chore: replace official Cloudflare API client by an internal API client (#2583)

Author: ldez

go.mod

@@ -30,7 +30,6 @@ require (
 	github.com/baidubce/bce-sdk-go v0.9.223
 	github.com/cenkalti/backoff/v4 v4.3.0
 	github.com/civo/civogo v0.3.11
-	github.com/cloudflare/cloudflare-go v0.115.0
 	github.com/dnsimple/dnsimple-go/v4 v4.0.0
 	github.com/exoscale/egoscale/v3 v3.1.13
 	github.com/go-jose/go-jose/v4 v4.0.5
@@ -148,7 +147,6 @@ require (
 	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/go-playground/validator/v10 v10.16.0 // indirect
 	github.com/go-resty/resty/v2 v2.16.5 // indirect
-	github.com/goccy/go-json v0.10.5 // indirect
 	github.com/gofrs/flock v0.12.1 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.1 // indirect
 	github.com/golang-jwt/jwt/v5 v5.2.1 // indirect

go.sum

@@ -249,8 +249,6 @@ github.com/clbanning/mxj v1.8.4/go.mod h1:BVjHeAH+rl9rs6f+QIpeRl0tfu10SXn1pUSa5P
 github.com/clbanning/mxj/v2 v2.5.5 h1:oT81vUeEiQQ/DcHbzSytRngP6Ky9O+L+0Bw0zSJag9E=
 github.com/clbanning/mxj/v2 v2.5.5/go.mod h1:hNiWqW14h+kc+MdF9C6/YoRfjEJoR3ou6tn/Qo+ve2s=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cloudflare/cloudflare-go v0.115.0 h1:84/dxeeXweCc0PN5Cto44iTA8AkG1fyT11yPO5ZB7sM=
-github.com/cloudflare/cloudflare-go v0.115.0/go.mod h1:Ds6urDwn/TF2uIU24mu7H91xkKP8gSAHxQ44DSZgVmU=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
@@ -359,8 +357,6 @@ github.com/go-viper/mapstructure/v2 v2.2.1/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlnd
 github.com/go-zookeeper/zk v1.0.2/go.mod h1:nOB03cncLtlp4t+UAkGSV+9beXP/akpekBwL+UX1Qcw=
 github.com/gobs/pretty v0.0.0-20180724170744-09732c25a95b h1:/vQ+oYKu+JoyaMPDsv5FzwuL2wwWBgBbtj/YLCi4LuA=
 github.com/gobs/pretty v0.0.0-20180724170744-09732c25a95b/go.mod h1:Xo4aNUOrJnVruqWQJBtW6+bTBDTniY8yZum5rF3b5jw=
-github.com/goccy/go-json v0.10.5 h1:Fq85nIqj+gXn/S5ahsiTlK3TmC85qgirsdTP/+DeaC4=
-github.com/goccy/go-json v0.10.5/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/gofrs/flock v0.12.1 h1:MTLVXXHf8ekldpJk3AKicLij9MdwOWkZ+a/jHHZby9E=
 github.com/gofrs/flock v0.12.1/go.mod h1:9zxTsyu5xtJ9DK+1tFZyibEV7y3uwDxPPfbxeeHCoD0=

platform/tester/servermock/link_request_body_json.go

@@ -14,9 +14,10 @@ import (
 
 // RequestBodyJSONLink validates JSON request bodies.
 type RequestBodyJSONLink struct {
-	body     []byte
-	filename string
-	data     any
+	body      []byte
+	filename  string
+	directory string
+	data      any
 }
 
 // CheckRequestJSONBody creates a [RequestBodyJSONLink] initialized with a string.
@@ -31,7 +32,10 @@ func CheckRequestJSONBodyFromStruct(data any) *RequestBodyJSONLink {
 
 // CheckRequestJSONBodyFromFile creates a [RequestBodyJSONLink] initialized with the provided request body file.
 func CheckRequestJSONBodyFromFile(filename string) *RequestBodyJSONLink {
-	return &RequestBodyJSONLink{filename: filename}
+	return &RequestBodyJSONLink{
+		filename:  filename,
+		directory: "fixtures",
+	}
 }
 
 func (l *RequestBodyJSONLink) Bind(next http.Handler) http.Handler {
@@ -55,7 +59,7 @@ func (l *RequestBodyJSONLink) Bind(next http.Handler) http.Handler {
 
 		switch {
 		case l.filename != "":
-			expectedRaw, err = os.ReadFile(filepath.Join("fixtures", l.filename))
+			expectedRaw, err = os.ReadFile(filepath.Join(l.directory, l.filename))
 			if err != nil {
 				http.Error(rw, err.Error(), http.StatusInternalServerError)
 				return
@@ -97,3 +101,9 @@ func (l *RequestBodyJSONLink) Bind(next http.Handler) http.Handler {
 		next.ServeHTTP(rw, req)
 	})
 }
+
+func (l *RequestBodyJSONLink) WithDirectory(directory string) *RequestBodyJSONLink {
+	l.directory = directory
+
+	return l
+}

providers/dns/cloudflare/cloudflare.go

@@ -11,11 +11,11 @@ import (
 	"sync"
 	"time"
 
-	"github.com/cloudflare/cloudflare-go"
 	"github.com/go-acme/lego/v4/challenge"
 	"github.com/go-acme/lego/v4/challenge/dns01"
 	"github.com/go-acme/lego/v4/log"
 	"github.com/go-acme/lego/v4/platform/config/env"
+	"github.com/go-acme/lego/v4/providers/dns/cloudflare/internal"
 )
 
 // Environment variables names.
@@ -156,24 +156,26 @@ func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
 	info := dns01.GetChallengeInfo(domain, keyAuth)
 
