You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
179 lines
3.9 KiB
Bash
179 lines
3.9 KiB
Bash
4 years ago
|
#!/usr/bin/env bash
|
||
|
|
# vim:ts=4:sts=4:sw=4:et
|
||
|
|
#
|
||
|
|
# Author: Hari Sekhon
|
||
|
|
# Date: 2020-08-21 15:06:10 +0100 (Fri, 21 Aug 2020)
|
||
|
|
#
|
||
|
2 years ago
|
# https://github.com/HariSekhon/DevOps-Bash-tools
|
||
|
4 years ago
|
#
|
||
|
|
# License: see accompanying Hari Sekhon LICENSE file
|
||
|
|
#
|
||
|
|
# If you're using my code you're welcome to connect with me on LinkedIn and optionally send me feedback to help steer this or other code I publish
|
||
|
|
#
|
||
|
|
# https://www.linkedin.com/in/HariSekhon
|
||
|
|
#
|
||
|
|
|
||
|
|
# args: /zones | jq .
|
||
|
|
|
||
|
|
set -euo pipefail
|
||
|
|
[ -n "${DEBUG:-}" ] && set -x
|
||
|
|
srcdir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
||
|
|
|
||
|
1 year ago
|
# shellcheck disable=SC1090,SC1091
|
||
|
4 years ago
|
. "$srcdir/lib/utils.sh"
|
||
|
|
|
||
|
|
# shellcheck disable=SC2034,SC2154
|
||
|
|
usage_description="
|
||
|
|
Queries the Cloudflare API (v4)
|
||
|
|
|
||
|
|
|
||
|
2 years ago
|
Requires either \$CLOUDFLARE_TOKEN or \$CLOUDFLARE_EMAIL and \$CLOUDFLARE_API_KEY be available in the environment
|
||
|
|
|
||
|
|
Token can be generated here, or the Global API Key can be retrieved from this same page:
|
||
|
4 years ago
|
|
||
|
4 years ago
|
https://dash.cloudflare.com/profile/api-tokens
|
||
|
4 years ago
|
|
||
|
|
|
||
|
|
API Reference:
|
||
|
|
|
||
|
4 years ago
|
https://api.cloudflare.com/
|
||
|
4 years ago
|
|
||
|
|
|
||
|
|
Examples:
|
||
|
|
|
||
|
|
|
||
|
4 years ago
|
# Test your token is working:
|
||
|
4 years ago
|
|
||
|
4 years ago
|
${0##*/} /user/tokens/verify | jq .
|
||
|
4 years ago
|
|
||
|
|
|
||
|
4 years ago
|
# List the currently authenticated user:
|
||
|
4 years ago
|
|
||
|
4 years ago
|
${0##*/} /user | jq .
|
||
|
4 years ago
|
|
||
|
|
|
||
|
4 years ago
|
# List accounts:
|
||
|
4 years ago
|
|
||
|
4 years ago
|
${0##*/} /accounts | jq .
|
||
|
4 years ago
|
|
||
|
|
|
||
|
4 years ago
|
# List currently authenticated user's account memberships and permissions:
|
||
|
4 years ago
|
|
||
|
4 years ago
|
${0##*/} /memberships | jq .
|
||
|
4 years ago
|
|
||
|
|
|
||
|
4 years ago
|
# List all zones:
|
||
|
4 years ago
|
|
||
|
4 years ago
|
${0##*/} /zones | jq .
|
||
|
4 years ago
|
|
||
|
|
|
||
|
4 years ago
|
# List all DNS records in a given zone (see cloudflare_dns_records.sh / cloudflare_dns_records_all_zones.sh):
|
||
|
4 years ago
|
|
||
|
4 years ago
|
${0##*/} /zones/<zone_id>/dns_records
|
||
|
4 years ago
|
|
||
|
|
|
||
|
4 years ago
|
# Export your DNS records in Bind config format:
|
||
|
4 years ago
|
|
||
|
4 years ago
|
${0##*/} /zones/<zone_id>/dns_records/export
|
||
|
4 years ago
|
|
||
|
|
|
||
|
4 years ago
|
# DNS analytics reports:
|
||
|
4 years ago
|
|
||
|
4 years ago
|
${0##*/} /zones/<zone_id>/dns_analytics/report
|
||
|
|
${0##*/} /zones/<zone_id>/dns_analytics/report/bytime
|
||
|
4 years ago
|
|
||
|
|
|
||
|
4 years ago
|
# Details about DNSSEC status and configuration (see cloudflare_dnssec.sh for status across all zones)
|
||
|
4 years ago
|
|
||
|
4 years ago
|
${0##*/} zones/<zone_id>/dnssec
|
||
|
4 years ago
|
|
||
|
|
|
||
|
4 years ago
|
# List DNS Firewall clusters for an account:
|
||
|
4 years ago
|
|
||
|
4 years ago
|
${0##*/} /accounts/<account_id>/virtual_dns
|
||
|
4 years ago
|
|
||
|
|
|
||
|
3 years ago
|
# List the IPv4 and IPv6 cidr ranges for Cloudflare (see cloudflare_ip_ranges.sh for a ready parsed example of this):
|
||
|
4 years ago
|
|
||
|
4 years ago
|
${0##*/} /ips | jq .
