From 75d16c2da4a5621943873a26343eb0f2acc2a925 Mon Sep 17 00:00:00 2001
From: Sergio Oliveira Campos <seocam@seocam.com>
Date: Mon, 3 Aug 2020 11:54:44 -0300
Subject: [PATCH] Allow multiple dns zones to be absent.
This PR allow ipadnszone module to ensure that multiple dns zones
are absent at once, to be consistent with other ansible-freeipa
modules.
To fix this issue, it was required that custom arguents must be
passed using keyword arguments so that `get_ipa_command_args()`
is kept generic.
---
README-dnszone.md | 2 +-
.../module_utils/ansible_freeipa_module.py | 4 +-
plugins/modules/ipadnszone.py | 126 ++++++++++--------
tests/dnszone/test_dnszone.yml | 37 +++++
4 files changed, 107 insertions(+), 62 deletions(-)
diff --git a/README-dnszone.md b/README-dnszone.md
index 766efe5..9c9b12c 100644
--- a/README-dnszone.md
+++ b/README-dnszone.md
@@ -163,7 +163,7 @@ Variable | Description | Required
-------- | ----------- | --------
`ipaadmin_principal` | The admin principal is a string and defaults to `admin` | no
`ipaadmin_password` | The admin password is a string and is required if there is no admin ticket available on the node | no
-`name` \| `zone_name` | The zone name string. | yes
+`name` \| `zone_name` | The zone name string or list of strings. | yes
`forwarders` | The list of forwarders dicts. Each `forwarders` dict entry has:| no
| `ip_address` - The IPv4 or IPv6 address of the DNS server. | yes
| `port` - The custom port that should be used on this server. | no
diff --git a/plugins/module_utils/ansible_freeipa_module.py b/plugins/module_utils/ansible_freeipa_module.py
index 122ea2e..1e55693 100644
--- a/plugins/module_utils/ansible_freeipa_module.py
+++ b/plugins/module_utils/ansible_freeipa_module.py
@@ -506,7 +506,7 @@ class FreeIPABaseModule(AnsibleModule):
# when needed.
self.ipa_params = AnsibleFreeIPAParams(self)
- def get_ipa_command_args(self):
+ def get_ipa_command_args(self, **kwargs):
"""
Return a dict to be passed to an IPA command.
@@ -538,7 +538,7 @@ class FreeIPABaseModule(AnsibleModule):
elif hasattr(self, param_name):
method = getattr(self, param_name)
if callable(method):
- value = method()
+ value = method(**kwargs)
# We don't have a way to guess the value so fail.
else:
diff --git a/plugins/modules/ipadnszone.py b/plugins/modules/ipadnszone.py
index 717978e..c5e812a 100644
--- a/plugins/modules/ipadnszone.py
+++ b/plugins/modules/ipadnszone.py
@@ -41,7 +41,7 @@ options:
name:
description: The zone name string.
required: true
- type: str
+ type: list
alises: ["zone_name"]
forwarders:
description: The list of global DNS forwarders.
