The test 49 was changing the fingerprint type of a SSHFP DNS RR,
but not the fingerprint hash. Changing the type of hash function
changes the hash result size (there's only two defined hash type of
different size in the RFC, SHA-1 and SHA-256).
This was failing with the OVH provider, because OVH is validating
the hash sizes of any created SSHFP RR and was finding an inconsistency.
Since there's already the test 50 which is both changing the type
and the fingerprint, the functionality is still covered and we
can remove test 49.
Commit 87ad01d added the very useful `get-zones` command, which
requires providers to implement a new method `GetZoneRecords`.
This changes make the OVH provider support this.
* Update Exoscale provider
* Update vendor folder for exoscale/egoscale v0.23.0
* Fix typos and SRV parsing
* Add . at the end of SRV records for exoscale
* Replaced errors.Wrap with fmt.Errorf (#589)
* Find: errors\.Wrap\(([^,]+),\s+(["`][^"`]*)(["`])\)
Replace: fmt.Errorf($2: %w$3, $1)
* Replaced errors.Wrapf with fmt.Errorf (#589)
* Find: errors\.Wrapf\(([^,]+),\s+(["`][^"`]*)(["`])\)
Replace: fmt.Errorf($2: %w$3, $1)
* Find: errors\.Wrapf\(([^,]+),\s+(["`][^"`]*)(["`])(,[^)]+)\)
* Replace: fmt.Errorf($2: %w$3$4, $1)
* Replaced errors.Errorf with fmt.Errorf (#589)
* Find: errors\.Errorf
Replace: fmt.Errorf
* Cleaned up remaining imports
* Cleanup
* Regenerate provider support matrix
This was broken by #533 ... and it's now the third time this has been missed.
* Switched to v2 go.mod
Also set GO111MODULE=on in build stuff to always use Go modules
even when in GOPATH.
* Ensure go.mod, go.sum, and vendor are up to date
* Attempt to fix Azure pipelines
* Add set -e to properly fail on exit (it didn't seem to be
propagating properly before).
* Set workingDirectory for GoFmt and GoGen (this might be why it
fails unlike compile and unitests).
* Another attempt to fix Azure Pipelines
* Use the Go env template for all go-related jobs.
* Completely fixed Azure Pipelines
* Added a display name to GoFmt for consistency.
* Fixed diffs for GoFmt and GoGen.
* Show git status for checks.
* Drop GOPATH for tests
TODO: Do the same for integration tests.
* Drop GOPATH for integration tests
* Show more diffs
* Regenerate provider support matrix
This wasn't done in #590...
* ClouDNS: first version of provider
* ClouDNS: documentation
* ClouDNS: code cleanup
* ClouDNS: GetNameservers now uses ClouDNS API to fetch NS servers list
* ClouDNS: CAA support
* ClouDNS: TLSA support
* ClouDNS: tests credentials now use variables instead of hardcoded values
* ClouDNS: SSHFP support
* ClouDNS: export only necessary methods
* providers/cloudflare: Support API tokens
Cloudflare API tokens are a new way to authenticate to Cloudflare API.
Unlike the Global API key, tokens can be given specific permissions to
only access parts of the API. See [1] for details.
[1] https://blog.cloudflare.com/api-tokens-general-availability/
This commit introduces a new credential for cloudflare called
`apitoken`, which is mutually exclusive with `apiuser` and `apikey`.
In order for DNSControl to work with this token, it should have the
right to read DNS zones and edit DNS records.
Closes#534
* CLOUDFLARE: Update integration tests for api token
According to the RFC, the way to indicate that a SRV has no target is to set the target to ".". Some providers do not handle this, or the API returns "" instead of ".". This situation is now tested in the integration tests and all providers (that support this) have been fixed.
* Cloudflare: Fix decoding empty SRV target (fixes#561)
SRV records with empty (".") targets are now returned as false by
the API, which breaks Unmarshaling it into a string.
* Use custom type for Cloudflare SRV target
Rewrote the SRV target decoding to use a custom type for (un)marshaling, as
Cloudflare returns false for null targets, but it requires a single period
for giving it one. The target code has also been made more flexible to future
API changes with additional normalization.
This has been tested with record creation, deletion, and update and works
as of 2019-11-05.
* DigitalOcean: Fix target FQDN for null targets
Without this, dnscontrol thinks an update is needed (.. != .) even
when the SRV target is correct.
* DNSimple: Fix parsing of null SRV target
DNSimple only returns two fields when the target is null.
* NameDotCom: Add note about not supporting null SRV targets, skip test
* DNSimple: Do not append a . unless we have all three parts
Signed-off-by: Amelia Aronsohn <squirrel@wearing.black>
* Regenerated provider matrix
* condense AD 'unsupported record type' warnings
* active directory provider can create/modify/delete NS records!
* ad passes more of the tests now
* skip root NS records for safety
* clarifying comment
* govendor gopkg.in/yaml.v2
* Ignore YAML and BIND test data litter. Create README.txt files to force git to create subdirectories.
* Update convertzone to also read OctoDNS files
* Add gandi LiveDNS api provider
* vendor testify and gandi live DNS
* govendor update github.com/prasmussen/gandi-api/{client,live_dns}
* Fix Gandi-livedns TXT unit test
* TravisCI should use go 1.10
* Stable comparison of metadata (#239)
Iterating over a map in Go never produces twice the same ordering.
Thus when comparing two metadata map with more than one key, the
`differ` is always finding differences.
