dns-route53: deprecate --dns-route53-propagation-seconds (#9619)

certbot · Mar 23, 2023 · 8037321 · 8037321
1 parent 7ce1f17
commit 8037321
Show file tree

Hide file tree

Showing 4 changed files with 25 additions and 12 deletions.
diff --git a/certbot-dns-route53/certbot_dns_route53/__init__.py b/certbot-dns-route53/certbot_dns_route53/__init__.py
@@ -8,17 +8,6 @@
    `certbot.eff.org <https://certbot.eff.org/instructions#wildcard>`_, choosing your system and
    selecting the Wildcard tab.
 
-Named Arguments
----------------
-
-========================================  =====================================
-``--dns-route53-propagation-seconds``     The number of seconds to wait for DNS
-                                          to propagate before asking the ACME
-                                          server to verify the DNS record.
-                                          (Default: 10)
-========================================  =====================================
-
-
 Credentials
 -----------
 Use of this plugin requires a configuration file containing Amazon Web Sevices

diff --git a/certbot-dns-route53/certbot_dns_route53/_internal/dns_route53.py b/certbot-dns-route53/certbot_dns_route53/_internal/dns_route53.py
@@ -3,6 +3,7 @@
 import logging
 import time
 from typing import Any
+from typing import Callable
 from typing import DefaultDict
 from typing import Dict
 from typing import List
@@ -12,9 +13,11 @@
 from botocore.exceptions import NoCredentialsError
 
 from acme.challenges import ChallengeResponse
+from certbot import achallenges
 from certbot import errors
 from certbot.achallenges import AnnotatedChallenge
 from certbot.plugins import dns_common
+from certbot.util import add_deprecated_argument
 
 logger = logging.getLogger(__name__)
 
@@ -44,6 +47,17 @@ def __init__(self, *args: Any, **kwargs: Any) -> None:
     def more_info(self) -> str:
         return "Solve a DNS01 challenge using AWS Route53"
 
+    @classmethod
+    def add_parser_arguments(cls, add: Callable[..., None],  # pylint: disable=arguments-differ
+                             default_propagation_seconds: int = 10) -> None:
+        add_deprecated_argument(add, 'propagation-seconds', 1)
+
+    def auth_hint(self, failed_achalls: List[achallenges.AnnotatedChallenge]) -> str:
+        return (
+            'The Certificate Authority failed to verify the DNS TXT records created by '
+            '--dns-route53. Ensure the above domains have their DNS hosted by AWS Route53.'
+        )
+
     def _setup_credentials(self) -> None:
         pass
 

diff --git a/certbot-dns-route53/tests/dns_route53_test.py b/certbot-dns-route53/tests/dns_route53_test.py
@@ -85,6 +85,13 @@ def test_cleanup_client_error(self):
 
         self.auth.cleanup([self.achall])
 
+    def test_parser_arguments(self) -> None:
+        from certbot.util import DeprecatedArgumentAction
+        m = mock.MagicMock()
+        self.auth.add_parser_arguments(m)  # pylint: disable=no-member
+        m.assert_any_call('propagation-seconds', action=DeprecatedArgumentAction,
+                          help=mock.ANY, nargs=1)
+
 
 class ClientTest(unittest.TestCase):
     # pylint: disable=protected-access

diff --git a/certbot/CHANGELOG.md b/certbot/CHANGELOG.md
@@ -14,7 +14,10 @@ Certbot adheres to [Semantic Versioning](https://semver.org/).
 
 ### Changed
 
-*
+* `--dns-route53-propagation-seconds` is now deprecated. The Route53 plugin relies on the
+  [GetChange API](https://docs.aws.amazon.com/Route53/latest/APIReference/API_GetChange.html)
+  to determine if a DNS update is complete. The flag has never had any effect and will be
+  removed in a future version of Certbot.
 
 ### Fixed