@@ -268,7 +268,7 @@ class DNSZoneModule(FreeIPABaseModule):
return True
- def get_ipa_nsec3paramrecord(self):
+ def get_ipa_nsec3paramrecord(self, **kwargs):
nsec3param_rec = self.ipa_params.nsec3param_rec
if nsec3param_rec is not None:
error_msg = (
@@ -280,7 +280,7 @@ class DNSZoneModule(FreeIPABaseModule):
self.fail_json(msg=error_msg)
return nsec3param_rec
- def get_ipa_idnsforwarders(self):
+ def get_ipa_idnsforwarders(self, **kwargs):
if self.ipa_params.forwarders is not None:
forwarders = []
for forwarder in self.ipa_params.forwarders:
@@ -304,14 +304,14 @@ class DNSZoneModule(FreeIPABaseModule):
return forwarders
- def get_ipa_idnsallowtransfer(self):
+ def get_ipa_idnsallowtransfer(self, **kwargs):
if self.ipa_params.allow_transfer is not None:
error_msg = "Invalid ip_address for DNS allow_transfer: %s"
self.validate_ips(self.ipa_params.allow_transfer, error_msg)
return (";".join(self.ipa_params.allow_transfer) or "none") + ";"
- def get_ipa_idnsallowquery(self):
+ def get_ipa_idnsallowquery(self, **kwargs):
if self.ipa_params.allow_query is not None:
error_msg = "Invalid ip_address for DNS allow_query: %s"
self.validate_ips(self.ipa_params.allow_query, error_msg)
@@ -334,81 +334,89 @@ class DNSZoneModule(FreeIPABaseModule):
return ".".join((name, domain))
- def get_ipa_idnssoarname(self):
+ def get_ipa_idnssoarname(self, **kwargs):
if self.ipa_params.admin_email is not None:
return DNSName(
self._replace_at_symbol_in_rname(self.ipa_params.admin_email)
)
- def get_ipa_idnssoamname(self):
+ def get_ipa_idnssoamname(self, **kwargs):
if self.ipa_params.name_server is not None:
return DNSName(self.ipa_params.name_server)
- def get_ipa_skip_overlap_check(self):
- if not self.zone and self.ipa_params.skip_overlap_check is not None:
+ def get_ipa_skip_overlap_check(self, **kwargs):
+ zone = kwargs.get('zone')
+ if not zone and self.ipa_params.skip_overlap_check is not None:
return self.ipa_params.skip_overlap_check
- def get_ipa_skip_nameserver_check(self):
- if not self.zone and self.ipa_params.skip_nameserver_check is not None:
+ def get_ipa_skip_nameserver_check(self, **kwargs):
+ zone = kwargs.get('zone')
+ if not zone and self.ipa_params.skip_nameserver_check is not None:
return self.ipa_params.skip_nameserver_check
def get_zone(self, zone_name):
get_zone_args = {"idnsname": zone_name, "all": True}
response = self.api_command("dnszone_find", args=get_zone_args)
+ zone = None
+ is_zone_active = False
+
if response["count"] == 1:
- self.zone = response["result"][0]
- self.is_zone_active = self.zone.get("idnszoneactive") == ["TRUE"]
- return self.zone
+ zone = response["result"][0]
+ is_zone_active = zone.get("idnszoneactive") == ["TRUE"]
- # Zone doesn't exist yet
- self.zone = None
- self.is_zone_active = False
+ return zone, is_zone_active
+
+ def get_zone_names(self):
+ if len(self.ipa_params.name) > 1 and self.ipa_params.state != "absent":
+ self.fail_json(
+ msg=("Please provide a single name. Multiple values for 'name'"
+ "can only be supplied for state 'absent'.")
+ )
- @property
- def zone_name(self):
return self.ipa_params.name
def define_ipa_commands(self):
- # Look for existing zone in IPA
- self.get_zone(self.zone_name)
- args = self.get_ipa_command_args()
- just_added = False
-
- if self.ipa_params.state in ["present", "enabled", "disabled"]:
- if not self.zone:
- # Since the zone doesn't exist we just create it
- # with given args
- self.add_ipa_command("dnszone_add", self.zone_name, args)
- self.is_zone_active = True
- just_added = True
-
- else:
- # Zone already exist so we need to verify if given args
- # matches the current config. If not we updated it.
- if self.require_ipa_attrs_change(args, self.zone):
- self.add_ipa_command("dnszone_mod", self.zone_name, args)
-
- if self.ipa_params.state == "enabled" and not self.is_zone_active:
- self.add_ipa_command("dnszone_enable", self.zone_name)
-
- if self.ipa_params.state == "disabled" and self.is_zone_active:
- self.add_ipa_command("dnszone_disable", self.zone_name)
-
- if self.ipa_params.state == "absent":
- if self.zone:
- self.add_ipa_command("dnszone_del", self.zone_name)
-
- # Due to a bug in FreeIPA dnszone-add won't set
- # SOA Serial. The good news is that dnszone-mod does the job.
