ops-assistant/runbooks/cf_dns_proxy.yaml

version: 1
name: cf_dns_proxy
description: 修改 DNS 代理开关（按 record_id 或 name）
steps:
  - id: resolve_dns
    action: ssh.exec
    on_fail: stop
    with:
      target: hwsg
      command: "CF_API_TOKEN=${env_cf_api_token} INPUT_RECORD_ID=${env.INPUT_RECORD_ID} INPUT_NAME=${env.INPUT_NAME} python3 - <<'PY'\nimport os,requests,json\nrec=os.getenv('INPUT_RECORD_ID','').strip()\nname=os.getenv('INPUT_NAME','').strip()\nif rec=='__empty__':\n    rec=''\nif name=='__empty__':\n    name=''\ntoken=os.getenv('CF_API_TOKEN','')\nheaders={'Authorization':'Bearer '+token,'Content-Type':'application/json'}\nresp=requests.get('https://api.cloudflare.com/client/v4/zones?per_page=200', headers=headers, timeout=15)\nresp.raise_for_status()\nfor z in resp.json().get('result',[]):\n    zid=z.get('id')\n    if rec:\n        r=requests.get(f'https://api.cloudflare.com/client/v4/zones/{zid}/dns_records/{rec}', headers=headers, timeout=15)\n        if r.status_code==200:\n            data=r.json()\n            if data.get('success') and data.get('result'):\n                out=data.get('result')\n                out['_zone_id']=zid\n                print(json.dumps({'success':True,'result':out}))\n                raise SystemExit(0)\n        continue\n    if name:\n        r=requests.get(f'https://api.cloudflare.com/client/v4/zones/{zid}/dns_records', headers=headers, params={'name': name, 'per_page': 100}, timeout=15)\n        if r.status_code==200:\n            data=r.json()\n            if data.get('success') and data.get('result'):\n                rec0=data['result'][0]\n                rec0['_zone_id']=zid\n                print(json.dumps({'success':True,'result':rec0}))\n                raise SystemExit(0)\nprint(json.dumps({'success':False,'errors':['record_not_found']}))\nPY"
  - id: assert_resolve
    action: assert.json
    on_fail: stop
    with:
      source_step: resolve_dns
      required_paths:
        - "success"
  - id: update_dns
    action: ssh.exec
    on_fail: stop
    with:
      target: hwsg
      command: "CF_API_TOKEN=${env_cf_api_token} INPUT_PROXIED=${env.INPUT_PROXIED} INPUT_JSON='${steps.resolve_dns.output}' python3 - <<'PY'\nimport os,requests,json\nproxied=os.getenv('INPUT_PROXIED','false').lower()=='true'\ntoken=os.getenv('CF_API_TOKEN','')\nheaders={'Authorization':'Bearer '+token,'Content-Type':'application/json'}\nraw=os.getenv('INPUT_JSON','')\ntry:\n    data=json.loads(raw)\nexcept Exception:\n    data={}\nres=data.get('result') or {}\nzone_id=res.get('_zone_id')\nrec_id=res.get('id')\nif not zone_id or not rec_id:\n    print(json.dumps({'success':False,'errors':['record_not_found']}))\n    raise SystemExit(1)\npayload={\n  'type': res.get('type'),\n  'name': res.get('name'),\n  'content': res.get('content'),\n  'proxied': proxied\n}\nresp=requests.put(f'https://api.cloudflare.com/client/v4/zones/{zone_id}/dns_records/{rec_id}', headers=headers, json=payload, timeout=15)\nprint(resp.text)\nPY"
  - id: assert_update
    action: assert.json
    on_fail: stop
    with:
      source_step: update_dns
      required_paths:
        - "success"