From f0f933b4630bce810475a519e295828013d301d6 Mon Sep 17 00:00:00 2001

From: Rafael Guterres Jeffman <rjeffman@redhat.com>

Date: Wed, 10 Jun 2020 20:40:45 -0300

Subject: [PATCH] Changed admin password on tests to match other modules.

Use of the same password on all module tests ease test automation,

and this change ensure that dnsforwardzone use the same password as

other modules.

---

 tests/dnsforwardzone/test_dnsforwardzone.yml | 42 ++++++++++----------

 1 file changed, 21 insertions(+), 21 deletions(-)

diff --git a/tests/dnsforwardzone/test_dnsforwardzone.yml b/tests/dnsforwardzone/test_dnsforwardzone.yml

index 1a45e826..ac08a48f 100644

--- a/tests/dnsforwardzone/test_dnsforwardzone.yml

+++ b/tests/dnsforwardzone/test_dnsforwardzone.yml

@@ -7,13 +7,13 @@

   tasks:

   - name: ensure forwardzone example.com is absent - prep

     ipadnsforwardzone:

-      ipaadmin_password: password01

+      ipaadmin_password: SomeADMINpassword

       name: example.com

       state: absent

   - name: ensure forwardzone example.com is created

     ipadnsforwardzone:

-      ipaadmin_password: password01

+      ipaadmin_password: SomeADMINpassword

       state: present

       name: example.com

       forwarders:

@@ -25,7 +25,7 @@

   - name: ensure forwardzone example.com is present again

     ipadnsforwardzone:

-      ipaadmin_password: password01

+      ipaadmin_password: SomeADMINpassword

       state: present

       name: example.com

       forwarders:

@@ -37,7 +37,7 @@

   - name: ensure forwardzone example.com has two forwarders

     ipadnsforwardzone:

-      ipaadmin_password: password01

+      ipaadmin_password: SomeADMINpassword

       state: present

       name: example.com

       forwarders:

@@ -50,7 +50,7 @@

   - name: ensure forwardzone example.com has one forwarder again

     ipadnsforwardzone:

-      ipaadmin_password: password01

+      ipaadmin_password: SomeADMINpassword

       name: example.com

       forwarders:

         - 8.8.8.8

@@ -62,7 +62,7 @@

   - name: skip_overlap_check can only be set on creation so change nothing

     ipadnsforwardzone:

-      ipaadmin_password: password01

+      ipaadmin_password: SomeADMINpassword

       name: example.com

       forwarders:

         - 8.8.8.8

@@ -74,7 +74,7 @@

   - name: change all the things at once

     ipadnsforwardzone:

-      ipaadmin_password: password01

+      ipaadmin_password: SomeADMINpassword

       state: present

       name: example.com

       forwarders:

@@ -87,13 +87,13 @@

   - name: ensure forwardzone example.com is absent for next testset

     ipadnsforwardzone:

-      ipaadmin_password: password01

+      ipaadmin_password: SomeADMINpassword

       name: example.com

       state: absent

   - name: ensure forwardzone example.com is created with minimal args

     ipadnsforwardzone:

-      ipaadmin_password: password01

+      ipaadmin_password: SomeADMINpassword

       state: present

       name: example.com

       skip_overlap_check: true

@@ -104,7 +104,7 @@

   - name: add a forwarder to any existing ones

     ipadnsforwardzone:

-      ipaadmin_password: password01

+      ipaadmin_password: SomeADMINpassword

       state: present

       name: example.com

       forwarders:

@@ -115,7 +115,7 @@

   - name: check the list of forwarders is what we expect

     ipadnsforwardzone:

-      ipaadmin_password: password01

+      ipaadmin_password: SomeADMINpassword

       state: present

       name: example.com

       forwarders:

@@ -127,7 +127,7 @@

   - name: remove a single forwarder

     ipadnsforwardzone:

-      ipaadmin_password: password01

+      ipaadmin_password: SomeADMINpassword

       state: absent

       name: example.com

       forwarders:

@@ -138,7 +138,7 @@

   - name: check the list of forwarders is what we expect now

     ipadnsforwardzone:

-      ipaadmin_password: password01

+      ipaadmin_password: SomeADMINpassword

       state: present

       name: example.com

       forwarders:

@@ -149,13 +149,13 @@

   - name: ensure forwardzone example.com is absent again

     ipadnsforwardzone:

