TEST GCORE: add DNSSEC support (StackExchange#2904)

Co-authored-by: Lan Tian <[email protected]>
cafferata · Apr 2, 2024 · f9cff3d · f9cff3d
1 parent 4f23b2a
commit f9cff3d
Show file tree

Hide file tree

Showing 3 changed files with 61 additions and 2 deletions.
diff --git a/documentation/providers.md b/documentation/providers.md
@@ -35,7 +35,7 @@ If a feature is definitively not supported for whatever reason, we would also li
 | [`EXOSCALE`](providers/exoscale.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❔ | ❌ | ❔ | ❔ | ❔ | ❌ | ❌ | ❔ |
 | [`GANDI_V5`](providers/gandi_v5.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❌ | ❔ | ❔ | ❔ | ❌ | ✅ |
 | [`GCLOUD`](providers/gcloud.md) | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`GCORE`](providers/gcore.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`GCORE`](providers/gcore.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ❔ | ✅ | ✅ | ✅ |
 | [`HEDNS`](providers/hedns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ❌ | ❌ | ❔ | ❔ | ✅ | ✅ | ✅ |
 | [`HETZNER`](providers/hetzner.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ |
 | [`HEXONET`](providers/hexonet.md) | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ✅ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ | ❔ |

diff --git a/providers/gcore/gcoreExtend.go b/providers/gcore/gcoreExtend.go
@@ -13,6 +13,14 @@ import (
 	dnssdk "github.com/G-Core/gcore-dns-sdk-go"
 )
 
+type gcoreZone struct {
+	DNSSECEnabled bool `json:"dnssec_enabled"`
+}
+
+type gcoreDNSSECRequest struct {
+	Enabled bool `json:"enabled"`
+}
+
 type gcoreRRSets struct {
 	RRSets []gcoreRRSetExtended `json:"rrsets"`
 }
@@ -103,3 +111,29 @@ func (c *gcoreProvider) dnssdkRRSets(domain string) (gcoreRRSets, error) {
 
 	return result, nil
 }
+
+func (c *gcoreProvider) dnssdkGetDNSSEC(domain string) (bool, error) {
+	var result gcoreZone
+	url := fmt.Sprintf("/v2/zones/%s", domain)
+
+	err := dnssdkDo(c.ctx, c.provider, c.apiKey, http.MethodGet, url, nil, &result)
+	if err != nil {
+		return false, err
+	}
+
+	return result.DNSSECEnabled, nil
+}
+
+func (c *gcoreProvider) dnssdkSetDNSSEC(domain string, enabled bool) error {
+	var request gcoreDNSSECRequest
+	request.Enabled = enabled
+
+	url := fmt.Sprintf("/v2/zones/%s/dnssec", domain)
+
+	err := dnssdkDo(c.ctx, c.provider, c.apiKey, http.MethodPatch, url, request, nil)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/providers/gcore/gcoreProvider.go b/providers/gcore/gcoreProvider.go
@@ -43,7 +43,7 @@ func NewGCore(m map[string]string, metadata json.RawMessage) (providers.DNSServi
 var features = providers.DocumentationNotes{
 	// The default for unlisted capabilities is 'Cannot'.
 	// See providers/capabilities.go for the entire list of capabilities.
-	providers.CanAutoDNSSEC:          providers.Cannot(),
+	providers.CanAutoDNSSEC:          providers.Can(),
 	providers.CanGetZones:            providers.Can(),
 	providers.CanConcur:              providers.Cannot(),
 	providers.CanUseAlias:            providers.Can(),
@@ -189,6 +189,31 @@ func (c *gcoreProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, exist
 		}
 	}
 
+	dnssecEnabled, err := c.dnssdkGetDNSSEC(dc.Name)
+	if err != nil {
+		return nil, err
+	}
+
+	if !dnssecEnabled && dc.AutoDNSSEC == "on" {
+		// Copy all params to avoid overwrites
+		zone := dc.Name
+		corrections = append(corrections, &models.Correction{
+			Msg: "Enable DNSSEC",
+			F: func() error {
+				return c.dnssdkSetDNSSEC(zone, true)
+			},
+		})
+	} else if dnssecEnabled && dc.AutoDNSSEC == "off" {
+		// Copy all params to avoid overwrites
+		zone := dc.Name
+		corrections = append(corrections, &models.Correction{
+			Msg: "Disable DNSSEC",
+			F: func() error {
+				return c.dnssdkSetDNSSEC(zone, false)
+			},
+		})
+	}
+
 	result := append(reports, deletions...)
 	result = append(result, corrections...)
 	return result, nil