|
|
fb9e9a |
From f0f933b4630bce810475a519e295828013d301d6 Mon Sep 17 00:00:00 2001
|
|
|
fb9e9a |
From: Rafael Guterres Jeffman <rjeffman@redhat.com>
|
|
|
fb9e9a |
Date: Wed, 10 Jun 2020 20:40:45 -0300
|
|
|
fb9e9a |
Subject: [PATCH] Changed admin password on tests to match other modules.
|
|
|
fb9e9a |
|
|
|
fb9e9a |
Use of the same password on all module tests ease test automation,
|
|
|
fb9e9a |
and this change ensure that dnsforwardzone use the same password as
|
|
|
fb9e9a |
other modules.
|
|
|
fb9e9a |
---
|
|
|
fb9e9a |
tests/dnsforwardzone/test_dnsforwardzone.yml | 42 ++++++++++----------
|
|
|
fb9e9a |
1 file changed, 21 insertions(+), 21 deletions(-)
|
|
|
fb9e9a |
|
|
|
fb9e9a |
diff --git a/tests/dnsforwardzone/test_dnsforwardzone.yml b/tests/dnsforwardzone/test_dnsforwardzone.yml
|
|
|
fb9e9a |
index 1a45e826..ac08a48f 100644
|
|
|
fb9e9a |
--- a/tests/dnsforwardzone/test_dnsforwardzone.yml
|
|
|
fb9e9a |
+++ b/tests/dnsforwardzone/test_dnsforwardzone.yml
|
|
|
fb9e9a |
@@ -7,13 +7,13 @@
|
|
|
fb9e9a |
tasks:
|
|
|
fb9e9a |
- name: ensure forwardzone example.com is absent - prep
|
|
|
fb9e9a |
ipadnsforwardzone:
|
|
|
fb9e9a |
- ipaadmin_password: password01
|
|
|
fb9e9a |
+ ipaadmin_password: SomeADMINpassword
|
|
|
fb9e9a |
name: example.com
|
|
|
fb9e9a |
state: absent
|
|
|
fb9e9a |
|
|
|
fb9e9a |
- name: ensure forwardzone example.com is created
|
|
|
fb9e9a |
ipadnsforwardzone:
|
|
|
fb9e9a |
- ipaadmin_password: password01
|
|
|
fb9e9a |
+ ipaadmin_password: SomeADMINpassword
|
|
|
fb9e9a |
state: present
|
|
|
fb9e9a |
name: example.com
|
|
|
fb9e9a |
forwarders:
|
|
|
fb9e9a |
@@ -25,7 +25,7 @@
|
|
|
fb9e9a |
|
|
|
fb9e9a |
- name: ensure forwardzone example.com is present again
|
|
|
fb9e9a |
ipadnsforwardzone:
|
|
|
fb9e9a |
- ipaadmin_password: password01
|
|
|
fb9e9a |
+ ipaadmin_password: SomeADMINpassword
|
|
|
fb9e9a |
state: present
|
|
|
fb9e9a |
name: example.com
|
|
|
fb9e9a |
forwarders:
|
|
|
fb9e9a |
@@ -37,7 +37,7 @@
|
|
|
fb9e9a |
|
|
|
fb9e9a |
- name: ensure forwardzone example.com has two forwarders
|
|
|
fb9e9a |
ipadnsforwardzone:
|
|
|
fb9e9a |
- ipaadmin_password: password01
|
|
|
fb9e9a |
+ ipaadmin_password: SomeADMINpassword
|
|
|
fb9e9a |
state: present
|
|
|
fb9e9a |
name: example.com
|
|
|
fb9e9a |
forwarders:
|
|
|
fb9e9a |
@@ -50,7 +50,7 @@
|
|
|
fb9e9a |
|
|
|
fb9e9a |
- name: ensure forwardzone example.com has one forwarder again
|
|
|
fb9e9a |
ipadnsforwardzone:
|
|
|
fb9e9a |
- ipaadmin_password: password01
|
|
|
fb9e9a |
+ ipaadmin_password: SomeADMINpassword
|
|
|
fb9e9a |
name: example.com
|
|
|
fb9e9a |
forwarders:
|
|
|
fb9e9a |
- 8.8.8.8
|
|
|
fb9e9a |
@@ -62,7 +62,7 @@
|
|
|
fb9e9a |
|
|
|
fb9e9a |
- name: skip_overlap_check can only be set on creation so change nothing
|
|
|
fb9e9a |
ipadnsforwardzone:
|
|
|
fb9e9a |
- ipaadmin_password: password01
|
|
|
fb9e9a |
+ ipaadmin_password: SomeADMINpassword
|
|
|
fb9e9a |
name: example.com
|
|
|
fb9e9a |
forwarders:
|
|
|
fb9e9a |
- 8.8.8.8
|
|
|
fb9e9a |
@@ -74,7 +74,7 @@
|
|
|
fb9e9a |
|
|
|
fb9e9a |
- name: change all the things at once
|
|
|
fb9e9a |
ipadnsforwardzone:
|
|
|
fb9e9a |
- ipaadmin_password: password01
|
|
|
fb9e9a |
+ ipaadmin_password: SomeADMINpassword
|
|
|
fb9e9a |
state: present
|
|
|
fb9e9a |
name: example.com
|
|
|
fb9e9a |
forwarders:
|
|
|
fb9e9a |
@@ -87,13 +87,13 @@
|
|
|
fb9e9a |
|
|
|
fb9e9a |
- name: ensure forwardzone example.com is absent for next testset
|
|
|
fb9e9a |
ipadnsforwardzone:
|
|
|
fb9e9a |
- ipaadmin_password: password01
|
|
|
fb9e9a |
+ ipaadmin_password: SomeADMINpassword
|
|
|
fb9e9a |
name: example.com
|
|
|
fb9e9a |
state: absent
|
|
|
fb9e9a |
|
|
|
fb9e9a |
- name: ensure forwardzone example.com is created with minimal args
|
|
|
fb9e9a |
ipadnsforwardzone:
|
|
|
fb9e9a |
- ipaadmin_password: password01
|
|
|
fb9e9a |
+ ipaadmin_password: SomeADMINpassword
|
|
|
fb9e9a |
state: present
|
|
|
fb9e9a |
name: example.com
|
|
|
fb9e9a |
skip_overlap_check: true
|
|
|
fb9e9a |
@@ -104,7 +104,7 @@
|
|
|
fb9e9a |
|
|
|
fb9e9a |
- name: add a forwarder to any existing ones
|
|
|
fb9e9a |
ipadnsforwardzone:
|
|
|
fb9e9a |
- ipaadmin_password: password01
|
|
|
fb9e9a |
+ ipaadmin_password: SomeADMINpassword
|
|
|
fb9e9a |
state: present
|
|
|
fb9e9a |
name: example.com
|
|
|
fb9e9a |
forwarders:
|
|
|
fb9e9a |
@@ -115,7 +115,7 @@
|
|
|
fb9e9a |
|
|
|
fb9e9a |
- name: check the list of forwarders is what we expect
|
|
|
fb9e9a |
ipadnsforwardzone:
|
|
|
fb9e9a |
- ipaadmin_password: password01
|
|
|
fb9e9a |
+ ipaadmin_password: SomeADMINpassword
|
|
|
fb9e9a |
state: present
|
|
|
fb9e9a |
name: example.com
|
|
|
fb9e9a |
forwarders:
|
|
|
fb9e9a |
@@ -127,7 +127,7 @@
|
|
|
fb9e9a |
|
|
|
fb9e9a |
- name: remove a single forwarder
|
|
|
fb9e9a |
ipadnsforwardzone:
|
|
|
fb9e9a |
- ipaadmin_password: password01
|
|
|
fb9e9a |
+ ipaadmin_password: SomeADMINpassword
|
|
|
fb9e9a |
state: absent
|
|
|
fb9e9a |
name: example.com
|
|
|
fb9e9a |
forwarders:
|
|
|
fb9e9a |
@@ -138,7 +138,7 @@
|
|
|
fb9e9a |
|
|
|
fb9e9a |
- name: check the list of forwarders is what we expect now
|
|
|
fb9e9a |
ipadnsforwardzone:
|
|
|
fb9e9a |
- ipaadmin_password: password01
|
|
|
fb9e9a |
+ ipaadmin_password: SomeADMINpassword
|
|
|
fb9e9a |
state: present
|
|
|
fb9e9a |
name: example.com
|
|
|
fb9e9a |
forwarders:
|
|
|
fb9e9a |
@@ -149,13 +149,13 @@
|
|
|
fb9e9a |
|
|
|
fb9e9a |
- name: ensure forwardzone example.com is absent again
|
|
|
fb9e9a |
ipadnsforwardzone:
|
|
|
fb9e9a |
- ipaadmin_password: password01
|
|
|
fb9e9a |
+ ipaadmin_password: SomeADMINpassword
|
|
|
fb9e9a |
name: example.com
|
|
|
fb9e9a |
state: absent
|
|
|
fb9e9a |
|
|
|
fb9e9a |
- name: try to create a new forwarder with action=member
|
|
|
fb9e9a |
ipadnsforwardzone:
|
|
|
fb9e9a |
- ipaadmin_password: password01
|
|
|
fb9e9a |
+ ipaadmin_password: SomeADMINpassword
|
|
|
fb9e9a |
state: present
|
|
|
fb9e9a |
name: example.com
|
|
|
fb9e9a |
forwarders:
|
|
|
fb9e9a |
@@ -167,13 +167,13 @@
|
|
|
fb9e9a |
|
|
|
fb9e9a |
- name: ensure forwardzone example.com is absent - tidy up
|
|
|
fb9e9a |
ipadnsforwardzone:
|
|
|
fb9e9a |
- ipaadmin_password: password01
|
|
|
fb9e9a |
+ ipaadmin_password: SomeADMINpassword
|
|
|
fb9e9a |
name: example.com
|
|
|
fb9e9a |
state: absent
|
|
|
fb9e9a |
|
|
|
fb9e9a |
- name: try to create a new forwarder is disabled state
|
|
|
fb9e9a |
ipadnsforwardzone:
|
|
|
fb9e9a |
- ipaadmin_password: password01
|
|
|
fb9e9a |
+ ipaadmin_password: SomeADMINpassword
|
|
|
fb9e9a |
state: disabled
|
|
|
fb9e9a |
name: example.com
|
|
|
fb9e9a |
forwarders:
|
|
|
fb9e9a |
@@ -184,7 +184,7 @@
|
|
|
fb9e9a |
|
|
|
fb9e9a |
- name: enable the forwarder
|
|
|
fb9e9a |
ipadnsforwardzone:
|
|
|
fb9e9a |
- ipaadmin_password: password01
|
|
|
fb9e9a |
+ ipaadmin_password: SomeADMINpassword
|
|
|
fb9e9a |
name: example.com
|
|
|
fb9e9a |
state: enabled
|
|
|
fb9e9a |
register: result
|
|
|
fb9e9a |
@@ -192,7 +192,7 @@
|
|
|
fb9e9a |
|
|
|
fb9e9a |
- name: disable the forwarder again
|
|
|
fb9e9a |
ipadnsforwardzone:
|
|
|
fb9e9a |
- ipaadmin_password: password01
|
|
|
fb9e9a |
+ ipaadmin_password: SomeADMINpassword
|
|
|
fb9e9a |
name: example.com
|
|
|
fb9e9a |
state: disabled
|
|
|
fb9e9a |
action: member
|
|
|
fb9e9a |
@@ -201,7 +201,7 @@
|
|
|
fb9e9a |
|
|
|
fb9e9a |
- name: ensure it stays disabled
|
|
|
fb9e9a |
ipadnsforwardzone:
|
|
|
fb9e9a |
- ipaadmin_password: password01
|
|
|
fb9e9a |
+ ipaadmin_password: SomeADMINpassword
|
|
|
fb9e9a |
name: example.com
|
|
|
fb9e9a |
state: disabled
|
|
|
fb9e9a |
register: result
|
|
|
fb9e9a |
@@ -209,6 +209,6 @@
|
|
|
fb9e9a |
|
|
|
fb9e9a |
- name: ensure forwardzone example.com is absent - tidy up
|
|
|
fb9e9a |
ipadnsforwardzone:
|
|
|
fb9e9a |
- ipaadmin_password: password01
|
|
|
fb9e9a |
+ ipaadmin_password: SomeADMINpassword
|
|
|
fb9e9a |
name: example.com
|
|
|
fb9e9a |
state: absent
|
|
|
fb9e9a |
From f8ebca760dbaaf38c7b74b0c855b05d26e9cb812 Mon Sep 17 00:00:00 2001
|
|
|
fb9e9a |
From: Rafael Guterres Jeffman <rjeffman@redhat.com>
|
|
|
fb9e9a |
Date: Wed, 10 Jun 2020 22:14:27 -0300
|
|
|
fb9e9a |
Subject: [PATCH] Allow processing of multiple names for deleting
|
|
|
fb9e9a |
dnsforwardzones.
|
|
|
fb9e9a |
|
|
|
fb9e9a |
---
|
|
|
fb9e9a |
plugins/modules/ipadnsforwardzone.py | 189 ++++++++++++++-------------
|
|
|
fb9e9a |
1 file changed, 98 insertions(+), 91 deletions(-)
|
|
|
fb9e9a |
|
|
|
fb9e9a |
diff --git a/plugins/modules/ipadnsforwardzone.py b/plugins/modules/ipadnsforwardzone.py
|
|
|
fb9e9a |
index 90bd3876..b28f28db 100644
|
|
|
fb9e9a |
--- a/plugins/modules/ipadnsforwardzone.py
|
|
|
fb9e9a |
+++ b/plugins/modules/ipadnsforwardzone.py
|
|
|
fb9e9a |
@@ -134,7 +134,7 @@ def main():
|
|
|
fb9e9a |
# general
|
|
|
fb9e9a |
ipaadmin_principal=dict(type="str", default="admin"),
|
|
|
fb9e9a |
ipaadmin_password=dict(type="str", required=False, no_log=True),
|
|
|
fb9e9a |
- name=dict(type="str", aliases=["cn"], default=None,
|
|
|
fb9e9a |
+ name=dict(type="list", aliases=["cn"], default=None,
|
|
|
fb9e9a |
required=True),
|
|
|
fb9e9a |
forwarders=dict(type='list', aliases=["idnsforwarders"],
|
|
|
fb9e9a |
required=False),
|
|
|
fb9e9a |
@@ -158,7 +158,7 @@ def main():
|
|
|
fb9e9a |
"ipaadmin_principal")
|
|
|
fb9e9a |
ipaadmin_password = module_params_get(ansible_module,
|
|
|
fb9e9a |
"ipaadmin_password")
|
|
|
fb9e9a |
- name = module_params_get(ansible_module, "name")
|
|
|
fb9e9a |
+ names = module_params_get(ansible_module, "name")
|
|
|
fb9e9a |
action = module_params_get(ansible_module, "action")
|
|
|
fb9e9a |
forwarders = module_params_get(ansible_module, "forwarders")
|
|
|
fb9e9a |
forwardpolicy = module_params_get(ansible_module, "forwardpolicy")
|
|
|
fb9e9a |
@@ -166,6 +166,12 @@ def main():
|
|
|
fb9e9a |
"skip_overlap_check")
|
|
|
fb9e9a |
state = module_params_get(ansible_module, "state")
|
|
|
fb9e9a |
|
|
|
fb9e9a |
+ if state == 'present' and len(names) != 1:
|
|
|
fb9e9a |
+ ansible_module.fail_json(
|
|
|
fb9e9a |
+ msg="Only one dnsforwardzone can be added at a time.")
|
|
|
fb9e9a |
+ if state == 'absent' and len(names) < 1:
|
|
|
fb9e9a |
+ ansible_module.fail_json(msg="No name given.")
|
|
|
fb9e9a |
+
|
|
|
fb9e9a |
# absent stae means delete if the action is NOT member but update if it is
|
|
|
fb9e9a |
# if action is member then update an exisiting resource
|
|
|
fb9e9a |
# and if action is not member then create a resource
|
|
|
fb9e9a |
@@ -207,101 +213,102 @@ def main():
|
|
|
fb9e9a |
ipaadmin_password)
|
|
|
fb9e9a |
api_connect()
|
|
|
fb9e9a |
|
|
|
fb9e9a |
- # Make sure forwardzone exists
|
|
|
fb9e9a |
- existing_resource = find_dnsforwardzone(ansible_module, name)
|
|
|
fb9e9a |
-
|
|
|
fb9e9a |
- if existing_resource is None and operation == "update":
|
|
|
fb9e9a |
- # does not exist and is updating
|
|
|
fb9e9a |
- # trying to update something that doesn't exist, so error
|
|
|
fb9e9a |
- ansible_module.fail_json(msg="""dnsforwardzone '%s' is not
|
|
|
fb9e9a |
- valid""" % (name))
|
|
|
fb9e9a |
- elif existing_resource is None and operation == "del":
|
|
|
fb9e9a |
- # does not exists and should be absent
|
|
|
fb9e9a |
- # set command
|
|
|
fb9e9a |
- command = None
|
|
|
fb9e9a |
- # enabled or disabled?
|
|
|
fb9e9a |
- is_enabled = "IGNORE"
|
|
|
fb9e9a |
- elif existing_resource is not None and operation == "del":
|
|
|
fb9e9a |
- # exists but should be absent
|
|
|
fb9e9a |
- # set command
|
|
|
fb9e9a |
- command = "dnsforwardzone_del"
|
|
|
fb9e9a |
- # enabled or disabled?
|
|
|
fb9e9a |
- is_enabled = "IGNORE"
|
|
|
fb9e9a |
- elif forwarders is None:
|
|
|
fb9e9a |
- # forwarders are not defined its not a delete, update state?
|
|
|
fb9e9a |
- # set command
|
|
|
fb9e9a |
- command = None
|
|
|
fb9e9a |
- # enabled or disabled?
|
|
|
fb9e9a |
- if existing_resource is not None:
|
|
|
fb9e9a |
- is_enabled = existing_resource["idnszoneactive"][0]
|
|
|
fb9e9a |
- else:
|
|
|
fb9e9a |
- is_enabled = "IGNORE"
|
|
|
fb9e9a |
- elif existing_resource is not None and operation == "update":
|
|
|
fb9e9a |
- # exists and is updating
|
|
|
fb9e9a |
- # calculate the new forwarders and mod
|
|
|
fb9e9a |
- # determine args
|
|
|
fb9e9a |
- if state != "absent":
|
|
|
fb9e9a |
- forwarders = list(set(existing_resource["idnsforwarders"]
|
|
|
fb9e9a |
- + forwarders))
|
|
|
fb9e9a |
- else:
|
|
|
fb9e9a |
- forwarders = list(set(existing_resource["idnsforwarders"])
|
|
|
fb9e9a |
- - set(forwarders))
|
|
|
fb9e9a |
- args = gen_args(forwarders, forwardpolicy,
|
|
|
fb9e9a |
- skip_overlap_check)
|
|
|
fb9e9a |
- if skip_overlap_check is not None:
|
|
|
fb9e9a |
- del args['skip_overlap_check']
|
|
|
fb9e9a |
-
|
|
|
fb9e9a |
- # command
|
|
|
fb9e9a |
- if not compare_args_ipa(ansible_module, args, existing_resource):
|
|
|
fb9e9a |
- command = "dnsforwardzone_mod"
|
|
|
fb9e9a |
- else:
|
|
|
fb9e9a |
+ for name in names:
|
|
|
fb9e9a |
+ # Make sure forwardzone exists
|
|
|
fb9e9a |
+ existing_resource = find_dnsforwardzone(ansible_module, name)
|
|
|
fb9e9a |
+
|
|
|
fb9e9a |
+ if existing_resource is None and operation == "update":
|
|
|
fb9e9a |
+ # does not exist and is updating
|
|
|
fb9e9a |
+ # trying to update something that doesn't exist, so error
|
|
|
fb9e9a |
+ ansible_module.fail_json(msg="""dnsforwardzone '%s' is not
|
|
|
fb9e9a |
+ valid""" % (name))
|
|
|
fb9e9a |
+ elif existing_resource is None and operation == "del":
|
|
|
fb9e9a |
+ # does not exists and should be absent
|
|
|
fb9e9a |
+ # set command
|
|
|
fb9e9a |
command = None
|
|
|
fb9e9a |
-
|
|
|
fb9e9a |
- # enabled or disabled?
|
|
|
fb9e9a |
- is_enabled = existing_resource["idnszoneactive"][0]
|
|
|
fb9e9a |
-
|
|
|
fb9e9a |
- elif existing_resource is None and operation == "add":
|
|
|
fb9e9a |
- # does not exist but should be present
|
|
|
fb9e9a |
- # determine args
|
|
|
fb9e9a |
- args = gen_args(forwarders, forwardpolicy,
|
|
|
fb9e9a |
- skip_overlap_check)
|
|
|
fb9e9a |
- # set command
|
|
|
fb9e9a |
- command = "dnsforwardzone_add"
|
|
|
fb9e9a |
- # enabled or disabled?
|
|
|
fb9e9a |
- is_enabled = "TRUE"
|
|
|
fb9e9a |
-
|
|
|
fb9e9a |
- elif existing_resource is not None and operation == "add":
|
|
|
fb9e9a |
- # exists and should be present, has it changed?
|
|
|
fb9e9a |
- # determine args
|
|
|
fb9e9a |
- args = gen_args(forwarders, forwardpolicy, skip_overlap_check)
|
|
|
fb9e9a |
- if skip_overlap_check is not None:
|
|
|
fb9e9a |
- del args['skip_overlap_check']
|
|
|
fb9e9a |
-
|
|
|
fb9e9a |
- # set command
|
|
|
fb9e9a |
- if not compare_args_ipa(ansible_module, args, existing_resource):
|
|
|
fb9e9a |
- command = "dnsforwardzone_mod"
|
|
|
fb9e9a |
- else:
|
|
|
fb9e9a |
+ # enabled or disabled?
|
|
|
fb9e9a |
+ is_enabled = "IGNORE"
|
|
|
fb9e9a |
+ elif existing_resource is not None and operation == "del":
|
|
|
fb9e9a |
+ # exists but should be absent
|
|
|
fb9e9a |
+ # set command
|
|
|
fb9e9a |
+ command = "dnsforwardzone_del"
|
|
|
fb9e9a |
+ # enabled or disabled?
|
|
|
fb9e9a |
+ is_enabled = "IGNORE"
|
|
|
fb9e9a |
+ elif forwarders is None:
|
|
|
fb9e9a |
+ # forwarders are not defined its not a delete, update state?
|
|
|
fb9e9a |
+ # set command
|
|
|
fb9e9a |
command = None
|
|
|
fb9e9a |
+ # enabled or disabled?
|
|
|
fb9e9a |
+ if existing_resource is not None:
|
|
|
fb9e9a |
+ is_enabled = existing_resource["idnszoneactive"][0]
|
|
|
fb9e9a |
+ else:
|
|
|
fb9e9a |
+ is_enabled = "IGNORE"
|
|
|
fb9e9a |
+ elif existing_resource is not None and operation == "update":
|
|
|
fb9e9a |
+ # exists and is updating
|
|
|
fb9e9a |
+ # calculate the new forwarders and mod
|
|
|
fb9e9a |
+ # determine args
|
|
|
fb9e9a |
+ if state != "absent":
|
|
|
fb9e9a |
+ forwarders = list(set(existing_resource["idnsforwarders"]
|
|
|
fb9e9a |
+ + forwarders))
|
|
|
fb9e9a |
+ else:
|
|
|
fb9e9a |
+ forwarders = list(set(existing_resource["idnsforwarders"])
|
|
|
fb9e9a |
+ - set(forwarders))
|
|
|
fb9e9a |
+ args = gen_args(forwarders, forwardpolicy,
|
|
|
fb9e9a |
+ skip_overlap_check)
|
|
|
fb9e9a |
+ if skip_overlap_check is not None:
|
|
|
fb9e9a |
+ del args['skip_overlap_check']
|
|
|
fb9e9a |
+
|
|
|
fb9e9a |
+ # command
|
|
|
fb9e9a |
+ if not compare_args_ipa(ansible_module, args, existing_resource):
|
|
|
fb9e9a |
+ command = "dnsforwardzone_mod"
|
|
|
fb9e9a |
+ else:
|
|
|
fb9e9a |
+ command = None
|
|
|
fb9e9a |
+
|
|
|
fb9e9a |
+ # enabled or disabled?
