ipadnsforwardzone: Allow execution of plugin in client host.

Update dnsforwardzone README file and add tests for executing plugin with
`ipaapi_context` set to `client`.

A new test playbook can be found at:

    tests/dnsforwardzone/test_dnsforwardzone_client_context.yml

The new test file can be executed in a FreeIPA client host that is
not a server. In this case, it should be defined in the `ipaclients`
group, in the inventory file.

Due to differences in data returned when running ipadnsforwardzone in
a client context, some values had to be modified so that comparision
works, avoiding unnecessary IPA API calls.

README-dnsforwardzone.md

@@ -107,6 +107,7 @@ Variable | Description | Required
 -------- | ----------- | --------
 `ipaadmin_principal` | The admin principal is a string and defaults to `admin` | no
 `ipaadmin_password` | The admin password is a string and is required if there is no admin ticket available on the node | no
+`ipaapi_context` | The context in which the module will execute. Executing in a server context is preferred. If not provided context will be determined by the execution environment. Valid values are `server` and `client`. | no
 `name` \| `cn` | Zone name (FQDN). | yes if `state` == `present`
 `forwarders` \| `idnsforwarders` |  Per-zone forwarders. A custom port can be specified for each forwarder. Options | no
   | `ip_address`: The forwarder IP address. | yes

plugins/modules/ipadnsforwardzone.py

@@ -160,6 +160,19 @@ def forwarder_list(forwarders):
     return fwd_list
 
 
+def fix_resource_data_types(resource):
+    """Fix resource data types."""
+    # When running in client context, some data might
+    # not come as a list, so we need to fix it before
+    # applying any modifications to it.
+    forwarders = resource["idnsforwarders"]
+    if isinstance(forwarders, str):
+        forwarders = [forwarders]
+    elif isinstance(forwarders, tuple):
+        forwarders = list(forwarders)
+    resource["idnsforwarders"] = forwarders
+
+
 def main():
     ansible_module = IPAAnsibleModule(
         argument_spec=dict(
@@ -288,6 +301,7 @@ def main():
                     continue
 
             else:   # existing_resource is not None
+                fix_resource_data_types(existing_resource)
                 if state != "absent":
                     if forwarders:
                         forwarders = list(

tests/dnsforwardzone/test_dnsforwardzone.yml

 ---
 - name: Test dnsforwardzone
-  hosts: ipaserver
+  hosts: "{{ ipa_test_host | default('ipaserver') }}"
   become: true
   gather_facts: false
 
@@ -8,6 +8,7 @@
   - name: ensure test forwardzones are absent
     ipadnsforwardzone:
       ipaadmin_password: SomeADMINpassword
+      ipaapi_context: "{{ ipa_context | default(omit) }}"
       name:
       - example.com
       - newfailzone.com
@@ -16,6 +17,7 @@
   - name: ensure forwardzone example.com is created
     ipadnsforwardzone:
       ipaadmin_password: SomeADMINpassword
+      ipaapi_context: "{{ ipa_context | default(omit) }}"
       state: present
       name: example.com
       forwarders:
@@ -28,6 +30,7 @@
   - name: ensure forwardzone example.com is present again
     ipadnsforwardzone:
       ipaadmin_password: SomeADMINpassword
+      ipaapi_context: "{{ ipa_context | default(omit) }}"
       state: present
       name: example.com
       forwarders:
@@ -40,6 +43,7 @@
   - name: ensure forwardzone example.com has two forwarders
     ipadnsforwardzone:
       ipaadmin_password: SomeADMINpassword
+      ipaapi_context: "{{ ipa_context | default(omit) }}"
       state: present
       name: example.com
       forwarders:
@@ -54,6 +58,7 @@
   - name: ensure forwardzone example.com has one forwarder again
     ipadnsforwardzone:
       ipaadmin_password: SomeADMINpassword
+      ipaapi_context: "{{ ipa_context | default(omit) }}"
       name: example.com
       forwarders:
         - ip_address: 8.8.8.8
@@ -66,6 +71,7 @@
   - name: skip_overlap_check can only be set on creation so change nothing
     ipadnsforwardzone:
       ipaadmin_password: SomeADMINpassword
+      ipaapi_context: "{{ ipa_context | default(omit) }}"
       name: example.com
       forwarders:
         - ip_address: 8.8.8.8
@@ -78,6 +84,7 @@
   - name: ensure forwardzone example.com is absent.
     ipadnsforwardzone:
       ipaadmin_password: SomeADMINpassword
+      ipaapi_context: "{{ ipa_context | default(omit) }}"
       name: example.com
       state: absent
     register: result
@@ -86,6 +93,7 @@
   - name: ensure forwardzone example.com is absent, again.
     ipadnsforwardzone:
       ipaadmin_password: SomeADMINpassword
+      ipaapi_context: "{{ ipa_context | default(omit) }}"
       name: example.com
       state: absent
     register: result
@@ -94,6 +102,7 @@
   - name: change all the things at once
     ipadnsforwardzone:
       ipaadmin_password: SomeADMINpassword
+      ipaapi_context: "{{ ipa_context | default(omit) }}"
       state: present
       name: example.com
       forwarders:
@@ -109,6 +118,7 @@
   - name: change zone forward policy
     ipadnsforwardzone:
       ipaadmin_password: SomeADMINpassword
+      ipaapi_context: "{{ ipa_context | default(omit) }}"
       name: example.com
       forwardpolicy: first
     register: result
@@ -117,6 +127,7 @@
   - name: change zone forward policy, again
     ipadnsforwardzone:
       ipaadmin_password: SomeADMINpassword
+      ipaapi_context: "{{ ipa_context | default(omit) }}"
       name: example.com
       forwardpolicy: first
     register: result
@@ -125,6 +136,7 @@
   - name: ensure forwardzone example.com is absent.
     ipadnsforwardzone:
       ipaadmin_password: SomeADMINpassword
+      ipaapi_context: "{{ ipa_context | default(omit) }}"
       name: example.com
       state: absent
     register: result
@@ -133,6 +145,7 @@
   - name: ensure forwardzone example.com is absent, again.
     ipadnsforwardzone:
       ipaadmin_password: SomeADMINpassword
+      ipaapi_context: "{{ ipa_context | default(omit) }}"
       name: example.com
       state: absent
     register: result
@@ -141,6 +154,7 @@
   - name: ensure forwardzone example.com is created with minimal args
     ipadnsforwardzone:
       ipaadmin_password: SomeADMINpassword
+      ipaapi_context: "{{ ipa_context | default(omit) }}"
       state: present
       name: example.com
       skip_overlap_check: true
@@ -152,6 +166,7 @@
   - name: ensure forwardzone example.com is created with minimal args, again
     ipadnsforwardzone:
       ipaadmin_password: SomeADMINpassword
+      ipaapi_context: "{{ ipa_context | default(omit) }}"
       state: present
       name: example.com
       skip_overlap_check: true
@@ -163,6 +178,7 @@
   - name: add a forwarder to any existing ones
     ipadnsforwardzone:
       ipaadmin_password: SomeADMINpassword
+      ipaapi_context: "{{ ipa_context | default(omit) }}"
       state: present
       name: example.com
       forwarders:
@@ -175,6 +191,7 @@
   - name: add a forwarder to any existing ones, again
     ipadnsforwardzone:
       ipaadmin_password: SomeADMINpassword
+      ipaapi_context: "{{ ipa_context | default(omit) }}"
       state: present
       name: example.com
       forwarders:
@@ -187,6 +204,7 @@
   - name: check the list of forwarders is what we expect
     ipadnsforwardzone:
       ipaadmin_password: SomeADMINpassword
+      ipaapi_context: "{{ ipa_context | default(omit) }}"
       state: present
       name: example.com
       forwarders:
@@ -200,6 +218,7 @@
   - name: remove a single forwarder
     ipadnsforwardzone:
       ipaadmin_password: SomeADMINpassword
+      ipaapi_context: "{{ ipa_context | default(omit) }}"
       state: absent
       name: example.com
       forwarders:
@@ -211,6 +230,7 @@
   - name: remove a single forwarder, again
     ipadnsforwardzone:
       ipaadmin_password: SomeADMINpassword
+      ipaapi_context: "{{ ipa_context | default(omit) }}"
       state: absent
       name: example.com
       forwarders:
@@ -222,6 +242,7 @@
   - name: check the list of forwarders is what we expect now
     ipadnsforwardzone:
       ipaadmin_password: SomeADMINpassword
+      ipaapi_context: "{{ ipa_context | default(omit) }}"
       state: present
       name: example.com
       forwarders:
@@ -234,6 +255,7 @@
   - name: Add a permission for per-forward zone access delegation.
     ipadnsforwardzone:
       ipaadmin_password: SomeADMINpassword
+      ipaapi_context: "{{ ipa_context | default(omit) }}"
       name: example.com
       permission: yes
       action: member
@@ -243,6 +265,7 @@
   - name: Add a permission for per-forward zone access delegation, again.
     ipadnsforwardzone:
       ipaadmin_password: SomeADMINpassword
+      ipaapi_context: "{{ ipa_context | default(omit) }}"
       name: example.com
       permission: yes
       action: member
@@ -252,6 +275,7 @@
   - name: Remove a permission for per-forward zone access delegation.
     ipadnsforwardzone:
       ipaadmin_password: SomeADMINpassword
+      ipaapi_context: "{{ ipa_context | default(omit) }}"
       name: example.com
       permission: no
       action: member
@@ -261,6 +285,7 @@
   - name: Remove a permission for per-forward zone access delegation, again.
     ipadnsforwardzone:
       ipaadmin_password: SomeADMINpassword
+      ipaapi_context: "{{ ipa_context | default(omit) }}"
       name: example.com
       permission: no
       action: member
@@ -270,6 +295,7 @@
   - name: disable the forwarder
     ipadnsforwardzone:
       ipaadmin_password: SomeADMINpassword
+      ipaapi_context: "{{ ipa_context | default(omit) }}"
       name: example.com
       state: disabled
     register: result
@@ -278,6 +304,7 @@
   - name: disable the forwarder again
     ipadnsforwardzone:
       ipaadmin_password: SomeADMINpassword
+      ipaapi_context: "{{ ipa_context | default(omit) }}"
       name: example.com
       state: disabled
     register: result
@@ -286,6 +313,7 @@
   - name: enable the forwarder
     ipadnsforwardzone:
       ipaadmin_password: SomeADMINpassword
+      ipaapi_context: "{{ ipa_context | default(omit) }}"
       name: example.com
       state: enabled
     register: result
@@ -294,6 +322,7 @@
   - name: enable the forwarder, again
     ipadnsforwardzone:
       ipaadmin_password: SomeADMINpassword
+      ipaapi_context: "{{ ipa_context | default(omit) }}"
       name: example.com
       state: enabled
     register: result
@@ -302,12 +331,14 @@
   - name: ensure forwardzone example.com is absent again
     ipadnsforwardzone:
       ipaadmin_password: SomeADMINpassword
+      ipaapi_context: "{{ ipa_context | default(omit) }}"
       name: example.com
       state: absent
 
   - name: try to create a new forwarder with action=member
     ipadnsforwardzone:
       ipaadmin_password: SomeADMINpassword
+      ipaapi_context: "{{ ipa_context | default(omit) }}"
       state: present
       name: example.com
       forwarders:
@@ -321,6 +352,7 @@
   - name: try to create a new forwarder with disabled state
     ipadnsforwardzone:
       ipaadmin_password: SomeADMINpassword
+      ipaapi_context: "{{ ipa_context | default(omit) }}"
       name: example.com
       state: disabled
     register: result
@@ -329,6 +361,7 @@
   - name: Ensure forwardzone is not added without forwarders, with correct message.
     ipadnsforwardzone:
       ipaadmin_password: SomeADMINpassword
+      ipaapi_context: "{{ ipa_context | default(omit) }}"
       name: newfailzone.com
     register: result
     failed_when: not result.failed or "No forwarders specified" not in result.msg
@@ -336,6 +369,7 @@
   - name: ensure forwardzone example.com is absent - tidy up
     ipadnsforwardzone:
       ipaadmin_password: SomeADMINpassword
+      ipaapi_context: "{{ ipa_context | default(omit) }}"
       name:
       - example.com
       - newfailzone.com

tests/dnsforwardzone/test_dnsforwardzone_client_context.yml

+---
+- name: Test dnsforwardzone
+  hosts: ipaclients, ipaserver
+  become: no
+  gather_facts: no
+
+  tasks:
+  - name: Include FreeIPA facts.
+    include_tasks: ../env_freeipa_facts.yml
+
+  # Test will only be executed if host is not a server.
+  - name: Execute with server context in the client.
+    ipadnsforwardzone:
+      ipaadmin_password: SomeADMINpassword
+      ipaapi_context: server
+      name: ThisShouldNotWork
+    register: result
+    failed_when: not (result.failed and result.msg is regex("No module named '*ipaserver'*"))
+    when: ipa_host_is_client
+
+# Import basic module tests, and execute with ipa_context set to 'client'.
+# If ipaclients is set, it will be executed using the client, if not,
+# ipaserver will be used.
+#
+# With this setup, tests can be executed against an IPA client, against
+# an IPA server using "client" context, and ensure that tests are executed
+# in upstream CI.
+
+- name: Test dnsforwardzone using client context, in client host.
+  import_playbook: test_dnsforwardzone.yml
+  when: groups['ipaclients']
+  vars:
+    ipa_test_host: ipaclients
+
+- name: Test dnsforwardzone using client context, in server host.
+  import_playbook: test_dnsforwardzone.yml
+  when: groups['ipaclients'] is not defined or not groups['ipaclients']