added partial cloudflare api integration

engine/resources/cloudflare_dns.go

@@ -0,0 +1,512 @@
+// Mgmt
+// Copyright (C) James Shubin and the project contributors
+// Written by James Shubin <james@shubin.ca> and the project contributors
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program.  If not, see <https://www.gnu.org/licenses/>.
+//
+// Additional permission under GNU GPL version 3 section 7
+//
+// If you modify this program, or any covered work, by linking or combining it
+// with embedded mcl code and modules (and that the embedded mcl code and
+// modules which link with this program, contain a copy of their source code in
+// the authoritative form) containing parts covered by the terms of any other
+// license, the licensors of this program grant you additional permission to
+// convey the resulting work. Furthermore, the licensors of this program grant
+// the original author, James Shubin, additional permission to update this
+// additional permission if he deems it necessary to achieve the goals of this
+// additional permission.
+
+package resources
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/purpleidea/mgmt/engine"
+	"github.com/purpleidea/mgmt/engine/traits"
+	"github.com/purpleidea/mgmt/util/errwrap"
+
+	"github.com/cloudflare/cloudflare-go/v6"
+	"github.com/cloudflare/cloudflare-go/v6/zones"
+)
+
+func init() {
+	engine.RegisterResource("cloudflare:dns", func() engine.Res { return &CloudflareDNSRes{} })
+}
+
+// TODO: description of cloudflare_dns resource
+type CloudflareDNSRes struct {
+	traits.Base
+	init *engine.Init
+
+	APIToken string `lang:"apitoken"`
+
+	Comment string `lang:"comment"`
+
+	Content string `lang:"content"`
+
+	// using a *int64 here to help with disambiguating nil values
+	Priority *int64 `lang:"priority"`
+
+	// using a *bool here to help with disambiguating nil values
+	Proxied *bool `lang:"proxied"`
+
+	Purged bool `lang:"purged"`
+
+	RecordName string `lang:"record_name"`
+
+	State string `lang:"state"`
+
+	TTL int64 `lang:"ttl"`
+
+	Type string `lang:"type"`
+
+	Zone string `lang:"zone"`
+
+	client *cloudflare.Client
+	zoneID string
+}
+
+func (obj *CloudflareDNSRes) Default() engine.Res {
+	return &CloudflareDNSRes{
+		State: "exists",
+		TTL:   1, // this sets TTL to automatic
+	}
+}
+
+func (obj *CloudflareDNSRes) Validate() error {
+	if obj.RecordName == "" {
+		return fmt.Errorf("record name is required")
+	}
+
+	if obj.APIToken == "" {
+		return fmt.Errorf("API token is required")
+	}
+
+	if obj.Type == "" {
+		return fmt.Errorf("record type is required")
+	}
+
+	if (obj.TTL < 60 || obj.TTL > 86400) && obj.TTL != 1 { // API requirement
+		return fmt.Errorf("TTL must be between 60s and 86400s, or set to 1")
+	}
+
+	if obj.Zone == "" {
+		return fmt.Errorf("zone name is required")
+	}
+
+	if obj.State != "exists" && obj.State != "absent" && obj.State != "" {
+		return fmt.Errorf("state must be either 'exists', 'absent', or empty")
+	}
+
+	if obj.State == "exists" && obj.Content == "" && !obj.Purge {
+		return fmt.Errorf("content is required when state is 'exists'")
+	}
+
+	if obj.MetaParams().Poll == 0 {
+		return fmt.Errorf("cloudflare:dns requiers polling, set Meta:poll param	(e.g., 60 seconds)")
+	}
+
+	return nil
+}
+
+func (obj *CloudflareDNSRes) Init(init *engine.Init) error {
+	obj.init = init
+
+	obj.client = cloudflare.NewClient(
+		option.WithAPIToken(obj.APIToken),
+	)
+
+	//TODO: does it make more sense to check it here or in CheckApply()?