|
|
|
fb9e9a |
+ is_enabled = existing_resource["idnszoneactive"][0]
|
|
|
fb9e9a |
|
|
|
fb9e9a |
- # enabled or disabled?
|
|
|
fb9e9a |
- is_enabled = existing_resource["idnszoneactive"][0]
|
|
|
fb9e9a |
-
|
|
|
fb9e9a |
- # if command is set then run it with the args
|
|
|
fb9e9a |
- if command is not None:
|
|
|
fb9e9a |
- api_command(ansible_module, command, name, args)
|
|
|
fb9e9a |
- changed = True
|
|
|
fb9e9a |
+ elif existing_resource is None and operation == "add":
|
|
|
fb9e9a |
+ # does not exist but should be present
|
|
|
fb9e9a |
+ # determine args
|
|
|
fb9e9a |
+ args = gen_args(forwarders, forwardpolicy,
|
|
|
fb9e9a |
+ skip_overlap_check)
|
|
|
fb9e9a |
+ # set command
|
|
|
fb9e9a |
+ command = "dnsforwardzone_add"
|
|
|
fb9e9a |
+ # enabled or disabled?
|
|
|
fb9e9a |
+ is_enabled = "TRUE"
|
|
|
fb9e9a |
+
|
|
|
fb9e9a |
+ elif existing_resource is not None and operation == "add":
|
|
|
fb9e9a |
+ # exists and should be present, has it changed?
|
|
|
fb9e9a |
+ # determine args
|
|
|
fb9e9a |
+ args = gen_args(forwarders, forwardpolicy, skip_overlap_check)
|
|
|
fb9e9a |
+ if skip_overlap_check is not None:
|
|
|
fb9e9a |
+ del args['skip_overlap_check']
|
|
|
fb9e9a |
+
|
|
|
fb9e9a |
+ # set command
|
|
|
fb9e9a |
+ if not compare_args_ipa(ansible_module, args, existing_resource):
|
|
|
fb9e9a |
+ command = "dnsforwardzone_mod"
|
|
|
fb9e9a |
+ else:
|
|
|
fb9e9a |
+ command = None
|
|
|
fb9e9a |
+
|
|
|
fb9e9a |
+ # enabled or disabled?
|
|
|
fb9e9a |
+ is_enabled = existing_resource["idnszoneactive"][0]
|
|
|
fb9e9a |
|
|
|
fb9e9a |
- # does the enabled state match what we want (if we care)
|
|
|
fb9e9a |
- if is_enabled != "IGNORE":
|
|
|
fb9e9a |
- if wants_enable and is_enabled != "TRUE":
|
|
|
fb9e9a |
- api_command(ansible_module, "dnsforwardzone_enable",
|
|
|
fb9e9a |
- name, {})
|
|
|
fb9e9a |
- changed = True
|
|
|
fb9e9a |
- elif not wants_enable and is_enabled != "FALSE":
|
|
|
fb9e9a |
- api_command(ansible_module, "dnsforwardzone_disable",
|
|
|
fb9e9a |
- name, {})
|
|
|
fb9e9a |
+ # if command is set then run it with the args
|
|
|
fb9e9a |
+ if command is not None:
|
|
|
fb9e9a |
+ api_command(ansible_module, command, name, args)
|
|
|
fb9e9a |
changed = True
|
|
|
fb9e9a |
|
|
|
fb9e9a |
+ # does the enabled state match what we want (if we care)
|
|
|
fb9e9a |
+ if is_enabled != "IGNORE":
|
|
|
fb9e9a |
+ if wants_enable and is_enabled != "TRUE":
|
|
|
fb9e9a |
+ api_command(ansible_module, "dnsforwardzone_enable",
|
|
|
fb9e9a |
+ name, {})
|
|
|
fb9e9a |
+ changed = True
|
|
|
fb9e9a |
+ elif not wants_enable and is_enabled != "FALSE":
|
|
|
fb9e9a |
+ api_command(ansible_module, "dnsforwardzone_disable",
|
|
|
fb9e9a |
+ name, {})
|
|
|
fb9e9a |
+ changed = True
|
|
|
fb9e9a |
+
|
|
|
fb9e9a |
except Exception as e:
|
|
|
fb9e9a |
ansible_module.fail_json(msg=str(e))
|
|
|
fb9e9a |
|
|
|
fb9e9a |
From 3f785bc0e9fe1ab3ad874ce4f26e6897189db8aa Mon Sep 17 00:00:00 2001
|
|
|
fb9e9a |
From: Rafael Guterres Jeffman <rjeffman@redhat.com>
|
|
|
fb9e9a |
Date: Wed, 10 Jun 2020 22:20:20 -0300
|
|
|
fb9e9a |
Subject: [PATCH] Fix error message when adding dnsforwardzone without
|
|
|
fb9e9a |
forwarders.
|
|
|
fb9e9a |
|
|
|
fb9e9a |
---
|
|
|
fb9e9a |
plugins/modules/ipadnsforwardzone.py | 5 +++++
|
|
|
fb9e9a |
tests/dnsforwardzone/test_dnsforwardzone.yml | 13 +++++++++++--
|
|
|
fb9e9a |
2 files changed, 16 insertions(+), 2 deletions(-)
|
|
|
fb9e9a |
|
|
|
fb9e9a |
diff --git a/plugins/modules/ipadnsforwardzone.py b/plugins/modules/ipadnsforwardzone.py
|
|
|
fb9e9a |
index b28f28db..3968e6a1 100644
|
|
|
fb9e9a |
--- a/plugins/modules/ipadnsforwardzone.py
|
|
|
fb9e9a |
+++ b/plugins/modules/ipadnsforwardzone.py
|
|
|
fb9e9a |
@@ -217,6 +217,11 @@ def main():
|
|
|
fb9e9a |
# Make sure forwardzone exists
|
|
|
fb9e9a |
existing_resource = find_dnsforwardzone(ansible_module, name)
|
|
|
fb9e9a |
|
|
|
fb9e9a |
+ # validate parameters
|
|
|
fb9e9a |
+ if state == 'present':
|
|
|
fb9e9a |
+ if existing_resource is None and not forwarders:
|
|
|
fb9e9a |
+ ansible_module.fail_json(msg='No forwarders specified.')
|
|
|
fb9e9a |
+
|
|
|
fb9e9a |
if existing_resource is None and operation == "update":
|
|
|
fb9e9a |
# does not exist and is updating
|
|
|
fb9e9a |
# trying to update something that doesn't exist, so error
|
|
|
fb9e9a |
diff --git a/tests/dnsforwardzone/test_dnsforwardzone.yml b/tests/dnsforwardzone/test_dnsforwardzone.yml
|
|
|
fb9e9a |
index ac08a48f..d94db9e5 100644
|
|
|
fb9e9a |
--- a/tests/dnsforwardzone/test_dnsforwardzone.yml
|
|
|
fb9e9a |
+++ b/tests/dnsforwardzone/test_dnsforwardzone.yml
|
|
|
fb9e9a |
@@ -5,10 +5,12 @@
|
|
|
fb9e9a |
gather_facts: false
|
|
|
fb9e9a |
|
|
|
fb9e9a |
tasks:
|
|
|
fb9e9a |
- - name: ensure forwardzone example.com is absent - prep
|
|
|
fb9e9a |
+ - name: ensure test forwardzones are absent - prep
|
|
|
fb9e9a |
ipadnsforwardzone:
|
|
|
fb9e9a |
ipaadmin_password: SomeADMINpassword
|
|
|
fb9e9a |
- name: example.com
|
|
|
fb9e9a |
+ name:
|
|
|
fb9e9a |
+ - example.com
|
|
|
fb9e9a |
+ - newfailzone.com
|
|
|
fb9e9a |
state: absent
|
|
|
fb9e9a |
|
|
|
fb9e9a |
- name: ensure forwardzone example.com is created
|
|
|
fb9e9a |
@@ -207,6 +209,13 @@
|
|
|
fb9e9a |
register: result
|
|
|
fb9e9a |
failed_when: result.changed
|
|
|
fb9e9a |
|
|
|
fb9e9a |
+ - name: Ensure forwardzone is not added without forwarders, with correct message.
|
|
|
fb9e9a |
+ ipadnsforwardzone:
|
|
|
fb9e9a |
+ ipaadmin_password: SomeADMINpassword
|
|
|
fb9e9a |
+ name: newfailzone.com
|
|
|
fb9e9a |
+ register: result
|
|
|
fb9e9a |
+ failed_when: not result.failed or "No forwarders specified" not in result.msg
|
|
|
fb9e9a |
+
|
|
|
fb9e9a |
- name: ensure forwardzone example.com is absent - tidy up
|
|
|
fb9e9a |
ipadnsforwardzone:
|
|
|
fb9e9a |
ipaadmin_password: SomeADMINpassword
|
|
|
fb9e9a |
From 1d223c2b63634abe86f7702a64dd83c4fbc272ce Mon Sep 17 00:00:00 2001
|
|
|
fb9e9a |
From: Rafael Guterres Jeffman <rjeffman@redhat.com>
|
|
|
fb9e9a |
Date: Mon, 15 Jun 2020 16:14:25 -0300
|
|
|
fb9e9a |
Subject: [PATCH] Add support for attributes `ip_address` and `port` to
|
|
|
fb9e9a |
`forwarders`.
|
|
|
fb9e9a |
|
|
|
fb9e9a |
This patch modify the was forwarders are configured, using two attributes,
|
|
|
fb9e9a |
`ip_address` and `port`, instead of IPA API internal string representation
|
|
|
fb9e9a |
of `IP port PORT`.
|
|
|
fb9e9a |
---
|
|
|
fb9e9a |
README-dnsforwardzone.md | 6 ++-
|
|
|
fb9e9a |
plugins/modules/ipadnsforwardzone.py | 37 ++++++++++++++---
|
|
|
fb9e9a |
tests/dnsforwardzone/test_dnsforwardzone.yml | 43 ++++++++++++--------
|
|
|
fb9e9a |
3 files changed, 62 insertions(+), 24 deletions(-)
|
|
|
fb9e9a |
|
|
|
fb9e9a |
diff --git a/README-dnsforwardzone.md b/README-dnsforwardzone.md
|
|
|
fb9e9a |
index 81919295..15b2b574 100644
|
|
|
fb9e9a |
--- a/README-dnsforwardzone.md
|
|
|
fb9e9a |
+++ b/README-dnsforwardzone.md
|
|
|
fb9e9a |
@@ -99,8 +99,10 @@ Variable | Description | Required
|
|
|
fb9e9a |
`ipaadmin_principal` | The admin principal is a string and defaults to `admin` | no
|
|
|
fb9e9a |
`ipaadmin_password` | The admin password is a string and is required if there is no admin ticket available on the node | no
|
|
|
fb9e9a |
`name` \| `cn` | Zone name (FQDN). | yes if `state` == `present`
|
|
|
fb9e9a |
-`forwarders` \| `idnsforwarders` | Per-zone conditional forwarding policy. Possible values are `only`, `first`, `none`) | no
|
|
|
fb9e9a |
-`forwardpolicy` \| `idnsforwardpolicy` | Per-zone conditional forwarding policy. Set to "none" to disable forwarding to global forwarder for this zone. In that case, conditional zone forwarders are disregarded. | no
|
|
|
fb9e9a |
+`forwarders` \| `idnsforwarders` | Per-zone forwarders. A custom port can be specified for each forwarder. Options | no
|
|
|
fb9e9a |
+ | `ip_address`: The forwarder IP address. | yes
|
|
|
fb9e9a |
+ | `port`: The forwarder IP port. | no
|
|
|
fb9e9a |
+`forwardpolicy` \| `idnsforwardpolicy` | Per-zone conditional forwarding policy. Possible values are `only`, `first`, `none`. Set to "none" to disable forwarding to global forwarder for this zone. In that case, conditional zone forwarders are disregarded. | no
|
|
|
fb9e9a |
`skip_overlap_check` | Force DNS zone creation even if it will overlap with an existing zone. Defaults to False. | no
|
|
|
fb9e9a |
`action` | Work on group or member level. It can be on of `member` or `dnsforwardzone` and defaults to `dnsforwardzone`. | no
|
|
|
fb9e9a |
`state` | The state to ensure. It can be one of `present`, `absent`, `enabled` or `disabled`, default: `present`. | yes
|
|
|
fb9e9a |
diff --git a/plugins/modules/ipadnsforwardzone.py b/plugins/modules/ipadnsforwardzone.py
|
|
|
fb9e9a |
index 3968e6a1..8e5c3464 100644
|
|
|
fb9e9a |
--- a/plugins/modules/ipadnsforwardzone.py
|
|
|
fb9e9a |
+++ b/plugins/modules/ipadnsforwardzone.py
|
|
|
fb9e9a |
@@ -54,9 +54,16 @@
|
|
|
fb9e9a |
forwarders:
|
|
|
fb9e9a |
description:
|
|
|
fb9e9a |
- List of the DNS servers to forward to
|
|
|
fb9e9a |
- required: true
|
|
|
fb9e9a |
- type: list
|
|
|
fb9e9a |
aliases: ["idnsforwarders"]
|
|
|
fb9e9a |
+ options:
|
|
|
fb9e9a |
+ ip_address:
|
|
|
fb9e9a |
+ description: Forwarder IP address (either IPv4 or IPv6).
