Cloudflare DNS: Bad Request on MX update

[aquarion]

Summary

When attempting an MX update with cloudflare dns, I get "400 Bad Request"

Issue Type

Bug Report

Component Name

cloudflare_dns

Ansible Version

ansible [core 2.16.7]
  config file = /home/aquarion/code/autopelago/ansible.cfg
  configured module search path = ['/home/aquarion/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/aquarion/code/autopelago/.direnv/python-venv-3.10.12/lib/python3.10/site-packages/ansible
  ansible collection location = /home/aquarion/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/aquarion/code/autopelago/.direnv/python-venv-3.10.12/bin/ansible
  python version = 3.10.12 (main, Nov 20 2023, 15:14:05) [GCC 11.4.0] (/home/aquarion/code/autopelago/.direnv/python-venv-3.10.12/bin/python3)
  jinja version = 3.1.4
  libyaml = True

Community.general Version

aquarion@Cyclone ~/code/autopelago (main *): ansible-galaxy collection list community.general

# /home/aquarion/.ansible/collections/ansible_collections
Collection        Version
----------------- -------
community.general 7.1.0  

# /home/aquarion/code/autopelago/.direnv/python-venv-3.10.12/lib/python3.10/site-packages/ansible_collections
Collection        Version
----------------- -------
community.general 8.3.0  

Configuration

CONFIG_FILE() = /home/aquarion/code/autopelago/ansible.cfg
DEFAULT_HOST_LIST(/home/aquarion/code/autopelago/ansible.cfg) = ['/home/aquarion/code/autopelago/etc/inventory.ini']
DEFAULT_ROLES_PATH(/home/aquarion/code/autopelago/ansible.cfg) = ['/home/aquarion/code/autopelago/galaxy-roles']
DEFAULT_VAULT_PASSWORD_FILE(/home/aquarion/code/autopelago/ansible.cfg) = /home/aquarion/.vault_pass.txt
EDITOR(env: EDITOR) = vim
INTERPRETER_PYTHON(env: ANSIBLE_PYTHON_INTERPRETER) = /home/aquarion/code/autopelago/.direnv/python-venv-3.10.12/bin/python

OS / Environment

Ubuntu 22.04

Steps to Reproduce

The first task works, the second does not.

    - name: (CF) Aquarionics.com. - AAAA
      community.general.cloudflare_dns:
        state: present
        zone: aquarionics.com
        record: "@"
        api_token: "{{ cloudflare_api_key }}"
        type: AAAA
        ttl: "300"
        value: "{{ ansible_default_ipv6.address }}"

    - name: (CF) Aquarionics.com. - MX 1/5
      community.general.cloudflare_dns:
        state: present
        zone: aquarionics.com
        api_token: "{{ cloudflare_api_key }}"
        type: MX
        ttl: 3600
        value: "ASPMX.L.GOOGLE.COM."

Expected Results

The playbook task should execute successfully

Actual Results

TASK [aqcom-cloudflare : (CF) Aquarionics.com. - AAAA] ******************************************************************************************************************************************
ok: [firth.water.gkhs.net]

TASK [aqcom-cloudflare : (CF) Aquarionics.com. - MX 1/5] ****************************************************************************************************************************************
fatal: [firth.water.gkhs.net]: FAILED! => {"changed": false, "msg": "API bad request; Status: 400; Method: POST: Call: /zones/********/dns_records;\n Data: {\"type\": \"MX\", \"name\": \"aquarionics.com\", \"content\": \"aspmx.l.google.com\", \"priority\": 1, \"ttl\": 3600}; Headers: {'Authorization': 'Bearer ********', 'Content-Type': 'application/json'}"}

I have made a minor change to cloudflare_dns.py to output the data & headers in the failure output, running the same API call with curl is unsuccessfuly successful, thus:

aquarion@Cyclone ~/code/autopelago (main *): 
curl --request POST
   --url https://api.cloudflare.com/client/v4/zones/******/dns_records
   --header 'Content-Type: application/json'
   --header 'Authorization: Bearer ******'
   --data '{"type": "MX", "name": "aquarionics.com", "content": "aspmx.l.google.com", "priority": 1, "ttl": 300}'

{"result":null,"success":false,"errors":[{"code":81058,"message":"A record with the same settings already exists."}],"messages":[]}

Code of Conduct

• I agree to follow the Ansible Code of Conduct

[ansibullbot]

Files identified in the description:

• plugins/modules/cloudflare_dns.py

If these files are incorrect, please update the component name section of the description or use the !component bot command.

click here for bot help

[ansibullbot]

cc @mgruener
click here for bot help

[markverg]

I just ran into this issue as well and was about the create an issue, so can confirm.
First time it works fine, when trying to update it gives an error.

