CLOUDFLAREAPI: Enable DNSKEY, HTTPS, SVCB record types (#3000)

documentation/providers.md

@@ -21,7 +21,7 @@ If a feature is definitively not supported for whatever reason, we would also li
 | [`AZURE_PRIVATE_DNS`](provider/azure_private_dns.md) | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❔ | ❌ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
 | [`BIND`](provider/bind.md) | ✅ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
 | [`BUNNY_DNS`](provider/bunny_dns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ❔ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❔ | ❌ | ❌ | ❌ | ❔ | ❔ | ❌ | ✅ | ✅ |
-| [`CLOUDFLAREAPI`](provider/cloudflareapi.md) | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ❔ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ | ✅ |
+| [`CLOUDFLAREAPI`](provider/cloudflareapi.md) | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ✅ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ❌ | ✅ | ✅ |
 | [`CLOUDNS`](provider/cloudns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ✅ | ❔ | ❔ | ✅ | ✅ |
 | [`CSCGLOBAL`](provider/cscglobal.md) | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ |
 | [`DESEC`](provider/desec.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ❔ | ✅ | ✅ |

providers/cloudflare/cloudflareProvider.go

@@ -47,12 +47,15 @@ var features = providers.DocumentationNotes{
 	providers.CanConcur:              providers.Can(),
 	providers.CanUseAlias:            providers.Can("CF automatically flattens CNAME records into A records dynamically"),
 	providers.CanUseCAA:              providers.Can(),
+	providers.CanUseDNSKEY:           providers.Can(),
 	providers.CanUseDSForChildren:    providers.Can(),
+	providers.CanUseHTTPS:            providers.Can(),
 	providers.CanUseLOC:              providers.Cannot(),
 	providers.CanUseNAPTR:            providers.Can(),
 	providers.CanUsePTR:              providers.Can(),
 	providers.CanUseSRV:              providers.Can(),
 	providers.CanUseSSHFP:            providers.Can(),
+	providers.CanUseSVCB:             providers.Can(),
 	providers.CanUseTLSA:             providers.Can(),
 	providers.DocCreateDomains:       providers.Can(),
 	providers.DocDualHost:            providers.Cannot("Cloudflare will not work well in situations where it is not the only DNS server"),
@@ -642,15 +645,17 @@ type cfRecData struct {
 	Weight       uint16   `json:"weight"`        // SRV
 	Port         uint16   `json:"port"`          // SRV
 	Tag          string   `json:"tag"`           // CAA
-	Flags        uint8    `json:"flags"`         // CAA
+	Flags        uint16   `json:"flags"`         // CAA/DNSKEY
 	Value        string   `json:"value"`         // CAA
 	Usage        uint8    `json:"usage"`         // TLSA
 	Selector     uint8    `json:"selector"`      // TLSA
 	MatchingType uint8    `json:"matching_type"` // TLSA
 	Certificate  string   `json:"certificate"`   // TLSA
-	Algorithm    uint8    `json:"algorithm"`     // SSHFP/DS
+	Algorithm    uint8    `json:"algorithm"`     // SSHFP/DNSKEY/DS
 	HashType     uint8    `json:"type"`          // SSHFP
 	Fingerprint  string   `json:"fingerprint"`   // SSHFP
+	Protocol     uint8    `json:"protocol"`      // DNSKEY
+	PublicKey    string   `json:"public_key"`    // DNSKEY
 	KeyTag       uint16   `json:"key_tag"`       // DS
 	DigestType   uint8    `json:"digest_type"`   // DS
 	Digest       string   `json:"digest"`        // DS

providers/cloudflare/rest.go

@@ -71,6 +71,15 @@ func (c *cloudflareProvider) createZone(domainName string) (string, error) {
 	return zone.ID, err
 }
 
+func cfDnskeyData(rec *models.RecordConfig) *cfRecData {
+	return &cfRecData{
+		Algorithm: rec.DnskeyAlgorithm,
+		Flags:     rec.DnskeyFlags,
+		Protocol:  rec.DnskeyProtocol,
+		PublicKey: rec.DnskeyPublicKey,
+	}
+}
+
 func cfDSData(rec *models.RecordConfig) *cfRecData {
 	return &cfRecData{
 		KeyTag:     rec.DsKeyTag,
@@ -97,7 +106,7 @@ func cfSrvData(rec *models.RecordConfig) *cfRecData {
 func cfCaaData(rec *models.RecordConfig) *cfRecData {
 	return &cfRecData{
 		Tag:   rec.CaaTag,
-		Flags: rec.CaaFlag,
+		Flags: uint16(rec.CaaFlag),
 		Value: rec.GetTargetField(),
 	}
 }
@@ -119,6 +128,14 @@ func cfSshfpData(rec *models.RecordConfig) *cfRecData {
 	}
 }
 
+func cfSvcbData(rec *models.RecordConfig) *cfRecData {
+	return &cfRecData{
+		Priority: rec.SvcPriority,
+		Target:   cfTarget(rec.GetTargetField()),
+		Value:    rec.SvcParams,
+	}
+}
+
 func cfNaptrData(rec *models.RecordConfig) *cfNaptrRecData {
 	return &cfNaptrRecData{
 		Flags:       rec.NaptrFlags,
@@ -175,11 +192,15 @@ func (c *cloudflareProvider) createRecDiff2(rec *models.RecordConfig, domainID s
 			} else if rec.Type == "SSHFP" {
 				cf.Data = cfSshfpData(rec)
 				cf.Name = rec.GetLabelFQDN()
+			} else if rec.Type == "DNSKEY" {
+				cf.Data = cfDnskeyData(rec)
 			} else if rec.Type == "DS" {
 				cf.Data = cfDSData(rec)
 			} else if rec.Type == "NAPTR" {
 				cf.Data = cfNaptrData(rec)
 				cf.Name = rec.GetLabelFQDN()
+			} else if rec.Type == "HTTPS" || rec.Type == "SVCB" {
+				cf.Data = cfSvcbData(rec)
 			}
 			resp, err := c.cfClient.CreateDNSRecord(context.Background(), cloudflare.ZoneIdentifier(domainID), cf)
 			if err != nil {
@@ -227,12 +248,17 @@ func (c *cloudflareProvider) modifyRecord(domainID, recID string, proxied bool,
 	} else if rec.Type == "SSHFP" {
 		r.Data = cfSshfpData(rec)
 		r.Name = rec.GetLabelFQDN()
+	} else if rec.Type == "DNSKEY" {
+		r.Data = cfDnskeyData(rec)
+		r.Content = ""
 	} else if rec.Type == "DS" {
 		r.Data = cfDSData(rec)
 		r.Content = ""
 	} else if rec.Type == "NAPTR" {
 		r.Data = cfNaptrData(rec)
 		r.Name = rec.GetLabelFQDN()
+	} else if rec.Type == "HTTPS" || rec.Type == "SVCB" {
+		r.Data = cfSvcbData(rec)
 	}
 	_, err := c.cfClient.UpdateDNSRecord(context.Background(), cloudflare.ZoneIdentifier(domainID), r)
 	return err