Unified Provider model; existing DNS providers to be converted piecem…

…eal.

Never-used http_providers and shim removed; new drivers to go in providers.
Began removal of the torturous import of import chains; remainder are deprecated.
Test cases that no longer apply removed; others updated; quite a few added.
Some documentation added. First draft of demo for unified Provider.  prop_* parameters.
Never-ending: Codacy's complaints, test coverage.

CHANGELOG.md

@@ -1,19 +1,20 @@
 ## `sewer` changelog:
 most recent version is listed first.   
 
-## **unreleased:** heading for 0.9
-- README and other docs need updating!
-- mypy & python version compatibility verification?
-- at least a couple sample http-01 challenge providers & dns-01 (new or ported to new API)
-- **WIP** refactor provider API; distinction between dns and http providers deprecated
-### This might be a good point for 0.9-alpha - new features but not complete
-- support current RFC8555 protocol (LE staging current, production will require in Nov)
+## **version:** 0.8.2
+Feature additions:
+
+- support current RFC8555 protocol (LE staging current, production requires in Nov)
+- added DNS providers powerdns and gandi
+
+Internals (features and/or annoying changes for sewer-as-a-library users)
+
+- unified dns-01 and http-01 providers; support challenge propagation check
+- added support for non-dns (http-01 challenge) provider
 - collect shared (internal) functions into lib.py
 - use unitest.mock rather than external module
 - client no longer prepends`*.` to wildcards; remove spotty code in providers to strip it
-- added support for non-dns (http-01 challenge) provider [API change, more ahead]
-- added DNS providers powerdns and gandi
-- begin addition of annotations, mostly opportunistically; may be[come] incompat w/py < 3.5
+- begin addition of annotations, mostly opportunistically
 
 ## **version:** 0.8.1
 - Fix bug where `sewer` was unable to delete wildcard names from clouflare: https://github.com/komuw/sewer/pull/139    

README.md

@@ -6,13 +6,30 @@
 [![Code style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/komuw/sewer)
 
 
-Sewer is a Let's Encrypt(ACME) client.           
-It's name is derived from Kenyan hip hop artiste, Kitu Sewer.                        
-It allows you to obtain ssl/tls certificates from Let's Encrypt.       
+Sewer is a Let's Encrypt(ACME) client.  
+It's name is derived from Kenyan hip hop artiste, Kitu Sewer.  
 
-> Let’s Encrypt is a free, automated, and open Certificate Authority. - https://letsencrypt.org
+Check the [CHANGELOG](https://github.com/komuw/sewer/blob/master/CHANGELOG.md)
+for news about changes.
+See also [what's new in 0.8.2](docs/0.8.2-notes.md) for a description of
+the many changes in this release.
 
-Sewer currently supports the DNS and HTTP modes of validation.                 
+## Features
+- Obtain or renew SSL/TLS certificates from [Let's Encrypt](https://letsencrypt.org)
+- Supports acme version 2 (current RFC).
+- Support for SAN certificates.
+- Supports wildcard certificates.
+- Bundling certificates.
+- Supports [DNS](#dns-services-supported) and HTTP challenges.
+- [Bring your own dns provider](#bring-your-own-dns-provider)
+- [Bring your own http provider](#bring-your-own-http-provider)
+- sewer is both a [command-line program](#cli) and a [Python library](#usage) for customization
+- Well written(if I have to say so myself):
+  - [Good test coverage](https://codecov.io/gh/komuW/sewer)
+  - [Passing continous integration](https://circleci.com/gh/komuW/sewer)
+  - [High grade statically analyzed code](https://www.codacy.com/app/komuW/sewer/dashboard)
+
+## DNS services supported
 The currently supported DNS providers are:         
 1. [Cloudflare](https://www.cloudflare.com/dns)               
 2. [Aurora](https://www.pcextreme.com/aurora/dns)                 
@@ -26,15 +43,7 @@ The currently supported DNS providers are:
 10. [AWS Route 53](https://aws.amazon.com/route53/)
 11. [PowerDNS](https://doc.powerdns.com/authoritative/http-api/index.html)
 12. [Gandi](https://doc.livedns.gandi.net/)
-13. [Bring your own dns provider](#bring-your-own-dns-provider)
-
-...
-
-Sewer can be used very easliy programmatically as a library from code.            
-Sewer also comes with a command-line(cli) interface(app) that you can use from your favourite terminal           
-
-Check the [CHANGELOG](https://github.com/komuw/sewer/blob/master/CHANGELOG.md)
-for news about changes.
+13. ... or [bring your own dns provider](#bring-your-own-dns-provider)
 
 ## Installation
 
@@ -232,23 +241,6 @@ The cerrtificate, certificate key and account key will be saved in the directory
 The commandline interface(app) is called `sewer` or alternatively you could use, `sewer-cli`.                   
 