- # See: https://pagure.io/freeipa/issue/8227
- # Because of that, if the zone was just added with a given serial
- # we run mod just after to workaround the bug
- if just_added and self.ipa_params.serial is not None:
- args = {
- "idnssoaserial": self.ipa_params.serial,
- }
- self.add_ipa_command("dnszone_mod", self.zone_name, args)
+ for zone_name in self.get_zone_names():
+ # Look for existing zone in IPA
+ zone, is_zone_active = self.get_zone(zone_name)
+ args = self.get_ipa_command_args(zone=zone)
+ just_added = False
+
+ if self.ipa_params.state in ["present", "enabled", "disabled"]:
+ if not zone:
+ # Since the zone doesn't exist we just create it
+ # with given args
+ self.add_ipa_command("dnszone_add", zone_name, args)
+ is_zone_active = True
+ just_added = True
+
+ else:
+ # Zone already exist so we need to verify if given args
+ # matches the current config. If not we updated it.
+ if self.require_ipa_attrs_change(args, zone):
+ self.add_ipa_command("dnszone_mod", zone_name, args)
+
+ if self.ipa_params.state == "enabled" and not is_zone_active:
+ self.add_ipa_command("dnszone_enable", zone_name)
+
+ if self.ipa_params.state == "disabled" and is_zone_active:
+ self.add_ipa_command("dnszone_disable", zone_name)
+
+ if self.ipa_params.state == "absent":
+ if zone:
+ self.add_ipa_command("dnszone_del", zone_name)
+
+ # Due to a bug in FreeIPA dnszone-add won't set
+ # SOA Serial. The good news is that dnszone-mod does the job.
+ # See: https://pagure.io/freeipa/issue/8227
+ # Because of that, if the zone was just added with a given serial
+ # we run mod just after to workaround the bug
+ if just_added and self.ipa_params.serial is not None:
+ args = {
+ "idnssoaserial": self.ipa_params.serial,
+ }
+ self.add_ipa_command("dnszone_mod", zone_name, args)
def get_argument_spec():
@@ -426,7 +434,7 @@ def get_argument_spec():
ipaadmin_principal=dict(type="str", default="admin"),
ipaadmin_password=dict(type="str", required=False, no_log=True),
name=dict(
- type="str", default=None, required=True, aliases=["zone_name"]
+ type="list", default=None, required=True, aliases=["zone_name"]
),
forwarders=dict(
type="list",
diff --git a/tests/dnszone/test_dnszone.yml b/tests/dnszone/test_dnszone.yml
index f7bd1f0..bd820df 100644
--- a/tests/dnszone/test_dnszone.yml
+++ b/tests/dnszone/test_dnszone.yml
@@ -149,3 +149,40 @@
forwarders: []
register: result
failed_when: not result.changed
+
+ - name: Create zones test1
+ ipadnszone:
+ ipaadmin_password: SomeADMINpassword
+ name: test1.testzone.local
+
+ - name: Create zones test2
+ ipadnszone:
+ ipaadmin_password: SomeADMINpassword
+ name: test2.testzone.local
+
+ - name: Create zones test3
+ ipadnszone:
+ ipaadmin_password: SomeADMINpassword
+ name: test3.testzone.local
+
+ - name: Ensure multiple zones are absent
+ ipadnszone:
+ ipaadmin_password: SomeADMINpassword
+ name:
+ - test1.testzone.local
+ - test2.testzone.local
+ - test3.testzone.local
+ state: absent
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure multiple zones are absent, again
+ ipadnszone:
+ ipaadmin_password: SomeADMINpassword
+ name:
+ - test1.testzone.local
+ - test2.testzone.local
+ - test3.testzone.local
+ state: absent
+ register: result
+ failed_when: result.changed
--
2.26.2