cloudflare-go icon indicating copy to clipboard operation
cloudflare-go copied to clipboard

Published 20 hours ago verified publisher icon cloudflare

DCV Delegated records are missing for Certification Pack

Open brandonjfordham opened this issue 2 years ago • 0 comments

Confirmation

  • [X] My issue isn't already found on the issue tracker.
  • [X] I have replicated my issue using the latest version of the library and it is still present.

cloudflare-go version

v0.70.0

Go environment

GO111MODULE="" GOARCH="arm64" GOBIN="" GOCACHE="/Users/Brandon.Fordham/Library/Caches/go-build" GOENV="/Users/Brandon.Fordham/Library/Application Support/go/env" GOEXE="" GOEXPERIMENT="" GOFLAGS="" GOHOSTARCH="arm64" GOHOSTOS="darwin" GOINSECURE="" GOMODCACHE="/Users/Brandon.Fordham/go/pkg/mod" GONOPROXY="" GONOSUMDB="" GOOS="darwin" GOPATH="/Users/Brandon.Fordham/go" GOPRIVATE="" GOPROXY="https://proxy.golang.org,direct" GOROOT="/opt/homebrew/Cellar/go/1.20.1/libexec" GOSUMDB="sum.golang.org" GOTMPDIR="" GOTOOLDIR="/opt/homebrew/Cellar/go/1.20.1/libexec/pkg/tool/darwin_arm64" GOVCS="" GOVERSION="go1.20.1" GCCGO="gccgo" AR="ar" CC="clang" CXX="clang++" CGO_ENABLED="1" GOMOD="/Users/Brandon.Fordham/code/june2023/COR-74376/githb-issue/go.mod" GOWORK="" CGO_CFLAGS="-O2 -g" CGO_CPPFLAGS="" CGO_CXXFLAGS="-O2 -g" CGO_FFLAGS="-O2 -g" CGO_LDFLAGS="-O2 -g" PKG_CONFIG="pkg-config" GOGCCFLAGS="-fPIC -arch arm64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/var/folders/1m/7qlsz0bd0gg7_lsg9633sm2c0000gr/T/go-build2885921398=/tmp/go-build -gno-record-gcc-switches -fno-common"

Expected output

DCV delegated records should be available when calling CertificatePack or ListCertificatePacks.

Output:

ID: 373b500e-51aa-4601-b8d1-f79305e1efb9
Type: advanced
Hosts: [example.com]
Certificates: []
PrimaryCertificate: 0
Status: pending_validation
ValidationRecords: [{  _acme-challenge.example.com redacted   []}]
ValidationErrors: []
ValidationMethod: txt
ValidityDays: 90
CertificateAuthority: lets_encrypt
CloudflareBranding: false
DCVDelegationRecords: [{"cname": "example-cname, "cname_target": "example-target-cname"}]

Actual output

Delegated DCV records do not exist.

ID: 373b500e-51aa-4601-b8d1-f79305e1efb9
Type: advanced
Hosts: [example.com]
Certificates: []
PrimaryCertificate: 0
Status: pending_validation
ValidationRecords: [{  _acme-challenge.example.com redacted   []}]
ValidationErrors: []
ValidationMethod: txt
ValidityDays: 90
CertificateAuthority: lets_encrypt
CloudflareBranding: false

Code demonstrating the issue

The native cloudflare API calls to certification packs correctly provides "dcv_delegation_records" with the cname and cname_target.

