haproxytech
diff --git a/‎.aspell.yml‎
Lines changed: 2 additions & 0 deletions b/‎.aspell.yml‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎config-parser/section-parsers.go‎
Lines changed: 2 additions & 0 deletions b/‎config-parser/section-parsers.go‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎configuration/acme_provider.go‎
Lines changed: 125 additions & 14 deletions b/‎configuration/acme_provider.go‎
Lines changed: 125 additions & 14 deletions
diff --git a/‎configuration/acme_provider_test.go‎
Lines changed: 67 additions & 0 deletions b/‎configuration/acme_provider_test.go‎
Lines changed: 67 additions & 0 deletions
diff --git a/‎models/acme_provider.go‎
Lines changed: 6 additions & 0 deletions b/‎models/acme_provider.go‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎models/acme_provider_compare.go‎
Lines changed: 16 additions & 0 deletions b/‎models/acme_provider_compare.go‎
Lines changed: 16 additions & 0 deletions
diff --git a/‎models/acme_provider_compare_test.go‎
Lines changed: 2 additions & 2 deletions b/‎models/acme_provider_compare_test.go‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎specification/build/haproxy_spec.yaml‎
Lines changed: 8 additions & 0 deletions b/‎specification/build/haproxy_spec.yaml‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎specification/models/configuration/acme.yaml‎
Lines changed: 8 additions & 0 deletions b/‎specification/models/configuration/acme.yaml‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎test/acme_test.go‎
Lines changed: 14 additions & 9 deletions b/‎test/acme_test.go‎
Lines changed: 14 additions & 9 deletions
@@ -66,6 +66,7 @@ allowed:
   - fullpage
   - github
   - gitlab
+  - godaddy
   - gokc
   - golang
   - golangci
@@ -188,3 +189,4 @@ allowed:
   - yaml
   - async
   - rehaul
+  - XXXX
@@ -1035,6 +1035,8 @@ func (p *configParser) getAcmeParser() *Parsers {
 	parser := map[string]ParserInterface{}
 	sequence := []Section{}
 	addParser(parser, &sequence, &simple.Word{Name: "account-key"})
+	addParser(parser, &sequence, &simple.Word{Name: "acme-provider"})
+	addParser(parser, &sequence, &simple.Word{Name: "acme-vars"})
 	addParser(parser, &sequence, &simple.Number{Name: "bits"})
 	addParser(parser, &sequence, &simple.Word{Name: "challenge"})
 	addParser(parser, &sequence, &simple.Word{Name: "contact"})
 
@@ -18,6 +18,7 @@ package configuration
 import (
 	"errors"
 	"fmt"
+	"strings"
 
 	strfmt "github.com/go-openapi/strfmt"
 	parser "github.com/haproxytech/client-native/v6/config-parser"
@@ -159,14 +160,18 @@ func ParseAcmeProvider(p parser.Parser, name string) (*models.AcmeProvider, erro
 		}
 	}
 
+	var varsStr string
+
 	stringAttr := map[string]*string{
-		"account-key": &acme.AccountKey,
-		"challenge":   &acme.Challenge,
-		"contact":     &acme.Contact,
-		"curves":      &acme.Curves,
-		"directory":   &acme.Directory,
-		"keytype":     &acme.Keytype,
-		"map":         &acme.Map,
+		"account-key":   &acme.AccountKey,
+		"acme-provider": &acme.AcmeProvider,
+		"acme-vars":     &varsStr,
+		"challenge":     &acme.Challenge,
+		"contact":       &acme.Contact,
+		"curves":        &acme.Curves,
+		"directory":     &acme.Directory,
+		"keytype":       &acme.Keytype,
+		"map":           &acme.Map,
 	}
 
 	for kw, dest := range stringAttr {
@@ -198,6 +203,9 @@ func ParseAcmeProvider(p parser.Parser, name string) (*models.AcmeProvider, erro
 		acme.Bits = misc.Ptr(ic.Value)
 	}
 
