v0.2.0

refactor: 1
feat: 私钥升级为PKCS8
2026-04-10 10:20:56 +08:00 · 2021-12-02 17:01:24 +08:00 · 2021-12-02 17:00:24 +08:00 · 2021-12-02 16:47:46 +08:00 · 2021-11-04 18:02:14 +08:00 · 2021-11-04 18:00:30 +08:00
27 changed files with 7431 additions and 6767 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -15,3 +15,6 @@ node_modules/
 /packages/*/node_modules
 /packages/ui/certd-server/tmp/
 /packages/ui/certd-ui/dist/
+/other
+/dev-sidecar-test
+/packages/core/certd/yarn.lock
--- a/lerna.json
+++ b/lerna.json
@@ -2,5 +2,5 @@
  "packages": [
    "packages/*/*"
  ],
-  "version": "0.1.18"
+  "version": "0.2.0"
 }
--- a/packages/core/api/package-lock.json
+++ b/packages/core/api/package-lock.json
@@ -1,6 +1,6 @@
 {
  "name": "@certd/api",
-  "version": "0.1.17",
+  "version": "0.2.0",
  "lockfileVersion": 1,
  "requires": true,
  "dependencies": {
--- a/packages/core/api/package.json
+++ b/packages/core/api/package.json
@@ -1,6 +1,6 @@
 {
 	"name": "@certd/api",
-	"version": "0.1.17",
+	"version": "0.2.0",
 	"description": "",
 	"main": "src/index.js",
 	"type": "module",
--- a/packages/core/certd/.gitignore
+++ b/packages/core/certd/.gitignore
@@ -0,0 +1,7 @@
+.vscode/
+node_modules/
+npm-debug.log
+yarn-error.log
+yarn.lock
+package-lock.json
+/.idea/
--- a/packages/core/certd/package-lock.json
+++ b/packages/core/certd/package-lock.json
@@ -1,6 +1,6 @@
 {
  "name": "@certd/certd",
-  "version": "0.1.18",
+  "version": "0.2.0",
  "lockfileVersion": 1,
  "requires": true,
  "dependencies": {
--- a/packages/core/certd/package.json
+++ b/packages/core/certd/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@certd/certd",
-  "version": "0.1.18",
+  "version": "0.2.0",
  "description": "a ssl cert keeper",
  "main": "src/index.js",
  "scripts": {
@@ -10,8 +10,8 @@
  "author": "Greper",
  "license": "MIT",
  "dependencies": {
-    "@certd/acme-client": "^0.1.6",
-    "@certd/api": "^0.1.17",
+    "@certd/acme-client": "^0.2.0",
+    "@certd/api": "^0.2.0",
    "dayjs": "^1.9.7",
    "lodash-es": "^4.17.20",
    "node-forge": "^0.10.0"
--- a/packages/core/executor/package-lock.json
+++ b/packages/core/executor/package-lock.json
--- a/packages/core/executor/package.json
+++ b/packages/core/executor/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@certd/executor",
-  "version": "0.1.18",
+  "version": "0.2.0",
  "description": "",
  "main": "src/index.js",
  "scripts": {
@@ -10,15 +10,15 @@
  },
  "type": "module",
  "dependencies": {
-    "@certd/api": "^0.1.17",
-    "@certd/certd": "^0.1.18",
+    "@certd/api": "^0.2.0",
+    "@certd/certd": "^0.2.0",
    "dayjs": "^1.9.7",
    "lodash-es": "^4.17.20"
  },
  "devDependencies": {
-    "@certd/plugin-aliyun": "^0.1.18",
-    "@certd/plugin-host": "^0.1.18",
-    "@certd/plugin-tencent": "^0.1.18",
+    "@certd/plugin-aliyun": "^0.2.0",
+    "@certd/plugin-host": "^0.2.0",
+    "@certd/plugin-tencent": "^0.2.0",
    "@rollup/plugin-commonjs": "^17.0.0",
    "@rollup/plugin-json": "^4.1.0",
    "@rollup/plugin-node-resolve": "^11.0.1",
--- a/packages/core/executor/src/index.js
+++ b/packages/core/executor/src/index.js
@@ -58,14 +58,14 @@ export class Executor {
    logger.info('----------------------')
    if (!cert.isNew) {
      // 如果没有更新
-      if (!options.args.forceDeploy && !options.args.forceRedeploy) {
-        // 且不需要强制运行deploy
+      if (options.args.forceRedeploy) {