-      ipaadmin_password: password01

+      ipaadmin_password: SomeADMINpassword

       name: example.com

       state: absent

   - name: try to create a new forwarder with action=member

     ipadnsforwardzone:

-      ipaadmin_password: password01

+      ipaadmin_password: SomeADMINpassword

       state: present

       name: example.com

       forwarders:

@@ -167,13 +167,13 @@

   - name: ensure forwardzone example.com is absent - tidy up

     ipadnsforwardzone:

-      ipaadmin_password: password01

+      ipaadmin_password: SomeADMINpassword

       name: example.com

       state: absent

   - name: try to create a new forwarder is disabled state

     ipadnsforwardzone:

-      ipaadmin_password: password01

+      ipaadmin_password: SomeADMINpassword

       state: disabled

       name: example.com

       forwarders:

@@ -184,7 +184,7 @@

   - name: enable the forwarder

     ipadnsforwardzone:

-      ipaadmin_password: password01

+      ipaadmin_password: SomeADMINpassword

       name: example.com

       state: enabled

     register: result

@@ -192,7 +192,7 @@

   - name: disable the forwarder again

     ipadnsforwardzone:

-      ipaadmin_password: password01

+      ipaadmin_password: SomeADMINpassword

       name: example.com

       state: disabled

       action: member

@@ -201,7 +201,7 @@

   - name: ensure it stays disabled

     ipadnsforwardzone:

-      ipaadmin_password: password01

+      ipaadmin_password: SomeADMINpassword

       name: example.com

       state: disabled

     register: result

@@ -209,6 +209,6 @@

   - name: ensure forwardzone example.com is absent - tidy up

     ipadnsforwardzone:

-      ipaadmin_password: password01

+      ipaadmin_password: SomeADMINpassword

       name: example.com

       state: absent

From f8ebca760dbaaf38c7b74b0c855b05d26e9cb812 Mon Sep 17 00:00:00 2001

From: Rafael Guterres Jeffman <rjeffman@redhat.com>

Date: Wed, 10 Jun 2020 22:14:27 -0300

Subject: [PATCH] Allow processing of multiple names for deleting

 dnsforwardzones.

---

 plugins/modules/ipadnsforwardzone.py | 189 ++++++++++++++-------------

 1 file changed, 98 insertions(+), 91 deletions(-)

diff --git a/plugins/modules/ipadnsforwardzone.py b/plugins/modules/ipadnsforwardzone.py

index 90bd3876..b28f28db 100644

--- a/plugins/modules/ipadnsforwardzone.py

+++ b/plugins/modules/ipadnsforwardzone.py

@@ -134,7 +134,7 @@ def main():

             # general

             ipaadmin_principal=dict(type="str", default="admin"),

             ipaadmin_password=dict(type="str", required=False, no_log=True),

-            name=dict(type="str", aliases=["cn"], default=None,

+            name=dict(type="list", aliases=["cn"], default=None,

                       required=True),

             forwarders=dict(type='list', aliases=["idnsforwarders"],

                             required=False),

@@ -158,7 +158,7 @@ def main():

                                            "ipaadmin_principal")

     ipaadmin_password = module_params_get(ansible_module,

                                           "ipaadmin_password")

-    name = module_params_get(ansible_module, "name")

+    names = module_params_get(ansible_module, "name")

     action = module_params_get(ansible_module, "action")

     forwarders = module_params_get(ansible_module, "forwarders")

     forwardpolicy = module_params_get(ansible_module, "forwardpolicy")

@@ -166,6 +166,12 @@ def main():

                                            "skip_overlap_check")

     state = module_params_get(ansible_module, "state")

+    if state == 'present' and len(names) != 1:

+        ansible_module.fail_json(

+            msg="Only one dnsforwardzone can be added at a time.")

+    if state == 'absent' and len(names) < 1:

+        ansible_module.fail_json(msg="No name given.")

+

     # absent stae means delete if the action is NOT member but update if it is

     # if action is member then update an exisiting resource

     # and if action is not member then create a resource

@@ -207,101 +213,102 @@ def main():

                                                  ipaadmin_password)

         api_connect()

-        # Make sure forwardzone exists

-        existing_resource = find_dnsforwardzone(ansible_module, name)

-

-        if existing_resource is None and operation == "update":

-            # does not exist and is updating

-            # trying to update something that doesn't exist, so error

-            ansible_module.fail_json(msg="""dnsforwardzone '%s' is not

-                                                     valid""" % (name))

-        elif existing_resource is None and operation == "del":

-            # does not exists and should be absent

-            # set command

-            command = None

-            # enabled or disabled?

