CLOUDFLARE: Added TLSA and SSHFP support (#484)

providers/cloudflare/cloudflareProvider.go

@@ -39,8 +39,11 @@ Domain level metadata available:
 
 var features = providers.DocumentationNotes{
 	providers.CanUseAlias:            providers.Can("CF automatically flattens CNAME records into A records dynamically"),
+	providers.CanUsePTR:              providers.Cannot(),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseSRV:              providers.Can(),
+	providers.CanUseTLSA:             providers.Can(),
+	providers.CanUseSSHFP:            providers.Can(),
 	providers.DocCreateDomains:       providers.Can(),
 	providers.DocDualHost:            providers.Cannot("Cloudflare will not work well in situations where it is not the only DNS server"),
 	providers.DocOfficiallySupported: providers.Can(),
@@ -359,16 +362,23 @@ func newCloudflare(m map[string]string, metadata json.RawMessage) (providers.DNS
 
 // Used on the "existing" records.
 type cfRecData struct {
-	Name     string `json:"name"`
-	Target   string `json:"target"`
-	Service  string `json:"service"`  // SRV
-	Proto    string `json:"proto"`    // SRV
-	Priority uint16 `json:"priority"` // SRV
-	Weight   uint16 `json:"weight"`   // SRV
-	Port     uint16 `json:"port"`     // SRV
-	Tag      string `json:"tag"`      // CAA
-	Flags    uint8  `json:"flags"`    // CAA
-	Value    string `json:"value"`    // CAA
+	Name          string `json:"name"`
+	Target        string `json:"target"`
+	Service       string `json:"service"`       // SRV
+	Proto         string `json:"proto"`         // SRV
+	Priority      uint16 `json:"priority"`      // SRV
+	Weight        uint16 `json:"weight"`        // SRV
+	Port          uint16 `json:"port"`          // SRV
+	Tag           string `json:"tag"`           // CAA
+	Flags         uint8  `json:"flags"`         // CAA
+	Value         string `json:"value"`         // CAA
+	Usage         uint8  `json:"usage"`         // TLSA
+	Selector      uint8  `json:"selector"`      // TLSA
+	Matching_Type uint8  `json:"matching_type"` // TLSA
+	Certificate   string `json:"certificate"`   // TLSA
+	Algorithm     uint8  `json:"algorithm"`     // SSHFP
+	Hash_Type     uint8  `json:"type"`          // SSHFP
+	Fingerprint   string `json:"fingerprint"`   // SSHFP
 }
 
 type cfRecord struct {

providers/cloudflare/rest.go

@@ -149,6 +149,23 @@ func cfCaaData(rec *models.RecordConfig) *cfRecData {
 	}
 }
 
+func cfTlsaData(rec *models.RecordConfig) *cfRecData {
+	return &cfRecData{
+		Usage:         rec.TlsaUsage,
+		Selector:      rec.TlsaSelector,
+		Matching_Type: rec.TlsaMatchingType,
+		Certificate:   rec.GetTargetField(),
+	}
+}
+
+func cfSshfpData(rec *models.RecordConfig) *cfRecData {
+	return &cfRecData{
+		Algorithm:   rec.SshfpAlgorithm,
+		Hash_Type:   rec.SshfpFingerprint,
+		Fingerprint: rec.GetTargetField(),
+	}
+}
+
 func (c *CloudflareApi) createRec(rec *models.RecordConfig, domainID string) []*models.Correction {
 	type createRecord struct {
 		Name     string     `json:"name"`
@@ -185,6 +202,12 @@ func (c *CloudflareApi) createRec(rec *models.RecordConfig, domainID string) []*
 				cf.Data = cfCaaData(rec)
 				cf.Name = rec.GetLabelFQDN()
 				cf.Content = ""
+			} else if rec.Type == "TLSA" {
+				cf.Data = cfTlsaData(rec)
+				cf.Name = rec.GetLabelFQDN()
+			} else if rec.Type == "SSHFP" {
+				cf.Data = cfSshfpData(rec)
+				cf.Name = rec.GetLabelFQDN()
 			}
 			endpoint := fmt.Sprintf(recordsURL, domainID)
 			buf := &bytes.Buffer{}
@@ -241,6 +264,12 @@ func (c *CloudflareApi) modifyRecord(domainID, recID string, proxied bool, rec *
 		r.Data = cfCaaData(rec)
 		r.Name = rec.GetLabelFQDN()
 		r.Content = ""
+	} else if rec.Type == "TLSA" {
+		r.Data = cfTlsaData(rec)
+		r.Name = rec.GetLabelFQDN()
+	} else if rec.Type == "SSHFP" {
+		r.Data = cfSshfpData(rec)
+		r.Name = rec.GetLabelFQDN()
 	}
 	endpoint := fmt.Sprintf(singleRecordURL, domainID, recID)
 	buf := &bytes.Buffer{}