From cf7b197a1f76b2b39d138d8fa517c9a2cb39d33f Mon Sep 17 00:00:00 2001
From: Rafael Guterres Jeffman <rjeffman@redhat.com>
Date: Fri, 3 Sep 2021 13:31:57 -0300
Subject: [PATCH] ipadnszone: Allow execution of plugin in client host.
Update dnszone README file and add tests for executing plugin with
`ipaapi_context` set to `client`.
A new test playbook can be found at:
tests/dnszone/test_dnszone_client_context.yml
The new test file can be executed in a FreeIPA client host that is
not a server. In this case, it should be defined in the `ipaclients`
group, in the inventory file.
Due to differences in data returned when running in a client context,
verification if zone is active had to be modified.
---
README-dnszone.md | 1 +
plugins/modules/ipadnszone.py | 2 +-
tests/dnszone/env_cleanup.yml | 1 +
tests/dnszone/test_dnszone.yml | 29 ++++++++++++++-
tests/dnszone/test_dnszone_client_context.yml | 37 +++++++++++++++++++
5 files changed, 68 insertions(+), 2 deletions(-)
create mode 100644 tests/dnszone/test_dnszone_client_context.yml
diff --git a/README-dnszone.md b/README-dnszone.md
index 308c58fe..544b86ef 100644
--- a/README-dnszone.md
+++ b/README-dnszone.md
@@ -202,6 +202,7 @@ Variable | Description | Required
-------- | ----------- | --------
`ipaadmin_principal` | The admin principal is a string and defaults to `admin` | no
`ipaadmin_password` | The admin password is a string and is required if there is no admin ticket available on the node | no
+`ipaapi_context` | The context in which the module will execute. Executing in a server context is preferred. If not provided context will be determined by the execution environment. Valid values are `server` and `client`. | no
`name` \| `zone_name` | The zone name string or list of strings. | no
`name_from_ip` | Derive zone name from reverse of IP (PTR). Can only be used with `state: present`. | no
`forwarders` | The list of forwarders dicts. Each `forwarders` dict entry has:| no
diff --git a/plugins/modules/ipadnszone.py b/plugins/modules/ipadnszone.py
index e2b8dba1..30ceef27 100644
--- a/plugins/modules/ipadnszone.py
+++ b/plugins/modules/ipadnszone.py
@@ -405,7 +405,7 @@ class DNSZoneModule(FreeIPABaseModule):
is_zone_active = False
else:
zone = response["result"]
- is_zone_active = zone.get("idnszoneactive") == ["TRUE"]
+ is_zone_active = "TRUE" in zone.get("idnszoneactive")
return zone, is_zone_active
diff --git a/tests/dnszone/env_cleanup.yml b/tests/dnszone/env_cleanup.yml
index 76996092..542247c3 100644
--- a/tests/dnszone/env_cleanup.yml
+++ b/tests/dnszone/env_cleanup.yml
@@ -2,6 +2,7 @@
- name: Ensure zone is absent.
ipadnszone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name:
- testzone.local
- test1.testzone.local
diff --git a/tests/dnszone/test_dnszone.yml b/tests/dnszone/test_dnszone.yml
index 39f9cf38..b7e01d4c 100644
--- a/tests/dnszone/test_dnszone.yml
+++ b/tests/dnszone/test_dnszone.yml
@@ -1,6 +1,6 @@
---
- name: Test dnszone
- hosts: ipaserver
+ hosts: "{{ ipa_test_host | default('ipaserver') }}"
become: true
gather_facts: true
@@ -14,6 +14,7 @@
- name: Check if zone is present, when in shouldn't be.
ipadnszone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testzone.local
state: present
check_mode: yes
@@ -23,6 +24,7 @@
- name: Check if zone is present again, when in shouldn't be.
ipadnszone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testzone.local
state: present
check_mode: yes
@@ -32,6 +34,7 @@
- name: Ensure zone is present.
ipadnszone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testzone.local
state: present
register: result
@@ -40,6 +43,7 @@
- name: Check if zone is present, when in should be.
ipadnszone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testzone.local
state: present
check_mode: yes
@@ -49,6 +53,7 @@
- name: Ensure zone is present, again.
ipadnszone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testzone.local
state: present
register: result
@@ -57,6 +62,7 @@
- name: Ensure zone is disabled.
ipadnszone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testzone.local
state: disabled
register: result
@@ -65,6 +71,7 @@
- name: Ensure zone is disabled, again.
ipadnszone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testzone.local
state: disabled
register: result
@@ -73,6 +80,7 @@
- name: Ensure zone is enabled.
