ignore zone that do not have any A or AAAA records (#42)

crowdsecurity · Jul 15, 2024 · 7a9fd71 · 7a9fd71
1 parent cb3b977
commit 7a9fd71
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 6 deletions.
diff --git a/cmd/root.go b/cmd/root.go
@@ -249,10 +249,16 @@ func Execute(configTokens *string, configOutputPath *string, configPath *string,
 				manager := m
 				mg.Go(func() error {
 					if err := manager.ProcessDeletedDecisions(streamDecision.Deleted); err != nil {
-						return fmt.Errorf("account %s, unable to process deleted decisions: %w", manager.AccountCfg.Name, err)
+						log.Errorf("account %s, unable to process deleted decisions: %s", manager.AccountCfg.Name, err)
+						log.Error("The internal cache of the bouncer is now likely out of sync, and likely needs a restart")
+						log.Error("If this error persists, please open an issue on https://github.com/crowdsecurity/cs-cloudflare-worker-bouncer/issues")
+						return nil
 					}
 					if err := manager.ProcessNewDecisions(streamDecision.New); err != nil {
-						return fmt.Errorf("account %s, unable to process new decisions: %w", manager.AccountCfg.Name, err)
+						log.Errorf("account %s, unable to process new decisions: %s", manager.AccountCfg.Name, err)
+						log.Error("The internal cache of the bouncer is now likely out of sync, and likely needs a restart")
+						log.Error("If this error persists, please open an issue on https://github.com/crowdsecurity/cs-cloudflare-worker-bouncer/issues")
+						return nil
 					}
 					return nil
 				})

diff --git a/pkg/cfg/config.go b/pkg/cfg/config.go
@@ -11,6 +11,7 @@ import (
 	"github.com/cloudflare/cloudflare-go"
 	"github.com/crowdsecurity/go-cs-lib/csstring"
 	"github.com/crowdsecurity/go-cs-lib/yamlpatch"
+	log "github.com/sirupsen/logrus"
 	"gopkg.in/yaml.v3"
 )
 
@@ -251,15 +252,15 @@ func ConfigTokens(tokens string, baseConfigPath string) (string, error) {
 	for _, token := range strings.Split(tokens, ",") {
 		api, err := cloudflare.NewWithAPIToken(token)
 		if err != nil {
-			return "", err
+			return "", fmt.Errorf("failed to create cloudflare api client: %w", err)
 		}
 		accounts, _, err := api.Accounts(ctx, cloudflare.AccountsListParams{})
 		if err != nil {
-			return "", err
+			return "", fmt.Errorf("failed to list accounts: %w", err)
 		}
 		zones, err := api.ListZones(ctx)
 		if err != nil {
-			return "", err
+			return "", fmt.Errorf("failed to list zones: %w", err)
 		}
 		for _, account := range accounts {
 			accountByID[account.ID] = account
@@ -277,6 +278,25 @@ func ConfigTokens(tokens string, baseConfigPath string) (string, error) {
 		}
 
 		for _, zone := range zones {
+			has_a_record := false
+			records, _, err := api.ListDNSRecords(ctx, cloudflare.ZoneIdentifier(zone.ID), cloudflare.ListDNSRecordsParams{})
+
+			if err != nil {
+				return "", fmt.Errorf("failed to list dns records for zone %s: %w (make sure your token has read permissions the Zone/DNS item)", zone.Name, err)
+			}
+
+			for _, record := range records {
+				if record.Type == "A" || record.Type == "AAAA" {
+					has_a_record = true
+					break
+				}
+			}
+
+			if !has_a_record {
+				log.Infof("Skipping zone %s as it does not have any A or AAAA records", zone.Name)
+				continue
+			}
+
 			zoneByID[zone.ID] = zone
 			accountIDX := accountIDXByID[zone.Account.ID]
 			accountConfigs[accountIDX].ZoneConfigs = append(accountConfigs[accountIDX].ZoneConfigs, &ZoneConfig{
@@ -297,7 +317,7 @@ func ConfigTokens(tokens string, baseConfigPath string) (string, error) {
 	baseConfig.CloudflareConfig = cfConfig
 	data, err := yaml.Marshal(baseConfig)
 	if err != nil {
-		return "", err
+		return "", fmt.Errorf("failed to marshal config: %w", err)
 	}
 
 	lineString := string(data)