 
-
-## Features
-- Obtain certificates.
-- Renew certificates.
-- Supports multiple DNS providers.
-- Supports wildcard certificates.
-- Supports acme version 2 only.
-- [Bring your own dns provider](#bring-your-own-dns-provider) 
-- [Bring your own http provider](#bring-your-own-http-provider) 
-- Support for SAN certificates.
-- Can be used as a python library as well as a command line(CLI) application.
-- Bundling certificates.
-- Well written(if I have to say so myself):
-  - [Good test coverage](https://codecov.io/gh/komuW/sewer)
-  - [Passing continous integration](https://circleci.com/gh/komuW/sewer)
-  - [High grade statically analyzed code](https://www.codacy.com/app/komuW/sewer/dashboard)
-
 ## Bring your own DNS provider          
 It is very easy to use any dns provider with sewer.          
 All you have to do is create your own dns class that is a child class of [`sewer.BaseDns`](https://github.com/komuw/sewer/blob/master/sewer/dns_providers/common.py) and then implement the             

docs/0.8.2-notes.md

@@ -0,0 +1,38 @@
+## 0.8.2 release
+
+0.8.2 contains a lot more work - and changes - than recent releases,
+hence this verbose guide to what's been going on in sewer this spring.
+
+To my mind, the big change has been landing the revised RFC protocol changes.
+This allows sewer to operate against LE's staging server again,
+and to continue to work with their production server when they drop compatibility
+with the earlier version of the protocol in November.
+
+Other changes that may be equally important to some users have been the addition
+of drivers for the powerdns and gandi DNS services,
+and changes to accomodate http-01 challenge providers.
+The interface for dns-01 and http-01 challenge providers has been unified
+from its initial form, and hopefully that interface is general enough
+to accomodate not only dns-01 and http-01, but other future challenge types.
+
+### bugs, fixed or known
+
+There are two related issues with wildcard certificates that have turned up
+in some providers.
+The first of these was fixed in 0.8.1, when we stopped Client from prefixing
+wildcard names with "*." when passing them to the providers.
+That issue has been known for a long time, and some providers already had a
+workaround - but sometimes the workaround wasn't complete (PR #139, eg.).
+
+The second issue arises only when requesting a wildcard certificate (for
+*.domain.tld, say) that is to also cover the naked domain (domain.tld).
+This arises when the DNS service has issues with setting up two TXT records
+for the two separate challenges ACME needs, because they both are on
+domain.tld.
+There doesn't seem to be any easy global fix for this, as there was for the
+first problem, so it's being fixed provider by provider as it arises (and
+there's a user of that service to help with the fix).
+
+### other changes
+
+The *cli* program has, I believe, no user-visible incompatibilties.

docs/LegacyDNS.md

@@ -0,0 +1,48 @@
+## Legacy DNS challenge providers
+
+### `BaseDns` shim class
+
+A child of `ProviderBase` that acts as an adapter between the Provider
+interface and the Legacy DNS providers.
+
+#### `__init__(self, **kwargs: Any) -> None`
+
+Accepts no arguments itself; doesn't expect any to be passed by Legacy code.
+Injects chal_types=["dns-01"].
+
+#### `setup(self, challenges: Sequence[Dict[str, str]]) -> Sequence[Dict[str, str]]`
+
+Iterates over the challenges, extracting the values needed for dns-01 from
+each challenge in the list, and passing them to create_dns_record.
+Always returns an empty list since there is no error return from
+create_dns_record other than raising an exception.
+
+#### `unpropagated(self, challenges: Sequence[Dict[str, str]]) -> Sequence[Dict[str, str]]`
+
+Always returns an empty list, signalling "all ready as far as I know".
+A DNS provider wishing to do something useful here must migrate to the new
+API.
+
+#### `clear(self, challenges: Sequence[Dict[str, str]]) -> Sequence[Dict[str, str]]`
+
+Same as setup except it calls the legacy delete_dns_record, of course.
+
+### Legacy DNS class
+
+#### `__init__(self, ...)`
+
+Args are explicitly named per provider; no provision for passing any to
+`super().__init__` - which makes sense, since there used not to be any the
+parent was prepared to receive.
+
+#### `def create_dns_record(self, domain_name, domain_dns_value)`
+
+Minimum is to add `_acme-challenge` prefix to domain_name and post the
+challenge response (domain_dns_value) as that name's TXT value.
+All very provider-dependent.
+
+#### `def delete_dns_record(self, domain_name, domain_dns_value)`
+
+In theory it should undo the effects of setup.
+In practice, at least one of the services is unable to do that
+(according to the comment).