BaseAccess { Action: "GetCertificateList", Mode: "trust", Domain: domain, - Sort:"2" + Sort: "2" }); - return resp.CertificateList||[]; + return resp.CertificateList || []; + } + + async WafSiteList(req: { PageNo: number, PageSize: number , FullDomain?: string }):Promise<{DomainHostList?:{RecordId:string,FullDomain:string}[],TotalCount:number}> { + const resp = await this.invoke({ + "Action": "DescribeWafDomainHostInfo", + "ProjectId": this.projectId, + "Limit": req.PageSize, + "Offset": (req.PageNo - 1) * req.PageSize, + "FullDomain": req.FullDomain || undefined + }); + this.ctx.logger.info(`获取到WAF站点列表:${JSON.stringify(resp)}`); + return resp; } diff --git a/packages/ui/certd-server/src/plugins/plugin-ucloud/plugins/index.ts b/packages/ui/certd-server/src/plugins/plugin-ucloud/plugins/index.ts index 8ba439d47..9b736e406 100644 --- a/packages/ui/certd-server/src/plugins/plugin-ucloud/plugins/index.ts +++ b/packages/ui/certd-server/src/plugins/plugin-ucloud/plugins/index.ts @@ -1,2 +1,3 @@ export * from './plugin-deploy-to-cdn.js'; -export * from './plugin-upload-to-ussl.js'; \ No newline at end of file +export * from './plugin-upload-to-ussl.js'; +export * from './plugin-deploy-to-waf.js'; diff --git a/packages/ui/certd-server/src/plugins/plugin-ucloud/plugins/plugin-deploy-to-waf.ts b/packages/ui/certd-server/src/plugins/plugin-ucloud/plugins/plugin-deploy-to-waf.ts index 6546af289..e431b58ae 100644 --- a/packages/ui/certd-server/src/plugins/plugin-ucloud/plugins/plugin-deploy-to-waf.ts +++ b/packages/ui/certd-server/src/plugins/plugin-ucloud/plugins/plugin-deploy-to-waf.ts @@ -1,5 +1,5 @@ import { AbstractTaskPlugin, IsTaskPlugin, PageSearch, pluginGroups, RunStrategy, TaskInput } from "@certd/pipeline"; -import { CertApplyPluginNames, CertInfo } from "@certd/plugin-cert"; +import { CertApplyPluginNames, CertInfo, CertReader } from "@certd/plugin-cert"; import { createCertDomainGetterInputDefine, createRemoteSelectInputDefine } from "@certd/plugin-lib"; import { UCloudAccess } from "../access.js"; @@ -20,18 +20,18 @@ import { UCloudAccess } from "../access.js"; } }) //类名规范,跟上面插件名称(name)一致 -export class UCloudDeployToCDN extends AbstractTaskPlugin { +export class UCloudDeployToWaf extends AbstractTaskPlugin { //证书选择,此项必须要有 @TaskInput({ title: "域名证书", helper: "请选择前置任务输出的域名证书", component: { name: "output-selector", - from: [...CertApplyPluginNames, ":UCloudCertId:"] + from: [...CertApplyPluginNames] } // required: true, // 必填 }) - cert!: CertInfo | { type: string, id: number, name: string }; + cert!: CertInfo ; @TaskInput(createCertDomainGetterInputDefine({ props: { required: false } })) certDomains!: string[]; @@ -53,7 +53,7 @@ export class UCloudDeployToCDN extends AbstractTaskPlugin { title: "域名列表", helper: "要更新的UCloud域名列表", - action: UCloudDeployToCDN.prototype.onGetDomainList.name + action: UCloudDeployToWaf.prototype.onGetDomainList.name }) ) domainList!: string[]; @@ -65,34 +65,40 @@ export class UCloudDeployToCDN extends AbstractTaskPlugin { //插件执行方法 async execute(): Promise { const access = await this.getAccess(this.accessId); - let certType = "ussl" - let certId = 0 - let certName = this.appendTimeSuffix("certd") - // @ts-ignore - if (this.cert?.id) { - //从上一步传过来的ssl证书 - // @ts-ignore - certId = this.cert.id - // @ts-ignore - certName = this.cert.name - } else { - const cert = await access.SslUploadCert({ - cert: this.cert as CertInfo - }); - certId = cert.id - certName = cert.name - } + const res = await this.addWafDomainCertificateInfo({ + access: access, + cert: this.cert + }); + this.logger.info(`----------- 上传证书成功:${JSON.stringify(res)}`); + const certId = res.Id; for (const item of this.domainList) { this.logger.info(`----------- 开始更新域名:${item}`); - await this.deployToCdn({ - access: access, - certName: certName, - domain: item, - certId: certId, - certType: certType - }); + + const domainInfo =await access.WafSiteList({ + PageNo: 1, + PageSize: 10, + FullDomain: item + }) + const list = domainInfo.DomainHostList || [] + if(!list || list.length === 