fix: update cloudflare crate

svc/pkg/cluster/Cargo.toml

@@ -9,20 +9,20 @@ license = "Apache-2.0"
 acme-lib = "0.9"
 anyhow = "1.0"
 chirp-workflow = { path = "../../../lib/chirp-workflow/core" }
-cloudflare = "0.10.1"
+cloudflare = { git = "https://github.com/cloudflare/cloudflare-rs.git", rev = "f14720e42184ee176a97676e85ef2d2d85bc3aae" }
 http = "0.2"
 include_dir = "0.7.3"
 indoc = "1.0"
 lazy_static = "1.4"
 nomad-util = { path = "../../../lib/nomad-util" }
 rand = "0.8"
+reqwest = { version = "0.11", features = ["json"] }
 rivet-metrics = { path = "../../../lib/metrics" }
 rivet-operation = { path = "../../../lib/operation/core" }
 rivet-runtime = { path = "../../../lib/runtime" }
 s3-util = { path = "../../../lib/s3-util" }
 serde = { version = "1.0.198", features = ["derive"] }
 ssh2 = "0.9.4"
-thiserror = "1.0"
 trust-dns-resolver = { version = "0.23.2", features = ["dns-over-native-tls"] }
 
 ip-info = { path = "../ip/ops/info" }

svc/pkg/cluster/src/util/mod.rs

@@ -1,5 +1,5 @@
 use chirp_workflow::prelude::*;
-use cloudflare::framework as cf_framework;
+use cloudflare::{endpoints as cf, framework as cf_framework};
 
 use crate::types::PoolType;
 
@@ -13,13 +13,6 @@ pub const INSTALL_SCRIPT_HASH: &str = include_str!(concat!(env!("OUT_DIR"), "/ha
 // TTL of the token written to prebake images. Prebake images are renewed before the token would expire
 pub const SERVER_TOKEN_TTL: i64 = util::duration::days(30 * 6);
 
-#[derive(thiserror::Error, Debug)]
-#[error("cloudflare: {source}")]
-struct CloudflareError {
-	#[from]
-	source: anyhow::Error,
-}
-
 // Cluster id for provisioning servers
 pub fn default_cluster_id() -> Uuid {
 	Uuid::nil()
@@ -36,15 +29,145 @@ pub fn server_name(provider_datacenter_id: &str, pool_type: PoolType, server_id:
 	format!("{ns}-{provider_datacenter_id}-{pool_type_str}-{server_id}",)
 }
 
-pub(crate) async fn cf_client() -> GlobalResult<cf_framework::async_api::Client> {
+pub(crate) async fn cf_client(
+	cf_token: Option<&str>,
+) -> GlobalResult<cf_framework::async_api::Client> {
 	// Create CF client
-	let cf_token = util::env::read_secret(&["cloudflare", "terraform", "auth_token"]).await?;
+	let cf_token = if let Some(cf_token) = cf_token {
+		cf_token.to_string()
+	} else {
+		util::env::read_secret(&["cloudflare", "terraform", "auth_token"]).await?
+	};
 	let client = cf_framework::async_api::Client::new(
 		cf_framework::auth::Credentials::UserAuthToken { token: cf_token },
 		Default::default(),
 		cf_framework::Environment::Production,
-	)
-	.map_err(CloudflareError::from)?;
+	)?;
 
 	Ok(client)
 }
+
+/// Tries to create a DNS record. If a 400 error is received, it deletes the existing record and tries again.
+pub(crate) async fn create_dns_record(
+	client: &cf_framework::async_api::Client,
+	cf_token: &str,
+	zone_id: &str,
+	record_name: &str,
+	content: cf::dns::DnsContent,
+) -> GlobalResult<String> {
+	tracing::info!(%record_name, "creating dns record");
+
+	let create_record_res = client
+		.request(&cf::dns::CreateDnsRecord {
+			zone_identifier: zone_id,
+			params: cf::dns::CreateDnsRecordParams {
+				name: record_name,
+				content: content.clone(),
+				proxied: Some(false),
+				ttl: Some(60),
+				priority: None,
+			},
+		})
+		.await;
+
+	match create_record_res {
+		Ok(create_record_res) => Ok(create_record_res.result.id),
+		// Try to delete record on error
+		Err(err) => {
+			if let cf_framework::response::ApiFailure::Error(
+				http::status::StatusCode::BAD_REQUEST,
+				_,
+			) = err
+			{
+				tracing::warn!(%record_name, "failed to create dns record, trying to delete");
+
+				let dns_type = match content {
+					cf::dns::DnsContent::A { .. } => "A",
+					cf::dns::DnsContent::AAAA { .. } => "AAAA",
+					cf::dns::DnsContent::CNAME { .. } => "CNAME",
+					cf::dns::DnsContent::NS { .. } => "NS",
+					cf::dns::DnsContent::MX { .. } => "MX",
+					cf::dns::DnsContent::TXT { .. } => "TXT",
+					cf::dns::DnsContent::SRV { .. } => "SRV",
+				};
+				let list_records_res = get_dns_record(cf_token, record_name, dns_type).await?;
+
+				if let Some(record) = list_records_res {
+					delete_dns_record(client, zone_id, &record.id).await?;
+					tracing::info!(%record_name, "deleted dns record, trying again");
+
+					// Second try
+					let create_record_res2 = client
+						.request(&cf::dns::CreateDnsRecord {
+							zone_identifier: zone_id,
+							params: cf::dns::CreateDnsRecordParams {
+								name: record_name,
+								content,
+								proxied: Some(false),
+								ttl: Some(60),
+								priority: None,
+							},
+						})
+						.await?;
+
+					return Ok(create_record_res2.result.id);
+				} else {
+					tracing::warn!(%record_name, "failed to get matching dns record");
+				}
+			}
+
+			// Throw original error
+			Err(err.into())
+		}
+	}
+}
+
+pub(crate) async fn delete_dns_record(
+	client: &cf_framework::async_api::Client,
+	zone_id: &str,
+	record_id: &str,
+) -> GlobalResult<()> {
+	tracing::info!(%record_id, "deleting dns record");
+
+	client
+		.request(&cf::dns::DeleteDnsRecord {
+			zone_identifier: zone_id,
+			identifier: record_id,
+		})
+		.await?;
+
+	Ok(())
+}
+
+/// Fetches the dns record by name.
+async fn get_dns_record(
+	cf_token: &str,
+	record_name: &str,
+	dns_type: &str,
+) -> GlobalResult<Option<cf::dns::DnsRecord>> {
+	let list_records_res = reqwest::Client::new()
+		.get("https://api.cloudflare.com/client/v4/zones/{zone_id}/dns_records")
+		.bearer_auth(cf_token)
+		.query(&("name", &record_name))
+		.query(&("type", dns_type))
+		.send()
+		.await?
+		.to_global_error()
+		.await?;
+
+	let status = list_records_res.status();
+	if status.is_success() {
+		match list_records_res
+			.json::<cf_framework::response::ApiSuccess<Vec<cf::dns::DnsRecord>>>()
+			.await
+		{
+			Ok(api_resp) => Ok(api_resp.result.into_iter().next()),
+			Err(e) => Err(cf_framework::response::ApiFailure::Invalid(e).into()),
+		}
+	} else {
+		let parsed: Result<cf_framework::response::ApiErrors, reqwest::Error> =
+			list_records_res.json().await;
+		let errors = parsed.unwrap_or_default();
+		Err(cf_framework::response::ApiFailure::Error(status, errors).into())
+	}
+}