From 889b2a55768b02d77def9fd196f228399efb243d Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Thu, 21 Jul 2022 00:42:52 -0300 Subject: [PATCH 1/4] ipadnsconfig: Fixe comparison of bool values in IPA 4.9.10+ IPA 4.9.10+ handles LDAP boolean values correctly, and the comparison should be executed with the values itself, instead of a string representation. --- plugins/modules/ipadnsconfig.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/plugins/modules/ipadnsconfig.py b/plugins/modules/ipadnsconfig.py index d363d37c..19044927 100644 --- a/plugins/modules/ipadnsconfig.py +++ b/plugins/modules/ipadnsconfig.py @@ -173,7 +173,10 @@ def gen_args(module, state, action, dnsconfig, forwarders, forward_policy, _args['idnsforwardpolicy'] = forward_policy if allow_sync_ptr is not None: - _args['idnsallowsyncptr'] = 'TRUE' if allow_sync_ptr else 'FALSE' + if module.ipa_check_version("<", "4.9.10"): + _args['idnsallowsyncptr'] = "TRUE" if allow_sync_ptr else "FALSE" + else: + _args['idnsallowsyncptr'] = allow_sync_ptr return _args From aed5edae33e0098c752e51b56e135cc6924c5d32 Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Thu, 21 Jul 2022 00:46:01 -0300 Subject: [PATCH 2/4] ipadnsconfig: Enable chech_mode support --- plugins/modules/ipadnsconfig.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/plugins/modules/ipadnsconfig.py b/plugins/modules/ipadnsconfig.py index 19044927..7b743202 100644 --- a/plugins/modules/ipadnsconfig.py +++ b/plugins/modules/ipadnsconfig.py @@ -202,7 +202,8 @@ def main(): choices=["member", "dnsconfig"]), state=dict(type="str", default="present", choices=["present", "absent"]), - ) + ), + supports_check_mode=True, ) ansible_module._ansible_debug = True From 8f0d983845636aab230abab570f3d99560120bcc Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Thu, 21 Jul 2022 00:46:33 -0300 Subject: [PATCH 3/4] ipadnsconfig: Separate tests for forwarders with custom ports. Due to an issue with python-dns, FreeIPA is raising an expection when setting a DNS forwarder with a custom port. Separating the test for ipadnsconfig that use forwarders with custom allows the other tests to be correctly executed. --- tests/dnsconfig/test_dnsconfig.yml | 131 +----------------- .../test_dnsconfig_forwarders_ports.yml | 81 +++++++++++ 2 files changed, 87 insertions(+), 125 deletions(-) create mode 100644 tests/dnsconfig/test_dnsconfig_forwarders_ports.yml diff --git a/tests/dnsconfig/test_dnsconfig.yml b/tests/dnsconfig/test_dnsconfig.yml index b12d56fb..cadfa337 100644 --- a/tests/dnsconfig/test_dnsconfig.yml +++ b/tests/dnsconfig/test_dnsconfig.yml @@ -13,14 +13,11 @@ forwarders: - ip_address: 8.8.8.8 - ip_address: 8.8.4.4 - - ip_address: 2001:4860:4860::8888 - - ip_address: 2001:4860:4860::8888 - port: 53 state: absent action: member # Tests. - - name: Set config to invalid IPv4. + - name: Set forward with invalid IPv4. ipadnsconfig: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" @@ -54,8 +51,6 @@ forwarders: - ip_address: 8.8.8.8 - ip_address: 8.8.4.4 - - ip_address: 2001:4860:4860::8888 - port: 53 forward_policy: only allow_sync_ptr: yes register: result @@ -68,8 +63,6 @@ forwarders: - ip_address: 8.8.8.8 - ip_address: 8.8.4.4 - - ip_address: 2001:4860:4860::8888 - port: 53 forward_policy: only allow_sync_ptr: yes register: result @@ -97,14 +90,15 @@ register: result failed_when: result.changed or result.failed - - name: Ensure forwarder 8.8.4.4 is present. + - name: Check if forwarder 8.8.4.4 is present. ipadnsconfig: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" forwarders: - ip_address: 8.8.4.4 + check_mode: yes register: result - failed_when: not result.changed or result.failed + failed_when: result.changed or result.failed - name: Ensure forwarder 8.8.8.8 is present. ipadnsconfig: @@ -115,35 +109,16 @@ register: result failed_when: not result.changed or result.failed - - name: Ensure forwarder 8.8.4.4 is present. + - name: Check forwarder 8.8.4.4 is still present. ipadnsconfig: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" forwarders: - ip_address: 8.8.4.4 + check_mode: yes register: result failed_when: not result.changed or result.failed - - name: Ensure forwarders are absent. - ipadnsconfig: - ipaadmin_password: SomeADMINpassword - ipaapi_context: "{{ ipa_context | default(omit) }}" - forwarders: - - ip_address: 8.8.4.4 - - ip_address: 8.8.8.8 - register: result - failed_when: not result.changed or result.failed - - - name: Ensure forwarders are absent, again. - ipadnsconfig: - ipaadmin_password: SomeADMINpassword - ipaapi_context: "{{ ipa_context | default(omit) }}" - forwarders: - - ip_address: 8.8.4.4 - - ip_address: 8.8.8.8 - register: result - failed_when: result.changed or result.failed - - name: Disable global forwarders. ipadnsconfig: ipaadmin_password: SomeADMINpassword @@ -208,97 +183,6 @@ register: result failed_when: result.changed or result.failed - - name: Ensure all forwarders are absent. - ipadnsconfig: - ipaadmin_password: SomeADMINpassword - ipaapi_context: "{{ ipa_context | default(omit) }}" - forwarders: - - ip_address: 8.8.8.8 - - ip_address: 8.8.4.4 - - ip_address: 2001:4860:4860::8888 - port: 53 - state: absent - action: member - register: result - failed_when: not result.changed or result.failed - - - name: Ensure all forwarders are absent, again. - ipadnsconfig: - ipaadmin_password: SomeADMINpassword - ipaapi_context: "{{ ipa_context | default(omit) }}" - forwarders: - - ip_address: 8.8.8.8 - - ip_address: 8.8.4.4 - - ip_address: 2001:4860:4860::8888 - port: 53 - state: absent - action: member - register: result - failed_when: result.changed or result.failed - - - name: Ensure forwarder is present. - ipadnsconfig: - ipaadmin_password: SomeADMINpassword - ipaapi_context: "{{ ipa_context | default(omit) }}" - forwarders: - - ip_address: 8.8.8.8 - register: result - failed_when: not result.changed or result.failed - - - name: Ensure forwarders is not present. - ipadnsconfig: - ipaadmin_password: SomeADMINpassword - ipaapi_context: "{{ ipa_context | default(omit) }}" - forwarders: - - ip_address: 8.8.4.4 - check_mode: yes - register: result - failed_when: not result.changed or result.failed - - - name: Ensure forwarders are present. - ipadnsconfig: - ipaadmin_password: SomeADMINpassword - ipaapi_context: "{{ ipa_context | default(omit) }}" - forwarders: - - ip_address: 8.8.4.4 - - ip_address: 8.8.8.8 - action: member - register: result - failed_when: not result.changed or result.failed - - - name: Ensure forwarders are present, again. - ipadnsconfig: - ipaadmin_password: SomeADMINpassword - ipaapi_context: "{{ ipa_context | default(omit) }}" - forwarders: - - ip_address: 8.8.4.4 - - ip_address: 8.8.8.8 - action: member - register: result - failed_when: result.changed or result.failed - - - name: Ensure another forwarder is present. - ipadnsconfig: - ipaadmin_password: SomeADMINpassword - ipaapi_context: "{{ ipa_context | default(omit) }}" - forwarders: - - ip_address: 8.8.4.4 - action: member - register: result - failed_when: result.changed or result.failed - - - name: Ensure forwarders are present. - ipadnsconfig: - ipaadmin_password: SomeADMINpassword - ipaapi_context: "{{ ipa_context | default(omit) }}" - forwarders: - - ip_address: 8.8.4.4 - - ip_address: 8.8.8.8 - action: member - register: result - failed_when: result.changed or result.failed - - # Cleanup. - name: Ensure forwarders are absent. ipadnsconfig: ipaadmin_password: SomeADMINpassword @@ -306,8 +190,5 @@ forwarders: - ip_address: 8.8.8.8 - ip_address: 8.8.4.4 - - ip_address: 2001:4860:4860::8888 - - ip_address: 2001:4860:4860::8888 - port: 53 state: absent action: member diff --git a/tests/dnsconfig/test_dnsconfig_forwarders_ports.yml b/tests/dnsconfig/test_dnsconfig_forwarders_ports.yml new file mode 100644 index 00000000..11c3e396 --- /dev/null +++ b/tests/dnsconfig/test_dnsconfig_forwarders_ports.yml @@ -0,0 +1,81 @@ +--- +- name: Test dnsconfig forwarders with custom ports + hosts: "{{ ipa_test_host | default('ipaserver') }}" + become: true + gather_facts: no + + tasks: + - block: + # Setup. + - name: Ensure forwarder with custom port is absent. + ipadnsconfig: + ipaadmin_password: SomeADMINpassword + ipaapi_context: "{{ ipa_context | default(omit) }}" + forwarders: + - ip_address: 2001:4860:4860::8888 + port: 53 + state: absent + action: member + + # Tests. + + - name: Ensure forwarder with custom port is present. + ipadnsconfig: + ipaadmin_password: SomeADMINpassword + ipaapi_context: "{{ ipa_context | default(omit) }}" + forwarders: + - ip_address: 2001:4860:4860::8888 + port: 53 + state: present + action: member + register: result + failed_when: not result.changed or result.failed + + - name: Ensure forwarder with custom port is present, again. + ipadnsconfig: + ipaadmin_password: SomeADMINpassword + ipaapi_context: "{{ ipa_context | default(omit) }}" + forwarders: + - ip_address: 2001:4860:4860::8888 + port: 53 + state: present + action: member + register: result + failed_when: result.changed or result.failed + + - name: Ensure forwarder with custom port is absent. + ipadnsconfig: + ipaadmin_password: SomeADMINpassword + ipaapi_context: "{{ ipa_context | default(omit) }}" + forwarders: + - ip_address: 2001:4860:4860::8888 + port: 53 + state: absent + action: member + register: result + failed_when: not result.changed or result.failed + + - name: Ensure forwarder with custom port is absent, again. + ipadnsconfig: + ipaadmin_password: SomeADMINpassword + ipaapi_context: "{{ ipa_context | default(omit) }}" + forwarders: + - ip_address: 2001:4860:4860::8888 + port: 53 + state: absent + action: member + register: result + failed_when: result.changed or result.failed + + always: + + # Cleanup. + - name: Ensure forwarder with custom port is absent. + ipadnsconfig: + ipaadmin_password: SomeADMINpassword + ipaapi_context: "{{ ipa_context | default(omit) }}" + forwarders: + - ip_address: 2001:4860:4860::8888 + port: 53 + state: absent + action: member From f9bf0cfec093b97e8a8886d6977853eb24cc2796 Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Thu, 21 Jul 2022 00:49:11 -0300 Subject: [PATCH 4/4] ipadnsconfig: Disable only tests that are failing due to python-dns This patch disables only the tests that are failing due to python-dns issue in FreeIPA, allowing other tests in the test suite to be executed. --- tests/azure/templates/variables.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/azure/templates/variables.yaml b/tests/azure/templates/variables.yaml index f200416b..b6e16868 100644 --- a/tests/azure/templates/variables.yaml +++ b/tests/azure/templates/variables.yaml @@ -16,5 +16,5 @@ variables: # ipa_enabled_tests: >- ipa_disabled_modules: >- dnsconfig, - dnsforwardzone, - # ipa_disabled_tests: >- + ipa_disabled_tests: >- + test_dnsconfig_forwarders_ports