To properly compare records metadata, we need to iterate the maps
in a deterministic way.
Signed-off-by: Brice Figureau <brice@daysofwonder.com>
* Support for Route53 ALIAS record type (#239)
Route53 ALIAS doesn't behave like a regular ALIAS, and is much more
limited as its target can only be some specific AWS resources or
another record in the same zone.
According to #239, this change adds a new directive R53_ALIAS which
implements this specific alias. This record type can only be used
with the Route53 provider.
This directive usage looks like this:
```js
D("example.com", REGISTRAR, DnsProvider("ROUTE53"),
R53_ALIAS("foo1", "A", "bar") // record in same zone
R53_ALIAS("foo2", "A",
"blahblah.elasticloadbalancing.us-west-1.amazonaws.com",
R53_ZONE('Z368ELLRRE2KJ0')) // ELB in us-west-1
```
Unfortunately, Route53 requires indicating the hosted zone id
where the target is defined (those are listed in AWS documentation,
see the R53_ALIAS documentation for links).
* Add support for the IGNORE(name) directive (#183)
IGNORE is like NO_PURGE but for a spefic record instead of the whole
zone. This is very useful for instance if you have a zone where
only some records are managed externally from dnscontrol (for instance
using kubernetes external dns system).
Adding IGNORE("foo") in the zone will make dnscontrol not trying
to manage the "foo" record (and especially not deleting it).
dnscontrol will error out if the "foo" record is both ignored and
managed in dnscontrol.
This can be seen as a generic Cloudflare's ignored label.
Signed-off-by: Brice Figureau <brice@daysofwonder.com>
* Deprecate CloudFlare ignoredLabels in favor of IGNORE (#183)
Since IGNORE implements a generic `ignoredLabels` system, let
the user know CF `ignoredLabels` are deprecated.
Signed-off-by: Brice Figureau <brice@daysofwonder.com>
* OVH DNS Provider (#143)
This adds the OVH Provider along with its documentation.
Unfortunately we can't set this DNS provider to support `CanUsePTR`,
because OVH only supports setting PTR target on the Arpa zone.
* OVH Registrar provider (#143)
This implements OVH as a registrar provider.
Note that NS modifications are done in a "best effort" mode, as the
provider doesn't wait for the modifications to be fully applied
(the operation that can take a long time).
* Allow support for dual providers scenarios
Since OVH released their APIv6, it is now possible to update
zone apex NS records, opening the door to complete dual providers
scenarii.
This change implements apex NS management in an OVH zone.
* Added Vultr provider
* Fixed tests
* Fixed CI build validation
* Add unsupported features
* Added #rtype_variations tags according to stackexchange.github.io/dnscontrol/adding-new-rtypes
* Add title (for compatibility with #223)
* Removed extra rtype_variations
Add SoftLayer DNS as a DomainServiceProvider.
The SoftLayer API is a bit of a mess and treats MX and SRV records
differently. This leads to some replication and custom handling issues
to work around.
In this patch I have to change the SRV test case to be _tcp instead of
_protocol because softlayer requires a "known" protocol which AFAICT is
tcp, udp or tls. I think this will be acceptable in most cases.
Signed-off-by: Jamie Lennox <jamielennox@gmail.com>
* add ns1 libs to vendor
* Create shim and wire into tests
* ns1 provider more working.
* vendor correct files
* comment diff functions
* ns1 docs
* making mx work with ns1
* ?
* refactor tests to make capability blocks easier. fix up ns1
* Implement Digitalocean provider
* Vendor digitalocean lib
* Enable SRV for Digitalocean and fix the tests
* Test cname etc. records pointing to the same domain
* Added CAA support
* Fixed bind parsing of CAA records
* Added CAA parsing test
* Renamed CAA json fields
* Added CAA tag validation
* Updated CAA docs to clarify on the value field
* parse_tests: Fixed typo in caaflags
* Added integration test
* Small cleanups
* Integration tests: PTR tests should only happen if CanUsePTR
* Integration tests: SRE tests should only happen if CanUseSRV
* CanUseSRV should be validated early (in pkg/normalize/validate.go)
* CLOUDFLARE does not support SRV. Check for this during validation
* GCLOUD CanUsesRV (mostly by accident, but whatever works)
* Add support for SRV records for NAMEDOTCOM and ROUTE53.
* Improve docs
* Rename RR() to ToRR().
* Rename RecordConfig Priority to MxPreference (affects json IR data)
* intitial work for bind refactor
* relax requirement that creds.json exists.
* Updating bind docs.
Fixes#48
* typo
* can exclude provider from default set in creds.json
* Add bind to integration tests. Fix for IDNs.
* Implement a basic DNSimple provider.
Handles domain delegation as well as record create, update, and delete.
Note that this is completely untested at the moment. It’s so alpha it might burn your face off.
* Add some inline comments. Always use the StackExchange libs.
* Clean up dnsimple docs a little
* This will need to be changed before merging.
* Import the dnsimple dnscontrol package from its expected path
* Properly build the FQDN and implement record listing so create/update/delete are used correctly.
* Add support for overriding base URL to allow connection to sandbox.
* Vendor dnsimple-go and its dependencies.
* Remove unnecessary doc file.
* Use dnsutil.AddOrigin for combining record name and origin.
* Modifying dnsimple provider to pass tests
* integration test started
* details
* More tests.
* idn tests and punycode (not tested fully because I'm on an aiplane)
* test for dual provider compatibility
* readme for tests
* vendor idna
* fix casing
