d-bis/loc_az_hci
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c39465c2bdadf4e119b35453a6add452d79afcfa
loc_az_hci/scripts/utils/test-cloudflare-connection.sh
defiQUG c39465c2bd
Some checks failed
Test / test (push) Has been cancelled
Details
Initial commit: loc_az_hci (smom-dbis-138 excluded via .gitignore) 
Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-08 09:04:46 -08:00

236 lines
9.0 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
source ~/.bashrc
# Test Cloudflare API Connection Script
# Tests connectivity and authentication to Cloudflare using .env credentials
set -e
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m'
# Load environment variables from .env if it exists
if [ -f .env ]; then
set -a
source <(grep -v '^#' .env | grep -v '^$' | sed 's/#.*$//' | sed 's/^[[:space:]]*//;s/[[:space:]]*$//' | grep '=')
set +a
fi
# Cloudflare configuration (support multiple variable names)
CLOUDFLARE_API_TOKEN="${CLOUDFLARE_API_TOKEN:-${CLOUDFLARE_API_KEY:-}}"
CLOUDFLARE_TUNNEL_TOKEN="${CLOUDFLARE_TUNNEL_TOKEN:-}"
CLOUDFLARE_ACCOUNT_EMAIL="${CLOUDFLARE_ACCOUNT_EMAIL:-}"
CLOUDFLARE_ACCOUNT_ID="${CLOUDFLARE_ACCOUNT_ID:-}"
CLOUDFLARE_ZONE_ID="${CLOUDFLARE_ZONE_ID:-}"
CLOUDFLARE_DOMAIN="${CLOUDFLARE_DOMAIN:-}"
log_info() {
echo -e "${GREEN}[INFO]${NC} $1"
}
log_warn() {
echo -e "${YELLOW}[WARN]${NC} $1"
}
log_error() {
echo -e "${RED}[ERROR]${NC} $1"
}
log_test() {
echo -e "${BLUE}[TEST]${NC} $1"
}
test_cloudflare_api() {
log_test "Testing Cloudflare API connection..."
if [ -z "$CLOUDFLARE_API_TOKEN" ]; then
log_error "CLOUDFLARE_API_TOKEN not set (check .env file)"
return 1
fi
# Test API token authentication
log_test " Testing API token authentication..."
local api_response=$(curl -s -X GET "https://api.cloudflare.com/client/v4/user/tokens/verify" \
-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
-H "Content-Type: application/json" 2>&1)
if echo "$api_response" | grep -q '"success":true'; then
echo -e " ${GREEN}${NC} API token authentication successful"
# Extract account information
local account_id=$(echo "$api_response" | grep -o '"id":"[^"]*' | head -1 | cut -d'"' -f4)
local account_email=$(echo "$api_response" | grep -o '"email":"[^"]*' | cut -d'"' -f4)
local status=$(echo "$api_response" | grep -o '"status":"[^"]*' | cut -d'"' -f4)
echo " Account ID: $account_id"
echo " Account Email: $account_email"
echo " Status: $status"
# Test account information retrieval
log_test " Testing account information retrieval..."
local account_response=$(curl -s -X GET "https://api.cloudflare.com/client/v4/accounts" \
-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
-H "Content-Type: application/json" 2>&1)
if echo "$account_response" | grep -q '"success":true'; then
echo -e " ${GREEN}${NC} Account information retrieved"
local account_count=$(echo "$account_response" | grep -o '"id":"[^"]*' | wc -l)
echo " Accounts found: $account_count"
else
echo -e " ${YELLOW}${NC} Could not retrieve account information"
fi
# Test Zero Trust API (if available)
log_test " Testing Zero Trust API access..."
local zero_trust_response=$(curl -s -X GET "https://api.cloudflare.com/client/v4/accounts/$account_id/gateway/locations" \
-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
-H "Content-Type: application/json" 2>&1)
if echo "$zero_trust_response" | grep -q '"success":true'; then
echo -e " ${GREEN}${NC} Zero Trust API accessible"
elif echo "$zero_trust_response" | grep -q '"errors"'; then
local error_code=$(echo "$zero_trust_response" | grep -o '"code":[0-9]*' | head -1 | cut -d':' -f2)
if [ "$error_code" = "10004" ]; then
echo -e " ${YELLOW}${NC} Zero Trust not enabled (error 10004)"
log_info " Enable Zero Trust in Cloudflare Dashboard to use Tunnel features"
else
echo -e " ${YELLOW}${NC} Zero Trust API error (code: $error_code)"
fi
else
echo -e " ${YELLOW}${NC} Zero Trust API test inconclusive"
fi
# Test Tunnel API (if Zero Trust enabled)
if [ -n "$CLOUDFLARE_ACCOUNT_ID" ]; then
local account_id_for_tunnel="$CLOUDFLARE_ACCOUNT_ID"
else
local account_id_for_tunnel="$account_id"
fi
log_test " Testing Tunnel API access..."