### List all certificate packs
GET [https://api.cloudflare.com/client/v4/zones/{{zone}}/ssl/certificate_packs?status=all](https://api.cloudflare.com/client/v4/zones/%7B%7Bzone%7D%7D/ssl/certificate_packs?status=all)
Authorization: Bearer {{token}}

HTTP/1.1 200 OK
Date: Fri, 23 Jun 2023 15:53:14 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: close
CF-Ray: 7dbde716e8e702e4-MIA
CF-Cache-Status: DYNAMIC
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Encoding: gzip
Expires: Sun, 25 Jan 1981 05:00:00 GMT
Strict-Transport-Security: max-age=31536000
Pragma: no-cache
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Server: cloudflare

{
  "result": [
    {
      "id": "redacted",
      "type": "advanced",
      "hosts": [
        "redacted"
      ],
      "primary_certificate": "0",
      "status": "pending_validation",
      "certificates": [],
      "created_on": "2023-06-23T15:03:02.120989Z",
      "validity_days": 90,
      "validation_method": "txt",
      "validation_records": [
        {
          "status": "pending",
          "txt_name": "redacted",
          "txt_value": "redacted"
        }
      ],
      "dcv_delegation_records": [
        {
          "cname": "redacted,
          "cname_target": "redacted"
        }
      ],
      "certificate_authority": "lets_encrypt"
    }
  ],
  "result_info": {
    "page": 1,
    "per_page": 20,
    "total_pages": 1,
    "count": 1,
    "total_count": 1
  },
  "success": true,
  "errors": [],
  "messages": []
}

However, when calling CertificatePack or ListCertificatePacks, dcv delegation records are missing.

package main

import (
	"context"
	"fmt"
	"log"
	"os"
	"reflect"

	"github.com/cloudflare/cloudflare-go"
)

func main() {

	api, err := cloudflare.NewWithAPIToken(os.Getenv("CLOUDFLARE_API_TOKEN"))
	if err != nil {
		log.Fatal(err)
	}

	// Most API calls require a Context
	ctx := context.Background()

	pack, err := api.CertificatePack(ctx, "redacted, "redacted")
	if err != nil {
		log.Fatal(err)
	}
	printStruct(pack)
}

// printStruct prints the keys and values of a struct using reflection
func printStruct(obj interface{}) {
	v := reflect.ValueOf(obj)
	t := v.Type()

	// Iterate over the struct fields and print key-value pairs
	for i := 0; i < v.NumField(); i++ {
		field := v.Field(i)
		fieldName := t.Field(i).Name

		fmt.Printf("%s: %v\n", fieldName, field.Interface())
	}
}

Output:

ID: redacted
Type: advanced
Hosts: [redacted]
Certificates: []
PrimaryCertificate: 0
Status: pending_validation
ValidationRecords: [{  _acme-challenge.redated redacted   []}]
ValidationErrors: []
ValidationMethod: txt
ValidityDays: 90
CertificateAuthority: lets_encrypt
CloudflareBranding: false

In order to resolve this, CertificatePack needs to handle dcv_delegated_records. Such as updating the Certificate Pack struct to allow dcv_delegation_records:

// CertificatePack is the overarching structure of a certificate pack response.
type CertificatePack struct {
	ID                   string                       `json:"id"`
	Type                 string                       `json:"type"`
	Hosts                []string                     `json:"hosts"`
	Certificates         []CertificatePackCertificate `json:"certificates"`
	PrimaryCertificate   string                       `json:"primary_certificate"`
	Status               string                       `json:"status"`
	ValidationRecords    []SSLValidationRecord        `json:"validation_records,omitempty"`
	ValidationErrors     []SSLValidationError         `json:"validation_errors,omitempty"`
	ValidationMethod     string                       `json:"validation_method"`
	ValidityDays         int                          `json:"validity_days"`
	CertificateAuthority string                       `json:"certificate_authority"`
	CloudflareBranding   bool                         `json:"cloudflare_branding"`
        // Add the new field to handle DCV delegation records
        DCVDelegationRecords []DcvDelegationRecord        `json:"dcv_delegation_records"`
}

Steps to reproduce

  1. Call the native cloudflare api for ListCertificatePacks and verify it returns the dcv_delgated_records.
  2. Call the cloudflare-go API for Get Certificate Pack and verify that the dcv delevgated records are missing.

References

No response

brandonjfordham avatar Jun 23 '23 18:06 brandonjfordham