internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-03-26 21:33:05 +00:00
Code Issues Projects Releases Wiki Activity

ipadnszone: Fix modification o SOA serial with other attributes.

Browse Source 
Due to an issue with FreeIPA, when modifying the SOA serial attribute
along with other attributes, the value is ignored. In order to have
the value provided, the attribute is set is a later call to dnszone-mod
allowing it to retain the desired value.

Ref: https://pagure.io/freeipa/issue/8489
This commit is contained in:
Rafael Guterres Jeffman
2020-11-19 19:13:03 -03:00
parent f50cd61357
commit 845afc0f80
2 changed files with 101 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
plugins/modules/ipadnszone.py
View File

@@ -214,6 +214,7 @@ from ansible.module_utils.ansible_freeipa_module import (
is_ipv6_addr,
is_valid_port,
) # noqa: E402
import ipalib.errors
import netaddr
import six
@@ -404,13 +405,14 @@ class DNSZoneModule(FreeIPABaseModule):
def get_zone(self, zone_name):
get_zone_args = {"idnsname": zone_name, "all": True}
response = self.api_command("dnszone_find", args=get_zone_args)
zone = None
is_zone_active = False
if response["count"] == 1:
zone = response["result"][0]
try:
response = self.api_command("dnszone_show", args=get_zone_args)
except ipalib.errors.NotFound:
zone = None
is_zone_active = False
else:
zone = response["result"]
is_zone_active = zone.get("idnszoneactive") == ["TRUE"]
return zone, is_zone_active
@@ -448,7 +450,10 @@ class DNSZoneModule(FreeIPABaseModule):
# Look for existing zone in IPA
zone, is_zone_active = self.get_zone(zone_name)
args = self.get_ipa_command_args(zone=zone)
just_added = False
set_serial = self.ipa_params.serial is not None
if set_serial:
del args["idnssoaserial"]
if self.ipa_params.state in ["present", "enabled", "disabled"]:
if not zone:
@@ -456,7 +461,7 @@ class DNSZoneModule(FreeIPABaseModule):
# with given args
self.add_ipa_command("dnszone_add", zone_name, args)
is_zone_active = True
just_added = True
# just_added = True
else:
# Zone already exist so we need to verify if given args
@@ -464,22 +469,24 @@ class DNSZoneModule(FreeIPABaseModule):
if self.require_ipa_attrs_change(args, zone):
self.add_ipa_command("dnszone_mod", zone_name, args)
if self.ipa_params.state == "enabled" and not is_zone_active:
self.add_ipa_command("dnszone_enable", zone_name)
if self.ipa_params.state == "enabled" and not is_zone_active:
self.add_ipa_command("dnszone_enable", zone_name)
if self.ipa_params.state == "disabled" and is_zone_active:
self.add_ipa_command("dnszone_disable", zone_name)
if self.ipa_params.state == "disabled" and is_zone_active:
self.add_ipa_command("dnszone_disable", zone_name)
if self.ipa_params.state == "absent":
if zone:
self.add_ipa_command("dnszone_del", zone_name)
if self.ipa_params.state == "absent" and zone is not None:
self.add_ipa_command("dnszone_del", zone_name)
# Due to a bug in FreeIPA dnszone-add won't set
# SOA Serial. The good news is that dnszone-mod does the job.
# See: https://pagure.io/freeipa/issue/8227
# Because of that, if the zone was just added with a given serial
# we run mod just after to workaround the bug
if just_added and self.ipa_params.serial is not None:
# SOA Serial in the creation of a zone, or if
# another field is modified along with it.
# As a workaround, we set only the SOA serial,
# with dnszone-mod, after other changes.
# See:
# - https://pagure.io/freeipa/issue/8227
# - https://pagure.io/freeipa/issue/8489
if set_serial:
args = {
"idnssoaserial": self.ipa_params.serial,
}

74
tests/dnszone/test_dnszone_mod.yml
View File

@@ -11,6 +11,80 @@
include_tasks: env_setup.yml
# Tests
- name: Verify if zone can be created with a specific SOA serial.
block:
- name: Create zone with serial, refresh, retry and expire.
ipadnszone:
ipaadmin_password: SomeADMINpassword
name: testzone.local
serial: 4567
refresh: 70
retry: 89
expire: 200
- name: Verify zone was created with correct values.
shell: |
echo SomeADMINpassword | kinit -c {{ KRB5CCNAME }} admin
KRB5CCNAME={{ KRB5CCNAME }} ipa dnszone-show testzone.local
kdestroy -A -q -c {{ KRB5CCNAME }}
register: result
failed_when: |
result.failed or not (
"serial: 4567" in result.stdout
and "refresh: 70" in result.stdout
and "retry: 89" in result.stdout
and "expire: 200" in result.stdout
)
- name: Remove test zone.
ipadnszone:
ipaadmin_password: SomeADMINpassword
name: testzone.local
state: absent
vars:
KRB5CCNAME: verify_bz_1876896
- name: Verify if a zone can have the the SOA serial modified to a specific value.
block:
- name: Create zone.
ipadnszone:
ipaadmin_password: SomeADMINpassword
name: testzone.local
state: present
- name: Modify zone with serial, refresh, retry and expire.
ipadnszone:
ipaadmin_password: SomeADMINpassword
name: testzone.local
serial: 4567
refresh: 70
retry: 89
expire: 200
- name: Verify zone was modified to the correct values
shell: |
echo SomeADMINpassword | kinit -c {{ KRB5CCNAME }} admin
KRB5CCNAME={{ KRB5CCNAME }} ipa dnszone-show testzone.local
kdestroy -A -q -c {{ KRB5CCNAME }}
register: result
failed_when: |
result.failed or not (
"serial: 4567" in result.stdout
and "refresh: 70" in result.stdout
and "retry: 89" in result.stdout
and "expire: 200" in result.stdout
)
- name: Remove test zone.
ipadnszone:
ipaadmin_password: SomeADMINpassword
name: testzone.local
state: absent
vars:
KRB5CCNAME: verify_bz_1876896
- name: Ensure zone is present.
ipadnszone:
ipaadmin_password: SomeADMINpassword