[cloudflare_dns] KeyError: 'success' if top level domain is blocked

[lucasbasquerotto]

---

name: 🐛 Bug report

SUMMARY

I have been using this cloudflare module to manage my domains at cloudflare for more than 1 year, and it worked fine. I have a free domain that ends with .tk, and for some obscure reason, 2 days ago, Cloudflare stopped allowing adding such domains through the API.

ISSUE TYPE

• Bug Report

COMPONENT NAME

cloudflare_dns

ANSIBLE VERSION

ansible 2.8.1
  config file = /root/ctl/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/dist-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.15+ (default, Nov 27 2018, 23:36:35) [GCC 7.3.0]

CONFIGURATION

DEFAULT_CALLBACK_WHITELIST(/root/ctl/ansible.cfg) = [u'custom']
DEFAULT_HOST_LIST(/root/ctl/ansible.cfg) = [u'/root/ctl/hosts']
DEFAULT_STDOUT_CALLBACK(/root/ctl/ansible.cfg) = custom
HOST_KEY_CHECKING(/root/ctl/ansible.cfg) = False
INTERPRETER_PYTHON(/root/ctl/ansible.cfg) = /usr/bin/python3

OS / ENVIRONMENT

Docker container running inside Ubuntu 18.04

STEPS TO REPRODUCE

Use the cloudflare_dns module with a domain ending with tk.

EXPECTED RESULTS

Meaningful error.

ACTUAL RESULTS

Bad error (KeyError: 'success').

ADDITIONAL INFORMATION

When a new record is created, the module works. But when it's updated or deleted I received the error:

An exception occurred during task execution. To see the full traceback, use -vvv. The error was: KeyError: 'success'
fatal: [localhost]: FAILED! => changed=false 
  module_stderr: |-
    Traceback (most recent call last):
      File "/root/.ansible/tmp/ansible-tmp-1587765608.59-175032794512197/AnsiballZ_cloudflare_dns.py", line 114, in <module>
        _ansiballz_main()
      File "/root/.ansible/tmp/ansible-tmp-1587765608.59-175032794512197/AnsiballZ_cloudflare_dns.py", line 106, in _ansiballz_main
        invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
      File "/root/.ansible/tmp/ansible-tmp-1587765608.59-175032794512197/AnsiballZ_cloudflare_dns.py", line 49, in invoke_module
        imp.load_module('__main__', mod, module, MOD_DESC)
      File "/usr/lib/python3.6/imp.py", line 235, in load_module
        return load_source(name, filename, file)
      File "/usr/lib/python3.6/imp.py", line 170, in load_source
        module = _exec(spec, sys.modules[name])
      File "<frozen importlib._bootstrap>", line 618, in _exec
      File "<frozen importlib._bootstrap_external>", line 678, in exec_module
      File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
      File "/tmp/ansible_cloudflare_dns_payload_7qn4_xv1/__main__.py", line 853, in <module>
      File "/tmp/ansible_cloudflare_dns_payload_7qn4_xv1/__main__.py", line 840, in main
      File "/tmp/ansible_cloudflare_dns_payload_7qn4_xv1/__main__.py", line 602, in delete_dns_records
      File "/tmp/ansible_cloudflare_dns_payload_7qn4_xv1/__main__.py", line 492, in _cf_api_call
      File "/tmp/ansible_cloudflare_dns_payload_7qn4_xv1/__main__.py", line 480, in _cf_simple_api_call
    KeyError: 'success'
  module_stdout: ''
  msg: |-
    MODULE FAILURE
    See stdout/stderr for the exact error
  rc: 1

Which tells nothing in the end, except that the following line throws an error:

community.general/plugins/modules/net_tools/cloudflare_dns.py

Line 499 in 8f90360

if not result['success']:

when it tries to access result['success'], because in this case it's not even false, it is not defined at all.

I changed the following lines:

    if not result['success']:
        error_msg += "; Error details: "

to:

    if not result.get('success'):
        if not 'success' in result:
            error_msg += "; Error details: {0}".format(result.get('error'))
            self.module.fail_json(msg=error_msg)

        error_msg += "; Error details: "

and now I receive a much better error:

msg: 'API user does not have permission; Status: 401; Method: DELETE: Call: /zones/a8222778e37a0276468013d671b39e15/dns_records/b8051d66e565436cd6f24fbd34621f52; Error details: You cannot use this API for domains with a .cf, .ga, .gq, .ml, or .tk TLD (top-level domain). To configure the DNS settings for this domain, use the Cloudflare Dashboard.'

Unfortunately, it seems I won't be able to continue to use this domain with Cloudflare, but at least on the ansible side, the error is more meaningful.

[ansibullbot]

Files identified in the description:
None

If these files are inaccurate, please update the component name section of the description or use the !component bot command.

click here for bot help

[ansibullbot]

@lucasbasquerotto: Greetings! Thanks for taking the time to open this issue. In order for the community to handle your issue effectively, we need a bit more information.

Here are the items we could not find in your description:

• component name

Please set the description of this issue with this template:
https://raw.githubusercontent.com/ansible/ansible/devel/.github/ISSUE_TEMPLATE/bug_report.md

click here for bot help

[ansibullbot]

Files identified in the description:

• plugins/modules/net_tools/cloudflare_dns.py

If these files are inaccurate, please update the component name section of the description or use the !component bot command.

click here for bot help

[ansibullbot]

cc @andreaso @mgruener @nerzhul
click here for bot help

[Akasurde]

@lucasbasquerotto Thanks for the debugging. Are you interested in raising a PR for your findings? Let me know if not.

[gundalow]

The code is in https://github.com/ansible-collections/community.general/blob/master/plugins/modules/net_tools/cloudflare_dns.py

[lucasbasquerotto]

I made the PR #243

The errors that have the success key defined (the expected, as worked before), will work as previously. Example (for a wrong key):

API bad request; Status: 400; Method: GET: Call: /zones?name=yourdomain.tk; Error details: code: 6003, error: Invalid request headers; code: 6103, error: Invalid format for X-Auth-Key header;

For the cases in which the success key is not defined (what the PR fixes), I labeled the errors as unexpected. The error is like the following:

API user does not have permission; Status: 401; Method: DELETE: Call: /zones/a8222778e37a0276468013d671b39e15/dns_records/b8051d66e565436cd6f24fbd34621f52; Unexpected error details: You cannot use this API for domains with a .cf, .ga, .gq, .ml, or .tk TLD (top-level domain). To configure the DNS settings for this domain, use the Cloudflare Dashboard.