+	// acme-vars
+	acme.AcmeVars = parseAcmeVars(varsStr)
+
 	return acme, nil
 }
 
@@ -216,14 +224,21 @@ func SerializeAcmeProvider(p parser.Parser, acme *models.AcmeProvider) error {
 		}
 	}
 
+	acmeVars, err := serializeAcmeVars(acme.AcmeVars)
+	if err != nil {
+		return fmt.Errorf("acme %s: %w", acme.Name, err)
+	}
+
 	stringAttr := map[string]string{
-		"account-key": acme.AccountKey,
-		"challenge":   acme.Challenge,
-		"contact":     acme.Contact,
-		"curves":      acme.Curves,
-		"directory":   acme.Directory,
-		"keytype":     acme.Keytype,
-		"map":         acme.Map,
+		"account-key":   acme.AccountKey,
+		"acme-provider": acme.AcmeProvider,
+		"acme-vars":     acmeVars,
+		"challenge":     acme.Challenge,
+		"contact":       acme.Contact,
+		"curves":        acme.Curves,
+		"directory":     acme.Directory,
+		"keytype":       acme.Keytype,
+		"map":           acme.Map,
 	}
 
 	for kw, val := range stringAttr {
@@ -246,3 +261,99 @@ func SerializeAcmeProvider(p parser.Parser, acme *models.AcmeProvider) error {
 
 	return nil
 }
+
+// acme-vars "key=value,foo=\"bar baz\""
+func serializeAcmeVars(vars map[string]string) (string, error) {
+	if len(vars) == 0 {
+		return "", nil
+	}
+
+	var sb strings.Builder
+	first := true
+
+	sb.WriteByte('"')
+	for k, v := range vars {
+		if len(k) == 0 {
+			continue
+		}
+		if !acmeValidKey(k) {
+			return "", fmt.Errorf("acme-vars: invalid character found in key '%s'", k)
+		}
+		if first {
+			first = false
+		} else {
+			sb.WriteByte(',')
+		}
+		sb.WriteString(k)
+		sb.WriteByte('=')
+		sb.WriteString(acmeVarEscape(v))
+	}
+	sb.WriteByte('"')
+
+	return sb.String(), nil
+}
+
+func parseAcmeVars(vars string) map[string]string {
+	n := len(vars)
+	if n == 0 {
+		return nil
+	}
+
+	if vars[0] == '"' && vars[n-1] == '"' {
+		vars = vars[1 : n-1]
+	}
+
+	vars = strings.TrimSpace(vars)
+	if len(vars) == 0 {
+		return nil
+	}
+
+	vlist := acmeVarSplit(vars)
+	vmap := make(map[string]string, len(vlist))
+	for _, keyval := range vlist {
+		if k, v, found := strings.Cut(strings.TrimSpace(keyval), "="); found {
+			if len(k) > 0 {
+				vmap[k] = acmeVarUnescape(v)
+			}
+		}
+	}
+
+	if len(vmap) == 0 {
+		return nil
+	}
+	return vmap
+}
+
+// Split string by ',' but not escaped commas "\,".
+func acmeVarSplit(s string) []string {
+	s = strings.ReplaceAll(s, `\,`, "\x00")
+	tokens := strings.Split(s, ",")
+	for i, token := range tokens {
+		tokens[i] = strings.ReplaceAll(token, "\x00", `\,`)
+	}
+	return tokens
+}
+
+func acmeVarEscape(s string) string {
+	s = strings.ReplaceAll(s, `"`, `\"`)
+	s = strings.ReplaceAll(s, `,`, `\,`)
+	return s
+}
+
+func acmeVarUnescape(s string) string {
+	s = strings.ReplaceAll(s, `\"`, `"`)
+	s = strings.ReplaceAll(s, `\,`, `,`)
+	return s
+}
+
+// Variable keys must also be valid Go variable names.
+func acmeValidKey(key string) bool {
+	for _, c := range key {
+		match := ('A' <= c && c <= 'Z') || ('a' <= c && c <= 'z') ||
+			('0' <= c && c <= '9') || c == '_'
+		if !match {
+			return false
+		}
+	}
+	return true
+}
@@ -0,0 +1,67 @@
+// Copyright 2025 HAProxy Technologies
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+package configuration
+
+import (
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+)
+
+func Test_serializeAcmeVars(t *testing.T) {
+	tests := []struct {
+		vars    map[string]string
+		want    string
+		wantErr bool
+	}{
+		{
+			vars:    map[string]string{"foo": "bar", "ApiKey": "FEFF,==\""},
+			want:    `"foo=bar,ApiKey=FEFF\,==\""`,
+			wantErr: false,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.want, func(t *testing.T) {
+			got, err := serializeAcmeVars(tt.vars)
+			if tt.wantErr != (err != nil) {
+				t.Errorf("serializeAcmeVars() got error '%v', wantErr=%v", err, tt.wantErr)
+			}
+			if got != tt.want {
+				t.Errorf("serializeAcmeVars() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+func Test_parseAcmeVars(t *testing.T) {
+	tests := []struct {
+		vars string
+		want map[string]string
+	}{
+		{
+			vars: `"foo=bar,ApiKey=FEFF\,==\""`,
+			want: map[string]string{"foo": "bar", "ApiKey": "FEFF,==\""},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.vars, func(t *testing.T) {
+			got := parseAcmeVars(tt.vars)
+			if !cmp.Equal(got, tt.want) {
+				t.Errorf("parseAcmeVars() = %#v, want %#v", got, tt.want)
+			}
+		})
+	}
+}
@@ -11877,11 +11877,19 @@ definitions:
     x-omitempty: true
     x-go-name: SSLFrontUses
   acme_provider:
+    additionalProperties: false
     description: Define an ACME provider to generate certificates automatically
     properties:
       account_key:
         description: Path where the the ACME account key is stored
         type: string
+      acme_provider:
+        description: DNS provider for the dns-01 challenge
+        type: string
+      acme_vars:
+        additionalProperties:
+          type: string
+        description: List of variables passed to the dns-01 provider (typically API keys)
       bits:
         description: Number of bits to generate an RSA certificate
         minimum: 1024
 
