From 8a0f616bf88313233de9bb0feac3e750c734f3a5 Mon Sep 17 00:00:00 2001 From: Anil Gadiyar Date: Wed, 4 Dec 2024 14:39:13 +0530 Subject: [PATCH 1/6] initial commit --- meta/runtime.yml | 2 + plugins/modules/dns_server.py | 3798 ++++++++++++++++++++++++++++ plugins/modules/dns_server_info.py | 2451 ++++++++++++++++++ 3 files changed, 6251 insertions(+) create mode 100644 plugins/modules/dns_server.py create mode 100644 plugins/modules/dns_server_info.py diff --git a/meta/runtime.yml b/meta/runtime.yml index 55f479e9..f16ca810 100644 --- a/meta/runtime.yml +++ b/meta/runtime.yml @@ -11,6 +11,8 @@ action_groups: - dns_auth_zone_info - dns_forward_zone - dns_forward_zone_info + - dns_server + - dns_server_info ipam: - ipam_ip_space - ipam_ip_space_info diff --git a/plugins/modules/dns_server.py b/plugins/modules/dns_server.py new file mode 100644 index 00000000..7b0becae --- /dev/null +++ b/plugins/modules/dns_server.py @@ -0,0 +1,3798 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright: Infoblox Inc. +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +DOCUMENTATION = r""" +--- +module: dns_server +short_description: Manage Server +description: + - Manage Server +version_added: 2.0.0 +author: Infoblox Inc. (@infobloxopen) +options: + id: + description: + - ID of the object + type: str + required: false + state: + description: + - Indicate desired state of the object + type: str + required: false + choices: + - present + - absent + default: present + add_edns_option_in_outgoing_query: + description: + - "I(add_edns_option_in_outgoing_query) adds client IP, MAC address and view name into outgoing recursive query. Defaults to I(false)." + type: bool + auto_sort_views: + description: + - "Optional. Controls manual/automatic views ordering." + - "Defaults to I(true)." + type: bool + comment: + description: + - "Optional. Comment for configuration." + type: str + custom_root_ns: + description: + - "Optional. List of custom root nameservers. The order does not matter." + - "Error if empty while I(custom_root_ns_enabled) is I(true). Error if there are duplicate items in the list." + - "Defaults to empty." + type: list + elements: dict + suboptions: + address: + description: + - "IPv4 address." + type: str + fqdn: + description: + - "FQDN." + type: str + custom_root_ns_enabled: + description: + - "Optional. I(true) to use custom root nameservers instead of the default ones." + - "The I(custom_root_ns) is validated when enabled." + - "Defaults to I(false)." + type: bool + dnssec_enable_validation: + description: + - "Optional. I(true) to perform DNSSEC validation. Ignored if I(dnssec_enabled) is I(false)." + - "Defaults to I(true)." + type: bool + dnssec_enabled: + description: + - "Optional. Master toggle for all DNSSEC processing. Other I(dnssec)*_ configuration is unused if this is disabled." + - "Defaults to I(true)." + type: bool + dnssec_trust_anchors: + description: + - "Optional. DNSSEC trust anchors." + - "Error if there are list items with duplicate (I(zone), I(sep), I(algorithm)) combinations." + - "Defaults to empty." + type: list + elements: dict + suboptions: + algorithm: + description: "" + type: int + public_key: + description: + - "DNSSEC key data. Non-empty, valid base64 string." + type: str + sep: + description: + - "Optional. Secure Entry Point flag." + - "Defaults to I(true)." + type: bool + zone: + description: + - "Zone FQDN." + type: str + dnssec_validate_expiry: + description: + - "Optional. I(true) to reject expired DNSSEC keys. Ignored if either I(dnssec_enabled) or I(dnssec_enable_validation) is I(false)." + - "Defaults to I(true)." + type: bool + ecs_enabled: + description: + - "Optional. I(true) to enable EDNS client subnet for recursive queries. Other I(ecs)*_ fields are ignored if this field is not enabled." + - "Defaults to I(false)." + type: bool + ecs_forwarding: + description: + - "Optional. I(true) to enable ECS options in outbound queries. This functionality has additional overhead so it is disabled by default." + - "Defaults to I(false)." + type: bool + ecs_prefix_v4: + description: + - "Optional. Maximum scope length for v4 ECS." + - "Unsigned integer, min 1 max 24" + - "Defaults to 24." + type: int + ecs_prefix_v6: + description: + - "Optional. Maximum scope length for v6 ECS." + - "Unsigned integer, min 1 max 56" + - "Defaults to 56." + type: int + ecs_zones: + description: + - "Optional. List of zones where ECS queries may be sent." + - "Error if empty while I(ecs_enabled) is I(true). Error if there are duplicate FQDNs in the list." + - "Defaults to empty." + type: list + elements: dict + suboptions: + access: + description: + - "Access control for zone." + - "Allowed values:" + - "* I(allow)," + - "* I(deny)." + type: str + fqdn: + description: + - "Zone FQDN." + type: str + filter_aaaa_acl: + description: + - "Optional. Specifies a list of client addresses for which AAAA filtering is to be applied." + - "Defaults to I(empty)." + type: list + elements: dict + suboptions: + access: + description: + - "Access permission for I(element)." + - "Allowed values:" + - "* I(allow)," + - "* I(deny)." + type: str + acl: + description: + - "The resource identifier." + type: str + address: + description: + - "Optional. Data for I(ip) I(element)." + - "Must be empty if I(element) is not I(ip)." + type: str + element: + description: + - "Type of element." + - "Allowed values:" + - "* I(any)," + - "* I(ip)," + - "* I(acl)," + - "* I(tsig_key)." + type: str + tsig_key: + description: + - "Optional. TSIG key." + - "Must be empty if I(element) is not I(tsig_key)." + type: dict + suboptions: + algorithm: + description: + - "TSIG key algorithm." + - "Possible values:" + - "* I(hmac_sha256)," + - "* I(hmac_sha1)," + - "* I(hmac_sha224)," + - "* I(hmac_sha384)," + - "* I(hmac_sha512)." + type: str + comment: + description: + - "Comment for TSIG key." + type: str + key: + description: + - "The resource identifier." + type: str + name: + description: + - "TSIG key name, FQDN." + type: str + secret: + description: + - "TSIG key secret, base64 string." + type: str + filter_aaaa_on_v4: + description: + - "I(filter_aaaa_on_v4) allows named to omit some IPv6 addresses when responding to IPv4 clients." + - "Allowed values:" + - "* I(yes)," + - "* I(no)," + - "* I(break_dnssec)." + - "Defaults to I(no)" + type: str + forwarders: + description: + - "Optional. List of forwarders." + - "Error if empty while I(forwarders_only) or I(use_root_forwarders_for_local_resolution_with_b1td) is I(true). Error if there are items in the list with duplicate addresses." + - "Defaults to empty." + type: list + elements: dict + suboptions: + address: + description: + - "Server IP address." + type: str + fqdn: + description: + - "Server FQDN." + type: str + forwarders_only: + description: + - "Optional. I(true) to only forward." + - "Defaults to I(false)." + type: bool + gss_tsig_enabled: + description: + - "I(gss_tsig_enabled) enables/disables GSS-TSIG signed dynamic updates." + - "Defaults to I(false)." + type: bool + inheritance_sources: + description: + - "Optional. Inheritance configuration." + type: dict + suboptions: + add_edns_option_in_outgoing_query: + description: + - "Field config for I(add_edns_option_in_outgoing_query) field from I(Server) object." + type: dict + suboptions: + action: + description: + - "The inheritance setting for a field." + - "Valid values are:" + - "* I(inherit): Use the inherited value." + - "* I(override): Use the value set in the object." + - "Defaults to I(inherit)." + type: str + custom_root_ns_block: + description: + - "Optional. Field config for I(custom_root_ns_block) field from I(Server) object." + type: dict + suboptions: + action: + description: + - "Defaults to I(inherit)." + type: str + dnssec_validation_block: + description: + - "Optional. Field config for I(dnssec_validation_block) field from I(Server) object." + type: dict + suboptions: + action: + description: + - "Defaults to I(inherit)." + type: str + ecs_block: + description: + - "Optional. Field config for I(ecs_block) field from I(Server) object." + type: dict + suboptions: + action: + description: + - "Defaults to I(inherit)." + type: str + filter_aaaa_acl: + description: + - "Optional. Field config for I(filter_aaaa_acl) field from I(Server) object." + type: dict + suboptions: + action: + description: + - "Optional. Inheritance setting for a field. Defaults to I(inherit)." + type: str + filter_aaaa_on_v4: + description: + - "Optional. Field config for I(filter_aaaa_on_v4) field from I(Server) object." + type: dict + suboptions: + action: + description: + - "The inheritance setting for a field." + - "Valid values are:" + - "* I(inherit): Use the inherited value." + - "* I(override): Use the value set in the object." + - "Defaults to I(inherit)." + type: str + forwarders_block: + description: + - "Optional. Field config for I(forwarders_block) field from I(Server) object." + type: dict + suboptions: + action: + description: + - "Defaults to I(inherit)." + type: str + gss_tsig_enabled: + description: + - "Optional. Field config for I(gss_tsig_enabled) field from I(Server) object." + type: dict + suboptions: + action: + description: + - "The inheritance setting for a field." + - "Valid values are:" + - "* I(inherit): Use the inherited value." + - "* I(override): Use the value set in the object." + - "Defaults to I(inherit)." + type: str + kerberos_keys: + description: + - "Optional. Field config for I(kerberos_keys) field from I(Server) object." + type: dict + suboptions: + action: + description: + - "Optional. Inheritance setting for a field. Defaults to I(inherit)." + type: str + lame_ttl: + description: + - "Optional. Field config for I(lame_ttl) field from I(Server) object." + type: dict + suboptions: + action: + description: + - "The inheritance setting for a field." + - "Valid values are:" + - "* I(inherit): Use the inherited value." + - "* I(override): Use the value set in the object." + - "Defaults to I(inherit)." + type: str + log_query_response: + description: + - "Optional. Field config for I(log_queries_response) field from I(Server) object." + type: dict + suboptions: + action: + description: + - "The inheritance setting for a field." + - "Valid values are:" + - "* I(inherit): Use the inherited value." + - "* I(override): Use the value set in the object." + - "Defaults to I(inherit)." + type: str + match_recursive_only: + description: + - "Optional. Field config for I(match_recursive_only) field from I(Server) object." + type: dict + suboptions: + action: + description: + - "The inheritance setting for a field." + - "Valid values are:" + - "* I(inherit): Use the inherited value." + - "* I(override): Use the value set in the object." + - "Defaults to I(inherit)." + type: str + max_cache_ttl: + description: + - "Optional. Field config for I(max_cache_ttl) field from I(Server) object." + type: dict + suboptions: + action: + description: + - "The inheritance setting for a field." + - "Valid values are:" + - "* I(inherit): Use the inherited value." + - "* I(override): Use the value set in the object." + - "Defaults to I(inherit)." + type: str + max_negative_ttl: + description: + - "Optional. Field config for I(max_negative_ttl) field from I(Server) object." + type: dict + suboptions: + action: + description: + - "The inheritance setting for a field." + - "Valid values are:" + - "* I(inherit): Use the inherited value." + - "* I(override): Use the value set in the object." + - "Defaults to I(inherit)." + type: str + minimal_responses: + description: + - "Optional. Field config for I(minimal_responses) field from I(Server) object." + type: dict + suboptions: + action: + description: + - "The inheritance setting for a field." + - "Valid values are:" + - "* I(inherit): Use the inherited value." + - "* I(override): Use the value set in the object." + - "Defaults to I(inherit)." + type: str + notify: + description: + - "Field config for I(notify) field from I(Server) object." + type: dict + suboptions: + action: + description: + - "The inheritance setting for a field." + - "Valid values are:" + - "* I(inherit): Use the inherited value." + - "* I(override): Use the value set in the object." + - "Defaults to I(inherit)." + type: str + query_acl: + description: + - "Optional. Field config for I(query_acl) field from I(Server) object." + type: dict + suboptions: + action: + description: + - "Optional. Inheritance setting for a field. Defaults to I(inherit)." + type: str + query_port: + description: + - "Optional. Field config for I(query_port) field from I(Server) object." + type: dict + suboptions: + action: + description: + - "The inheritance setting for a field." + - "Valid values are:" + - "* I(inherit): Use the inherited value." + - "* I(override): Use the value set in the object." + - "Defaults to I(inherit)." + type: str + recursion_acl: + description: + - "Optional. Field config for I(recursion_acl) field from I(Server) object." + type: dict + suboptions: + action: + description: + - "Optional. Inheritance setting for a field. Defaults to I(inherit)." + type: str + recursion_enabled: + description: + - "Optional. Field config for I(recursion_enabled) field from I(Server) object." + type: dict + suboptions: + action: + description: + - "The inheritance setting for a field." + - "Valid values are:" + - "* I(inherit): Use the inherited value." + - "* I(override): Use the value set in the object." + - "Defaults to I(inherit)." + type: str + recursive_clients: + description: + - "Optional. Field config for I(recursive_clients) field from I(Server) object." + type: dict + suboptions: + action: + description: + - "The inheritance setting for a field." + - "Valid values are:" + - "* I(inherit): Use the inherited value." + - "* I(override): Use the value set in the object." + - "Defaults to I(inherit)." + type: str + resolver_query_timeout: + description: + - "Optional. Field config for I(resolver_query_timeout) field from I(Server) object." + type: dict + suboptions: + action: + description: + - "The inheritance setting for a field." + - "Valid values are:" + - "* I(inherit): Use the inherited value." + - "* I(override): Use the value set in the object." + - "Defaults to I(inherit)." + type: str + secondary_axfr_query_limit: + description: + - "Optional. Field config for I(secondary_axfr_query_limit) field from I(Server) object." + type: dict + suboptions: + action: + description: + - "The inheritance setting for a field." + - "Valid values are:" + - "* I(inherit): Use the inherited value." + - "* I(override): Use the value set in the object." + - "Defaults to I(inherit)." + type: str + secondary_soa_query_limit: + description: + - "Optional. Field config for I(secondary_soa_query_limit) field from I(Server) object." + type: dict + suboptions: + action: + description: + - "The inheritance setting for a field." + - "Valid values are:" + - "* I(inherit): Use the inherited value." + - "* I(override): Use the value set in the object." + - "Defaults to I(inherit)." + type: str + sort_list: + description: + - "Optional. Field config for I(sort_list) field from _Server object." + type: dict + suboptions: + action: + description: + - "Optional. Inheritance setting for a field. Defaults to I(inherit)." + type: str + synthesize_address_records_from_https: + description: + - "Field config for I(synthesize_address_records_from_https) field from I(Server) object." + type: dict + suboptions: + action: + description: + - "The inheritance setting for a field." + - "Valid values are:" + - "* I(inherit): Use the inherited value." + - "* I(override): Use the value set in the object." + - "Defaults to I(inherit)." + type: str + transfer_acl: + description: + - "Optional. Field config for I(transfer_acl) field from I(Server) object." + type: dict + suboptions: + action: + description: + - "Optional. Inheritance setting for a field. Defaults to I(inherit)." + type: str + update_acl: + description: + - "Optional. Field config for I(update_acl) field from I(Server) object." + type: dict + suboptions: + action: + description: + - "Optional. Inheritance setting for a field. Defaults to I(inherit)." + type: str + use_forwarders_for_subzones: + description: + - "Optional. Field config for I(use_forwarders_for_subzones) field from I(Server) object." + type: dict + suboptions: + action: + description: + - "The inheritance setting for a field." + - "Valid values are:" + - "* I(inherit): Use the inherited value." + - "* I(override): Use the value set in the object." + - "Defaults to I(inherit)." + type: str + kerberos_keys: + description: + - "I(kerberos_keys) contains a list of keys for GSS-TSIG signed dynamic updates." + - "Defaults to empty." + type: list + elements: dict + suboptions: + key: + description: + - "The resource identifier." + type: str + lame_ttl: + description: + - "Optional. Unused in the current on-prem DNS server implementation." + - "Unsigned integer, min 0 max 3600 (1h)." + - "Defaults to 600." + type: int + log_query_response: + description: + - "Optional. Control DNS query/response logging functionality." + - "Defaults to I(true)." + type: bool + match_recursive_only: + description: + - "Optional. If I(true) only recursive queries from matching clients access the view." + - "Defaults to I(false)." + type: bool + max_cache_ttl: + description: + - "Optional. Seconds to cache positive responses." + - "Unsigned integer, min 1 max 604800 (7d)." + - "Defaults to 604800 (7d)." + type: int + max_negative_ttl: + description: + - "Optional. Seconds to cache negative responses." + - "Unsigned integer, min 1 max 604800 (7d)." + - "Defaults to 10800 (3h)." + type: int + minimal_responses: + description: + - "Optional. When enabled, the DNS server will only add records to the authority and additional data sections when they are required." + - "Defaults to I(false)." + type: bool + name: + description: + - "Name of configuration." + type: str + notify: + description: + - "I(notify) all external secondary DNS servers." + - "Defaults to I(false)." + type: bool + query_acl: + description: + - "Optional. Clients must match this ACL to make authoritative queries. Also used for recursive queries if that ACL is unset." + - "Defaults to empty." + type: list + elements: dict + suboptions: + access: + description: + - "Access permission for I(element)." + - "Allowed values:" + - "* I(allow)," + - "* I(deny)." + type: str + acl: + description: + - "The resource identifier." + type: str + address: + description: + - "Optional. Data for I(ip) I(element)." + - "Must be empty if I(element) is not I(ip)." + type: str + element: + description: + - "Type of element." + - "Allowed values:" + - "* I(any)," + - "* I(ip)," + - "* I(acl)," + - "* I(tsig_key)." + type: str + tsig_key: + description: + - "Optional. TSIG key." + - "Must be empty if I(element) is not I(tsig_key)." + type: dict + suboptions: + algorithm: + description: + - "TSIG key algorithm." + - "Possible values:" + - "* I(hmac_sha256)," + - "* I(hmac_sha1)," + - "* I(hmac_sha224)," + - "* I(hmac_sha384)," + - "* I(hmac_sha512)." + type: str + comment: + description: + - "Comment for TSIG key." + type: str + key: + description: + - "The resource identifier." + type: str + name: + description: + - "TSIG key name, FQDN." + type: str + secret: + description: + - "TSIG key secret, base64 string." + type: str + query_port: + description: + - "Optional. Source port for outbound DNS queries. When set to 0 the port is unspecified and the implementation may randomize it using any available ports." + - "Defaults to 0." + type: int + recursion_acl: + description: + - "Optional. Clients must match this ACL to make recursive queries. If this ACL is empty, then the I(query_acl) field will be used instead." + - "Defaults to empty." + type: list + elements: dict + suboptions: + access: + description: + - "Access permission for I(element)." + - "Allowed values:" + - "* I(allow)," + - "* I(deny)." + type: str + acl: + description: + - "The resource identifier." + type: str + address: + description: + - "Optional. Data for I(ip) I(element)." + - "Must be empty if I(element) is not I(ip)." + type: str + element: + description: + - "Type of element." + - "Allowed values:" + - "* I(any)," + - "* I(ip)," + - "* I(acl)," + - "* I(tsig_key)." + type: str + tsig_key: + description: + - "Optional. TSIG key." + - "Must be empty if I(element) is not I(tsig_key)." + type: dict + suboptions: + algorithm: + description: + - "TSIG key algorithm." + - "Possible values:" + - "* I(hmac_sha256)," + - "* I(hmac_sha1)," + - "* I(hmac_sha224)," + - "* I(hmac_sha384)," + - "* I(hmac_sha512)." + type: str + comment: + description: + - "Comment for TSIG key." + type: str + key: + description: + - "The resource identifier." + type: str + name: + description: + - "TSIG key name, FQDN." + type: str + secret: + description: + - "TSIG key secret, base64 string." + type: str + recursion_enabled: + description: + - "Optional. I(true) to allow recursive DNS queries." + - "Defaults to I(true)." + type: bool + recursive_clients: + description: + - "Optional. Defines the number of simultaneous recursive lookups the server will perform on behalf of its clients." + - "Defaults to 1000." + type: int + resolver_query_timeout: + description: + - "Optional. Seconds before a recursive query times out." + - "Unsigned integer, min 10 max 30." + - "Defaults to 10." + type: int + secondary_axfr_query_limit: + description: + - "Optional. Maximum concurrent inbound AXFRs. When set to 0 a host-dependent default will be used." + - "Defaults to 0." + type: int + secondary_soa_query_limit: + description: + - "Optional. Maximum concurrent outbound SOA queries. When set to 0 a host-dependent default will be used." + - "Defaults to 0." + type: int + sort_list: + description: + - "Optional. Specifies a sorted network list for A/AAAA records in DNS query response." + - "Defaults to I(empty)." + type: list + elements: dict + suboptions: + acl: + description: + - "The resource identifier." + type: str + element: + description: + - "Type of element." + - "Allowed values:" + - "* I(any)," + - "* I(ip)," + - "* I(acl)," + type: str + prioritized_networks: + description: + - "Optional. The prioritized networks. If empty, the value of I(source) or networks from I(acl) is used." + type: list + elements: str + source: + description: + - "Must be empty if I(element) is not I(ip)." + type: str + synthesize_address_records_from_https: + description: + - "I(synthesize_address_records_from_https) enables/disables creation of A/AAAA records from HTTPS RR Defaults to I(false)." + type: bool + tags: + description: + - "Tagging specifics." + type: dict + transfer_acl: + description: + - "Optional. Clients must match this ACL to receive zone transfers." + - "Defaults to empty." + type: list + elements: dict + suboptions: + access: + description: + - "Access permission for I(element)." + - "Allowed values:" + - "* I(allow)," + - "* I(deny)." + type: str + acl: + description: + - "The resource identifier." + type: str + address: + description: + - "Optional. Data for I(ip) I(element)." + - "Must be empty if I(element) is not I(ip)." + type: str + element: + description: + - "Type of element." + - "Allowed values:" + - "* I(any)," + - "* I(ip)," + - "* I(acl)," + - "* I(tsig_key)." + type: str + tsig_key: + description: + - "Optional. TSIG key." + - "Must be empty if I(element) is not I(tsig_key)." + type: dict + suboptions: + algorithm: + description: + - "TSIG key algorithm." + - "Possible values:" + - "* I(hmac_sha256)," + - "* I(hmac_sha1)," + - "* I(hmac_sha224)," + - "* I(hmac_sha384)," + - "* I(hmac_sha512)." + type: str + comment: + description: + - "Comment for TSIG key." + type: str + key: + description: + - "The resource identifier." + type: str + name: + description: + - "TSIG key name, FQDN." + type: str + secret: + description: + - "TSIG key secret, base64 string." + type: str + update_acl: + description: + - "Optional. Specifies which hosts are allowed to issue Dynamic DNS updates for authoritative zones of I(primary_type) I(cloud)." + - "Defaults to empty." + type: list + elements: dict + suboptions: + access: + description: + - "Access permission for I(element)." + - "Allowed values:" + - "* I(allow)," + - "* I(deny)." + type: str + acl: + description: + - "The resource identifier." + type: str + address: + description: + - "Optional. Data for I(ip) I(element)." + - "Must be empty if I(element) is not I(ip)." + type: str + element: + description: + - "Type of element." + - "Allowed values:" + - "* I(any)," + - "* I(ip)," + - "* I(acl)," + - "* I(tsig_key)." + type: str + tsig_key: + description: + - "Optional. TSIG key." + - "Must be empty if I(element) is not I(tsig_key)." + type: dict + suboptions: + algorithm: + description: + - "TSIG key algorithm." + - "Possible values:" + - "* I(hmac_sha256)," + - "* I(hmac_sha1)," + - "* I(hmac_sha224)," + - "* I(hmac_sha384)," + - "* I(hmac_sha512)." + type: str + comment: + description: + - "Comment for TSIG key." + type: str + key: + description: + - "The resource identifier." + type: str + name: + description: + - "TSIG key name, FQDN." + type: str + secret: + description: + - "TSIG key secret, base64 string." + type: str + use_forwarders_for_subzones: + description: + - "Optional. Use default forwarders to resolve queries for subzones." + - "Defaults to I(true)." + type: bool + use_root_forwarders_for_local_resolution_with_b1td: + description: + - "I(use_root_forwarders_for_local_resolution_with_b1td) allows DNS recursive queries sent to root forwarders for local resolution when deployed alongside BloxOne Thread Defense. Defaults to I(false)." + type: bool + views: + description: + - "Optional. Ordered list of I(dns/display_view) objects served by any of I(dns/host) assigned to a particular DNS Config Profile. Automatically determined. Allows re-ordering only." + type: list + elements: dict + suboptions: + view: + description: + - "The resource identifier." + type: str + +extends_documentation_fragment: + - infoblox.bloxone.common +""" # noqa: E501 + +EXAMPLES = r""" + - name: Create a DNS Server + infoblox.bloxone.dns_server: + name: "example_server" + state: "present" + + - name: Create a DNS Server with Additional Fields + infoblox.bloxone.dns_server: + name: "example_server" + recursion_enabled: true + forwarders: + - address: "192.168.11.11" + fqdn: "example.com." + tags: + location: "my-location" + comment: "Example DNS Server" + state: "present" + + - name: Delete the DNS Server + infoblox.bloxone.dns_server: + name: "example_server" + state: "absent" +""" + + +RETURN = r""" +id: + description: + - ID of the Server object + type: str + returned: Always +item: + description: + - Server object + type: complex + returned: Always + contains: + add_edns_option_in_outgoing_query: + description: + - "I(add_edns_option_in_outgoing_query) adds client IP, MAC address and view name into outgoing recursive query. Defaults to I(false)." + type: bool + returned: Always + auto_sort_views: + description: + - "Optional. Controls manual/automatic views ordering." + - "Defaults to I(true)." + type: bool + returned: Always + comment: + description: + - "Optional. Comment for configuration." + type: str + returned: Always + created_at: + description: + - "Time when the object has been created." + type: str + returned: Always + custom_root_ns: + description: + - "Optional. List of custom root nameservers. The order does not matter." + - "Error if empty while I(custom_root_ns_enabled) is I(true). Error if there are duplicate items in the list." + - "Defaults to empty." + type: list + returned: Always + elements: dict + contains: + address: + description: + - "IPv4 address." + type: str + returned: Always + fqdn: + description: + - "FQDN." + type: str + returned: Always + protocol_fqdn: + description: + - "FQDN in punycode." + type: str + returned: Always + custom_root_ns_enabled: + description: + - "Optional. I(true) to use custom root nameservers instead of the default ones." + - "The I(custom_root_ns) is validated when enabled." + - "Defaults to I(false)." + type: bool + returned: Always + dnssec_enable_validation: + description: + - "Optional. I(true) to perform DNSSEC validation. Ignored if I(dnssec_enabled) is I(false)." + - "Defaults to I(true)." + type: bool + returned: Always + dnssec_enabled: + description: + - "Optional. Master toggle for all DNSSEC processing. Other I(dnssec)*_ configuration is unused if this is disabled." + - "Defaults to I(true)." + type: bool + returned: Always + dnssec_root_keys: + description: + - "DNSSEC root keys. The root keys are not configurable." + - "A default list is provided by cloud management and included here for config generation." + type: list + returned: Always + elements: dict + contains: + algorithm: + description: "" + type: int + returned: Always + protocol_zone: + description: + - "Zone FQDN in punycode." + type: str + returned: Always + public_key: + description: + - "DNSSEC key data. Non-empty, valid base64 string." + type: str + returned: Always + sep: + description: + - "Optional. Secure Entry Point flag." + - "Defaults to I(true)." + type: bool + returned: Always + zone: + description: + - "Zone FQDN." + type: str + returned: Always + dnssec_trust_anchors: + description: + - "Optional. DNSSEC trust anchors." + - "Error if there are list items with duplicate (I(zone), I(sep), I(algorithm)) combinations." + - "Defaults to empty." + type: list + returned: Always + elements: dict + contains: + algorithm: + description: "" + type: int + returned: Always + protocol_zone: + description: + - "Zone FQDN in punycode." + type: str + returned: Always + public_key: + description: + - "DNSSEC key data. Non-empty, valid base64 string." + type: str + returned: Always + sep: + description: + - "Optional. Secure Entry Point flag." + - "Defaults to I(true)." + type: bool + returned: Always + zone: + description: + - "Zone FQDN." + type: str + returned: Always + dnssec_validate_expiry: + description: + - "Optional. I(true) to reject expired DNSSEC keys. Ignored if either I(dnssec_enabled) or I(dnssec_enable_validation) is I(false)." + - "Defaults to I(true)." + type: bool + returned: Always + ecs_enabled: + description: + - "Optional. I(true) to enable EDNS client subnet for recursive queries. Other I(ecs)*_ fields are ignored if this field is not enabled." + - "Defaults to I(false)." + type: bool + returned: Always + ecs_forwarding: + description: + - "Optional. I(true) to enable ECS options in outbound queries. This functionality has additional overhead so it is disabled by default." + - "Defaults to I(false)." + type: bool + returned: Always + ecs_prefix_v4: + description: + - "Optional. Maximum scope length for v4 ECS." + - "Unsigned integer, min 1 max 24" + - "Defaults to 24." + type: int + returned: Always + ecs_prefix_v6: + description: + - "Optional. Maximum scope length for v6 ECS." + - "Unsigned integer, min 1 max 56" + - "Defaults to 56." + type: int + returned: Always + ecs_zones: + description: + - "Optional. List of zones where ECS queries may be sent." + - "Error if empty while I(ecs_enabled) is I(true). Error if there are duplicate FQDNs in the list." + - "Defaults to empty." + type: list + returned: Always + elements: dict + contains: + access: + description: + - "Access control for zone." + - "Allowed values:" + - "* I(allow)," + - "* I(deny)." + type: str + returned: Always + fqdn: + description: + - "Zone FQDN." + type: str + returned: Always + protocol_fqdn: + description: + - "Zone FQDN in punycode." + type: str + returned: Always + filter_aaaa_acl: + description: + - "Optional. Specifies a list of client addresses for which AAAA filtering is to be applied." + - "Defaults to I(empty)." + type: list + returned: Always + elements: dict + contains: + access: + description: + - "Access permission for I(element)." + - "Allowed values:" + - "* I(allow)," + - "* I(deny)." + type: str + returned: Always + acl: + description: + - "The resource identifier." + type: str + returned: Always + address: + description: + - "Optional. Data for I(ip) I(element)." + - "Must be empty if I(element) is not I(ip)." + type: str + returned: Always + element: + description: + - "Type of element." + - "Allowed values:" + - "* I(any)," + - "* I(ip)," + - "* I(acl)," + - "* I(tsig_key)." + type: str + returned: Always + tsig_key: + description: + - "Optional. TSIG key." + - "Must be empty if I(element) is not I(tsig_key)." + type: dict + returned: Always + contains: + algorithm: + description: + - "TSIG key algorithm." + - "Possible values:" + - "* I(hmac_sha256)," + - "* I(hmac_sha1)," + - "* I(hmac_sha224)," + - "* I(hmac_sha384)," + - "* I(hmac_sha512)." + type: str + returned: Always + comment: + description: + - "Comment for TSIG key." + type: str + returned: Always + key: + description: + - "The resource identifier." + type: str + returned: Always + name: + description: + - "TSIG key name, FQDN." + type: str + returned: Always + protocol_name: + description: + - "TSIG key name in punycode." + type: str + returned: Always + secret: + description: + - "TSIG key secret, base64 string." + type: str + returned: Always + filter_aaaa_on_v4: + description: + - "I(filter_aaaa_on_v4) allows named to omit some IPv6 addresses when responding to IPv4 clients." + - "Allowed values:" + - "* I(yes)," + - "* I(no)," + - "* I(break_dnssec)." + - "Defaults to I(no)" + type: str + returned: Always + forwarders: + description: + - "Optional. List of forwarders." + - "Error if empty while I(forwarders_only) or I(use_root_forwarders_for_local_resolution_with_b1td) is I(true). Error if there are items in the list with duplicate addresses." + - "Defaults to empty." + type: list + returned: Always + elements: dict + contains: + address: + description: + - "Server IP address." + type: str + returned: Always + fqdn: + description: + - "Server FQDN." + type: str + returned: Always + protocol_fqdn: + description: + - "Server FQDN in punycode." + type: str + returned: Always + forwarders_only: + description: + - "Optional. I(true) to only forward." + - "Defaults to I(false)." + type: bool + returned: Always + gss_tsig_enabled: + description: + - "I(gss_tsig_enabled) enables/disables GSS-TSIG signed dynamic updates." + - "Defaults to I(false)." + type: bool + returned: Always + id: + description: + - "The resource identifier." + type: str + returned: Always + inheritance_sources: + description: + - "Optional. Inheritance configuration." + type: dict + returned: Always + contains: + add_edns_option_in_outgoing_query: + description: + - "Field config for I(add_edns_option_in_outgoing_query) field from I(Server) object." + type: dict + returned: Always + contains: + action: + description: + - "The inheritance setting for a field." + - "Valid values are:" + - "* I(inherit): Use the inherited value." + - "* I(override): Use the value set in the object." + - "Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "The human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "The inherited value." + type: bool + returned: Always + custom_root_ns_block: + description: + - "Optional. Field config for I(custom_root_ns_block) field from I(Server) object." + type: dict + returned: Always + contains: + action: + description: + - "Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "Human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "Inherited value." + type: dict + returned: Always + contains: + custom_root_ns: + description: + - "Optional. Field config for I(custom_root_ns) field." + type: list + returned: Always + elements: dict + contains: + address: + description: + - "IPv4 address." + type: str + returned: Always + fqdn: + description: + - "FQDN." + type: str + returned: Always + protocol_fqdn: + description: + - "FQDN in punycode." + type: str + returned: Always + custom_root_ns_enabled: + description: + - "Optional. Field config for I(custom_root_ns_enabled) field." + type: bool + returned: Always + dnssec_validation_block: + description: + - "Optional. Field config for I(dnssec_validation_block) field from I(Server) object." + type: dict + returned: Always + contains: + action: + description: + - "Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "Human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "Inherited value." + type: dict + returned: Always + contains: + dnssec_enable_validation: + description: + - "Optional. Field config for I(dnssec_enable_validation) field." + type: bool + returned: Always + dnssec_enabled: + description: + - "Optional. Field config for I(dnssec_enabled) field." + type: bool + returned: Always + dnssec_trust_anchors: + description: + - "Optional. Field config for I(dnssec_trust_anchors) field." + type: list + returned: Always + elements: dict + contains: + algorithm: + description: "" + type: int + returned: Always + protocol_zone: + description: + - "Zone FQDN in punycode." + type: str + returned: Always + public_key: + description: + - "DNSSEC key data. Non-empty, valid base64 string." + type: str + returned: Always + sep: + description: + - "Optional. Secure Entry Point flag." + - "Defaults to I(true)." + type: bool + returned: Always + zone: + description: + - "Zone FQDN." + type: str + returned: Always + dnssec_validate_expiry: + description: + - "Optional. Field config for I(dnssec_validate_expiry) field." + type: bool + returned: Always + ecs_block: + description: + - "Optional. Field config for I(ecs_block) field from I(Server) object." + type: dict + returned: Always + contains: + action: + description: + - "Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "Human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "Inherited value." + type: dict + returned: Always + contains: + ecs_enabled: + description: + - "Optional. Field config for I(ecs_enabled) field." + type: bool + returned: Always + ecs_forwarding: + description: + - "Optional. Field config for I(ecs_forwarding) field." + type: bool + returned: Always + ecs_prefix_v4: + description: + - "Optional. Field config for I(ecs_prefix_v4) field." + type: int + returned: Always + ecs_prefix_v6: + description: + - "Optional. Field config for I(ecs_prefix_v6) field." + type: int + returned: Always + ecs_zones: + description: + - "Optional. Field config for I(ecs_zones) field." + type: list + returned: Always + elements: dict + contains: + access: + description: + - "Access control for zone." + - "Allowed values:" + - "* I(allow)," + - "* I(deny)." + type: str + returned: Always + fqdn: + description: + - "Zone FQDN." + type: str + returned: Always + protocol_fqdn: + description: + - "Zone FQDN in punycode." + type: str + returned: Always + filter_aaaa_acl: + description: + - "Optional. Field config for I(filter_aaaa_acl) field from I(Server) object." + type: dict + returned: Always + contains: + action: + description: + - "Optional. Inheritance setting for a field. Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "Human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "Inherited value." + type: list + returned: Always + elements: dict + contains: + access: + description: + - "Access permission for I(element)." + - "Allowed values:" + - "* I(allow)," + - "* I(deny)." + type: str + returned: Always + acl: + description: + - "The resource identifier." + type: str + returned: Always + address: + description: + - "Optional. Data for I(ip) I(element)." + - "Must be empty if I(element) is not I(ip)." + type: str + returned: Always + element: + description: + - "Type of element." + - "Allowed values:" + - "* I(any)," + - "* I(ip)," + - "* I(acl)," + - "* I(tsig_key)." + type: str + returned: Always + tsig_key: + description: + - "Optional. TSIG key." + - "Must be empty if I(element) is not I(tsig_key)." + type: dict + returned: Always + contains: + algorithm: + description: + - "TSIG key algorithm." + - "Possible values:" + - "* I(hmac_sha256)," + - "* I(hmac_sha1)," + - "* I(hmac_sha224)," + - "* I(hmac_sha384)," + - "* I(hmac_sha512)." + type: str + returned: Always + comment: + description: + - "Comment for TSIG key." + type: str + returned: Always + key: + description: + - "The resource identifier." + type: str + returned: Always + name: + description: + - "TSIG key name, FQDN." + type: str + returned: Always + protocol_name: + description: + - "TSIG key name in punycode." + type: str + returned: Always + secret: + description: + - "TSIG key secret, base64 string." + type: str + returned: Always + filter_aaaa_on_v4: + description: + - "Optional. Field config for I(filter_aaaa_on_v4) field from I(Server) object." + type: dict + returned: Always + contains: + action: + description: + - "The inheritance setting for a field." + - "Valid values are:" + - "* I(inherit): Use the inherited value." + - "* I(override): Use the value set in the object." + - "Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "The human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "The inherited value." + type: str + returned: Always + forwarders_block: + description: + - "Optional. Field config for I(forwarders_block) field from I(Server) object." + type: dict + returned: Always + contains: + action: + description: + - "Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "Human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "Inherited value." + type: dict + returned: Always + contains: + forwarders: + description: + - "Optional. Field config for I(forwarders) field from." + type: list + returned: Always + elements: dict + contains: + address: + description: + - "Server IP address." + type: str + returned: Always + fqdn: + description: + - "Server FQDN." + type: str + returned: Always + protocol_fqdn: + description: + - "Server FQDN in punycode." + type: str + returned: Always + forwarders_only: + description: + - "Optional. Field config for I(forwarders_only) field." + type: bool + returned: Always + use_root_forwarders_for_local_resolution_with_b1td: + description: + - "Optional. Field config for I(use_root_forwarders_for_local_resolution_with_b1td) field." + type: bool + returned: Always + gss_tsig_enabled: + description: + - "Optional. Field config for I(gss_tsig_enabled) field from I(Server) object." + type: dict + returned: Always + contains: + action: + description: + - "The inheritance setting for a field." + - "Valid values are:" + - "* I(inherit): Use the inherited value." + - "* I(override): Use the value set in the object." + - "Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "The human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "The inherited value." + type: bool + returned: Always + kerberos_keys: + description: + - "Optional. Field config for I(kerberos_keys) field from I(Server) object." + type: dict + returned: Always + contains: + action: + description: + - "Optional. Inheritance setting for a field. Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "Human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "Inherited value." + type: list + returned: Always + elements: dict + contains: + algorithm: + description: + - "Encryption algorithm of the key in accordance with RFC 3961." + type: str + returned: Always + domain: + description: + - "Kerberos realm of the principal." + type: str + returned: Always + key: + description: + - "The resource identifier." + type: str + returned: Always + principal: + description: + - "Kerberos principal associated with key." + type: str + returned: Always + uploaded_at: + description: + - "Upload time for the key." + type: str + returned: Always + version: + description: + - "The version number (KVNO) of the key." + type: int + returned: Always + lame_ttl: + description: + - "Optional. Field config for I(lame_ttl) field from I(Server) object." + type: dict + returned: Always + contains: + action: + description: + - "The inheritance setting for a field." + - "Valid values are:" + - "* I(inherit): Use the inherited value." + - "* I(override): Use the value set in the object." + - "Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "The human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "The inherited value." + type: int + returned: Always + log_query_response: + description: + - "Optional. Field config for I(log_queries_response) field from I(Server) object." + type: dict + returned: Always + contains: + action: + description: + - "The inheritance setting for a field." + - "Valid values are:" + - "* I(inherit): Use the inherited value." + - "* I(override): Use the value set in the object." + - "Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "The human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "The inherited value." + type: bool + returned: Always + match_recursive_only: + description: + - "Optional. Field config for I(match_recursive_only) field from I(Server) object." + type: dict + returned: Always + contains: + action: + description: + - "The inheritance setting for a field." + - "Valid values are:" + - "* I(inherit): Use the inherited value." + - "* I(override): Use the value set in the object." + - "Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "The human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "The inherited value." + type: bool + returned: Always + max_cache_ttl: + description: + - "Optional. Field config for I(max_cache_ttl) field from I(Server) object." + type: dict + returned: Always + contains: + action: + description: + - "The inheritance setting for a field." + - "Valid values are:" + - "* I(inherit): Use the inherited value." + - "* I(override): Use the value set in the object." + - "Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "The human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "The inherited value." + type: int + returned: Always + max_negative_ttl: + description: + - "Optional. Field config for I(max_negative_ttl) field from I(Server) object." + type: dict + returned: Always + contains: + action: + description: + - "The inheritance setting for a field." + - "Valid values are:" + - "* I(inherit): Use the inherited value." + - "* I(override): Use the value set in the object." + - "Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "The human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "The inherited value." + type: int + returned: Always + minimal_responses: + description: + - "Optional. Field config for I(minimal_responses) field from I(Server) object." + type: dict + returned: Always + contains: + action: + description: + - "The inheritance setting for a field." + - "Valid values are:" + - "* I(inherit): Use the inherited value." + - "* I(override): Use the value set in the object." + - "Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "The human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "The inherited value." + type: bool + returned: Always + notify: + description: + - "Field config for I(notify) field from I(Server) object." + type: dict + returned: Always + contains: + action: + description: + - "The inheritance setting for a field." + - "Valid values are:" + - "* I(inherit): Use the inherited value." + - "* I(override): Use the value set in the object." + - "Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "The human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "The inherited value." + type: bool + returned: Always + query_acl: + description: + - "Optional. Field config for I(query_acl) field from I(Server) object." + type: dict + returned: Always + contains: + action: + description: + - "Optional. Inheritance setting for a field. Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "Human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "Inherited value." + type: list + returned: Always + elements: dict + contains: + access: + description: + - "Access permission for I(element)." + - "Allowed values:" + - "* I(allow)," + - "* I(deny)." + type: str + returned: Always + acl: + description: + - "The resource identifier." + type: str + returned: Always + address: + description: + - "Optional. Data for I(ip) I(element)." + - "Must be empty if I(element) is not I(ip)." + type: str + returned: Always + element: + description: + - "Type of element." + - "Allowed values:" + - "* I(any)," + - "* I(ip)," + - "* I(acl)," + - "* I(tsig_key)." + type: str + returned: Always + tsig_key: + description: + - "Optional. TSIG key." + - "Must be empty if I(element) is not I(tsig_key)." + type: dict + returned: Always + contains: + algorithm: + description: + - "TSIG key algorithm." + - "Possible values:" + - "* I(hmac_sha256)," + - "* I(hmac_sha1)," + - "* I(hmac_sha224)," + - "* I(hmac_sha384)," + - "* I(hmac_sha512)." + type: str + returned: Always + comment: + description: + - "Comment for TSIG key." + type: str + returned: Always + key: + description: + - "The resource identifier." + type: str + returned: Always + name: + description: + - "TSIG key name, FQDN." + type: str + returned: Always + protocol_name: + description: + - "TSIG key name in punycode." + type: str + returned: Always + secret: + description: + - "TSIG key secret, base64 string." + type: str + returned: Always + query_port: + description: + - "Optional. Field config for I(query_port) field from I(Server) object." + type: dict + returned: Always + contains: + action: + description: + - "The inheritance setting for a field." + - "Valid values are:" + - "* I(inherit): Use the inherited value." + - "* I(override): Use the value set in the object." + - "Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "The human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "The inherited value." + type: int + returned: Always + recursion_acl: + description: + - "Optional. Field config for I(recursion_acl) field from I(Server) object." + type: dict + returned: Always + contains: + action: + description: + - "Optional. Inheritance setting for a field. Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "Human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "Inherited value." + type: list + returned: Always + elements: dict + contains: + access: + description: + - "Access permission for I(element)." + - "Allowed values:" + - "* I(allow)," + - "* I(deny)." + type: str + returned: Always + acl: + description: + - "The resource identifier." + type: str + returned: Always + address: + description: + - "Optional. Data for I(ip) I(element)." + - "Must be empty if I(element) is not I(ip)." + type: str + returned: Always + element: + description: + - "Type of element." + - "Allowed values:" + - "* I(any)," + - "* I(ip)," + - "* I(acl)," + - "* I(tsig_key)." + type: str + returned: Always + tsig_key: + description: + - "Optional. TSIG key." + - "Must be empty if I(element) is not I(tsig_key)." + type: dict + returned: Always + contains: + algorithm: + description: + - "TSIG key algorithm." + - "Possible values:" + - "* I(hmac_sha256)," + - "* I(hmac_sha1)," + - "* I(hmac_sha224)," + - "* I(hmac_sha384)," + - "* I(hmac_sha512)." + type: str + returned: Always + comment: + description: + - "Comment for TSIG key." + type: str + returned: Always + key: + description: + - "The resource identifier." + type: str + returned: Always + name: + description: + - "TSIG key name, FQDN." + type: str + returned: Always + protocol_name: + description: + - "TSIG key name in punycode." + type: str + returned: Always + secret: + description: + - "TSIG key secret, base64 string." + type: str + returned: Always + recursion_enabled: + description: + - "Optional. Field config for I(recursion_enabled) field from I(Server) object." + type: dict + returned: Always + contains: + action: + description: + - "The inheritance setting for a field." + - "Valid values are:" + - "* I(inherit): Use the inherited value." + - "* I(override): Use the value set in the object." + - "Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "The human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "The inherited value." + type: bool + returned: Always + recursive_clients: + description: + - "Optional. Field config for I(recursive_clients) field from I(Server) object." + type: dict + returned: Always + contains: + action: + description: + - "The inheritance setting for a field." + - "Valid values are:" + - "* I(inherit): Use the inherited value." + - "* I(override): Use the value set in the object." + - "Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "The human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "The inherited value." + type: int + returned: Always + resolver_query_timeout: + description: + - "Optional. Field config for I(resolver_query_timeout) field from I(Server) object." + type: dict + returned: Always + contains: + action: + description: + - "The inheritance setting for a field." + - "Valid values are:" + - "* I(inherit): Use the inherited value." + - "* I(override): Use the value set in the object." + - "Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "The human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "The inherited value." + type: int + returned: Always + secondary_axfr_query_limit: + description: + - "Optional. Field config for I(secondary_axfr_query_limit) field from I(Server) object." + type: dict + returned: Always + contains: + action: + description: + - "The inheritance setting for a field." + - "Valid values are:" + - "* I(inherit): Use the inherited value." + - "* I(override): Use the value set in the object." + - "Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "The human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "The inherited value." + type: int + returned: Always + secondary_soa_query_limit: + description: + - "Optional. Field config for I(secondary_soa_query_limit) field from I(Server) object." + type: dict + returned: Always + contains: + action: + description: + - "The inheritance setting for a field." + - "Valid values are:" + - "* I(inherit): Use the inherited value." + - "* I(override): Use the value set in the object." + - "Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "The human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "The inherited value." + type: int + returned: Always + sort_list: + description: + - "Optional. Field config for I(sort_list) field from _Server object." + type: dict + returned: Always + contains: + action: + description: + - "Optional. Inheritance setting for a field. Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "Human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "Inherited value." + type: list + returned: Always + elements: dict + contains: + acl: + description: + - "The resource identifier." + type: str + returned: Always + element: + description: + - "Type of element." + - "Allowed values:" + - "* I(any)," + - "* I(ip)," + - "* I(acl)," + type: str + returned: Always + prioritized_networks: + description: + - "Optional. The prioritized networks. If empty, the value of I(source) or networks from I(acl) is used." + type: list + returned: Always + source: + description: + - "Must be empty if I(element) is not I(ip)." + type: str + returned: Always + synthesize_address_records_from_https: + description: + - "Field config for I(synthesize_address_records_from_https) field from I(Server) object." + type: dict + returned: Always + contains: + action: + description: + - "The inheritance setting for a field." + - "Valid values are:" + - "* I(inherit): Use the inherited value." + - "* I(override): Use the value set in the object." + - "Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "The human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "The inherited value." + type: bool + returned: Always + transfer_acl: + description: + - "Optional. Field config for I(transfer_acl) field from I(Server) object." + type: dict + returned: Always + contains: + action: + description: + - "Optional. Inheritance setting for a field. Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "Human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "Inherited value." + type: list + returned: Always + elements: dict + contains: + access: + description: + - "Access permission for I(element)." + - "Allowed values:" + - "* I(allow)," + - "* I(deny)." + type: str + returned: Always + acl: + description: + - "The resource identifier." + type: str + returned: Always + address: + description: + - "Optional. Data for I(ip) I(element)." + - "Must be empty if I(element) is not I(ip)." + type: str + returned: Always + element: + description: + - "Type of element." + - "Allowed values:" + - "* I(any)," + - "* I(ip)," + - "* I(acl)," + - "* I(tsig_key)." + type: str + returned: Always + tsig_key: + description: + - "Optional. TSIG key." + - "Must be empty if I(element) is not I(tsig_key)." + type: dict + returned: Always + contains: + algorithm: + description: + - "TSIG key algorithm." + - "Possible values:" + - "* I(hmac_sha256)," + - "* I(hmac_sha1)," + - "* I(hmac_sha224)," + - "* I(hmac_sha384)," + - "* I(hmac_sha512)." + type: str + returned: Always + comment: + description: + - "Comment for TSIG key." + type: str + returned: Always + key: + description: + - "The resource identifier." + type: str + returned: Always + name: + description: + - "TSIG key name, FQDN." + type: str + returned: Always + protocol_name: + description: + - "TSIG key name in punycode." + type: str + returned: Always + secret: + description: + - "TSIG key secret, base64 string." + type: str + returned: Always + update_acl: + description: + - "Optional. Field config for I(update_acl) field from I(Server) object." + type: dict + returned: Always + contains: + action: + description: + - "Optional. Inheritance setting for a field. Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "Human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "Inherited value." + type: list + returned: Always + elements: dict + contains: + access: + description: + - "Access permission for I(element)." + - "Allowed values:" + - "* I(allow)," + - "* I(deny)." + type: str + returned: Always + acl: + description: + - "The resource identifier." + type: str + returned: Always + address: + description: + - "Optional. Data for I(ip) I(element)." + - "Must be empty if I(element) is not I(ip)." + type: str + returned: Always + element: + description: + - "Type of element." + - "Allowed values:" + - "* I(any)," + - "* I(ip)," + - "* I(acl)," + - "* I(tsig_key)." + type: str + returned: Always + tsig_key: + description: + - "Optional. TSIG key." + - "Must be empty if I(element) is not I(tsig_key)." + type: dict + returned: Always + contains: + algorithm: + description: + - "TSIG key algorithm." + - "Possible values:" + - "* I(hmac_sha256)," + - "* I(hmac_sha1)," + - "* I(hmac_sha224)," + - "* I(hmac_sha384)," + - "* I(hmac_sha512)." + type: str + returned: Always + comment: + description: + - "Comment for TSIG key." + type: str + returned: Always + key: + description: + - "The resource identifier." + type: str + returned: Always + name: + description: + - "TSIG key name, FQDN." + type: str + returned: Always + protocol_name: + description: + - "TSIG key name in punycode." + type: str + returned: Always + secret: + description: + - "TSIG key secret, base64 string." + type: str + returned: Always + use_forwarders_for_subzones: + description: + - "Optional. Field config for I(use_forwarders_for_subzones) field from I(Server) object." + type: dict + returned: Always + contains: + action: + description: + - "The inheritance setting for a field." + - "Valid values are:" + - "* I(inherit): Use the inherited value." + - "* I(override): Use the value set in the object." + - "Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "The human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "The inherited value." + type: bool + returned: Always + kerberos_keys: + description: + - "I(kerberos_keys) contains a list of keys for GSS-TSIG signed dynamic updates." + - "Defaults to empty." + type: list + returned: Always + elements: dict + contains: + algorithm: + description: + - "Encryption algorithm of the key in accordance with RFC 3961." + type: str + returned: Always + domain: + description: + - "Kerberos realm of the principal." + type: str + returned: Always + key: + description: + - "The resource identifier." + type: str + returned: Always + principal: + description: + - "Kerberos principal associated with key." + type: str + returned: Always + uploaded_at: + description: + - "Upload time for the key." + type: str + returned: Always + version: + description: + - "The version number (KVNO) of the key." + type: int + returned: Always + lame_ttl: + description: + - "Optional. Unused in the current on-prem DNS server implementation." + - "Unsigned integer, min 0 max 3600 (1h)." + - "Defaults to 600." + type: int + returned: Always + log_query_response: + description: + - "Optional. Control DNS query/response logging functionality." + - "Defaults to I(true)." + type: bool + returned: Always + match_recursive_only: + description: + - "Optional. If I(true) only recursive queries from matching clients access the view." + - "Defaults to I(false)." + type: bool + returned: Always + max_cache_ttl: + description: + - "Optional. Seconds to cache positive responses." + - "Unsigned integer, min 1 max 604800 (7d)." + - "Defaults to 604800 (7d)." + type: int + returned: Always + max_negative_ttl: + description: + - "Optional. Seconds to cache negative responses." + - "Unsigned integer, min 1 max 604800 (7d)." + - "Defaults to 10800 (3h)." + type: int + returned: Always + minimal_responses: + description: + - "Optional. When enabled, the DNS server will only add records to the authority and additional data sections when they are required." + - "Defaults to I(false)." + type: bool + returned: Always + name: + description: + - "Name of configuration." + type: str + returned: Always + notify: + description: + - "I(notify) all external secondary DNS servers." + - "Defaults to I(false)." + type: bool + returned: Always + query_acl: + description: + - "Optional. Clients must match this ACL to make authoritative queries. Also used for recursive queries if that ACL is unset." + - "Defaults to empty." + type: list + returned: Always + elements: dict + contains: + access: + description: + - "Access permission for I(element)." + - "Allowed values:" + - "* I(allow)," + - "* I(deny)." + type: str + returned: Always + acl: + description: + - "The resource identifier." + type: str + returned: Always + address: + description: + - "Optional. Data for I(ip) I(element)." + - "Must be empty if I(element) is not I(ip)." + type: str + returned: Always + element: + description: + - "Type of element." + - "Allowed values:" + - "* I(any)," + - "* I(ip)," + - "* I(acl)," + - "* I(tsig_key)." + type: str + returned: Always + tsig_key: + description: + - "Optional. TSIG key." + - "Must be empty if I(element) is not I(tsig_key)." + type: dict + returned: Always + contains: + algorithm: + description: + - "TSIG key algorithm." + - "Possible values:" + - "* I(hmac_sha256)," + - "* I(hmac_sha1)," + - "* I(hmac_sha224)," + - "* I(hmac_sha384)," + - "* I(hmac_sha512)." + type: str + returned: Always + comment: + description: + - "Comment for TSIG key." + type: str + returned: Always + key: + description: + - "The resource identifier." + type: str + returned: Always + name: + description: + - "TSIG key name, FQDN." + type: str + returned: Always + protocol_name: + description: + - "TSIG key name in punycode." + type: str + returned: Always + secret: + description: + - "TSIG key secret, base64 string." + type: str + returned: Always + query_port: + description: + - "Optional. Source port for outbound DNS queries. When set to 0 the port is unspecified and the implementation may randomize it using any available ports." + - "Defaults to 0." + type: int + returned: Always + recursion_acl: + description: + - "Optional. Clients must match this ACL to make recursive queries. If this ACL is empty, then the I(query_acl) field will be used instead." + - "Defaults to empty." + type: list + returned: Always + elements: dict + contains: + access: + description: + - "Access permission for I(element)." + - "Allowed values:" + - "* I(allow)," + - "* I(deny)." + type: str + returned: Always + acl: + description: + - "The resource identifier." + type: str + returned: Always + address: + description: + - "Optional. Data for I(ip) I(element)." + - "Must be empty if I(element) is not I(ip)." + type: str + returned: Always + element: + description: + - "Type of element." + - "Allowed values:" + - "* I(any)," + - "* I(ip)," + - "* I(acl)," + - "* I(tsig_key)." + type: str + returned: Always + tsig_key: + description: + - "Optional. TSIG key." + - "Must be empty if I(element) is not I(tsig_key)." + type: dict + returned: Always + contains: + algorithm: + description: + - "TSIG key algorithm." + - "Possible values:" + - "* I(hmac_sha256)," + - "* I(hmac_sha1)," + - "* I(hmac_sha224)," + - "* I(hmac_sha384)," + - "* I(hmac_sha512)." + type: str + returned: Always + comment: + description: + - "Comment for TSIG key." + type: str + returned: Always + key: + description: + - "The resource identifier." + type: str + returned: Always + name: + description: + - "TSIG key name, FQDN." + type: str + returned: Always + protocol_name: + description: + - "TSIG key name in punycode." + type: str + returned: Always + secret: + description: + - "TSIG key secret, base64 string." + type: str + returned: Always + recursion_enabled: + description: + - "Optional. I(true) to allow recursive DNS queries." + - "Defaults to I(true)." + type: bool + returned: Always + recursive_clients: + description: + - "Optional. Defines the number of simultaneous recursive lookups the server will perform on behalf of its clients." + - "Defaults to 1000." + type: int + returned: Always + resolver_query_timeout: + description: + - "Optional. Seconds before a recursive query times out." + - "Unsigned integer, min 10 max 30." + - "Defaults to 10." + type: int + returned: Always + secondary_axfr_query_limit: + description: + - "Optional. Maximum concurrent inbound AXFRs. When set to 0 a host-dependent default will be used." + - "Defaults to 0." + type: int + returned: Always + secondary_soa_query_limit: + description: + - "Optional. Maximum concurrent outbound SOA queries. When set to 0 a host-dependent default will be used." + - "Defaults to 0." + type: int + returned: Always + sort_list: + description: + - "Optional. Specifies a sorted network list for A/AAAA records in DNS query response." + - "Defaults to I(empty)." + type: list + returned: Always + elements: dict + contains: + acl: + description: + - "The resource identifier." + type: str + returned: Always + element: + description: + - "Type of element." + - "Allowed values:" + - "* I(any)," + - "* I(ip)," + - "* I(acl)," + type: str + returned: Always + prioritized_networks: + description: + - "Optional. The prioritized networks. If empty, the value of I(source) or networks from I(acl) is used." + type: list + returned: Always + source: + description: + - "Must be empty if I(element) is not I(ip)." + type: str + returned: Always + synthesize_address_records_from_https: + description: + - "I(synthesize_address_records_from_https) enables/disables creation of A/AAAA records from HTTPS RR Defaults to I(false)." + type: bool + returned: Always + tags: + description: + - "Tagging specifics." + type: dict + returned: Always + transfer_acl: + description: + - "Optional. Clients must match this ACL to receive zone transfers." + - "Defaults to empty." + type: list + returned: Always + elements: dict + contains: + access: + description: + - "Access permission for I(element)." + - "Allowed values:" + - "* I(allow)," + - "* I(deny)." + type: str + returned: Always + acl: + description: + - "The resource identifier." + type: str + returned: Always + address: + description: + - "Optional. Data for I(ip) I(element)." + - "Must be empty if I(element) is not I(ip)." + type: str + returned: Always + element: + description: + - "Type of element." + - "Allowed values:" + - "* I(any)," + - "* I(ip)," + - "* I(acl)," + - "* I(tsig_key)." + type: str + returned: Always + tsig_key: + description: + - "Optional. TSIG key." + - "Must be empty if I(element) is not I(tsig_key)." + type: dict + returned: Always + contains: + algorithm: + description: + - "TSIG key algorithm." + - "Possible values:" + - "* I(hmac_sha256)," + - "* I(hmac_sha1)," + - "* I(hmac_sha224)," + - "* I(hmac_sha384)," + - "* I(hmac_sha512)." + type: str + returned: Always + comment: + description: + - "Comment for TSIG key." + type: str + returned: Always + key: + description: + - "The resource identifier." + type: str + returned: Always + name: + description: + - "TSIG key name, FQDN." + type: str + returned: Always + protocol_name: + description: + - "TSIG key name in punycode." + type: str + returned: Always + secret: + description: + - "TSIG key secret, base64 string." + type: str + returned: Always + update_acl: + description: + - "Optional. Specifies which hosts are allowed to issue Dynamic DNS updates for authoritative zones of I(primary_type) I(cloud)." + - "Defaults to empty." + type: list + returned: Always + elements: dict + contains: + access: + description: + - "Access permission for I(element)." + - "Allowed values:" + - "* I(allow)," + - "* I(deny)." + type: str + returned: Always + acl: + description: + - "The resource identifier." + type: str + returned: Always + address: + description: + - "Optional. Data for I(ip) I(element)." + - "Must be empty if I(element) is not I(ip)." + type: str + returned: Always + element: + description: + - "Type of element." + - "Allowed values:" + - "* I(any)," + - "* I(ip)," + - "* I(acl)," + - "* I(tsig_key)." + type: str + returned: Always + tsig_key: + description: + - "Optional. TSIG key." + - "Must be empty if I(element) is not I(tsig_key)." + type: dict + returned: Always + contains: + algorithm: + description: + - "TSIG key algorithm." + - "Possible values:" + - "* I(hmac_sha256)," + - "* I(hmac_sha1)," + - "* I(hmac_sha224)," + - "* I(hmac_sha384)," + - "* I(hmac_sha512)." + type: str + returned: Always + comment: + description: + - "Comment for TSIG key." + type: str + returned: Always + key: + description: + - "The resource identifier." + type: str + returned: Always + name: + description: + - "TSIG key name, FQDN." + type: str + returned: Always + protocol_name: + description: + - "TSIG key name in punycode." + type: str + returned: Always + secret: + description: + - "TSIG key secret, base64 string." + type: str + returned: Always + updated_at: + description: + - "Time when the object has been updated. Equals to I(created_at) if not updated after creation." + type: str + returned: Always + use_forwarders_for_subzones: + description: + - "Optional. Use default forwarders to resolve queries for subzones." + - "Defaults to I(true)." + type: bool + returned: Always + use_root_forwarders_for_local_resolution_with_b1td: + description: + - "I(use_root_forwarders_for_local_resolution_with_b1td) allows DNS recursive queries sent to root forwarders for local resolution when deployed alongside BloxOne Thread Defense. Defaults to I(false)." + type: bool + returned: Always + views: + description: + - "Optional. Ordered list of I(dns/display_view) objects served by any of I(dns/host) assigned to a particular DNS Config Profile. Automatically determined. Allows re-ordering only." + type: list + returned: Always + elements: dict + contains: + comment: + description: + - "DNS view description." + type: str + returned: Always + name: + description: + - "DNS view name." + type: str + returned: Always + view: + description: + - "The resource identifier." + type: str + returned: Always +""" # noqa: E501 + +from ansible_collections.infoblox.bloxone.plugins.module_utils.modules import BloxoneAnsibleModule + +try: + from bloxone_client import ApiException, NotFoundException + from dns_config import Server, ServerApi +except ImportError: + pass # Handled by BloxoneAnsibleModule + + +class ServerModule(BloxoneAnsibleModule): + def __init__(self, *args, **kwargs): + super(ServerModule, self).