Add SSHFP and TLSA records to cloudflare_dns module (#44011)

* Update cloudflare_dns account link

* Add SSHFP and TLSA records to cloudflare_dns module

These are record types which Cloudflare recently added support
for. They both go well together with DNSSEC.

Technically it's a bit of a simplification to use the hash_type
parameter for TLSA records. Yet, it fits with all the real world usage
I have seen, and it keeps the module from sprawling too much.

Related to #43803
This commit is contained in:
Andreas Olsson 2018-08-15 17:30:33 +02:00 committed by René Moser
commit 6d772874f9
4 changed files with 575 additions and 8 deletions

View file

@ -62,3 +62,5 @@
- include: spf_record.yml
- include: mx_record.yml
- include: srv_record.yml
- include: sshfp_record.yml
- include: tlsa_record.yml

View file

@ -0,0 +1,207 @@
---
######## SSHFP record tests #################
- name: "Test: SSHFP record creation"
cloudflare_dns:
account_email: "{{ cloudflare_email }}"
account_api_token: "{{ cloudflare_api_token }}"
zone: "{{ cloudflare_zone }}"
record: "{{ cloudflare_dns_record }}"
type: SSHFP
algorithm: 1
hash_type: 2
value: feb66965cee89137b4d4a46a15c718c3f15ad408b6d1b528a2ed479a54da762c
ttl: 150
register: cloudflare_dns
- name: "Validate: SSHFP record creation"
assert:
that:
- cloudflare_dns is successful
- cloudflare_dns is changed
- cloudflare_dns.result.record.content == "1\t2\tfeb66965cee89137b4d4a46a15c718c3f15ad408b6d1b528a2ed479a54da762c"
- cloudflare_dns.result.record.ttl == 150
- cloudflare_dns.result.record.type == "SSHFP"
- cloudflare_dns.result.record.name == "{{ cloudflare_dns_record }}.{{ cloudflare_zone }}"
- cloudflare_dns.result.record.zone_name == "{{ cloudflare_zone }}"
- cloudflare_dns.result.record.data.algorithm == 1
- cloudflare_dns.result.record.data.type == 2
- cloudflare_dns.result.record.data.fingerprint == "feb66965cee89137b4d4a46a15c718c3f15ad408b6d1b528a2ed479a54da762c"
- name: "Test: SSHFP record idempotency"
cloudflare_dns:
account_email: "{{ cloudflare_email }}"
account_api_token: "{{ cloudflare_api_token }}"
zone: "{{ cloudflare_zone }}"
record: "{{ cloudflare_dns_record }}"
type: SSHFP
algorithm: 1
hash_type: 2
value: feb66965cee89137b4d4a46a15c718c3f15ad408b6d1b528a2ed479a54da762c
ttl: 150
register: cloudflare_dns
- name: "Validate: SSHFP record idempotency"
assert:
that:
- cloudflare_dns is successful
- cloudflare_dns is not changed
- name: "Test: SSHFP record update"
cloudflare_dns:
account_email: "{{ cloudflare_email }}"
account_api_token: "{{ cloudflare_api_token }}"
zone: "{{ cloudflare_zone }}"
record: "{{ cloudflare_dns_record }}"
type: SSHFP
algorithm: 1
hash_type: 2
value: feb66965cee89137b4d4a46a15c718c3f15ad408b6d1b528a2ed479a54da762c
ttl: 300
register: cloudflare_dns
- name: "Validate: SSHFP record update"
assert:
that:
- cloudflare_dns is successful
- cloudflare_dns is changed
- cloudflare_dns.result.record.ttl == 300
- name: "Test: SSHFP record duplicate (create new record)"
cloudflare_dns:
account_email: "{{ cloudflare_email }}"
account_api_token: "{{ cloudflare_api_token }}"
zone: "{{ cloudflare_zone }}"
record: "{{ cloudflare_dns_record }}"
type: SSHFP
algorithm: 1
hash_type: 2
value: fd3800532d26b56279524d4d1ed8afbfd9f725113c394bc185e447ba991f368b
ttl: 300
register: cloudflare_dns
- name: "Validate: SSHFP record duplicate (create new record)"
assert:
that:
- cloudflare_dns is successful
- cloudflare_dns is changed
- cloudflare_dns.result.record.content == "1\t2\tfd3800532d26b56279524d4d1ed8afbfd9f725113c394bc185e447ba991f368b"
- cloudflare_dns.result.record.ttl == 300
- cloudflare_dns.result.record.type == "SSHFP"
- cloudflare_dns.result.record.name == "{{ cloudflare_dns_record }}.{{ cloudflare_zone }}"
- cloudflare_dns.result.record.zone_name == "{{ cloudflare_zone }}"
- cloudflare_dns.result.record.data.algorithm == 1
