mirror of
https://github.com/ansible-collections/community.general.git
synced 2025-07-25 14:20:22 -07:00
Add SSHFP and TLSA records to cloudflare_dns module (#44011)
* Update cloudflare_dns account link * Add SSHFP and TLSA records to cloudflare_dns module These are record types which Cloudflare recently added support for. They both go well together with DNSSEC. Technically it's a bit of a simplification to use the hash_type parameter for TLSA records. Yet, it fits with all the real world usage I have seen, and it keeps the module from sprawling too much. Related to #43803
This commit is contained in:
Andreas Olsson
René Moser
parent
5708894f90
commit
6d772874f9
4 changed files with 575 additions and 8 deletions
|
|
@ -62,3 +62,5 @@
|
|||
- include: spf_record.yml
|
||||
- include: mx_record.yml
|
||||
- include: srv_record.yml
|
||||
- include: sshfp_record.yml
|
||||
- include: tlsa_record.yml
|
||||
|
|
|
|||
207
test/legacy/roles/test_cloudflare_dns/tasks/sshfp_record.yml
Normal file
207
test/legacy/roles/test_cloudflare_dns/tasks/sshfp_record.yml
Normal file
|
|
@ -0,0 +1,207 @@
|
|||
---
|
||||
######## SSHFP record tests #################
|
||||
|
||||
- name: "Test: SSHFP record creation"
|
||||
cloudflare_dns:
|
||||
account_email: "{{ cloudflare_email }}"
|
||||
account_api_token: "{{ cloudflare_api_token }}"
|
||||
zone: "{{ cloudflare_zone }}"
|
||||
record: "{{ cloudflare_dns_record }}"
|
||||
type: SSHFP
|
||||
algorithm: 1
|
||||
hash_type: 2
|
||||
value: feb66965cee89137b4d4a46a15c718c3f15ad408b6d1b528a2ed479a54da762c
|
||||
ttl: 150
|
||||
register: cloudflare_dns
|
||||
|
||||
- name: "Validate: SSHFP record creation"
|
||||
assert:
|
||||
that:
|
||||
- cloudflare_dns is successful
|
||||
- cloudflare_dns is changed
|
||||
- cloudflare_dns.result.record.content == "1\t2\tfeb66965cee89137b4d4a46a15c718c3f15ad408b6d1b528a2ed479a54da762c"
|
||||
- cloudflare_dns.result.record.ttl == 150
|
||||
- cloudflare_dns.result.record.type == "SSHFP"
|
||||
- cloudflare_dns.result.record.name == "{{ cloudflare_dns_record }}.{{ cloudflare_zone }}"
|
||||
- cloudflare_dns.result.record.zone_name == "{{ cloudflare_zone }}"
|
||||
- cloudflare_dns.result.record.data.algorithm == 1
|
||||
- cloudflare_dns.result.record.data.type == 2
|
||||
- cloudflare_dns.result.record.data.fingerprint == "feb66965cee89137b4d4a46a15c718c3f15ad408b6d1b528a2ed479a54da762c"
|
||||
|
||||
- name: "Test: SSHFP record idempotency"
|
||||
cloudflare_dns:
|
||||
account_email: "{{ cloudflare_email }}"
|
||||
account_api_token: "{{ cloudflare_api_token }}"
|
||||
zone: "{{ cloudflare_zone }}"
|
||||
record: "{{ cloudflare_dns_record }}"
|
||||
type: SSHFP
|
||||
algorithm: 1
|
||||
hash_type: 2
|
||||
value: feb66965cee89137b4d4a46a15c718c3f15ad408b6d1b528a2ed479a54da762c
|
||||
ttl: 150
|
||||
register: cloudflare_dns
|
||||
|
||||
- name: "Validate: SSHFP record idempotency"
|
||||
assert:
|
||||
that:
|
||||
- cloudflare_dns is successful
|
||||
- cloudflare_dns is not changed
|
||||
|
||||
- name: "Test: SSHFP record update"
|
||||
cloudflare_dns:
|
||||
account_email: "{{ cloudflare_email }}"