+        // 强制重新部署,清空保存的状态
+        await certd.certStore.setCurrentFile('context.json', '{}')
+      } else if (!options.args.forceDeploy) {
+        // 且不需要强制deploy
        logger.info('证书无更新，无需重新部署')
        logger.info('任务完成')
        return { cert }
-      } else {
-        // 强制重新运行,清空保存的状态
-        await certd.certStore.setCurrentFile('context.json', '{}')
      }
    }
    // 读取上次执行进度
@@ -88,15 +88,16 @@ export class Executor {
    logger.info('任务完成')
    trace.print()
    const result = resultTrace.get({ })
-    const returnData = {
+    if (result) {
+      if (result.status === 'error' && options.args.doNotThrowError === false) {
+        throw new Error(result.remark)
+      }
+    }
+    return {
      cert,
      context,
      result
    }
-    if (result.status === 'error' && options.args.doNotThrowError === false) {
-      throw new Error(result.remark)
-    }
-    return returnData
  }

  async runCertd (certd) {
--- a/packages/core/executor/src/trace.js
+++ b/packages/core/executor/src/trace.js
@@ -76,7 +76,9 @@ export class Trace {
      }
    }
    const result = this.get({ type: 'result' })
-    this.printTraceLine(result, 'result', '')
+    if (result) {
+      this.printTraceLine(result, 'result', '')
+    }
    const mainContext = {}
    _.merge(mainContext, context)
    delete mainContext.__trace__
--- a/packages/core/executor/yarn.lock
+++ b/packages/core/executor/yarn.lock
--- a/packages/plugins/plugin-aliyun/package-lock.json
+++ b/packages/plugins/plugin-aliyun/package-lock.json
@@ -1,6 +1,6 @@
 {
  "name": "@certd/plugin-aliyun",
-  "version": "0.1.18",
+  "version": "0.2.0",
  "lockfileVersion": 1,
  "requires": true,
  "dependencies": {
--- a/packages/plugins/plugin-aliyun/package.json
+++ b/packages/plugins/plugin-aliyun/package.json
@@ -1,17 +1,17 @@
 {
 	"name": "@certd/plugin-aliyun",
-	"version": "0.1.18",
+	"version": "0.2.0",
 	"description": "",
 	"main": "src/index.js",
 	"type": "module",
 	"dependencies": {
 		"@alicloud/pop-core": "^1.7.10",
-		"@certd/api": "^0.1.17",
+		"@certd/api": "^0.2.0",
 		"dayjs": "^1.9.7",
 		"lodash-es": "^4.17.20"
 	},
 	"devDependencies": {
-		"@certd/certd": "^0.1.18",
+		"@certd/certd": "^0.2.0",
 		"chai": "^4.2.0",
 		"eslint": "^7.15.0",
 		"eslint-config-standard": "^16.0.2",
--- a/packages/plugins/plugin-host/package-lock.json
+++ b/packages/plugins/plugin-host/package-lock.json
@@ -1,6 +1,6 @@
 {
  "name": "@certd/plugin-host",
-  "version": "0.1.18",
+  "version": "0.2.0",
  "lockfileVersion": 1,
  "requires": true,
  "dependencies": {
--- a/packages/plugins/plugin-host/package.json
+++ b/packages/plugins/plugin-host/package.json
@@ -1,17 +1,17 @@
 {
 	"name": "@certd/plugin-host",
-	"version": "0.1.18",
+	"version": "0.2.0",
 	"description": "",
 	"main": "src/index.js",
 	"type": "module",
 	"dependencies": {
-		"@certd/api": "^0.1.17",
+		"@certd/api": "^0.2.0",
 		"dayjs": "^1.9.7",
 		"lodash-es": "^4.17.20",
 		"ssh2": "^0.8.9"
 	},
 	"devDependencies": {
-		"@certd/certd": "^0.1.18",
+		"@certd/certd": "^0.2.0",
 		"chai": "^4.2.0",
 		"eslint": "^7.15.0",
 		"eslint-config-standard": "^16.0.2",
--- a/packages/plugins/plugin-host/src/access-providers/ssh.js
+++ b/packages/plugins/plugin-host/src/access-providers/ssh.js
@@ -17,7 +17,7 @@ export class SSHAccessProvider {
          required: true
        },
        password: { desc: '登录密码' },
-        publicKey: {
