diff options
author | Konstantin Alekseev <mail@kalekseev.com> | 2019-09-21 17:55:53 +0300 |
---|---|---|
committer | René Moser <mail@renemoser.net> | 2019-09-21 16:55:53 +0200 |
commit | 8cabf1c1d87b8543872684c4d17df461515be7e1 (patch) | |
tree | bb689e3e93624c82104468cd5fc498ae868cc433 /lib/ansible/modules/net_tools/cloudflare_dns.py | |
parent | c6dcf78f536fc130a3a4ce1f736aaaaa3e2486b6 (diff) | |
download | ansible-8cabf1c1d87b8543872684c4d17df461515be7e1.tar.gz |
Support cloudflare API Tokens. (#62043)
API Tokens provide a new way to authenticate with the Cloudflare API.
They allow for scoped and permissioned access to resources.
Diffstat (limited to 'lib/ansible/modules/net_tools/cloudflare_dns.py')
-rw-r--r-- | lib/ansible/modules/net_tools/cloudflare_dns.py | 47 |
1 files changed, 38 insertions, 9 deletions
diff --git a/lib/ansible/modules/net_tools/cloudflare_dns.py b/lib/ansible/modules/net_tools/cloudflare_dns.py index 7dd9008bff..94be19a411 100644 --- a/lib/ansible/modules/net_tools/cloudflare_dns.py +++ b/lib/ansible/modules/net_tools/cloudflare_dns.py @@ -23,17 +23,26 @@ short_description: Manage Cloudflare DNS records description: - "Manages dns records via the Cloudflare API, see the docs: U(https://api.cloudflare.com/)" options: + api_token: + description: + - API token. + - Required for api token authentication. + - "You can obtain your API token from the bottom of the Cloudflare 'My Account' page, found here: U(https://dash.cloudflare.com/)" + type: str + required: false + version_added: '2.10' account_api_token: description: - - Account API token. + - Account API key. + - Required for api keys authentication. - "You can obtain your API key from the bottom of the Cloudflare 'My Account' page, found here: U(https://dash.cloudflare.com/)" type: str - required: true + required: false account_email: description: - - Account email. + - Account email. Required for api keys authentication. type: str - required: true + required: false algorithm: description: - Algorithm number. @@ -162,6 +171,14 @@ EXAMPLES = r''' account_api_token: dummyapitoken register: record +- name: Create a record using api token + cloudflare_dns: + zone: my.com + record: test + type: A + value: 127.0.0.1 + api_token: dummyapitoken + - name: Create a my.com CNAME record to example.com cloudflare_dns: zone: my.com @@ -367,6 +384,7 @@ class CloudflareAPI(object): def __init__(self, module): self.module = module + self.api_token = module.params['api_token'] self.account_api_token = module.params['account_api_token'] self.account_email = module.params['account_email'] self.algorithm = module.params['algorithm'] @@ -418,9 +436,17 @@ class CloudflareAPI(object): self.module.fail_json(msg="DS records only apply to subdomains.") def _cf_simple_api_call(self, api_call, method='GET', payload=None): - headers = {'X-Auth-Email': self.account_email, - 'X-Auth-Key': self.account_api_token, - 'Content-Type': 'application/json'} + if self.api_token: + headers = { + 'Authorization': 'Bearer ' + self.api_token, + 'Content-Type': 'application/json', + } + else: + headers = { + 'X-Auth-Email': self.account_email, + 'X-Auth-Key': self.account_api_token, + 'Content-Type': 'application/json', + } data = None if payload: try: @@ -766,8 +792,9 @@ class CloudflareAPI(object): def main(): module = AnsibleModule( argument_spec=dict( - account_api_token=dict(type='str', required=True, no_log=True), - account_email=dict(type='str', required=True), + api_token=dict(type='str', required=False, no_log=True), + account_api_token=dict(type='str', required=False, no_log=True), + account_email=dict(type='str', required=False), algorithm=dict(type='int'), cert_usage=dict(type='int', choices=[0, 1, 2, 3]), hash_type=dict(type='int', choices=[1, 2]), @@ -797,6 +824,8 @@ def main(): ], ) + if not module.params['api_token'] and not (module.params['account_api_token'] and module.params['account_email']): + module.fail_json(msg="Either api_token or account_api_token and account_email params are required.") if module.params['type'] == 'SRV': if not ((module.params['weight'] is not None and module.params['port'] is not None and not (module.params['value'] is None or module.params['value'] == '')) |