- cloudflare_dns.result.record.data.type == 2
- cloudflare_dns.result.record.data.fingerprint == "fd3800532d26b56279524d4d1ed8afbfd9f725113c394bc185e447ba991f368b"
- name: "Test: SSHFP record duplicate (old record present)"
cloudflare_dns:
account_email: "{{ cloudflare_email }}"
account_api_token: "{{ cloudflare_api_token }}"
zone: "{{ cloudflare_zone }}"
record: "{{ cloudflare_dns_record }}"
type: SSHFP
algorithm: 1
hash_type: 2
value: feb66965cee89137b4d4a46a15c718c3f15ad408b6d1b528a2ed479a54da762c
ttl: 300
register: cloudflare_dns
- name: "Validate: SSHFP record duplicate (old record present)"
assert:
that:
- cloudflare_dns is successful
- cloudflare_dns is not changed
- cloudflare_dns.result.record.content == "1\t2\tfeb66965cee89137b4d4a46a15c718c3f15ad408b6d1b528a2ed479a54da762c"
- cloudflare_dns.result.record.ttl == 300
- cloudflare_dns.result.record.type == "SSHFP"
- cloudflare_dns.result.record.name == "{{ cloudflare_dns_record }}.{{ cloudflare_zone }}"
- cloudflare_dns.result.record.zone_name == "{{ cloudflare_zone }}"
- cloudflare_dns.result.record.data.algorithm == 1
- cloudflare_dns.result.record.data.type == 2
- cloudflare_dns.result.record.data.fingerprint == "feb66965cee89137b4d4a46a15c718c3f15ad408b6d1b528a2ed479a54da762c"
- name: "Test: SSHFP record duplicate (make new record solo)"
cloudflare_dns:
account_email: "{{ cloudflare_email }}"
account_api_token: "{{ cloudflare_api_token }}"
zone: "{{ cloudflare_zone }}"
record: "{{ cloudflare_dns_record }}"
type: SSHFP
algorithm: 1
hash_type: 2
value: fd3800532d26b56279524d4d1ed8afbfd9f725113c394bc185e447ba991f368b
ttl: 300
solo: true
register: cloudflare_dns
- name: "Validate: SSHFP record duplicate (make new record solo)"
assert:
that:
- cloudflare_dns is successful
- cloudflare_dns is changed
- cloudflare_dns.result.record.content == "1\t2\tfd3800532d26b56279524d4d1ed8afbfd9f725113c394bc185e447ba991f368b"
- cloudflare_dns.result.record.ttl == 300
- cloudflare_dns.result.record.type == "SSHFP"
- cloudflare_dns.result.record.name == "{{ cloudflare_dns_record }}.{{ cloudflare_zone }}"
- cloudflare_dns.result.record.zone_name == "{{ cloudflare_zone }}"
- cloudflare_dns.result.record.data.algorithm == 1
- cloudflare_dns.result.record.data.type == 2
- cloudflare_dns.result.record.data.fingerprint == "fd3800532d26b56279524d4d1ed8afbfd9f725113c394bc185e447ba991f368b"
- name: "Test: SSHFP record duplicate (old record absent)"
cloudflare_dns:
account_email: "{{ cloudflare_email }}"
account_api_token: "{{ cloudflare_api_token }}"
zone: "{{ cloudflare_zone }}"
record: "{{ cloudflare_dns_record }}"
type: SSHFP
algorithm: 1
hash_type: 2
value: feb66965cee89137b4d4a46a15c718c3f15ad408b6d1b528a2ed479a54da762c
state: absent
register: cloudflare_dns
- name: "Validate: SSHFP record duplicate (old record absent)"
assert:
that:
- cloudflare_dns is successful
- cloudflare_dns is not changed
- name: "Test: SSHFP record deletion"
cloudflare_dns:
account_email: "{{ cloudflare_email }}"
account_api_token: "{{ cloudflare_api_token }}"
zone: "{{ cloudflare_zone }}"
record: "{{ cloudflare_dns_record }}"
type: SSHFP
algorithm: 1
hash_type: 2
value: fd3800532d26b56279524d4d1ed8afbfd9f725113c394bc185e447ba991f368b
state: absent
register: cloudflare_dns
- name: "Validate: SSHFP record deletion"
assert:
that:
- cloudflare_dns is successful
- cloudflare_dns is changed
- name: "Test: SSHFP record deletion succeeded"
cloudflare_dns:
account_email: "{{ cloudflare_email }}"
account_api_token: "{{ cloudflare_api_token }}"
zone: "{{ cloudflare_zone }}"
record: "{{ cloudflare_dns_record }}"
type: SSHFP
algorithm: 1
hash_type: 2
value: fd3800532d26b56279524d4d1ed8afbfd9f725113c394bc185e447ba991f368b
state: absent
register: cloudflare_dns
- name: "Validate: SSHFP record deletion succeeded"
assert:
that:
- cloudflare_dns is successful
- cloudflare_dns is not changed

