GANDI_V5: Fix/support ALIAS, SSHFP, TLSA (#673)

2024-09-20 14:56:20 +08:00 · 2020-03-01 09:36:12 -05:00 · 2020-03-01 09:36:12 -05:00 · 95dcce8b6f
parent a7e0ec258d
commit 95dcce8b6f
4 changed files with 38 additions and 11 deletions
--- a/docs/_includes/matrix.html
+++ b/docs/_includes/matrix.html
@ -282,7 +282,9 @@
 		</td>
 		<td><i class="fa fa-minus dim"></i></td>
 		<td><i class="fa fa-minus dim"></i></td>
-		<td><i class="fa fa-minus dim"></i></td>
+		<td class="success">
+			<i class="fa fa-check text-success" aria-hidden="true"></i>
+		</td>
 		<td><i class="fa fa-minus dim"></i></td>
 		<td class="danger" data-toggle="tooltip" data-container="body" data-placement="top" title="Using ALIAS is possible through our extended DNS (X-DNS) service. Feel free to get in touch with us.">
 			<i class="fa has-tooltip fa-times text-danger" aria-hidden="true"></i>
@ -476,9 +478,7 @@
 		<td><i class="fa fa-minus dim"></i></td>
 		<td><i class="fa fa-minus dim"></i></td>
 		<td><i class="fa fa-minus dim"></i></td>
-		<td class="success">
-			<i class="fa fa-check text-success" aria-hidden="true"></i>
-		</td>
+		<td><i class="fa fa-minus dim"></i></td>
 		<td><i class="fa fa-minus dim"></i></td>
 		<td><i class="fa fa-minus dim"></i></td>
 		<td><i class="fa fa-minus dim"></i></td>
@ -588,7 +588,9 @@
 		<td><i class="fa fa-minus dim"></i></td>
 		<td><i class="fa fa-minus dim"></i></td>
 		<td><i class="fa fa-minus dim"></i></td>
-		<td><i class="fa fa-minus dim"></i></td>
+		<td class="success">
+			<i class="fa fa-check text-success" aria-hidden="true"></i>
+		</td>
 		<td><i class="fa fa-minus dim"></i></td>
 		<td><i class="fa fa-minus dim"></i></td>
 		<td><i class="fa fa-minus dim"></i></td>
@ -631,7 +633,9 @@
 		</td>
 		<td><i class="fa fa-minus dim"></i></td>
 		<td><i class="fa fa-minus dim"></i></td>
-		<td><i class="fa fa-minus dim"></i></td>
+		<td class="success">
+			<i class="fa fa-check text-success" aria-hidden="true"></i>
+		</td>
 		<td><i class="fa fa-minus dim"></i></td>
 		<td class="success">
 			<i class="fa fa-check text-success" aria-hidden="true"></i>
--- a/docs/_providers/gandi_v5.md
+++ b/docs/_providers/gandi_v5.md
@ -20,9 +20,17 @@ jsId: GANDI
 In your credentials file you must provide your Gandi.net API key.
 The [sharing_id](https://api.gandi.net/docs/reference/) is optional.

+The `sharing_id` selects between different organizations which your account is
+a member of; to manage domains in multiple organizations, you can use multiple
+`creds.json` entries.  The first parameter to `NewDnsProvider` is the key to
+use in `creds.json`, and you can register multiple configured providers on the
+same backend `"GANDI_V5"` provider.
+(NB: in practice, this doesn't appear to be necessary and `sharing_id` is not
+enforced?)
+
 {% highlight json %}
 {
-  "gandi_v5": {
+  "gandi": {
    "apikey": "your-gandi-key",
    "sharing_id": "your-sharing_id"
  }
@ -32,6 +40,13 @@ The [sharing_id](https://api.gandi.net/docs/reference/) is optional.
 ## Metadata
 This provider does not recognize any special metadata fields unique to Gandi.

+## Limitations
+This provider does not support using `ALIAS` in combination with DNSSEC,
+whether `AUTODNSSEC` or otherwise.
+
+This provider only supports `ALIAS` on the `"@"` zone apex, not on any other
+names.
+
 ## Usage
 Example Javascript:

@ -44,10 +59,9 @@ D("example.tld", REG_GANDI, DnsProvider(GANDI),
 );
 {% endhighlight %}

-If you are converting from the old "GANDI" provider, simply
-change "gandi" to "gandi_v5" in `creds.json`, and change "GANDI"
-to "GANDI_V5" in `dnsconfig.js`.  Be sure to test with
-`dnscontrol preview` before running `dnscontrol push`
+If you are converting from the old "GANDI" provider,
+simply change "GANDI" to "GANDI_V5" in `dnsconfig.js`.
+Be sure to test with `dnscontrol preview` before running `dnscontrol push`.

 ## New domains
 If a domain does not exist in your Gandi account, DNSControl will *not* automatically add it with the `create-domains` command. You'll need to do that via the web UI manually.
--- a/providers/gandi_v5/convert.go
+++ b/providers/gandi_v5/convert.go
@ -26,6 +26,9 @@ func nativeToRecords(n livedns.DomainRecord, origin string) (rcs []*models.Recor
 		}
 		rc.SetLabel(n.RrsetName, origin)
 		switch rtype := n.RrsetType; rtype {
+		case "ALIAS":
+			rc.Type = "ALIAS"
+			rc.SetTarget(value)
 		default: //  "A", "AAAA", "CAA", "NS", "CNAME", "MX", "PTR", "SRV", "TXT"
 			if err := rc.PopulateFromString(rtype, value, origin); err != nil {
 				panic(fmt.Errorf("unparsable record received from gandi: %w", err))
--- a/providers/gandi_v5/gandi_v5Provider.go
+++ b/providers/gandi_v5/gandi_v5Provider.go
@ -40,15 +40,21 @@ func init() {

 // features declares which features and options are available.
 var features = providers.DocumentationNotes{
+	providers.CanUseAlias:            providers.Can(),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUsePTR:              providers.Can(),
 	providers.CanUseSRV:              providers.Can(),
+	providers.CanUseSSHFP:            providers.Can(),
+	providers.CanUseTLSA:             providers.Can(),
 	providers.CantUseNOPURGE:         providers.Cannot(),
 	providers.DocCreateDomains:       providers.Cannot("Can only manage domains registered through their service"),
 	providers.DocOfficiallySupported: providers.Cannot(),
 	providers.CanGetZones:            providers.Can(),
 }

+// DNSSEC: platform supports it, but it doesn't fit our GetDomainCorrections
+// model, so deferring for now.
+
 // Section 2: Define the API client.

 // api is the api handle used to store any client-related state.