@@ -14,6 +14,13 @@ acme:
     account_key:
       type: string
       description: Path where the the ACME account key is stored
+    acme_provider:
+      type: string
+      description: DNS provider for the dns-01 challenge
+    acme_vars:
+      description: List of variables passed to the dns-01 provider (typically API keys)
+      additionalProperties:
+        type: string
     bits:
       type: integer
       description: Number of bits to generate an RSA certificate
@@ -47,3 +54,4 @@ acme:
     metadata:
       additionalProperties:
         type: object
+  additionalProperties: false
@@ -94,15 +94,20 @@ func TestCreateEditDeleteAcmeProvider(t *testing.T) {
 	require := require.New(t)
 
 	a := &models.AcmeProvider{
-		Name:       "ninja",
-		AccountKey: "ninja-acme.key",
-		Bits:       misc.Int64P(2048),
-		Challenge:  "http-01",
-		Contact:    "me@example.com",
-		Curves:     "dem curves",
-		Directory:  "https://acme.ninja.com/directory",
-		Keytype:    "ECDSA",
-		Map:        "acme@virt",
+		Name:         "ninja",
+		AccountKey:   "ninja-acme.key",
+		AcmeProvider: "godaddy",
+		AcmeVars: map[string]string{
+			"ApiKey":   "foobar",
+			"WeirdKey": "\"__, +=\"",
+		},
+		Bits:      misc.Int64P(2048),
+		Challenge: "http-01",
+		Contact:   "me@example.com",
+		Curves:    "dem curves",
+		Directory: "https://acme.ninja.com/directory",
+		Keytype:   "ECDSA",
+		Map:       "acme@virt",
 	}
 
 	err := clientTest.CreateAcmeProvider(a, "", version)