+	//zoneListParams := zones.ZoneListParams{
+	//	name: cloudflare.F(obj.Zone),
+	//}
+
+	//zoneList, err := obj.client.Zones.List(context.Background(), zoneListParams)
+	//if err != nil {
+	//	return errwrap.Wrapf(err, "failed to list zones")
+	//}
+
+	//if len(zoneList.Result) == 0 {
+	//	return fmt.Errorf("zone %s not found", obj.Zone)
+	//}
+
+	obj.zoneID = zoneList.Results[0].ID
+
+	return nil
+}
+
+func (obj *CloudflareDNSRes) Cleanup() error {
+	obj.APIToken = ""
+	obj.client = nil
+	obj.zoneID = ""
+	return nil
+}
+
+// Watch isn't implemented for this resource, since the Cloudflare API does not
+// provide any event stream. Instead, always use polling.
+func (obj *CloudflareDNSRes) Watch(context.Context) error {
+	return fmt.Errorf("invalid Watch call: requires poll metaparam")
+}
+
+func (obj *CloudflareDNSRes) CheckApply(ctx context.Context, apply bool) (bool, error) {
+	zone, err := obj.client.Zones.List(ctx, zones.ZoneListParams{
+		RecordName: cloudflare.F(obj.Zone),
+	})
+	if err != nil {
+		return false, fmt.Errorf(err)
+	}
+
+	if len(zone.Result) == 0 {
+		return false, fmt.Errorf("there's no zone registered with name %s", obj.Zone)
+	}
+
+	if len(zone.Result) > 1 {
+		return false, fmt.Errorf("there's more than one zone with name %s", obj.Zone)
+	}
+
+	// We start by checking the need for purging
+	if obj.Purge {
+		checkOK, err := obj.purgeCheckApply(ctx, apply)
+		if err != nil {
+			return false, err
+		}
+		if !checkOK {
+			return false, nil
+		}
+	}
+
+	// List existing records
+	listParams := dns.RecordListParams{
+		ZoneID: cloudflare.F(obj.zoneID),
+		Name:   cloudflare.F(obj.RecordName),
+		Type:   cloudflare.F(dns.RecordListParamsType(obj.Type)),
+	}
+
+	recordList, err := obj.client.DNS.Records.List(ctx, listParams)
+	if err != nil {
+		return false, errwrap.Wrapf(err, "failed to list DNS records")
+	}
+
+	recordExists := len(records.Result) > 0
+	var record dns.Record
+	if recordExists {
+		record = recordList.Result[0]
+	}
+
+	switch obj.State {
+	case "exists", "":
+		if !recordExists {
+			if !apply {
+				return false, nil
+			}
+
+			if err := obj.createRecord(ctx); err != nil {
+				return false, err
+			}
+
+			return true, nil
+		}
+
+		if obj.needsUpdate(record) {
+			if !apply {
+				return false, nil
+			}
+
+			if err := obj.updateRecord(ctx, record.ID); err != nil {
+				return false, err
+			}
+			return true, nil
+		}
+
+	case "absent":
+		if recordExists {
+			if !apply {
+				return false, nil
+			}
+
+			deleteParams := dns.RecordDeleteParams{
+				ZoneID: cloudflare.F(obj.zoneID),
+			}
+
+			_, err := obj.client.DNS.Reords.Delete(ctx, record.ID, deleteParams)
+			if err != nil {
+				return false, errwrap.Wrapf(err, "failed to delete DNS record")
+			}
+			return true, nil
+		}
+	}
+
+	return true, nil
+}
+
+func (obj *CloudflareDNSRes) Cmp(r engine.Res) error {
+	if obj == nil && r == nil {
+		return nil
+	}
+
+	if (obj == nil) != (r == nil) {
+		return fmt.Errorf("one resource is empty")