View file

@ -0,0 +1,239 @@
---
######## TLSA record tests #################
- name: "Test: TLSA record creation"
cloudflare_dns:
account_email: "{{ cloudflare_email }}"
account_api_token: "{{ cloudflare_api_token }}"
zone: "{{ cloudflare_zone }}"
record: "{{ cloudflare_dns_record }}"
port: 25
proto: tcp
type: TLSA
cert_usage: 3
selector: 1
hash_type: 1
value: 09c5d90ef4cf74625de04719c71c85ea99182ab81aaab99795466a8c100ead5f
ttl: 150
register: cloudflare_dns
- name: "Validate: TLSA record creation"
assert:
that:
- cloudflare_dns is successful
- cloudflare_dns is changed
- cloudflare_dns.result.record.content == "3\t1\t1\t09c5d90ef4cf74625de04719c71c85ea99182ab81aaab99795466a8c100ead5f"
- cloudflare_dns.result.record.ttl == 150
- cloudflare_dns.result.record.type == "TLSA"
- cloudflare_dns.result.record.name == "_25._tcp.{{ cloudflare_dns_record }}.{{ cloudflare_zone }}"
- cloudflare_dns.result.record.zone_name == "{{ cloudflare_zone }}"
- cloudflare_dns.result.record.data.matching_type == 1
- cloudflare_dns.result.record.data.selector == 1
- cloudflare_dns.result.record.data.usage == 3
- cloudflare_dns.result.record.data.certificate == "09c5d90ef4cf74625de04719c71c85ea99182ab81aaab99795466a8c100ead5f"
- name: "Test: TLSA record idempotency"
cloudflare_dns:
account_email: "{{ cloudflare_email }}"
account_api_token: "{{ cloudflare_api_token }}"
zone: "{{ cloudflare_zone }}"
record: "{{ cloudflare_dns_record }}"
port: 25
proto: tcp
type: TLSA
cert_usage: 3
selector: 1
hash_type: 1
value: 09c5d90ef4cf74625de04719c71c85ea99182ab81aaab99795466a8c100ead5f
ttl: 150
register: cloudflare_dns
- name: "Validate: TLSA record idempotency"
assert:
that:
- cloudflare_dns is successful
- cloudflare_dns is not changed
- name: "Test: TLSA record update"
cloudflare_dns:
account_email: "{{ cloudflare_email }}"
account_api_token: "{{ cloudflare_api_token }}"
zone: "{{ cloudflare_zone }}"
record: "{{ cloudflare_dns_record }}"
port: 25
proto: tcp
type: TLSA
cert_usage: 3
selector: 1
hash_type: 1
value: 09c5d90ef4cf74625de04719c71c85ea99182ab81aaab99795466a8c100ead5f
ttl: 300
register: cloudflare_dns
- name: "Validate: TLSA record update"
assert:
that:
- cloudflare_dns is successful
- cloudflare_dns is changed
- cloudflare_dns.result.record.ttl == 300
- name: "Test: TLSA record duplicate (create new record)"
cloudflare_dns:
account_email: "{{ cloudflare_email }}"
account_api_token: "{{ cloudflare_api_token }}"
zone: "{{ cloudflare_zone }}"
record: "{{ cloudflare_dns_record }}"
port: 25
proto: tcp
type: TLSA
cert_usage: 3
selector: 1
hash_type: 1
value: 76e283e0cde1d28a85c7b44a26f35260f42e176f4f076e7bdd29895ca76da3d2
ttl: 300
register: cloudflare_dns
- name: "Validate: TLSA record duplicate (create new record)"
assert:
that:
- cloudflare_dns is successful
- cloudflare_dns is changed
- cloudflare_dns.result.record.content == "3\t1\t1\t76e283e0cde1d28a85c7b44a26f35260f42e176f4f076e7bdd29895ca76da3d2"
- cloudflare_dns.result.record.ttl == 300
- cloudflare_dns.result.record.type == "TLSA"
- cloudflare_dns.result.record.name == "_25._tcp.{{ cloudflare_dns_record }}.{{ cloudflare_zone }}"
- cloudflare_dns.result.record.zone_name == "{{ cloudflare_zone }}"
- cloudflare_dns.result.record.data.matching_type == 1
- cloudflare_dns.result.record.data.selector == 1
- cloudflare_dns.result.record.data.usage == 3
- cloudflare_dns.result.record.data.certificate == "76e283e0cde1d28a85c7b44a26f35260f42e176f4f076e7bdd29895ca76da3d2"
- name: "Test: TLSA record duplicate (old record present)"
cloudflare_dns:
account_email: "{{ cloudflare_email }}"
account_api_token: "{{ cloudflare_api_token }}"
zone: "{{ cloudflare_zone }}"
record: "{{ cloudflare_dns_record }}"