Just to add; when solo is set to true, there is no error it will overwrite each existing record.
Setting solo to true doesn't work for MX records when there's multiple records with same name but different priorities just like the Google example @aquarion mentioned.

[markverg]

Can also confirm issue is also in newest version of community.general

# /root/.ansible/collections/ansible_collections
Collection        Version
----------------- -------
community.general 9.0.0

# /usr/local/lib/python3.10/dist-packages/ansible_collections
Collection        Version
----------------- -------
community.general 5.8.3

[radiozradioz]

When I got this, I had used account_api_key instead of api_token to specify my API token. Changing the variable to api_token fixed the issue.

A generic 400 made me think it wasn't an authentication failure, rather something wrong in my request. Perhaps this is a case of the "bad request" response taking precedence over the "authentication failure" response.

I'm unsure if CloudFlare responded with any messages that could have hinted that the authentication details were provided incorrectly, as I cannot see the raw HTTP responses. Perhaps it would be a good idea for this, and similar, roles to print the raw HTTP request/response when under the highest level of verbosity.

[erwin]

When I use 'api_account_key' I'm getting:

API bad request; Status: 400; Method: GET: Call: /zones?name=oscash.link

When I use 'api_token' I get:

MODULE FAILURE: No start of json char found
See stdout/stderr for the exact error

MODULE_STDERR:

KeyError: 'zone_id'

Traceback (most recent call last):
  File "/home/app/.ansible/tmp/ansible-tmp-1738325805.4267309-13-65003549899811/AnsiballZ_cloudflare_dns.py", line 107, in <module>
    _ansiballz_main()
  File "/home/app/.ansible/tmp/ansible-tmp-1738325805.4267309-13-65003549899811/AnsiballZ_cloudflare_dns.py", line 99, in _ansiballz_main
    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
  File "/home/app/.ansible/tmp/ansible-tmp-1738325805.4267309-13-65003549899811/AnsiballZ_cloudflare_dns.py", line 47, in invoke_module
    runpy.run_module(mod_name='ansible_collections.community.general.plugins.modules.cloudflare_dns', init_globals=dict(_module_fqn='ansible_collections.community.general.plugins.modules.cloudflare_dns', _modlib_path=modlib_path),
  File "<frozen runpy>", line 226, in run_module
  File "<frozen runpy>", line 98, in _run_module_code
  File "<frozen runpy>", line 88, in _run_code
  File "/tmp/ansible_cloudflare_dns_payload_spn77zwp/ansible_cloudflare_dns_payload.zip/ansible_collections/community/general/plugins/modules/cloudflare_dns.py", line 1007, in <module>
  File "/tmp/ansible_cloudflare_dns_payload_spn77zwp/ansible_cloudflare_dns_payload.zip/ansible_collections/community/general/plugins/modules/cloudflare_dns.py", line 994, in main
  File "/tmp/ansible_cloudflare_dns_payload_spn77zwp/ansible_cloudflare_dns_payload.zip/ansible_collections/community/general/plugins/modules/cloudflare_dns.py", line 702, in delete_dns_records
KeyError: 'zone_id'

It seems that even with upgrading to the latest release of ansible and the latest release of community general, still seems to be getting the same error.

ansible --version
ansible [core 2.18.2]
  config file = /mnt/ansible.sem.cfg
  configured module search path = ['/home/app/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /opt/semaphore/apps/ansible/11.1.0/venv/lib/python3.11/site-packages/ansible
  ansible collection location = /home/app/.ansible/collections:/usr/share/ansible/collections
  executable location = /opt/semaphore/apps/ansible/11.1.0/venv/bin/ansible
  python version = 3.11.11 (main, Dec  6 2024, 11:15:21) [GCC 13.2.1 20231014] (/opt/semaphore/apps/ansible/11.1.0/venv/bin/python3)
  jinja version = 3.1.5
  libyaml = True

and

(venv) b02e808f24c3:/mnt$ ansible-galaxy collection list | grep 'community.general'
community.general                        10.3.0

So strange, this was working everyday for months, but doesn't work anymore...

[felixfontein]

@erwin see #9652 and #9649.

[erwin]

@erwin see #9652 and #9649.

Nice. I had searched the issues but somehow I failed to find those two. Thank you Felix!

[felixfontein]

Closing since a bugfix release (10.3.1) is on its way.

[granti4ka]

@felixfontein It works now. Thanks!!!