Support cloudflare API Tokens. (#62043)

API Tokens provide a new way to authenticate with the Cloudflare API.
They allow for scoped and permissioned access to resources.
This commit is contained in:
Konstantin Alekseev 2019-09-21 17:55:53 +03:00 committed by René Moser
parent c6dcf78f53
commit 8cabf1c1d8
2 changed files with 67 additions and 9 deletions

View file

@ -23,17 +23,26 @@ short_description: Manage Cloudflare DNS records
description:
- "Manages dns records via the Cloudflare API, see the docs: U(https://api.cloudflare.com/)"
options:
api_token:
description:
- API token.
- Required for api token authentication.
- "You can obtain your API token from the bottom of the Cloudflare 'My Account' page, found here: U(https://dash.cloudflare.com/)"
type: str
required: false
version_added: '2.10'
account_api_token:
description:
- Account API token.
- Account API key.
- Required for api keys authentication.
- "You can obtain your API key from the bottom of the Cloudflare 'My Account' page, found here: U(https://dash.cloudflare.com/)"
type: str
required: true
required: false
account_email:
description:
- Account email.
- Account email. Required for api keys authentication.
type: str
required: true
required: false
algorithm:
description:
- Algorithm number.
@ -162,6 +171,14 @@ EXAMPLES = r'''
account_api_token: dummyapitoken
register: record
- name: Create a record using api token
cloudflare_dns:
zone: my.com
record: test
type: A
value: 127.0.0.1
api_token: dummyapitoken
- name: Create a my.com CNAME record to example.com
cloudflare_dns:
zone: my.com
@ -367,6 +384,7 @@ class CloudflareAPI(object):
def __init__(self, module):
self.module = module
self.api_token = module.params['api_token']
self.account_api_token = module.params['account_api_token']
self.account_email = module.params['account_email']
self.algorithm = module.params['algorithm']
@ -418,9 +436,17 @@ class CloudflareAPI(object):
self.module.fail_json(msg="DS records only apply to subdomains.")
def _cf_simple_api_call(self, api_call, method='GET', payload=None):
headers = {'X-Auth-Email': self.account_email,
'X-Auth-Key': self.account_api_token,
'Content-Type': 'application/json'}
if self.api_token:
headers = {
'Authorization': 'Bearer ' + self.api_token,
'Content-Type': 'application/json',
}
else:
headers = {
'X-Auth-Email': self.account_email,
'X-Auth-Key': self.account_api_token,
'Content-Type': 'application/json',
}
data = None
if payload:
try:
@ -766,8 +792,9 @@ class CloudflareAPI(object):
def main():
module = AnsibleModule(
argument_spec=dict(
account_api_token=dict(type='str', required=True, no_log=True),
account_email=dict(type='str', required=True),
api_token=dict(type='str', required=False, no_log=True),
account_api_token=dict(type='str', required=False, no_log=True),
account_email=dict(type='str', required=False),
algorithm=dict(type='int'),
cert_usage=dict(type='int', choices=[0, 1, 2, 3]),
hash_type=dict(type='int', choices=[1, 2]),
@ -797,6 +824,8 @@ def main():
],
)
if not module.params['api_token'] and not (module.params['account_api_token'] and module.params['account_email']):
module.fail_json(msg="Either api_token or account_api_token and account_email params are required.")
if module.params['type'] == 'SRV':
if not ((module.params['weight'] is not None and module.params['port'] is not None
and not (module.params['value'] is None or module.params['value'] == ''))

View file

@ -52,6 +52,35 @@
- cloudflare_dns is failed
- "cloudflare_dns.msg.find('but all of the following are missing: ') != -1"
- name: "Test: partial credentials"
cloudflare_dns:
account_email: "{{ cloudflare_email }}"
zone: "{{ cloudflare_zone }}"
type: A
value: 127.0.0.1
ignore_errors: true
register: cloudflare_dns
- name: "Validate: partial credentials"
assert:
that:
- cloudflare_dns is failed
- "cloudflare_dns.msg.find('Either api_token or account_api_token and account_email params are required.') != -1"
- name: "Test: api token, zone and type"
cloudflare_dns:
api_token: dummyapitoken
zone: "{{ cloudflare_zone }}"
type: TXT
ignore_errors: true
register: cloudflare_dns
- name: "Validate: api token, zone and type"
assert:
that:
- cloudflare_dns is failed
- "cloudflare_dns.msg.find('but all of the following are missing: ') != -1"
######## record tests #################
- include: a_record.yml