feat: midway注解方式编写插件

2026-04-24 04:17:25 +08:00 · 2023-01-11 20:39:48 +08:00
parent 52522f27e9
commit dcd1023a39
47 changed files with 484 additions and 714 deletions
@@ -1,4 +1,4 @@
-import { IsAccess, IsAccessInput } from "@certd/pipeline";
+import { IsAccess, AccessInput } from "@certd/pipeline";

@IsAccess({
  name: "aliyun",
@@ -6,7 +6,7 @@ import { IsAccess, IsAccessInput } from "@certd/pipeline";
  desc: "",
 })
 export class AliyunAccess {
-  @IsAccessInput({
+  @AccessInput({
    title: "accessKeyId",
    component: {
      placeholder: "accessKeyId",
@@ -14,7 +14,7 @@ export class AliyunAccess {
    required: true,
  })
  accessKeyId = "";
-  @IsAccessInput({
+  @AccessInput({
    title: "accessKeySecret",
    component: {
      placeholder: "accessKeySecret",
@@ -1,7 +1,8 @@
 import Core from "@alicloud/pop-core";
 import _ from "lodash";
-import { CreateRecordOptions, IDnsProvider, IsDnsProvider, RemoveRecordOptions } from "@certd/pipeline";
-import { Logger } from "log4js";
+import { CreateRecordOptions, IDnsProvider, IsDnsProvider, RemoveRecordOptions } from "@certd/plugin-cert";
+import { Autowire, ILogger } from "@certd/pipeline";
+import { AliyunAccess } from "../access";

@IsDnsProvider({
  name: "aliyun",
@@ -11,8 +12,10 @@ import { Logger } from "log4js";
 })
 export class AliyunDnsProvider implements IDnsProvider {
  client: any;
-  access: any;
-  logger!: Logger;
+  @Autowire()
+  access!: AliyunAccess;
+  @Autowire()
+  logger!: ILogger;
  async onInit() {
    const access: any = this.access;
    this.client = new Core({
@@ -1,101 +1,119 @@
-import { AbstractPlugin, IsTask, RunStrategy, TaskInput, TaskOutput, TaskPlugin, utils } from "@certd/pipeline";
+import { Autowire, IAccessService, IsTaskPlugin, ITaskPlugin, ILogger, RunStrategy, TaskInput, utils } from "@certd/pipeline";
 // @ts-ignore
 import { ROAClient } from "@alicloud/pop-core";
 import { AliyunAccess } from "../../access";
 import { K8sClient } from "@certd/plugin-util";
 import { appendTimeSuffix } from "../../utils";
+import { CertInfo } from "@certd/plugin-cert";

-@IsTask(() => {
-  return {
-    name: "DeployCertToAliyunAckIngress",
-    title: "部署到阿里云AckIngress",
-    input: {
-      clusterId: {
-        title: "集群id",
-        component: {
-          placeholder: "集群id",
-        },
-      },
-      secretName: {
-        title: "保密字典Id",
-        component: {
-          placeholder: "保密字典Id",
-        },
-        required: true,
-      },
-      regionId: {
-        title: "大区",
-        value: "cn-shanghai",
-        component: {
-          placeholder: "集群所属大区",
-        },
-        required: true,
-      },
-      namespace: {
-        title: "命名空间",
-        value: "default",
-        component: {
-          placeholder: "命名空间",
-        },
-        required: true,
-      },
-      ingressName: {
-        title: "ingress名称",
-        value: "",
-        component: {
-          placeholder: "ingress名称",
-        },
-        required: true,
-        helper: "可以传入一个数组",
-      },
-      ingressClass: {
-        title: "ingress类型",
-        value: "nginx",
-        component: {
-          placeholder: "暂时只支持nginx类型",
-        },
-        required: true,
-      },
-      isPrivateIpAddress: {
-        title: "是否私网ip",
-        value: false,
-        component: {
-          placeholder: "集群连接端点是否是私网ip",
-        },
-        helper: "如果您当前certd运行在同一个私网下，可以选择是。",
-        required: true,
-      },
-      cert: {
-        title: "域名证书",
-        helper: "请选择前置任务输出的域名证书",
-        component: {
-          name: "pi-output-selector",
-        },
-        required: true,
-      },
-      accessId: {
-        title: "Access授权",
-        helper: "阿里云授权AccessKeyId、AccessKeySecret",
-        component: {
-          name: "pi-access-selector",
-          type: "aliyun",
-        },
-        required: true,
-      },
+@IsTaskPlugin({
+  name: "DeployCertToAliyunAckIngress",
+  title: "部署到阿里云AckIngress",
+  input: {},
+  output: {},
+  default: {
+    strategy: {
+      runStrategy: RunStrategy.SkipWhenSucceed,
    },
-    output: {},
-    default: {
-      strategy: {
-        runStrategy: RunStrategy.SkipWhenSucceed,
-      },
-    },
-  };
+  },
 })
-export class DeployCertToAliyunAckIngressPlugin extends AbstractPlugin implements TaskPlugin {
-  async execute(input: TaskInput): Promise<TaskOutput> {
+export class DeployCertToAliyunAckIngressPlugin implements ITaskPlugin {
+  @TaskInput({
+    title: "集群id",
+    component: {
+      placeholder: "集群id",
+    },
+  })
+  clusterId!: string;
+
+  @TaskInput({
+    title: "保密字典Id",
+    component: {
+      placeholder: "保密字典Id",
+    },
+    required: true,
+  })
+  secretName!: string | string[];
+
+  @TaskInput({
+    title: "大区",
+    value: "cn-shanghai",
+    component: {
+      placeholder: "集群所属大区",
+    },
+    required: true,
+  })
+  regionId!: string;
+
+  @TaskInput({
+    title: "命名空间",
+    value: "default",
+    component: {
+      placeholder: "命名空间",
+    },
+    required: true,
+  })
+  namespace!: string;
+  @TaskInput({
+    title: "ingress名称",
+    value: "",
+    component: {
+      placeholder: "ingress名称",
+    },
+    required: true,
+    helper: "可以传入一个数组",
+  })
+  ingressName!: string;
+  @TaskInput({
+    title: "ingress类型",
+    value: "nginx",
+    component: {
+      placeholder: "暂时只支持nginx类型",
+    },
+    required: true,
+  })
+  ingressClass!: string;
+  @TaskInput({
+    title: "是否私网ip",
+    value: false,
+    component: {
+      placeholder: "集群连接端点是否是私网ip",
+    },
+    helper: "如果您当前certd运行在同一个私网下，可以选择是。",
+    required: true,
+  })
+  isPrivateIpAddress!: boolean;
+  @TaskInput({
+    title: "域名证书",
+    helper: "请选择前置任务输出的域名证书",
+    component: {
+      name: "pi-output-selector",
+    },
+    required: true,
+  })
+  cert!: CertInfo;
+  @TaskInput({
+    title: "Access授权",
+    helper: "阿里云授权AccessKeyId、AccessKeySecret",
+    component: {
+      name: "pi-access-selector",
+      type: "aliyun",
+    },
+    required: true,
+  })
+  accessId!: string;
+
+  @Autowire()
+  accessService!: IAccessService;
+  @Autowire()
+  logger!: ILogger;
+
+  // eslint-disable-next-line @typescript-eslint/no-empty-function
+  async onInit(): Promise<void> {}
+  async execute(): Promise<void> {
    console.log("开始部署证书到阿里云cdn");
-    const { regionId, ingressClass, clusterId, isPrivateIpAddress, cert } = input;
-    const access = (await this.accessService.getById(input.accessId)) as AliyunAccess;
+    const { regionId, ingressClass, clusterId, isPrivateIpAddress, cert } = this;
+    const access = (await this.accessService.getById(this.accessId)) as AliyunAccess;
    const client = this.getClient(access, regionId);
    const kubeConfigStr = await this.getKubeConfig(client, clusterId, isPrivateIpAddress);

@@ -106,17 +124,16 @@ export class DeployCertToAliyunAckIngressPlugin extends AbstractPlugin implement
      throw new Error("暂未实现");
      // await this.patchQcloudCertSecret({ k8sClient, props, context })
    } else {
-      await this.patchNginxCertSecret({ cert, k8sClient, input });
+      await this.patchNginxCertSecret({ cert, k8sClient });
    }

    await utils.sleep(3000); // 停留2秒，等待secret部署完成
    // await this.restartIngress({ k8sClient, props })
-    return {};
  }

