fix(deps): update module github.com/cloudflare/cloudflare-go to v7

api/v1/groupversion_info.go

@@ -20,16 +20,30 @@ limitations under the License.
 package v1
 
 import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
-	"sigs.k8s.io/controller-runtime/pkg/scheme"
 )
 
+type schemeBuilder struct {
+	GroupVersion schema.GroupVersion
+	runtime.SchemeBuilder
+}
+
+func (b *schemeBuilder) Register(objects ...runtime.Object) {
+	b.SchemeBuilder.Register(func(s *runtime.Scheme) error {
+		s.AddKnownTypes(b.GroupVersion, objects...)
+		metav1.AddToGroupVersion(s, b.GroupVersion)
+		return nil
+	})
+}
+
 var (
 	// GroupVersion is group version used to register these objects
 	GroupVersion = schema.GroupVersion{Group: "cloudflare-operator.io", Version: "v1"}
 
 	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
-	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}
+	SchemeBuilder = &schemeBuilder{GroupVersion: GroupVersion}
 
 	// AddToScheme adds the types in this group-version to the given scheme.
 	AddToScheme = SchemeBuilder.AddToScheme

go.mod

@@ -3,7 +3,7 @@ module github.com/containeroo/cloudflare-operator
 go 1.26.0
 
 require (
-	github.com/cloudflare/cloudflare-go v0.117.0
+	github.com/cloudflare/cloudflare-go/v7 v7.4.0
 	github.com/fluxcd/pkg/runtime v0.108.0
 	github.com/itchyny/gojq v0.12.19
 	github.com/onsi/ginkgo/v2 v2.29.0
@@ -33,10 +33,8 @@ require (
 	github.com/go-openapi/jsonreference v0.21.0 // indirect
 	github.com/go-openapi/swag v0.23.1 // indirect
 	github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
-	github.com/goccy/go-json v0.10.5 // indirect
 	github.com/google/gnostic-models v0.7.0 // indirect
 	github.com/google/go-cmp v0.7.0 // indirect
-	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/google/pprof v0.0.0-20260402051712-545e8a4df936 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/itchyny/timefmt-go v0.1.8 // indirect
@@ -52,6 +50,10 @@ require (
 	github.com/prometheus/common v0.67.5 // indirect
 	github.com/prometheus/procfs v0.19.2 // indirect
 	github.com/spf13/pflag v1.0.10 // indirect
+	github.com/tidwall/gjson v1.18.0 // indirect
+	github.com/tidwall/match v1.1.1 // indirect
+	github.com/tidwall/pretty v1.2.1 // indirect
+	github.com/tidwall/sjson v1.2.5 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.1 // indirect

go.sum

@@ -6,8 +6,8 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/cloudflare/cloudflare-go v0.117.0 h1:y00E0XCvxuZGplL+gkoMRIhWpfNqIgyBFS6UUWC4s0c=
-github.com/cloudflare/cloudflare-go v0.117.0/go.mod h1:Ds6urDwn/TF2uIU24mu7H91xkKP8gSAHxQ44DSZgVmU=
+github.com/cloudflare/cloudflare-go/v7 v7.4.0 h1:JdTxzeXcAhtJ9rUkNISK4ABA55pZP8HLxx6XsPSA7dU=
+github.com/cloudflare/cloudflare-go/v7 v7.4.0/go.mod h1:9zcoIAtu6cmcoPszCNISvqYMXs8wObtVGXE1qGFMrNU=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
@@ -44,17 +44,12 @@ github.com/go-openapi/swag v0.23.1 h1:lpsStH0n2ittzTnbaSloVZLuB5+fvSY/+hnagBjSNZ
 github.com/go-openapi/swag v0.23.1/go.mod h1:STZs8TbRvEQQKUA+JZNAm3EWlgaOBGpyFDqQnDHMef0=
 github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
 github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
-github.com/goccy/go-json v0.10.5 h1:Fq85nIqj+gXn/S5ahsiTlK3TmC85qgirsdTP/+DeaC4=
-github.com/goccy/go-json v0.10.5/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
 github.com/goccy/go-yaml v1.18.0 h1:8W7wMFS12Pcas7KU+VVkaiCng+kG8QiFeFwzFb+rwuw=
 github.com/goccy/go-yaml v1.18.0/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA=
 github.com/google/gnostic-models v0.7.0 h1:qwTtogB15McXDaNqTZdzPJRHvaVJlAl+HVQnLmJEJxo=
 github.com/google/gnostic-models v0.7.0/go.mod h1:whL5G0m6dmc5cPxKc5bdKdEN3UjI7OUGxBlw57miDrQ=
-github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
 github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
-github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
-github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
@@ -121,10 +116,12 @@ github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
 github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
+github.com/tidwall/gjson v1.14.2/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
 github.com/tidwall/gjson v1.18.0 h1:FIDeeyB800efLX89e5a8Y0BNH+LOngJyGrIWxG2FKQY=
 github.com/tidwall/gjson v1.18.0/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
 github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA=
 github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM=
+github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=
 github.com/tidwall/pretty v1.2.1 h1:qjsOFOWWQl+N3RsoF5/ssm1pHmJJwhjlSbZ51I6wMl4=
 github.com/tidwall/pretty v1.2.1/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=
 github.com/tidwall/sjson v1.2.5 h1:kLy8mja+1c9jlljvWTlSazM7cKDRfJuR/bOJhcY5NcY=
@@ -159,7 +156,6 @@ golang.org/x/time v0.15.0 h1:bbrp8t3bGUeFOx08pvsMYRTCVSMk89u4tKbNOZbp88U=
 golang.org/x/time v0.15.0/go.mod h1:Y4YMaQmXwGQZoFaVFk4YpCt4FLQMYKZe9oeV/f4MSno=
 golang.org/x/tools v0.44.0 h1:UP4ajHPIcuMjT1GqzDWRlalUEoY+uzoZKnhOjbIPD2c=
 golang.org/x/tools v0.44.0/go.mod h1:KA0AfVErSdxRZIsOVipbv3rQhVXTnlU6UhKxHd1seDI=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gomodules.xyz/jsonpatch/v2 v2.5.0 h1:JELs8RLM12qJGXU4u/TO3V25KW8GreMKl9pdkk14RM0=
 gomodules.xyz/jsonpatch/v2 v2.5.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY=
 google.golang.org/protobuf v1.36.12-0.20260120151049-f2248ac996af h1:+5/Sw3GsDNlEmu7TfklWKPdQ0Ykja5VEmq2i817+jbI=