|
||||
account_api_token: "{{ cloudflare_api_token }}"
|
||||
zone: "{{ cloudflare_zone }}"
|
||||
record: "{{ cloudflare_dns_record }}"
|
||||
type: SSHFP
|
||||
algorithm: 1
|
||||
hash_type: 2
|
||||
value: feb66965cee89137b4d4a46a15c718c3f15ad408b6d1b528a2ed479a54da762c
|
||||
ttl: 300
|
||||
register: cloudflare_dns
|
||||
|
||||
- name: "Validate: SSHFP record update"
|
||||
assert:
|
||||
that:
|
||||
- cloudflare_dns is successful
|
||||
- cloudflare_dns is changed
|
||||
- cloudflare_dns.result.record.ttl == 300
|
||||
|
||||
- name: "Test: SSHFP record duplicate (create new record)"
|
||||
cloudflare_dns:
|
||||
account_email: "{{ cloudflare_email }}"
|
||||
account_api_token: "{{ cloudflare_api_token }}"
|
||||
zone: "{{ cloudflare_zone }}"
|
||||
record: "{{ cloudflare_dns_record }}"
|
||||
type: SSHFP
|
||||
algorithm: 1
|
||||
hash_type: 2
|
||||
value: fd3800532d26b56279524d4d1ed8afbfd9f725113c394bc185e447ba991f368b
|
||||
ttl: 300
|
||||
register: cloudflare_dns
|
||||
|
||||
- name: "Validate: SSHFP record duplicate (create new record)"
|
||||
assert:
|
||||
that:
|
||||
- cloudflare_dns is successful
|
||||
- cloudflare_dns is changed
|
||||
- cloudflare_dns.result.record.content == "1\t2\tfd3800532d26b56279524d4d1ed8afbfd9f725113c394bc185e447ba991f368b"
|
||||
- cloudflare_dns.result.record.ttl == 300
|
||||
- cloudflare_dns.result.record.type == "SSHFP"
|
||||
- cloudflare_dns.result.record.name == "{{ cloudflare_dns_record }}.{{ cloudflare_zone }}"
|
||||
- cloudflare_dns.result.record.zone_name == "{{ cloudflare_zone }}"
|
||||
- cloudflare_dns.result.record.data.algorithm == 1
|
||||
- cloudflare_dns.result.record.data.type == 2
|
||||
- cloudflare_dns.result.record.data.fingerprint == "fd3800532d26b56279524d4d1ed8afbfd9f725113c394bc185e447ba991f368b"
|
||||
|
||||
- name: "Test: SSHFP record duplicate (old record present)"
|
||||
cloudflare_dns:
|
||||
account_email: "{{ cloudflare_email }}"
|
||||
account_api_token: "{{ cloudflare_api_token }}"
|
||||
zone: "{{ cloudflare_zone }}"
|
||||
record: "{{ cloudflare_dns_record }}"
|
||||
type: SSHFP
|
||||
algorithm: 1
|
||||
hash_type: 2
|
||||
value: feb66965cee89137b4d4a46a15c718c3f15ad408b6d1b528a2ed479a54da762c
|
||||
ttl: 300
|
||||
register: cloudflare_dns
|
||||
|
||||
- name: "Validate: SSHFP record duplicate (old record present)"
|
||||
assert:
|
||||
that:
|
||||
- cloudflare_dns is successful
|
||||
- cloudflare_dns is not changed
|
||||
- cloudflare_dns.result.record.content == "1\t2\tfeb66965cee89137b4d4a46a15c718c3f15ad408b6d1b528a2ed479a54da762c"
|
||||
- cloudflare_dns.result.record.ttl == 300
|
||||
- cloudflare_dns.result.record.type == "SSHFP"
|
||||
- cloudflare_dns.result.record.name == "{{ cloudflare_dns_record }}.{{ cloudflare_zone }}"
|
||||
- cloudflare_dns.result.record.zone_name == "{{ cloudflare_zone }}"
|
||||
- cloudflare_dns.result.record.data.algorithm == 1
|
||||
- cloudflare_dns.result.record.data.type == 2
|
||||
- cloudflare_dns.result.record.data.fingerprint == "feb66965cee89137b4d4a46a15c718c3f15ad408b6d1b528a2ed479a54da762c"
|
||||
|
||||