-            is_enabled = "IGNORE"

-        elif existing_resource is not None and operation == "del":

-            # exists but should be absent

-            # set command

-            command = "dnsforwardzone_del"

-            # enabled or disabled?

-            is_enabled = "IGNORE"

-        elif forwarders is None:

-            # forwarders are not defined its not a delete, update state?

-            # set command

-            command = None

-            # enabled or disabled?

-            if existing_resource is not None:

-                is_enabled = existing_resource["idnszoneactive"][0]

-            else:

-                is_enabled = "IGNORE"

-        elif existing_resource is not None and operation == "update":

-            # exists and is updating

-            # calculate the new forwarders and mod

-            # determine args

-            if state != "absent":

-                forwarders = list(set(existing_resource["idnsforwarders"]

-                                      + forwarders))

-            else:

-                forwarders = list(set(existing_resource["idnsforwarders"])

-                                  - set(forwarders))

-            args = gen_args(forwarders, forwardpolicy,

-                            skip_overlap_check)

-            if skip_overlap_check is not None:

-                del args['skip_overlap_check']

-

-            # command

-            if not compare_args_ipa(ansible_module, args, existing_resource):

-                command = "dnsforwardzone_mod"

-            else:

+        for name in names:

+            # Make sure forwardzone exists

+            existing_resource = find_dnsforwardzone(ansible_module, name)

+

+            if existing_resource is None and operation == "update":

+                # does not exist and is updating

+                # trying to update something that doesn't exist, so error

+                ansible_module.fail_json(msg="""dnsforwardzone '%s' is not

+                                                         valid""" % (name))

+            elif existing_resource is None and operation == "del":

+                # does not exists and should be absent

+                # set command

                 command = None

-

-            # enabled or disabled?

-            is_enabled = existing_resource["idnszoneactive"][0]

-

-        elif existing_resource is None and operation == "add":

-            # does not exist but should be present

-            # determine args

-            args = gen_args(forwarders, forwardpolicy,

-                            skip_overlap_check)

-            # set command

-            command = "dnsforwardzone_add"

-            # enabled or disabled?

-            is_enabled = "TRUE"

-

-        elif existing_resource is not None and operation == "add":

-            # exists and should be present, has it changed?

-            # determine args

-            args = gen_args(forwarders, forwardpolicy, skip_overlap_check)

-            if skip_overlap_check is not None:

-                del args['skip_overlap_check']

-

-            # set command

-            if not compare_args_ipa(ansible_module, args, existing_resource):

-                command = "dnsforwardzone_mod"

-            else:

+                # enabled or disabled?

+                is_enabled = "IGNORE"

+            elif existing_resource is not None and operation == "del":

+                # exists but should be absent

+                # set command

+                command = "dnsforwardzone_del"

+                # enabled or disabled?

+                is_enabled = "IGNORE"

+            elif forwarders is None:

+                # forwarders are not defined its not a delete, update state?

+                # set command

                 command = None

+                # enabled or disabled?

+                if existing_resource is not None:

+                    is_enabled = existing_resource["idnszoneactive"][0]

+                else:

+                    is_enabled = "IGNORE"

+            elif existing_resource is not None and operation == "update":

+                # exists and is updating

+                # calculate the new forwarders and mod

+                # determine args

+                if state != "absent":

+                    forwarders = list(set(existing_resource["idnsforwarders"]

+                                          + forwarders))

+                else:

+                    forwarders = list(set(existing_resource["idnsforwarders"])

+                                      - set(forwarders))

+                args = gen_args(forwarders, forwardpolicy,

+                                skip_overlap_check)

+                if skip_overlap_check is not None:

+                    del args['skip_overlap_check']

+

+                # command

+                if not compare_args_ipa(ansible_module, args, existing_resource):

+                    command = "dnsforwardzone_mod"

+                else:

+                    command = None

+

+                # enabled or disabled?

+                is_enabled = existing_resource["idnszoneactive"][0]

-            # enabled or disabled?