internal/controller/account_controller.go

@@ -21,7 +21,6 @@ import (
 	"errors"
 	"time"
 
-	"github.com/cloudflare/cloudflare-go"
 	"sigs.k8s.io/controller-runtime/pkg/builder"
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
 	"sigs.k8s.io/controller-runtime/pkg/handler"
@@ -123,10 +122,7 @@ func (r *AccountReconciler) reconcileAccount(ctx context.Context, account *cloud
 		return ctrl.Result{RequeueAfter: r.RetryInterval}, nil
 	}
 
-	if _, err := cloudflare.NewWithAPIToken(cloudflareAPIToken); err != nil {
-		intconditions.MarkFalse(account, err)
-		return ctrl.Result{}, err
-	}
+	_ = newCloudflareClient(cloudflareAPIToken)
 
 	intconditions.MarkTrue(account, "Account is ready")
 

internal/controller/account_controller_test.go

@@ -32,7 +32,7 @@ import (
 
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
-	"github.com/cloudflare/cloudflare-go"
+	cloudflare "github.com/cloudflare/cloudflare-go/v7"
 	cloudflareoperatoriov1 "github.com/containeroo/cloudflare-operator/api/v1"
 	networkingv1 "k8s.io/api/networking/v1"
 )
@@ -46,28 +46,40 @@ func NewTestScheme() *runtime.Scheme {
 	return s
 }
 
-var cloudflareAPI cloudflare.API
+var (
+	cloudflareAPI      *cloudflare.Client
+	cloudflareAPIToken string
+)
+
+const (
+	testAccountName           = "account"
+	testContentAnnotation     = "cloudflare-operator.io/content"
+	testDefaultNamespace      = "default"
+	testDNSRecordHost         = "dnstest.containeroo-test.org"
+	testIPv4Address           = "1.1.1.1"
+	testAlternateIPv4Address  = "2.2.2.2"
+	testRecordTypeTXT         = "TXT"
+	testSecretName            = "secret"
+	testWildcardDNSRecordName = "wildcard-containeroo-test-org"
+	testWildcardHost          = "*.containeroo-test.org"
+)
 
 func initTestCloudflareAPI(t *testing.T) {
 	t.Helper()
 
-	if cloudflareAPI.APIToken == os.Getenv("CF_API_TOKEN") && cloudflareAPI.APIToken != "" {
+	if cloudflareAPI != nil && cloudflareAPIToken == os.Getenv("CF_API_TOKEN") {
 		return
 	}
 
-	api, err := cloudflare.NewWithAPIToken(os.Getenv("CF_API_TOKEN"))
-	if err != nil {
-		t.Fatalf("failed to initialize test Cloudflare API: %v", err)
-	}
-
-	cloudflareAPI = *api
+	cloudflareAPIToken = os.Getenv("CF_API_TOKEN")
+	cloudflareAPI = newCloudflareClient(cloudflareAPIToken)
 }
 
 func NewTestAccountObjects() (*corev1.Secret, *cloudflareoperatoriov1.Account) {
 	secret := &corev1.Secret{
 		ObjectMeta: metav1.ObjectMeta{
-			Name:      "secret",
-			Namespace: "default",
+			Name:      testSecretName,
+			Namespace: testDefaultNamespace,
 		},
 		Data: map[string][]byte{
 			"apiToken": []byte(os.Getenv("CF_API_TOKEN")),
@@ -76,7 +88,7 @@ func NewTestAccountObjects() (*corev1.Secret, *cloudflareoperatoriov1.Account) {
 