- name: "Test: SSHFP record duplicate (make new record solo)"
|
||||
cloudflare_dns:
|
||||
account_email: "{{ cloudflare_email }}"
|
||||
account_api_token: "{{ cloudflare_api_token }}"
|
||||
zone: "{{ cloudflare_zone }}"
|
||||
record: "{{ cloudflare_dns_record }}"
|
||||
type: SSHFP
|
||||
algorithm: 1
|
||||
hash_type: 2
|
||||
value: fd3800532d26b56279524d4d1ed8afbfd9f725113c394bc185e447ba991f368b
|
||||
ttl: 300
|
||||
solo: true
|
||||
register: cloudflare_dns
|
||||
|
||||
- name: "Validate: SSHFP record duplicate (make new record solo)"
|
||||
assert:
|
||||
that:
|
||||
- cloudflare_dns is successful
|
||||
- cloudflare_dns is changed
|
||||
- cloudflare_dns.result.record.content == "1\t2\tfd3800532d26b56279524d4d1ed8afbfd9f725113c394bc185e447ba991f368b"
|
||||
- cloudflare_dns.result.record.ttl == 300
|
||||
- cloudflare_dns.result.record.type == "SSHFP"
|
||||
- cloudflare_dns.result.record.name == "{{ cloudflare_dns_record }}.{{ cloudflare_zone }}"
|
||||
- cloudflare_dns.result.record.zone_name == "{{ cloudflare_zone }}"
|
||||
- cloudflare_dns.result.record.data.algorithm == 1
|
||||
- cloudflare_dns.result.record.data.type == 2
|
||||
- cloudflare_dns.result.record.data.fingerprint == "fd3800532d26b56279524d4d1ed8afbfd9f725113c394bc185e447ba991f368b"
|
||||
|
||||
- name: "Test: SSHFP record duplicate (old record absent)"
|
||||
cloudflare_dns:
|
||||
account_email: "{{ cloudflare_email }}"
|
||||
account_api_token: "{{ cloudflare_api_token }}"
|
||||
zone: "{{ cloudflare_zone }}"
|
||||
record: "{{ cloudflare_dns_record }}"
|
||||
type: SSHFP
|
||||
algorithm: 1
|
||||
hash_type: 2
|
||||
value: feb66965cee89137b4d4a46a15c718c3f15ad408b6d1b528a2ed479a54da762c
|
||||
state: absent
|
||||
register: cloudflare_dns
|
||||
|
||||
- name: "Validate: SSHFP record duplicate (old record absent)"
|
||||
assert:
|
||||
that:
|
||||
- cloudflare_dns is successful
|
||||
- cloudflare_dns is not changed
|
||||
|
||||
- name: "Test: SSHFP record deletion"
|
||||
cloudflare_dns:
|
||||
account_email: "{{ cloudflare_email }}"
|
||||
account_api_token: "{{ cloudflare_api_token }}"
|
||||
zone: "{{ cloudflare_zone }}"
|
||||
record: "{{ cloudflare_dns_record }}"
|
||||
type: SSHFP
|
||||
algorithm: 1
|
||||
hash_type: 2
|
||||
value: fd3800532d26b56279524d4d1ed8afbfd9f725113c394bc185e447ba991f368b
|
||||
state: absent
|
||||
register: cloudflare_dns
|
||||
|
||||
- name: "Validate: SSHFP record deletion"
|
||||
assert:
|
||||
that:
|
||||
- cloudflare_dns is successful
|
||||
- cloudflare_dns is changed
|
||||
|
||||
- name: "Test: SSHFP record deletion succeeded"
|
||||
cloudflare_dns:
|
||||
account_email: "{{ cloudflare_email }}"
|
||||
account_api_token: "{{ cloudflare_api_token }}"
|
||||
zone: "{{ cloudflare_zone }}"
|
||||
record: "{{ cloudflare_dns_record }}"
|
||||
type: SSHFP
|
||||
algorithm: 1
|
||||
hash_type: 2
|
||||
value: fd3800532d26b56279524d4d1ed8afbfd9f725113c394bc185e447ba991f368b
|
||||
state: absent
|
||||
register: cloudflare_dns
|
||||
|
||||
- name: "Validate: SSHFP record deletion succeeded"
|
||||
assert:
|
||||
that:
|
||||
- cloudflare_dns is successful
