Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

CloudflareAuthenticationError with valid token in 0.9.14

See original GitHub issue

Ever since 0.9.14 the following error happens on Cloudflare zones.

$ octodns-sync --config-file octodns.yaml --force
2021-10-11T23:07:21  [140415701800768] INFO  Manager __init__: config_file=octodns.yaml
2021-10-11T23:07:21  [140415701800768] INFO  Manager __init__:   max_workers=4
2021-10-11T23:07:21  [140415701800768] INFO  Manager __init__:   include_meta=False
2021-10-11T23:07:21  [140415701800768] INFO  Manager sync: eligible_zones=[], eligible_targets=[], dry_run=True, force=True, plan_output_fh=<stdout>
2021-10-11T23:07:21  [140415701800768] INFO  Manager sync:   zone=<REDACTED>.
2021-10-11T23:07:21  [140415701800768] INFO  Manager sync:   sources=['configuration'] -> targets=['cloudflare']
2021-10-11T23:07:21  [140415681185536] INFO  SplitYamlProvider[configuration] populate:   found 6 YAML files
2021-10-11T23:07:21  [140415681185536] INFO  SplitYamlProvider[configuration] populate:   found 15 records, exists=False
2021-10-11T23:07:21  [140415681185536] INFO  CloudflareProvider[cloudflare] plan: desired=<REDACTED>.
Traceback (most recent call last):
  File "/usr/local/bin/octodns-sync", line 8, in <module>
    sys.exit(main())
  File "/usr/local/lib/python3.10/site-packages/octodns/cmds/sync.py", line 38, in main
    manager.sync(eligible_zones=args.zone, eligible_sources=args.source,
  File "/usr/local/lib/python3.10/site-packages/octodns/manager.py", line 412, in sync
    ps, d = future.result()
  File "/usr/local/lib/python3.10/concurrent/futures/_base.py", line 445, in result
    return self.__get_result()
  File "/usr/local/lib/python3.10/concurrent/futures/_base.py", line 390, in __get_result
    raise self._exception
  File "/usr/local/lib/python3.10/concurrent/futures/thread.py", line 52, in run
    result = self.fn(*self.args, **self.kwargs)
  File "/usr/local/lib/python3.10/site-packages/octodns/manager.py", line 282, in _populate_and_plan
    plan = target.plan(zone, processors=processors)
  File "/usr/local/lib/python3.10/site-packages/octodns/provider/base.py", line 131, in plan
    exists = self.populate(existing, target=True, lenient=True)
  File "/usr/local/lib/python3.10/site-packages/octodns/provider/cloudflare.py", line 364, in populate
    records = self.zone_records(zone)
  File "/usr/local/lib/python3.10/site-packages/octodns/provider/cloudflare.py", line 327, in zone_records
    resp = self._try_request('GET', path, params={'status': 'active'})
  File "/usr/local/lib/python3.10/site-packages/octodns/provider/cloudflare.py", line 120, in _try_request
    return self._request(*args, **kwargs)
  File "/usr/local/lib/python3.10/site-packages/octodns/provider/cloudflare.py", line 141, in _request
    raise CloudflareAuthenticationError(resp.json())
octodns.provider.cloudflare.CloudflareAuthenticationError: Unauthorized to access requested resource

Cloudflare token validation passes:

$ curl -X GET "https://api.cloudflare.com/client/v4/user/tokens/verify" -H "Authorization: Bearer <REDACTED>" -H "Content-Type:application/json"
<REDACTED>This API Token is valid and active<REDACTED>

I’ve isolated the problem to be OctoDNS 0.9.14. OctoDNS 0.9.13 works just fine with the same zones and token.