-            is_enabled = existing_resource["idnszoneactive"][0]

-

-        # if command is set then run it with the args

-        if command is not None:

-            api_command(ansible_module, command, name, args)

-            changed = True

+            elif existing_resource is None and operation == "add":

+                # does not exist but should be present

+                # determine args

+                args = gen_args(forwarders, forwardpolicy,

+                                skip_overlap_check)

+                # set command

+                command = "dnsforwardzone_add"

+                # enabled or disabled?

+                is_enabled = "TRUE"

+

+            elif existing_resource is not None and operation == "add":

+                # exists and should be present, has it changed?

+                # determine args

+                args = gen_args(forwarders, forwardpolicy, skip_overlap_check)

+                if skip_overlap_check is not None:

+                    del args['skip_overlap_check']

+

+                # set command

+                if not compare_args_ipa(ansible_module, args, existing_resource):

+                    command = "dnsforwardzone_mod"

+                else:

+                    command = None

+

+                # enabled or disabled?

+                is_enabled = existing_resource["idnszoneactive"][0]

-        # does the enabled state match what we want (if we care)

-        if is_enabled != "IGNORE":

-            if wants_enable and is_enabled != "TRUE":

-                api_command(ansible_module, "dnsforwardzone_enable",

-                            name, {})

-                changed = True

-            elif not wants_enable and is_enabled != "FALSE":

-                api_command(ansible_module, "dnsforwardzone_disable",

-                            name, {})

+            # if command is set then run it with the args

+            if command is not None:

+                api_command(ansible_module, command, name, args)

                 changed = True

+            # does the enabled state match what we want (if we care)

+            if is_enabled != "IGNORE":

+                if wants_enable and is_enabled != "TRUE":

+                    api_command(ansible_module, "dnsforwardzone_enable",

+                                name, {})

+                    changed = True

+                elif not wants_enable and is_enabled != "FALSE":

+                    api_command(ansible_module, "dnsforwardzone_disable",

+                                name, {})

+                    changed = True

+

     except Exception as e:

         ansible_module.fail_json(msg=str(e))

From 3f785bc0e9fe1ab3ad874ce4f26e6897189db8aa Mon Sep 17 00:00:00 2001

From: Rafael Guterres Jeffman <rjeffman@redhat.com>

Date: Wed, 10 Jun 2020 22:20:20 -0300

Subject: [PATCH] Fix error message when adding dnsforwardzone without

 forwarders.

---

 plugins/modules/ipadnsforwardzone.py         |  5 +++++

 tests/dnsforwardzone/test_dnsforwardzone.yml | 13 +++++++++++--

 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/plugins/modules/ipadnsforwardzone.py b/plugins/modules/ipadnsforwardzone.py

index b28f28db..3968e6a1 100644

--- a/plugins/modules/ipadnsforwardzone.py

+++ b/plugins/modules/ipadnsforwardzone.py

@@ -217,6 +217,11 @@ def main():

             # Make sure forwardzone exists

             existing_resource = find_dnsforwardzone(ansible_module, name)

+            # validate parameters

+            if state == 'present':

+                if existing_resource is None and not forwarders:

+                    ansible_module.fail_json(msg='No forwarders specified.')

+

             if existing_resource is None and operation == "update":

                 # does not exist and is updating

                 # trying to update something that doesn't exist, so error

diff --git a/tests/dnsforwardzone/test_dnsforwardzone.yml b/tests/dnsforwardzone/test_dnsforwardzone.yml

index ac08a48f..d94db9e5 100644

--- a/tests/dnsforwardzone/test_dnsforwardzone.yml

+++ b/tests/dnsforwardzone/test_dnsforwardzone.yml

@@ -5,10 +5,12 @@

   gather_facts: false

   tasks:

-  - name: ensure forwardzone example.com is absent - prep

+  - name: ensure test forwardzones are absent - prep

     ipadnsforwardzone:

       ipaadmin_password: SomeADMINpassword

-      name: example.com

+      name:

+      - example.com

+      - newfailzone.com

       state: absent

   - name: ensure forwardzone example.com is created

@@ -207,6 +209,13 @@

     register: result

     failed_when: result.changed

+  - name: Ensure forwardzone is not added without forwarders, with correct message.