|
|
|
fb9e9a |
+ required: false
|
|
|
fb9e9a |
+ type: string
|
|
|
fb9e9a |
+ port:
|
|
|
fb9e9a |
+ description: Forwarder port.
|
|
|
fb9e9a |
+ required: false
|
|
|
fb9e9a |
+ type: int
|
|
|
fb9e9a |
forwardpolicy:
|
|
|
fb9e9a |
description: Per-zone conditional forwarding policy
|
|
|
fb9e9a |
required: false
|
|
|
fb9e9a |
@@ -128,6 +135,20 @@ def gen_args(forwarders, forwardpolicy, skip_overlap_check):
|
|
|
fb9e9a |
return _args
|
|
|
fb9e9a |
|
|
|
fb9e9a |
|
|
|
fb9e9a |
+def forwarder_list(forwarders):
|
|
|
fb9e9a |
+ """Convert the forwarder dict into a list compatible with IPA API."""
|
|
|
fb9e9a |
+ if forwarders is None:
|
|
|
fb9e9a |
+ return None
|
|
|
fb9e9a |
+ fwd_list = []
|
|
|
fb9e9a |
+ for forwarder in forwarders:
|
|
|
fb9e9a |
+ if forwarder.get('port', None) is not None:
|
|
|
fb9e9a |
+ formatter = "{ip_address} port {port}"
|
|
|
fb9e9a |
+ else:
|
|
|
fb9e9a |
+ formatter = "{ip_address}"
|
|
|
fb9e9a |
+ fwd_list.append(formatter.format(**forwarder))
|
|
|
fb9e9a |
+ return fwd_list
|
|
|
fb9e9a |
+
|
|
|
fb9e9a |
+
|
|
|
fb9e9a |
def main():
|
|
|
fb9e9a |
ansible_module = AnsibleModule(
|
|
|
fb9e9a |
argument_spec=dict(
|
|
|
fb9e9a |
@@ -136,8 +157,13 @@ def main():
|
|
|
fb9e9a |
ipaadmin_password=dict(type="str", required=False, no_log=True),
|
|
|
fb9e9a |
name=dict(type="list", aliases=["cn"], default=None,
|
|
|
fb9e9a |
required=True),
|
|
|
fb9e9a |
- forwarders=dict(type='list', aliases=["idnsforwarders"],
|
|
|
fb9e9a |
- required=False),
|
|
|
fb9e9a |
+ forwarders=dict(type="list", default=None, required=False,
|
|
|
fb9e9a |
+ aliases=["idnsforwarders"], elements='dict',
|
|
|
fb9e9a |
+ options=dict(
|
|
|
fb9e9a |
+ ip_address=dict(type='str', required=True),
|
|
|
fb9e9a |
+ port=dict(type='int', required=False,
|
|
|
fb9e9a |
+ default=None),
|
|
|
fb9e9a |
+ )),
|
|
|
fb9e9a |
forwardpolicy=dict(type='str', aliases=["idnsforwardpolicy"],
|
|
|
fb9e9a |
required=False,
|
|
|
fb9e9a |
choices=['only', 'first', 'none']),
|
|
|
fb9e9a |
@@ -160,7 +186,8 @@ def main():
|
|
|
fb9e9a |
"ipaadmin_password")
|
|
|
fb9e9a |
names = module_params_get(ansible_module, "name")
|
|
|
fb9e9a |
action = module_params_get(ansible_module, "action")
|
|
|
fb9e9a |
- forwarders = module_params_get(ansible_module, "forwarders")
|
|
|
fb9e9a |
+ forwarders = forwarder_list(
|
|
|
fb9e9a |
+ module_params_get(ansible_module, "forwarders"))
|
|
|
fb9e9a |
forwardpolicy = module_params_get(ansible_module, "forwardpolicy")
|
|
|
fb9e9a |
skip_overlap_check = module_params_get(ansible_module,
|
|
|
fb9e9a |
"skip_overlap_check")
|
|
|
fb9e9a |
diff --git a/tests/dnsforwardzone/test_dnsforwardzone.yml b/tests/dnsforwardzone/test_dnsforwardzone.yml
|
|
|
fb9e9a |
index d94db9e5..468cd4ce 100644
|
|
|
fb9e9a |
--- a/tests/dnsforwardzone/test_dnsforwardzone.yml
|
|
|
fb9e9a |
+++ b/tests/dnsforwardzone/test_dnsforwardzone.yml
|
|
|
fb9e9a |
@@ -5,7 +5,7 @@
|
|
|
fb9e9a |
gather_facts: false
|
|
|
fb9e9a |
|
|
|
fb9e9a |
tasks:
|
|
|
fb9e9a |
- - name: ensure test forwardzones are absent - prep
|
|
|
fb9e9a |
+ - name: ensure test forwardzones are absent
|
|
|
fb9e9a |
ipadnsforwardzone:
|
|
|
fb9e9a |
ipaadmin_password: SomeADMINpassword
|
|
|
fb9e9a |
name:
|
|
|
fb9e9a |
@@ -19,7 +19,7 @@
|
|
|
fb9e9a |
state: present
|
|
|
fb9e9a |
name: example.com
|
|
|
fb9e9a |
forwarders:
|
|
|
fb9e9a |
- - 8.8.8.8
|
|
|
fb9e9a |
+ - ip_address: 8.8.8.8
|
|
|
fb9e9a |
forwardpolicy: first
|
|
|
fb9e9a |
skip_overlap_check: true
|
|
|
fb9e9a |
register: result
|
|
|
fb9e9a |
@@ -31,7 +31,7 @@
|
|
|
fb9e9a |
state: present
|
|
|
fb9e9a |
name: example.com
|
|
|
fb9e9a |
forwarders:
|
|
|
fb9e9a |
- - 8.8.8.8
|
|
|
fb9e9a |
+ - ip_address: 8.8.8.8
|
|
|
fb9e9a |
forwardpolicy: first
|
|
|
fb9e9a |
skip_overlap_check: true
|
|
|
fb9e9a |
register: result
|
|
|
fb9e9a |
@@ -43,19 +43,22 @@
|
|
|
fb9e9a |
state: present
|
|
|
fb9e9a |
name: example.com
|
|
|
fb9e9a |
forwarders:
|
|
|
fb9e9a |
- - 8.8.8.8
|
|
|
fb9e9a |
- - 4.4.4.4
|
|
|
fb9e9a |
+ - ip_address: 8.8.8.8
|
|
|
fb9e9a |
+ - ip_address: 4.4.4.4
|
|
|
fb9e9a |
+ port: 8053
|
|
|
fb9e9a |
forwardpolicy: first
|
|
|
fb9e9a |
skip_overlap_check: true
|
|
|
fb9e9a |
register: result
|
|
|
fb9e9a |
failed_when: not result.changed
|
|
|
fb9e9a |
|
|
|
fb9e9a |
+ - pause:
|
|
|
fb9e9a |
+
|
|
|
fb9e9a |
- name: ensure forwardzone example.com has one forwarder again
|
|
|
fb9e9a |
ipadnsforwardzone:
|
|
|
fb9e9a |
ipaadmin_password: SomeADMINpassword
|
|
|
fb9e9a |
name: example.com
|
|
|
fb9e9a |
forwarders:
|
|
|
fb9e9a |
- - 8.8.8.8
|
|
|
fb9e9a |
+ - ip_address: 8.8.8.8
|
|
|
fb9e9a |
forwardpolicy: first
|
|
|
fb9e9a |
skip_overlap_check: true
|
|
|
fb9e9a |
state: present
|
|
|
fb9e9a |
@@ -67,7 +70,7 @@
|
|
|
fb9e9a |
ipaadmin_password: SomeADMINpassword
|
|
|
fb9e9a |
name: example.com
|
|
|
fb9e9a |
forwarders:
|
|
|
fb9e9a |
- - 8.8.8.8
|
|
|
fb9e9a |
+ - ip_address: 8.8.8.8
|
|
|
fb9e9a |
forwardpolicy: first
|
|
|
fb9e9a |
skip_overlap_check: false
|
|
|
fb9e9a |
state: present
|
|
|
fb9e9a |
@@ -80,8 +83,9 @@
|
|
|
fb9e9a |
state: present
|
|
|
fb9e9a |
name: example.com
|
|
|
fb9e9a |
forwarders:
|
|
|
fb9e9a |
- - 8.8.8.8
|
|
|
fb9e9a |
- - 4.4.4.4
|
|
|
fb9e9a |
+ - ip_address: 8.8.8.8
|
|
|
fb9e9a |
+ - ip_address: 4.4.4.4
|
|
|
fb9e9a |
+ port: 8053
|
|
|
fb9e9a |
forwardpolicy: only
|
|
|
fb9e9a |
skip_overlap_check: false
|
|
|
fb9e9a |
register: result
|
|
|
fb9e9a |
@@ -100,7 +104,7 @@
|
|
|
fb9e9a |
name: example.com
|
|
|
fb9e9a |
skip_overlap_check: true
|
|
|
fb9e9a |
forwarders:
|
|
|
fb9e9a |
- - 8.8.8.8
|
|
|
fb9e9a |
+ - ip_address: 8.8.8.8
|
|
|
fb9e9a |
register: result
|
|
|
fb9e9a |
failed_when: not result.changed
|
|
|
fb9e9a |
|
|
|
fb9e9a |
@@ -110,7 +114,8 @@
|
|
|
fb9e9a |
state: present
|
|
|
fb9e9a |
name: example.com
|
|
|
fb9e9a |
forwarders:
|
|
|
fb9e9a |
- - 4.4.4.4
|
|
|
fb9e9a |
+ - ip_address: 4.4.4.4
|
|
|
fb9e9a |
+ port: 8053
|
|
|
fb9e9a |
action: member
|
|
|
fb9e9a |
register: result
|
|
|
fb9e9a |
failed_when: not result.changed
|
|
|
fb9e9a |
@@ -121,8 +126,9 @@
|
|
|
fb9e9a |
state: present
|
|
|
fb9e9a |
name: example.com
|
|
|
fb9e9a |
forwarders:
|
|
|
fb9e9a |
- - 4.4.4.4
|
|
|
fb9e9a |
- - 8.8.8.8
|
|
|
fb9e9a |
+ - ip_address: 4.4.4.4
|
|
|
fb9e9a |
+ port: 8053
|
|
|
fb9e9a |
+ - ip_address: 8.8.8.8
|
|
|
fb9e9a |
action: member
|
|
|
fb9e9a |
register: result
|
|
|
fb9e9a |
failed_when: result.changed
|
|
|
fb9e9a |
@@ -133,7 +139,7 @@
|
|
|
fb9e9a |
state: absent
|
|
|
fb9e9a |
name: example.com
|
|
|
fb9e9a |
forwarders:
|
|
|
fb9e9a |
- - 8.8.8.8
|
|
|
fb9e9a |
+ - ip_address: 8.8.8.8
|
|
|
fb9e9a |
action: member
|
|
|
fb9e9a |
register: result
|
|
|
fb9e9a |
failed_when: not result.changed
|
|
|
fb9e9a |
@@ -144,7 +150,8 @@
|
|
|
fb9e9a |
state: present
|
|
|
fb9e9a |
name: example.com
|
|
|
fb9e9a |
forwarders:
|
|
|
fb9e9a |
- - 4.4.4.4
|
|
|
fb9e9a |
+ - ip_address: 4.4.4.4
|
|
|
fb9e9a |
+ port: 8053
|
|
|
fb9e9a |
action: member
|
|
|
fb9e9a |
register: result
|
|
|
fb9e9a |
failed_when: result.changed
|
|
|
fb9e9a |
@@ -161,7 +168,8 @@
|
|
|
fb9e9a |
state: present
|
|
|
fb9e9a |
name: example.com
|
|
|
fb9e9a |
forwarders:
|
|
|
fb9e9a |
- - 4.4.4.4
|
|
|
fb9e9a |
+ - ip_address: 4.4.4.4
|
|
|
fb9e9a |
+ port: 8053
|
|
|
fb9e9a |
action: member
|
|
|
fb9e9a |
skip_overlap_check: true
|
|
|
fb9e9a |
register: result
|
|
|
fb9e9a |
@@ -179,7 +187,8 @@
|
|
|
fb9e9a |
state: disabled
|
|
|
fb9e9a |
name: example.com
|
|
|
fb9e9a |
forwarders:
|
|
|
fb9e9a |
- - 4.4.4.4
|
|
|
fb9e9a |
+ - ip_address: 4.4.4.4
|
|
|
fb9e9a |
+ port: 8053
|
|
|
fb9e9a |
skip_overlap_check: true
|
|
|
fb9e9a |
register: result
|
|
|
fb9e9a |
failed_when: not result.changed
|
|
|
fb9e9a |
From bf864469a1da81c6b23e9726562b21408764ac8f Mon Sep 17 00:00:00 2001
|
|
|
fb9e9a |
From: Rafael Guterres Jeffman <rjeffman@redhat.com>
|
|
|
fb9e9a |
Date: Mon, 15 Jun 2020 20:42:23 -0300
|
|
|
fb9e9a |
Subject: [PATCH] Add support for attribute `permission` on dnsforwardzone
|
|
|
fb9e9a |
module.
|
|
|
fb9e9a |
|
|
|
fb9e9a |
Adds missing attribute `permission to dnsforwardzone module, that
|
|
|
fb9e9a |
enable setting `manageby` for the DNS Forwar Zone.
|
|
|
fb9e9a |
---
|
|
|
fb9e9a |
README-dnsforwardzone.md | 1 +
|
|
|
fb9e9a |
plugins/modules/ipadnsforwardzone.py | 71 ++++++++----
|
|
|
fb9e9a |
tests/dnsforwardzone/test_dnsforwardzone.yml | 110 +++++++++++++++----
|
|
|
fb9e9a |
3 files changed, 136 insertions(+), 46 deletions(-)
|
|
|
fb9e9a |
|
|
|
fb9e9a |
diff --git a/README-dnsforwardzone.md b/README-dnsforwardzone.md
|
|
|
fb9e9a |
index 15b2b574..175e6f8b 100644
|
|
|
fb9e9a |
--- a/README-dnsforwardzone.md
|
|
|
fb9e9a |
+++ b/README-dnsforwardzone.md
|
|
|
fb9e9a |
@@ -104,6 +104,7 @@ Variable | Description | Required
|
|
|
fb9e9a |
| `port`: The forwarder IP port. | no
|
|
|
fb9e9a |
`forwardpolicy` \| `idnsforwardpolicy` | Per-zone conditional forwarding policy. Possible values are `only`, `first`, `none`. Set to "none" to disable forwarding to global forwarder for this zone. In that case, conditional zone forwarders are disregarded. | no
|
|
|
fb9e9a |
`skip_overlap_check` | Force DNS zone creation even if it will overlap with an existing zone. Defaults to False. | no
|
|
|
fb9e9a |
+`permission` | Allow DNS Forward Zone to be managed. (bool) | no
|
|
|
fb9e9a |
`action` | Work on group or member level. It can be on of `member` or `dnsforwardzone` and defaults to `dnsforwardzone`. | no
|
|
|
fb9e9a |
`state` | The state to ensure. It can be one of `present`, `absent`, `enabled` or `disabled`, default: `present`. | yes
|
|
|
fb9e9a |
|
|
|
fb9e9a |
diff --git a/plugins/modules/ipadnsforwardzone.py b/plugins/modules/ipadnsforwardzone.py
|
|
|
fb9e9a |
index 8e5c3464..a729197b 100644
|
|
|
fb9e9a |
--- a/plugins/modules/ipadnsforwardzone.py
|
|
|
fb9e9a |
+++ b/plugins/modules/ipadnsforwardzone.py
|
|
|
fb9e9a |
@@ -75,6 +75,11 @@
|
|
|
fb9e9a |
- Force DNS zone creation even if it will overlap with an existing zone.
|
|
|
fb9e9a |
required: false
|
|
|
fb9e9a |
default: false
|
|
|
fb9e9a |
+ permission:
|
|
|
fb9e9a |
+ description:
|
|
|
fb9e9a |
+ - Allow DNS Forward Zone to be managed.
|
|
|
fb9e9a |
+ required: false
|
|
|
fb9e9a |
+ type: bool
|
|
|
fb9e9a |
'''
|
|
|
fb9e9a |
|
|
|
fb9e9a |
EXAMPLES = '''
|
|
|
fb9e9a |
@@ -168,6 +173,8 @@ def main():
|
|
|
fb9e9a |
required=False,
|
|
|
fb9e9a |
choices=['only', 'first', 'none']),
|
|
|
fb9e9a |
skip_overlap_check=dict(type='bool', required=False),
|
|
|
fb9e9a |
+ permission=dict(type='bool', required=False,
|
|
|
fb9e9a |
+ aliases=['managedby']),
|
|
|
fb9e9a |
action=dict(type="str", default="dnsforwardzone",
|
|
|
fb9e9a |
choices=["member", "dnsforwardzone"]),
|
|
|
fb9e9a |
# state
|
|
|
fb9e9a |
@@ -191,6 +198,7 @@ def main():
|
|
|
fb9e9a |
forwardpolicy = module_params_get(ansible_module, "forwardpolicy")
|
|
|
fb9e9a |
skip_overlap_check = module_params_get(ansible_module,
|
|
|
fb9e9a |
"skip_overlap_check")
|
|
|
fb9e9a |
+ permission = module_params_get(ansible_module, "permission")
|
|
|
fb9e9a |
state = module_params_get(ansible_module, "state")
|
|
|
fb9e9a |
|
|
|
fb9e9a |
if state == 'present' and len(names) != 1:
|
|
|
fb9e9a |
@@ -215,7 +223,9 @@ def main():
|
|
|
fb9e9a |
wants_enable = True
|
|
|
fb9e9a |
|
|
|
fb9e9a |
if operation == "del":
|
|
|
fb9e9a |
- invalid = ["forwarders", "forwardpolicy", "skip_overlap_check"]
|
|
|
fb9e9a |
+ invalid = [
|
|
|
fb9e9a |
+ "forwarders", "forwardpolicy", "skip_overlap_check", "permission"
|
|
|
fb9e9a |
+ ]
|
|
|
fb9e9a |
for x in invalid:
|
|
|
fb9e9a |
if vars()[x] is not None:
|
|
|
fb9e9a |
ansible_module.fail_json(
|
|
|
fb9e9a |
@@ -241,6 +251,9 @@ def main():
|
|
|
fb9e9a |
api_connect()
|
|
|
fb9e9a |
|
|
|
fb9e9a |
for name in names:
|
|
|
fb9e9a |
+ commands = []
|
|
|
fb9e9a |
+ command = None
|
|
|
fb9e9a |
+
|
|
|
fb9e9a |
# Make sure forwardzone exists
|
|
|
fb9e9a |
existing_resource = find_dnsforwardzone(ansible_module, name)
|
|
|
fb9e9a |
|
|
|
fb9e9a |
@@ -249,6 +262,18 @@ def main():
|
|
|
fb9e9a |
if existing_resource is None and not forwarders:
|
|
|
fb9e9a |
ansible_module.fail_json(msg='No forwarders specified.')
|
|
|
fb9e9a |
|
|
|
fb9e9a |
+ if existing_resource is not None:
|
|
|
fb9e9a |
+ if state != "absent":
|
|
|
fb9e9a |
+ if forwarders:
|
|
|
fb9e9a |
+ forwarders = list(
|
|
|
fb9e9a |
+ set(existing_resource["idnsforwarders"]
|
|
|
fb9e9a |
+ + forwarders))
|
|
|
fb9e9a |
+ else:
|
|
|
fb9e9a |
+ if forwarders:
|
|
|
fb9e9a |
+ forwarders = list(
|
|
|
fb9e9a |
+ set(existing_resource["idnsforwarders"])
|
|
|
fb9e9a |
+ - set(forwarders))
|
|
|
fb9e9a |
+
|
|
|
fb9e9a |
if existing_resource is None and operation == "update":
|
|
|
fb9e9a |
# does not exist and is updating
|
|
|
fb9e9a |
# trying to update something that doesn't exist, so error
|
|
|
fb9e9a |
@@ -256,20 +281,17 @@ def main():
|
|
|
fb9e9a |
valid""" % (name))
|
|
|
fb9e9a |
elif existing_resource is None and operation == "del":
|
|
|
fb9e9a |
# does not exists and should be absent
|
|
|
fb9e9a |
- # set command
|
|
|
fb9e9a |
- command = None
|
|
|
fb9e9a |
# enabled or disabled?
|
|
|
fb9e9a |
is_enabled = "IGNORE"
|
|
|
fb9e9a |
elif existing_resource is not None and operation == "del":
|
|
|
fb9e9a |
# exists but should be absent
|
|
|
fb9e9a |
# set command
|
|
|
fb9e9a |
command = "dnsforwardzone_del"
|
|
|
fb9e9a |
+ args = {}
|
|
|
fb9e9a |
# enabled or disabled?
|
|
|
fb9e9a |
is_enabled = "IGNORE"
|
|
|
fb9e9a |
elif forwarders is None:
|
|
|
fb9e9a |
# forwarders are not defined its not a delete, update state?
|
|
|
fb9e9a |
- # set command
|
|
|
fb9e9a |
- command = None
|
|
|
fb9e9a |
# enabled or disabled?
|
|
|
fb9e9a |
if existing_resource is not None:
|
|
|
fb9e9a |
is_enabled = existing_resource["idnszoneactive"][0]
|
|
|
fb9e9a |
@@ -278,23 +300,13 @@ def main():
|
|
|
fb9e9a |
elif existing_resource is not None and operation == "update":
|
|
|
fb9e9a |
# exists and is updating
|
|
|
fb9e9a |
# calculate the new forwarders and mod
|
|
|
fb9e9a |
- # determine args
|
|
|
fb9e9a |
- if state != "absent":
|
|
|
fb9e9a |
- forwarders = list(set(existing_resource["idnsforwarders"]
|
|
|
fb9e9a |
- + forwarders))
|
|
|
fb9e9a |
- else:
|
|
|
fb9e9a |
- forwarders = list(set(existing_resource["idnsforwarders"])
|
|
|
fb9e9a |
- - set(forwarders))
|
|
|
fb9e9a |
- args = gen_args(forwarders, forwardpolicy,
|
|
|
fb9e9a |
- skip_overlap_check)
|
|
|
fb9e9a |
- if skip_overlap_check is not None:
|
|
|
fb9e9a |
+ args = gen_args(forwarders, forwardpolicy, skip_overlap_check)
|
|
|
fb9e9a |
+ if "skip_overlap_check" in args:
|
|
|
fb9e9a |
del args['skip_overlap_check']
|
|
|
fb9e9a |
|
|
|
fb9e9a |
# command
|
|
|
fb9e9a |
if not compare_args_ipa(ansible_module, args, existing_resource):
|
|
|
fb9e9a |
command = "dnsforwardzone_mod"
|
|
|
fb9e9a |
- else:
|
|
|
fb9e9a |
- command = None
|
|
|
fb9e9a |
|
|
|
fb9e9a |
# enabled or disabled?
|
|
|
fb9e9a |
is_enabled = existing_resource["idnszoneactive"][0]
|
|
|
fb9e9a |
@@ -313,21 +325,36 @@ def main():
|
|
|
fb9e9a |
# exists and should be present, has it changed?
|
|
|
fb9e9a |
# determine args
|
|
|
fb9e9a |
args = gen_args(forwarders, forwardpolicy, skip_overlap_check)
|
|
|
fb9e9a |
- if skip_overlap_check is not None:
|
|
|
fb9e9a |
+ if 'skip_overlap_check' in args:
|
|
|
fb9e9a |
del args['skip_overlap_check']
|
|
|
fb9e9a |
|
|
|
fb9e9a |
# set command
|
|
|
fb9e9a |
if not compare_args_ipa(ansible_module, args, existing_resource):
|
|
|
fb9e9a |
command = "dnsforwardzone_mod"
|
|
|
fb9e9a |
- else:
|
|
|
fb9e9a |
- command = None
|
|
|
fb9e9a |
|
|
|
fb9e9a |
# enabled or disabled?
|
|
|
fb9e9a |
is_enabled = existing_resource["idnszoneactive"][0]
|
|
|
fb9e9a |
|
|
|
fb9e9a |
- # if command is set then run it with the args
|
|
|
fb9e9a |
+ # if command is set...
|
|
|
fb9e9a |
if command is not None:
|
|
|
fb9e9a |
- api_command(ansible_module, command, name, args)
|
|
|
fb9e9a |
+ commands.append([name, command, args])
|
|
|
fb9e9a |
+
|
|
|
fb9e9a |
+ if permission is not None:
|
|
|
fb9e9a |
+ if existing_resource is None:
|
|
|
fb9e9a |
+ managedby = None
|
|
|
fb9e9a |
+ else:
|
|
|
fb9e9a |
+ managedby = existing_resource.get('managedby', None)
|
|
|
fb9e9a |
+ if permission and managedby is None:
|
|
|
fb9e9a |
+ commands.append(
|
|
|
fb9e9a |
+ [name, 'dnsforwardzone_add_permission', {}]
|
|
|
fb9e9a |
+ )
|
|
|
fb9e9a |
+ elif not permission and managedby is not None:
|
|
|
fb9e9a |
+ commands.append(
|
|
|
fb9e9a |
+ [name, 'dnsforwardzone_remove_permission', {}]
|
|
|
fb9e9a |
+ )
|
|
|
fb9e9a |
+
|
|
|
fb9e9a |
+ for name, command, args in commands:
|
|
|
fb9e9a |
+ result = api_command(ansible_module, command, name, args)
|
|
|
fb9e9a |
changed = True
|
|
|
fb9e9a |
|
|
|
fb9e9a |
# does the enabled state match what we want (if we care)
|
|
|
fb9e9a |
diff --git a/tests/dnsforwardzone/test_dnsforwardzone.yml b/tests/dnsforwardzone/test_dnsforwardzone.yml
|
|
|
fb9e9a |
index 468cd4ce..0386bd48 100644
|
|
|
fb9e9a |
--- a/tests/dnsforwardzone/test_dnsforwardzone.yml
|
|
|
fb9e9a |
+++ b/tests/dnsforwardzone/test_dnsforwardzone.yml
|
|
|
fb9e9a |
@@ -51,8 +51,6 @@
|
|
|
fb9e9a |
register: result
|
|
|
fb9e9a |
failed_when: not result.changed
|
|
|
fb9e9a |
|
|
|
fb9e9a |
- - pause:
|
|
|
fb9e9a |
-
|
|
|
fb9e9a |
- name: ensure forwardzone example.com has one forwarder again
|
|
|
fb9e9a |
ipadnsforwardzone:
|
|
|
fb9e9a |
ipaadmin_password: SomeADMINpassword
|
|
|
fb9e9a |
@@ -63,7 +61,7 @@
|
|
|
fb9e9a |
skip_overlap_check: true
|
|
|
fb9e9a |
state: present
|
|
|
fb9e9a |
register: result
|
|
|
fb9e9a |
- failed_when: not result.changed
|
|
|
fb9e9a |
+ failed_when: result.changed
|
|
|
fb9e9a |
|
|
|
fb9e9a |
- name: skip_overlap_check can only be set on creation so change nothing
|
|
|
fb9e9a |
ipadnsforwardzone:
|
|
|
fb9e9a |
@@ -77,6 +75,22 @@
|
|
|
fb9e9a |
register: result
|
|
|
fb9e9a |
failed_when: result.changed
|
|
|
fb9e9a |
|
|
|
fb9e9a |
+ - name: ensure forwardzone example.com is absent.
|
|
|
fb9e9a |
+ ipadnsforwardzone:
|
|
|
fb9e9a |
+ ipaadmin_password: SomeADMINpassword
|
|
|
fb9e9a |
+ name: example.com
|
|
|
fb9e9a |
+ state: absent
|
|
|
fb9e9a |
+ register: result
|
|
|
fb9e9a |
+ failed_when: not result.changed
|
|
|
fb9e9a |
+
|
|
|
fb9e9a |
+ - name: ensure forwardzone example.com is absent, again.
|
|
|
fb9e9a |
+ ipadnsforwardzone:
|
|
|
fb9e9a |
+ ipaadmin_password: SomeADMINpassword
|
|
|
fb9e9a |
+ name: example.com
|
|
|
fb9e9a |
+ state: absent
|
|
|
fb9e9a |
+ register: result
|
|
|
fb9e9a |
+ failed_when: result.changed
|
|
|
fb9e9a |
+
|
|
|
fb9e9a |
- name: change all the things at once
|
|
|
fb9e9a |
ipadnsforwardzone:
|
|
|
fb9e9a |
ipaadmin_password: SomeADMINpassword
|
|
|
fb9e9a |
@@ -87,11 +101,12 @@
|
|
|
fb9e9a |
- ip_address: 4.4.4.4
|
|
|
fb9e9a |
port: 8053
|
|
|
fb9e9a |
forwardpolicy: only
|
|
|
fb9e9a |
- skip_overlap_check: false
|
|
|
fb9e9a |
+ skip_overlap_check: true
|
|
|
fb9e9a |
+ permission: yes
|
|
|
fb9e9a |
register: result
|
|
|
fb9e9a |
failed_when: not result.changed
|
|
|
fb9e9a |
|
|
|
fb9e9a |
- - name: ensure forwardzone example.com is absent for next testset
|
|
|
fb9e9a |
+ - name: ensure forwardzone example.com is absent.
|
|
|
fb9e9a |
ipadnsforwardzone:
|
|
|
fb9e9a |
ipaadmin_password: SomeADMINpassword
|
|
|
fb9e9a |
name: example.com
|
|
|
fb9e9a |
@@ -156,43 +171,58 @@
|
|
|
fb9e9a |
register: result
|
|
|
fb9e9a |
failed_when: result.changed
|
|
|
fb9e9a |
|
|
|
fb9e9a |
- - name: ensure forwardzone example.com is absent again
|
|
|
fb9e9a |
+ - name: Add a permission for per-forward zone access delegation.
|
|
|
fb9e9a |
ipadnsforwardzone:
|
|
|
fb9e9a |
ipaadmin_password: SomeADMINpassword
|
|
|
fb9e9a |
name: example.com
|
|
|
fb9e9a |
- state: absent
|
|
|
fb9e9a |
+ permission: yes
|
|
|
fb9e9a |
+ action: member
|
|
|
fb9e9a |
+ register: result
|
|
|
fb9e9a |
+ failed_when: not result.changed
|
|
|
fb9e9a |
|
|
|
fb9e9a |
- - name: try to create a new forwarder with action=member
|
|
|
fb9e9a |
+ - name: Add a permission for per-forward zone access delegation, again.
|
|
|
fb9e9a |
ipadnsforwardzone:
|
|
|
fb9e9a |
ipaadmin_password: SomeADMINpassword
|
|
|
fb9e9a |
- state: present
|
|
|
fb9e9a |
name: example.com
|
|
|
fb9e9a |
- forwarders:
|
|
|
fb9e9a |
- - ip_address: 4.4.4.4
|
|
|
fb9e9a |
- port: 8053
|
|
|
fb9e9a |
+ permission: yes
|
|
|
fb9e9a |
action: member
|
|
|
fb9e9a |
- skip_overlap_check: true
|
|
|
fb9e9a |
register: result
|
|
|
fb9e9a |
failed_when: result.changed
|
|
|
fb9e9a |
|
|
|
fb9e9a |
- - name: ensure forwardzone example.com is absent - tidy up
|
|
|
fb9e9a |
+ - name: Remove a permission for per-forward zone access delegation.
|
|
|
fb9e9a |
ipadnsforwardzone:
|
|
|
fb9e9a |
ipaadmin_password: SomeADMINpassword
|
|
|
fb9e9a |
name: example.com
|
|
|
fb9e9a |
- state: absent
|
|
|
fb9e9a |
+ permission: no
|
|
|
fb9e9a |
+ action: member
|
|
|
fb9e9a |
+ register: result
|
|
|
fb9e9a |
+ failed_when: not result.changed
|
|
|
fb9e9a |
|
|
|
fb9e9a |
- - name: try to create a new forwarder is disabled state
|
|
|
fb9e9a |
+ - name: Remove a permission for per-forward zone access delegation, again.
|
|
|
fb9e9a |
ipadnsforwardzone:
|
|
|
fb9e9a |
ipaadmin_password: SomeADMINpassword
|
|
|
fb9e9a |
- state: disabled
|
|
|
fb9e9a |
name: example.com
|
|
|
fb9e9a |
- forwarders:
|
|
|
fb9e9a |
- - ip_address: 4.4.4.4
|
|
|
fb9e9a |
- port: 8053
|
|
|
fb9e9a |
- skip_overlap_check: true
|
|
|
fb9e9a |
+ permission: no
|
|
|
fb9e9a |
+ action: member
|
|
|
fb9e9a |
+ register: result
|
|
|
fb9e9a |
+ failed_when: result.changed
|
|
|
fb9e9a |
+
|
|
|
fb9e9a |
+ - name: disable the forwarder
|
|
|
fb9e9a |
+ ipadnsforwardzone:
|
|
|
fb9e9a |
+ ipaadmin_password: SomeADMINpassword
|
|
|
fb9e9a |
+ name: example.com
|
|
|
fb9e9a |
+ state: disabled
|
|
|
fb9e9a |
register: result
|
|
|
fb9e9a |
failed_when: not result.changed
|
|
|
fb9e9a |
|
|
|
fb9e9a |
+ - name: disable the forwarder again
|
|
|
fb9e9a |
+ ipadnsforwardzone:
|
|
|
fb9e9a |
+ ipaadmin_password: SomeADMINpassword
|
|
|
fb9e9a |
+ name: example.com
|
|
|
fb9e9a |
+ state: disabled
|
|
|
fb9e9a |
+ register: result
|
|
|
fb9e9a |
+ failed_when: result.changed
|
|
|
fb9e9a |
+
|
|
|
fb9e9a |
- name: enable the forwarder
|
|
|
fb9e9a |
ipadnsforwardzone:
|
|
|
fb9e9a |
ipaadmin_password: SomeADMINpassword
|
|
|
fb9e9a |
@@ -201,12 +231,42 @@
|
|
|
fb9e9a |
register: result
|
|
|
fb9e9a |
failed_when: not result.changed
|
|
|
fb9e9a |
|
|
|
fb9e9a |
- - name: disable the forwarder again
|
|
|
fb9e9a |
+ - name: enable the forwarder, again
|
|
|
fb9e9a |
ipadnsforwardzone:
|
|
|
fb9e9a |
ipaadmin_password: SomeADMINpassword
|
|
|
fb9e9a |
name: example.com
|
|
|
fb9e9a |
- state: disabled
|
|
|
fb9e9a |
+ state: enabled
|
|
|
fb9e9a |
+ register: result
|
|
|
fb9e9a |
+ failed_when: result.changed
|
|
|
fb9e9a |
+
|
|
|
fb9e9a |
+ - name: ensure forwardzone example.com is absent again
|
|
|
fb9e9a |
+ ipadnsforwardzone:
|
|
|
fb9e9a |
+ ipaadmin_password: SomeADMINpassword
|
|
|
fb9e9a |
+ name: example.com
|
|
|
fb9e9a |
+ state: absent
|
|
|
fb9e9a |
+
|
|
|
fb9e9a |
+ - name: try to create a new forwarder with action=member
|
|
|
fb9e9a |
+ ipadnsforwardzone:
|
|
|
fb9e9a |
+ ipaadmin_password: SomeADMINpassword
|
|
|
fb9e9a |
+ state: present
|
|
|
fb9e9a |
+ name: example.com
|
|
|
fb9e9a |
+ forwarders:
|
|
|
fb9e9a |
+ - ip_address: 4.4.4.4
|
|
|
fb9e9a |
+ port: 8053
|
|
|
fb9e9a |
action: member
|
|
|
fb9e9a |
+ skip_overlap_check: true
|
|
|
fb9e9a |
+ register: result
|
|
|
fb9e9a |
+ failed_when: result.changed
|
|
|
fb9e9a |
+
|
|
|
fb9e9a |
+ - name: try to create a new forwarder with disabled state
|
|
|
fb9e9a |
+ ipadnsforwardzone:
|
|
|
fb9e9a |
+ ipaadmin_password: SomeADMINpassword
|
|
|
fb9e9a |
+ state: disabled
|
|
|
fb9e9a |
+ name: example.com
|
|
|
fb9e9a |
+ forwarders:
|
|
|
fb9e9a |
+ - ip_address: 4.4.4.4
|
|
|
fb9e9a |
+ port: 8053
|
|
|
fb9e9a |
+ skip_overlap_check: yes
|
|
|
fb9e9a |
register: result
|
|
|
fb9e9a |
failed_when: not result.changed
|
|
|
fb9e9a |
|
|
|
fb9e9a |
@@ -228,5 +288,7 @@
|
|
|
fb9e9a |
- name: ensure forwardzone example.com is absent - tidy up
|
|
|
fb9e9a |
ipadnsforwardzone:
|
|
|
fb9e9a |
ipaadmin_password: SomeADMINpassword
|
|
|
fb9e9a |
- name: example.com
|
|
|
fb9e9a |
+ name:
|
|
|
fb9e9a |
+ - example.com
|
|
|
fb9e9a |
+ - newfailzone.com
|
|
|
fb9e9a |
state: absent
|
|
|
fb9e9a |
From 857fb82eb9141a44ffb91331653e1c30b43f671e Mon Sep 17 00:00:00 2001
|
|
|
fb9e9a |
From: Rafael Guterres Jeffman <rjeffman@redhat.com>
|
|
|
fb9e9a |
Date: Mon, 15 Jun 2020 23:40:35 -0300
|
|
|
fb9e9a |
Subject: [PATCH] Allows modification of forward policy in existing DNS Forward
|
|
|
fb9e9a |
Zone.
