From 3235f618bb25fb52bc06f9d751cb51c13c516260 Mon Sep 17 00:00:00 2001
From: carlssonk <o.carlssonk@gmail.com>
Date: Wed, 2 Oct 2024 21:08:23 +0200
Subject: [PATCH] Fix

---
 modules/cloudflare/cloudflare_ruleset.sh      | 35 ++++++++++---
 .../cloudflare_zone_settings_override.sh      | 51 +++----------------
 modules/cloudflare/main.tf                    |  4 +-
 3 files changed, 37 insertions(+), 53 deletions(-)

diff --git a/modules/cloudflare/cloudflare_ruleset.sh b/modules/cloudflare/cloudflare_ruleset.sh
index 4b28dd7..aaab6e2 100755
--- a/modules/cloudflare/cloudflare_ruleset.sh
+++ b/modules/cloudflare/cloudflare_ruleset.sh
@@ -1,19 +1,38 @@
 #!/bin/bash
 
-# Function to update zone settings
-response=$(curl -s -X PATCH "https://api.cloudflare.com/client/v4/zones/${ZONE_ID}/settings" \
+# Cloudflare API endpoint
+API_ENDPOINT="https://api.cloudflare.com/client/v4/zones/${ZONE_ID}/rulesets"
+
+# Function to create or update ruleset
+method="POST"
+endpoint="${API_ENDPOINT}"
+
+# Check if ruleset already exists
+existing_ruleset=$(curl -s -X GET "${API_ENDPOINT}?phase=${PHASE}" \
+        -H "Authorization: Bearer ${CLOUDFLARE_API_TOKEN}" \
+        -H "Content-Type: application/json")
+
+if echo "$existing_ruleset" | jq -e '.result[0]' > /dev/null; then
+    ruleset_id=$(echo "$existing_ruleset" | jq -r '.result[0].id')
+    method="PUT"
+    endpoint="${API_ENDPOINT}/${ruleset_id}"
+fi
+
+# Send request to create or update ruleset
+response=$(curl -s -X $method "$endpoint" \
         -H "Authorization: Bearer ${CLOUDFLARE_API_TOKEN}" \
         -H "Content-Type: application/json" \
         --data "{
-            \"items\": [
-                {\"id\": \"ssl\", \"value\": \"${SSL}\"},
-                {\"id\": \"always_use_https\", \"value\": \"${ALWAYS_USE_HTTPS}\"}
-            ]
+            \"name\": \"Dynamic Main Ruleset\",
+            \"description\": \"Dynamic ruleset for managing app settings\",
+            \"kind\": \"${KIND}\",
+            \"phase\": \"${PHASE}\",
+            \"rules\": ${RULESET_RULES}
         }")
 
 if echo "$response" | grep -q '"success":true'; then
-    echo "Successfully updated settings for zone ${ZONE_ID}"
+    echo "Successfully managed ruleset for zone ${ZONE_ID}"
 else
-    echo "Failed to update settings for zone ${ZONE_ID}"
+    echo "Failed to manage ruleset for zone ${ZONE_ID}"
     echo "Response: $response"
 fi
\ No newline at end of file
diff --git a/modules/cloudflare/cloudflare_zone_settings_override.sh b/modules/cloudflare/cloudflare_zone_settings_override.sh
index 5e5e785..4b28dd7 100755
--- a/modules/cloudflare/cloudflare_zone_settings_override.sh
+++ b/modules/cloudflare/cloudflare_zone_settings_override.sh
@@ -1,54 +1,19 @@
 #!/bin/bash
 
-# Cloudflare API endpoint
-API_ENDPOINT="https://api.cloudflare.com/client/v4/zones/${ZONE_ID}/rulesets"
-
-# Function to create or update ruleset
-method="POST"
-endpoint="${API_ENDPOINT}"
-
-# Check if ruleset already exists
-existing_ruleset=$(curl -s -X GET "${API_ENDPOINT}?phase=${PHASE}" \
-        -H "Authorization: Bearer ${CLOUDFLARE_API_TOKEN}" \
-        -H "Content-Type: application/json")
-
-if echo "$existing_ruleset" | jq -e '.result[0]' > /dev/null; then
-    ruleset_id=$(echo "$existing_ruleset" | jq -r '.result[0].id')
-    method="PUT"
-    endpoint="${API_ENDPOINT}/${ruleset_id}"
-fi
-
-# Prepare the rules JSON
-rules_json=$(echo $RULESET_RULES | jq -c '
-    [.[] | {
-        action: .action,
-        action_parameters: (
-            if .action_parameters.ssl != null then
-                {ssl: .action_parameters.ssl}
-            else
-                {}
-            end
-        ),
-        expression: .expression,
-        description: .description
-    }]
-')
-
-# Send request to create or update ruleset
-response=$(curl -s -X $method "$endpoint" \
+# Function to update zone settings
+response=$(curl -s -X PATCH "https://api.cloudflare.com/client/v4/zones/${ZONE_ID}/settings" \
         -H "Authorization: Bearer ${CLOUDFLARE_API_TOKEN}" \
         -H "Content-Type: application/json" \
         --data "{
-            \"name\": \"Dynamic Main Ruleset\",
-            \"description\": \"Dynamic ruleset for managing app settings\",
-            \"kind\": \"${KIND}\",
-            \"phase\": \"${PHASE}\",
-            \"rules\": ${rules_json}
+            \"items\": [
+                {\"id\": \"ssl\", \"value\": \"${SSL}\"},
+                {\"id\": \"always_use_https\", \"value\": \"${ALWAYS_USE_HTTPS}\"}
+            ]
         }")
 
 if echo "$response" | grep -q '"success":true'; then
-    echo "Successfully managed ruleset for zone ${ZONE_ID}"
+    echo "Successfully updated settings for zone ${ZONE_ID}"
 else
-    echo "Failed to manage ruleset for zone ${ZONE_ID}"
+    echo "Failed to update settings for zone ${ZONE_ID}"
     echo "Response: $response"
 fi
\ No newline at end of file
diff --git a/modules/cloudflare/main.tf b/modules/cloudflare/main.tf
index c4625de..fc3e7e9 100644
--- a/modules/cloudflare/main.tf
+++ b/modules/cloudflare/main.tf
@@ -52,8 +52,8 @@ resource "null_resource" "cloudflare_zone_settings_override" {
   for_each = local.apps_grouped_by_root_domain
 
   triggers = {
-    cloudflare_api_token = var.cloudflare_api_token
     zone_id              = data.cloudflare_zone.domain[each.key].id
+    cloudflare_api_token = var.cloudflare_api_token
     ssl                  = "full"
     always_use_https     = "on"
   }
@@ -103,7 +103,7 @@ resource "null_resource" "cloudflare_ruleset" {
     zone_id       = data.cloudflare_zone.domain[each.key].id
     kind          = "zone"
     phase         = "http_config_settings"
-    ruleset_rules = local.ruleset_rules
+    ruleset_rules = jsonencode(local.ruleset_rules[each.key])
   }
 
   provisioner "local-exec" {