|
||
|
4 years ago
|
|
||
|
|
|
||
|
4 years ago
|
# List custom certificates (.result.status and .result.expires_on fields may be of interest):
|
||
|
4 years ago
|
|
||
|
4 years ago
|
${0##*/} /zones/<zone_id>/custom_certificates
|
||
|
4 years ago
|
|
||
|
|
|
||
|
4 years ago
|
# Gets Cloudflare zone SSL verification status for a given zone (see cloudflare_ssl_verified.sh):
|
||
|
4 years ago
|
|
||
|
4 years ago
|
${0##*/} /zones/<zone_id>/ssl/verification
|
||
|
4 years ago
|
|
||
|
|
|
||
|
4 years ago
|
# Get Firewall Rules for a zone:
|
||
|
4 years ago
|
|
||
|
4 years ago
|
${0##*/} /zones/<zone_id>/firewall/rules
|
||
|
4 years ago
|
|
||
|
|
|
||
|
4 years ago
|
# Get Firewall Security Events for a zone:
|
||
|
4 years ago
|
|
||
|
4 years ago
|
${0##*/} /zones/<zone_id>/security/events
|
||
|
4 years ago
|
|
||
|
|
|
||
|
4 years ago
|
# List account rules lists:
|
||
|
4 years ago
|
|
||
|
4 years ago
|
${0##*/} /accounts/<account_id>/rules/lists
|
||
|
4 years ago
|
|
||
|
|
|
||
|
4 years ago
|
# List load balancer pools:
|
||
|
4 years ago
|
|
||
|
4 years ago
|
${0##*/} /user/load_balancers/pools
|
||
|
4 years ago
|
|
||
|
|
|
||
|
4 years ago
|
# List load balancer monitors:
|
||
|
4 years ago
|
|
||
|
4 years ago
|
${0##*/} /user/load_balancers/monitors
|
||
|
4 years ago
|
|
||
|
|
|
||
|
4 years ago
|
# List load balancers for a zone:
|
||
|
4 years ago
|
|
||
|
4 years ago
|
${0##*/} /zones/<zone_id>/load_balancers
|
||
|
4 years ago
|
|
||
|
|
|
||
|
4 years ago
|
# Get all cidr ranges owned by the account:
|
||
|
4 years ago
|
|
||
|
4 years ago
|
${0##*/} /accounts/<account_id>/addressing/prefixes
|
||
|
4 years ago
|
|
||
|
|
|
||
|
4 years ago
|
# List healthchecks for a zone:
|
||
|
4 years ago
|
|
||
|
4 years ago
|
${0##*/} /zones/<zone_id>/healthchecks
|
||
|
4 years ago
|
"
|
||
|
|
|
||
|
|
# used by usage() in lib/utils.sh
|
||
|
|
# shellcheck disable=SC2034
|
||
|
|
usage_args="/path [<curl_options>]"
|
||
|
|
|
||
|
|
url_base="https://api.cloudflare.com/client/v4"
|
||
|
|
|
||
|
|
help_usage "$@"
|
||
|
|
|
||
|
|
min_args 1 "$@"
|
||
|
|
|
||
|
4 years ago
|
curl_api_opts "$@"
|
||
|
4 years ago
|
|
||
|
4 years ago
|
url_path="$1"
|
||
|
|
shift || :
|
||
|
|
|
||
|
|
url_path="${url_path##/}"
|
||
|
|
|
||
|
2 years ago
|
if ! is_blank "${CLOUDFLARE_TOKEN:-}"; then
|
||
|
|
export TOKEN="$CLOUDFLARE_TOKEN"
|
||
|
8 months ago
|
"$srcdir/../bin/curl_auth.sh" "$url_base/$url_path" "${CURL_OPTS[@]}" "$@"
|
||
|
2 years ago
|
elif ! is_blank "${CLOUDFLARE_EMAIL:-}" &&
|
||
|
|
! is_blank "${CLOUDFLARE_API_KEY:-}"; then
|
||
|
|
export X_AUTH_EMAIL="X-Auth-Email: $CLOUDFLARE_EMAIL"
|
||
|
|
export X_AUTH_API_KEY="X-Auth-Key: $CLOUDFLARE_API_KEY"
|
||
|
|
curl "$url_base/$url_path" "${CURL_OPTS[@]}" -H @<(cat <<< "$X_AUTH_EMAIL") -H @<(cat <<< "$X_AUTH_API_KEY") "$@"
|
||
|
|
else
|
||
|
|
usage "CLOUDFLARE_TOKEN or CLOUDFLARE_EMAIL/CLOUDFLARE_API_KEY environment variables not specified"
|
||
|
|
fi
|