|
|
|
fb9e9a |
|
|
|
fb9e9a |
This patch allows the modification of the forward zone policy in
|
|
|
fb9e9a |
an existing DNS Forward Zone, and fixes some issues with `enable`
|
|
|
fb9e9a |
and `disable` state that prevented correct behavior of `forwardpolicy`.
|
|
|
fb9e9a |
---
|
|
|
fb9e9a |
plugins/modules/ipadnsforwardzone.py | 154 ++++++++++---------
|
|
|
fb9e9a |
tests/dnsforwardzone/test_dnsforwardzone.yml | 32 ++--
|
|
|
fb9e9a |
2 files changed, 97 insertions(+), 89 deletions(-)
|
|
|
fb9e9a |
|
|
|
fb9e9a |
diff --git a/plugins/modules/ipadnsforwardzone.py b/plugins/modules/ipadnsforwardzone.py
|
|
|
fb9e9a |
index a729197b..1f1e85ec 100644
|
|
|
fb9e9a |
--- a/plugins/modules/ipadnsforwardzone.py
|
|
|
fb9e9a |
+++ b/plugins/modules/ipadnsforwardzone.py
|
|
|
fb9e9a |
@@ -217,10 +217,20 @@ def main():
|
|
|
fb9e9a |
else:
|
|
|
fb9e9a |
operation = "add"
|
|
|
fb9e9a |
|
|
|
fb9e9a |
- if state == "disabled":
|
|
|
fb9e9a |
- wants_enable = False
|
|
|
fb9e9a |
- else:
|
|
|
fb9e9a |
- wants_enable = True
|
|
|
fb9e9a |
+ if state in ["enabled", "disabled"]:
|
|
|
fb9e9a |
+ if action == "member":
|
|
|
fb9e9a |
+ ansible_module.fail_json(
|
|
|
fb9e9a |
+ msg="Action `member` cannot be used with state `%s`"
|
|
|
fb9e9a |
+ % (state))
|
|
|
fb9e9a |
+ invalid = [
|
|
|
fb9e9a |
+ "forwarders", "forwardpolicy", "skip_overlap_check", "permission"
|
|
|
fb9e9a |
+ ]
|
|
|
fb9e9a |
+ for x in invalid:
|
|
|
fb9e9a |
+ if vars()[x] is not None:
|
|
|
fb9e9a |
+ ansible_module.fail_json(
|
|
|
fb9e9a |
+ msg="Argument '%s' can not be used with action "
|
|
|
fb9e9a |
+ "'%s', state `%s`" % (x, action, state))
|
|
|
fb9e9a |
+ wants_enable = (state == "enabled")
|
|
|
fb9e9a |
|
|
|
fb9e9a |
if operation == "del":
|
|
|
fb9e9a |
invalid = [
|
|
|
fb9e9a |
@@ -230,7 +240,7 @@ def main():
|
|
|
fb9e9a |
if vars()[x] is not None:
|
|
|
fb9e9a |
ansible_module.fail_json(
|
|
|
fb9e9a |
msg="Argument '%s' can not be used with action "
|
|
|
fb9e9a |
- "'%s'" % (x, action))
|
|
|
fb9e9a |
+ "'%s', state `%s`" % (x, action, state))
|
|
|
fb9e9a |
|
|
|
fb9e9a |
changed = False
|
|
|
fb9e9a |
exit_args = {}
|
|
|
fb9e9a |
@@ -262,7 +272,27 @@ def main():
|
|
|
fb9e9a |
if existing_resource is None and not forwarders:
|
|
|
fb9e9a |
ansible_module.fail_json(msg='No forwarders specified.')
|
|
|
fb9e9a |
|
|
|
fb9e9a |
- if existing_resource is not None:
|
|
|
fb9e9a |
+ if existing_resource is None:
|
|
|
fb9e9a |
+ if operation == "add":
|
|
|
fb9e9a |
+ # does not exist but should be present
|
|
|
fb9e9a |
+ # determine args
|
|
|
fb9e9a |
+ args = gen_args(forwarders, forwardpolicy,
|
|
|
fb9e9a |
+ skip_overlap_check)
|
|
|
fb9e9a |
+ # set command
|
|
|
fb9e9a |
+ command = "dnsforwardzone_add"
|
|
|
fb9e9a |
+ # enabled or disabled?
|
|
|
fb9e9a |
+
|
|
|
fb9e9a |
+ elif operation == "update":
|
|
|
fb9e9a |
+ # does not exist and is updating
|
|
|
fb9e9a |
+ # trying to update something that doesn't exist, so error
|
|
|
fb9e9a |
+ ansible_module.fail_json(
|
|
|
fb9e9a |
+ msg="dnsforwardzone '%s' not found." % (name))
|
|
|
fb9e9a |
+
|
|
|
fb9e9a |
+ elif operation == "del":
|
|
|
fb9e9a |
+ # there's nothnig to do.
|
|
|
fb9e9a |
+ continue
|
|
|
fb9e9a |
+
|
|
|
fb9e9a |
+ else: # existing_resource is not None
|
|
|
fb9e9a |
if state != "absent":
|
|
|
fb9e9a |
if forwarders:
|
|
|
fb9e9a |
forwarders = list(
|
|
|
fb9e9a |
@@ -274,66 +304,51 @@ def main():
|
|
|
fb9e9a |
set(existing_resource["idnsforwarders"])
|
|
|
fb9e9a |
- set(forwarders))
|
|
|
fb9e9a |
|
|
|
fb9e9a |
- if existing_resource is None and operation == "update":
|
|
|
fb9e9a |
- # does not exist and is updating
|
|
|
fb9e9a |
- # trying to update something that doesn't exist, so error
|
|
|
fb9e9a |
- ansible_module.fail_json(msg="""dnsforwardzone '%s' is not
|
|
|
fb9e9a |
- valid""" % (name))
|
|
|
fb9e9a |
- elif existing_resource is None and operation == "del":
|
|
|
fb9e9a |
- # does not exists and should be absent
|
|
|
fb9e9a |
- # enabled or disabled?
|
|
|
fb9e9a |
- is_enabled = "IGNORE"
|
|
|
fb9e9a |
- elif existing_resource is not None and operation == "del":
|
|
|
fb9e9a |
- # exists but should be absent
|
|
|
fb9e9a |
- # set command
|
|
|
fb9e9a |
- command = "dnsforwardzone_del"
|
|
|
fb9e9a |
- args = {}
|
|
|
fb9e9a |
- # enabled or disabled?
|
|
|
fb9e9a |
- is_enabled = "IGNORE"
|
|
|
fb9e9a |
- elif forwarders is None:
|
|
|
fb9e9a |
- # forwarders are not defined its not a delete, update state?
|
|
|
fb9e9a |
- # enabled or disabled?
|
|
|
fb9e9a |
+ if operation == "add":
|
|
|
fb9e9a |
+ # exists and should be present, has it changed?
|
|
|
fb9e9a |
+ # determine args
|
|
|
fb9e9a |
+ args = gen_args(
|
|
|
fb9e9a |
+ forwarders, forwardpolicy, skip_overlap_check)
|
|
|
fb9e9a |
+ if 'skip_overlap_check' in args:
|
|
|
fb9e9a |
+ del args['skip_overlap_check']
|
|
|
fb9e9a |
+
|
|
|
fb9e9a |
+ # set command
|
|
|
fb9e9a |
+ if not compare_args_ipa(
|
|
|
fb9e9a |
+ ansible_module, args, existing_resource):
|
|
|
fb9e9a |
+ command = "dnsforwardzone_mod"
|
|
|
fb9e9a |
+
|
|
|
fb9e9a |
+ elif operation == "del":
|
|
|
fb9e9a |
+ # exists but should be absent
|
|
|
fb9e9a |
+ # set command
|
|
|
fb9e9a |
+ command = "dnsforwardzone_del"
|
|
|
fb9e9a |
+ args = {}
|
|
|
fb9e9a |
+
|
|
|
fb9e9a |
+ elif operation == "update":
|
|
|
fb9e9a |
+ # exists and is updating
|
|
|
fb9e9a |
+ # calculate the new forwarders and mod
|
|
|
fb9e9a |
+ args = gen_args(
|
|
|
fb9e9a |
+ forwarders, forwardpolicy, skip_overlap_check)
|
|
|
fb9e9a |
+ if "skip_overlap_check" in args:
|
|
|
fb9e9a |
+ del args['skip_overlap_check']
|
|
|
fb9e9a |
+
|
|
|
fb9e9a |
+ # command
|
|
|
fb9e9a |
+ if not compare_args_ipa(
|
|
|
fb9e9a |
+ ansible_module, args, existing_resource):
|
|
|
fb9e9a |
+ command = "dnsforwardzone_mod"
|
|
|
fb9e9a |
+
|
|
|
fb9e9a |
+ if state in ['enabled', 'disabled']:
|
|
|
fb9e9a |
if existing_resource is not None:
|
|
|
fb9e9a |
is_enabled = existing_resource["idnszoneactive"][0]
|
|
|
fb9e9a |
else:
|
|
|
fb9e9a |
- is_enabled = "IGNORE"
|
|
|
fb9e9a |
- elif existing_resource is not None and operation == "update":
|
|
|
fb9e9a |
- # exists and is updating
|
|
|
fb9e9a |
- # calculate the new forwarders and mod
|
|
|
fb9e9a |
- args = gen_args(forwarders, forwardpolicy, skip_overlap_check)
|
|
|
fb9e9a |
- if "skip_overlap_check" in args:
|
|
|
fb9e9a |
- del args['skip_overlap_check']
|
|
|
fb9e9a |
-
|
|
|
fb9e9a |
- # command
|
|
|
fb9e9a |
- if not compare_args_ipa(ansible_module, args, existing_resource):
|
|
|
fb9e9a |
- command = "dnsforwardzone_mod"
|
|
|
fb9e9a |
-
|
|
|
fb9e9a |
- # enabled or disabled?