-  async restartIngress(options: { k8sClient: any; input: TaskInput }) {
-    const { k8sClient, input } = options;
-    const { namespace } = input;
+  async restartIngress(options: { k8sClient: any }) {
+    const { k8sClient } = options;
+    const { namespace } = this;

    const body = {
      metadata: {
@@ -136,7 +153,7 @@ export class DeployCertToAliyunAckIngressPlugin extends AbstractPlugin implement
          return false;
        }
        for (const tls of item.spec.tls) {
-          if (tls.secretName === input.secretName) {
+          if (tls.secretName === this.secretName) {
            return true;
          }
        }
@@ -151,14 +168,14 @@ export class DeployCertToAliyunAckIngressPlugin extends AbstractPlugin implement
    }
  }

-  async patchNginxCertSecret(options: { cert: any; k8sClient: any; input: TaskInput }) {
-    const { cert, k8sClient, input } = options;
+  async patchNginxCertSecret(options: { cert: any; k8sClient: any }) {
+    const { cert, k8sClient } = options;
    const crt = cert.crt;
    const key = cert.key;
    const crtBase64 = Buffer.from(crt).toString("base64");
    const keyBase64 = Buffer.from(key).toString("base64");

-    const { namespace, secretName } = input;
+    const { namespace, secretName } = this;

    const body = {
      data: {
@@ -171,7 +188,7 @@ export class DeployCertToAliyunAckIngressPlugin extends AbstractPlugin implement
        },
      },
    };
-    let secretNames = secretName;
+    let secretNames: any = secretName;
    if (typeof secretName === "string") {
      secretNames = [secretName];
    }
@@ -1,9 +1,8 @@
-import { Autowire, IAccessService, IsTaskPlugin, ITaskPlugin, LOGGER, RunStrategy, TaskInput } from "@certd/pipeline";
+import { Autowire, IAccessService, ILogger, IsTaskPlugin, ITaskPlugin, RunStrategy, TaskInput } from "@certd/pipeline";
 import dayjs from "dayjs";
 import Core from "@alicloud/pop-core";
 import RPCClient from "@alicloud/pop-core";
 import { AliyunAccess } from "../../access";
-import { Inject } from "@midwayjs/core";

@IsTaskPlugin({
  name: "DeployCertToAliyunCDN",
@@ -50,11 +49,11 @@ export class DeployCertToAliyunCDN implements ITaskPlugin {
  })
  accessId!: string;

-  @Inject()
+  @Autowire()
  accessService!: IAccessService;

  @Autowire()
-  logger!: LOGGER;
+  logger!: ILogger;
  // eslint-disable-next-line @typescript-eslint/no-empty-function
  async onInit() {}
  async execute(): Promise<void> {
@@ -17,7 +17,6 @@ import { Logger } from "log4js";
 export class UploadCertToAliyun implements ITaskPlugin {
  @TaskInput({
    title: "证书名称",
-
    helper: "证书上传后将以此参数作为名称前缀",
  })
  name!: string;
@@ -66,6 +65,9 @@ export class UploadCertToAliyun implements ITaskPlugin {
  @Autowire()
  logger!: Logger;

