search

ansible-collections / community.general

Ansible Community General Collection
https://galaxy.ansible.com/ui/repo/published/community/general/
GNU General Public License v3.0
787 stars 1.45k forks source link

cloudflare_dns isn't idempotent with TLSA records #7780

Open domingo13 opened 6 months ago

domingo13 commented 6 months ago

Summary

When having a playbook with TLSA records in it, you can run in the first time where it creates the record, but the send time you run the exact same playbook Cloudflare returns: "API bad request; Status: 400; Method: POST: Call: /zones/xxx/dns_records".

I can delete the record manually and then run the same playbook and the TLSA record is then recreated without problems.

Issue Type

Bug Report

Component Name

cloudflare_dns

Ansible Version

console (paste below)ansible [core 2.15.8]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3/dist-packages/ansible
  ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.10.12 (main, Nov 20 2023, 15:14:05) [GCC 11.4.0] (/usr/bin/python3)
  jinja version = 3.0.3
  libyaml = True

Community.general Version

# /root/.ansible/collections/ansible_collections
Collection        Version
----------------- -------
community.general 8.0.2  

# /usr/lib/python3/dist-packages/ansible_collections
Collection        Version
----------------- -------
community.general 7.5.2

Configuration

CONFIG_FILE() = /etc/ansible/ansible.cfg
DEFAULT_HOST_LIST(/etc/ansible/ansible.cfg) = ['/root/ansible-project/ansible_hosts']

OS / Environment

Ubuntu 22.04

Steps to Reproduce

---
- name: Manage Cloudflare DNS for f5xc.cloud
  hosts: localhost
  gather_facts: no
  vars:
    cloudflare_api_token: "xxx"
  tasks:

  - name: Create a TLSA record 
    community.general.cloudflare_dns:
      zone: f5xc.cloud
      record: mail
      port: 25
      proto: tcp
      ttl: 1
      type: TLSA
      cert_usage: 3
      selector: 1
      hash_type: 1
      value: ca0670673bbb30160xxxx0b44bebb3b866881c9b8d4
      state: present
      api_token: "{{ cloudflare_api_token }}"

Expected Results

Playbook runs successfully without any changes.

Actual Results

PLAY [Manage Cloudflare DNS for f5xc.cloud] *********************************************************************************************************************************************************************************************

TASK [Create an A record for 'f5xc.cloud'] **********************************************************************************************************************************************************************************************
ok: [localhost]

TASK [Create a CAA record for 'f5xc.cloud'] *********************************************************************************************************************************************************************************************
ok: [localhost]

TASK [Create an CNAME record for '*.f5xc.cloud'] ****************************************************************************************************************************************************************************************
ok: [localhost]

TASK [Create an MX record for 'f5xc.cloud'] *********************************************************************************************************************************************************************************************
ok: [localhost]

TASK [Create a TXT record for 'f5xc.cloud'] *********************************************************************************************************************************************************************************************
ok: [localhost]

TASK [Create an SRV ] ***************************************************************************************************************************************************************************
ok: [localhost]

TASK [Create a TLSA record ] *************************************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "API bad request; Status: 400; Method: POST: Call: /zones/xxx/dns_records"}

PLAY RECAP ******************************************************************************************************************************************************************************************************************************
localhost                  : ok=6    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

Code of Conduct

ansibullbot commented 6 months ago

Files identified in the description:

If these files are incorrect, please update the component name section of the description or use the !component bot command.

click here for bot help

ansibullbot commented 6 months ago

cc @mgruener click here for bot help