#!/usr/bin/python # -*- coding: utf-8 -*- # Copyright (c) 2016, Adfinis SyGroup AG # Tobias Rueetschi <tobias.ruetschi@adfinis-sygroup.ch> # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) # SPDX-License-Identifier: GPL-3.0-or-later from __future__ import absolute_import, division, print_function __metaclass__ = type DOCUMENTATION = ''' --- module: udm_dns_record author: - Tobias Rüetschi (@keachi) short_description: Manage dns entries on a univention corporate server description: - "This module allows to manage dns records on a univention corporate server (UCS). It uses the python API of the UCS to create a new object or edit it." requirements: - Python >= 2.6 - Univention - ipaddress (for I(type=ptr_record)) options: state: type: str default: "present" choices: [ present, absent ] description: - Whether the dns record is present or not. name: type: str required: true description: - "Name of the record, this is also the DNS record. E.g. www for www.example.com." - For PTR records this has to be the IP address. zone: type: str required: true description: - Corresponding DNS zone for this record, e.g. example.com. - For PTR records this has to be the full reverse zone (for example C(1.1.192.in-addr.arpa)). type: type: str required: true description: - "Define the record type. C(host_record) is a A or AAAA record, C(alias) is a CNAME, C(ptr_record) is a PTR record, C(srv_record) is a SRV record and C(txt_record) is a TXT record." - "The available choices are: C(host_record), C(alias), C(ptr_record), C(srv_record), C(txt_record)." data: type: dict default: {} description: - "Additional data for this record, e.g. ['a': '192.0.2.1']. Required if I(state=present)." ''' EXAMPLES = ''' - name: Create a DNS record on a UCS community.general.udm_dns_record: name: www zone: example.com type: host_record data: a: - 192.0.2.1 - 2001:0db8::42 - name: Create a DNS v4 PTR record on a UCS community.general.udm_dns_record: name: 192.0.2.1 zone: 2.0.192.in-addr.arpa type: ptr_record data: ptr_record: "www.example.com." - name: Create a DNS v6 PTR record on a UCS community.general.udm_dns_record: name: 2001:db8:0:0:0:ff00:42:8329 zone: 2.4.0.0.0.0.f.f.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa type: ptr_record data: ptr_record: "www.example.com." ''' RETURN = '''#''' HAVE_UNIVENTION = False HAVE_IPADDRESS = False try: from univention.admin.handlers.dns import ( forward_zone, reverse_zone, ) HAVE_UNIVENTION = True except ImportError: pass from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.basic import missing_required_lib from ansible_collections.community.general.plugins.module_utils.univention_umc import ( umc_module_for_add, umc_module_for_edit, ldap_search, base_dn, config, uldap, ) try: import ipaddress HAVE_IPADDRESS = True except ImportError: pass def main(): module = AnsibleModule( argument_spec=dict( type=dict(required=True, type='str'), zone=dict(required=True, type='str'), name=dict(required=True, type='str'), data=dict(default={}, type='dict'), state=dict(default='present', choices=['present', 'absent'], type='str') ), supports_check_mode=True, required_if=([ ('state', 'present', ['data']) ]) ) if not HAVE_UNIVENTION: module.fail_json(msg="This module requires univention python bindings") type = module.params['type'] zone = module.params['zone'] name = module.params['name'] data = module.params['data'] state = module.params['state'] changed = False diff = None workname = name if type == 'ptr_record': if not HAVE_IPADDRESS: module.fail_json(msg=missing_required_lib('ipaddress')) try: if 'arpa' not in zone: raise Exception("Zone must be reversed zone for ptr_record. (e.g. 1.1.192.in-addr.arpa)") ipaddr_rev = ipaddress.ip_address(name).reverse_pointer subnet_offset = ipaddr_rev.find(zone) if subnet_offset == -1: raise Exception("reversed IP address {0} is not part of zone.".format(ipaddr_rev)) workname = ipaddr_rev[0:subnet_offset - 1] except Exception as e: module.fail_json( msg='handling PTR record for {0} in zone {1} failed: {2}'.format(name, zone, e) ) obj = list(ldap_search( '(&(objectClass=dNSZone)(zoneName={0})(relativeDomainName={1}))'.format(zone, workname), attr=['dNSZone'] )) exists = bool(len(obj)) container = 'zoneName={0},cn=dns,{1}'.format(zone, base_dn()) dn = 'relativeDomainName={0},{1}'.format(workname, container) if state == 'present': try: if not exists: so = forward_zone.lookup( config(), uldap(), '(zone={0})'.format(zone), scope='domain', ) or reverse_zone.lookup( config(), uldap(), '(zoneName={0})'.format(zone), scope='domain', ) if len(so) == 0: raise Exception("Did not find zone '{0}' in Univention".format(zone)) obj = umc_module_for_add('dns/{0}'.format(type), container, superordinate=so[0]) else: obj = umc_module_for_edit('dns/{0}'.format(type), dn) if type == 'ptr_record': obj['ip'] = name obj['address'] = workname else: obj['name'] = name for k, v in data.items(): obj[k] = v diff = obj.diff() changed = obj.diff() != [] if not module.check_mode: if not exists: obj.create() else: obj.modify() except Exception as e: module.fail_json( msg='Creating/editing dns entry {0} in {1} failed: {2}'.format(name, container, e) ) if state == 'absent' and exists: try: obj = umc_module_for_edit('dns/{0}'.format(type), dn) if not module.check_mode: obj.remove() changed = True except Exception as e: module.fail_json( msg='Removing dns entry {0} in {1} failed: {2}'.format(name, container, e) ) module.exit_json( changed=changed, name=name, diff=diff, container=container ) if __name__ == '__main__': main()