Overview
The Cloudflare integration provides role-based access control for managing DNS records and other Cloudflare features for domains managed by the Comserv2 system. It integrates with the existing site and user management system to ensure that users can only access domains they have permission to manage.
Configuration
The Cloudflare integration is configured using a JSON file located at Comserv/config/cloudflare_config.json.
This file contains the following sections:
{
"cloudflare": {
"api_token": "YOUR_TOKEN",
"account_id": "YOUR_ACCOUNT_ID",
"email": "[email protected]"
},
"roles": {
"admin": {
"permissions": ["dns:edit", "zone:edit", "ssl:edit", "cache:edit"]
},
"developer": {
"permissions": ["dns:edit", "cache:edit"]
},
"editor": {
"permissions": ["dns:edit"]
}
},
"site_specific_permissions": {
"beemaster.ca": {
"editor": ["dns:edit", "cache:edit"]
}
}
}Configuration Sections
-
cloudflare: Contains the API credentials for accessing the Cloudflare API.
- api_token: Your Cloudflare API token
- account_id: Your Cloudflare account ID
- email: The email address associated with your Cloudflare account
-
roles: Defines the default permissions for each role.
- Each role has a list of permissions it is granted by default
- Available permissions: dns:edit, zone:edit, ssl:edit, cache:edit
-
site_specific_permissions: Defines domain-specific permission overrides.
- Allows you to grant additional permissions for specific domains
- Overrides the default permissions for the specified role and domain
Integration with Existing System
The Cloudflare integration uses the existing site and user management system in Comserv2:
- Sites are managed through the
Sitetable - Domains are managed through the
SiteDomaintable - User roles are managed through the
userstable
Available Features
The Cloudflare integration provides the following features:
-
DNS Management
- View DNS records for a domain
- Add new DNS records
- Edit existing DNS records
- Delete DNS records
-
Cache Management
- Purge cache for a domain
Role-Based Access Control
The Cloudflare integration implements role-based access control to ensure that users can only access domains they have permission to manage:
- Admin: Can manage all domains and all features
- Developer: Can manage DNS records and cache for all domains
- Editor: Can only manage DNS records for domains they have access to
Technical Implementation
The Cloudflare integration consists of the following components:
- CloudflareManager.py: A Python module that handles the interaction with the Cloudflare API and implements role-based access control.
- CloudflareAPI.pm: A Catalyst controller that provides a web interface for managing Cloudflare features.
- cloudflare/index.tt: A template for the Cloudflare management interface.
- cloudflare.css: CSS styles for the Cloudflare management interface.
Dependencies
The Cloudflare integration requires the following dependencies:
- Python 3.6 or higher
- Cloudflare Python SDK (
pip install cloudflare) - JSON module for Python
- IPC::Run3 Perl module
Installation
To install the Cloudflare integration:
- Install the required dependencies:
pip install cloudflare - Configure the
cloudflare_config.jsonfile with your Cloudflare API credentials - Restart the Comserv2 application
Usage
To use the Cloudflare integration:
- Log in to the Comserv2 application
- Navigate to the Cloudflare management interface at
/cloudflareapi - Select a site to manage
- Select a domain to manage DNS records
- Use the interface to view, add, edit, or delete DNS records