|
||||
- cloudflare_dns is not changed
|
||||
239
test/legacy/roles/test_cloudflare_dns/tasks/tlsa_record.yml
Normal file
239
test/legacy/roles/test_cloudflare_dns/tasks/tlsa_record.yml
Normal file
|
|
@ -0,0 +1,239 @@
|
|||
---
|
||||
######## TLSA record tests #################
|
||||
|
||||
- name: "Test: TLSA record creation"
|
||||
cloudflare_dns:
|
||||
account_email: "{{ cloudflare_email }}"
|
||||
account_api_token: "{{ cloudflare_api_token }}"
|
||||
zone: "{{ cloudflare_zone }}"
|
||||
record: "{{ cloudflare_dns_record }}"
|
||||
port: 25
|
||||
proto: tcp
|
||||
type: TLSA
|
||||
cert_usage: 3
|
||||
selector: 1
|
||||
hash_type: 1
|
||||
value: 09c5d90ef4cf74625de04719c71c85ea99182ab81aaab99795466a8c100ead5f
|
||||
ttl: 150
|
||||
register: cloudflare_dns
|
||||
|
||||
- name: "Validate: TLSA record creation"
|
||||
assert:
|
||||
that:
|
||||
- cloudflare_dns is successful
|
||||
- cloudflare_dns is changed
|
||||
- cloudflare_dns.result.record.content == "3\t1\t1\t09c5d90ef4cf74625de04719c71c85ea99182ab81aaab99795466a8c100ead5f"
|
||||
- cloudflare_dns.result.record.ttl == 150
|
||||
- cloudflare_dns.result.record.type == "TLSA"
|
||||
- cloudflare_dns.result.record.name == "_25._tcp.{{ cloudflare_dns_record }}.{{ cloudflare_zone }}"
|
||||
- cloudflare_dns.result.record.zone_name == "{{ cloudflare_zone }}"
|
||||
- cloudflare_dns.result.record.data.matching_type == 1
|
||||
- cloudflare_dns.result.record.data.selector == 1
|
||||
- cloudflare_dns.result.record.data.usage == 3
|
||||
- cloudflare_dns.result.record.data.certificate == "09c5d90ef4cf74625de04719c71c85ea99182ab81aaab99795466a8c100ead5f"
|
||||
|
||||
- name: "Test: TLSA record idempotency"
|
||||
cloudflare_dns:
|
||||
account_email: "{{ cloudflare_email }}"
|
||||
account_api_token: "{{ cloudflare_api_token }}"
|
||||
zone: "{{ cloudflare_zone }}"
|
||||
record: "{{ cloudflare_dns_record }}"
|
||||
port: 25
|
||||
proto: tcp
|
||||
type: TLSA
|
||||
cert_usage: 3
|
||||
selector: 1
|
||||
hash_type: 1
|
||||
value: 09c5d90ef4cf74625de04719c71c85ea99182ab81aaab99795466a8c100ead5f
|
||||
ttl: 150
|
||||
register: cloudflare_dns
|
||||
|
||||
|
||||
- name: "Validate: TLSA record idempotency"
|
||||
assert:
|
||||
that:
|
||||
- cloudflare_dns is successful
|
||||
- cloudflare_dns is not changed
|
||||
|
||||
- name: "Test: TLSA record update"
|
||||
cloudflare_dns:
|
||||
account_email: "{{ cloudflare_email }}"
|
||||
account_api_token: "{{ cloudflare_api_token }}"
|
||||
zone: "{{ cloudflare_zone }}"
|
||||
record: "{{ cloudflare_dns_record }}"
|
||||
port: 25
|
||||
proto: tcp
|
||||
type: TLSA
|
||||
cert_usage: 3
|
||||
selector: 1
|
||||
hash_type: 1
|
||||
value: 09c5d90ef4cf74625de04719c71c85ea99182ab81aaab99795466a8c100ead5f
|
||||
ttl: 300
|
||||
register: cloudflare_dns
|
||||
|
||||
- name: "Validate: TLSA record update"
|
||||
assert:
|
||||
that:
|
||||
- cloudflare_dns is successful
|
||||
- cloudflare_dns is changed
|
||||
- cloudflare_dns.result.record.ttl == 300
|
||||
|
||||
- name: "Test: TLSA record duplicate (create new record)"
|
||||
cloudflare_dns:
|