+        privateKey: {
          desc: '密钥，密码或此项必填一项'
        }
      }
--- a/packages/plugins/plugin-host/test/plugins/host-shell-execute.test.js
+++ b/packages/plugins/plugin-host/test/plugins/host-shell-execute.test.js
@@ -36,4 +36,17 @@ describe('HostShellExecute', function () {
    expect(ret).ok
    console.log('-----' + JSON.stringify(ret))
  })
+
+  it('#execute-publicKey-login', async function () {
+    this.timeout(10000)
+    const options = createOptions()
+    const plugin = new HostShellExecute(options)
+    const shellOpts = {
+      props: { script: ['ls'], accessProvider: 'tencent-ssh-base01' },
+      context: {}
+    }
+    const ret = await plugin.doExecute(shellOpts)
+    expect(ret).ok
+    console.log('-----' + JSON.stringify(ret))
+  })
 })
--- a/packages/plugins/plugin-tencent/package-lock.json
+++ b/packages/plugins/plugin-tencent/package-lock.json
@@ -1,6 +1,6 @@
 {
  "name": "@certd/plugin-tencent",
-  "version": "0.1.18",
+  "version": "0.2.0",
  "lockfileVersion": 1,
  "requires": true,
  "dependencies": {
--- a/packages/plugins/plugin-tencent/package.json
+++ b/packages/plugins/plugin-tencent/package.json
@@ -1,18 +1,18 @@
 {
 	"name": "@certd/plugin-tencent",
-	"version": "0.1.18",
+	"version": "0.2.0",
 	"description": "",
 	"main": "src/index.js",
 	"type": "module",
 	"dependencies": {
-		"@certd/api": "^0.1.17",
+		"@certd/api": "^0.2.0",
 		"dayjs": "^1.9.7",
 		"kubernetes-client": "^9.0.0",
 		"lodash-es": "^4.17.20",
 		"tencentcloud-sdk-nodejs": "^4.0.44"
 	},
 	"devDependencies": {
-		"@certd/certd": "^0.1.18",
+		"@certd/certd": "^0.2.0",
 		"chai": "^4.2.0",
 		"eslint": "^7.15.0",
 		"eslint-config-standard": "^16.0.2",
--- a/packages/plugins/plugin-tencent/src/dns-providers/dnspod.js
+++ b/packages/plugins/plugin-tencent/src/dns-providers/dnspod.js
@@ -29,7 +29,7 @@ export class DnspodDnsProvider extends AbstractDnsProvider {
    this.loginToken = accessProvider.id + ',' + accessProvider.token
  }

-  async doRequest (options) {
+  async doRequest (options, successCodes = []) {
    const config = {
      method: 'post',
      formData: {
@@ -43,8 +43,11 @@ export class DnspodDnsProvider extends AbstractDnsProvider {
    _.merge(config, options)

    const ret = await request(config)
-    if (!ret || !ret.status || ret.status.code !== '1') {
-      throw new Error('请求失败：' + ret.status.message + ',api=' + config.url)
+    if (!ret || !ret.status) {
+      const code = ret.status.code
+      if (code !== '1' || !successCodes.includes(code)) {
+        throw new Error('请求失败：' + ret.status.message + ',api=' + config.url)
+      }
    }
    return ret
  }
@@ -73,7 +76,7 @@ export class DnspodDnsProvider extends AbstractDnsProvider {
        value: value,
        mx: 1
      }
-    })
+    }, ['104'])// 104错误码为记录已存在，无需再次添加
    this.logger.info('添加域名解析成功:', fullRecord, value, JSON.stringify(ret.record))
    return ret.record
  }
--- a/packages/plugins/plugin-tencent/src/plugins/deploy-to-tke-ingress/index.js
+++ b/packages/plugins/plugin-tencent/src/plugins/deploy-to-tke-ingress/index.js
@@ -41,6 +41,11 @@ export class DeployCertToTencentTKEIngress extends AbstractTencentPlugin {
          label: 'ingress名称',
          desc: '支持多个（传入数组）'
        },
+        ingressClass: {
+          type: String,
+          label: 'ingress类型',
+          desc: '可选 qcloud / nginx'
+        },
        clusterIp: {