ipadnszone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testzone.local
state: enabled
register: result
@@ -81,6 +89,7 @@
- name: Ensure zone is enabled, again.
ipadnszone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testzone.local
state: enabled
register: result
@@ -89,6 +98,7 @@
- name: Ensure forward_policy is none.
ipadnszone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testzone.local
forward_policy: none
register: result
@@ -97,6 +107,7 @@
- name: Ensure forward_policy is none, again.
ipadnszone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testzone.local
forward_policy: none
register: result
@@ -105,6 +116,7 @@
- name: Ensure forward_policy is first.
ipadnszone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testzone.local
forward_policy: first
register: result
@@ -113,6 +125,7 @@
- name: Ensure forward_policy is first, again.
ipadnszone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testzone.local
forward_policy: first
register: result
@@ -121,6 +134,7 @@
- name: Ensure first forwarder is set.
ipadnszone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testzone.local
forwarders:
- ip_address: 8.8.8.8
@@ -131,6 +145,7 @@
- name: Ensure first and second forwarder are set.
ipadnszone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testzone.local
forwarders:
- ip_address: 8.8.8.8
@@ -142,6 +157,7 @@
- name: Ensure first and second forwarder are set, again.
ipadnszone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testzone.local
forwarders:
- ip_address: 8.8.8.8
@@ -153,6 +169,7 @@
- name: Ensure only second forwarder is set.
ipadnszone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testzone.local
forwarders:
- ip_address: 2001:4860:4860::8888
@@ -162,6 +179,7 @@
- name: Nothing changes.
ipadnszone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testzone.local
register: result
failed_when: result.changed or result.failed
@@ -169,6 +187,7 @@
- name: Ensure no forwarders are set.
ipadnszone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testzone.local
forwarders: []
register: result
@@ -177,6 +196,7 @@
- name: Create zones test1
ipadnszone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name: test1.testzone.local
register: result
failed_when: not result.changed or result.failed
@@ -184,6 +204,7 @@
- name: Create zones test1, again
ipadnszone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name: test1.testzone.local
register: result
failed_when: result.changed or result.failed
@@ -191,6 +212,7 @@
- name: Create zones test2
ipadnszone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name: test2.testzone.local
register: result
failed_when: not result.changed or result.failed
@@ -198,6 +220,7 @@
- name: Create zones test2, again
ipadnszone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name: test2.testzone.local
register: result
failed_when: result.changed or result.failed
@@ -205,6 +228,7 @@
- name: Create zones test3
ipadnszone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name: test3.testzone.local
register: result
failed_when: not result.changed or result.failed
@@ -212,6 +236,7 @@
- name: Create zones test3, again
ipadnszone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name: test3.testzone.local
register: result
failed_when: result.changed or result.failed
@@ -219,6 +244,7 @@
- name: Ensure multiple zones are absent
ipadnszone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name:
- test1.testzone.local
- test2.testzone.local
@@ -230,6 +256,7 @@
- name: Ensure multiple zones are absent, again
ipadnszone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name:
- test1.testzone.local
- test2.testzone.local
diff --git a/tests/dnszone/test_dnszone_client_context.yml b/tests/dnszone/test_dnszone_client_context.yml
new file mode 100644
index 00000000..0f7f959a
--- /dev/null
+++ b/tests/dnszone/test_dnszone_client_context.yml
@@ -0,0 +1,37 @@
+---
+- name: Test dnszone
+ hosts: ipaclients, ipaserver
+ become: no
+ gather_facts: no
+
+ tasks:
+ - name: Include FreeIPA facts.
+ include_tasks: ../env_freeipa_facts.yml
+
+ # Test will only be executed if host is not a server.
+ - name: Execute with server context in the client.
+ ipadnszone:
+ ipaadmin_password: SomeADMINpassword
+ ipaapi_context: server
+ name: ThisShouldNotWork
+ register: result
+ failed_when: not (result.failed and result.msg is regex("No module named '*ipaserver'*"))
+ when: ipa_host_is_client
+
+# Import basic module tests, and execute with ipa_context set to 'client'.
+# If ipaclients is set, it will be executed using the client, if not,
+# ipaserver will be used.
+#
+# With this setup, tests can be executed against an IPA client, against
+# an IPA server using "client" context, and ensure that tests are executed
+# in upstream CI.
+
+- name: Test dnszone using client context, in client host.
+ import_playbook: test_dnszone.yml
+ when: groups['ipaclients']
+ vars:
+ ipa_test_host: ipaclients
+
+- name: Test dnszone using client context, in server host.
+ import_playbook: test_dnszone.yml
+ when: groups['ipaclients'] is not defined or not groups['ipaclients']
--
GitLab