#2850985: Add credential provider configuration for storing credentials elsewhere, such as key module.

cloudflare.install

@@ -48,3 +48,20 @@ function cloudflare_requirements($phase) {
 function cloudflare_update_8001(&$sandbox) {
   \Drupal::service('module_installer')->install(['ctools']);
 }
+
+/**
+ * Convert user and pass config to credential provider config.
+ */
+function cloudflare_update_8002() {
+  $config = \Drupal::configFactory()->getEditable('cloudflare.settings');
+  $email = $config->get('email');
+  if ($email) {
+    $config
+      ->set('credential_provider', 'config')
+      ->set('credentials.cloudflare.email', $email)
+      ->set('credentials.cloudflare.apikey', $config->get('apikey'))
+      ->clear('email')
+      ->clear('apikey')
+      ->save(TRUE);
+  }
+}

config/install/cloudflare.settings.yml

@@ -2,5 +2,13 @@ client_ip_restore_enabled: false
 bypass_host: ''
 valid_credentials: false
 zone_id: ''
-apikey: ''
-email: ''
+credential_provider: 'cloudflare'
+credentials:
+  cloudflare:
+    email: ''
+    apikey: ''
+  key:
+    email: ''
+    apikey_key: ''
+  multikey:
+    email_apikey_key: ''

config/schema/cloudflare.settings.schema.yml

@@ -19,11 +19,41 @@ cloudflare.settings:
       type: string
       label: 'CloudFlare ZoneId corresponding to the site domain.'
       translatable: false
+    credential_provider:
+      type: 'string'
+      label: 'Credential provider'
+    credentials:
+      type: sequence
+      label: 'Credentials'
+      sequence:
+        type: cloudflare.credentials.[%key]
+
+cloudflare.credentials.cloudflare:
+  type: mapping
+  label: 'Cloudflare credentials'
+  mapping:
+    email:
+      type: string
+      label: 'Email'
     apikey:
       type: string
-      label: 'ApiKey used to authenticate against CloudFlare'
-      translatable: false
+      label: 'API Key'
+
+cloudflare.credentials.key:
+  type: mapping
+  label: 'Cloudflare credentials with Key Module'
+  mapping:
     email:
       type: string
-      label: 'Email used to authenticate against CloudFlare.'
-      translatable: false
+      label: 'Email'
+    apikey_key:
+      type: string
+      label: 'API key'
+
+cloudflare.credentials.multikey:
+  type: mapping
+  label: 'Cloudflare credentials with Key Module (user/password keys)'
+  mapping:
+    email_apikey_key:
+      type: string
+      label: 'Email/API key (User/Password)'

modules/cloudflarepurger/src/Plugin/Purge/Purger/CloudFlarePurger.php

@@ -3,6 +3,7 @@
 namespace Drupal\cloudflarepurger\Plugin\Purge\Purger;
 
 use Drupal\Core\Config\ConfigFactoryInterface;
+use Drupal\cloudflare\CloudFlareCredentials;
 use Drupal\cloudflare\CloudFlareStateInterface;
 use Drupal\cloudflare\CloudFlareComposerDependenciesCheckInterface;
 use Drupal\cloudflarepurger\EventSubscriber\CloudFlareCacheTagHeaderGenerator;
@@ -166,8 +167,9 @@ private function purgeChunk(array &$invalidations) {
     // This is a unique case where the ApiSdk is being accessed directly and not
     // via a service.  Purging should only ever happen through the purge module
     // which is why this is NOT in a service.
-    $api_key = $this->config->get('apikey');
-    $email = $this->config->get('email');
+    $credentials = new CloudFlareCredentials($this->config);
+    $api_key = $credentials->getApikey();
+    $email = $credentials->getEmail();
     $this->zone = $this->config->get('zone_id');
     $this->zoneApi = new ZoneApi($api_key, $email);
 

src/CloudFlareCredentials.php

@@ -0,0 +1,105 @@
+<?php
+
+namespace Drupal\cloudflare;
+
+use Drupal\Core\Config\Config;
+
+/**
+ * Handles configuration of credentials.
+ *
+ * @package Drupal\cloudflare
+ */
+class CloudFlareCredentials {
+
+  /**
+   * The email address (user account).
+   *
+   * @var string
+   */
+  protected $email = '';
+
+  /**
+   * The apikey.
+   *
+   * @var string
+   */
+  protected $apikey = '';
+
+  /**
+   * CloudFlareCredentials constructor.
+   *
+   * @param \Drupal\Core\Config\Config|null $config
+   *   The cloudflare configuration object.
+   */
+  public function __construct(Config $config = NULL) {
+    if ($config) {
+      $credential_provider = $config->get('credential_provider');
+      $credentials = $config->get('credentials');
+      if ($credentials) {
+        $this->setCredentials($credential_provider, $credentials);
+      }
+    }
+  }
+
+  /**
+   * Set the credentials from configuration array.
+   *
+   * @param string $credential_provider
+   *   The credential provider.
+   * @param array $providers
+   *   Nested array of all the credential providers.
+   */
+  public function setCredentials($credential_provider, array $providers) {
+    switch ($credential_provider) {
+      case 'cloudflare':
+        $this->email = $providers['cloudflare']['email'];
+        $this->apikey = $providers['cloudflare']['apikey'];
+        break;
+
+      case 'key':
+        $this->email = $providers['key']['email'];
+
+        /** @var \Drupal\Core\Entity\EntityStorageInterface $storage */
+        $storage = \Drupal::entityTypeManager()->getStorage('key');
+        /** @var \Drupal\key\KeyInterface $apikey_key */
+        $apikey_key = $storage->load($providers['key']['apikey_key']);
+        if ($apikey_key) {
+          $this->apikey = $apikey_key->getKeyValue();
+        }
+        break;
+
+      case 'multikey':
+        /** @var \Drupal\Core\Entity\EntityStorageInterface $storage */
+        $storage = \Drupal::entityTypeManager()->getStorage('key');
+        /** @var \Drupal\key\KeyInterface $key */
+        $key = $storage->load($providers['multikey']['email_apikey_key']);
+        if ($key) {
+          $values = $key->getKeyValues();
+          $this->email = $values['username'];
+          $this->apikey = $values['password'];
+        }
+        break;
+    }
+  }
+
+  /**
+   * Return the email address.
+   *
+   * @return string
+   *   The email.
+   */
+  public function getEmail() {
+    return $this->email;
+  }
+
+  /**
+   * Return the API Key.
+   *
+   * @return string
+   *   The API key.
+   */
+  public function getApikey() {
+    return $this->apikey;
+  }
+
+}