mirror of
https://github.com/freeipa/ansible-freeipa.git
synced 2026-03-26 21:33:05 +00:00
377 lines
12 KiB
YAML
377 lines
12 KiB
YAML
---
|
|
- name: Test dnsforwardzone
|
|
hosts: "{{ ipa_test_host | default('ipaserver') }}"
|
|
become: true
|
|
gather_facts: false
|
|
|
|
tasks:
|
|
- name: Ensure test forwardzones are absent
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name:
|
|
- example.com
|
|
- newfailzone.com
|
|
state: absent
|
|
|
|
- name: Ensure forwardzone example.com is created
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
state: present
|
|
name: example.com
|
|
forwarders:
|
|
- ip_address: 8.8.8.8
|
|
forwardpolicy: first
|
|
skip_overlap_check: true
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure forwardzone example.com is present again
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
state: present
|
|
name: example.com
|
|
forwarders:
|
|
- ip_address: 8.8.8.8
|
|
forwardpolicy: first
|
|
skip_overlap_check: true
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure forwardzone example.com has two forwarders
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
state: present
|
|
name: example.com
|
|
forwarders:
|
|
- ip_address: 8.8.8.8
|
|
- ip_address: 4.4.4.4
|
|
port: 8053
|
|
forwardpolicy: first
|
|
skip_overlap_check: true
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure forwardzone example.com has one forwarder again
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: example.com
|
|
forwarders:
|
|
- ip_address: 8.8.8.8
|
|
forwardpolicy: first
|
|
skip_overlap_check: true
|
|
state: present
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Skip_overlap_check can only be set on creation so change nothing
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: example.com
|
|
forwarders:
|
|
- ip_address: 8.8.8.8
|
|
forwardpolicy: first
|
|
skip_overlap_check: false
|
|
state: present
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure forwardzone example.com is absent.
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: example.com
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure forwardzone example.com is absent, again.
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: example.com
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Change all the things at once
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
state: present
|
|
name: example.com
|
|
forwarders:
|
|
- ip_address: 8.8.8.8
|
|
- ip_address: 4.4.4.4
|
|
port: 8053
|
|
forwardpolicy: only
|
|
skip_overlap_check: true
|
|
permission: yes
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Change zone forward policy
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: example.com
|
|
forwardpolicy: first
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Change zone forward policy, again
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: example.com
|
|
forwardpolicy: first
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure forwardzone example.com is absent.
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: example.com
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure forwardzone example.com is absent, again.
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: example.com
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure forwardzone example.com is created with minimal args
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
state: present
|
|
name: example.com
|
|
skip_overlap_check: true
|
|
forwarders:
|
|
- ip_address: 8.8.8.8
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure forwardzone example.com is created with minimal args, again
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
state: present
|
|
name: example.com
|
|
skip_overlap_check: true
|
|
forwarders:
|
|
- ip_address: 8.8.8.8
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Add a forwarder to any existing ones
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
state: present
|
|
name: example.com
|
|
forwarders:
|
|
- ip_address: 4.4.4.4
|
|
port: 8053
|
|
action: member
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Add a forwarder to any existing ones, again
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
state: present
|
|
name: example.com
|
|
forwarders:
|
|
- ip_address: 4.4.4.4
|
|
port: 8053
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Check the list of forwarders is what we expect
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
state: present
|
|
name: example.com
|
|
forwarders:
|
|
- ip_address: 4.4.4.4
|
|
port: 8053
|
|
- ip_address: 8.8.8.8
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Remove a single forwarder
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
state: absent
|
|
name: example.com
|
|
forwarders:
|
|
- ip_address: 8.8.8.8
|
|
action: member
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Remove a single forwarder, again
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
state: absent
|
|
name: example.com
|
|
forwarders:
|
|
- ip_address: 8.8.8.8
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Check the list of forwarders is what we expect now
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
state: present
|
|
name: example.com
|
|
forwarders:
|
|
- ip_address: 4.4.4.4
|
|
port: 8053
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Add a permission for per-forward zone access delegation.
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: example.com
|
|
permission: yes
|
|
action: member
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Add a permission for per-forward zone access delegation, again.
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: example.com
|
|
permission: yes
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Remove a permission for per-forward zone access delegation.
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: example.com
|
|
permission: no
|
|
action: member
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Remove a permission for per-forward zone access delegation, again.
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: example.com
|
|
permission: no
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Disable the forwarder
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: example.com
|
|
state: disabled
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Disable the forwarder again
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: example.com
|
|
state: disabled
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Enable the forwarder
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: example.com
|
|
state: enabled
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Enable the forwarder, again
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: example.com
|
|
state: enabled
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure forwardzone example.com is absent again
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: example.com
|
|
state: absent
|
|
|
|
- name: Try to create a new forwarder with action=member
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
state: present
|
|
name: example.com
|
|
forwarders:
|
|
- ip_address: 4.4.4.4
|
|
port: 8053
|
|
action: member
|
|
skip_overlap_check: true
|
|
register: result
|
|
failed_when: not result.failed or "not found" not in result.msg
|
|
|
|
- name: Try to create a new forwarder with disabled state
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: example.com
|
|
state: disabled
|
|
register: result
|
|
failed_when: not result.failed or "not found" not in result.msg
|
|
|
|
- name: Ensure forwardzone is not added without forwarders, with correct message.
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: newfailzone.com
|
|
register: result
|
|
failed_when: not result.failed or "No forwarders specified" not in result.msg
|
|
|
|
- name: Ensure forwardzone example.com is absent - tidy up
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name:
|
|
- example.com
|
|
- newfailzone.com
|
|
state: absent
|