From cb0137bacaca1783d4e272d4987c0284e880ae58 Mon Sep 17 00:00:00 2001 From: Felix Fontein Date: Fri, 17 Apr 2026 07:32:41 +0200 Subject: [PATCH] Mark dns-account-01 and dns-persist-01 more explicitly as experimental. (#1002) --- changelogs/fragments/996-acme-dns-account-01.yml | 5 +++-- changelogs/fragments/997-acme-dns-persist-01.yml | 5 +++-- plugins/modules/acme_certificate.py | 10 ++++++++-- plugins/modules/acme_certificate_order_create.py | 11 +++++++++-- 4 files changed, 23 insertions(+), 8 deletions(-) diff --git a/changelogs/fragments/996-acme-dns-account-01.yml b/changelogs/fragments/996-acme-dns-account-01.yml index 224be1c2..d4cc2adf 100644 --- a/changelogs/fragments/996-acme-dns-account-01.yml +++ b/changelogs/fragments/996-acme-dns-account-01.yml @@ -1,4 +1,5 @@ minor_changes: - - acme_* modules - support ``dns-account-01`` challenge type according to - `acme-dns-account-label draft 02 `__ + - acme_* modules - experimentally support ``dns-account-01`` challenge type according to + `acme-dns-account-label draft 02 `__. + Note that breaking changes to this challenge type can also happen in minor releases until the acme-dns-account-label draft has been finalized as an RFC (https://github.com/ansible-collections/community.crypto/pull/996). diff --git a/changelogs/fragments/997-acme-dns-persist-01.yml b/changelogs/fragments/997-acme-dns-persist-01.yml index f314c70a..fb9c50b8 100644 --- a/changelogs/fragments/997-acme-dns-persist-01.yml +++ b/changelogs/fragments/997-acme-dns-persist-01.yml @@ -1,4 +1,5 @@ minor_changes: - - acme_* modules - support ``dns-persist-01`` challenge type according to - `acme-dns-persist draft 01 `__ + - acme_* modules - experimentally support ``dns-persist-01`` challenge type according to + `acme-dns-persist draft 01 `__. + Note that breaking changes to this challenge type can also happen in minor releases until the acme-dns-persist draft has been finalized as an RFC (https://github.com/ansible-collections/community.crypto/pull/997). diff --git a/plugins/modules/acme_certificate.py b/plugins/modules/acme_certificate.py index 314962da..7a099ecb 100644 --- a/plugins/modules/acme_certificate.py +++ b/plugins/modules/acme_certificate.py @@ -24,11 +24,11 @@ description: and the L(TLS-ALPN-01 specification,https://www.rfc-editor.org/rfc/rfc8737.html#section-3). Also, consider the examples provided for this module. - The module support for IP identifiers according to L(RFC 8738,https://www.rfc-editor.org/rfc/rfc8738.html). - - The module supports the V(dns-account-01) challenge type according to + - The module B(experimentally) supports the V(dns-account-01) challenge type according to L(acme-dns-account-label draft 02, https://datatracker.ietf.org/doc/html/draft-ietf-acme-dns-account-label-02). Note that the supported draft version can change at any time, and changes will only be considered breaking once the draft reached RFC status. - - The module supports the V(dns-persist-01) challenge type according to + - The module B(experimentally) supports the V(dns-persist-01) challenge type according to L(acme-dns-persist draft 01, https://www.ietf.org/archive/id/draft-ietf-acme-dns-persist-01.html). Note that the supported draft version can change at any time, and changes will only be considered breaking once the draft reached RFC status. @@ -481,6 +481,9 @@ challenge_data: - The keys in this dictionary are the challenge types. C(challenge-type) is a placeholder used in the documentation. Possible keys are V(http-01), V(dns-01), V(dns-account-01), V(dns-persist-01), and V(tls-alpn-01). - Note that the keys are not valid Jinja2 identifiers. + - B(Note) that this return value for V(dns-account-01) and V(dns-persist-01) challenges is B(experimental) + and can change in a breaking way also in minor releases, until the acme-dns-account-label respectively + the acme-dns-persist draft is in a more stable state. returned: changed type: dict contains: @@ -514,6 +517,9 @@ challenge_data: account_uri: description: - The account URI that must be mentioned in the DNS TXT record. + - B(Note) that the type of this return value might change in a breaking way also in minor releases, + until the acme-dns-persist draft is in a more stable state. + This challenge field is currently under discussion in the ACME WG. returned: changed and challenge is V(dns-persist-01) type: str sample: https://ca.example/acct/123 diff --git a/plugins/modules/acme_certificate_order_create.py b/plugins/modules/acme_certificate_order_create.py index 93a78da6..e92b6810 100644 --- a/plugins/modules/acme_certificate_order_create.py +++ b/plugins/modules/acme_certificate_order_create.py @@ -38,11 +38,11 @@ description: Also, consider the examples provided for this module. - The module includes support for IP identifiers according to L(RFC 8738,https://www.rfc-editor.org/rfc/rfc8738.html) ACME extension. - - The module supports the V(dns-account-01) challenge type according to + - The module B(experimentally) supports the V(dns-account-01) challenge type according to L(acme-dns-account-label draft 02, https://datatracker.ietf.org/doc/html/draft-ietf-acme-dns-account-label-02). Note that the supported draft version can change at any time, and changes will only be considered breaking once the draft reached RFC status. - - The module supports the V(dns-persist-01) challenge type according to + - The module B(experimentally) supports the V(dns-persist-01) challenge type according to L(acme-dns-persist draft 01, https://www.ietf.org/archive/id/draft-ietf-acme-dns-persist-01.html). Note that the supported draft version can change at any time, and changes will only be considered breaking once the draft reached RFC status. @@ -330,6 +330,8 @@ challenge_data: - Information for V(dns-account-01) authorization. - A DNS TXT record needs to be created with the record name RV(challenge_data[].challenges.dns-01.record) and value RV(challenge_data[].challenges.dns-01.resource_value). + - B(Note) that this return value is B(experimental) and can change in a breaking way also in minor releases, + until the acme-dns-account-label draft is in a more stable state. returned: if the identifier supports V(dns-account-01) authorization version_added: 3.2.0 type: dict @@ -356,6 +358,8 @@ challenge_data: - Information for V(dns-persist-01) authorization. - A DNS TXT record needs to be created with the record name V(_validation-persist.). See the P(community.crypto.acme_dns_persist_record#filter) for how to create the record's content. + - B(Note) that this return value is B(experimental) and can change in a breaking way also in minor releases, + until the acme-dns-persist draft is in a more stable state. returned: if the identifier supports V(dns-persist-01) authorization version_added: 3.2.0 type: dict @@ -363,6 +367,9 @@ challenge_data: account_uri: description: - The account URI that must be mentioned in the DNS TXT record. + - B(Note) that the type of this return value might change in a breaking way also in minor releases, + until the acme-dns-persist draft is in a more stable state. + This challenge field is currently under discussion in the ACME WG. returned: success type: str sample: https://ca.example/acct/123