__init__(*args, **kwargs) + + exclude = ["state", "csp_url", "api_key", "id"] + self._payload_params = {k: v for k, v in self.params.items() if v is not None and k not in exclude} + self._payload = Server.from_dict(self._payload_params) + self._existing = None + + @property + def existing(self): + return self._existing + + @existing.setter + def existing(self, value): + self._existing = value + + @property + def payload_params(self): + return self._payload_params + + @property + def payload(self): + return self._payload + + def payload_changed(self): + if self.existing is None: + # if existing is None, then it is a create operation + return True + + return self.is_changed(self.existing.model_dump(by_alias=True, exclude_none=True), self.payload_params) + + def find(self): + if self.params["id"] is not None: + try: + resp = ServerApi(self.client).read(self.params["id"], inherit="full") + return resp.result + except NotFoundException as e: + if self.params["state"] == "absent": + return None + raise e + else: + filter = f"name=='{self.params['name']}'" + resp = ServerApi(self.client).list(filter=filter, inherit="full") + if len(resp.results) == 1: + return resp.results[0] + if len(resp.results) > 1: + self.fail_json(msg=f"Found multiple Server: {resp.results}") + if len(resp.results) == 0: + return None + + def create(self): + if self.check_mode: + return None + + resp = ServerApi(self.client).create(body=self.payload, inherit="full") + return resp.result.model_dump(by_alias=True, exclude_none=True) + + def update(self): + if self.check_mode: + return None + + resp = ServerApi(self.client).update(id=self.existing.id, body=self.payload, inherit="full") + return resp.result.model_dump(by_alias=True, exclude_none=True) + + def delete(self): + if self.check_mode: + return + + ServerApi(self.client).delete(self.existing.id) + + def run_command(self): + result = dict(changed=False, object={}, id=None) + + # based on the state that is passed in, we will execute the appropriate + # functions + try: + self.existing = self.find() + item = {} + if self.params["state"] == "present" and self.existing is None: + item = self.create() + result["changed"] = True + result["msg"] = "Server created" + elif self.params["state"] == "present" and self.existing is not None: + if self.payload_changed(): + item = self.update() + result["changed"] = True + result["msg"] = "Server updated" + elif self.params["state"] == "absent" and self.existing is not None: + self.delete() + result["changed"] = True + result["msg"] = "Server deleted" + + if self.check_mode: + # if in check mode, do not update the result or the diff, just return the changed state + self.exit_json(**result) + + result["diff"] = dict( + before=self.existing.model_dump(by_alias=True, exclude_none=True) if self.existing is not None else {}, + after=item, + ) + result["object"] = item + result["id"] = ( + self.existing.id if self.existing is not None else item["id"] if (item and "id" in item) else None + ) + except ApiException as e: + self.fail_json(msg=f"Failed to execute command: {e.status} {e.reason} {e.body}") + + self.exit_json(**result) + + +def main(): + module_args = dict( + id=dict(type="str", required=False), + state=dict(type="str", required=False, choices=["present", "absent"], default="present"), + add_edns_option_in_outgoing_query=dict(type="bool"), + auto_sort_views=dict(type="bool"), + comment=dict(type="str"), + custom_root_ns=dict( + type="list", + elements="dict", + options=dict( + address=dict(type="str"), + fqdn=dict(type="str"), + ), + ), + custom_root_ns_enabled=dict(type="bool"), + dnssec_enable_validation=dict(type="bool"), + dnssec_enabled=dict(type="bool"), + dnssec_trust_anchors=dict( + type="list", + elements="dict", + options=dict( + algorithm=dict(type="int"), + public_key=dict(type="str"), + sep=dict(type="bool"), + zone=dict(type="str"), + ), + ), + dnssec_validate_expiry=dict(type="bool"), + ecs_enabled=dict(type="bool"), + ecs_forwarding=dict(type="bool"), + ecs_prefix_v4=dict(type="int"), + ecs_prefix_v6=dict(type="int"), + ecs_zones=dict( + type="list", + elements="dict", + options=dict( + access=dict(type="str"), + fqdn=dict(type="str"), + ), + ), + filter_aaaa_acl=dict( + type="list", + elements="dict", + options=dict( + access=dict(type="str"), + acl=dict(type="str"), + address=dict(type="str"), + element=dict(type="str"), + tsig_key=dict( + type="dict", + no_log=True, + options=dict( + algorithm=dict(type="str"), + comment=dict(type="str"), + key=dict(type="str", no_log=True), + name=dict(type="str"), + secret=dict(type="str", no_log=True), + ), + ), + ), + ), + filter_aaaa_on_v4=dict(type="str"), + forwarders=dict( + type="list", + elements="dict", + options=dict( + address=dict(type="str"), + fqdn=dict(type="str"), + ), + ), + forwarders_only=dict(type="bool"), + gss_tsig_enabled=dict(type="bool"), + inheritance_sources=dict( + type="dict", + options=dict( + add_edns_option_in_outgoing_query=dict( + type="dict", + options=dict( + action=dict(type="str"), + ), + ), + custom_root_ns_block=dict( + type="dict", + options=dict( + action=dict(type="str"), + ), + ), + dnssec_validation_block=dict( + type="dict", + options=dict( + action=dict(type="str"), + ), + ), + ecs_block=dict( + type="dict", + options=dict( + action=dict(type="str"), + ), + ), + filter_aaaa_acl=dict( + type="dict", + options=dict( + action=dict(type="str"), + ), + ), + filter_aaaa_on_v4=dict( + type="dict", + options=dict( + action=dict(type="str"), + ), + ), + forwarders_block=dict( + type="dict", + options=dict( + action=dict(type="str"), + ), + ), + gss_tsig_enabled=dict( + type="dict", + options=dict( + action=dict(type="str"), + ), + ), + kerberos_keys=dict( + type="dict", + no_log=True, + options=dict( + action=dict(type="str"), + ), + ), + lame_ttl=dict( + type="dict", + options=dict( + action=dict(type="str"), + ), + ), + log_query_response=dict( + type="dict", + options=dict( + action=dict(type="str"), + ), + ), + match_recursive_only=dict( + type="dict", + options=dict( + action=dict(type="str"), + ), + ), + max_cache_ttl=dict( + type="dict", + options=dict( + action=dict(type="str"), + ), + ), + max_negative_ttl=dict( + type="dict", + options=dict( + action=dict(type="str"), + ), + ), + minimal_responses=dict( + type="dict", + options=dict( + action=dict(type="str"), + ), + ), + notify=dict( + type="dict", + options=dict( + action=dict(type="str"), + ), + ), + query_acl=dict( + type="dict", + options=dict( + action=dict(type="str"), + ), + ), + query_port=dict( + type="dict", + options=dict( + action=dict(type="str"), + ), + ), + recursion_acl=dict( + type="dict", + options=dict( + action=dict(type="str"), + ), + ), + recursion_enabled=dict( + type="dict", + options=dict( + action=dict(type="str"), + ), + ), + recursive_clients=dict( + type="dict", + options=dict( + action=dict(type="str"), + ), + ), + resolver_query_timeout=dict( + type="dict", + options=dict( + action=dict(type="str"), + ), + ), + secondary_axfr_query_limit=dict( + type="dict", + options=dict( + action=dict(type="str"), + ), + ), + secondary_soa_query_limit=dict( + type="dict", + options=dict( + action=dict(type="str"), + ), + ), + sort_list=dict( + type="dict", + options=dict( + action=dict(type="str"), + ), + ), + synthesize_address_records_from_https=dict( + type="dict", + options=dict( + action=dict(type="str"), + ), + ), + transfer_acl=dict( + type="dict", + options=dict( + action=dict(type="str"), + ), + ), + update_acl=dict( + type="dict", + options=dict( + action=dict(type="str"), + ), + ), + use_forwarders_for_subzones=dict( + type="dict", + options=dict( + action=dict(type="str"), + ), + ), + ), + ), + kerberos_keys=dict( + type="list", + no_log=True, + elements="dict", + options=dict( + key=dict(type="str", no_log=True), + ), + ), + lame_ttl=dict(type="int"), + log_query_response=dict(type="bool"), + match_recursive_only=dict(type="bool"), + max_cache_ttl=dict(type="int"), + max_negative_ttl=dict(type="int"), + minimal_responses=dict(type="bool"), + name=dict(type="str"), + notify=dict(type="bool"), + query_acl=dict( + type="list", + elements="dict", + options=dict( + access=dict(type="str"), + acl=dict(type="str"), + address=dict(type="str"), + element=dict(type="str"), + tsig_key=dict( + type="dict", + no_log=True, + options=dict( + algorithm=dict(type="str"), + comment=dict(type="str"), + key=dict(type="str", no_log=True), + name=dict(type="str"), + secret=dict(type="str", no_log=True), + ), + ), + ), + ), + query_port=dict(type="int"), + recursion_acl=dict( + type="list", + elements="dict", + options=dict( + access=dict(type="str"), + acl=dict(type="str"), + address=dict(type="str"), + element=dict(type="str"), + tsig_key=dict( + type="dict", + no_log=True, + options=dict( + algorithm=dict(type="str"), + comment=dict(type="str"), + key=dict(type="str", no_log=True), + name=dict(type="str"), + secret=dict(type="str", no_log=True), + ), + ), + ), + ), + recursion_enabled=dict(type="bool"), + recursive_clients=dict(type="int"), + resolver_query_timeout=dict(type="int"), + secondary_axfr_query_limit=dict(type="int"), + secondary_soa_query_limit=dict(type="int"), + sort_list=dict( + type="list", + elements="dict", + options=dict( + acl=dict(type="str"), + element=dict(type="str"), + prioritized_networks=dict(type="list", elements="str"), + source=dict(type="str"), + ), + ), + synthesize_address_records_from_https=dict(type="bool"), + tags=dict(type="dict"), + transfer_acl=dict( + type="list", + no_log=True, + elements="dict", + options=dict( + access=dict(type="str"), + acl=dict(type="str"), + address=dict(type="str"), + element=dict(type="str"), + tsig_key=dict( + type="dict", + no_log=True, + options=dict( + algorithm=dict(type="str"), + comment=dict(type="str"), + key=dict(type="str", no_log=True), + name=dict(type="str"), + secret=dict(type="str", no_log=True), + ), + ), + ), + ), + update_acl=dict( + type="list", + elements="dict", + options=dict( + access=dict(type="str"), + acl=dict(type="str"), + address=dict(type="str"), + element=dict(type="str"), + tsig_key=dict( + type="dict", + no_log=True, + options=dict( + algorithm=dict(type="str"), + comment=dict(type="str"), + key=dict(type="str", no_log=True), + name=dict(type="str"), + secret=dict(type="str", no_log=True), + ), + ), + ), + ), + use_forwarders_for_subzones=dict(type="bool"), + use_root_forwarders_for_local_resolution_with_b1td=dict(type="bool"), + views=dict( + type="list", + elements="dict", + options=dict( + view=dict(type="str"), + ), + ), + ) + + module = ServerModule( + argument_spec=module_args, + supports_check_mode=True, + required_if=[("state", "present", ["name"])], + ) + + module.run_command() + + +if __name__ == "__main__": + main() diff --git a/plugins/modules/dns_server_info.py b/plugins/modules/dns_server_info.py new file mode 100644 index 00000000..2982f37f --- /dev/null +++ b/plugins/modules/dns_server_info.py @@ -0,0 +1,2451 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright: Infoblox Inc. +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +DOCUMENTATION = r""" +--- +module: dns_server_info +short_description: Manage Server +description: + - Manage Server +version_added: 2.0.0 +author: Infoblox Inc. (@infobloxopen) +options: + id: + description: + - ID of the object + type: str + required: false + filters: + description: + - Filter dict to filter objects + type: dict + required: false + filter_query: + description: + - Filter query to filter objects + type: str + required: false + inherit: + description: + - Return inheritance information + type: str + required: false + choices: + - full + - partial + - none + default: full + tag_filters: + description: + - Filter dict to filter objects by tags + type: dict + required: false + tag_filter_query: + description: + - Filter query to filter objects by tags + type: str + required: false + +extends_documentation_fragment: + - infoblox.bloxone.common +""" # noqa: E501 + +EXAMPLES = r""" + - name: Get DNS Server information by ID + infoblox.bloxone.dns_server_info: + id: "{{ dns_server_id }}" + + - name: Get DNS Server information by filters (e.g., name) + infoblox.bloxone.dns_server_info: + filters: + name: "example_server" + + - name: Get DNS Server information by raw filter query + infoblox.bloxone.dns_server_info: + filter_query: "name=='example_server'" + + - name: Get DNS Server information by tag filters + infoblox.bloxone.dns_server_info: + tag_filters: + location: "site-1" +""" + +RETURN = r""" +id: + description: + - ID of the Server object + type: str + returned: Always +objects: + description: + - Server object + type: list + elements: dict + returned: Always + contains: + add_edns_option_in_outgoing_query: + description: + - "I(add_edns_option_in_outgoing_query) adds client IP, MAC address and view name into outgoing recursive query. Defaults to I(false)." + type: bool + returned: Always + auto_sort_views: + description: + - "Optional. Controls manual/automatic views ordering." + - "Defaults to I(true)." + type: bool + returned: Always + comment: + description: + - "Optional. Comment for configuration." + type: str + returned: Always + created_at: + description: + - "Time when the object has been created." + type: str + returned: Always + custom_root_ns: + description: + - "Optional. List of custom root nameservers. The order does not matter." + - "Error if empty while I(custom_root_ns_enabled) is I(true). Error if there are duplicate items in the list." + - "Defaults to empty." + type: list + returned: Always + elements: dict + contains: + address: + description: + - "IPv4 address." + type: str + returned: Always + fqdn: + description: + - "FQDN." + type: str + returned: Always + protocol_fqdn: + description: + - "FQDN in punycode." + type: str + returned: Always + custom_root_ns_enabled: + description: + - "Optional. I(true) to use custom root nameservers instead of the default ones." + - "The I(custom_root_ns) is validated when enabled." + - "Defaults to I(false)." + type: bool + returned: Always + dnssec_enable_validation: + description: + - "Optional. I(true) to perform DNSSEC validation. Ignored if I(dnssec_enabled) is I(false)." + - "Defaults to I(true)." + type: bool + returned: Always + dnssec_enabled: + description: + - "Optional. Master toggle for all DNSSEC processing. Other I(dnssec)*_ configuration is unused if this is disabled." + - "Defaults to I(true)." + type: bool + returned: Always + dnssec_root_keys: + description: + - "DNSSEC root keys. The root keys are not configurable." + - "A default list is provided by cloud management and included here for config generation." + type: list + returned: Always + elements: dict + contains: + algorithm: + description: "" + type: int + returned: Always + protocol_zone: + description: + - "Zone FQDN in punycode." + type: str + returned: Always + public_key: + description: + - "DNSSEC key data. Non-empty, valid base64 string." + type: str + returned: Always + sep: + description: + - "Optional. Secure Entry Point flag." + - "Defaults to I(true)." + type: bool + returned: Always + zone: + description: + - "Zone FQDN." + type: str + returned: Always + dnssec_trust_anchors: + description: + - "Optional. DNSSEC trust anchors." + - "Error if there are list items with duplicate (I(zone), I(sep), I(algorithm)) combinations." + - "Defaults to empty." + type: list + returned: Always + elements: dict + contains: + algorithm: + description: "" + type: int + returned: Always + protocol_zone: + description: + - "Zone FQDN in punycode." + type: str + returned: Always + public_key: + description: + - "DNSSEC key data. Non-empty, valid base64 string." + type: str + returned: Always + sep: + description: + - "Optional. Secure Entry Point flag." + - "Defaults to I(true)." + type: bool + returned: Always + zone: + description: + - "Zone FQDN." + type: str + returned: Always + dnssec_validate_expiry: + description: + - "Optional. I(true) to reject expired DNSSEC keys. Ignored if either I(dnssec_enabled) or I(dnssec_enable_validation) is I(false)." + - "Defaults to I(true)." + type: bool + returned: Always + ecs_enabled: + description: + - "Optional. I(true) to enable EDNS client subnet for recursive queries. Other I(ecs)*_ fields are ignored if this field is not enabled." + - "Defaults to I(false)." + type: bool + returned: Always + ecs_forwarding: + description: + - "Optional. I(true) to enable ECS options in outbound queries. This functionality has additional overhead so it is disabled by default." + - "Defaults to I(false)." + type: bool + returned: Always + ecs_prefix_v4: + description: + - "Optional. Maximum scope length for v4 ECS." + - "Unsigned integer, min 1 max 24" + - "Defaults to 24." + type: int + returned: Always + ecs_prefix_v6: + description: + - "Optional. Maximum scope length for v6 ECS." + - "Unsigned integer, min 1 max 56" + - "Defaults to 56." + type: int + returned: Always + ecs_zones: + description: + - "Optional. List of zones where ECS queries may be sent." + - "Error if empty while I(ecs_enabled) is I(true). Error if there are duplicate FQDNs in the list." + - "Defaults to empty." + type: list + returned: Always + elements: dict + contains: + access: + description: + - "Access control for zone." + - "Allowed values:" + - "* I(allow)," + - "* I(deny)." + type: str + returned: Always + fqdn: + description: + - "Zone FQDN." + type: str + returned: Always + protocol_fqdn: + description: + - "Zone FQDN in punycode." + type: str + returned: Always + filter_aaaa_acl: + description: + - "Optional. Specifies a list of client addresses for which AAAA filtering is to be applied." + - "Defaults to I(empty)." + type: list + returned: Always + elements: dict + contains: + access: + description: + - "Access permission for I(element)." + - "Allowed values:" + - "* I(allow)," + - "* I(deny)." + type: str + returned: Always + acl: + description: + - "The resource identifier." + type: str + returned: Always + address: + description: + - "Optional. Data for I(ip) I(element)." + - "Must be empty if I(element) is not I(ip)." + type: str + returned: Always + element: + description: + - "Type of element." + - "Allowed values:" + - "* I(any)," + - "* I(ip)," + - "* I(acl)," + - "* I(tsig_key)." + type: str + returned: Always + tsig_key: + description: + - "Optional. TSIG key." + - "Must be empty if I(element) is not I(tsig_key)." + type: dict + returned: Always + contains: + algorithm: + description: + - "TSIG key algorithm." + - "Possible values:" + - "* I(hmac_sha256)," + - "* I(hmac_sha1)," + - "* I(hmac_sha224)," + - "* I(hmac_sha384)," + - "* I(hmac_sha512)." + type: str + returned: Always + comment: + description: + - "Comment for TSIG key." + type: str + returned: Always + key: + description: + - "The resource identifier." + type: str + returned: Always + name: + description: + - "TSIG key name, FQDN." + type: str + returned: Always + protocol_name: + description: + - "TSIG key name in punycode." + type: str + returned: Always + secret: + description: + - "TSIG key secret, base64 string." + type: str + returned: Always + filter_aaaa_on_v4: + description: + - "I(filter_aaaa_on_v4) allows named to omit some IPv6 addresses when responding to IPv4 clients." + - "Allowed values:" + - "* I(yes)," + - "* I(no)," + - "* I(break_dnssec)." + - "Defaults to I(no)" + type: str + returned: Always + forwarders: + description: + - "Optional. List of forwarders." + - "Error if empty while I(forwarders_only) or I(use_root_forwarders_for_local_resolution_with_b1td) is I(true). Error if there are items in the list with duplicate addresses." + - "Defaults to empty." + type: list + returned: Always + elements: dict + contains: + address: + description: + - "Server IP address." + type: str + returned: Always + fqdn: + description: + - "Server FQDN." + type: str + returned: Always + protocol_fqdn: + description: + - "Server FQDN in punycode." + type: str + returned: Always + forwarders_only: + description: + - "Optional. I(true) to only forward." + - "Defaults to I(false)." + type: bool + returned: Always + gss_tsig_enabled: + description: + - "I(gss_tsig_enabled) enables/disables GSS-TSIG signed dynamic updates." + - "Defaults to I(false)." + type: bool + returned: Always + id: + description: + - "The resource identifier." + type: str + returned: Always + inheritance_sources: + description: + - "Optional. Inheritance configuration." + type: dict + returned: Always + contains: + add_edns_option_in_outgoing_query: + description: + - "Field config for I(add_edns_option_in_outgoing_query) field from I(Server) object." + type: dict + returned: Always + contains: + action: + description: + - "The inheritance setting for a field." + - "Valid values are:" + - "* I(inherit): Use the inherited value." + - "* I(override): Use the value set in the object." + - "Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "The human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "The inherited value." + type: bool + returned: Always + custom_root_ns_block: + description: + - "Optional. Field config for I(custom_root_ns_block) field from I(Server) object." + type: dict + returned: Always + contains: + action: + description: + - "Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "Human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "Inherited value." + type: dict + returned: Always + contains: + custom_root_ns: + description: + - "Optional. Field config for I(custom_root_ns) field." + type: list + returned: Always + elements: dict + contains: + address: + description: + - "IPv4 address." + type: str + returned: Always + fqdn: + description: + - "FQDN." + type: str + returned: Always + protocol_fqdn: + description: + - "FQDN in punycode." + type: str + returned: Always + custom_root_ns_enabled: + description: + - "Optional. Field config for I(custom_root_ns_enabled) field." + type: bool + returned: Always + dnssec_validation_block: + description: + - "Optional. Field config for I(dnssec_validation_block) field from I(Server) object." + type: dict + returned: Always + contains: + action: + description: + - "Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "Human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "Inherited value." + type: dict + returned: Always + contains: + dnssec_enable_validation: + description: + - "Optional. Field config for I(dnssec_enable_validation) field." + type: bool + returned: Always + dnssec_enabled: + description: + - "Optional. Field config for I(dnssec_enabled) field." + type: bool + returned: Always + dnssec_trust_anchors: + description: + - "Optional. Field config for I(dnssec_trust_anchors) field." + type: list + returned: Always + elements: dict + contains: + algorithm: + description: "" + type: int + returned: Always + protocol_zone: + description: + - "Zone FQDN in punycode." + type: str + returned: Always + public_key: + description: + - "DNSSEC key data. Non-empty, valid base64 string." + type: str + returned: Always + sep: + description: + - "Optional. Secure Entry Point flag." + - "Defaults to I(true)." + type: bool + returned: Always + zone: + description: + - "Zone FQDN." + type: str + returned: Always + dnssec_validate_expiry: + description: + - "Optional. Field config for I(dnssec_validate_expiry) field." + type: bool + returned: Always + ecs_block: + description: + - "Optional. Field config for I(ecs_block) field from I(Server) object." + type: dict + returned: Always + contains: + action: + description: + - "Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "Human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "Inherited value." + type: dict + returned: Always + contains: + ecs_enabled: + description: + - "Optional. Field config for I(ecs_enabled) field." + type: bool + returned: Always + ecs_forwarding: + description: + - "Optional. Field config for I(ecs_forwarding) field." + type: bool + returned: Always + ecs_prefix_v4: + description: + - "Optional. Field config for I(ecs_prefix_v4) field." + type: int + returned: Always + ecs_prefix_v6: + description: + - "Optional. Field config for I(ecs_prefix_v6) field." + type: int + returned: Always + ecs_zones: + description: + - "Optional. Field config for I(ecs_zones) field." + type: list + returned: Always + elements: dict + contains: + access: + description: + - "Access control for zone." + - "Allowed values:" + - "* I(allow)," + - "* I(deny)." + type: str + returned: Always + fqdn: + description: + - "Zone FQDN." + type: str + returned: Always + protocol_fqdn: + description: + - "Zone FQDN in punycode." + type: str + returned: Always + filter_aaaa_acl: + description: + - "Optional. Field config for I(filter_aaaa_acl) field from I(Server) object." + type: dict + returned: Always + contains: + action: + description: + - "Optional. Inheritance setting for a field. Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "Human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "Inherited value." + type: list + returned: Always + elements: dict + contains: + access: + description: + - "Access permission for I(element)." + - "Allowed values:" + - "* I(allow)," + - "* I(deny)." + type: str + returned: Always + acl: + description: + - "The resource identifier." + type: str + returned: Always + address: + description: + - "Optional. Data for I(ip) I(element)." + - "Must be empty if I(element) is not I(ip)." + type: str + returned: Always + element: + description: + - "Type of element." + - "Allowed values:" + - "* I(any)," + - "* I(ip)," + - "* I(acl)," + - "* I(tsig_key)." + type: str + returned: Always + tsig_key: + description: + - "Optional. TSIG key." + - "Must be empty if I(element) is not I(tsig_key)." + type: dict + returned: Always + contains: + algorithm: + description: + - "TSIG key algorithm." + - "Possible values:" + - "* I(hmac_sha256)," + - "* I(hmac_sha1)," + - "* I(hmac_sha224)," + - "* I(hmac_sha384)," + - "* I(hmac_sha512)." + type: str + returned: Always + comment: + description: + - "Comment for TSIG key." + type: str + returned: Always + key: + description: + - "The resource identifier." + type: str + returned: Always + name: + description: + - "TSIG key name, FQDN." + type: str + returned: Always + protocol_name: + description: + - "TSIG key name in punycode." + type: str + returned: Always + secret: + description: + - "TSIG key secret, base64 string." + type: str + returned: Always + filter_aaaa_on_v4: + description: + - "Optional. Field config for I(filter_aaaa_on_v4) field from I(Server) object." + type: dict + returned: Always + contains: + action: + description: + - "The inheritance setting for a field." + - "Valid values are:" + - "* I(inherit): Use the inherited value." + - "* I(override): Use the value set in the object." + - "Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "The human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "The inherited value." + type: str + returned: Always + forwarders_block: + description: + - "Optional. Field config for I(forwarders_block) field from I(Server) object." + type: dict + returned: Always + contains: + action: + description: + - "Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "Human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "Inherited value." + type: dict + returned: Always + contains: + forwarders: + description: + - "Optional. Field config for I(forwarders) field from." + type: list + returned: Always + elements: dict + contains: + address: + description: + - "Server IP address." + type: str + returned: Always + fqdn: + description: + - "Server FQDN." + type: str + returned: Always + protocol_fqdn: + description: + - "Server FQDN in punycode." + type: str + returned: Always + forwarders_only: + description: + - "Optional. Field config for I(forwarders_only) field." + type: bool + returned: Always + use_root_forwarders_for_local_resolution_with_b1td: + description: + - "Optional. Field config for I(use_root_forwarders_for_local_resolution_with_b1td) field." + type: bool + returned: Always + gss_tsig_enabled: + description: + - "Optional. Field config for I(gss_tsig_enabled) field from I(Server) object." + type: dict + returned: Always + contains: + action: + description: + - "The inheritance setting for a field." + - "Valid values are:" + - "* I(inherit): Use the inherited value." + - "* I(override): Use the value set in the object." + - "Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "The human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "The inherited value." + type: bool + returned: Always + kerberos_keys: + description: + - "Optional. Field config for I(kerberos_keys) field from I(Server) object." + type: dict + returned: Always + contains: + action: + description: + - "Optional. Inheritance setting for a field. Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "Human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "Inherited value." + type: list + returned: Always + elements: dict + contains: + algorithm: + description: + - "Encryption algorithm of the key in accordance with RFC 3961." + type: str + returned: Always + domain: + description: + - "Kerberos realm of the principal." + type: str + returned: Always + key: + description: + - "The resource identifier." + type: str + returned: Always + principal: + description: + - "Kerberos principal associated with key." + type: str + returned: Always + uploaded_at: + description: + - "Upload time for the key." + type: str + returned: Always + version: + description: + - "The version number (KVNO) of the key." + type: int + returned: Always + lame_ttl: + description: + - "Optional. Field config for I(lame_ttl) field from I(Server) object." + type: dict + returned: Always + contains: + action: + description: + - "The inheritance setting for a field." + - "Valid values are:" + - "* I(inherit): Use the inherited value." + - "* I(override): Use the value set in the object." + - "Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "The human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "The inherited value." + type: int + returned: Always + log_query_response: + description: + - "Optional. Field config for I(log_queries_response) field from I(Server) object." + type: dict + returned: Always + contains: + action: + description: + - "The inheritance setting for a field." + - "Valid values are:" + - "* I(inherit): Use the inherited value." + - "* I(override): Use the value set in the object." + - "Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "The human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "The inherited value." + type: bool + returned: Always + match_recursive_only: + description: + - "Optional. Field config for I(match_recursive_only) field from I(Server) object." + type: dict + returned: Always + contains: + action: + description: + - "The inheritance setting for a field." + - "Valid values are:" + - "* I(inherit): Use the inherited value." + - "* I(override): Use the value set in the object." + - "Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "The human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "The inherited value." + type: bool + returned: Always + max_cache_ttl: + description: + - "Optional. Field config for I(max_cache_ttl) field from I(Server) object." + type: dict + returned: Always + contains: + action: + description: + - "The inheritance setting for a field." + - "Valid values are:" + - "* I(inherit): Use the inherited value." + - "* I(override): Use the value set in the object." + - "Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "The human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "The inherited value." + type: int + returned: Always + max_negative_ttl: + description: + - "Optional. Field config for I(max_negative_ttl) field from I(Server) object." + type: dict + returned: Always + contains: + action: + description: + - "The inheritance setting for a field." + - "Valid values are:" + - "* I(inherit): Use the inherited value." + - "* I(override): Use the value set in the object." + - "Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "The human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "The inherited value." + type: int + returned: Always + minimal_responses: + description: + - "Optional. Field config for I(minimal_responses) field from I(Server) object." + type: dict + returned: Always + contains: + action: + description: + - "The inheritance setting for a field." + - "Valid values are:" + - "* I(inherit): Use the inherited value." + - "* I(override): Use the value set in the object." + - "Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "The human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "The inherited value." + type: bool + returned: Always + notify: + description: + - "Field config for I(notify) field from I(Server) object." + type: dict + returned: Always + contains: + action: + description: + - "The inheritance setting for a field." + - "Valid values are:" + - "* I(inherit): Use the inherited value." + - "* I(override): Use the value set in the object." + - "Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "The human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "The inherited value." + type: bool + returned: Always + query_acl: + description: + - "Optional. Field config for I(query_acl) field from I(Server) object." + type: dict + returned: Always + contains: + action: + description: + - "Optional. Inheritance setting for a field. Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "Human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "Inherited value." + type: list + returned: Always + elements: dict + contains: + access: + description: + - "Access permission for I(element)." + - "Allowed values:" + - "* I(allow)," + - "* I(deny)." + type: str + returned: Always + acl: + description: + - "The resource identifier." + type: str + returned: Always + address: + description: + - "Optional. Data for I(ip) I(element)." + - "Must be empty if I(element) is not I(ip)." + type: str + returned: Always + element: + description: + - "Type of element." + - "Allowed values:" + - "* I(any)," + - "* I(ip)," + - "* I(acl)," + - "* I(tsig_key)." + type: str + returned: Always + tsig_key: + description: + - "Optional. TSIG key." + - "Must be empty if I(element) is not I(tsig_key)." + type: dict + returned: Always + contains: + algorithm: + description: + - "TSIG key algorithm." + - "Possible values:" + - "* I(hmac_sha256)," + - "* I(hmac_sha1)," + - "* I(hmac_sha224)," + - "* I(hmac_sha384)," + - "* I(hmac_sha512)." + type: str + returned: Always + comment: + description: + - "Comment for TSIG key." + type: str + returned: Always + key: + description: + - "The resource identifier." + type: str + returned: Always + name: + description: + - "TSIG key name, FQDN." + type: str + returned: Always + protocol_name: + description: + - "TSIG key name in punycode." + type: str + returned: Always + secret: + description: + - "TSIG key secret, base64 string." + type: str + returned: Always + query_port: + description: + - "Optional. Field config for I(query_port) field from I(Server) object." + type: dict + returned: Always + contains: + action: + description: + - "The inheritance setting for a field." + - "Valid values are:" + - "* I(inherit): Use the inherited value." + - "* I(override): Use the value set in the object." + - "Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "The human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "The inherited value." + type: int + returned: Always + recursion_acl: + description: + - "Optional. Field config for I(recursion_acl) field from I(Server) object." + type: dict + returned: Always + contains: + action: + description: + - "Optional. Inheritance setting for a field. Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "Human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "Inherited value." + type: list + returned: Always + elements: dict + contains: + access: + description: + - "Access permission for I(element)." + - "Allowed values:" + - "* I(allow)," + - "* I(deny)." + type: str + returned: Always + acl: + description: + - "The resource identifier." + type: str + returned: Always + address: + description: + - "Optional. Data for I(ip) I(element)." + - "Must be empty if I(element) is not I(ip)." + type: str + returned: Always + element: + description: + - "Type of element." + - "Allowed values:" + - "* I(any)," + - "* I(ip)," + - "* I(acl)," + - "* I(tsig_key)." + type: str + returned: Always + tsig_key: + description: + - "Optional. TSIG key." + - "Must be empty if I(element) is not I(tsig_key)." + type: dict + returned: Always + contains: + algorithm: + description: + - "TSIG key algorithm." + - "Possible values:" + - "* I(hmac_sha256)," + - "* I(hmac_sha1)," + - "* I(hmac_sha224)," + - "* I(hmac_sha384)," + - "* I(hmac_sha512)." + type: str + returned: Always + comment: + description: + - "Comment for TSIG key." + type: str + returned: Always + key: + description: + - "The resource identifier." + type: str + returned: Always + name: + description: + - "TSIG key name, FQDN." + type: str + returned: Always + protocol_name: + description: + - "TSIG key name in punycode." + type: str + returned: Always + secret: + description: + - "TSIG key secret, base64 string." + type: str + returned: Always + recursion_enabled: + description: + - "Optional. Field config for I(recursion_enabled) field from I(Server) object." + type: dict + returned: Always + contains: + action: + description: + - "The inheritance setting for a field." + - "Valid values are:" + - "* I(inherit): Use the inherited value." + - "* I(override): Use the value set in the object." + - "Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "The human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "The inherited value." + type: bool + returned: Always + recursive_clients: + description: + - "Optional. Field config for I(recursive_clients) field from I(Server) object." + type: dict + returned: Always + contains: + action: + description: + - "The inheritance setting for a field." + - "Valid values are:" + - "* I(inherit): Use the inherited value." + - "* I(override): Use the value set in the object." + - "Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "The human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "The inherited value." + type: int + returned: Always + resolver_query_timeout: + description: + - "Optional. Field config for I(resolver_query_timeout) field from I(Server) object." + type: dict + returned: Always + contains: + action: + description: + - "The inheritance setting for a field." + - "Valid values are:" + - "* I(inherit): Use the inherited value." + - "* I(override): Use the value set in the object." + - "Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "The human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "The inherited value." + type: int + returned: Always + secondary_axfr_query_limit: + description: + - "Optional. Field config for I(secondary_axfr_query_limit) field from I(Server) object." + type: dict + returned: Always + contains: + action: + description: + - "The inheritance setting for a field." + - "Valid values are:" + - "* I(inherit): Use the inherited value." + - "* I(override): Use the value set in the object." + - "Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "The human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "The inherited value." + type: int + returned: Always + secondary_soa_query_limit: + description: + - "Optional. Field config for I(secondary_soa_query_limit) field from I(Server) object." + type: dict + returned: Always + contains: + action: + description: + - "The inheritance setting for a field." + - "Valid values are:" + - "* I(inherit): Use the inherited value." + - "* I(override): Use the value set in the object." + - "Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "The human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "The inherited value." + type: int + returned: Always + sort_list: + description: + - "Optional. Field config for I(sort_list) field from _Server object." + type: dict + returned: Always + contains: + action: + description: + - "Optional. Inheritance setting for a field. Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "Human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "Inherited value." + type: list + returned: Always + elements: dict + contains: + acl: + description: + - "The resource identifier." + type: str + returned: Always + element: + description: + - "Type of element." + - "Allowed values:" + - "* I(any)," + - "* I(ip)," + - "* I(acl)," + type: str + returned: Always + prioritized_networks: + description: + - "Optional. The prioritized networks. If empty, the value of I(source) or networks from I(acl) is used." + type: list + returned: Always + source: + description: + - "Must be empty if I(element) is not I(ip)." + type: str + returned: Always + synthesize_address_records_from_https: + description: + - "Field config for I(synthesize_address_records_from_https) field from I(Server) object." + type: dict + returned: Always + contains: + action: + description: + - "The inheritance setting for a field." + - "Valid values are:" + - "* I(inherit): Use the inherited value." + - "* I(override): Use the value set in the object." + - "Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "The human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "The inherited value." + type: bool + returned: Always + transfer_acl: + description: + - "Optional. Field config for I(transfer_acl) field from I(Server) object." + type: dict + returned: Always + contains: + action: + description: + - "Optional. Inheritance setting for a field. Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "Human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "Inherited value." + type: list + returned: Always + elements: dict + contains: + access: + description: + - "Access permission for I(element)." + - "Allowed values:" + - "* I(allow)," + - "* I(deny)." + type: str + returned: Always + acl: + description: + - "The resource identifier." + type: str + returned: Always + address: + description: + - "Optional. Data for I(ip) I(element)." + - "Must be empty if I(element) is not I(ip)." + type: str + returned: Always + element: + description: + - "Type of element." + - "Allowed values:" + - "* I(any)," + - "* I(ip)," + - "* I(acl)," + - "* I(tsig_key)." + type: str + returned: Always + tsig_key: + description: + - "Optional. TSIG key." + - "Must be empty if I(element) is not I(tsig_key)." + type: dict + returned: Always + contains: + algorithm: + description: + - "TSIG key algorithm." + - "Possible values:" + - "* I(hmac_sha256)," + - "* I(hmac_sha1)," + - "* I(hmac_sha224)," + - "* I(hmac_sha384)," + - "* I(hmac_sha512)." + type: str + returned: Always + comment: + description: + - "Comment for TSIG key." + type: str + returned: Always + key: + description: + - "The resource identifier." + type: str + returned: Always + name: + description: + - "TSIG key name, FQDN." + type: str + returned: Always + protocol_name: + description: + - "TSIG key name in punycode." + type: str + returned: Always + secret: + description: + - "TSIG key secret, base64 string." + type: str + returned: Always + update_acl: + description: + - "Optional. Field config for I(update_acl) field from I(Server) object." + type: dict + returned: Always + contains: + action: + description: + - "Optional. Inheritance setting for a field. Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "Human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "Inherited value." + type: list + returned: Always + elements: dict + contains: + access: + description: + - "Access permission for I(element)." + - "Allowed values:" + - "* I(allow)," + - "* I(deny)." + type: str + returned: Always + acl: + description: + - "The resource identifier." + type: str + returned: Always + address: + description: + - "Optional. Data for I(ip) I(element)." + - "Must be empty if I(element) is not I(ip)." + type: str + returned: Always + element: + description: + - "Type of element." + - "Allowed values:" + - "* I(any)," + - "* I(ip)," + - "* I(acl)," + - "* I(tsig_key)." + type: str + returned: Always + tsig_key: + description: + - "Optional. TSIG key." + - "Must be empty if I(element) is not I(tsig_key)." + type: dict + returned: Always + contains: + algorithm: + description: + - "TSIG key algorithm." + - "Possible values:" + - "* I(hmac_sha256)," + - "* I(hmac_sha1)," + - "* I(hmac_sha224)," + - "* I(hmac_sha384)," + - "* I(hmac_sha512)." + type: str + returned: Always + comment: + description: + - "Comment for TSIG key." + type: str + returned: Always + key: + description: + - "The resource identifier." + type: str + returned: Always + name: + description: + - "TSIG key name, FQDN." + type: str + returned: Always + protocol_name: + description: + - "TSIG key name in punycode." + type: str + returned: Always + secret: + description: + - "TSIG key secret, base64 string." + type: str + returned: Always + use_forwarders_for_subzones: + description: + - "Optional. Field config for I(use_forwarders_for_subzones) field from I(Server) object." + type: dict + returned: Always + contains: + action: + description: + - "The inheritance setting for a field." + - "Valid values are:" + - "* I(inherit): Use the inherited value." + - "* I(override): Use the value set in the object." + - "Defaults to I(inherit)." + type: str + returned: Always + display_name: + description: + - "The human-readable display name for the object referred to by I(source)." + type: str + returned: Always + source: + description: + - "The resource identifier." + type: str + returned: Always + value: + description: + - "The inherited value." + type: bool + returned: Always + kerberos_keys: + description: + - "I(kerberos_keys) contains a list of keys for GSS-TSIG signed dynamic updates." + - "Defaults to empty." + type: list + returned: Always + elements: dict + contains: + algorithm: + description: + - "Encryption algorithm of the key in accordance with RFC 3961." + type: str + returned: Always + domain: + description: + - "Kerberos realm of the principal." + type: str + returned: Always + key: + description: + - "The resource identifier." + type: str + returned: Always + principal: + description: + - "Kerberos principal associated with key." + type: str + returned: Always + uploaded_at: + description: + - "Upload time for the key." + type: str + returned: Always + version: + description: + - "The version number (KVNO) of the key." + type: int + returned: Always + lame_ttl: + description: + - "Optional. Unused in the current on-prem DNS server implementation." + - "Unsigned integer, min 0 max 3600 (1h)." + - "Defaults to 600." + type: int + returned: Always + log_query_response: + description: + - "Optional. Control DNS query/response logging functionality." + - "Defaults to I(true)." + type: bool + returned: Always + match_recursive_only: + description: + - "Optional. If I(true) only recursive queries from matching clients access the view." + - "Defaults to I(false)." + type: bool + returned: Always + max_cache_ttl: + description: + - "Optional. Seconds to cache positive responses." + - "Unsigned integer, min 1 max 604800 (7d)." + - "Defaults to 604800 (7d)." + type: int + returned: Always + max_negative_ttl: + description: + - "Optional. Seconds to cache negative responses." + - "Unsigned integer, min 1 max 604800 (7d)." + - "Defaults to 10800 (3h)." + type: int + returned: Always + minimal_responses: + description: + - "Optional. When enabled, the DNS server will only add records to the authority and additional data sections when they are required." + - "Defaults to I(false)." + type: bool + returned: Always + name: + description: + - "Name of configuration." + type: str + returned: Always + notify: + description: + - "I(notify) all external secondary DNS servers." + - "Defaults to I(false)." + type: bool + returned: Always + query_acl: + description: + - "Optional. Clients must match this ACL to make authoritative queries. Also used for recursive queries if that ACL is unset." + - "Defaults to empty." + type: list + returned: Always + elements: dict + contains: + access: + description: + - "Access permission for I(element)." + - "Allowed values:" + - "* I(allow)," + - "* I(deny)." + type: str + returned: Always + acl: + description: + - "The resource identifier." + type: str + returned: Always + address: + description: + - "Optional. Data for I(ip) I(element)." + - "Must be empty if I(element) is not I(ip)." + type: str + returned: Always + element: + description: + - "Type of element." + - "Allowed values:" + - "* I(any)," + - "* I(ip)," + - "* I(acl)," + - "* I(tsig_key)." + type: str + returned: Always + tsig_key: + description: + - "Optional. TSIG key." + - "Must be empty if I(element) is not I(tsig_key)." + type: dict + returned: Always + contains: + algorithm: + description: + - "TSIG key algorithm." + - "Possible values:" + - "* I(hmac_sha256)," + - "* I(hmac_sha1)," + - "* I(hmac_sha224)," + - "* I(hmac_sha384)," + - "* I(hmac_sha512)." + type: str + returned: Always + comment: + description: + - "Comment for TSIG key." + type: str + returned: Always + key: + description: + - "The resource identifier." + type: str + returned: Always + name: + description: + - "TSIG key name, FQDN." + type: str + returned: Always + protocol_name: + description: + - "TSIG key name in punycode." + type: str + returned: Always + secret: + description: + - "TSIG key secret, base64 string." + type: str + returned: Always + query_port: + description: + - "Optional. Source port for outbound DNS queries. When set to 0 the port is unspecified and the implementation may randomize it using any available ports." + - "Defaults to 0." + type: int + returned: Always + recursion_acl: + description: + - "Optional. Clients must match this ACL to make recursive queries. If this ACL is empty, then the I(query_acl) field will be used instead." + - "Defaults to empty." + type: list + returned: Always + elements: dict + contains: + access: + description: + - "Access permission for I(element)." + - "Allowed values:" + - "* I(allow)," + - "* I(deny)." + type: str + returned: Always + acl: + description: + - "The resource identifier." + type: str + returned: Always + address: + description: + - "Optional. Data for I(ip) I(element)." + - "Must be empty if I(element) is not I(ip)." + type: str + returned: Always + element: + description: + - "Type of element." + - "Allowed values:" + - "* I(any)," + - "* I(ip)," + - "* I(acl)," + - "* I(tsig_key)." + type: str + returned: Always + tsig_key: + description: + - "Optional. TSIG key." + - "Must be empty if I(element) is not I(tsig_key)." + type: dict + returned: Always + contains: + algorithm: + description: + - "TSIG key algorithm." + - "Possible values:" + - "* I(hmac_sha256)," + - "* I(hmac_sha1)," + - "* I(hmac_sha224)," + - "* I(hmac_sha384)," + - "* I(hmac_sha512)." + type: str + returned: Always + comment: + description: + - "Comment for TSIG key." + type: str + returned: Always + key: + description: + - "The resource identifier." + type: str + returned: Always + name: + description: + - "TSIG key name, FQDN." + type: str + returned: Always + protocol_name: + description: + - "TSIG key name in punycode." + type: str + returned: Always + secret: + description: + - "TSIG key secret, base64 string." + type: str + returned: Always + recursion_enabled: + description: + - "Optional. I(true) to allow recursive DNS queries." + - "Defaults to I(true)." + type: bool + returned: Always + recursive_clients: + description: + - "Optional. Defines the number of simultaneous recursive lookups the server will perform on behalf of its clients." + - "Defaults to 1000." + type: int + returned: Always + resolver_query_timeout: + description: + - "Optional. Seconds before a recursive query times out." + - "Unsigned integer, min 10 max 30." + - "Defaults to 10." + type: int + returned: Always + secondary_axfr_query_limit: + description: + - "Optional. Maximum concurrent inbound AXFRs. When set to 0 a host-dependent default will be used." + - "Defaults to 0." + type: int + returned: Always + secondary_soa_query_limit: + description: + - "Optional. Maximum concurrent outbound SOA queries. When set to 0 a host-dependent default will be used." + - "Defaults to 0." + type: int + returned: Always + sort_list: + description: + - "Optional. Specifies a sorted network list for A/AAAA records in DNS query response." + - "Defaults to I(empty)." + type: list + returned: Always + elements: dict + contains: + acl: + description: + - "The resource identifier." + type: str + returned: Always + element: + description: + - "Type of element." + - "Allowed values:" + - "* I(any)," + - "* I(ip)," + - "* I(acl)," + type: str + returned: Always + prioritized_networks: + description: + - "Optional. The prioritized networks. If empty, the value of I(source) or networks from I(acl) is used." + type: list + returned: Always + source: + description: + - "Must be empty if I(element) is not I(ip)." + type: str + returned: Always + synthesize_address_records_from_https: + description: + - "I(synthesize_address_records_from_https) enables/disables creation of A/AAAA records from HTTPS RR Defaults to I(false)." + type: bool + returned: Always + tags: + description: + - "Tagging specifics." + type: dict + returned: Always + transfer_acl: + description: + - "Optional. Clients must match this ACL to receive zone transfers." + - "Defaults to empty." + type: list + returned: Always + elements: dict + contains: + access: + description: + - "Access permission for I(element)." + - "Allowed values:" + - "* I(allow)," + - "* I(deny)." + type: str + returned: Always + acl: + description: + - "The resource identifier." + type: str + returned: Always + address: + description: + - "Optional. Data for I(ip) I(element)." + - "Must be empty if I(element) is not I(ip)." + type: str + returned: Always + element: + description: + - "Type of element." + - "Allowed values:" + - "* I(any)," + - "* I(ip)," + - "* I(acl)," + - "* I(tsig_key)." + type: str + returned: Always + tsig_key: + description: + - "Optional. TSIG key." + - "Must be empty if I(element) is not I(tsig_key)." + type: dict + returned: Always + contains: + algorithm: + description: + - "TSIG key algorithm." + - "Possible values:" + - "* I(hmac_sha256)," + - "* I(hmac_sha1)," + - "* I(hmac_sha224)," + - "* I(hmac_sha384)," + - "* I(hmac_sha512)." + type: str + returned: Always + comment: + description: + - "Comment for TSIG key." + type: str + returned: Always + key: + description: + - "The resource identifier." + type: str + returned: Always + name: + description: + - "TSIG key name, FQDN." + type: str + returned: Always + protocol_name: + description: + - "TSIG key name in punycode." + type: str + returned: Always + secret: + description: + - "TSIG key secret, base64 string." + type: str + returned: Always + update_acl: + description: + - "Optional. Specifies which hosts are allowed to issue Dynamic DNS updates for authoritative zones of I(primary_type) I(cloud)." + - "Defaults to empty." + type: list + returned: Always + elements: dict + contains: + access: + description: + - "Access permission for I(element)." + - "Allowed values:" + - "* I(allow)," + - "* I(deny)." + type: str + returned: Always + acl: + description: + - "The resource identifier." + type: str + returned: Always + address: + description: + - "Optional. Data for I(ip) I(element)." + - "Must be empty if I(element) is not I(ip)." + type: str + returned: Always + element: + description: + - "Type of element." + - "Allowed values:" + - "* I(any)," + - "* I(ip)," + - "* I(acl)," + - "* I(tsig_key)." + type: str + returned: Always + tsig_key: + description: + - "Optional. TSIG key." + - "Must be empty if I(element) is not I(tsig_key)." + type: dict + returned: Always + contains: + algorithm: + description: + - "TSIG key algorithm." + - "Possible values:" + - "* I(hmac_sha256)," + - "* I(hmac_sha1)," + - "* I(hmac_sha224)," + - "* I(hmac_sha384)," + - "* I(hmac_sha512)." + type: str + returned: Always + comment: + description: + - "Comment for TSIG key." + type: str + returned: Always + key: + description: + - "The resource identifier." + type: str + returned: Always + name: + description: + - "TSIG key name, FQDN." + type: str + returned: Always + protocol_name: + description: + - "TSIG key name in punycode." + type: str + returned: Always + secret: + description: + - "TSIG key secret, base64 string." + type: str + returned: Always + updated_at: + description: + - "Time when the object has been updated. Equals to I(created_at) if not updated after creation." + type: str + returned: Always + use_forwarders_for_subzones: + description: + - "Optional. Use default forwarders to resolve queries for subzones." + - "Defaults to I(true)." + type: bool + returned: Always + use_root_forwarders_for_local_resolution_with_b1td: + description: + - "I(use_root_forwarders_for_local_resolution_with_b1td) allows DNS recursive queries sent to root forwarders for local resolution when deployed alongside BloxOne Thread Defense. Defaults to I(false)." + type: bool + returned: Always + views: + description: + - "Optional. Ordered list of I(dns/display_view) objects served by any of I(dns/host) assigned to a particular DNS Config Profile. Automatically determined. Allows re-ordering only." + type: list + returned: Always + elements: dict + contains: + comment: + description: + - "DNS view description." + type: str + returned: Always + name: + description: + - "DNS view name." + type: str + returned: Always + view: + description: + - "The resource identifier." + type: str + returned: Always +""" # noqa: E501 + +from ansible_collections.infoblox.bloxone.plugins.module_utils.modules import BloxoneAnsibleModule + +try: + from bloxone_client import ApiException, NotFoundException + from dns_config import ServerApi +except ImportError: + pass # Handled by BloxoneAnsibleModule + + +class ServerInfoModule(BloxoneAnsibleModule): + def __init__(self, *args, **kwargs): + super(ServerInfoModule, self).__init__(*args, **kwargs) + self._existing = None + self._limit = 1000 + + def find_by_id(self): + try: + resp = ServerApi(self.client).read(self.params["id"], inherit="full") + return [resp.result] + except NotFoundException as e: + return None + + def find(self): + if self.params["id"] is not None: + return self.find_by_id() + + filter_str = None + if self.params["filters"] is not None: + filter_str = " and ".join([f"{k}=='{v}'" for k, v in self.params["filters"].items()]) + elif self.params["filter_query"] is not None: + filter_str = self.params["filter_query"] + + tag_filter_str = None + if self.params["tag_filters"] is not None: + tag_filter_str = " and ".join([f"{k}=='{v}'" for k, v in self.params["tag_filters"].items()]) + elif self.params["tag_filter_query"] is not None: + tag_filter_str = self.params["tag_filter_query"] + + all_results = [] + offset = 0 + + while True: + try: + resp = ServerApi(self.client).list( + offset=offset, limit=self._limit, filter=filter_str, tfilter=tag_filter_str, inherit="full" + ) + all_results.extend(resp.results) + + if len(resp.results) < self._limit: + break + offset += self._limit + + except ApiException as e: + self.fail_json(msg=f"Failed to execute command: {e.status} {e.reason} {e.body}") + + return all_results + + def run_command(self): + result = dict(objects=[]) + + if self.check_mode: + self.exit_json(**result) + + find_results = self.find() + + all_results = [] + for r in find_results: + all_results.append(r.model_dump(by_alias=True, exclude_none=True)) + + result["objects"] = all_results + self.exit_json(**result) + + +def main(): + # define available arguments/parameters a user can pass to the module + module_args = dict( + id=dict(type="str", required=False), + filters=dict(type="dict", required=False), + filter_query=dict(type="str", required=False), + inherit=dict(type="str", required=False, choices=["full", "partial", "none"], default="full"), + tag_filters=dict(type="dict", required=False), + tag_filter_query=dict(type="str", required=False), + ) + + module = ServerInfoModule( + argument_spec=module_args, + supports_check_mode=True, + mutually_exclusive=[ + ["id", "filters", "filter_query"], + ["id", "tag_filters", "tag_filter_query"], + ], + ) + module.run_command() + + +if __name__ == "__main__": + main() From bd0d8b8b216e6fc04f68dba39411f40474e0873a Mon Sep 17 00:00:00 2001 From: Anil Gadiyar Date: Wed, 4 Dec 2024 14:39:30 +0530 Subject: [PATCH 2/6] initial commit --- .../targets/dns_server/tasks/main.yml | 868 ++++++++++++++++++ .../targets/dns_server_info/tasks/main.yml | 66 ++ 2 files changed, 934 insertions(+) create mode 100644 tests/integration/targets/dns_server/tasks/main.yml create mode 100644 tests/integration/targets/dns_server_info/tasks/main.yml diff --git a/tests/integration/targets/dns_server/tasks/main.yml b/tests/integration/targets/dns_server/tasks/main.yml new file mode 100644 index 00000000..23993f62 --- /dev/null +++ b/tests/integration/targets/dns_server/tasks/main.yml @@ -0,0 +1,868 @@ +--- + +#TODO: add tests +# The following require additional plugins to be supported. +# - tsig keys +# - acl + + +- module_defaults: + group/infoblox.bloxone.all: + csp_url: "{{ csp_url }}" + api_key: "{{ api_key }}" + block: + # Create a random Auth Zone name to avoid conflicts + - ansible.builtin.set_fact: + dns_server_name: "test-dns-server-{{ 999999 | random | string }}" + + - name: Create a DNS Server (check mode) + infoblox.bloxone.dns_server: + name: "{{ dns_server_name }}" + state: present + check_mode: true + register: dns_server + - name: Get Information about the DNS Server + infoblox.bloxone.dns_server_info: + filters: + name: "{{ dns_server_name }}" + register: dns_server_info + - assert: + that: + - dns_server is changed + - dns_server_info is not failed + - dns_server_info.objects | length == 0 + + - name: Create a DNS Server + infoblox.bloxone.dns_server: + name: "{{ dns_server_name }}" + state: present + register: dns_server + - name: Get Information about the DNS Server + infoblox.bloxone.dns_server_info: + filters: + name: "{{ dns_server_name }}" + register: dns_server_info + - assert: + that: + - dns_server is changed + - dns_server_info is not failed + - dns_server_info.objects | length == 1 + + - name: Create a DNS Server (idempotent) + infoblox.bloxone.dns_server: + name: "{{ dns_server_name }}" + state: present + register: dns_server + - assert: + that: + - dns_server is not changed + - dns_server is not failed + + - name: Delete the DNS Server (check mode) + infoblox.bloxone.dns_server: + name: "{{ dns_server_name }}" + state: absent + check_mode: true + register: dns_server + - name: Get Information about the DNS Server + infoblox.bloxone.dns_server_info: + filters: + name: "{{ dns_server_name }}" + register: dns_server_info + - assert: + that: + - dns_server is changed + - dns_server_info is not failed + - dns_server_info.objects | length == 1 + + - name: Delete the DNS Server + infoblox.bloxone.dns_server: + name: "{{ dns_server_name }}" + state: absent + register: dns_server + - name: Get Information about the DNS Server + infoblox.bloxone.dns_server_info: + filters: + name: "{{ dns_server_name }}" + register: dns_server_info + - assert: + that: + - dns_server is changed + - dns_server_info is not failed + - dns_server_info.objects | length == 0 + + - name: Create a DNS Server with EDNS option enabled + infoblox.bloxone.dns_server: + name: "{{ dns_server_name }}" + add_edns_option_in_outgoing_query: true + state: present + register: dns_server + - name: Get Information about the DNS Server + infoblox.bloxone.dns_server_info: + filters: + name: "{{ dns_server_name }}" + register: dns_server_info + - assert: + that: + - dns_server_info is not failed + - dns_server_info.objects | length == 1 + - dns_server_info.objects[0].id == dns_server.id + - dns_server_info.objects[0].add_edns_option_in_outgoing_query == true + + - name: Create a DNS Server with auto_sort_views enabled + infoblox.bloxone.dns_server: + name: "{{ dns_server_name }}" + auto_sort_views: true + state: present + register: dns_server + - name: Get Information about the DNS Server + infoblox.bloxone.dns_server_info: + filters: + name: "{{ dns_server_name }}" + register: dns_server_info + - assert: + that: + - dns_server_info is not failed + - dns_server_info.objects | length == 1 + - dns_server_info.objects[0].auto_sort_views == true + + - name: Create a DNS Server with a comment + infoblox.bloxone.dns_server: + name: "{{ dns_server_name }}" + comment: "test comment" + state: present + register: dns_server + - name: Get Information about the DNS Server + infoblox.bloxone.dns_server_info: + filters: + name: "{{ dns_server_name }}" + register: dns_server_info + - assert: + that: + - dns_server_info is not failed + - dns_server_info.objects | length == 1 + - dns_server_info.objects[0].comment == "test comment" + + - name: Create a DNS Server with Custom Root Nameservers + infoblox.bloxone.dns_server: + name: "{{ dns_server_name }}" + custom_root_ns: + - address: "192.168.10.10" + fqdn: "tf-example.com." + state: present + register: dns_server + - name: Get Information about the DNS Server + infoblox.bloxone.dns_server_info: + filters: + name: "{{ dns_server_name }}" + register: dns_server_info + - assert: + that: + - dns_server_info is not failed + - dns_server_info.objects | length == 1 + - dns_server_info.objects[0].custom_root_ns[0].address == "192.168.10.10" + - dns_server_info.objects[0].custom_root_ns[0].fqdn == "tf-example.com." + + - name: Create a DNS Server with Custom Root Nameservers Enabled + infoblox.bloxone.dns_server: + name: "{{ dns_server_name }}" + custom_root_ns_enabled: true + custom_root_ns: + - address: "192.168.10.10" + fqdn: "tf-example.com." + state: present + register: dns_server + - name: Get Information about the DNS Server + infoblox.bloxone.dns_server_info: + filters: + name: "{{ dns_server_name }}" + register: dns_server_info + - assert: + that: + - dns_server_info is not failed + - dns_server_info.objects | length == 1 + - dns_server_info.objects[0].custom_root_ns_enabled == true + + - name: Create a DNS Server with DNSSEC Enable Validation (true) + infoblox.bloxone.dns_server: + name: "{{ dns_server_name }}" + dnssec_enable_validation: true + state: present + register: dns_server + - name: Get Information about the DNS Server + infoblox.bloxone.dns_server_info: + filters: + name: "{{ dns_server_name }}" + register: dns_server_info + - assert: + that: + - dns_server_info is not failed + - dns_server_info.objects | length == 1 + - dns_server_info.objects[0].dnssec_enable_validation == true + + - name: Create a DNS Server with DNSSEC Enabled (true) + infoblox.bloxone.dns_server: + name: "{{ dns_server_name }}" + dnssec_enabled: true + state: present + register: dns_server + - name: Get Information about the DNS Server + infoblox.bloxone.dns_server_info: + filters: + name: "{{ dns_server_name }}" + register: dns_server_info + - assert: + that: + - dns_server_info.objects | length == 1 + - dns_server_info.objects[0].dnssec_enabled == true + + - name: Create DNS Server with DNSSEC Trust Anchors + infoblox.bloxone.dns_server: + name: "{{ dns_server_name }}" + dnssec_trust_anchors: + - algorithm: "8" + public_key: "AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU=" + zone: "tf-infoblox.com." + sep: true + state: present + register: dns_server + - name: Get Information about the DNS Server + infoblox.bloxone.dns_server_info: + filters: + name: "{{ dns_server_name }}" + register: dns_server_info + - name: Assert DNS Server Attributes + assert: + that: + - dns_server_info.objects | length == 1 + - dns_server_info.objects[0].dnssec_trust_anchors[0].algorithm == 8 + - dns_server_info.objects[0].dnssec_trust_anchors[0].zone == "tf-infoblox.com." + - dns_server_info.objects[0].dnssec_trust_anchors[0].sep == true # Ensure 'sep' is false + + - name: Create a DNS Server with DNSSEC Validate Expiry enabled + infoblox.bloxone.dns_server: + name: "{{ dns_server_name }}" + dnssec_validate_expiry: true + state: present + register: dns_server + - name: Get Information about the DNS Server + infoblox.bloxone.dns_server_info: + filters: + name: "{{ dns_server_name }}" + register: dns_server_info + - assert: + that: + - dns_server_info is not failed + - dns_server_info.objects | length == 1 + - dns_server_info.objects[0].dnssec_validate_expiry == true + + - name: Create a DNS Server with ECS enabled + infoblox.bloxone.dns_server: + name: "{{ dns_server_name }}" + ecs_enabled: true + ecs_zones: + - access: "allow" + fqdn: "tf-infoblox.com." + state: present + register: dns_server + - name: Get Information about the DNS Server + infoblox.bloxone.dns_server_info: + filters: + name: "{{ dns_server_name }}" + register: dns_server_info + - assert: + that: + - dns_server_info is not failed + - dns_server_info.objects | length == 1 + - dns_server_info.objects[0].ecs_enabled == true + + - name: Create DNS Server with ECS Forwarding configuration + infoblox.bloxone.dns_server: + name: "{{ dns_server_name }}" + ecs_forwarding: true + register: dns_server + - name: Get Information about the DNS Server + infoblox.bloxone.dns_server_info: + filters: + name: "{{ dns_server_name }}" + register: dns_server_info + - name: Assert that DNS Server ECS Forwarding setting is correct + assert: + that: + - dns_server_info is not failed + - dns_server_info.objects | length == 1 + - dns_server_info.objects[0].ecs_forwarding == true + + - name: Create a DNS server with ECS Prefix V4 + infoblox.bloxone.dns_server: + name: "{{ dns_server_name }}" + ecs_prefix_v4: 20 + state: present + register: dns_server + - name: Get DNS server details + infoblox.bloxone.dns_server_info: + filters: + name: "{{ dns_server_name }}" + register: dns_server_info + - name: Assert the DNS server exists and has the correct ecs_prefix_v4 + assert: + that: + - dns_server_info is not failed + - dns_server_info.objects | length == 1 + - dns_server_info.objects[0].ecs_prefix_v4 == 20 + + - name: Create a DNS server with ECS Prefix V6 + infoblox.bloxone.dns_server: + name: "{{ dns_server_name }}" + ecs_prefix_v6: 50 + state: present + register: dns_server + - name: Get DNS server details + infoblox.bloxone.dns_server_info: + filters: + name: "{{ dns_server_name }}" + register: dns_server_info + - name: Assert the DNS server exists and has the correct ecs_prefix_v6 + assert: + that: + - dns_server_info is not failed + - dns_server_info.objects | length == 1 + - dns_server_info.objects[0].ecs_prefix_v6 == 50 + + - name: Create a DNS server with ECS Zones + infoblox.bloxone.dns_server: + name: "{{ dns_server_name }}" + ecs_zones: + - access: "allow" + fqdn: "tf-infoblox.com." + state: present + register: dns_server + # Step 2: Get DNS server details + - name: Get DNS server details + infoblox.bloxone.dns_server_info: + filters: + name: "{{ dns_server_name }}" + register: dns_server_info + - name: Assert the DNS server exists and has the correct ECS zones + assert: + that: + - dns_server_info is not failed + - dns_server_info.objects | length == 1 + - dns_server_info.objects[0].ecs_zones[0].access == "allow" + - dns_server_info.objects[0].ecs_zones[0].fqdn == "tf-infoblox.com." + + - name: Create a DNS server with filter_aaaa_on_v4 + infoblox.bloxone.dns_server: + name: "{{ dns_server_name }}" + filter_aaaa_on_v4: "break_dnssec" + state: present + register: dns_server + - name: Get DNS server details + infoblox.bloxone.dns_server_info: + filters: + name: "{{ dns_server_name }}" + register: dns_server_info + - name: Assert the DNS server exists and has the correct filter_aaaa_on_v4 + assert: + that: + - dns_server_info is not failed + - dns_server_info.objects | length == 1 + - dns_server_info.objects[0].filter_aaaa_on_v4 == "break_dnssec" + + - name: Create a DNS server with forwarders + infoblox.bloxone.dns_server: + name: "{{ dns_server_name }}" + forwarders: + - address: "192.168.10.10" + fqdn: "tf-example.com." + state: present + register: dns_server + - name: Get DNS server details + infoblox.bloxone.dns_server_info: + filters: + name: "{{ dns_server_name }}" + register: dns_server_info + - name: Assert the DNS server exists and has the correct forwarders + assert: + that: + - dns_server_info is not failed + - dns_server_info.objects | length == 1 + - dns_server_info.objects[0].forwarders[0].address == "192.168.10.10" + - dns_server_info.objects[0].forwarders[0].fqdn == "tf-example.com." + + - name: Create a DNS server with forwarders_only set to true + infoblox.bloxone.dns_server: + name: "{{ dns_server_name }}" + forwarders_only: true + forwarders: + - address: "192.168.11.11" + fqdn: "tf-infoblox.com." + state: present + register: dns_server + - name: Get DNS server details + infoblox.bloxone.dns_server_info: + filters: + name: "{{ dns_server_name }}" + register: dns_server_info + - name: Assert the DNS server exists and has the correct forwarders_only setting + assert: + that: + - dns_server_info is not failed + - dns_server_info.objects | length == 1 + - dns_server_info.objects[0].forwarders_only == true + - dns_server_info.objects[0].forwarders[0].address == "192.168.11.11" + - dns_server_info.objects[0].forwarders[0].fqdn == "tf-infoblox.com." + + - name: Create a DNS server with gss_tsig_enabled set to false + infoblox.bloxone.dns_server: + name: "{{ dns_server_name }}" + gss_tsig_enabled: true + state: present + register: dns_server + - name: Get DNS server details + infoblox.bloxone.dns_server_info: + filters: + name: "{{ dns_server_name }}" + register: dns_server_info + - name: Assert the DNS server exists and has the correct gss_tsig_enabled value + assert: + that: + - dns_server_info is not failed + - dns_server_info.objects | length == 1 + - dns_server_info.objects[0].gss_tsig_enabled == true + + - name: Create a DNS server with inheritance sources action set to inherit + infoblox.bloxone.dns_server: + name: "dns-server-example" + inheritance_sources: + add_edns_option_in_outgoing_query: + action: "inherit" + custom_root_ns_block: + action: "inherit" + dnssec_validation_block: + action: "inherit" + ecs_block: + action: "inherit" + filter_aaaa_on_v4: + action: "inherit" + forwarders_block: + action: "inherit" + gss_tsig_enabled: + action: "inherit" + kerberos_keys: + action: "inherit" + lame_ttl: + action: "inherit" + log_query_response: + action: "inherit" + match_recursive_only: + action: "inherit" + max_cache_ttl: + action: "inherit" + max_negative_ttl: + action: "inherit" + minimal_responses: + action: "inherit" + notify: + action: "inherit" + query_port: + action: "inherit" + recursion_enabled: + action: "inherit" + recursive_clients: + action: "inherit" + resolver_query_timeout: + action: "inherit" + secondary_axfr_query_limit: + action: "inherit" + secondary_soa_query_limit: + action: "inherit" + sort_list: + action: "inherit" + synthesize_address_records_from_https: + action: "inherit" + transfer_acl: + action: "inherit" + use_forwarders_for_subzones: + action: "inherit" + state: present + register: dns_server + - name: Get DNS server details + infoblox.bloxone.dns_server_info: + filters: + name: "dns-server-example" + register: dns_server_info + - name: Assert the DNS server exists and all inheritance sources have action set to inherit + assert: + that: + - dns_server_info is not failed + - dns_server_info.objects | length == 1 + - dns_server_info.objects[0].inheritance_sources.add_edns_option_in_outgoing_query.action == "inherit" + - dns_server_info.objects[0].inheritance_sources.custom_root_ns_block.action == "inherit" + - dns_server_info.objects[0].inheritance_sources.dnssec_validation_block.action == "inherit" + - dns_server_info.objects[0].inheritance_sources.ecs_block.action == "inherit" + - dns_server_info.objects[0].inheritance_sources.filter_aaaa_on_v4.action == "inherit" + - dns_server_info.objects[0].inheritance_sources.forwarders_block.action == "inherit" + - dns_server_info.objects[0].inheritance_sources.gss_tsig_enabled.action == "inherit" + - dns_server_info.objects[0].inheritance_sources.kerberos_keys.action == "inherit" + - dns_server_info.objects[0].inheritance_sources.lame_ttl.action == "inherit" + - dns_server_info.objects[0].inheritance_sources.log_query_response.action == "inherit" + - dns_server_info.objects[0].inheritance_sources.match_recursive_only.action == "inherit" + - dns_server_info.objects[0].inheritance_sources.max_cache_ttl.action == "inherit" + - dns_server_info.objects[0].inheritance_sources.max_negative_ttl.action == "inherit" + - dns_server_info.objects[0].inheritance_sources.minimal_responses.action == "inherit" + - dns_server_info.objects[0].inheritance_sources.notify.action == "inherit" + - dns_server_info.objects[0].inheritance_sources.query_port.action == "inherit" + - dns_server_info.objects[0].inheritance_sources.recursion_enabled.action == "inherit" + - dns_server_info.objects[0].inheritance_sources.recursive_clients.action == "inherit" + - dns_server_info.objects[0].inheritance_sources.resolver_query_timeout.action == "inherit" + - dns_server_info.objects[0].inheritance_sources.secondary_axfr_query_limit.action == "inherit" + - dns_server_info.objects[0].inheritance_sources.secondary_soa_query_limit.action == "inherit" + - dns_server_info.objects[0].inheritance_sources.sort_list.action == "inherit" + - dns_server_info.objects[0].inheritance_sources.synthesize_address_records_from_https.action == "inherit" + - dns_server_info.objects[0].inheritance_sources.transfer_acl.action == "inherit" + - dns_server_info.objects[0].inheritance_sources.use_forwarders_for_subzones.action == "inherit" + + - name: Create a DNS server with lame_ttl set to 3000 + infoblox.bloxone.dns_server: + name: "{{ dns_server_name }}" + lame_ttl: 3000 + state: present + register: dns_server + - name: Get DNS server details + infoblox.bloxone.dns_server_info: + filters: + name: "{{ dns_server_name }}" + register: dns_server_info + - name: Assert the DNS server exists and has the correct lame_ttl + assert: + that: + - dns_server_info is not failed + - dns_server_info.objects | length == 1 + - dns_server_info.objects[0].lame_ttl == 3000 + + - name: Create a DNS server with log_query_response set to true + infoblox.bloxone.dns_server: + name: "{{ dns_server_name }}" + log_query_response: true + state: present + register: dns_server + - name: Get DNS server details + infoblox.bloxone.dns_server_info: + filters: + name: "{{ dns_server_name }}" + register: dns_server_info + - name: Assert the DNS server exists and has the correct log_query_response + assert: + that: + - dns_server_info is not failed + - dns_server_info.objects | length == 1 + - dns_server_info.objects[0].log_query_response == true + + - name: Create a DNS server with match_recursive_only set to true + infoblox.bloxone.dns_server: + name: "{{ dns_server_name }}" + match_recursive_only: true + state: present + register: dns_server + - name: Get DNS server details + infoblox.bloxone.dns_server_info: + filters: + name: "{{ dns_server_name }}" + register: dns_server_info + - name: Assert the DNS server exists and has the correct match_recursive_only + assert: + that: + - dns_server_info is not failed + - dns_server_info.objects | length == 1 + - dns_server_info.objects[0].match_recursive_only == true + + - name: Create a DNS server with max_cache_ttl set to 600000 + infoblox.bloxone.dns_server: + name: "{{ dns_server_name }}" + max_cache_ttl: 600000 + state: present + register: dns_server + - name: Get DNS server details + infoblox.bloxone.dns_server_info: + filters: + name: "{{ dns_server_name }}" + register: dns_server_info + - name: Assert the DNS server exists and has the correct max_cache_ttl + assert: + that: + - dns_server_info is not failed + - dns_server_info.objects | length == 1 + - dns_server_info.objects[0].max_cache_ttl == 600000 + + - name: Create a DNS server with max_negative_ttl set to 10000 + infoblox.bloxone.dns_server: + name: "{{ dns_server_name }}" + max_negative_ttl: 10000 + state: present + register: dns_server + - name: Get DNS server details + infoblox.bloxone.dns_server_info: + filters: + name: "{{ dns_server_name }}" + register: dns_server_info + - name: Assert the DNS server exists and has the correct max_negative_ttl + assert: + that: + - dns_server_info is not failed + - dns_server_info.objects | length == 1 + - dns_server_info.objects[0].max_negative_ttl == 10000 + + - name: Create a DNS server with minimal_responses set to false + infoblox.bloxone.dns_server: + name: "{{ dns_server_name }}" + minimal_responses: true + state: present + register: dns_server + - name: Get DNS server details + infoblox.bloxone.dns_server_info: + filters: + name: "{{ dns_server_name }}" + register: dns_server_info + - name: Assert the DNS server exists and has the correct minimal_responses setting + assert: + that: + - dns_server_info is not failed + - dns_server_info.objects | length == 1 + - dns_server_info.objects[0].minimal_responses == true + + - name: Create a DNS server with notify set to false + infoblox.bloxone.dns_server: + name: "{{ dns_server_name }}" + notify: true + state: present + register: dns_server + - name: Get DNS server details + infoblox.bloxone.dns_server_info: + filters: + name: "{{ dns_server_name }}" + register: dns_server_info + - name: Assert the DNS server exists and has the correct notify setting + assert: + that: + - dns_server_info is not failed + - dns_server_info.objects | length == 1 + - dns_server_info.objects[0].notify == true + + - name: Create a DNS server with notify set to false + infoblox.bloxone.dns_server: + name: "{{ dns_server_name }}" + notify: true + state: present + register: dns_server + - name: Get DNS server details + infoblox.bloxone.dns_server_info: + filters: + name: "{{ dns_server_name }}" + register: dns_server_info + - name: Assert the DNS server exists and has the correct notify setting + assert: + that: + - dns_server_info is not failed + - dns_server_info.objects | length == 1 + - dns_server_info.objects[0].notify == true + + - name: Create a DNS server with recursion_enabled set to true + infoblox.bloxone.dns_server: + name: "{{ dns_server_name }}" + recursion_enabled: true + state: present + register: dns_server + - name: Get DNS server details + infoblox.bloxone.dns_server_info: + filters: + name: "{{ dns_server_name }}" + register: dns_server_info + - name: Assert the DNS server exists and has the correct recursion_enabled setting + assert: + that: + - dns_server_info is not failed + - dns_server_info.objects | length == 1 + - dns_server_info.objects[0].recursion_enabled == true + + - name: Create a DNS server with recursion_enabled set to true + infoblox.bloxone.dns_server: + name: "{{ dns_server_name }}" + recursion_enabled: true + state: present + register: dns_server + - name: Get DNS server details + infoblox.bloxone.dns_server_info: + filters: + name: "{{ dns_server_name }}" + register: dns_server_info + - name: Assert the DNS server exists and has the correct recursion_enabled setting + assert: + that: + - dns_server_info is not failed + - dns_server_info.objects | length == 1 + - dns_server_info.objects[0].recursion_enabled == true + + - name: Create a DNS server with resolver_query_timeout set to 15 + infoblox.bloxone.dns_server: + name: "{{ dns_server_name }}" + resolver_query_timeout: 15 + state: present + register: dns_server + - name: Get DNS server details + infoblox.bloxone.dns_server_info: + filters: + name: "{{ dns_server_name }}" + register: dns_server_info + - name: Assert the DNS server exists and has the correct resolver_query_timeout setting + assert: + that: + - dns_server_info is not failed + - dns_server_info.objects | length == 1 + - dns_server_info.objects[0].resolver_query_timeout == 15 + + - name: Create a DNS server with secondary_axfr_query_limit set to 2 + infoblox.bloxone.dns_server: + name: "{{ dns_server_name }}" + secondary_axfr_query_limit: 2 + state: present + register: dns_server + - name: Get DNS server details + infoblox.bloxone.dns_server_info: + filters: + name: "{{ dns_server_name }}" + register: dns_server_info + - name: Assert the DNS server exists and has the correct secondary_axfr_query_limit setting + assert: + that: + - dns_server_info is not failed + - dns_server_info.objects | length == 1 + - dns_server_info.objects[0].secondary_axfr_query_limit == 2 + + - name: Create a DNS server with secondary_soa_query_limit set to 2 + infoblox.bloxone.dns_server: + name: "{{ dns_server_name }}" + secondary_soa_query_limit: 2 + state: present + register: dns_server + - name: Get DNS server details + infoblox.bloxone.dns_server_info: + filters: + name: "{{ dns_server_name }}" + register: dns_server_info + - name: Assert the DNS server exists and has the correct secondary_soa_query_limit setting + assert: + that: + - dns_server_info is not failed + - dns_server_info.objects | length == 1 + - dns_server_info.objects[0].secondary_soa_query_limit == 2 + + - name: Create a DNS server with sort_list configuration + infoblox.bloxone.dns_server: + name: "{{ dns_server_name }}" + sort_list: + - element: ip + source: "192.168.11.11" + prioritized_networks: + - "192.168.12.12" + state: present + register: dns_server + - name: Get DNS server details + infoblox.bloxone.dns_server_info: + filters: + name: "{{ dns_server_name }}" + register: dns_server_info + - name: Assert the DNS server exists and has the correct sort_list configuration + assert: + that: + - dns_server_info is not failed + - dns_server_info.objects | length == 1 + - dns_server_info.objects[0].sort_list[0].element == "ip" + - dns_server_info.objects[0].sort_list[0].source == "192.168.11.11" + - dns_server_info.objects[0].sort_list[0].prioritized_networks[0] == "192.168.12.12" + + - name: Create a DNS server with synthesize_address_records_from_https set to false + infoblox.bloxone.dns_server: + name: "{{ dns_server_name }}" + synthesize_address_records_from_https: true + state: present + register: dns_server + - name: Get DNS server details + infoblox.bloxone.dns_server_info: + filters: + name: "{{ dns_server_name }}" + register: dns_server_info + - name: Assert the DNS server exists and has the correct synthesize_address_records_from_https setting + assert: + that: + - dns_server_info is not failed + - dns_server_info.objects | length == 1 + - dns_server_info.objects[0].synthesize_address_records_from_https == true + + - name: Create a DNS server with tags tag1 and tag2 + infoblox.bloxone.dns_server: + name: "{{ dns_server_name }}" + tags: + tag1: "value1" + tag2: "value2" + state: present + register: dns_server + - name: Get DNS server details + infoblox.bloxone.dns_server_info: + filters: + name: "{{ dns_server_name }}" + register: dns_server_info + - name: Assert the DNS server exists and has the correct tags + assert: + that: + - dns_server_info is not failed + - dns_server_info.objects | length == 1 + - dns_server_info.objects[0].tags.tag1 == "value1" + - dns_server_info.objects[0].tags.tag2 == "value2" + + - name: Create a DNS server with use_forwarders_for_subzones set to true + infoblox.bloxone.dns_server: + name: "{{ dns_server_name }}" + use_forwarders_for_subzones: true + state: present + register: dns_server + - name: Get DNS server details + infoblox.bloxone.dns_server_info: + filters: + name: "{{ dns_server_name }}" + register: dns_server_info + - name: Assert the DNS server exists and has the correct use_forwarders_for_subzones setting + assert: + that: + - dns_server_info is not failed + - dns_server_info.objects | length == 1 + - dns_server_info.objects[0].use_forwarders_for_subzones == true + + - name: Create a DNS server with use_root_forwarders_for_local_resolution_with_b1td set to true + infoblox.bloxone.dns_server: + name: "{{ dns_server_name }}" + use_root_forwarders_for_local_resolution_with_b1td: true + forwarders: + - address: "192.168.11.11" + fqdn: "tf-infoblox.com." + state: present + register: dns_server + - name: Get DNS server details + infoblox.bloxone.dns_server_info: + filters: + name: "{{ dns_server_name }}" + register: dns_server_info + - name: Assert the DNS server exists and has the correct use_root_forwarders_for_local_resolution_with_b1td setting + assert: + that: + - dns_server_info is not failed + - dns_server_info.objects | length == 1 + - dns_server_info.objects[0].use_root_forwarders_for_local_resolution_with_b1td == true + + always: + # Cleanup if the test fails + - name: "Delete Dns Server" + infoblox.bloxone.dns_server: + name: "{{ dns_server_name }}" + state: "absent" + ignore_errors: true diff --git a/tests/integration/targets/dns_server_info/tasks/main.yml b/tests/integration/targets/dns_server_info/tasks/main.yml new file mode 100644 index 00000000..8c671d1e --- /dev/null +++ b/tests/integration/targets/dns_server_info/tasks/main.yml @@ -0,0 +1,66 @@ +--- + +#TODO: add tests +# The following require additional plugins to be supported. +# - tsig keys +# - acl + + +- module_defaults: + group/infoblox.bloxone.all: + csp_url: "{{ csp_url }}" + api_key: "{{ api_key }}" + block: + # Create a random Auth Zone name to avoid conflicts + - ansible.builtin.set_fact: + dns_server_name: "test-dns-server-{{ 999999 | random | string }}" + tag_value: "site-{{ 999999 | random | string }}" + + - name: Create a DNS Server + infoblox.bloxone.dns_server: + name: "{{ dns_server_name }}" + recursion_enabled: true + tags: + location: "{{ tag_value }}" + forwarders: + - address: "192.168.11.11" + fqdn: "example.com." + state: present + register: dns_server + + - name: Get Information about the DNS Server + infoblox.bloxone.dns_server_info: + filters: + name: "{{ dns_server_name }}" + register: dns_server_info + - assert: + that: + - dns_server_info.objects | length == 1 + - dns_server_info.objects[0].name == dns_server.object.name + + - name: Get DNS Server information by filter query + infoblox.bloxone.dns_server_info: + filter_query: "name=='{{ dns_server_name }}'" + register: dns_server_info + - assert: + that: + - dns_server_info.objects | length == 1 + - dns_server_info.objects[0].id == dns_server.id + + - name: Get DNS Server information by tag filters + infoblox.bloxone.dns_server_info: + tag_filters: + location: "{{ tag_value }}" + register: dns_server_info + - assert: + that: + - dns_server_info.objects | length == 1 + - dns_server_info.objects[0].id == dns_server.id + + + always: + - name: "Delete dns server" + infoblox.bloxone.dns_server: + name: "{{ dns_server_name }}" + state: "absent" + ignore_errors: true \ No newline at end of file From aabfe03cf91e6bda4d9ad930258a962983d441ea Mon Sep 17 00:00:00 2001 From: Anil Gadiyar Date: Tue, 7 Jan 2025 13:38:46 +0530 Subject: [PATCH 3/6] addressed PR comment --- plugins/modules/dns_server.py | 20 +- plugins/modules/dns_server_info.py | 2 +- .../targets/dns_server/tasks/main.yml | 185 ++++++++++++------ .../targets/dns_server_info/tasks/main.yml | 5 +- 4 files changed, 149 insertions(+), 63 deletions(-) diff --git a/plugins/modules/dns_server.py b/plugins/modules/dns_server.py index 7b0becae..7835a22e 100644 --- a/plugins/modules/dns_server.py +++ b/plugins/modules/dns_server.py @@ -84,7 +84,23 @@ elements: dict suboptions: algorithm: - description: "" + description: + - "DNSSEC trust anchor." + - "Key algorithm. Algorithm values are as per standards. The mapping is as follows:" + - "* I(RSAMD5) = 1," + - "* I(DH) = 2," + - "* I(DSA) = 3," + - "* I(RSASHA1) = 5," + - "* I(DSANSEC3SHA1) = 6," + - "* I(RSASHA1NSEC3SHA1) = 7," + - "* I(RSASHA256) = 8," + - "* I(RSASHA512) = 10," + - "* I(ECDSAP256SHA256) = 13," + - "* I(ECDSAP384SHA384) = 14." + - "Below algorithms are deprecated and not supported anymore:" + - "* I(RSAMD5) = 1," + - "* I(DSA) = 3," + - "* I(DSANSEC3SHA1) = 6." type: int public_key: description: @@ -996,7 +1012,7 @@ - address: "192.168.11.11" fqdn: "example.com." tags: - location: "my-location" + location: "site-1" comment: "Example DNS Server" state: "present" diff --git a/plugins/modules/dns_server_info.py b/plugins/modules/dns_server_info.py index 2982f37f..acd4ab4f 100644 --- a/plugins/modules/dns_server_info.py +++ b/plugins/modules/dns_server_info.py @@ -61,7 +61,7 @@ infoblox.bloxone.dns_server_info: id: "{{ dns_server_id }}" - - name: Get DNS Server information by filters (e.g., name) + - name: Get DNS Server information by filters (e.g. name) infoblox.bloxone.dns_server_info: filters: name: "example_server" diff --git a/tests/integration/targets/dns_server/tasks/main.yml b/tests/integration/targets/dns_server/tasks/main.yml index 23993f62..7b82180c 100644 --- a/tests/integration/targets/dns_server/tasks/main.yml +++ b/tests/integration/targets/dns_server/tasks/main.yml @@ -109,7 +109,7 @@ - dns_server_info.objects[0].id == dns_server.id - dns_server_info.objects[0].add_edns_option_in_outgoing_query == true - - name: Create a DNS Server with auto_sort_views enabled + - name: Create a DNS Server with Auto Sort Views enabled infoblox.bloxone.dns_server: name: "{{ dns_server_name }}" auto_sort_views: true @@ -144,11 +144,14 @@ - dns_server_info.objects[0].comment == "test comment" - name: Create a DNS Server with Custom Root Nameservers + #tags: dns_server infoblox.bloxone.dns_server: name: "{{ dns_server_name }}" custom_root_ns: - address: "192.168.10.10" - fqdn: "tf-example.com." + fqdn: "test-example.com." + - address: "192.168.10.11" + fqdn: "test-example2.com" state: present register: dns_server - name: Get Information about the DNS Server @@ -161,7 +164,28 @@ - dns_server_info is not failed - dns_server_info.objects | length == 1 - dns_server_info.objects[0].custom_root_ns[0].address == "192.168.10.10" - - dns_server_info.objects[0].custom_root_ns[0].fqdn == "tf-example.com." + - dns_server_info.objects[0].custom_root_ns[0].fqdn == "test-example.com." + - dns_server_info.objects[0].custom_root_ns[1].address == "192.168.10.11" + - dns_server_info.objects[0].custom_root_ns[1].fqdn == "test-example2.com." + + - name: Create a DNS Server with Recursive Clients + infoblox.bloxone.dns_server: + name: "{{ dns_server_name }}" + recursive_clients: 100 + state: present + register: dns_server + - name: Get Information about the DNS Server + infoblox.bloxone.dns_server_info: + filters: + name: "{{ dns_server_name }}" + register: dns_server_info + - name: Assert DNS Server Configuration + assert: + that: + - dns_server_info is not failed + - dns_server_info.objects | length == 1 + - dns_server_info.objects[0].recursive_clients == 100 + - name: Create a DNS Server with Custom Root Nameservers Enabled infoblox.bloxone.dns_server: @@ -169,7 +193,7 @@ custom_root_ns_enabled: true custom_root_ns: - address: "192.168.10.10" - fqdn: "tf-example.com." + fqdn: "test-example.com." state: present register: dns_server - name: Get Information about the DNS Server @@ -183,10 +207,11 @@ - dns_server_info.objects | length == 1 - dns_server_info.objects[0].custom_root_ns_enabled == true - - name: Create a DNS Server with DNSSEC Enable Validation (true) + + - name: Create a DNS Server with DNSSEC Enable Validation (false) infoblox.bloxone.dns_server: name: "{{ dns_server_name }}" - dnssec_enable_validation: true + dnssec_enable_validation: false state: present register: dns_server - name: Get Information about the DNS Server @@ -198,12 +223,12 @@ that: - dns_server_info is not failed - dns_server_info.objects | length == 1 - - dns_server_info.objects[0].dnssec_enable_validation == true + - dns_server_info.objects[0].dnssec_enable_validation == false - - name: Create a DNS Server with DNSSEC Enabled (true) + - name: Create a DNS Server with DNSSEC Enabled (false) infoblox.bloxone.dns_server: name: "{{ dns_server_name }}" - dnssec_enabled: true + dnssec_enabled: false state: present register: dns_server - name: Get Information about the DNS Server @@ -214,7 +239,7 @@ - assert: that: - dns_server_info.objects | length == 1 - - dns_server_info.objects[0].dnssec_enabled == true + - dns_server_info.objects[0].dnssec_enabled == false - name: Create DNS Server with DNSSEC Trust Anchors infoblox.bloxone.dns_server: @@ -222,7 +247,7 @@ dnssec_trust_anchors: - algorithm: "8" public_key: "AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU=" - zone: "tf-infoblox.com." + zone: "test-infoblox.com." sep: true state: present register: dns_server @@ -236,7 +261,7 @@ that: - dns_server_info.objects | length == 1 - dns_server_info.objects[0].dnssec_trust_anchors[0].algorithm == 8 - - dns_server_info.objects[0].dnssec_trust_anchors[0].zone == "tf-infoblox.com." + - dns_server_info.objects[0].dnssec_trust_anchors[0].zone == "test-infoblox.com." - dns_server_info.objects[0].dnssec_trust_anchors[0].sep == true # Ensure 'sep' is false - name: Create a DNS Server with DNSSEC Validate Expiry enabled @@ -262,7 +287,7 @@ ecs_enabled: true ecs_zones: - access: "allow" - fqdn: "tf-infoblox.com." + fqdn: "test-infoblox.com." state: present register: dns_server - name: Get Information about the DNS Server @@ -334,10 +359,9 @@ name: "{{ dns_server_name }}" ecs_zones: - access: "allow" - fqdn: "tf-infoblox.com." + fqdn: "test-infoblox.com." state: present register: dns_server - # Step 2: Get DNS server details - name: Get DNS server details infoblox.bloxone.dns_server_info: filters: @@ -349,9 +373,9 @@ - dns_server_info is not failed - dns_server_info.objects | length == 1 - dns_server_info.objects[0].ecs_zones[0].access == "allow" - - dns_server_info.objects[0].ecs_zones[0].fqdn == "tf-infoblox.com." + - dns_server_info.objects[0].ecs_zones[0].fqdn == "test-infoblox.com." - - name: Create a DNS server with filter_aaaa_on_v4 + - name: Create a DNS server with Filter_AAAA_On_V4 infoblox.bloxone.dns_server: name: "{{ dns_server_name }}" filter_aaaa_on_v4: "break_dnssec" @@ -369,12 +393,30 @@ - dns_server_info.objects | length == 1 - dns_server_info.objects[0].filter_aaaa_on_v4 == "break_dnssec" - - name: Create a DNS server with forwarders + - name: Create a DNS server with Filter_AAAA_On_V4 as yes + infoblox.bloxone.dns_server: + name: "{{ dns_server_name }}" + filter_aaaa_on_v4: "yes" + state: present + register: dns_server + - name: Get DNS server details + infoblox.bloxone.dns_server_info: + filters: + name: "{{ dns_server_name }}" + register: dns_server_info + - name: Assert the DNS server exists and has the correct yes + assert: + that: + - dns_server_info is not failed + - dns_server_info.objects | length == 1 + - dns_server_info.objects[0].filter_aaaa_on_v4 == "yes" + + - name: Create a DNS server with Forwarders infoblox.bloxone.dns_server: name: "{{ dns_server_name }}" forwarders: - address: "192.168.10.10" - fqdn: "tf-example.com." + fqdn: "test-example.com." state: present register: dns_server - name: Get DNS server details @@ -388,15 +430,15 @@ - dns_server_info is not failed - dns_server_info.objects | length == 1 - dns_server_info.objects[0].forwarders[0].address == "192.168.10.10" - - dns_server_info.objects[0].forwarders[0].fqdn == "tf-example.com." + - dns_server_info.objects[0].forwarders[0].fqdn == "test-example.com." - - name: Create a DNS server with forwarders_only set to true + - name: Create a DNS server with Forwarders_only set to true infoblox.bloxone.dns_server: name: "{{ dns_server_name }}" forwarders_only: true forwarders: - address: "192.168.11.11" - fqdn: "tf-infoblox.com." + fqdn: "test-infoblox.com." state: present register: dns_server - name: Get DNS server details @@ -411,9 +453,9 @@ - dns_server_info.objects | length == 1 - dns_server_info.objects[0].forwarders_only == true - dns_server_info.objects[0].forwarders[0].address == "192.168.11.11" - - dns_server_info.objects[0].forwarders[0].fqdn == "tf-infoblox.com." + - dns_server_info.objects[0].forwarders[0].fqdn == "test-infoblox.com." - - name: Create a DNS server with gss_tsig_enabled set to false + - name: Create a DNS server with Gss_Tsig_Enabled set to true infoblox.bloxone.dns_server: name: "{{ dns_server_name }}" gss_tsig_enabled: true @@ -431,7 +473,7 @@ - dns_server_info.objects | length == 1 - dns_server_info.objects[0].gss_tsig_enabled == true - - name: Create a DNS server with inheritance sources action set to inherit + - name: Create a DNS server with Inheritance sources action set to inherit infoblox.bloxone.dns_server: name: "dns-server-example" inheritance_sources: @@ -523,7 +565,7 @@ - dns_server_info.objects[0].inheritance_sources.transfer_acl.action == "inherit" - dns_server_info.objects[0].inheritance_sources.use_forwarders_for_subzones.action == "inherit" - - name: Create a DNS server with lame_ttl set to 3000 + - name: Create a DNS server with Lame_TTL set to 3000 infoblox.bloxone.dns_server: name: "{{ dns_server_name }}" lame_ttl: 3000 @@ -541,7 +583,7 @@ - dns_server_info.objects | length == 1 - dns_server_info.objects[0].lame_ttl == 3000 - - name: Create a DNS server with log_query_response set to true + - name: Create a DNS server with Log_Query_Response set to true infoblox.bloxone.dns_server: name: "{{ dns_server_name }}" log_query_response: true @@ -559,7 +601,7 @@ - dns_server_info.objects | length == 1 - dns_server_info.objects[0].log_query_response == true - - name: Create a DNS server with match_recursive_only set to true + - name: Create a DNS server with Match_Recursive_Only set to true infoblox.bloxone.dns_server: name: "{{ dns_server_name }}" match_recursive_only: true @@ -577,7 +619,7 @@ - dns_server_info.objects | length == 1 - dns_server_info.objects[0].match_recursive_only == true - - name: Create a DNS server with max_cache_ttl set to 600000 + - name: Create a DNS server with Max_Cache_TTL infoblox.bloxone.dns_server: name: "{{ dns_server_name }}" max_cache_ttl: 600000 @@ -595,7 +637,7 @@ - dns_server_info.objects | length == 1 - dns_server_info.objects[0].max_cache_ttl == 600000 - - name: Create a DNS server with max_negative_ttl set to 10000 + - name: Create a DNS server with Max_Negative_TTL infoblox.bloxone.dns_server: name: "{{ dns_server_name }}" max_negative_ttl: 10000 @@ -613,7 +655,7 @@ - dns_server_info.objects | length == 1 - dns_server_info.objects[0].max_negative_ttl == 10000 - - name: Create a DNS server with minimal_responses set to false + - name: Create a DNS server with Minimal_Responses set to true infoblox.bloxone.dns_server: name: "{{ dns_server_name }}" minimal_responses: true @@ -630,26 +672,26 @@ - dns_server_info is not failed - dns_server_info.objects | length == 1 - dns_server_info.objects[0].minimal_responses == true - - - name: Create a DNS server with notify set to false + - + - name: update a DNS server name infoblox.bloxone.dns_server: - name: "{{ dns_server_name }}" - notify: true + name: "{{ dns_server_name }}_update" + minimal_responses: true state: present register: dns_server - name: Get DNS server details infoblox.bloxone.dns_server_info: filters: - name: "{{ dns_server_name }}" + name: "{{ dns_server_name }}_update" register: dns_server_info - - name: Assert the DNS server exists and has the correct notify setting + - name: Assert the DNS server exists and has the correct minimal_responses setting assert: that: - dns_server_info is not failed - dns_server_info.objects | length == 1 - - dns_server_info.objects[0].notify == true + - dns_server_info.objects[0].name == "{{ dns_server_name }}_update" - - name: Create a DNS server with notify set to false + - name: Create a DNS server with Notify set to true infoblox.bloxone.dns_server: name: "{{ dns_server_name }}" notify: true @@ -667,7 +709,7 @@ - dns_server_info.objects | length == 1 - dns_server_info.objects[0].notify == true - - name: Create a DNS server with recursion_enabled set to true + - name: Create a DNS server with Recursion_Enabled set to true infoblox.bloxone.dns_server: name: "{{ dns_server_name }}" recursion_enabled: true @@ -685,10 +727,10 @@ - dns_server_info.objects | length == 1 - dns_server_info.objects[0].recursion_enabled == true - - name: Create a DNS server with recursion_enabled set to true + - name: Create a DNS server with Resolver_Query_Timeout set to 15 infoblox.bloxone.dns_server: name: "{{ dns_server_name }}" - recursion_enabled: true + resolver_query_timeout: 15 state: present register: dns_server - name: Get DNS server details @@ -696,32 +738,32 @@ filters: name: "{{ dns_server_name }}" register: dns_server_info - - name: Assert the DNS server exists and has the correct recursion_enabled setting + - name: Assert the DNS server exists and has the correct resolver_query_timeout setting assert: that: - dns_server_info is not failed - dns_server_info.objects | length == 1 - - dns_server_info.objects[0].recursion_enabled == true + - dns_server_info.objects[0].resolver_query_timeout == 15 - - name: Create a DNS server with resolver_query_timeout set to 15 + - name: Create a DNS Server with Query Port infoblox.bloxone.dns_server: name: "{{ dns_server_name }}" - resolver_query_timeout: 15 + query_port: 2 state: present register: dns_server - - name: Get DNS server details + - name: Get Information about the DNS Server infoblox.bloxone.dns_server_info: filters: name: "{{ dns_server_name }}" register: dns_server_info - - name: Assert the DNS server exists and has the correct resolver_query_timeout setting + - name: Assert DNS Server Query Port Configuration assert: that: - dns_server_info is not failed - dns_server_info.objects | length == 1 - - dns_server_info.objects[0].resolver_query_timeout == 15 + - dns_server_info.objects[0].query_port == 2 - - name: Create a DNS server with secondary_axfr_query_limit set to 2 + - name: Create a DNS server with Secondary_Axfr_Query_Limit infoblox.bloxone.dns_server: name: "{{ dns_server_name }}" secondary_axfr_query_limit: 2 @@ -739,7 +781,7 @@ - dns_server_info.objects | length == 1 - dns_server_info.objects[0].secondary_axfr_query_limit == 2 - - name: Create a DNS server with secondary_soa_query_limit set to 2 + - name: Create a DNS server with Secondary_Soa_Query_Limit infoblox.bloxone.dns_server: name: "{{ dns_server_name }}" secondary_soa_query_limit: 2 @@ -757,7 +799,7 @@ - dns_server_info.objects | length == 1 - dns_server_info.objects[0].secondary_soa_query_limit == 2 - - name: Create a DNS server with sort_list configuration + - name: Create a DNS server with Sort_List configuration infoblox.bloxone.dns_server: name: "{{ dns_server_name }}" sort_list: @@ -781,7 +823,30 @@ - dns_server_info.objects[0].sort_list[0].source == "192.168.11.11" - dns_server_info.objects[0].sort_list[0].prioritized_networks[0] == "192.168.12.12" - - name: Create a DNS server with synthesize_address_records_from_https set to false + - name: Create a DNS server with Sort_List configuration with element as any + infoblox.bloxone.dns_server: + name: "{{ dns_server_name }}" + sort_list: + - element: any + prioritized_networks: + - "192.168.12.13" + state: present + register: dns_server + - name: Get DNS server details + infoblox.bloxone.dns_server_info: + filters: + name: "{{ dns_server_name }}" + register: dns_server_info + - name: Assert the DNS server exists and has the correct sort_list configuration + assert: + that: + - dns_server_info is not failed + - dns_server_info.objects | length == 1 + - dns_server_info.objects[0].sort_list[0].element == "any" + - dns_server_info.objects[0].sort_list[0].prioritized_networks[0] == "192.168.12.13" + + + - name: Create a DNS server with Synthesize_Address_Records_From_Https set to false infoblox.bloxone.dns_server: name: "{{ dns_server_name }}" synthesize_address_records_from_https: true @@ -799,7 +864,7 @@ - dns_server_info.objects | length == 1 - dns_server_info.objects[0].synthesize_address_records_from_https == true - - name: Create a DNS server with tags tag1 and tag2 + - name: Create a DNS server with Tags infoblox.bloxone.dns_server: name: "{{ dns_server_name }}" tags: @@ -820,7 +885,7 @@ - dns_server_info.objects[0].tags.tag1 == "value1" - dns_server_info.objects[0].tags.tag2 == "value2" - - name: Create a DNS server with use_forwarders_for_subzones set to true + - name: Create a DNS server with Use_Forwarders_For_Subzones set to true infoblox.bloxone.dns_server: name: "{{ dns_server_name }}" use_forwarders_for_subzones: true @@ -838,13 +903,13 @@ - dns_server_info.objects | length == 1 - dns_server_info.objects[0].use_forwarders_for_subzones == true - - name: Create a DNS server with use_root_forwarders_for_local_resolution_with_b1td set to true + - name: Create a DNS server with Use_Root_Forwarders_For_Local_Resolution_With_B1td set to true infoblox.bloxone.dns_server: name: "{{ dns_server_name }}" use_root_forwarders_for_local_resolution_with_b1td: true forwarders: - address: "192.168.11.11" - fqdn: "tf-infoblox.com." + fqdn: "test-infoblox.com." state: present register: dns_server - name: Get DNS server details @@ -866,3 +931,9 @@ name: "{{ dns_server_name }}" state: "absent" ignore_errors: true + + - name: "Delete Dns Server Update" + infoblox.bloxone.dns_server: + name: "{{ dns_server_name }}_update" + state: "absent" + ignore_errors: true diff --git a/tests/integration/targets/dns_server_info/tasks/main.yml b/tests/integration/targets/dns_server_info/tasks/main.yml index 8c671d1e..461ba29c 100644 --- a/tests/integration/targets/dns_server_info/tasks/main.yml +++ b/tests/integration/targets/dns_server_info/tasks/main.yml @@ -28,7 +28,7 @@ state: present register: dns_server - - name: Get Information about the DNS Server + - name: Get Information about the DNS Server by filter (name) infoblox.bloxone.dns_server_info: filters: name: "{{ dns_server_name }}" @@ -57,10 +57,9 @@ - dns_server_info.objects | length == 1 - dns_server_info.objects[0].id == dns_server.id - always: - name: "Delete dns server" infoblox.bloxone.dns_server: name: "{{ dns_server_name }}" state: "absent" - ignore_errors: true \ No newline at end of file + ignore_errors: true From 9444fe4a7726132a2eca70392187009fda97069b Mon Sep 17 00:00:00 2001 From: Anil Gadiyar Date: Mon, 13 Jan 2025 22:39:39 +0530 Subject: [PATCH 4/6] addressed PR comment --- plugins/modules/dns_server.py | 51 +++++++++++++++++-- plugins/modules/dns_server_info.py | 51 +++++++++++++++++-- .../targets/dns_server/tasks/main.yml | 3 +- 3 files changed, 97 insertions(+), 8 deletions(-) diff --git a/plugins/modules/dns_server.py b/plugins/modules/dns_server.py index 7835a22e..3ead619d 100644 --- a/plugins/modules/dns_server.py +++ b/plugins/modules/dns_server.py @@ -1108,7 +1108,22 @@ elements: dict contains: algorithm: - description: "" + description: + - "Specifies the cryptographic algorithm used for DNSSEC. Supported values and their corresponding mappings are as follows." + - "RSAMD5 (1)" + - "DH (2)" + - "DSA (3)" + - "RSASHA1 (5)" + - "DSANSEC3SHA1 (6)" + - "RSASHA1NSEC3SHA1 (7)" + - "RSASHA256 (8)" + - "RSASHA512 (10)" + - "ECDSAP256SHA256 (13)" + - "ECDSAP384SHA384 (14)" + - "**Deprecated Algorithms:**" + - "RSAMD5 (1)" + - "DSA (3)" + - "DSANSEC3SHA1 (6)" type: int returned: Always protocol_zone: @@ -1142,7 +1157,22 @@ elements: dict contains: algorithm: - description: "" + description: + - "Specifies the cryptographic algorithm used for DNSSEC. Supported values and their corresponding mappings are as follows." + - "RSAMD5 (1)" + - "DH (2)" + - "DSA (3)" + - "RSASHA1 (5)" + - "DSANSEC3SHA1 (6)" + - "RSASHA1NSEC3SHA1 (7)" + - "RSASHA256 (8)" + - "RSASHA512 (10)" + - "ECDSAP256SHA256 (13)" + - "ECDSAP384SHA384 (14)" + - "**Deprecated Algorithms:**" + - "RSAMD5 (1)" + - "DSA (3)" + - "DSANSEC3SHA1 (6)" type: int returned: Always protocol_zone: @@ -1491,7 +1521,22 @@ elements: dict contains: algorithm: - description: "" + description: + - "Specifies the cryptographic algorithm used for DNSSEC. Supported values and their corresponding mappings are as follows." + - "RSAMD5 (1)" + - "DH (2)" + - "DSA (3)" + - "RSASHA1 (5)" + - "DSANSEC3SHA1 (6)" + - "RSASHA1NSEC3SHA1 (7)" + - "RSASHA256 (8)" + - "RSASHA512 (10)" + - "ECDSAP256SHA256 (13)" + - "ECDSAP384SHA384 (14)" + - "**Deprecated Algorithms:**" + - "RSAMD5 (1)" + - "DSA (3)" + - "DSANSEC3SHA1 (6)" type: int returned: Always protocol_zone: diff --git a/plugins/modules/dns_server_info.py b/plugins/modules/dns_server_info.py index acd4ab4f..924ed90e 100644 --- a/plugins/modules/dns_server_info.py +++ b/plugins/modules/dns_server_info.py @@ -162,7 +162,22 @@ elements: dict contains: algorithm: - description: "" + description: + - "Specifies the cryptographic algorithm used for DNSSEC. Supported values and their corresponding mappings are as follows." + - "RSAMD5 (1)" + - "DH (2)" + - "DSA (3)" + - "RSASHA1 (5)" + - "DSANSEC3SHA1 (6)" + - "RSASHA1NSEC3SHA1 (7)" + - "RSASHA256 (8)" + - "RSASHA512 (10)" + - "ECDSAP256SHA256 (13)" + - "ECDSAP384SHA384 (14)" + - "**Deprecated Algorithms:**" + - "RSAMD5 (1)" + - "DSA (3)" + - "DSANSEC3SHA1 (6)" type: int returned: Always protocol_zone: @@ -196,7 +211,22 @@ elements: dict contains: algorithm: - description: "" + description: + - "Specifies the cryptographic algorithm used for DNSSEC. Supported values and their corresponding mappings are as follows." + - "RSAMD5 (1)" + - "DH (2)" + - "DSA (3)" + - "RSASHA1 (5)" + - "DSANSEC3SHA1 (6)" + - "RSASHA1NSEC3SHA1 (7)" + - "RSASHA256 (8)" + - "RSASHA512 (10)" + - "ECDSAP256SHA256 (13)" + - "ECDSAP384SHA384 (14)" + - "**Deprecated Algorithms:**" + - "RSAMD5 (1)" + - "DSA (3)" + - "DSANSEC3SHA1 (6)" type: int returned: Always protocol_zone: @@ -545,7 +575,22 @@ elements: dict contains: algorithm: - description: "" + description: + - "Specifies the cryptographic algorithm used for DNSSEC. Supported values and their corresponding mappings are as follows." + - "RSAMD5 (1)" + - "DH (2)" + - "DSA (3)" + - "RSASHA1 (5)" + - "DSANSEC3SHA1 (6)" + - "RSASHA1NSEC3SHA1 (7)" + - "RSASHA256 (8)" + - "RSASHA512 (10)" + - "ECDSAP256SHA256 (13)" + - "ECDSAP384SHA384 (14)" + - "**Deprecated Algorithms:**" + - "RSAMD5 (1)" + - "DSA (3)" + - "DSANSEC3SHA1 (6)" type: int returned: Always protocol_zone: diff --git a/tests/integration/targets/dns_server/tasks/main.yml b/tests/integration/targets/dns_server/tasks/main.yml index 7b82180c..1839c8b5 100644 --- a/tests/integration/targets/dns_server/tasks/main.yml +++ b/tests/integration/targets/dns_server/tasks/main.yml @@ -144,7 +144,6 @@ - dns_server_info.objects[0].comment == "test comment" - name: Create a DNS Server with Custom Root Nameservers - #tags: dns_server infoblox.bloxone.dns_server: name: "{{ dns_server_name }}" custom_root_ns: @@ -262,7 +261,7 @@ - dns_server_info.objects | length == 1 - dns_server_info.objects[0].dnssec_trust_anchors[0].algorithm == 8 - dns_server_info.objects[0].dnssec_trust_anchors[0].zone == "test-infoblox.com." - - dns_server_info.objects[0].dnssec_trust_anchors[0].sep == true # Ensure 'sep' is false + - dns_server_info.objects[0].dnssec_trust_anchors[0].sep == true - name: Create a DNS Server with DNSSEC Validate Expiry enabled infoblox.bloxone.dns_server: From 8a12065d3ca174bd83d03d88fd45b832f07f6b77 Mon Sep 17 00:00:00 2001 From: Anil Gadiyar Date: Mon, 20 Jan 2025 15:36:10 +0530 Subject: [PATCH 5/6] addressed Pr comments --- plugins/modules/dns_server.py | 5 ++-- plugins/modules/dns_server_info.py | 5 ++-- .../targets/dns_server/tasks/main.yml | 26 ------------------- 3 files changed, 6 insertions(+), 30 deletions(-) diff --git a/plugins/modules/dns_server.py b/plugins/modules/dns_server.py index 3ead619d..ec88f8ec 100644 --- a/plugins/modules/dns_server.py +++ b/plugins/modules/dns_server.py @@ -10,9 +10,10 @@ DOCUMENTATION = r""" --- module: dns_server -short_description: Manage Server +short_description: Manage a Server ( DNS Config Profile ) description: - - Manage Server + - Manage a DNS Config Profile + - A Server (DNS Config Profile) is a named configuration profile that can be shared for specified list of hosts. version_added: 2.0.0 author: Infoblox Inc. (@infobloxopen) options: diff --git a/plugins/modules/dns_server_info.py b/plugins/modules/dns_server_info.py index 924ed90e..bb6e3cfb 100644 --- a/plugins/modules/dns_server_info.py +++ b/plugins/modules/dns_server_info.py @@ -10,9 +10,10 @@ DOCUMENTATION = r""" --- module: dns_server_info -short_description: Manage Server +short_description: Retrieve a Server ( DNS Config Profile ) description: - - Manage Server + - Retrieves information about DNS Config Profiles. + - A Server (DNS Config Profile) is a named configuration profile that can be shared for specified list of hosts. version_added: 2.0.0 author: Infoblox Inc. (@infobloxopen) options: diff --git a/tests/integration/targets/dns_server/tasks/main.yml b/tests/integration/targets/dns_server/tasks/main.yml index 1839c8b5..ab31290c 100644 --- a/tests/integration/targets/dns_server/tasks/main.yml +++ b/tests/integration/targets/dns_server/tasks/main.yml @@ -5,7 +5,6 @@ # - tsig keys # - acl - - module_defaults: group/infoblox.bloxone.all: csp_url: "{{ csp_url }}" @@ -206,7 +205,6 @@ - dns_server_info.objects | length == 1 - dns_server_info.objects[0].custom_root_ns_enabled == true - - name: Create a DNS Server with DNSSEC Enable Validation (false) infoblox.bloxone.dns_server: name: "{{ dns_server_name }}" @@ -671,24 +669,6 @@ - dns_server_info is not failed - dns_server_info.objects | length == 1 - dns_server_info.objects[0].minimal_responses == true - - - - name: update a DNS server name - infoblox.bloxone.dns_server: - name: "{{ dns_server_name }}_update" - minimal_responses: true - state: present - register: dns_server - - name: Get DNS server details - infoblox.bloxone.dns_server_info: - filters: - name: "{{ dns_server_name }}_update" - register: dns_server_info - - name: Assert the DNS server exists and has the correct minimal_responses setting - assert: - that: - - dns_server_info is not failed - - dns_server_info.objects | length == 1 - - dns_server_info.objects[0].name == "{{ dns_server_name }}_update" - name: Create a DNS server with Notify set to true infoblox.bloxone.dns_server: @@ -930,9 +910,3 @@ name: "{{ dns_server_name }}" state: "absent" ignore_errors: true - - - name: "Delete Dns Server Update" - infoblox.bloxone.dns_server: - name: "{{ dns_server_name }}_update" - state: "absent" - ignore_errors: true From 601cfaa18b98f9493aee81b544924e9a33fd3e6f Mon Sep 17 00:00:00 2001 From: Anil Gadiyar Date: Wed, 29 Jan 2025 11:20:48 +0530 Subject: [PATCH 6/6] addressed Pr comments --- tests/integration/targets/dns_server/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/integration/targets/dns_server/tasks/main.yml b/tests/integration/targets/dns_server/tasks/main.yml index ab31290c..93ce064e 100644 --- a/tests/integration/targets/dns_server/tasks/main.yml +++ b/tests/integration/targets/dns_server/tasks/main.yml @@ -10,7 +10,7 @@ csp_url: "{{ csp_url }}" api_key: "{{ api_key }}" block: - # Create a random Auth Zone name to avoid conflicts + # Create a random name to avoid conflicts - ansible.builtin.set_fact: dns_server_name: "test-dns-server-{{ 999999 | random | string }}"