||||
account_email: "{{ cloudflare_email }}"
|
||||
account_api_token: "{{ cloudflare_api_token }}"
|
||||
zone: "{{ cloudflare_zone }}"
|
||||
record: "{{ cloudflare_dns_record }}"
|
||||
port: 25
|
||||
proto: tcp
|
||||
type: TLSA
|
||||
cert_usage: 3
|
||||
selector: 1
|
||||
hash_type: 1
|
||||
value: 76e283e0cde1d28a85c7b44a26f35260f42e176f4f076e7bdd29895ca76da3d2
|
||||
ttl: 300
|
||||
register: cloudflare_dns
|
||||
|
||||
- name: "Validate: TLSA record duplicate (create new record)"
|
||||
assert:
|
||||
that:
|
||||
- cloudflare_dns is successful
|
||||
- cloudflare_dns is changed
|
||||
- cloudflare_dns.result.record.content == "3\t1\t1\t76e283e0cde1d28a85c7b44a26f35260f42e176f4f076e7bdd29895ca76da3d2"
|
||||
- cloudflare_dns.result.record.ttl == 300
|
||||
- cloudflare_dns.result.record.type == "TLSA"
|
||||
- cloudflare_dns.result.record.name == "_25._tcp.{{ cloudflare_dns_record }}.{{ cloudflare_zone }}"
|
||||
- cloudflare_dns.result.record.zone_name == "{{ cloudflare_zone }}"
|
||||
- cloudflare_dns.result.record.data.matching_type == 1
|
||||
- cloudflare_dns.result.record.data.selector == 1
|
||||
- cloudflare_dns.result.record.data.usage == 3
|
||||
- cloudflare_dns.result.record.data.certificate == "76e283e0cde1d28a85c7b44a26f35260f42e176f4f076e7bdd29895ca76da3d2"
|
||||
|
||||
- name: "Test: TLSA record duplicate (old record present)"
|
||||
cloudflare_dns:
|
||||
account_email: "{{ cloudflare_email }}"
|
||||
account_api_token: "{{ cloudflare_api_token }}"
|
||||
zone: "{{ cloudflare_zone }}"
|
||||
record: "{{ cloudflare_dns_record }}"
|
||||
port: 25
|
||||
proto: tcp
|
||||
type: TLSA
|
||||
cert_usage: 3
|
||||
selector: 1
|
||||
hash_type: 1
|
||||
value: 09c5d90ef4cf74625de04719c71c85ea99182ab81aaab99795466a8c100ead5f
|
||||
ttl: 300
|
||||
register: cloudflare_dns
|
||||
|
||||
- name: "Validate: TLSA record duplicate (old record present)"
|
||||
assert:
|
||||
that:
|
||||
- cloudflare_dns is successful
|
||||
- cloudflare_dns is not changed
|
||||
- cloudflare_dns.result.record.content == "3\t1\t1\t09c5d90ef4cf74625de04719c71c85ea99182ab81aaab99795466a8c100ead5f"
|
||||
- cloudflare_dns.result.record.ttl == 300
|
||||
- cloudflare_dns.result.record.type == "TLSA"
|
||||
- cloudflare_dns.result.record.name == "_25._tcp.{{ cloudflare_dns_record }}.{{ cloudflare_zone }}"
|
||||
- cloudflare_dns.result.record.zone_name == "{{ cloudflare_zone }}"
|
||||
- cloudflare_dns.result.record.data.matching_type == 1
|
||||
- cloudflare_dns.result.record.data.selector == 1
|
||||
- cloudflare_dns.result.record.data.usage == 3
|
||||
- cloudflare_dns.result.record.data.certificate == "09c5d90ef4cf74625de04719c71c85ea99182ab81aaab99795466a8c100ead5f"
|
||||
|
||||
- name: "Test: TLSA record duplicate (make new record solo)"
|
||||
cloudflare_dns:
|
||||
account_email: "{{ cloudflare_email }}"
|
||||
account_api_token: "{{ cloudflare_api_token }}"
|
||||
zone: "{{ cloudflare_zone }}"
|
||||
record: "{{ cloudflare_dns_record }}"
|
||||
port: 25
|
||||
proto: tcp
|
||||
type: TLSA
|
||||
cert_usage: 3
|
||||
selector: 1
|
||||
hash_type: 1
|
||||
