From f3aab7a5b8a09bc5ce9bd67744d3b74409183be4 Mon Sep 17 00:00:00 2001
From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com>
Date: Mon, 4 Dec 2023 06:29:10 +0100
Subject: [PATCH] [PR #7653/3d0da927 backport][stable-7] Change tab to space in
 SSHFP requests (#7679)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Change tab to space in SSHFP requests (#7653)

* Change tab to space in SSHFP requests

Cloudflare uses space and not tab when you search for SSHFP records

Cloudflare changes fingerprint to uppercase

Create 7653-fix-cloudflare-lookup.yml

* Update changelog fragment.

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 3d0da9278485209d4ebcf9e143e007b46b95586d)

Co-authored-by: Kalle Møller <git@k-moeller.dk>
---
 changelogs/fragments/7653-fix-cloudflare-lookup.yml | 2 ++
 plugins/modules/cloudflare_dns.py                   | 6 +++---
 2 files changed, 5 insertions(+), 3 deletions(-)
 create mode 100644 changelogs/fragments/7653-fix-cloudflare-lookup.yml

diff --git a/changelogs/fragments/7653-fix-cloudflare-lookup.yml b/changelogs/fragments/7653-fix-cloudflare-lookup.yml
new file mode 100644
index 0000000000..f370a1c1d1
--- /dev/null
+++ b/changelogs/fragments/7653-fix-cloudflare-lookup.yml
@@ -0,0 +1,2 @@
+bugfixes:
+  - cloudflare_dns - fix Cloudflare lookup of SHFP records (https://github.com/ansible-collections/community.general/issues/7652).  
diff --git a/plugins/modules/cloudflare_dns.py b/plugins/modules/cloudflare_dns.py
index 2c560f4a08..28b8845496 100644
--- a/plugins/modules/cloudflare_dns.py
+++ b/plugins/modules/cloudflare_dns.py
@@ -613,7 +613,7 @@ class CloudflareAPI(object):
                 content = str(params['key_tag']) + '\t' + str(params['algorithm']) + '\t' + str(params['hash_type']) + '\t' + params['value']
         elif params['type'] == 'SSHFP':
             if not (params['value'] is None or params['value'] == ''):
-                content = str(params['algorithm']) + '\t' + str(params['hash_type']) + '\t' + params['value']
+                content = str(params['algorithm']) + ' ' + str(params['hash_type']) + ' ' + params['value'].upper()
         elif params['type'] == 'TLSA':
             if not (params['value'] is None or params['value'] == ''):
                 content = str(params['cert_usage']) + '\t' + str(params['selector']) + '\t' + str(params['hash_type']) + '\t' + params['value']
@@ -726,7 +726,7 @@ class CloudflareAPI(object):
                 if (attr is None) or (attr == ''):
                     self.module.fail_json(msg="You must provide algorithm, hash_type and a value to create this record type")
             sshfp_data = {
-                "fingerprint": params['value'],
+                "fingerprint": params['value'].upper(),
                 "type": params['hash_type'],
                 "algorithm": params['algorithm'],
             }
@@ -736,7 +736,7 @@ class CloudflareAPI(object):
                 'data': sshfp_data,
                 "ttl": params['ttl'],
             }
-            search_value = str(params['algorithm']) + '\t' + str(params['hash_type']) + '\t' + params['value']
+            search_value = str(params['algorithm']) + ' ' + str(params['hash_type']) + ' ' + params['value']
 
         if params['type'] == 'TLSA':
             for attr in [params['port'], params['proto'], params['cert_usage'], params['selector'], params['hash_type'], params['value']]: