Merge pull request #22 from calebdoxsey/token

add support for cloudflare tokens
calebdoxsey · Jan 25, 2022 · 82f2f75 · 82f2f75
2 parents 4186d80 + 8e23597
commit 82f2f75
Show file tree

Hide file tree

Showing 4 changed files with 36 additions and 9 deletions.
diff --git a/README.md b/README.md
@@ -1,8 +1,7 @@
 # Kubernetes Cloudflare Sync
 
-[![Docker Repository on Quay](https://quay.io/repository/calebdoxsey/kubernetes-cloudflare-sync/status "Docker Repository on Quay")](https://quay.io/repository/calebdoxsey/kubernetes-cloudflare-sync)
 
-This App is intended to run in your Kubernetes Cluster on GKE and sync DNS records on Cloudflare with your nodes IPs.
+This App is intended to run in your Kubernetes Cluster and sync DNS records on Cloudflare with your nodes' IPs.
 
 ## Example Usage
 You can read this article to get an idea on why you would want to use it: http://www.doxsey.net/blog/kubernetes--the-surprisingly-affordable-platform-for-personal-projects
@@ -103,6 +102,7 @@ Applying all configs by running:
 #### ENV
 * ```CF_API_EMAIL``` The email address to use for cloudflare
 * ```CF_API_KEY``` The key to use for cloudflare
+* ```CF_API_TOKEN``` The token to use for cloudflare (in lieu of email and key)
 * ```CF_PROXY``` Enable cloudflare proxy on dns (default false)
 * ```CF_TTL``` TTL for dns (default 120)
 * ```DNS_NAME``` The dns name for the nodes, comma-separated for multiple (same root)

diff --git a/main.go b/main.go
@@ -21,6 +21,7 @@ import (
 var options = struct {
 	CloudflareAPIEmail string
 	CloudflareAPIKey   string
+	CloudflareAPIToken string
 	CloudflareProxy    string
 	CloudflareTTL      string
 	DNSName            string
@@ -30,6 +31,7 @@ var options = struct {
 }{
 	CloudflareAPIEmail: os.Getenv("CF_API_EMAIL"),
 	CloudflareAPIKey:   os.Getenv("CF_API_KEY"),
+	CloudflareAPIToken: os.Getenv("CF_API_TOKEN"),
 	CloudflareProxy:    os.Getenv("CF_PROXY"),
 	CloudflareTTL:      os.Getenv("CF_TTL"),
 	DNSName:            os.Getenv("DNS_NAME"),
@@ -42,20 +44,18 @@ func main() {
 	flag.StringVar(&options.DNSName, "dns-name", options.DNSName, "the dns name for the nodes, comma-separated for multiple (same root)")
 	flag.StringVar(&options.CloudflareAPIEmail, "cloudflare-api-email", options.CloudflareAPIEmail, "the email address to use for cloudflare")
 	flag.StringVar(&options.CloudflareAPIKey, "cloudflare-api-key", options.CloudflareAPIKey, "the key to use for cloudflare")
+	flag.StringVar(&options.CloudflareAPIToken, "cloudflare-api-token", options.CloudflareAPIToken, "the token to use for cloudflare")
 	flag.StringVar(&options.CloudflareProxy, "cloudflare-proxy", options.CloudflareProxy, "enable cloudflare proxy on dns (default false)")
 	flag.StringVar(&options.CloudflareTTL, "cloudflare-ttl", options.CloudflareTTL, "ttl for dns (default 120)")
 	flag.BoolVar(&options.UseInternalIP, "use-internal-ip", options.UseInternalIP, "use internal ips too if external ip's are not available")
 	flag.BoolVar(&options.SkipExternalIP, "skip-external-ip", options.SkipExternalIP, "don't sync external IPs (use in conjunction with --use-internal-ip)")
 	flag.StringVar(&options.NodeSelector, "node-selector", options.NodeSelector, "node selector query")
 	flag.Parse()
 
-	if options.CloudflareAPIEmail == "" {
+	if options.CloudflareAPIToken == "" &&
+		(options.CloudflareAPIEmail == "" || options.CloudflareAPIKey == "") {
 		flag.Usage()
-		log.Fatalln("cloudflare api email is required")
-	}
-	if options.CloudflareAPIKey == "" {
-		flag.Usage()
-		log.Fatalln("cloudflare api key is required")
+		log.Fatalln("cloudflare api token or email+key is required")
 	}
 
 	dnsNames := strings.Split(options.DNSName, ",")

diff --git a/sync.go b/sync.go
@@ -10,7 +10,7 @@ import (
 )
 
 func sync(ctx context.Context, ips []string, dnsNames []string, cloudflareTTL int, cloudflareProxy bool) error {
-	api, err := cloudflare.New(options.CloudflareAPIKey, options.CloudflareAPIEmail)
+	api, err := newCloudflareClient(options.CloudflareAPIToken, options.CloudflareAPIEmail, options.CloudflareAPIKey)
 	if err != nil {
 		return errors.Wrap(err, "failed to access cloudflare api")
 	}
@@ -113,3 +113,12 @@ func findZoneID(ctx context.Context, api interface {
 
 	return "", errors.New("zone id not found")
 }
+
+func newCloudflareClient(token, email, key string) (api *cloudflare.API, err error) {
+	if token != "" {
+		api, err = cloudflare.NewWithAPIToken(token)
+	} else {
+		api, err = cloudflare.New(key, email)
+	}
+	return api, err
+}
diff --git a/sync_test.go b/sync_test.go
@@ -64,3 +64,21 @@ func TestFindZoneID(t *testing.T) {
 		assert.Equal(t, "1", zoneID)
 	})
 }
+
+func TestNewCloudflareClient(t *testing.T) {
+	t.Run("token", func(t *testing.T) {
+		api, err := newCloudflareClient("TEST", "", "")
+		assert.NoError(t, err)
+		assert.Equal(t, "TEST", api.APIToken)
+	})
+	t.Run("email", func(t *testing.T) {
+		api, err := newCloudflareClient("", "EMAIL", "KEY")
+		assert.NoError(t, err)
+		assert.Equal(t, "EMAIL", api.APIEmail)
+		assert.Equal(t, "KEY", api.APIKey)
+	})
+	t.Run("missing", func(t *testing.T) {
+		_, err := newCloudflareClient("", "", "")
+		assert.Error(t, err)
+	})
+}