          type: String,
          label: '集群内网ip',
@@ -86,7 +91,13 @@ export class DeployCertToTencentTKEIngress extends AbstractTencentPlugin {
      // 修改内网解析ip地址
      k8sClient.setLookup({ [clusterDomain]: { ip: props.clusterIp } })
    }
-    await this.patchCertSecret({ k8sClient, props, context })
+    const ingressType = props.ingressClass || 'qcloud'
+    if (ingressType === 'qcloud') {
+      await this.patchQcloudCertSecret({ k8sClient, props, context })
+    } else {
+      await this.patchNginxCertSecret({ cert, k8sClient, props, context })
+    }
+
    await this.sleep(2000) // 停留2秒，等待secret部署完成
    await this.restartIngress({ k8sClient, props })
    return true
@@ -121,7 +132,7 @@ export class DeployCertToTencentTKEIngress extends AbstractTencentPlugin {
    return ret.Kubeconfig
  }

-  async patchCertSecret ({ k8sClient, props, context }) {
+  async patchQcloudCertSecret ({ k8sClient, props, context }) {
    const { tencentCertId } = context
    if (tencentCertId == null) {
      throw new Error('请先将【上传证书到腾讯云】作为前置任务')
@@ -151,6 +162,35 @@ export class DeployCertToTencentTKEIngress extends AbstractTencentPlugin {
    }
  }

+  async patchNginxCertSecret ({ cert, k8sClient, props, context }) {
+    const crt = cert.crt
+    const key = cert.key
+    const crtBase64 = Buffer.from(crt).toString('base64')
+    const keyBase64 = Buffer.from(key).toString('base64')
+
+    const { namespace, secretName } = props
+
+    const body = {
+      data: {
+        'tls.crt': crtBase64,
+        'tls.key': keyBase64
+      },
+      metadata: {
+        labels: {
+          certd: this.appendTimeSuffix('certd')
+        }
+      }
+    }
+    let secretNames = secretName
+    if (typeof secretName === 'string') {
+      secretNames = [secretName]
+    }
+    for (const secret of secretNames) {
+      await k8sClient.patchSecret({ namespace, secretName: secret, body })
+      this.logger.info(`CertSecret已更新:${secret}`)
+    }
+  }
+
  async restartIngress ({ k8sClient, props }) {
    const { namespace, ingressName } = props

--- a/packages/plugins/plugin-tencent/test/plugins/deploy-to-tke-ingress-nginx.test.js
+++ b/packages/plugins/plugin-tencent/test/plugins/deploy-to-tke-ingress-nginx.test.js
@@ -0,0 +1,59 @@
+import pkg from 'chai'
+import { DeployCertToTencentTKEIngress } from '../../src/plugins/deploy-to-tke-ingress/index.js'
+import { Certd } from '@certd/certd'
+import { createOptions } from '../../../../../test/options.js'
+import { K8sClient } from '../../src/utils/util.k8s.client.js'
+
+const { expect } = pkg
+
+async function getOptions () {
+  const options = createOptions()
+  options.args.test = false
+  options.cert.email = 'xiaojunnuo@qq.com'
+  options.cert.domains = ['*.docmirror.cn']
+  const certd = new Certd(options)
+  const cert = await certd.readCurrentCert()
+  const context = {}
+  const deployOpts = {
+    accessProviders: options.accessProviders,
+    cert,
+    props: {
+      accessProvider: 'tencent-yonsz',
+      region: 'ap-guangzhou',
+      clusterId: 'cls-6lbj1vee'
+    },
+    context
+  }
+  return { options, deployOpts }
+}
+
+describe('DeployCertToTencentTKEIngressNginx', function () {
+  it('#getTKESecrets', async function () {
+    this.timeout(50000)
+    const { options, deployOpts } = await getOptions()
+    const plugin = new DeployCertToTencentTKEIngress(options)
