From 84e45c2cc0ba4aa096aba0c58649d1fdfefad3ff Mon Sep 17 00:00:00 2001 From: Annie Lee Date: Mon, 27 Dec 2021 03:35:24 -0500 Subject: [PATCH] ipa_dnszone: add PTR synchronization support for dnszones (#3374) * Add PTR synchronization support for dnszones * Add changelog fragment * Update changelogs/fragments/3374-add-ipa-ptr-sync-support.yml Update to reflect proper module name. Co-authored-by: Felix Fontein * Update plugins/modules/identity/ipa/ipa_dnszone.py Add period. Co-authored-by: Felix Fontein * Update plugins/modules/identity/ipa/ipa_dnszone.py Remove requires comment. Co-authored-by: Felix Fontein * Change type to boolean in following with API docs * Tested with needed changes made. * Fix documentation to max implementation * Check for specific params; allow for modifications if needed * Add PTR synchronization support for dnszones * Add changelog fragment * Update changelogs/fragments/3374-add-ipa-ptr-sync-support.yml Update to reflect proper module name. Co-authored-by: Felix Fontein * Remove trailing whitespace * Make use of full search and compare params * Fix formatting errors * Move the change flag outside of module check * Fix itens typo to items * Update dynamicupdate to a boolean * Remove unnecessary flags and options * Minor comment changes * Update changelogs/fragments/3374-add-ipa-ptr-sync-support.yml Co-authored-by: Felix Fontein * Update plugins/modules/identity/ipa/ipa_dnszone.py Co-authored-by: Felix Fontein Co-authored-by: Anne-Marie Lee Co-authored-by: Felix Fontein --- .../3374-add-ipa-ptr-sync-support.yml | 3 + plugins/modules/identity/ipa/ipa_dnszone.py | 65 ++++++++++++++----- 2 files changed, 53 insertions(+), 15 deletions(-) create mode 100644 changelogs/fragments/3374-add-ipa-ptr-sync-support.yml diff --git a/changelogs/fragments/3374-add-ipa-ptr-sync-support.yml b/changelogs/fragments/3374-add-ipa-ptr-sync-support.yml new file mode 100644 index 0000000000..87f67013e1 --- /dev/null +++ b/changelogs/fragments/3374-add-ipa-ptr-sync-support.yml @@ -0,0 +1,3 @@ +minor_changes: + - ipa_dnszone - add DNS zone synchronization support (https://github.com/ansible-collections/community.general/pull/3374). + - ipa_dnszone - ``dynamicupdate`` is now a boolean parameter, instead of a string parameter accepting ``"true"`` and ``"false"``. Also the module is now idempotent with respect to ``dynamicupdate`` (https://github.com/ansible-collections/community.general/pull/3374). diff --git a/plugins/modules/identity/ipa/ipa_dnszone.py b/plugins/modules/identity/ipa/ipa_dnszone.py index 3dabad8db8..33ae59e9d0 100644 --- a/plugins/modules/identity/ipa/ipa_dnszone.py +++ b/plugins/modules/identity/ipa/ipa_dnszone.py @@ -27,11 +27,14 @@ options: choices: ["absent", "present"] type: str dynamicupdate: - description: Apply dynamic update to zone - required: false - default: "false" - choices: ["false", "true"] - type: str + description: Apply dynamic update to zone. + default: false + type: bool + allowsyncptr: + description: Allow synchronization of forward and reverse records in the zone. + default: false + type: bool + version_added: 4.3.0 extends_documentation_fragment: - community.general.ipa.documentation @@ -60,6 +63,14 @@ EXAMPLES = r''' ipa_user: admin ipa_pass: topsecret state: absent + +- name: Ensure dns zone is present and is allowing sync + community.general.ipa_dnszone: + ipa_host: spider.example.com + ipa_pass: Passw0rd! + state: present + zone_name: example.com + allowsyncptr: true ''' RETURN = r''' @@ -79,25 +90,37 @@ class DNSZoneIPAClient(IPAClient): super(DNSZoneIPAClient, self).__init__(module, host, port, protocol) def dnszone_find(self, zone_name, details=None): - itens = {'idnsname': zone_name} + items = {'all': 'true', + 'idnsname': zone_name, } if details is not None: - itens.update(details) + items.update(details) return self._post_json( method='dnszone_find', name=zone_name, - item=itens + item=items ) def dnszone_add(self, zone_name=None, details=None): - itens = {} + items = {} if details is not None: - itens.update(details) + items.update(details) return self._post_json( method='dnszone_add', name=zone_name, - item=itens + item=items + ) + + def dnszone_mod(self, zone_name=None, details=None): + items = {} + if details is not None: + items.update(details) + + return self._post_json( + method='dnszone_mod', + name=zone_name, + item=items ) def dnszone_del(self, zone_name=None, record_name=None, details=None): @@ -109,18 +132,29 @@ def ensure(module, client): zone_name = module.params['zone_name'] state = module.params['state'] dynamicupdate = module.params['dynamicupdate'] - - ipa_dnszone = client.dnszone_find(zone_name) + allowsyncptr = module.params['allowsyncptr'] changed = False + + # does zone exist + ipa_dnszone = client.dnszone_find(zone_name) + if state == 'present': if not ipa_dnszone: + changed = True if not module.check_mode: - client.dnszone_add(zone_name=zone_name, details={'idnsallowdynupdate': dynamicupdate}) + client.dnszone_add(zone_name=zone_name, details={'idnsallowdynupdate': dynamicupdate, 'idnsallowsyncptr': allowsyncptr}) + elif ipa_dnszone['idnsallowdynupdate'][0] != str(dynamicupdate).upper() or ipa_dnszone['idnsallowsyncptr'][0] != str(allowsyncptr).upper(): + changed = True + if not module.check_mode: + client.dnszone_mod(zone_name=zone_name, details={'idnsallowdynupdate': dynamicupdate, 'idnsallowsyncptr': allowsyncptr}) else: changed = False + + # state is absent else: + # check for generic zone existence if ipa_dnszone: changed = True if not module.check_mode: @@ -133,7 +167,8 @@ def main(): argument_spec = ipa_argument_spec() argument_spec.update(zone_name=dict(type='str', required=True), state=dict(type='str', default='present', choices=['present', 'absent']), - dynamicupdate=dict(type='str', required=False, default='false', choices=['true', 'false']), + dynamicupdate=dict(type='bool', required=False, default=False), + allowsyncptr=dict(type='bool', required=False, default=False), ) module = AnsibleModule(argument_spec=argument_spec,