Skip to content
Snippets Groups Projects
Commit a834de1f authored by Rafael Guterres Jeffman's avatar Rafael Guterres Jeffman
Browse files

ipadnsrecord: Allow execution of plugin in client host.

Update dnsrecord README file and add tests for executing plugin with
`ipaapi_context` set to `client`.

A new test playbook can be found at:

    tests/dnsrecord/test_dnsrecord_client_context.yml

The new test file can be executed in a FreeIPA client host that is
not a server. In this case, it should be defined in the `ipaclients`
group, in the inventory file.
parent da45d74f
No related branches found
No related tags found
No related merge requests found
......@@ -249,6 +249,7 @@ Variable | Description | Required
-------- | ----------- | --------
`ipaadmin_principal` | The admin principal is a string and defaults to `admin` | no
`ipaadmin_password` | The admin password is a string and is required if there is no admin ticket available on the node | no
`ipaapi_context` | The context in which the module will execute. Executing in a server context is preferred. If not provided context will be determined by the execution environment. Valid values are `server` and `client`. | no
`zone_name` \| `dnszone` | The DNS zone name to which DNS record needs to be managed. You can use one global zone name for multiple records. | no
required: true
`records` | The list of dns records dicts. Each `records` dict entry can contain **record variables**. | no
......
......@@ -3,6 +3,7 @@
- name: Ensure that dns records are absent
ipadnsrecord:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
zone_name: "{{ testzone }}"
del_all: yes
name:
......@@ -17,6 +18,7 @@
- name: Ensure that dns reverse ipv6 records are absent
ipadnsrecord:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
zone_name: ip6.arpa.
del_all: yes
name:
......@@ -31,6 +33,7 @@
- name: Ensure that dns reverse ipv6 records are absent (workaround)
ipadnsrecord:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
zone_name: "{{ zone_ipv6_reverse_workaround }}"
del_all: yes
name:
......@@ -45,6 +48,7 @@
- name: Ensure that dns reverse records are absent
ipadnsrecord:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
zone_name: "{{ zone_prefix_reverse_24 }}"
name:
- "101"
......@@ -65,6 +69,7 @@
- name: Ensure that dns reverse records are absent (workaround 1)
ipadnsrecord:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
zone_name: "{{ zone_prefix_reverse_16 }}"
name:
- "101.122"
......@@ -85,6 +90,7 @@
- name: Ensure that dns reverse records are absent (workaround 2)
ipadnsrecord:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
zone_name: "{{ zone_prefix_reverse_8 }}"
name:
- "168.101.122"
......@@ -105,6 +111,7 @@
- name: Ensure that "{{ safezone }}" dns records are absent
ipadnsrecord:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
zone_name: "{{ safezone }}"
records:
- name: iron01
......@@ -114,6 +121,7 @@
- name: Ensure that NS record for "{{ safezone }}" is absent
ipadnsrecord:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: iron01
zone_name: "{{ safezone }}"
ns_rec: iron01
......@@ -122,6 +130,7 @@
- name: Ensure DNS testing zones are absent.
ipadnszone:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "{{ item }}"
state: absent
with_items:
......
......@@ -10,6 +10,7 @@
- name: Ensure DNS testing zones are present.
ipadnszone:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "{{ item }}"
skip_nameserver_check: yes
skip_overlap_check: yes
......@@ -25,6 +26,7 @@
- name: Ensure DNSSEC zone '"{{ safezone }}"' is present.
ipadnszone:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "{{ safezone }}"
dnssec: yes
skip_nameserver_check: yes
......
This diff is collapsed.
---
- name: Test dnsrecord
hosts: ipaclients, ipaserver
become: no
gather_facts: no
tasks:
- name: Include FreeIPA facts.
include_tasks: ../env_freeipa_facts.yml
# Test will only be executed if host is not a server.
- name: Execute with server context in the client.
ipadnsrecord:
ipaadmin_password: SomeADMINpassword
ipaapi_context: server
name: ThisShouldNotWork
register: result
failed_when: not (result.failed and result.msg is regex("No module named '*ipaserver'*"))
when: ipa_host_is_client
# Import basic module tests, and execute with ipa_context set to 'client'.
# If ipaclients is set, it will be executed using the client, if not,
# ipaserver will be used.
#
# With this setup, tests can be executed against an IPA client, against
# an IPA server using "client" context, and ensure that tests are executed
# in upstream CI.
- name: Test dnsrecord using client context, in client host.
import_playbook: test_dnsrecord.yml
when: groups['ipaclients']
vars:
ipa_test_host: ipaclients
- name: Test dnsrecord using client context, in server host.
import_playbook: test_dnsrecord.yml
when: groups['ipaclients'] is not defined or not groups['ipaclients']
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment