Intro
The examples provided on github are kind of wrong. I created an example script which actually works. If you simply copy their example and try the one where you add a DNS record using the python interface to the api, you will get this error:
CloudFlare.exceptions.CloudFlareAPIError: Requires permission “com.cloudflare.api.account.zone.create” to create zones for the selected account
Read on to see the corrected script.
Then some months later I created a script – still using the python api – to do a DNS export of all the zone files our account owns on Cloudflare. I will also share that.
The details
I call the program below listrecords.py. This one was copied from somewhere and it worked without modification:
import CloudFlare
import sys
def main():
zone_name = sys.argv[1]
cf = CloudFlare.CloudFlare()
# query for the zone name and expect only one value back
try:
zones = cf.zones.get(params = {'name':zone_name,'per_page':1})
except CloudFlare.exceptions.CloudFlareAPIError as e:
exit('/zones.get %d %s - api call failed' % (e, e))
except Exception as e:
exit('/zones.get - %s - api call failed' % (e))
if len(zones) == 0:
exit('No zones found')
# extract the zone_id which is needed to process that zone
zone = zones[0]
zone_id = zone['id']
# request the DNS records from that zone
try:
dns_records = cf.zones.dns_records.get(zone_id)
except CloudFlare.exceptions.CloudFlareAPIError as e:
exit('/zones/dns_records.get %d %s - api call failed' % (e, e))
# print the results - first the zone name
print("zone_id=%s zone_name=%s" % (zone_id, zone_name))
# then all the DNS records for that zone
for dns_record in dns_records:
r_name = dns_record['name']
r_type = dns_record['type']
r_value = dns_record['content']
r_id = dns_record['id']
print('\t', r_id, r_name, r_type, r_value)
exit(0)
if __name__ == '__main__':
main()
The next script adds a DNS record. This is the one which I needed to modify.
# kind of from https://github.com/cloudflare/python-cloudflare
# except that most of their python examples are wrong. So this is a working version...
import sys
import CloudFlare
def main():
zone_name = sys.argv[1]
print('input zone name',zone_name)
cf = CloudFlare.CloudFlare()
# zone_info is a list: [{'id': '20bd55fbc94ff155c468739', 'name': 'johnstechtalk-2.com', 'status': 'pending',
zone_info = cf.zones.get(params={'name': zone_name})
zone_id = zone_info[0]['id']
dns_records = [
{'name':'foo', 'type':'A', 'content':'192.168.0.1'},
]
for dns_record in dns_records:
r = cf.zones.dns_records.post(zone_id, data=dns_record)
exit(0)
if __name__ == '__main__':
main()
The zone_id is where the original program’s wheels fell off. Cloudflare Support does not support this python api, at least that’s what they told me. So I was on my own. What gave me confidence that it really should work is that when you install the python package, it also installs cli4. And cli4 works pretty well! The examples work. cli4 is a command line program for linux. But when you examine it you realize it’s (I think) using the python behind the scenes. And in the original bad code there was a POST just to get the zone_id – that didn’t seem right to me.
Backup all zones in the Cloudflare account by doing a DNS export
I call this script backup-all-zones.py:
import os
import CloudFlare
from datetime import datetime
def listzones(cf):
allzones = list()
page_number = 0
while True:
page_number += 1
raw_results = cf.zones.get(params={'per_page':20,'page':page_number})
#print(raw_results)
zones = raw_results['result']
for zone in zones:
zone_id = zone['id']
zone_name = zone['name']
print("zone_id=%s zone_name=%s" % (zone_id, zone_name))
allzones.append([zone_id,zone_name])
total_pages = raw_results['result_info']['total_pages']
if page_number == total_pages:
break
#print('allzones',allzones)
return allzones
# main program
today = datetime.today().date() # today's date
date = today.strftime('%Y%m%d') # formatted date
print('Begin backup of zones on this day:',date)
newdir = 'zones-' + date
os.makedirs(newdir,exist_ok=True)
cf = CloudFlare.CloudFlare(raw=True)
print('Getting list of all zones and zone ids')
allzones = listzones(cf)
print('Begin export of the zone data')
for zone in allzones:
zone_id,zone_name = zone
print('Doing dns export of',zone_id,zone_name)
# call to do a BIND-style export of the zone, specified by zoneid
res = cf.zones.dns_records.export.get(zone_id)
dns_records = res['result']
with open(f'{newdir}/{zone_name}','w') as f:
f.write(dns_records)
# create compressed tar file and delete temp directory
print('Create compressed tar file')
os.system(f'tar czf backups/{newdir}.tar.gz {newdir}')
print(f'Remove directory {newdir} and all its contents')
os.system(f'rm -rf {newdir}')
As mentioned in the comments the cool thing in this backup is that the format output is the BIND style of files, which are quite readable. Obviously this script is designed for linux systems because that’s all I use.
Backup all zones again, without using the CF python api
After we upgraded to python 3.12 the CF api didn’t really work. It may just be we needed the private certificates installed. Regardless, that led us to create this backup script which does not depend on the CF python api. Well, it includes it, but it’s not material and could be removed. Instead direct url calls are made.
import os
import CloudFlare
from datetime import datetime,timezone
import urllib3
import requests
def listzones(cf):
allzones = list()
page_number = 0
results_per_page = 50 # max allowed
while True:
page_number += 1
#raw_results = cf.zones.get(params={'per_page':20,'page':page_number})
url = f"https://api.cloudflare.com/client/v4/zones?per_page={results_per_page}&page={page_number}"
raw_results = requests.get(
url=url,
headers={
'Authorization': 'Bearer {}'.format(os.environ['CLOUDFLARE_API_TOKEN']),
'Content-Type': 'application/json'
},
)
print('results')
#print(raw_results)
print(raw_results.json())
zones = raw_results.json().get('result')
for zone in zones:
zone_id = zone['id']
zone_name = zone['name']
print("zone_id=%s zone_name=%s" % (zone_id, zone_name))
allzones.append([zone_id,zone_name])
total_count = raw_results.json()['result_info']['total_count']
total_pages = int(total_count/results_per_page)
# fraction of a page is the last page, if applicable
if total_count % results_per_page > 0: total_pages += 1
if page_number == total_pages:
break
#print('allzones',allzones)
return allzones
# main program
urllib3.disable_warnings()
#today = datetime.utcnow() # today's date
today = datetime.now(timezone.utc)
date = today.strftime('%Y%m%d') # formatted date
print('Begin backup of zones on this day:',date)
newdir = 'zones-' + date
os.makedirs(newdir,exist_ok=True)
cf = CloudFlare.CloudFlare(raw=True, warnings=False)
print('Getting list of all zones and zone ids')
allzones = listzones(cf)
print('Total zone count:',len(allzones))
print('Begin export of the zone data')
for zone in allzones:
zone_id,zone_name = zone
print('Doing dns export of',zone_id,zone_name)
# call to do a BIND-style export of the zone, specified by zoneid
#res = cf.zones.dns_records.export.get(zone_id)
raw_results = requests.get(
url = 'https://api.cloudflare.com/client/v4/zones/{}/dns_records/export'.format(zone_id),
headers={
'Authorization': 'Bearer {}'.format(os.environ['CLOUDFLARE_API_TOKEN']),
'Content-Type': 'application/json'
},
)
dns_records = raw_results.text
print('dns records: first few lines, skip a few, then a few more entries')
print(dns_records[:128],dns_records[840:968])
with open(f'{newdir}/{zone_name}','w') as f:
f.write(dns_records)
# create compressed tar file and delete temp directory
print('Create compressed tar file')
os.system(f'tar czf backups/{newdir}.tar.gz {newdir}')
print(f'Remove directory {newdir} and all its contents')
os.system(f'rm -rf {newdir}')
The environment
Just to note it, you install the package with a pip3 install cloudflare. Then I set up an environment variable CLOUDFLARE_API_TOKEN before running these programs.
Conclusion
I’ve shown a corrected python script which uses the Cloudflare api. I’ve also shown another one which can do a backup of all Cloudflare zones.
References and related
The (wrong) api examples on github
My hearty endorsement of Using Cloudflare’s free tier to protect your personal web site.