value: 76e283e0cde1d28a85c7b44a26f35260f42e176f4f076e7bdd29895ca76da3d2
|
||||
ttl: 300
|
||||
solo: true
|
||||
register: cloudflare_dns
|
||||
|
||||
- name: "Validate: TLSA record duplicate (make new record solo)"
|
||||
assert:
|
||||
that:
|
||||
- cloudflare_dns is successful
|
||||
- cloudflare_dns is changed
|
||||
- cloudflare_dns.result.record.content == "3\t1\t1\t76e283e0cde1d28a85c7b44a26f35260f42e176f4f076e7bdd29895ca76da3d2"
|
||||
- cloudflare_dns.result.record.ttl == 300
|
||||
- cloudflare_dns.result.record.type == "TLSA"
|
||||
- cloudflare_dns.result.record.name == "_25._tcp.{{ cloudflare_dns_record }}.{{ cloudflare_zone }}"
|
||||
- cloudflare_dns.result.record.zone_name == "{{ cloudflare_zone }}"
|
||||
- cloudflare_dns.result.record.data.matching_type == 1
|
||||
- cloudflare_dns.result.record.data.selector == 1
|
||||
- cloudflare_dns.result.record.data.usage == 3
|
||||
- cloudflare_dns.result.record.data.certificate == "76e283e0cde1d28a85c7b44a26f35260f42e176f4f076e7bdd29895ca76da3d2"
|
||||
|
||||
- name: "Test: TLSA record duplicate (old record absent)"
|
||||
cloudflare_dns:
|
||||
account_email: "{{ cloudflare_email }}"
|
||||
account_api_token: "{{ cloudflare_api_token }}"
|
||||
zone: "{{ cloudflare_zone }}"
|
||||
record: "{{ cloudflare_dns_record }}"
|
||||
port: 25
|
||||
proto: tcp
|
||||
type: TLSA
|
||||
cert_usage: 3
|
||||
selector: 1
|
||||
hash_type: 1
|
||||
value: 09c5d90ef4cf74625de04719c71c85ea99182ab81aaab99795466a8c100ead5f
|
||||
state: absent
|
||||
register: cloudflare_dns
|
||||
|
||||
- name: "Validate: TLSA record duplicate (old record absent)"
|
||||
assert:
|
||||
that:
|
||||
- cloudflare_dns is successful
|
||||
- cloudflare_dns is not changed
|
||||
|
||||
- name: "Test: TLSA record deletion"
|
||||
cloudflare_dns:
|
||||
account_email: "{{ cloudflare_email }}"
|
||||
account_api_token: "{{ cloudflare_api_token }}"
|
||||
zone: "{{ cloudflare_zone }}"
|
||||
record: "{{ cloudflare_dns_record }}"
|
||||
port: 25
|
||||
proto: tcp
|
||||
type: TLSA
|
||||
cert_usage: 3
|
||||
selector: 1
|
||||
hash_type: 1
|
||||
value: 76e283e0cde1d28a85c7b44a26f35260f42e176f4f076e7bdd29895ca76da3d2
|
||||
state: absent
|
||||
register: cloudflare_dns
|
||||
|
||||
- name: "Validate: TLSA record deletion"
|
||||
assert:
|
||||
that:
|
||||
- cloudflare_dns is successful
|
||||
- cloudflare_dns is changed
|
||||
|
||||
- name: "Test: TLSA record deletion succeeded"
|
||||
cloudflare_dns:
|
||||
account_email: "{{ cloudflare_email }}"
|
||||
account_api_token: "{{ cloudflare_api_token }}"
|
||||
zone: "{{ cloudflare_zone }}"
|
||||
record: "{{ cloudflare_dns_record }}"
|
||||
port: 25
|
||||
proto: tcp
|
||||
type: TLSA
|
||||
cert_usage: 3
|
||||
selector: 1
|
||||
hash_type: 1
|
||||
value: 76e283e0cde1d28a85c7b44a26f35260f42e176f4f076e7bdd29895ca76da3d2
|
||||
state: absent
|
||||
register: cloudflare_dns
|
||||
|
||||
- name: "Validate: TLSA record deletion succeeded"
|
||||
assert:
|
||||
that:
|
||||
- cloudflare_dns is successful
|
||||
- cloudflare_dns is not changed
|
||||
Loading…
Add table
Add a link
Reference in a new issue