diff --git a/changelogs/fragments/10934-cloudflare-dns-caa-bug.yml b/changelogs/fragments/10934-cloudflare-dns-caa-bug.yml new file mode 100644 index 0000000000..e40acc30f4 --- /dev/null +++ b/changelogs/fragments/10934-cloudflare-dns-caa-bug.yml @@ -0,0 +1,2 @@ +bugfixes: + - cloudflare_dns - roll back changes to CAA record validation (https://github.com/ansible-collections/community.general/issues/10934, https://github.com/ansible-collections/community.general/pull/10956). diff --git a/plugins/modules/cloudflare_dns.py b/plugins/modules/cloudflare_dns.py index df10d0a0b6..1398d5873a 100644 --- a/plugins/modules/cloudflare_dns.py +++ b/plugins/modules/cloudflare_dns.py @@ -929,7 +929,7 @@ def main(): ('state', 'absent', ['record']), ('type', 'SRV', ['proto', 'service']), ('type', 'TLSA', ['proto', 'port']), - ('type', 'CAA', ['flag', 'tag', 'value']), + ('type', 'CAA', ['flag', 'tag']), ], required_together=[ ('account_api_key', 'account_email'), @@ -961,8 +961,11 @@ def main(): module.fail_json(msg="For TLSA records the params cert_usage, selector, hash_type and value all need to be defined, or not at all.") if module.params['type'] == 'CAA': - if not module.params['value'] == '': - module.fail_json(msg="For CAA records the params flag, tag and value all need to be defined.") + if not ((module.params['flag'] is not None and module.params['tag'] is not None + and not (module.params['value'] is None or module.params['value'] == '')) + or (module.params['flag'] is None and module.params['tag'] is None + and (module.params['value'] is None or module.params['value'] == ''))): + module.fail_json(msg="For CAA records the params flag, tag and value all need to be defined, or not at all.") if module.params['type'] == 'DS': if not ((module.params['key_tag'] is not None and module.params['algorithm'] is not None and module.params['hash_type'] is not None