cloudflare-go icon indicating copy to clipboard operation
cloudflare-go copied to clipboard

Published 20 hours ago verified publisher icon cloudflare

Allow setting `request_limit_fail_open` flag

Open atorrescogollo opened this issue 3 years ago • 1 comments

Current cloudflare-go version

0.34.0

Description

I want to set this through the API: image

I was able to do that with curl (although it is not documented explicitly in api docs):

GET /zones/$ZONE_ID/workers/routes
{
  "result": [
    {
      "id": "3...24",
      "pattern": "REDACTED",
      "script": "datadome",
      "request_limit_fail_open": false
    },
    ...
  ],
  "success": true,
  "errors": [],
  "messages": []
}
---
PUT /zones/$ZONE_ID/workers/routes/$ROUTE_ID
{
  "id": "3...24",
  "pattern": "REDACTED",
  "script": "datadome",
  "request_limit_fail_open": true
}
---
GET /zones/$ZONE_ID/workers/routes
{
  "result": [
    {
      "id": "3...24",
      "pattern": "REDACTED",
      "script": "datadome",
      "request_limit_fail_open": true     <---------- CHANGED
    },
    ...
  ],
  "success": true,
  "errors": [],
  "messages": []
}

Script:

export CLOUDFLARE_EMAIL="REDACTED"
export CLOUDFLARE_API_KEY="REDACTED"
export ZONE_NAME="REDACTED"

function cf_curl(){
    curl -H "X-Auth-Email: $CLOUDFLARE_EMAIL" -H "X-Auth-Key: $CLOUDFLARE_API_KEY" -H "Content-Type: application/json" $@
}

export ZONE_ID=$(cf_curl -s -X GET \
        "https://api.cloudflare.com/client/v4/zones?name=$ZONE_NAME" | jq -r '.result[0].id'
)

export ROUTE=$(cf_curl -s -X GET \
        "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/workers/routes" | jq -r '.result[0]'
)
export ROUTE_ID=$(echo "$ROUTE" | jq -r '.id')

export DATA=$(echo $ROUTE | jq 'del(.id)' | jq -cr '.request_limit_fail_open=true')
cf_curl -X PUT \
    "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/workers/routes/$ROUTE_ID" \
    --data "$DATA" | jq '.'

Use cases

The end goal is to set this through Terraform like:

resource "cloudflare_worker_route" "datadome-route" {
  zone_id                 = cloudflare_zone.my-zone.id
  pattern                 = "REDACTED"
  script_name             = cloudflare_worker_script.datadome.name
  request_limit_fail_open = true
}

I will also open another issue in the provider for that.

Potential cloudflare-go usage

# https://github.com/cloudflare/terraform-provider-cloudflare/blob/master/cloudflare/resource_cloudflare_worker_route.go#L27-L34

...

func getRouteFromResource(d *schema.ResourceData) cloudflare.WorkerRoute {
	route := cloudflare.WorkerRoute{
		ID:      d.Id(),
		Pattern: d.Get("pattern").(string),
		Script:  d.Get("script_name").(string),
                RequestLimitFailOpen: d.Get("request_limit_fail_open").(bool),
	}
	return route
}
...

References

I think this struct should be changed to allow this new field: https://github.com/cloudflare/cloudflare-go/blob/master/workers.go#L37-L42

I based on this: https://community.cloudflare.com/t/how-to-setting-up-failure-mode-for-route-using-api/184526/3

atorrescogollo avatar Mar 11 '22 11:03 atorrescogollo

Any updates on this ? We need to interact with this flag too. The API hasn't changed from what OP said. This flag is missing from the public docs still.

sbs2001 avatar Jul 02 '23 10:07 sbs2001