+    const tkeClient = plugin.getTkeClient(options.accessProviders[deployOpts.props.accessProvider], deployOpts.props.region)
+    const kubeConfig = await plugin.getTkeKubeConfig(tkeClient, deployOpts.props.clusterId)
+
+    const k8sClient = new K8sClient(kubeConfig)
+    k8sClient.setLookup({
+      'cls-6lbj1vee.ccs.tencent-cloud.com': { ip: '13.123.123.123' }
+    })
+    const secrets = await k8sClient.getSecret({ namespace: 'stress' })
+
+    console.log('secrets:', secrets)
+  })
+  it('#execute', async function () {
+    this.timeout(5000)
+
+    const { options, deployOpts } = await getOptions()
+    deployOpts.props.ingressName = 'stress-ingress-nginx'
+    deployOpts.props.ingressClass = 'nginx'
+    deployOpts.props.secretName = 'stress-all'
+    deployOpts.props.namespace = 'stress'
+    const plugin = new DeployCertToTencentTKEIngress(options)
+
+    const ret = await plugin.doExecute(deployOpts)
+    console.log('sucess', ret)
+  })
+})
--- a/packages/ui/certd-server/package-lock.json
+++ b/packages/ui/certd-server/package-lock.json
@@ -1,6 +1,6 @@
 {
  "name": "@certd/server",
-  "version": "0.1.18",
+  "version": "0.2.0",
  "lockfileVersion": 1,
  "requires": true,
  "dependencies": {
--- a/packages/ui/certd-server/package.json
+++ b/packages/ui/certd-server/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@certd/server",
-  "version": "0.1.18",
+  "version": "0.2.0",
  "private": false,
  "type": "module",
  "scripts": {
@@ -10,11 +10,11 @@
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "dependencies": {
-    "@certd/api": "^0.1.17",
-    "@certd/executor": "^0.1.18",
-    "@certd/plugin-aliyun": "^0.1.18",
-    "@certd/plugin-host": "^0.1.18",
-    "@certd/plugin-tencent": "^0.1.18",
+    "@certd/api": "^0.2.0",
+    "@certd/executor": "^0.2.0",
+    "@certd/plugin-aliyun": "^0.2.0",
+    "@certd/plugin-host": "^0.2.0",
+    "@certd/plugin-tencent": "^0.2.0",
    "compressing": "^1.5.1",
    "debug": "^4.1.1",
    "fs-extra": "^9.1.0",
--- a/packages/ui/certd-ui/package-lock.json
+++ b/packages/ui/certd-ui/package-lock.json
@@ -1,6 +1,6 @@
 {
  "name": "@certd/certd-ui",
-  "version": "0.1.18",
+  "version": "0.2.0",
  "lockfileVersion": 1,
  "requires": true,
  "dependencies": {
--- a/packages/ui/certd-ui/package.json
+++ b/packages/ui/certd-ui/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@certd/certd-ui",
-  "version": "0.1.18",
+  "version": "0.2.0",
  "private": false,
  "scripts": {
    "dev": "vue-cli-service serve",
Author	SHA1	Message	Date
xiaojunnuo	5fbd774266	v0.2.0	2021-12-02 17:01:24 +08:00
xiaojunnuo	bdec010d2e	refactor: 1	2021-12-02 17:00:24 +08:00
xiaojunnuo	05a00b7b78	feat: 私钥升级为PKCS8	2021-12-02 16:47:46 +08:00
xiaojunnuo	eaf23c3034	v0.1.21	2021-11-04 18:02:14 +08:00
xiaojunnuo	276a8b35e5	feat: 支持腾讯云nginx-ingress	2021-11-04 18:00:30 +08:00
xiaojunnuo	466d659f6e	fix: 修改ssh privateKey参数名	2021-06-09 17:50:18 +08:00
xiaojunnuo	84e26381b5	v0.1.20	2021-06-02 09:15:30 +08:00
xiaojunnuo	469b5a5f69	fix: fix 任务成功后不需要重新运行	2021-06-02 09:14:10 +08:00
xiaojunnuo	ad77ebd2f9	refactor: 1	2021-03-17 18:06:06 +08:00
xiaojunnuo	b75543c3bc	v0.1.19	2021-03-16 19:14:31 +08:00
xiaojunnuo	0677275742	refactor: 1	2021-03-16 18:40:16 +08:00
xiaojunnuo	0c3724e0ad	refactor: 1	2021-03-16 18:27:24 +08:00
xiaojunnuo	803083d23c	refactor: 1	2021-03-16 18:25:11 +08:00
xiaojunnuo	f4f8067a12	refactor: new client	2021-03-15 19:04:46 +08:00