+  // eslint-disable-next-line @typescript-eslint/no-empty-function
+  async onInit() {}
+
  async execute(): Promise<void> {
    console.log("开始部署证书到阿里云cdn");
    const access = (await this.accessService.getById(this.accessId)) as AliyunAccess;
@@ -1,199 +0,0 @@
-import { AbstractAliyunPlugin } from '../abstract-aliyun.js'
-import Core from '@alicloud/pop-core'
-import { K8sClient } from '@certd/plugin-common'
-const ROAClient = Core.ROAClient
-
-const define = {
-  name: 'deployCertToAliyunAckIngress',
-  title: '部署到阿里云AckIngress',
-  input: {
-    clusterId: {
-      title: '集群id',
-      component: {
-        placeholder: '集群id'
-      }
-    },
-    secretName: {
-      title: '保密字典Id',
-      component: {
-        placeholder: '保密字典Id'
-      },
-      required: true
-    },
-    regionId: {
-      title: '大区',
-      value: 'cn-shanghai',
-      component: {
-        placeholder: '集群所属大区'
-      },
-      required: true
-    },
-    namespace: {
-      title: '命名空间',
-      value: 'default',
-      component: {
-        placeholder: '命名空间'
-      },
-      required: true
-    },
-    ingressName: {
-      title: 'ingress名称',
-      value: '',
-      component: {
-        placeholder: 'ingress名称'
-      },
-      required: true,
-      helper: '可以传入一个数组'
-    },
-    ingressClass: {
-      title: 'ingress类型',
-      value: 'nginx',
-      component: {
-        placeholder: '暂时只支持nginx类型'
-      },
-      required: true
-    },
-    isPrivateIpAddress: {
-      title: '是否私网ip',
-      value: false,
-      component: {
-        placeholder: '集群连接端点是否是私网ip'
-      },
-      helper: '如果您当前certd运行在同一个私网下，可以选择是。',
-      required: true
-    },
-    accessProvider: {
-      title: 'Access授权',
-      type: [String, Object],
-      helper: 'AccessKey、AccessSecret',
-      component: {
-        name: 'access-selector',
-        type: 'aliyun'
-      },
-      required: true
-    }
-  },
-  output: {
-
-  }
-}
-
-export class DeployCertToAliyunAckIngress extends AbstractAliyunPlugin {
-  static define () {
-    return define
-  }
-
-  async execute ({ cert, props, context }) {
-    const accessProvider = this.getAccessProvider(props.accessProvider)
-    const client = this.getClient(accessProvider, props.regionId)
-
-    const kubeConfigStr = await this.getKubeConfig(client, props.clusterId, props.isPrivateIpAddress)
-
-    this.logger.info('kubeconfig已成功获取')
-    const k8sClient = new K8sClient(kubeConfigStr)
-    const ingressType = props.ingressClass || 'qcloud'
-    if (ingressType === 'qcloud') {
-      throw new Error('暂未实现')
-      // await this.patchQcloudCertSecret({ k8sClient, props, context })
-    } else {
-      await this.patchNginxCertSecret({ cert, k8sClient, props, context })
-    }
-
-    await this.sleep(3000) // 停留2秒，等待secret部署完成
-    // await this.restartIngress({ k8sClient, props })
-    return true
-  }
-
-  async restartIngress ({ k8sClient, props }) {
-    const { namespace } = props
-
-    const body = {
-      metadata: {
-        labels: {
-          certd: this.appendTimeSuffix('certd')
-        }
-      }
-    }
-    const ingressList = await k8sClient.getIngressList({ namespace })
-    console.log('ingressList:', ingressList)
-    if (!ingressList || !ingressList.body || !ingressList.body.items) {
-      return
-    }
-    const ingressNames = ingressList.body.items.filter(item => {
-      if (!item.spec.tls) {
-        return false
-      }
-      for (const tls of item.spec.tls) {
-        if (tls.secretName === props.secretName) {
-          return true
-        }
-      }
-      return false
-    }).map(item => {
-      return item.metadata.name
-    })
-    for (const ingress of ingressNames) {
-      await k8sClient.patchIngress({ namespace, ingressName: ingress, body })
-      this.logger.info(`ingress已重启:${ingress}`)
-    }
-  }
-
-  async patchNginxCertSecret ({ cert, k8sClient, props, context }) {
-    const crt = cert.crt
-    const key = cert.key
-    const crtBase64 = Buffer.from(crt).toString('base64')
-    const keyBase64 = Buffer.from(key).toString('base64')
-