+	}
+
+	res, ok := r.(*CloudflareDNSRes)
+	if !ok {
+		return fmt.Errorf("not a %s", obj.Kind())
+	}
+
+	if obj.APIToken != res.APIToken {
+		return fmt.Errorf("apitoken differs")
+	}
+
+	// check how this being a pointer influences this check
+	if obj.Proxied != res.Proxied {
+		return fmt.Errorf("proxied values differ")
+	}
+
+	if obj.RecordName != res.RecordName {
+		return fmt.Errorf("record name differs")
+	}
+
+	if obj.Purged != res.Purged {
+		return fmt.Errorf("purge value differs")
+	}
+
+	if obj.State != res.State {
+		return fmt.Errorf("state differs")
+	}
+
+	if obj.TTL != res.TTL {
+		return fmt.Errorf("ttl differs")
+	}
+
+	if obj.Type != res.Type {
+		return fmt.Errorf("record type differs")
+	}
+
+	if obj.Zone != res.Zone {
+		return fmt.Errorf("zone differs")
+	}
+
+	if obj.zoneID != res.zoneID {
+		return fmt.Errorf("zoneid differs")
+	}
+
+	if obj.Content != res.Content {
+		return fmt.Errorf("content param differs")
+	}
+
+	// check how this being a pointer influences this check
+	if obj.Priority != res.Priority {
+		return fmt.Errorf("the priority param differs")
+	}
+
+	return nil
+}
+
+func (obj *CloudflareDNSRes) buildRecordParam() dns.RecordNewParamsBodyUnion {
+	ttl := dns.TTL(obj.TTL)
+
+	switch obj.Type {
+	case "A":
+		param := dns.ARecordParam{
+			Name:    cloudflare.F(obj.RecordName),
+			Type:    cloudflare.F(dns.ARecordTypeA),
+			Content: cloudflare.F(obj.Content),
+			TTL:     cloudflare.F(ttl),
+		}
+		if obj.Proxied != nil {
+			param.Proxied = cloudflare.F(*obj.Proxied)
+		}
+		if obj.Comment != "" {
+			param.Comment = cloudflare.F(obj.Comment)
+		}
+		return param
+
+	case "AAAA":
+		param := dns.AAAARecordParam{
+			Name:    cloudflare.F(obj.RecordName),
+			Type:    cloudflare.F(dns.AAAARecordTypeAAAA),
+			Content: cloudflare.F(obj.Content),
+			TTL:     cloudflare.F(ttl),
+		}
+		if obj.Proxied != nil {
+			param.Proxied = cloudflare.F(*obj.Proxied)
+		}
+		if obj.Comment != "" {
+			param.Comment = cloudflare.F(obj.Comment)
+		}
+		return param
+
+	case "CNAME":
+		param := dns.CNAMERecordParam{
+			Name:    cloudflare.F(obj.RecordName),
+			Type:    cloudflare.F(dns.CNAMERecordTypeCNAME),
+			Content: cloudflare.F(obj.Content),
+			TTL:     cloudflare.F(ttl),
+		}
+		if obj.Proxied != nil {
+			param.Proxied = cloudflare.F(*obj.Proxied)
+		}
+		if obj.Comment != "" {
+			param.Comment = cloudflare.F(obj.Comment)
+		}
+		return param
+
+	case "MX":
+		param := dns.MXRecordParam{
+			Name:    cloudflare.F(obj.RecordName),
+			Type:    cloudflare.F(dns.MXRecordTypeMX),
+			Content: cloudflare.F(obj.Content),
+			TTL:     cloudflare.F(ttl),
+		}
+		if obj.Proxied != nil {
+			param.Proxied = cloudflare.F(*obj.Proxied)
+		}
+		if obj.Priority != nil { // required for MX record
+			param.Priority = cloudflare.F(*obj.Priority)
+		}
+		if obj.Comment != "" {
+			param.Comment = cloudflare.F(obj.Comment)
+		}
+		return param
+
+	case "TXT":
+		param := dns.TXTRecordParam{
