mirror of
https://github.com/freeipa/ansible-freeipa.git
synced 2026-03-26 21:33:05 +00:00
da45d74f75
Update dnsforwardzone README file and add tests for executing plugin with
`ipaapi_context` set to `client`.
A new test playbook can be found at:
tests/dnsforwardzone/test_dnsforwardzone_client_context.yml
The new test file can be executed in a FreeIPA client host that is
not a server. In this case, it should be defined in the `ipaclients`
group, in the inventory file.
Due to differences in data returned when running ipadnsforwardzone in
a client context, some values had to be modified so that comparision
works, avoiding unnecessary IPA API calls.
377 lines
12 KiB
YAML
377 lines
12 KiB
YAML
---
|
|
- name: Test dnsforwardzone
|
|
hosts: "{{ ipa_test_host | default('ipaserver') }}"
|
|
become: true
|
|
gather_facts: false
|
|
|
|
tasks:
|
|
- name: ensure test forwardzones are absent
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name:
|
|
- example.com
|
|
- newfailzone.com
|
|
state: absent
|
|
|
|
- name: ensure forwardzone example.com is created
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
state: present
|
|
name: example.com
|
|
forwarders:
|
|
- ip_address: 8.8.8.8
|
|
forwardpolicy: first
|
|
skip_overlap_check: true
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: ensure forwardzone example.com is present again
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
state: present
|
|
name: example.com
|
|
forwarders:
|
|
- ip_address: 8.8.8.8
|
|
forwardpolicy: first
|
|
skip_overlap_check: true
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: ensure forwardzone example.com has two forwarders
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
state: present
|
|
name: example.com
|
|
forwarders:
|
|
- ip_address: 8.8.8.8
|
|
- ip_address: 4.4.4.4
|
|
port: 8053
|
|
forwardpolicy: first
|
|
skip_overlap_check: true
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: ensure forwardzone example.com has one forwarder again
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: example.com
|
|
forwarders:
|
|
- ip_address: 8.8.8.8
|
|
forwardpolicy: first
|
|
skip_overlap_check: true
|
|
state: present
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: skip_overlap_check can only be set on creation so change nothing
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: example.com
|
|
forwarders:
|
|
- ip_address: 8.8.8.8
|
|
forwardpolicy: first
|
|
skip_overlap_check: false
|
|
state: present
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: ensure forwardzone example.com is absent.
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: example.com
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: ensure forwardzone example.com is absent, again.
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: example.com
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: change all the things at once
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
state: present
|
|
name: example.com
|
|
forwarders:
|
|
- ip_address: 8.8.8.8
|
|
- ip_address: 4.4.4.4
|
|
port: 8053
|
|
forwardpolicy: only
|
|
skip_overlap_check: true
|
|
permission: yes
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: change zone forward policy
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: example.com
|
|
forwardpolicy: first
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: change zone forward policy, again
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: example.com
|
|
forwardpolicy: first
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: ensure forwardzone example.com is absent.
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: example.com
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: ensure forwardzone example.com is absent, again.
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: example.com
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: ensure forwardzone example.com is created with minimal args
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
state: present
|
|
name: example.com
|
|
skip_overlap_check: true
|
|
forwarders:
|
|
- ip_address: 8.8.8.8
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: ensure forwardzone example.com is created with minimal args, again
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
state: present
|
|
name: example.com
|
|
skip_overlap_check: true
|
|
forwarders:
|
|
- ip_address: 8.8.8.8
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: add a forwarder to any existing ones
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
state: present
|
|
name: example.com
|
|
forwarders:
|
|
- ip_address: 4.4.4.4
|
|
port: 8053
|
|
action: member
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: add a forwarder to any existing ones, again
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
state: present
|
|
name: example.com
|
|
forwarders:
|
|
- ip_address: 4.4.4.4
|
|
port: 8053
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: check the list of forwarders is what we expect
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
state: present
|
|
name: example.com
|
|
forwarders:
|
|
- ip_address: 4.4.4.4
|
|
port: 8053
|
|
- ip_address: 8.8.8.8
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: remove a single forwarder
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
state: absent
|
|
name: example.com
|
|
forwarders:
|
|
- ip_address: 8.8.8.8
|
|
action: member
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: remove a single forwarder, again
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
state: absent
|
|
name: example.com
|
|
forwarders:
|
|
- ip_address: 8.8.8.8
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: check the list of forwarders is what we expect now
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
state: present
|
|
name: example.com
|
|
forwarders:
|
|
- ip_address: 4.4.4.4
|
|
port: 8053
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Add a permission for per-forward zone access delegation.
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: example.com
|
|
permission: yes
|
|
action: member
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Add a permission for per-forward zone access delegation, again.
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: example.com
|
|
permission: yes
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Remove a permission for per-forward zone access delegation.
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: example.com
|
|
permission: no
|
|
action: member
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Remove a permission for per-forward zone access delegation, again.
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: example.com
|
|
permission: no
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: disable the forwarder
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: example.com
|
|
state: disabled
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: disable the forwarder again
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: example.com
|
|
state: disabled
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: enable the forwarder
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: example.com
|
|
state: enabled
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: enable the forwarder, again
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: example.com
|
|
state: enabled
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: ensure forwardzone example.com is absent again
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: example.com
|
|
state: absent
|
|
|
|
- name: try to create a new forwarder with action=member
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
state: present
|
|
name: example.com
|
|
forwarders:
|
|
- ip_address: 4.4.4.4
|
|
port: 8053
|
|
action: member
|
|
skip_overlap_check: true
|
|
register: result
|
|
failed_when: not result.failed or "not found" not in result.msg
|
|
|
|
- name: try to create a new forwarder with disabled state
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: example.com
|
|
state: disabled
|
|
register: result
|
|
failed_when: not result.failed or "not found" not in result.msg
|
|
|
|
- name: Ensure forwardzone is not added without forwarders, with correct message.
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: newfailzone.com
|
|
register: result
|
|
failed_when: not result.failed or "No forwarders specified" not in result.msg
|
|
|
|
- name: ensure forwardzone example.com is absent - tidy up
|
|
ipadnsforwardzone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name:
|
|
- example.com
|
|
- newfailzone.com
|
|
state: absent
|