+    ipadnsforwardzone:

+      ipaadmin_password: SomeADMINpassword

+      name: newfailzone.com

+    register: result

+    failed_when: not result.failed or "No forwarders specified" not in result.msg

+

   - name: ensure forwardzone example.com is absent - tidy up

     ipadnsforwardzone:

       ipaadmin_password: SomeADMINpassword

From 1d223c2b63634abe86f7702a64dd83c4fbc272ce Mon Sep 17 00:00:00 2001

From: Rafael Guterres Jeffman <rjeffman@redhat.com>

Date: Mon, 15 Jun 2020 16:14:25 -0300

Subject: [PATCH] Add support for attributes `ip_address` and `port` to

 `forwarders`.

This patch modify the was forwarders are configured, using two attributes,

`ip_address` and `port`, instead of IPA API internal string representation

of `IP port PORT`.

---

 README-dnsforwardzone.md                     |  6 ++-

 plugins/modules/ipadnsforwardzone.py         | 37 ++++++++++++++---

 tests/dnsforwardzone/test_dnsforwardzone.yml | 43 ++++++++++++--------

 3 files changed, 62 insertions(+), 24 deletions(-)

diff --git a/README-dnsforwardzone.md b/README-dnsforwardzone.md

index 81919295..15b2b574 100644

--- a/README-dnsforwardzone.md

+++ b/README-dnsforwardzone.md

@@ -99,8 +99,10 @@ Variable | Description | Required

 `ipaadmin_principal` | The admin principal is a string and defaults to `admin` | no

 `ipaadmin_password` | The admin password is a string and is required if there is no admin ticket available on the node | no

 `name` \| `cn` | Zone name (FQDN). | yes if `state` == `present`

-`forwarders` \| `idnsforwarders` |  Per-zone conditional forwarding policy. Possible values are `only`, `first`, `none`) | no

-`forwardpolicy` \| `idnsforwardpolicy` | Per-zone conditional forwarding policy. Set to "none" to disable forwarding to global forwarder for this zone. In that case, conditional zone forwarders are disregarded. | no

+`forwarders` \| `idnsforwarders` |  Per-zone forwarders. A custom port can be specified for each forwarder. Options | no

+  | `ip_address`: The forwarder IP address. | yes

+  | `port`: The forwarder IP port. | no

+`forwardpolicy` \| `idnsforwardpolicy` | Per-zone conditional forwarding policy. Possible values are `only`, `first`, `none`. Set to "none" to disable forwarding to global forwarder for this zone. In that case, conditional zone forwarders are disregarded. | no

 `skip_overlap_check` | Force DNS zone creation even if it will overlap with an existing zone. Defaults to False. | no

 `action` | Work on group or member level. It can be on of `member` or `dnsforwardzone` and defaults to `dnsforwardzone`. | no

 `state` | The state to ensure. It can be one of `present`, `absent`, `enabled` or `disabled`, default: `present`. | yes

diff --git a/plugins/modules/ipadnsforwardzone.py b/plugins/modules/ipadnsforwardzone.py

index 3968e6a1..8e5c3464 100644

--- a/plugins/modules/ipadnsforwardzone.py

+++ b/plugins/modules/ipadnsforwardzone.py

@@ -54,9 +54,16 @@

   forwarders:

     description:

     - List of the DNS servers to forward to

-    required: true

-    type: list

     aliases: ["idnsforwarders"]

+    options:

+      ip_address:

+        description: Forwarder IP address (either IPv4 or IPv6).

+        required: false

+        type: string

+      port:

+        description: Forwarder port.

+        required: false

+        type: int

   forwardpolicy:

     description: Per-zone conditional forwarding policy

     required: false

@@ -128,6 +135,20 @@ def gen_args(forwarders, forwardpolicy, skip_overlap_check):

     return _args

+def forwarder_list(forwarders):

+    """Convert the forwarder dict into a list compatible with IPA API."""

+    if forwarders is None:

+        return None

+    fwd_list = []

+    for forwarder in forwarders:

+        if forwarder.get('port', None) is not None:

+            formatter = "{ip_address} port {port}"

+        else:

+            formatter = "{ip_address}"

+        fwd_list.append(formatter.format(**forwarder))

+    return fwd_list

+

+

 def main():

     ansible_module = AnsibleModule(

         argument_spec=dict(

@@ -136,8 +157,13 @@ def main():

             ipaadmin_password=dict(type="str", required=False, no_log=True),

             name=dict(type="list", aliases=["cn"], default=None,

                       required=True),

-            forwarders=dict(type='list', aliases=["idnsforwarders"],

-                            required=False),

+            forwarders=dict(type="list", default=None, required=False,

+                            aliases=["idnsforwarders"], elements='dict',

+                            options=dict(

+                                 ip_address=dict(type='str', required=True),

+                                 port=dict(type='int', required=False,

+                                           default=None),

+                            )),

             forwardpolicy=dict(type='str', aliases=["idnsforwardpolicy"],

                                required=False,

                                choices=['only', 'first', 'none']),

@@ -160,7 +186,8 @@ def main():

