From da45d74f7549d622df8c7993900a2347c4777e4b Mon Sep 17 00:00:00 2001
From: Rafael Guterres Jeffman <rjeffman@redhat.com>
Date: Fri, 3 Sep 2021 12:14:30 -0300
Subject: [PATCH] ipadnsforwardzone: Allow execution of plugin in client host.
Update dnsforwardzone README file and add tests for executing plugin with
`ipaapi_context` set to `client`.
A new test playbook can be found at:
tests/dnsforwardzone/test_dnsforwardzone_client_context.yml
The new test file can be executed in a FreeIPA client host that is
not a server. In this case, it should be defined in the `ipaclients`
group, in the inventory file.
Due to differences in data returned when running ipadnsforwardzone in
a client context, some values had to be modified so that comparision
works, avoiding unnecessary IPA API calls.
---
README-dnsforwardzone.md | 1 +
plugins/modules/ipadnsforwardzone.py | 14 +++++++
tests/dnsforwardzone/test_dnsforwardzone.yml | 36 +++++++++++++++++-
.../test_dnsforwardzone_client_context.yml | 37 +++++++++++++++++++
4 files changed, 87 insertions(+), 1 deletion(-)
create mode 100644 tests/dnsforwardzone/test_dnsforwardzone_client_context.yml
diff --git a/README-dnsforwardzone.md b/README-dnsforwardzone.md
index 24986081..cd5b5cc5 100644
--- a/README-dnsforwardzone.md
+++ b/README-dnsforwardzone.md
@@ -107,6 +107,7 @@ Variable | Description | Required
-------- | ----------- | --------
`ipaadmin_principal` | The admin principal is a string and defaults to `admin` | no
`ipaadmin_password` | The admin password is a string and is required if there is no admin ticket available on the node | no
+`ipaapi_context` | The context in which the module will execute. Executing in a server context is preferred. If not provided context will be determined by the execution environment. Valid values are `server` and `client`. | no
`name` \| `cn` | Zone name (FQDN). | yes if `state` == `present`
`forwarders` \| `idnsforwarders` | Per-zone forwarders. A custom port can be specified for each forwarder. Options | no
| `ip_address`: The forwarder IP address. | yes
diff --git a/plugins/modules/ipadnsforwardzone.py b/plugins/modules/ipadnsforwardzone.py
index f6d4a24d..492a3173 100644
--- a/plugins/modules/ipadnsforwardzone.py
+++ b/plugins/modules/ipadnsforwardzone.py
@@ -160,6 +160,19 @@ def forwarder_list(forwarders):
return fwd_list
+def fix_resource_data_types(resource):
+ """Fix resource data types."""
+ # When running in client context, some data might
+ # not come as a list, so we need to fix it before
+ # applying any modifications to it.
+ forwarders = resource["idnsforwarders"]
+ if isinstance(forwarders, str):
+ forwarders = [forwarders]
+ elif isinstance(forwarders, tuple):
+ forwarders = list(forwarders)
+ resource["idnsforwarders"] = forwarders
+
+
def main():
ansible_module = IPAAnsibleModule(
argument_spec=dict(
@@ -288,6 +301,7 @@ def main():
continue
else: # existing_resource is not None
+ fix_resource_data_types(existing_resource)
if state != "absent":
if forwarders:
forwarders = list(
diff --git a/tests/dnsforwardzone/test_dnsforwardzone.yml b/tests/dnsforwardzone/test_dnsforwardzone.yml
index b9569faa..260829ff 100644
--- a/tests/dnsforwardzone/test_dnsforwardzone.yml
+++ b/tests/dnsforwardzone/test_dnsforwardzone.yml
@@ -1,6 +1,6 @@
---
- name: Test dnsforwardzone
- hosts: ipaserver
+ hosts: "{{ ipa_test_host | default('ipaserver') }}"
become: true
gather_facts: false
@@ -8,6 +8,7 @@
- name: ensure test forwardzones are absent
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name:
- example.com
- newfailzone.com
@@ -16,6 +17,7 @@
- name: ensure forwardzone example.com is created
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
state: present
name: example.com
forwarders:
@@ -28,6 +30,7 @@
- name: ensure forwardzone example.com is present again
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
state: present
name: example.com
forwarders:
@@ -40,6 +43,7 @@
- name: ensure forwardzone example.com has two forwarders
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
state: present
name: example.com
forwarders:
@@ -54,6 +58,7 @@
- name: ensure forwardzone example.com has one forwarder again
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name: example.com
forwarders:
- ip_address: 8.8.8.8
@@ -66,6 +71,7 @@
- name: skip_overlap_check can only be set on creation so change nothing
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name: example.com
forwarders:
- ip_address: 8.8.8.8
@@ -78,6 +84,7 @@
- name: ensure forwardzone example.com is absent.
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name: example.com
state: absent
register: result
@@ -86,6 +93,7 @@
- name: ensure forwardzone example.com is absent, again.
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name: example.com
state: absent
register: result
@@ -94,6 +102,7 @@
- name: change all the things at once
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
state: present
name: example.com
forwarders:
@@ -109,6 +118,7 @@
- name: change zone forward policy
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name: example.com
forwardpolicy: first
register: result
@@ -117,6 +127,7 @@
- name: change zone forward policy, again
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name: example.com
forwardpolicy: first
register: result
@@ -125,6 +136,7 @@
- name: ensure forwardzone example.com is absent.
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name: example.com
state: absent
register: result
@@ -133,6 +145,7 @@
- name: ensure forwardzone example.com is absent, again.
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name: example.com
state: absent
register: result
@@ -141,6 +154,7 @@
- name: ensure forwardzone example.com is created with minimal args
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
state: present
name: example.com
skip_overlap_check: true
@@ -152,6 +166,7 @@
- name: ensure forwardzone example.com is created with minimal args, again
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
state: present
name: example.com
skip_overlap_check: true
@@ -163,6 +178,7 @@
- name: add a forwarder to any existing ones
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
state: present
name: example.com
forwarders:
@@ -175,6 +191,7 @@
- name: add a forwarder to any existing ones, again
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
state: present
name: example.com
forwarders:
@@ -187,6 +204,7 @@
- name: check the list of forwarders is what we expect
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
state: present
name: example.com
forwarders:
@@ -200,6 +218,7 @@
- name: remove a single forwarder
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
state: absent
name: example.com
forwarders:
@@ -211,6 +230,7 @@
- name: remove a single forwarder, again
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
state: absent
name: example.com
forwarders:
@@ -222,6 +242,7 @@
- name: check the list of forwarders is what we expect now
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
state: present
name: example.com
forwarders:
@@ -234,6 +255,7 @@
- name: Add a permission for per-forward zone access delegation.
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name: example.com
permission: yes
action: member
@@ -243,6 +265,7 @@
- name: Add a permission for per-forward zone access delegation, again.
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name: example.com
permission: yes
action: member
@@ -252,6 +275,7 @@
- name: Remove a permission for per-forward zone access delegation.
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name: example.com
permission: no
action: member
@@ -261,6 +285,7 @@
- name: Remove a permission for per-forward zone access delegation, again.
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name: example.com
permission: no
action: member
@@ -270,6 +295,7 @@
- name: disable the forwarder
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name: example.com
state: disabled
register: result
@@ -278,6 +304,7 @@
- name: disable the forwarder again
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name: example.com
state: disabled
register: result
@@ -286,6 +313,7 @@
- name: enable the forwarder
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name: example.com
state: enabled
register: result
@@ -294,6 +322,7 @@
- name: enable the forwarder, again
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name: example.com
state: enabled
register: result
@@ -302,12 +331,14 @@
- name: ensure forwardzone example.com is absent again
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name: example.com
state: absent
- name: try to create a new forwarder with action=member
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
state: present
name: example.com
forwarders:
@@ -321,6 +352,7 @@
- name: try to create a new forwarder with disabled state
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name: example.com
state: disabled
register: result
@@ -329,6 +361,7 @@
- name: Ensure forwardzone is not added without forwarders, with correct message.
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name: newfailzone.com
register: result
failed_when: not result.failed or "No forwarders specified" not in result.msg
@@ -336,6 +369,7 @@
- name: ensure forwardzone example.com is absent - tidy up
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name:
- example.com
- newfailzone.com
diff --git a/tests/dnsforwardzone/test_dnsforwardzone_client_context.yml b/tests/dnsforwardzone/test_dnsforwardzone_client_context.yml
new file mode 100644
index 00000000..23b536e2
--- /dev/null
+++ b/tests/dnsforwardzone/test_dnsforwardzone_client_context.yml
@@ -0,0 +1,37 @@
+---
+- name: Test dnsforwardzone
+ hosts: ipaclients, ipaserver
+ become: no
+ gather_facts: no
+
+ tasks:
+ - name: Include FreeIPA facts.
+ include_tasks: ../env_freeipa_facts.yml
+
+ # Test will only be executed if host is not a server.
+ - name: Execute with server context in the client.
+ ipadnsforwardzone:
+ ipaadmin_password: SomeADMINpassword
+ ipaapi_context: server
+ name: ThisShouldNotWork
+ register: result
+ failed_when: not (result.failed and result.msg is regex("No module named '*ipaserver'*"))
+ when: ipa_host_is_client
+
+# Import basic module tests, and execute with ipa_context set to 'client'.
+# If ipaclients is set, it will be executed using the client, if not,
+# ipaserver will be used.
+#
+# With this setup, tests can be executed against an IPA client, against
+# an IPA server using "client" context, and ensure that tests are executed
+# in upstream CI.
+
+- name: Test dnsforwardzone using client context, in client host.
+ import_playbook: test_dnsforwardzone.yml
+ when: groups['ipaclients']
+ vars:
+ ipa_test_host: ipaclients
+
+- name: Test dnsforwardzone using client context, in server host.
+ import_playbook: test_dnsforwardzone.yml
+ when: groups['ipaclients'] is not defined or not groups['ipaclients']
--
GitLab