ansible/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
Code Releases Activity

Add support for SSHFP records to ipa_dnsrecord module (#8404)

Browse source 
* Add support for SSHFP records to ipa_dnsrecord module

* Create 8404-ipa_dnsrecord_sshfp.yml

* Apply suggestions from code review

Co-authored-by: Felix Fontein <felix@fontein.de>

* Fix a typo in the example for ipa_dnsrecord with type SSHFP

* Update plugins/modules/ipa_dnsrecord.py

Co-authored-by: Felix Fontein <felix@fontein.de>

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
This commit is contained in:
Daniel 2024-06-06 07:37:08 +02:00 committed by GitHub
parent a0ad2d5849
commit 1c4ab7fafc
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 26 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
changelogs/fragments/8404-ipa_dnsrecord_sshfp.yml Normal file
View file

@ -0,0 +1,2 @@
minor_changes:
- ipa_dnsrecord - adds ``SSHFP`` record type for managing SSH fingerprints in FreeIPA DNS (https://github.com/ansible-collections/community.general/pull/8404).

27
plugins/modules/ipa_dnsrecord.py
View file

@ -35,13 +35,14 @@ options:
record_type: record_type:
description: description:
- The type of DNS record name. - The type of DNS record name.
- Currently, 'A', 'AAAA', 'A6', 'CNAME', 'DNAME', 'NS', 'PTR', 'TXT', 'SRV' and 'MX' are supported. - Currently, 'A', 'AAAA', 'A6', 'CNAME', 'DNAME', 'NS', 'PTR', 'TXT', 'SRV', 'MX' and 'SSHFP' are supported.
- "'A6', 'CNAME', 'DNAME' and 'TXT' are added in version 2.5." - "'A6', 'CNAME', 'DNAME' and 'TXT' are added in version 2.5."
- "'SRV' and 'MX' are added in version 2.8." - "'SRV' and 'MX' are added in version 2.8."
- "'NS' are added in comunity.general 8.2.0." - "'NS' are added in comunity.general 8.2.0."
- "'SSHFP' are added in community.general 9.1.0."
required: false required: false
default: 'A' default: 'A'
choices: ['A', 'AAAA', 'A6', 'CNAME', 'DNAME', 'MX', 'NS', 'PTR', 'SRV', 'TXT'] choices: ['A', 'AAAA', 'A6', 'CNAME', 'DNAME', 'MX', 'NS', 'PTR', 'SRV', 'TXT', 'SSHFP']
type: str type: str
record_value: record_value:
description: description:
@ -57,6 +58,7 @@ options:
- In the case of 'TXT' record type, this will be a text. - In the case of 'TXT' record type, this will be a text.
- In the case of 'SRV' record type, this will be a service record. - In the case of 'SRV' record type, this will be a service record.
- In the case of 'MX' record type, this will be a mail exchanger record. - In the case of 'MX' record type, this will be a mail exchanger record.
- In the case of 'SSHFP' record type, this will be an SSH fingerprint record.
type: str type: str
record_values: record_values:
description: description:
@ -71,6 +73,7 @@ options:
- In the case of 'TXT' record type, this will be a text. - In the case of 'TXT' record type, this will be a text.
- In the case of 'SRV' record type, this will be a service record. - In the case of 'SRV' record type, this will be a service record.
- In the case of 'MX' record type, this will be a mail exchanger record. - In the case of 'MX' record type, this will be a mail exchanger record.
- In the case of 'SSHFP' record type, this will be an SSH fingerprint record.
type: list type: list
elements: str elements: str
record_ttl: record_ttl:
@ -175,6 +178,20 @@ EXAMPLES = r'''
ipa_host: ipa.example.com ipa_host: ipa.example.com
ipa_user: admin ipa_user: admin
ipa_pass: ChangeMe! ipa_pass: ChangeMe!
- name: Retrieve the current sshfp fingerprints
ansible.builtin.command: ssh-keyscan -D localhost
register: ssh_hostkeys
- name: Update the SSHFP records in DNS
community.general.ipa_dnsrecord:
name: "{{ inventory_hostname}}"
zone_name: example.com
record_type: 'SSHFP'
record_values: "{{ ssh_hostkeys.stdout.split('\n') | map('split', 'SSHFP ') | map('last') | list }}"
ipa_host: ipa.example.com
ipa_user: admin
ipa_pass: ChangeMe!
''' '''
RETURN = r''' RETURN = r'''
@ -228,6 +245,8 @@ class DNSRecordIPAClient(IPAClient):
item.update(srvrecord=value) item.update(srvrecord=value)
elif details['record_type'] == 'MX': elif details['record_type'] == 'MX':
item.update(mxrecord=value) item.update(mxrecord=value)
elif details['record_type'] == 'SSHFP':
item.update(sshfprecord=value)
self._post_json(method='dnsrecord_add', name=zone_name, item=item) self._post_json(method='dnsrecord_add', name=zone_name, item=item)
@ -266,6 +285,8 @@ def get_dnsrecord_dict(details=None):
module_dnsrecord.update(srvrecord=details['record_values']) module_dnsrecord.update(srvrecord=details['record_values'])
elif details['record_type'] == 'MX' and details['record_values']: elif details['record_type'] == 'MX' and details['record_values']:
module_dnsrecord.update(mxrecord=details['record_values']) module_dnsrecord.update(mxrecord=details['record_values'])
elif details['record_type'] == 'SSHFP' and details['record_values']:
module_dnsrecord.update(sshfprecord=details['record_values'])
if details.get('record_ttl'): if details.get('record_ttl'):
module_dnsrecord.update(dnsttl=details['record_ttl']) module_dnsrecord.update(dnsttl=details['record_ttl'])
@ -328,7 +349,7 @@ def ensure(module, client):
def main(): def main():
record_types = ['A', 'AAAA', 'A6', 'CNAME', 'DNAME', 'NS', 'PTR', 'TXT', 'SRV', 'MX'] record_types = ['A', 'AAAA', 'A6', 'CNAME', 'DNAME', 'NS', 'PTR', 'TXT', 'SRV', 'MX', 'SSHFP']
argument_spec = ipa_argument_spec() argument_spec = ipa_argument_spec()
argument_spec.update( argument_spec.update(
zone_name=dict(type='str', required=True), zone_name=dict(type='str', required=True),