-    const { namespace, secretName } = props
-
-    const body = {
-      data: {
-        'tls.crt': crtBase64,
-        'tls.key': keyBase64
-      },
-      metadata: {
-        labels: {
-          certd: this.appendTimeSuffix('certd')
-        }
-      }
-    }
-    let secretNames = secretName
-    if (typeof secretName === 'string') {
-      secretNames = [secretName]
-    }
-    for (const secret of secretNames) {
-      await k8sClient.patchSecret({ namespace, secretName: secret, body })
-      this.logger.info(`CertSecret已更新:${secret}`)
-    }
-  }
-
-  getClient (aliyunProvider, regionId) {
-    return new ROAClient({
-      accessKeyId: aliyunProvider.accessKeyId,
-      accessKeySecret: aliyunProvider.accessKeySecret,
-      endpoint: `https://cs.${regionId}.aliyuncs.com`,
-      apiVersion: '2015-12-15'
-    })
-  }
-
-  async getKubeConfig (client, clusterId, isPrivateIpAddress = false) {
-    const httpMethod = 'GET'
-    const uriPath = `/k8s/${clusterId}/user_config`
-    const queries = {
-      PrivateIpAddress: isPrivateIpAddress
-    }
-    const body = '{}'
-    const headers = {
-      'Content-Type': 'application/json'
-    }
-    const requestOption = {}
-
-    try {
-      const res = await client.request(httpMethod, uriPath, queries, body, headers, requestOption)
-      return res.config
-    } catch (e) {
-      console.error('请求出错：', e)
-      throw e
-    }
-  }
-}
@@ -1,106 +0,0 @@
-import Core from '@alicloud/pop-core'
-import { AbstractAliyunPlugin } from '../abstract-aliyun.js'
-import { ZoneOptions } from '../../utils/index.js'
-
-const define = {
-  name: 'uploadCertToAliyun',
-  title: '上传证书到阿里云',
-  desc: '',
-  input: {
-    name: {
-      title: '证书名称',
-      helper: '证书上传后将以此参数作为名称前缀'
-    },
-    regionId: {
-      title: '大区',
-      value: 'cn-hangzhou',
-      component: {
-        name: 'a-select',
-        vModel: 'value',
-        options: ZoneOptions
-      },
-      required: true
-    },
-    accessProvider: {
-      title: 'Access授权',
-      helper: 'Access授权',
-      component: {
-        name: 'access-selector',
-        type: 'aliyun'
-      },
-      required: true
-    }
-  },
-  output: {
-    aliyunCertId: {
-      type: String,
-      desc: '上传成功后的阿里云CertId'
-    }
-  }
-}
-
-export class UploadCertToAliyun extends AbstractAliyunPlugin {
-  static define () {
-    return define
-  }
-
-  getClient (aliyunProvider) {
-    return new Core({
-      accessKeyId: aliyunProvider.accessKeyId,
-      accessKeySecret: aliyunProvider.accessKeySecret,
-      endpoint: 'https://cas.aliyuncs.com',
-      apiVersion: '2018-07-13'
-    })
-  }
-
-  async execute ({ cert, props, context }) {
-    const { name, accessProvider } = props
-    const certName = this.appendTimeSuffix(name || cert.domain)
-    const params = {
-      RegionId: props.regionId || 'cn-hangzhou',
-      Name: certName,
-      Cert: cert.crt,
-      Key: cert.key
-    }
-
-    const requestOption = {
-      method: 'POST'
-    }
-
-    const provider = this.getAccessProvider(accessProvider)
-    const client = this.getClient(provider)
-    const ret = await client.request('CreateUserCertificate', params, requestOption)
-    this.checkRet(ret)
-    this.logger.info('证书上传成功：aliyunCertId=', ret.CertId)
-    context.aliyunCertId = ret.CertId
-  }
-
-  /**
-   * 没用，现在阿里云证书不允许删除
-   * @param accessProviders
-   * @param cert
-   * @param props
-   * @param context
-   * @returns {Promise<void>}
-   */
-  async rollback ({ cert, props, context }) {
-    const { accessProvider } = props
-    const { aliyunCertId } = context
-    this.logger.info('准备删除阿里云证书:', aliyunCertId)
-    const params = {
-      RegionId: props.regionId || 'cn-hangzhou',
-      CertId: aliyunCertId
-    }
-
-    const requestOption = {
-      method: 'POST'
-    }
-
-    const provider = this.getAccessProvider(accessProvider)
-    const client = this.getClient(provider)
-    const ret = await client.request('DeleteUserCertificate', params, requestOption)
-    this.checkRet(ret)
-    this.logger.info('证书删除成功:', aliyunCertId)
-    delete context.aliyunCertId
-  }
-}