local tunnel_response=$(curl -s -X GET "https://api.cloudflare.com/client/v4/accounts/$account_id_for_tunnel/cfd_tunnel" \
-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
-H "Content-Type: application/json" 2>&1)
if echo "$tunnel_response" | grep -q '"success":true'; then
echo -e " ${GREEN}${NC} Tunnel API accessible"
local tunnel_count=$(echo "$tunnel_response" | grep -o '"id":"[^"]*' | wc -l)
echo " Existing tunnels: $tunnel_count"
elif echo "$tunnel_response" | grep -q '"errors"'; then
local error_code=$(echo "$tunnel_response" | grep -o '"code":[0-9]*' | head -1 | cut -d':' -f2)
if [ "$error_code" = "10004" ]; then
echo -e " ${YELLOW}${NC} Zero Trust required for Tunnel API"
else
echo -e " ${YELLOW}${NC} Tunnel API error (code: $error_code)"
fi
else
echo -e " ${YELLOW}${NC} Tunnel API test inconclusive"
fi
# Test DNS API (if zone ID provided)
if [ -n "$CLOUDFLARE_ZONE_ID" ]; then
log_test " Testing DNS API with Zone ID..."
local dns_response=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID" \
-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
-H "Content-Type: application/json" 2>&1)
if echo "$dns_response" | grep -q '"success":true'; then
echo -e " ${GREEN}${NC} Zone access successful"
local zone_name=$(echo "$dns_response" | grep -o '"name":"[^"]*' | cut -d'"' -f4)
local zone_status=$(echo "$dns_response" | grep -o '"status":"[^"]*' | cut -d'"' -f4)
echo " Zone: $zone_name"
echo " Status: $zone_status"
else
echo -e " ${RED}${NC} Zone access failed"
echo " Response: $dns_response"
fi
else
log_warn " CLOUDFLARE_ZONE_ID not set, skipping DNS zone test"
fi
return 0
else
echo -e " ${RED}${NC} API token authentication failed"
if echo "$api_response" | grep -q '"errors"'; then
local error_msg=$(echo "$api_response" | grep -o '"message":"[^"]*' | head -1 | cut -d'"' -f4)
echo " Error: $error_msg"
else
echo " Response: $api_response"
fi
return 1
fi
}
main() {
echo "========================================="
echo "Cloudflare API Connection Test"
echo "========================================="
echo ""
# Check if .env file exists
if [ ! -f .env ]; then
log_warn ".env file not found. Using environment variables or defaults."
log_warn "Create .env from .env.example and configure credentials."
echo ""
fi
# Validate required variables
if [ -z "$CLOUDFLARE_API_TOKEN" ] && [ -z "$CLOUDFLARE_API_KEY" ]; then
log_error "CLOUDFLARE_API_TOKEN or CLOUDFLARE_API_KEY not set"
log_info "Set it in .env file or as environment variable:"
log_info " export CLOUDFLARE_API_TOKEN=your-api-token"
log_info " or export CLOUDFLARE_API_KEY=your-api-key"
log_info "Get token from: https://dash.cloudflare.com/profile/api-tokens"
exit 1
fi
echo "Configuration:"
if [ -n "$CLOUDFLARE_API_TOKEN" ]; then
echo " API Token: ${CLOUDFLARE_API_TOKEN:0:10}*** (hidden)"
elif [ -n "$CLOUDFLARE_API_KEY" ]; then
echo " API Key: ${CLOUDFLARE_API_KEY:0:10}*** (hidden)"
fi
if [ -n "$CLOUDFLARE_TUNNEL_TOKEN" ]; then
echo " Tunnel Token: ${CLOUDFLARE_TUNNEL_TOKEN:0:10}*** (hidden)"
fi
if [ -n "$CLOUDFLARE_ACCOUNT_ID" ]; then
echo " Account ID: $CLOUDFLARE_ACCOUNT_ID"
fi
if [ -n "$CLOUDFLARE_ACCOUNT_EMAIL" ]; then
echo " Account Email: $CLOUDFLARE_ACCOUNT_EMAIL"
fi
if [ -n "$CLOUDFLARE_ZONE_ID" ]; then
echo " Zone ID: $CLOUDFLARE_ZONE_ID"
fi
if [ -n "$CLOUDFLARE_DOMAIN" ]; then
echo " Domain: $CLOUDFLARE_DOMAIN"
fi
echo ""
# Test connection
test_cloudflare_api
local result=$?
echo ""
echo "========================================="
echo "Test Summary"
echo "========================================="
if [ $result -eq 0 ]; then
echo -e "${GREEN}${NC} Cloudflare API: Connection successful"
log_info "Cloudflare API is ready for use!"
exit 0
else
echo -e "${RED}${NC} Cloudflare API: Connection failed"
log_error "Check your API token and permissions."
exit 1
fi
}
main "$@"
Reference in New Issue View Git Blame Copy Permalink