 	account := &cloudflareoperatoriov1.Account{
 		ObjectMeta: metav1.ObjectMeta{
-			Name: "account",
+			Name: testAccountName,
 		},
 		Spec: cloudflareoperatoriov1.AccountSpec{
 			ApiToken: cloudflareoperatoriov1.AccountSpecApiToken{
@@ -118,13 +130,13 @@ func TestAccountReconciler_reconcileAccount(t *testing.T) {
 
 		account := &cloudflareoperatoriov1.Account{
 			ObjectMeta: metav1.ObjectMeta{
-				Name: "account",
+				Name: testAccountName,
 			},
 			Spec: cloudflareoperatoriov1.AccountSpec{
 				ApiToken: cloudflareoperatoriov1.AccountSpecApiToken{
 					SecretRef: corev1.SecretReference{
-						Name:      "secret",
-						Namespace: "default",
+						Name:      testSecretName,
+						Namespace: testDefaultNamespace,
 					},
 				},
 			},
@@ -150,8 +162,8 @@ func TestAccountReconciler_reconcileAccount(t *testing.T) {
 
 		secret := &corev1.Secret{
 			ObjectMeta: metav1.ObjectMeta{
-				Name:      "secret",
-				Namespace: "default",
+				Name:      testSecretName,
+				Namespace: testDefaultNamespace,
 			},
 			Data: map[string][]byte{
 				"invalid": []byte("invalid"),
@@ -160,13 +172,13 @@ func TestAccountReconciler_reconcileAccount(t *testing.T) {
 
 		account := &cloudflareoperatoriov1.Account{
 			ObjectMeta: metav1.ObjectMeta{
-				Name: "account",
+				Name: testAccountName,
 			},
 			Spec: cloudflareoperatoriov1.AccountSpec{
 				ApiToken: cloudflareoperatoriov1.AccountSpecApiToken{
 					SecretRef: corev1.SecretReference{
-						Name:      "secret",
-						Namespace: "default",
+						Name:      testSecretName,
+						Namespace: testDefaultNamespace,
 					},
 				},
 			},
@@ -229,6 +241,6 @@ func TestCloudflareAPIForAccountName(t *testing.T) {
 
 		api, err := cloudflareAPIForAccountName(context.TODO(), kubeClient, otherAccount.Name)
 		g.Expect(err).ToNot(HaveOccurred())
-		g.Expect(api.APIToken).To(Equal(string(otherSecret.Data["apiToken"])))
+		g.Expect(api).ToNot(BeNil())
 	})
 }

internal/controller/cloudflare_api.go

@@ -21,19 +21,19 @@ import (
 	"errors"
 	"fmt"
 
-	"github.com/cloudflare/cloudflare-go"
+	cloudflare "github.com/cloudflare/cloudflare-go/v7"
 	corev1 "k8s.io/api/core/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	cloudflareoperatoriov1 "github.com/containeroo/cloudflare-operator/api/v1"
 )
 
-func cloudflareAPIFromZone(ctx context.Context, kubeClient client.Client, zone *cloudflareoperatoriov1.Zone) (*cloudflare.API, error) {
+func cloudflareAPIFromZone(ctx context.Context, kubeClient client.Client, zone *cloudflareoperatoriov1.Zone) (*cloudflare.Client, error) {
 	return cloudflareAPIForAccountName(ctx, kubeClient, zone.Spec.AccountRef.Name)
 }
 
-func cloudflareAPIFromDNSRecord(ctx context.Context, kubeClient client.Client, dnsRecord *cloudflareoperatoriov1.DNSRecord, zone *cloudflareoperatoriov1.Zone) (*cloudflare.API, error) {
+func cloudflareAPIFromDNSRecord(ctx context.Context, kubeClient client.Client, dnsRecord *cloudflareoperatoriov1.DNSRecord, zone *cloudflareoperatoriov1.Zone) (*cloudflare.Client, error) {
 	accountName := dnsRecord.Spec.AccountRef.Name
 	if zone != nil && zone.Spec.AccountRef.Name != "" {
 		if accountName != "" && accountName != zone.Spec.AccountRef.Name {
@@ -45,7 +45,7 @@ func cloudflareAPIFromDNSRecord(ctx context.Context, kubeClient client.Client, d
 	return cloudflareAPIForAccountName(ctx, kubeClient, accountName)
 }
 
-func cloudflareAPIForAccountName(ctx context.Context, kubeClient client.Client, accountName string) (*cloudflare.API, error) {
+func cloudflareAPIForAccountName(ctx context.Context, kubeClient client.Client, accountName string) (*cloudflare.Client, error) {
 	account, err := accountForName(ctx, kubeClient, accountName)
 	if err != nil {
 		return nil, err
@@ -56,12 +56,7 @@ func cloudflareAPIForAccountName(ctx context.Context, kubeClient client.Client,
 		return nil, err
 	}
 
-	cloudflareAPI, err := cloudflare.NewWithAPIToken(token)
-	if err != nil {
-		return nil, fmt.Errorf("failed to create Cloudflare API client for account %q: %w", account.Name, err)
-	}
-
-	return cloudflareAPI, nil
+	return newCloudflareClient(token), nil
 }
 
 func accountForName(ctx context.Context, kubeClient client.Client, accountName string) (*cloudflareoperatoriov1.Account, error) {