-
-
Notifications
You must be signed in to change notification settings - Fork 38
/
bind_domain.yml
232 lines (210 loc) · 6.35 KB
/
bind_domain.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
---
- name: Testing BIND Domains
hosts: localhost
gather_facts: no
module_defaults:
group/ansibleguy.opnsense.all:
firewall: "{{ lookup('ansible.builtin.env', 'TEST_FIREWALL') }}"
api_credential_file: "{{ lookup('ansible.builtin.env', 'TEST_API_KEY') }}"
ssl_verify: false
ansibleguy.opnsense.list:
target: 'bind_domain'
tasks:
- name: Listing
ansibleguy.opnsense.list:
register: opn_pre1
failed_when: >
opn_pre1.failed or
'data' not in opn_pre1 or
opn_pre1.data | length > 0
- name: Adding - failing because of invalid integer values
ansibleguy.opnsense.bind_domain:
name: 'test1.ansibleguy'
ttl: "{{ item.ttl | default(omit) }}"
refresh: "{{ item.refresh | default(omit) }}"
retry: "{{ item.retry | default(omit) }}"
expire: "{{ item.expire | default(omit) }}"
negative: "{{ item.negative | default(omit) }}"
register: opn_fail1
failed_when: not opn_fail1.failed
loop:
- {'ttl': 40}
- {'ttl': 90000}
- {'refresh': 90000}
- {'retry': 90000}
- {'expire': 10050000}
- {'negative': 90000}
- name: Adding - failing because invalid ips were provided
ansibleguy.opnsense.bind_domain:
name: 'test1.ansibleguy'
allow_notify: "{{ item.a | default(omit) }}"
primary: "{{ item.m | default(omit) }}"
register: opn_fail2
failed_when: not opn_fail2.failed
loop:
- {'a': ['192.168.0.2000']}
- {'a': ['192.168.0.0/24']}
- {'m': ['NOT-VALID']}
- name: Adding 1
ansibleguy.opnsense.bind_domain:
name: 'test1.ansibleguy'
register: opn1
failed_when: >
opn1.failed or
not opn1.changed
- name: Changing 1
ansibleguy.opnsense.bind_domain:
name: 'test1.ansibleguy'
server: 'dns.ansibleguy.net'
admin_mail: '[email protected]'
ttl: 14400
retry: 1800
register: opn9
failed_when: >
opn9.failed or
not opn9.changed
- name: Disabling 1
ansibleguy.opnsense.bind_domain:
name: 'test1.ansibleguy'
server: 'dns.ansibleguy.net'
admin_mail: '[email protected]'
ttl: 14400
retry: 1800
enabled: false
register: opn2
failed_when: >
opn2.failed or
not opn2.changed
when: not ansible_check_mode
- name: Disabling 1 - nothing changed
ansibleguy.opnsense.bind_domain:
name: 'test1.ansibleguy'
server: 'dns.ansibleguy.net'
admin_mail: '[email protected]'
ttl: 14400
retry: 1800
enabled: false
register: opn3
failed_when: >
opn3.failed or
opn3.changed
when: not ansible_check_mode
- name: Enabling 1
ansibleguy.opnsense.bind_domain:
name: 'test1.ansibleguy'
register: opn4
failed_when: >
opn4.failed or
not opn4.changed
when: not ansible_check_mode
- name: Adding 2
ansibleguy.opnsense.bind_domain:
name: 'test2.ansibleguy'
mode: 'secondary'
primary: ['192.168.0.1']
negative: 1800
expire: 1000000
transfer_key_algo: 'hmac-sha512'
transfer_key_name: 'test2'
transfer_key: "{{ 'randomsecret' | b64encode }}"
register: opn5
failed_when: >
opn5.failed or
not opn5.changed
when: not ansible_check_mode
- name: Adding 2 - Nothing changed
ansibleguy.opnsense.bind_domain:
name: 'test2.ansibleguy'
mode: 'secondary'
primary: ['192.168.0.1']
negative: 1800
expire: 1000000
transfer_key_algo: 'hmac-sha512'
transfer_key_name: 'test2'
transfer_key: "{{ 'randomsecret' | b64encode }}"
register: opn6
failed_when: >
opn6.failed or
opn6.changed
when: not ansible_check_mode
- name: Removing 2
ansibleguy.opnsense.bind_domain:
name: 'test2.ansibleguy'
state: 'absent'
register: opn7
failed_when: >
opn7.failed or
not opn7.changed
when: not ansible_check_mode
- name: Listing
ansibleguy.opnsense.list:
register: opn8
failed_when: >
'data' not in opn8 or
opn8.data | length != 1
when: not ansible_check_mode
- name: Cleanup
ansibleguy.opnsense.bind_domain:
name: "{{ item }}"
state: 'absent'
loop:
- 'test1.ansibleguy'
- 'test2.ansibleguy'
when: not ansible_check_mode
- name: Listing
ansibleguy.opnsense.list:
register: opn_clean1
failed_when: >
'data' not in opn_clean1 or
opn_clean1.data | length != 0
when: not ansible_check_mode
- name: Testing BIND general - acl linking
hosts: localhost
gather_facts: no
module_defaults:
group/ansibleguy.opnsense.all:
firewall: "{{ lookup('ansible.builtin.env', 'TEST_FIREWALL') }}"
api_credential_file: "{{ lookup('ansible.builtin.env', 'TEST_API_KEY') }}"
ssl_verify: false
tasks:
- name: Adding dummy acl's
ansibleguy.opnsense.bind_acl:
name: "{{ item.name }}"
networks: "{{ item.net }}"
loop:
- {'name': 'ANSIBLE_TEST_3_1', 'net': '192.168.0.0/25'}
- {'name': 'ANSIBLE_TEST_3_2', 'net': '192.168.0.128/25'}
when: not ansible_check_mode
- name: Adding - setting ACLs
ansibleguy.opnsense.bind_domain:
name: 'test3.ansibleguy'
query_acl: 'ANSIBLE_TEST_3_1'
transfer_acl: 'ANSIBLE_TEST_3_2'
register: opn10
failed_when: >
opn10.failed or
not opn10.changed
when: not ansible_check_mode
- name: Configuring - nothing changed
ansibleguy.opnsense.bind_domain:
name: 'test3.ansibleguy'
query_acl: 'ANSIBLE_TEST_3_1'
transfer_acl: 'ANSIBLE_TEST_3_2'
register: opn11
failed_when: >
opn11.failed or
opn11.changed
when: not ansible_check_mode
- name: Cleanup
ansibleguy.opnsense.bind_domain:
name: 'test3.ansibleguy'
state: 'absent'
when: not ansible_check_mode
- name: Cleanup ACLs
ansibleguy.opnsense.bind_acl:
name: "{{ item }}"
state: 'absent'
loop:
- 'ANSIBLE_TEST_3_1'
- 'ANSIBLE_TEST_3_2'
when: not ansible_check_mode