mirror of
https://github.com/freeipa/ansible-freeipa.git
synced 2026-03-26 21:33:05 +00:00
3bd68ac0fa
IPA DNS Zones management can be delegated by adding a "Manage DNS zone" permission. The CLI commands that manage these permissions are dnszone-add-permission and dnszone-remove-permission. The ansible-freeipa module ipadnszone did not have this capability, and it now support dnszone per-zone management delegation by setting the module parameter 'permission'. If set to 'true' the permission will be assigned to the zone, if set to false the permission will be removed.
249 lines
6.4 KiB
YAML
249 lines
6.4 KiB
YAML
---
|
|
- name: Test dnszone
|
|
hosts: "{{ ipa_test_host | default('ipaserver') }}"
|
|
become: true
|
|
gather_facts: true
|
|
module_defaults:
|
|
ipadnszone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
|
|
tasks:
|
|
|
|
# Setup
|
|
- name: Setup testing environment
|
|
ansible.builtin.include_tasks: env_setup.yml
|
|
|
|
# Tests
|
|
- name: Check if zone is present, when it shouldn't be.
|
|
ipadnszone:
|
|
name: testzone.local
|
|
state: present
|
|
check_mode: yes
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Check if zone is present again, when it shouldn't be.
|
|
ipadnszone:
|
|
name: testzone.local
|
|
state: present
|
|
check_mode: yes
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure zone is present.
|
|
ipadnszone:
|
|
name: testzone.local
|
|
state: present
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Check if zone is present, when it should be.
|
|
ipadnszone:
|
|
name: testzone.local
|
|
state: present
|
|
check_mode: yes
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure zone is present, again.
|
|
ipadnszone:
|
|
name: testzone.local
|
|
state: present
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure zone is disabled.
|
|
ipadnszone:
|
|
name: testzone.local
|
|
state: disabled
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure zone is disabled, again.
|
|
ipadnszone:
|
|
name: testzone.local
|
|
state: disabled
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure zone is enabled.
|
|
ipadnszone:
|
|
name: testzone.local
|
|
state: enabled
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure zone is enabled, again.
|
|
ipadnszone:
|
|
name: testzone.local
|
|
state: enabled
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure forward_policy is none.
|
|
ipadnszone:
|
|
name: testzone.local
|
|
forward_policy: none
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure forward_policy is none, again.
|
|
ipadnszone:
|
|
name: testzone.local
|
|
forward_policy: none
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure forward_policy is first.
|
|
ipadnszone:
|
|
name: testzone.local
|
|
forward_policy: first
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure forward_policy is first, again.
|
|
ipadnszone:
|
|
name: testzone.local
|
|
forward_policy: first
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure first forwarder is set.
|
|
ipadnszone:
|
|
name: testzone.local
|
|
forwarders:
|
|
- ip_address: 8.8.8.8
|
|
port: 53
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure first and second forwarder are set.
|
|
ipadnszone:
|
|
name: testzone.local
|
|
forwarders:
|
|
- ip_address: 8.8.8.8
|
|
port: 53
|
|
- ip_address: 2001:4860:4860::8888
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure first and second forwarder are set, again.
|
|
ipadnszone:
|
|
name: testzone.local
|
|
forwarders:
|
|
- ip_address: 8.8.8.8
|
|
port: 53
|
|
- ip_address: 2001:4860:4860::8888
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure only second forwarder is set.
|
|
ipadnszone:
|
|
name: testzone.local
|
|
forwarders:
|
|
- ip_address: 2001:4860:4860::8888
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Nothing changes.
|
|
ipadnszone:
|
|
name: testzone.local
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure no forwarders are set.
|
|
ipadnszone:
|
|
name: testzone.local
|
|
forwarders: []
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Create zones test1
|
|
ipadnszone:
|
|
name: test1.testzone.local
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Create zones test1, again
|
|
ipadnszone:
|
|
name: test1.testzone.local
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Create zones test2
|
|
ipadnszone:
|
|
name: test2.testzone.local
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Create zones test2, again
|
|
ipadnszone:
|
|
name: test2.testzone.local
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Create zones test3
|
|
ipadnszone:
|
|
name: test3.testzone.local
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Create zones test3, again
|
|
ipadnszone:
|
|
name: test3.testzone.local
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure zone test1.testzone.local has management permissioon
|
|
ipadnszone:
|
|
name: test1.testzone.local
|
|
permission: true
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure zone test1.testzone.local has management permissioon
|
|
ipadnszone:
|
|
name: test1.testzone.local
|
|
permission: true
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure zone test1.testzone.local don't have management permissioon
|
|
ipadnszone:
|
|
name: test1.testzone.local
|
|
permission: false
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure zone test1.testzone.local don't have management permissioon
|
|
ipadnszone:
|
|
name: test1.testzone.local
|
|
permission: false
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure multiple zones are absent
|
|
ipadnszone:
|
|
name:
|
|
- test1.testzone.local
|
|
- test2.testzone.local
|
|
- test3.testzone.local
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure multiple zones are absent, again
|
|
ipadnszone:
|
|
name:
|
|
- test1.testzone.local
|
|
- test2.testzone.local
|
|
- test3.testzone.local
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
# Teardown
|
|
- name: Teardown testing environment
|
|
ansible.builtin.include_tasks: env_teardown.yml
|