|
|
|
fb9e9a |
- is_enabled = existing_resource["idnszoneactive"][0]
|
|
|
fb9e9a |
-
|
|
|
fb9e9a |
- elif existing_resource is None and operation == "add":
|
|
|
fb9e9a |
- # does not exist but should be present
|
|
|
fb9e9a |
- # determine args
|
|
|
fb9e9a |
- args = gen_args(forwarders, forwardpolicy,
|
|
|
fb9e9a |
- skip_overlap_check)
|
|
|
fb9e9a |
- # set command
|
|
|
fb9e9a |
- command = "dnsforwardzone_add"
|
|
|
fb9e9a |
- # enabled or disabled?
|
|
|
fb9e9a |
- is_enabled = "TRUE"
|
|
|
fb9e9a |
-
|
|
|
fb9e9a |
- elif existing_resource is not None and operation == "add":
|
|
|
fb9e9a |
- # exists and should be present, has it changed?
|
|
|
fb9e9a |
- # determine args
|
|
|
fb9e9a |
- args = gen_args(forwarders, forwardpolicy, skip_overlap_check)
|
|
|
fb9e9a |
- if 'skip_overlap_check' in args:
|
|
|
fb9e9a |
- del args['skip_overlap_check']
|
|
|
fb9e9a |
-
|
|
|
fb9e9a |
- # set command
|
|
|
fb9e9a |
- if not compare_args_ipa(ansible_module, args, existing_resource):
|
|
|
fb9e9a |
- command = "dnsforwardzone_mod"
|
|
|
fb9e9a |
-
|
|
|
fb9e9a |
- # enabled or disabled?
|
|
|
fb9e9a |
- is_enabled = existing_resource["idnszoneactive"][0]
|
|
|
fb9e9a |
+ ansible_module.fail_json(
|
|
|
fb9e9a |
+ msg="dnsforwardzone '%s' not found." % (name))
|
|
|
fb9e9a |
+
|
|
|
fb9e9a |
+ # does the enabled state match what we want (if we care)
|
|
|
fb9e9a |
+ if is_enabled != "IGNORE":
|
|
|
fb9e9a |
+ if wants_enable and is_enabled != "TRUE":
|
|
|
fb9e9a |
+ commands.append([name, "dnsforwardzone_enable", {}])
|
|
|
fb9e9a |
+ elif not wants_enable and is_enabled != "FALSE":
|
|
|
fb9e9a |
+ commands.append([name, "dnsforwardzone_disable", {}])
|
|
|
fb9e9a |
|
|
|
fb9e9a |
# if command is set...
|
|
|
fb9e9a |
if command is not None:
|
|
|
fb9e9a |
@@ -354,20 +369,9 @@ def main():
|
|
|
fb9e9a |
)
|
|
|
fb9e9a |
|
|
|
fb9e9a |
for name, command, args in commands:
|
|
|
fb9e9a |
- result = api_command(ansible_module, command, name, args)
|
|
|
fb9e9a |
+ api_command(ansible_module, command, name, args)
|
|
|
fb9e9a |
changed = True
|
|
|
fb9e9a |
|
|
|
fb9e9a |
- # does the enabled state match what we want (if we care)
|
|
|
fb9e9a |
- if is_enabled != "IGNORE":
|
|
|
fb9e9a |
- if wants_enable and is_enabled != "TRUE":
|
|
|
fb9e9a |
- api_command(ansible_module, "dnsforwardzone_enable",
|
|
|
fb9e9a |
- name, {})
|
|
|
fb9e9a |
- changed = True
|
|
|
fb9e9a |
- elif not wants_enable and is_enabled != "FALSE":
|
|
|
fb9e9a |
- api_command(ansible_module, "dnsforwardzone_disable",
|
|
|
fb9e9a |
- name, {})
|
|
|
fb9e9a |
- changed = True
|
|
|
fb9e9a |
-
|
|
|
fb9e9a |
except Exception as e:
|
|
|
fb9e9a |
ansible_module.fail_json(msg=str(e))
|
|
|
fb9e9a |
|
|
|
fb9e9a |
diff --git a/tests/dnsforwardzone/test_dnsforwardzone.yml b/tests/dnsforwardzone/test_dnsforwardzone.yml
|
|
|
fb9e9a |
index 0386bd48..223cf3d0 100644
|
|
|
fb9e9a |
--- a/tests/dnsforwardzone/test_dnsforwardzone.yml
|
|
|
fb9e9a |
+++ b/tests/dnsforwardzone/test_dnsforwardzone.yml
|
|
|
fb9e9a |
@@ -106,6 +106,22 @@
|
|
|
fb9e9a |
register: result
|
|
|
fb9e9a |
failed_when: not result.changed
|
|
|
fb9e9a |
|
|
|
fb9e9a |
+ - name: change zone forward policy
|
|
|
fb9e9a |
+ ipadnsforwardzone:
|
|
|
fb9e9a |
+ ipaadmin_password: SomeADMINpassword
|
|
|
fb9e9a |
+ name: example.com
|
|
|
fb9e9a |
+ forwardpolicy: first
|
|
|
fb9e9a |
+ register: result
|
|
|
fb9e9a |
+ failed_when: not result.changed
|
|
|
fb9e9a |
+
|
|
|
fb9e9a |
+ - name: change zone forward policy, again
|
|
|
fb9e9a |
+ ipadnsforwardzone:
|
|
|
fb9e9a |
+ ipaadmin_password: SomeADMINpassword
|
|
|
fb9e9a |
+ name: example.com
|
|
|
fb9e9a |
+ forwardpolicy: first
|
|
|
fb9e9a |
+ register: result
|
|
|
fb9e9a |
+ failed_when: result.changed
|
|
|
fb9e9a |
+
|
|
|
fb9e9a |
- name: ensure forwardzone example.com is absent.
|
|
|
fb9e9a |
ipadnsforwardzone:
|
|
|
fb9e9a |
ipaadmin_password: SomeADMINpassword
|
|
|
fb9e9a |
@@ -256,27 +272,15 @@
|
|
|
fb9e9a |
action: member
|
|
|
fb9e9a |
skip_overlap_check: true
|
|
|
fb9e9a |
register: result
|
|
|
fb9e9a |
- failed_when: result.changed
|
|
|
fb9e9a |
+ failed_when: not result.failed or "not found" not in result.msg
|
|
|
fb9e9a |
|
|
|
fb9e9a |
- name: try to create a new forwarder with disabled state
|
|
|
fb9e9a |
- ipadnsforwardzone:
|
|
|
fb9e9a |
- ipaadmin_password: SomeADMINpassword
|
|
|
fb9e9a |
- state: disabled
|
|
|
fb9e9a |
- name: example.com
|
|
|
fb9e9a |
- forwarders:
|
|
|
fb9e9a |
- - ip_address: 4.4.4.4
|
|
|
fb9e9a |
- port: 8053
|
|
|
fb9e9a |
- skip_overlap_check: yes
|
|
|
fb9e9a |
- register: result
|
|
|
fb9e9a |
- failed_when: not result.changed
|
|
|
fb9e9a |
-
|
|
|
fb9e9a |
- - name: ensure it stays disabled
|
|
|
fb9e9a |
ipadnsforwardzone:
|
|
|
fb9e9a |
ipaadmin_password: SomeADMINpassword
|
|
|
fb9e9a |
name: example.com
|
|
|
fb9e9a |
state: disabled
|
|
|
fb9e9a |
register: result
|
|
|
fb9e9a |
- failed_when: result.changed
|
|
|
fb9e9a |
+ failed_when: not result.failed or "not found" not in result.msg
|
|
|
fb9e9a |
|
|
|
fb9e9a |
- name: Ensure forwardzone is not added without forwarders, with correct message.
|
|
|
fb9e9a |
ipadnsforwardzone:
|
|
|
fb9e9a |
From 8da6a6937919d0c390b870113fb557649c39c815 Mon Sep 17 00:00:00 2001
|
|
|
fb9e9a |
From: Rafael Guterres Jeffman <rjeffman@redhat.com>
|
|
|
fb9e9a |
Date: Fri, 26 Jun 2020 11:28:15 -0300
|
|
|
fb9e9a |
Subject: [PATCH] Change password values in README to keep consistency with
|
|
|
fb9e9a |
other modules.
|
|
|
fb9e9a |
|
|
|
fb9e9a |
---
|
|
|
fb9e9a |
README-dnsforwardzone.md | 10 +++++-----
|
|
|
fb9e9a |
1 file changed, 5 insertions(+), 5 deletions(-)
|
|
|
fb9e9a |
|
|
|
fb9e9a |
diff --git a/README-dnsforwardzone.md b/README-dnsforwardzone.md
|
|
|
fb9e9a |
index 175e6f8b..32de7bfe 100644
|
|
|
fb9e9a |
--- a/README-dnsforwardzone.md
|
|
|
fb9e9a |
+++ b/README-dnsforwardzone.md
|
|
|
fb9e9a |
@@ -49,7 +49,7 @@ Example playbook to ensure presence of a forwardzone to ipa DNS:
|
|
|
fb9e9a |
tasks:
|
|
|
fb9e9a |
- name: ensure presence of forwardzone for DNS requests for example.com to 8.8.8.8
|
|
|
fb9e9a |
ipadnsforwardzone:
|
|
|
fb9e9a |
- ipaadmin_password: password01
|
|
|
fb9e9a |
+ ipaadmin_password: SomeADMINpassword
|
|
|
fb9e9a |
state: present
|
|
|
fb9e9a |
name: example.com
|
|
|
fb9e9a |
forwarders:
|
|
|
fb9e9a |
@@ -59,13 +59,13 @@ Example playbook to ensure presence of a forwardzone to ipa DNS:
|
|
|
fb9e9a |
|
|
|
fb9e9a |
- name: ensure the forward zone is disabled
|
|
|
fb9e9a |
ipadnsforwardzone:
|
|
|
fb9e9a |
- ipaadmin_password: password01
|
|
|
fb9e9a |
+ ipaadmin_password: SomeADMINpassword
|
|
|
fb9e9a |
name: example.com
|
|
|
fb9e9a |
state: disabled
|
|
|
fb9e9a |
|
|
|
fb9e9a |
- name: ensure presence of multiple upstream DNS servers for example.com
|
|
|
fb9e9a |
ipadnsforwardzone:
|
|
|
fb9e9a |
- ipaadmin_password: password01
|
|
|
fb9e9a |
+ ipaadmin_password: SomeADMINpassword
|
|
|
fb9e9a |
state: present
|
|
|
fb9e9a |
name: example.com
|
|
|
fb9e9a |
forwarders:
|
|
|
fb9e9a |
@@ -74,7 +74,7 @@ Example playbook to ensure presence of a forwardzone to ipa DNS:
|
|
|
fb9e9a |
|
|
|
fb9e9a |
- name: ensure presence of another forwarder to any existing ones for example.com
|
|
|
fb9e9a |
ipadnsforwardzone:
|
|
|
fb9e9a |
- ipaadmin_password: password01
|
|
|
fb9e9a |
+ ipaadmin_password: SomeADMINpassword
|
|
|
fb9e9a |
state: present
|
|
|
fb9e9a |
name: example.com
|
|
|
fb9e9a |
forwarders:
|
|
|
fb9e9a |
@@ -83,7 +83,7 @@ Example playbook to ensure presence of a forwardzone to ipa DNS:
|
|
|
fb9e9a |
|
|
|
fb9e9a |
- name: ensure the forwarder for example.com does not exists (delete it if needed)
|
|
|
fb9e9a |
ipadnsforwardzone:
|
|
|
fb9e9a |
- ipaadmin_password: password01
|
|
|
fb9e9a |
+ ipaadmin_password: SomeADMINpassword
|
|
|
fb9e9a |
name: example.com
|
|
|
fb9e9a |
state: absent
|
|
|
fb9e9a |
```
|