route53_zone - Remove default value of false for dnssec parameter

[ichekaldin]

SUMMARY

I suggest removing the default value for dnssec parameter in route53_zone module.

The current implementation results in a "catch-22": enabling DNSSEC for Route53 zone requires a key-signing key to be created (e.g., via route53_key_signing_key module), while creating a key-signing key requires a zone to exist.

Consider the following tasks:

- name: Create zone
  amazon.aws.route53_zone:
    zone: example.com
  register: __zone

- name: Create KSK
  amazon.aws.route53_key_signing_key:
    name: ksk1
    hosted_zone_id: "{{ __zone.id }}"
    key_management_service_arn: "{{ kms_arn }}"

- name: Enable DNSSEC
  amazon.aws.route53_zone:
    zone: example.com
    dnssec: true

On the first execution, these three tasks produce the expected result: create a zone, create a KSK, and then enable DNSSEC for that zone.

However, the subsequent executions of the same tasks will first disable DNSSEC (task 1) and then re-enable it (task 3), which is not idempotent and, more importantly, will likely result in DNS resolution disruption.

Removing the default value addresses this behavior.

ISSUE TYPE

• Bugfix Pull Request

COMPONENT NAME

route53_zone

[github-actions]

Docs Build 📝

Thank you for contribution!✨

The docsite for this PR is available for download as an artifact from this run:
https://github.com/ansible-collections/amazon.aws/actions/runs/13930136874

You can compare to the docs for the main branch here:
https://ansible-collections.github.io/amazon.aws/branch/main

File changes:

• M collections/amazon/aws/route53_zone_module.html

Click to see the diff comparison.

NOTE: only file modifications are shown here. New and deleted files are excluded.
See the file list and check the published docs to see those files.

diff --git a/home/runner/work/amazon.aws/amazon.aws/docsbuild/base/collections/amazon/aws/route53_zone_module.html b/home/runner/work/amazon.aws/amazon.aws/docsbuild/head/collections/amazon/aws/route53_zone_module.html
index f6350ee..ec0fdf2 100644
--- a/home/runner/work/amazon.aws/amazon.aws/docsbuild/base/collections/amazon/aws/route53_zone_module.html
+++ b/home/runner/work/amazon.aws/amazon.aws/docsbuild/head/collections/amazon/aws/route53_zone_module.html
@@ -250,7 +250,7 @@ see <a class="reference internal" href="#ansible-collections-amazon-aws-route53-
 <td><div class="ansible-option-cell"><p>Enables DNSSEC signing in a specific hosted zone.</p>
 <p class="ansible-option-line"><strong class="ansible-option-choices">Choices:</strong></p>
 <ul class="simple">
-<li><p><code class="ansible-option-default-bold docutils literal notranslate"><strong><span class="pre">false</span></strong></code> <span class="ansible-option-choices-default-mark">← (default)</span></p></li>
+<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">false</span></code></p></li>
 <li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">true</span></code></p></li>
 </ul>
 </div></td>

[softwarefactory-project-zuul]

Build succeeded.
https://ansible.softwarefactory-project.io/zuul/buildset/d4c666b1423044899d3fffe5632dd89b

✔️ ansible-galaxy-importer SUCCESS in 3m 56s
✔️ build-ansible-collection SUCCESS in 10m 12s
✔️ ansible-test-splitter SUCCESS in 5m 09s
✔️ integration-amazon.aws-1 SUCCESS in 6m 38s
Skipped 43 jobs