Remove options validation from argument_spec to allow any extra keys

- Remove 'options' from zones and records in argument_spec
- This prevents Ansible from pre-validating structure before module code runs
- Module now accepts any dict structure and filters to known keys in code
- Add proper validation of required fields in _filter_zone_config()
- Now truly allows arbitrary extra keys like 'comment', 'type', etc. without errors

plugins/modules/nsupdate_zone.py

@@ -890,6 +890,12 @@ def _filter_zone_config(zone_config: dict) -> dict:
     This allows users to include extra metadata (comments, type, etc.) in their
     zone configuration without causing validation errors.
     """
+    # Validate required fields
+    if 'name' not in zone_config:
+        raise ValueError("zones[].name is required")
+    if 'records' not in zone_config:
+        raise ValueError("zones[].records is required")
+    
     filtered = {
         'name': zone_config.get('name'),
         'dns_server': zone_config.get('dns_server'),
@@ -897,7 +903,14 @@ def _filter_zone_config(zone_config: dict) -> dict:
     }
     
     if 'records' in zone_config:
-        for record in zone_config['records']:
+        for i, record in enumerate(zone_config['records']):
+            if 'record' not in record:
+                raise ValueError(f"zones[].records[{i}].record is required")
+            if 'type' not in record:
+                raise ValueError(f"zones[].records[{i}].type is required")
+            if 'value' not in record:
+                raise ValueError(f"zones[].records[{i}].value is required")
+            
             filtered_record = {
                 'record': record.get('record'),
                 'type': record.get('type'),
@@ -906,7 +919,12 @@ def _filter_zone_config(zone_config: dict) -> dict:
             if 'ttl' in record:
                 filtered_record['ttl'] = record['ttl']
             if 'state' in record:
-                filtered_record['state'] = record['state']
+                state = record['state']
+                if state not in ['present', 'absent']:
+                    raise ValueError(f"zones[].records[{i}].state must be 'present' or 'absent'")
+                filtered_record['state'] = state
+            else:
+                filtered_record['state'] = 'present'
             filtered['records'].append(filtered_record)
     
     return filtered
@@ -919,23 +937,7 @@ def main() -> None:
             zones=dict(
                 type='list',
                 elements='dict',
-                required=True,
+                required=True
-                options=dict(
-                    name=dict(type='str', required=True),
-                    dns_server=dict(type='str'),
-                    records=dict(
-                        type='list',
-                        elements='dict',
-                        required=True,
-                        options=dict(
-                            record=dict(type='str', required=True),
-                            type=dict(type='str', required=True),
-                            value=dict(type='raw', required=True),
-                            ttl=dict(type='int'),
-                            state=dict(type='str', choices=['present', 'absent'], default='present')
-                        )
-                    )
-                )
             ),
             key_name=dict(type='str'),
             key_secret=dict(type='str', no_log=True),
@@ -974,7 +976,10 @@ def main() -> None:
     zones = module.params['zones']
     
     # Filter zones to remove extra keys that might be present for documentation/metadata
-    filtered_zones = [_filter_zone_config(zone) for zone in zones]
+    try:
+        filtered_zones = [_filter_zone_config(zone) for zone in zones]
+    except ValueError as e:
+        module.fail_json(msg=f"Invalid zone configuration: {str(e)}")
     
     results = []
     overall_changed = False