                                           "ipaadmin_password")

     names = module_params_get(ansible_module, "name")

     action = module_params_get(ansible_module, "action")

-    forwarders = module_params_get(ansible_module, "forwarders")

+    forwarders = forwarder_list(

+        module_params_get(ansible_module, "forwarders"))

     forwardpolicy = module_params_get(ansible_module, "forwardpolicy")

     skip_overlap_check = module_params_get(ansible_module,

                                            "skip_overlap_check")

diff --git a/tests/dnsforwardzone/test_dnsforwardzone.yml b/tests/dnsforwardzone/test_dnsforwardzone.yml

index d94db9e5..468cd4ce 100644

--- a/tests/dnsforwardzone/test_dnsforwardzone.yml

+++ b/tests/dnsforwardzone/test_dnsforwardzone.yml

@@ -5,7 +5,7 @@

   gather_facts: false

   tasks:

-  - name: ensure test forwardzones are absent - prep

+  - name: ensure test forwardzones are absent

     ipadnsforwardzone:

       ipaadmin_password: SomeADMINpassword

       name:

@@ -19,7 +19,7 @@

       state: present

       name: example.com

       forwarders:

-        - 8.8.8.8

+        - ip_address: 8.8.8.8

       forwardpolicy: first

       skip_overlap_check: true

     register: result

@@ -31,7 +31,7 @@

       state: present

       name: example.com

       forwarders:

-        - 8.8.8.8

+        - ip_address: 8.8.8.8

       forwardpolicy: first

       skip_overlap_check: true

     register: result

@@ -43,19 +43,22 @@

       state: present

       name: example.com

       forwarders:

-        - 8.8.8.8

-        - 4.4.4.4

+        - ip_address: 8.8.8.8

+        - ip_address: 4.4.4.4

+          port: 8053

       forwardpolicy: first

       skip_overlap_check: true

     register: result

     failed_when: not result.changed

+  - pause:

+

   - name: ensure forwardzone example.com has one forwarder again

     ipadnsforwardzone:

       ipaadmin_password: SomeADMINpassword

       name: example.com

       forwarders:

-        - 8.8.8.8

+        - ip_address: 8.8.8.8

       forwardpolicy: first

       skip_overlap_check: true

       state: present

@@ -67,7 +70,7 @@

       ipaadmin_password: SomeADMINpassword

       name: example.com

       forwarders:

-        - 8.8.8.8

+        - ip_address: 8.8.8.8

       forwardpolicy: first

       skip_overlap_check: false

       state: present

@@ -80,8 +83,9 @@

       state: present

       name: example.com

       forwarders:

-        - 8.8.8.8

-        - 4.4.4.4

+        - ip_address: 8.8.8.8

+        - ip_address: 4.4.4.4

+          port: 8053

       forwardpolicy: only

       skip_overlap_check: false

     register: result

@@ -100,7 +104,7 @@

       name: example.com

       skip_overlap_check: true

       forwarders:

-        - 8.8.8.8

+        - ip_address: 8.8.8.8

     register: result

     failed_when: not result.changed

@@ -110,7 +114,8 @@

       state: present

       name: example.com

       forwarders:

-        - 4.4.4.4

+        - ip_address: 4.4.4.4

+          port: 8053

       action: member

     register: result

     failed_when: not result.changed

@@ -121,8 +126,9 @@

       state: present

       name: example.com

       forwarders:

-        - 4.4.4.4

-        - 8.8.8.8

+        - ip_address: 4.4.4.4

+          port: 8053

+        - ip_address: 8.8.8.8

       action: member

     register: result

     failed_when: result.changed

@@ -133,7 +139,7 @@

       state: absent

       name: example.com

       forwarders:

-        - 8.8.8.8

+        - ip_address: 8.8.8.8

       action: member

     register: result

     failed_when: not result.changed

@@ -144,7 +150,8 @@

       state: present

       name: example.com

       forwarders:

-        - 4.4.4.4

+        - ip_address: 4.4.4.4

+          port: 8053