+	ctx := context.Background()
+
 	authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
 	if err != nil {
 		return fmt.Errorf("cloudflare: could not find zone for domain %q: %w", domain, err)
 	}
 
-	zoneID, err := d.client.ZoneIDByName(authZone)
+	zoneID, err := d.client.ZoneIDByName(ctx, authZone)
 	if err != nil {
 		return fmt.Errorf("cloudflare: failed to find zone %s: %w", authZone, err)
 	}
 
-	dnsRecord := cloudflare.CreateDNSRecordParams{
+	dnsRecord := internal.Record{
 		Type:    "TXT",
 		Name:    dns01.UnFqdn(info.EffectiveFQDN),
 		Content: `"` + info.Value + `"`,
 		TTL:     d.config.TTL,
 	}
 
-	response, err := d.client.CreateDNSRecord(context.Background(), zoneID, dnsRecord)
+	response, err := d.client.CreateDNSRecord(ctx, zoneID, dnsRecord)
 	if err != nil {
 		return fmt.Errorf("cloudflare: failed to create TXT record: %w", err)
 	}
@@ -196,7 +198,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
 		return fmt.Errorf("cloudflare: could not find zone for domain %q: %w", domain, err)
 	}
 
-	zoneID, err := d.client.ZoneIDByName(authZone)
+	zoneID, err := d.client.ZoneIDByName(context.Background(), authZone)
 	if err != nil {
 		return fmt.Errorf("cloudflare: failed to find zone %s: %w", authZone, err)
 	}

providers/dns/cloudflare/cloudflare_test.go

@@ -1,10 +1,13 @@
 package cloudflare
 
 import (
+	"net/http/httptest"
+	"path/filepath"
 	"testing"
 	"time"
 
 	"github.com/go-acme/lego/v4/platform/tester"
+	"github.com/go-acme/lego/v4/platform/tester/servermock"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -232,22 +235,17 @@ func TestNewDNSProviderConfig(t *testing.T) {
 		},
 		{
 			desc:     "missing credentials",
-			expected: "cloudflare: invalid credentials: key & email must not be empty",
+			expected: "cloudflare: invalid credentials: authEmail, authKey or authToken must be set",
 		},
 		{
 			desc:     "missing email",
 			authKey:  "123",
-			expected: "cloudflare: invalid credentials: key & email must not be empty",
+			expected: "cloudflare: invalid credentials: authEmail and authKey must be set together",
 		},
 		{
 			desc:      "missing api key",
 			authEmail: "[email protected]",
-			expected:  "cloudflare: invalid credentials: key & email must not be empty",
-		},
-		{
-			desc:      "missing api token, fallback to api key/email",
-			authToken: "",
-			expected:  "cloudflare: invalid credentials: key & email must not be empty",
+			expected:  "cloudflare: invalid credentials: authEmail and authKey must be set together",
 		},
 	}
 
@@ -299,3 +297,68 @@ func TestLiveCleanUp(t *testing.T) {
 	err = provider.CleanUp(envTest.GetDomain(), "", "123d==")
 	require.NoError(t, err)
 }
+
+func mockBuilder() *servermock.Builder[*DNSProvider] {
+	return servermock.NewBuilder(
+		func(server *httptest.Server) (*DNSProvider, error) {
+			config := NewDefaultConfig()
+			config.AuthEmail = "[email protected]"
+			config.AuthKey = "secret"
+			config.BaseURL = server.URL
+
+			return NewDNSProviderConfig(config)
+		},
+		servermock.CheckHeader().
+			WithRegexp("User-Agent", `goacme-lego/[0-9.]+ \(.+\)`).
+			With("X-Auth-Email", "[email protected]").
+			With("X-Auth-Key", "secret"),
+	)
+}
+
+func TestDNSProvider_Present(t *testing.T) {
+	provider := mockBuilder().
+		// https://developers.cloudflare.com/api/resources/zones/methods/list/
+		Route("GET /zones",
+			responseFromFixture("zones.json"),
+			servermock.CheckQueryParameter().Strict().
+				With("name", "example.com").
+				With("per_page", "50")).
+		// https://developers.cloudflare.com/api/resources/dns/subresources/records/methods/create/
+		Route("POST /zones/023e105f4ecef8ad9ca31a8372d0c353/dns_records",
+			responseFromFixture("create_record.json"),
+			servermock.CheckHeader().
+				WithContentType("application/json"),
+			servermock.CheckRequestJSONBodyFromFile("create_record-request.json").
+				WithDirectory(filepath.Join("internal", "fixtures"))).
+		Build(t)
+
+	err := provider.Present("example.com", "abc", "123d==")
+	require.NoError(t, err)
+}
+
+func TestDNSProvider_CleanUp(t *testing.T) {
+	provider := mockBuilder().
+		// https://developers.cloudflare.com/api/resources/zones/methods/list/
+		Route("GET /zones",
+			responseFromFixture("zones.json"),
+			servermock.CheckQueryParameter().Strict().
+				With("name", "example.com").
+				With("per_page", "50")).
+		// https://developers.cloudflare.com/api/resources/dns/subresources/records/methods/delete/
+		Route("DELETE /zones/023e105f4ecef8ad9ca31a8372d0c353/dns_records/xxx",
+			responseFromFixture("delete_record.json")).
+		Build(t)
+
+	token := "abc"
+
+	provider.recordIDsMu.Lock()
+	provider.recordIDs["abc"] = "xxx"
+	provider.recordIDsMu.Unlock()
+
+	err := provider.CleanUp("example.com", token, "123d==")
+	require.NoError(t, err)
+}
+
+func responseFromFixture(filename string) *servermock.ResponseFromFileHandler {
+	return servermock.ResponseFromFile(filepath.Join("internal", "fixtures", filename))
+}