0){ + throw new Error(`没有找到WAF域名${item}`) + } + const oldDomainInfo = list[0] as any + + + const srcIpList = oldDomainInfo.SrcIPInfo.map((item: any) => item.SrcIP) + + await access.invoke({ + "Action": "UpdateWafDomainHostInfo", + "ProjectId": access.projectId, + "WorkRegions": oldDomainInfo.WorkRegions, + "FullDomain": item, + "CertificateID": certId , + "SrcIP":srcIpList + }) + this.logger.info(`----------- 更新域名证书${item}成功`); } @@ -100,68 +106,21 @@ export class UCloudDeployToCDN extends AbstractTaskPlugin { } - async deployToCdn(req: { access: any, domain: string, certId: number, certType: string, certName: string }) { - const { access, domain, certId, certType, certName } = req - - const domainsRes = await access.invoke({ - "Action": "GetUcdnDomainConfig", - "ProjectId": access.projectId, - "Domain": [ - domain - ] - }); - - const domainList = domainsRes.DomainList || []; - const domainConf = domainList.find((item: any) => item.Domain === domain); - if (!domainConf) { - throw new Error(`没有找到CDN域名${domain}`); - } - - const domainId = domainConf.DomainId; - const httpsStatusAbroad = domainConf.HttpsStatusAbroad; - let httpsStatusCn = domainConf.HttpsStatusCn; - if (httpsStatusAbroad === "disable" && httpsStatusCn === "disable") { - this.logger.info(`原CDN域名HTTPS未开启,将开启国内加速`); - httpsStatusCn = "enable" - } - - - const body: any = { - "Action": "UpdateUcdnDomainHttpsConfigV2", - "DomainId": domainId, - "CertName": certName, - "CertId": certId, - "CertType": certType, - EnableHttp2: domainConf.EnableHttp2 ||"0", - RedirectHttp2Https: domainConf.RedirectHttp2Https || "0", - TlsVersion: domainConf.TlsVersion || "tlsv1.0,tlsv1.1,tlsv1.2,tlsv1.3" - } - if (httpsStatusAbroad === "enable") { - body.HttpsStatusAbroad = httpsStatusAbroad; - } - if (httpsStatusCn === "enable") { - body.HttpsStatusCn = httpsStatusCn; - } - this.logger.info(`----------- 更新CDN域名HTTPS配置${domainId},${JSON.stringify(body)}`); - const resp = await access.invoke(body); - this.logger.info(`----------- 部署CDN证书${domainId}成功,${JSON.stringify(resp)}`); - } - async onGetDomainList(req: PageSearch = {}) { const access = await this.getAccess(this.accessId); const pageNo = req.pageNo ?? 1; const pageSize = req.pageSize ?? 100; - const res = await access.CdnDominList( + const res = await access.WafSiteList( { PageNo: pageNo, PageSize: pageSize } ); const total = res.TotalCount; - const list = res.DomainInfoList || []; + const list = res.DomainHostList || []; if (!list || list.length === 0) { - throw new Error("没有找到CDN域名,请先在控制台创建CDN域名"); + throw new Error("没有找到WAF域名,请先在控制台添加WAF站点"); } /** @@ -170,9 +129,9 @@ export class UCloudDeployToCDN extends AbstractTaskPlugin { */ const options = list.map((item: any) => { return { - label: `${item.Domain}<${item.DomainId}>`, - value: `${item.Domain}`, - domain: item.Domain + label: `${item.FullDomain}<${item.RecordId}>`, + value: `${item.FullDomain}`, + domain: item.FullDomain }; }); return { @@ -183,7 +142,37 @@ export class UCloudDeployToCDN extends AbstractTaskPlugin { }; } + async addWafDomainCertificateInfo(req: { access: UCloudAccess, cert: CertInfo }) { + + const certReader = new CertReader(req.cert) + const certName = certReader.buildCertName() + const crtBase64 = this.ctx.utils.hash.base64(req.cert.crt) + const keyBase64 = this.ctx.utils.hash.base64(req.cert.key) + const allDomains = certReader.getAllDomains().join(",") + + + const resp = await req.access.invoke({ + "Action": "AddWafDomainCertificateInfo", + /** + * Domain string 域名 Yes + CertificateName string 证书名称 Yes + SslPublicKey string ssl公钥 Yes + SslMD string 证书MD5校验值,开启keyless只需要计算公钥的md5 Yes + SslKeyless string keyless开关,默认关闭;可选值:开启(on),关闭(off) Yes + + */ + "Domain": allDomains, + "CertificateName": certName, + "SslPublicKey": crtBase64, + "SslPrivateKey": keyBase64, + "SslMD": this.ctx.utils.hash.md5(crtBase64), + "SslKeyless": "off" + }); + this.ctx.logger.info(`----------- 添加WAF域名证书信息成功,${JSON.stringify(resp)}`); + return resp; + } + } //实例化一下,注册插件 -new UCloudDeployToCDN(); +new UCloudDeployToWaf();