cloudflare_dns: fix crash when deleting a DNS record or when updating a record with solo=true

[valievkarim]

SUMMARY

On 2025-01-27, Cloudflare removed the zone_id field from the DNS record API responses. This caused a KeyError in the delete_dns_records method, which previously relied on rr['zone_id'].

This commit ensures the zone ID is retrieved via _get_zone_id() rather than using the no-longer-provided zone_id field in the record response.

Reference: https://developers.cloudflare.com/dns/changelog/#2025-01-27

ISSUE TYPE

• Bugfix Pull Request

COMPONENT NAME

cloudflare_dns

ADDITIONAL INFORMATION

before fix:

cfdnstest.yaml

- name: test cloudflare_dns
  hosts: localhost
  gather_facts: no
  vars:
    cloudflare_key_path: "cloudflare-token.txt"
    dns_name: cfrecordtest
    proxied_dns_zone: scopeful.io
    dest_1: "2a01:4f9:6b:4721::1"
    dest_2: "2a01:4f9:6b:4721::2"
  tasks:
    - name: "Create proxied AAAA record {{ dns_name }}.{{ proxied_dns_zone }} => {{ dest_1 }}"
      cloudflare_dns:
        zone: "{{ proxied_dns_zone }}"
        record: "{{ dns_name }}"
        type: AAAA
        solo: true
        proxied: true
        value: "{{ dest_1 }}"
        api_token: "{{ lookup('file', cloudflare_key_path) }}"

    - name: "Update proxied AAAA record {{ dns_name }}.{{ proxied_dns_zone }} => {{ dest_2 }}"
      cloudflare_dns:
        zone: "{{ proxied_dns_zone }}"
        record: "{{ dns_name }}"
        type: AAAA
        solo: true
        proxied: true
        value: "{{ dest_2 }}"
        api_token: "{{ lookup('file', cloudflare_key_path) }}"

    - name: "Delete AAAA record {{ dns_name }}.{{ proxied_dns_zone }}"
      cloudflare_dns:
        zone: "{{ proxied_dns_zone }}"
        record: "{{ dns_name }}"
        type: AAAA
        state: absent
        api_token: "{{ lookup('file', cloudflare_key_path) }}"

$ ansible-playbook cfdnstest.yaml
[WARNING]: No inventory was parsed, only implicit localhost is available
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'

PLAY [test cloudflare_dns] *******************************************************************************************************************************************************

TASK [Create proxied AAAA record cfrecordtest.scopeful.io => 2a01:4f9:6b:4721::1] ************************************************************************************************
changed: [localhost]

TASK [Update proxied AAAA record cfrecordtest.scopeful.io => 2a01:4f9:6b:4721::2] ************************************************************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: KeyError: 'zone_id'
fatal: [localhost]: FAILED! => changed=false
  module_stderr: |-
    Traceback (most recent call last):
      File "/Users/karim/.ansible/tmp/ansible-tmp-1738197314.785573-15327-100923117162027/AnsiballZ_cloudflare_dns.py", line 107, in <module>
        _ansiballz_main()
      File "/Users/karim/.ansible/tmp/ansible-tmp-1738197314.785573-15327-100923117162027/AnsiballZ_cloudflare_dns.py", line 99, in _ansiballz_main
        invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
      File "/Users/karim/.ansible/tmp/ansible-tmp-1738197314.785573-15327-100923117162027/AnsiballZ_cloudflare_dns.py", line 47, in invoke_module
        runpy.run_module(mod_name='ansible_collections.community.general.plugins.modules.cloudflare_dns', init_globals=dict(_module_fqn='ansible_collections.community.general.plugins.modules.cloudflare_dns', _modlib_path=modlib_path),
      File "<frozen runpy>", line 226, in run_module
      File "<frozen runpy>", line 98, in _run_module_code
      File "<frozen runpy>", line 88, in _run_code
      File "/var/folders/tr/2fynb8ld26g1_kjxwsyxxmzm0000gn/T/ansible_cloudflare_dns_payload_ywbxuqcw/ansible_cloudflare_dns_payload.zip/ansible_collections/community/general/plugins/modules/cloudflare_dns.py", line 1000, in <module>
      File "/var/folders/tr/2fynb8ld26g1_kjxwsyxxmzm0000gn/T/ansible_cloudflare_dns_payload_ywbxuqcw/ansible_cloudflare_dns_payload.zip/ansible_collections/community/general/plugins/modules/cloudflare_dns.py", line 987, in main
      File "/var/folders/tr/2fynb8ld26g1_kjxwsyxxmzm0000gn/T/ansible_cloudflare_dns_payload_ywbxuqcw/ansible_cloudflare_dns_payload.zip/ansible_collections/community/general/plugins/modules/cloudflare_dns.py", line 695, in delete_dns_records
    KeyError: 'zone_id'
  module_stdout: ''
  msg: |-
    MODULE FAILURE: No start of json char found
    See stdout/stderr for the exact error
  rc: 1

PLAY RECAP ***********************************************************************************************************************************************************************
localhost                  : ok=1    changed=1    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

after fix:

$ ansible-playbook cfdnstest.yaml
[WARNING]: No inventory was parsed, only implicit localhost is available
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'

PLAY [test cloudflare_dns] *******************************************************************************************************************************************************

TASK [Create proxied AAAA record cfrecordtest.scopeful.io => 2a01:4f9:6b:4721::1] ************************************************************************************************
ok: [localhost]

TASK [Update proxied AAAA record cfrecordtest.scopeful.io => 2a01:4f9:6b:4721::2] ************************************************************************************************
changed: [localhost]

TASK [Delete AAAA record cfrecordtest.scopeful.io] *******************************************************************************************************************************
changed: [localhost]

PLAY RECAP ***********************************************************************************************************************************************************************
localhost                  : ok=3    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

[ansibullbot]

cc @mgruener
click here for bot help

[valievkarim]

ready_for_review

[felixfontein]

Thanks for your contribution! I've added a first comment below.

[valievkarim]

@felixfontein i've accepted your change, thank you for review!

[valievkarim]

this fixes issue #9652

[felixfontein]

@ibot3 would you mind testing this PR?

[russoz]

LGTM from the Ansible perspective, cannot vouch for how it behaves for realsies with Cloudflare

[ibot3]

@ibot3 would you mind testing this PR?

Works for me 👍

[patchback]

Backport to stable-9: 💚 backport PR created

✅ Backport PR branch: patchback/backports/stable-9/19d0049698822de628b536361e27b4bf0032b840/pr-9649

Backported as #9654

🤖 @patchback
I'm built with octomachinery and
my source is open — https://github.com/sanitizers/patchback-github-app.

[patchback]

Backport to stable-10: 💚 backport PR created

✅ Backport PR branch: patchback/backports/stable-10/19d0049698822de628b536361e27b4bf0032b840/pr-9649

Backported as #9655

🤖 @patchback
I'm built with octomachinery and
my source is open — https://github.com/sanitizers/patchback-github-app.

[felixfontein]

@valievkarim thanks for fixing this!
@russoz thanks for reviewing!
@ibot3 thanks for testing!