GANDI_V5: Fix/support ALIAS, SSHFP, TLSA (#673)

docs/_includes/matrix.html

@@ -282,7 +282,9 @@
 		</td>
 		<td><i class="fa fa-minus dim"></i></td>
 		<td><i class="fa fa-minus dim"></i></td>
-		<td><i class="fa fa-minus dim"></i></td>
+		<td class="success">
+			<i class="fa fa-check text-success" aria-hidden="true"></i>
+		</td>
 		<td><i class="fa fa-minus dim"></i></td>
 		<td class="danger" data-toggle="tooltip" data-container="body" data-placement="top" title="Using ALIAS is possible through our extended DNS (X-DNS) service. Feel free to get in touch with us.">
 			<i class="fa has-tooltip fa-times text-danger" aria-hidden="true"></i>
@@ -476,9 +478,7 @@
 		<td><i class="fa fa-minus dim"></i></td>
 		<td><i class="fa fa-minus dim"></i></td>
 		<td><i class="fa fa-minus dim"></i></td>
-		<td class="success">
+		<td><i class="fa fa-minus dim"></i></td>
-			<i class="fa fa-check text-success" aria-hidden="true"></i>
-		</td>
 		<td><i class="fa fa-minus dim"></i></td>
 		<td><i class="fa fa-minus dim"></i></td>
 		<td><i class="fa fa-minus dim"></i></td>
@@ -588,7 +588,9 @@
 		<td><i class="fa fa-minus dim"></i></td>
 		<td><i class="fa fa-minus dim"></i></td>
 		<td><i class="fa fa-minus dim"></i></td>
-		<td><i class="fa fa-minus dim"></i></td>
+		<td class="success">
+			<i class="fa fa-check text-success" aria-hidden="true"></i>
+		</td>
 		<td><i class="fa fa-minus dim"></i></td>
 		<td><i class="fa fa-minus dim"></i></td>
 		<td><i class="fa fa-minus dim"></i></td>
@@ -631,7 +633,9 @@
 		</td>
 		<td><i class="fa fa-minus dim"></i></td>
 		<td><i class="fa fa-minus dim"></i></td>
-		<td><i class="fa fa-minus dim"></i></td>
+		<td class="success">
+			<i class="fa fa-check text-success" aria-hidden="true"></i>
+		</td>
 		<td><i class="fa fa-minus dim"></i></td>
 		<td class="success">
 			<i class="fa fa-check text-success" aria-hidden="true"></i>

docs/_providers/gandi_v5.md

@@ -20,9 +20,17 @@ jsId: GANDI
 In your credentials file you must provide your Gandi.net API key.
 The [sharing_id](https://api.gandi.net/docs/reference/) is optional.
 
+The `sharing_id` selects between different organizations which your account is
+a member of; to manage domains in multiple organizations, you can use multiple
+`creds.json` entries.  The first parameter to `NewDnsProvider` is the key to
+use in `creds.json`, and you can register multiple configured providers on the
+same backend `"GANDI_V5"` provider.
+(NB: in practice, this doesn't appear to be necessary and `sharing_id` is not
+enforced?)
+
 {% highlight json %}
 {
-  "gandi_v5": {
+  "gandi": {
     "apikey": "your-gandi-key",
     "sharing_id": "your-sharing_id"
   }
@@ -32,6 +40,13 @@ The [sharing_id](https://api.gandi.net/docs/reference/) is optional.
 ## Metadata
 This provider does not recognize any special metadata fields unique to Gandi.
 
+## Limitations
+This provider does not support using `ALIAS` in combination with DNSSEC,
+whether `AUTODNSSEC` or otherwise.
+
+This provider only supports `ALIAS` on the `"@"` zone apex, not on any other
+names.
+
 ## Usage
 Example Javascript:
 
@@ -44,10 +59,9 @@ D("example.tld", REG_GANDI, DnsProvider(GANDI),
 );
 {% endhighlight %}
 
-If you are converting from the old "GANDI" provider, simply
+If you are converting from the old "GANDI" provider,
-change "gandi" to "gandi_v5" in `creds.json`, and change "GANDI"
+simply change "GANDI" to "GANDI_V5" in `dnsconfig.js`.
-to "GANDI_V5" in `dnsconfig.js`.  Be sure to test with
+Be sure to test with `dnscontrol preview` before running `dnscontrol push`.
-`dnscontrol preview` before running `dnscontrol push`
 
 ## New domains
 If a domain does not exist in your Gandi account, DNSControl will *not* automatically add it with the `create-domains` command. You'll need to do that via the web UI manually.

providers/gandi_v5/convert.go

@@ -26,6 +26,9 @@ func nativeToRecords(n livedns.DomainRecord, origin string) (rcs []*models.Recor
 		}
 		rc.SetLabel(n.RrsetName, origin)
 		switch rtype := n.RrsetType; rtype {
+		case "ALIAS":
+			rc.Type = "ALIAS"
+			rc.SetTarget(value)
 		default: //  "A", "AAAA", "CAA", "NS", "CNAME", "MX", "PTR", "SRV", "TXT"
 			if err := rc.PopulateFromString(rtype, value, origin); err != nil {
 				panic(fmt.Errorf("unparsable record received from gandi: %w", err))

providers/gandi_v5/gandi_v5Provider.go

@@ -40,15 +40,21 @@ func init() {
 
 // features declares which features and options are available.
 var features = providers.DocumentationNotes{
+	providers.CanUseAlias:            providers.Can(),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUsePTR:              providers.Can(),
 	providers.CanUseSRV:              providers.Can(),
+	providers.CanUseSSHFP:            providers.Can(),
+	providers.CanUseTLSA:             providers.Can(),
 	providers.CantUseNOPURGE:         providers.Cannot(),
 	providers.DocCreateDomains:       providers.Cannot("Can only manage domains registered through their service"),
 	providers.DocOfficiallySupported: providers.Cannot(),
 	providers.CanGetZones:            providers.Can(),
 }
 
+// DNSSEC: platform supports it, but it doesn't fit our GetDomainCorrections
+// model, so deferring for now.
+
 // Section 2: Define the API client.
 
 // api is the api handle used to store any client-related state.