mirror of
https://github.com/freeipa/ansible-freeipa.git
synced 2026-05-07 05:43:26 +00:00
857fb82eb9
This patch allows the modification of the forward zone policy in an existing DNS Forward Zone, and fixes some issues with `enable` and `disable` state that prevented correct behavior of `forwardpolicy`.
299 lines
7.9 KiB
YAML
299 lines
7.9 KiB
YAML
---
|
|
- name: Test dnsforwardzone
|
|
hosts: ipaserver
|
|
become: true
|
|
gather_facts: false
|
|
|
|
tasks:
|
|
- name: ensure test forwardzones are absent
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name:
|
|
- example.com
|
|
- newfailzone.com
|
|
state: absent
|
|
|
|
- name: ensure forwardzone example.com is created
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
state: present
|
|
name: example.com
|
|
forwarders:
|
|
- ip_address: 8.8.8.8
|
|
forwardpolicy: first
|
|
skip_overlap_check: true
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: ensure forwardzone example.com is present again
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
state: present
|
|
name: example.com
|
|
forwarders:
|
|
- ip_address: 8.8.8.8
|
|
forwardpolicy: first
|
|
skip_overlap_check: true
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: ensure forwardzone example.com has two forwarders
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
state: present
|
|
name: example.com
|
|
forwarders:
|
|
- ip_address: 8.8.8.8
|
|
- ip_address: 4.4.4.4
|
|
port: 8053
|
|
forwardpolicy: first
|
|
skip_overlap_check: true
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: ensure forwardzone example.com has one forwarder again
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: example.com
|
|
forwarders:
|
|
- ip_address: 8.8.8.8
|
|
forwardpolicy: first
|
|
skip_overlap_check: true
|
|
state: present
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: skip_overlap_check can only be set on creation so change nothing
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: example.com
|
|
forwarders:
|
|
- ip_address: 8.8.8.8
|
|
forwardpolicy: first
|
|
skip_overlap_check: false
|
|
state: present
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: ensure forwardzone example.com is absent.
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: example.com
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: ensure forwardzone example.com is absent, again.
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: example.com
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: change all the things at once
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
state: present
|
|
name: example.com
|
|
forwarders:
|
|
- ip_address: 8.8.8.8
|
|
- ip_address: 4.4.4.4
|
|
port: 8053
|
|
forwardpolicy: only
|
|
skip_overlap_check: true
|
|
permission: yes
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: change zone forward policy
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: example.com
|
|
forwardpolicy: first
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: change zone forward policy, again
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: example.com
|
|
forwardpolicy: first
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: ensure forwardzone example.com is absent.
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: example.com
|
|
state: absent
|
|
|
|
- name: ensure forwardzone example.com is created with minimal args
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
state: present
|
|
name: example.com
|
|
skip_overlap_check: true
|
|
forwarders:
|
|
- ip_address: 8.8.8.8
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: add a forwarder to any existing ones
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
state: present
|
|
name: example.com
|
|
forwarders:
|
|
- ip_address: 4.4.4.4
|
|
port: 8053
|
|
action: member
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: check the list of forwarders is what we expect
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
state: present
|
|
name: example.com
|
|
forwarders:
|
|
- ip_address: 4.4.4.4
|
|
port: 8053
|
|
- ip_address: 8.8.8.8
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: remove a single forwarder
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
state: absent
|
|
name: example.com
|
|
forwarders:
|
|
- ip_address: 8.8.8.8
|
|
action: member
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: check the list of forwarders is what we expect now
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
state: present
|
|
name: example.com
|
|
forwarders:
|
|
- ip_address: 4.4.4.4
|
|
port: 8053
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: Add a permission for per-forward zone access delegation.
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: example.com
|
|
permission: yes
|
|
action: member
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Add a permission for per-forward zone access delegation, again.
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: example.com
|
|
permission: yes
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: Remove a permission for per-forward zone access delegation.
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: example.com
|
|
permission: no
|
|
action: member
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Remove a permission for per-forward zone access delegation, again.
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: example.com
|
|
permission: no
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: disable the forwarder
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: example.com
|
|
state: disabled
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: disable the forwarder again
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: example.com
|
|
state: disabled
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: enable the forwarder
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: example.com
|
|
state: enabled
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: enable the forwarder, again
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: example.com
|
|
state: enabled
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: ensure forwardzone example.com is absent again
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: example.com
|
|
state: absent
|
|
|
|
- name: try to create a new forwarder with action=member
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
state: present
|
|
name: example.com
|
|
forwarders:
|
|
- ip_address: 4.4.4.4
|
|
port: 8053
|
|
action: member
|
|
skip_overlap_check: true
|
|
register: result
|
|
failed_when: not result.failed or "not found" not in result.msg
|
|
|
|
- name: try to create a new forwarder with disabled state
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: example.com
|
|
state: disabled
|
|
register: result
|
|
failed_when: not result.failed or "not found" not in result.msg
|
|
|
|
- name: Ensure forwardzone is not added without forwarders, with correct message.
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: newfailzone.com
|
|
register: result
|
|
failed_when: not result.failed or "No forwarders specified" not in result.msg
|
|
|
|
- name: ensure forwardzone example.com is absent - tidy up
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name:
|
|
- example.com
|
|
- newfailzone.com
|
|
state: absent
|