+			Name:    cloudflare.F(obj.RecordName),
+			Type:    cloudflare.F(dns.TXTRecordTypeTXT),
+			Content: cloudflare.F(obj.Content),
+			TTL:     cloudflare.F(ttl),
+		}
+		if obj.Proxied != nil {
+			param.Proxied = cloudflare.F(*obj.Proxied)
+		}
+		if obj.Comment != "" {
+			param.Comment = cloudflare.F(obj.Comment)
+		}
+		return param
+
+	case "NS":
+		param := dns.NSRecordParam{
+			Name:    cloudflare.F(obj.RecordName),
+			Type:    cloudflare.F(dns.NSRecordTypeNS),
+			Content: cloudflare.F(obj.Content),
+			TTL:     cloudflare.F(ttl),
+		}
+		if obj.Proxied != nil {
+			param.Proxied = cloudflare.F(*obj.Proxied)
+		}
+		if obj.Comment != "" {
+			param.Comment = cloudflare.F(obj.Comment)
+		}
+		return param
+
+	case "SRV":
+		param := dns.SRVRecordParam{
+			Name:    cloudflare.F(obj.RecordName),
+			Type:    cloudflare.F(dns.SRVRecordTypeSRV),
+			Content: cloudflare.F(obj.Content),
+			TTL:     cloudflare.F(ttl),
+		}
+		if obj.Proxied != nil {
+			param.Proxied = cloudflare.F(*obj.Proxied)
+		}
+		if obj.Priority != nil {
+			param.Priority = cloudflare.F(*obj.Priority)
+		}
+		if obj.Comment != "" {
+			param.Comment = cloudflare.F(obj.Comment)
+		}
+		return param
+
+	case "PTR":
+		param := dns.PTRRecordParam{
+			Name:    cloudflare.F(obj.RecordName),
+			Type:    cloudflare.F(dns.PTRRecordTypePTR),
+			Content: cloudflare.F(obj.Content),
+			TTL:     cloudflare.F(ttl),
+		}
+		if obj.Proxied != nil {
+			param.Proxied = cloudflare.F(*obj.Proxied)
+		}
+		if obj.Comment != "" {
+			param.Comment = cloudflare.F(obj.Comment)
+		}
+		return param
+
+	default: // we should return something else here, need to investigate
+
+	}
+}
+
+func (obj *CloudflareDNSRes) createRecord(ctx context.Context) error {
+	recordParams := obj.buildRecordParam()
+
+	createParams := dns.RecordNewParams{
+		ZoneID: cloudflare.F(obj.zoneID),
+		Body:   recordParams,
+	}
+
+	_, err := obj.client.DNS.Records.New(ctx, createParams)
+	if err != nil {
+		return errwrap.Wrapf(err, "failed to create dns record")
+	}
+
+	return nil
+}
+
+func (obj *CloudflareDNSRes) updateRecord(ctx context.Context, recordID string) error {
+	recordParams := obj.buildRecordParam()
+
+	editParams := dns.RecordEditParams{
+		ZoneID: cloudflare.F(obj.zoneID),
+		Body:   recordParams,
+	}
+
+	_, err := obj.client.DNS.Records.Edit(ctx, recordID, editParams)
+	if err != nil {
+		return errwrap.Wrapf(err, "failed to update dns record")
+	}
+
+	return nil
+}
+
+func (obj *CloudflareDNSRes) needsUpdate(record dns.Record) bool {
+	if obj.Content != record.Content {
+		return true
+	}
+
+	if obj.TTL != int64(record.TTL) {
+		return true
+	}
+
+	if obj.Proxied != nil && record.Proxied != nil {
+		if *obj.Proxied != *record.Proxied {
+			return true
+		}
+	}
+
+	if obj.Priority != nil && record.Priority != nil {
+		if *obj.Priority != *record.Priority {
+			return true
+		}
+	}
+
+	if obj.Comment != record.Comment {
+		return true
+	}
+
+	// TODO add more checks?
+
+	return false
+}