port: 25
proto: tcp
type: TLSA
cert_usage: 3
selector: 1
hash_type: 1
value: 09c5d90ef4cf74625de04719c71c85ea99182ab81aaab99795466a8c100ead5f
ttl: 300
register: cloudflare_dns
- name: "Validate: TLSA record duplicate (old record present)"
assert:
that:
- cloudflare_dns is successful
- cloudflare_dns is not changed
- cloudflare_dns.result.record.content == "3\t1\t1\t09c5d90ef4cf74625de04719c71c85ea99182ab81aaab99795466a8c100ead5f"
- cloudflare_dns.result.record.ttl == 300
- cloudflare_dns.result.record.type == "TLSA"
- cloudflare_dns.result.record.name == "_25._tcp.{{ cloudflare_dns_record }}.{{ cloudflare_zone }}"
- cloudflare_dns.result.record.zone_name == "{{ cloudflare_zone }}"
- cloudflare_dns.result.record.data.matching_type == 1
- cloudflare_dns.result.record.data.selector == 1
- cloudflare_dns.result.record.data.usage == 3
- cloudflare_dns.result.record.data.certificate == "09c5d90ef4cf74625de04719c71c85ea99182ab81aaab99795466a8c100ead5f"
- name: "Test: TLSA record duplicate (make new record solo)"
cloudflare_dns:
account_email: "{{ cloudflare_email }}"
account_api_token: "{{ cloudflare_api_token }}"
zone: "{{ cloudflare_zone }}"
record: "{{ cloudflare_dns_record }}"
port: 25
proto: tcp
type: TLSA
cert_usage: 3
selector: 1
hash_type: 1
value: 76e283e0cde1d28a85c7b44a26f35260f42e176f4f076e7bdd29895ca76da3d2
ttl: 300
solo: true
register: cloudflare_dns
- name: "Validate: TLSA record duplicate (make new record solo)"
assert:
that:
- cloudflare_dns is successful
- cloudflare_dns is changed
- cloudflare_dns.result.record.content == "3\t1\t1\t76e283e0cde1d28a85c7b44a26f35260f42e176f4f076e7bdd29895ca76da3d2"
- cloudflare_dns.result.record.ttl == 300
- cloudflare_dns.result.record.type == "TLSA"
- cloudflare_dns.result.record.name == "_25._tcp.{{ cloudflare_dns_record }}.{{ cloudflare_zone }}"
- cloudflare_dns.result.record.zone_name == "{{ cloudflare_zone }}"
- cloudflare_dns.result.record.data.matching_type == 1
- cloudflare_dns.result.record.data.selector == 1
- cloudflare_dns.result.record.data.usage == 3
- cloudflare_dns.result.record.data.certificate == "76e283e0cde1d28a85c7b44a26f35260f42e176f4f076e7bdd29895ca76da3d2"
- name: "Test: TLSA record duplicate (old record absent)"
cloudflare_dns:
account_email: "{{ cloudflare_email }}"
account_api_token: "{{ cloudflare_api_token }}"
zone: "{{ cloudflare_zone }}"
record: "{{ cloudflare_dns_record }}"
port: 25
proto: tcp
type: TLSA
cert_usage: 3
selector: 1
hash_type: 1
value: 09c5d90ef4cf74625de04719c71c85ea99182ab81aaab99795466a8c100ead5f
state: absent
register: cloudflare_dns
- name: "Validate: TLSA record duplicate (old record absent)"
assert:
that:
- cloudflare_dns is successful
- cloudflare_dns is not changed
- name: "Test: TLSA record deletion"
cloudflare_dns:
account_email: "{{ cloudflare_email }}"
account_api_token: "{{ cloudflare_api_token }}"
zone: "{{ cloudflare_zone }}"
record: "{{ cloudflare_dns_record }}"
port: 25
proto: tcp
type: TLSA
cert_usage: 3
selector: 1
hash_type: 1
value: 76e283e0cde1d28a85c7b44a26f35260f42e176f4f076e7bdd29895ca76da3d2
state: absent
register: cloudflare_dns
- name: "Validate: TLSA record deletion"
assert:
that:
- cloudflare_dns is successful
- cloudflare_dns is changed
- name: "Test: TLSA record deletion succeeded"
cloudflare_dns:
account_email: "{{ cloudflare_email }}"
account_api_token: "{{ cloudflare_api_token }}"
zone: "{{ cloudflare_zone }}"
record: "{{ cloudflare_dns_record }}"
port: 25
proto: tcp
type: TLSA
cert_usage: 3
selector: 1
hash_type: 1
value: 76e283e0cde1d28a85c7b44a26f35260f42e176f4f076e7bdd29895ca76da3d2
state: absent
register: cloudflare_dns
- name: "Validate: TLSA record deletion succeeded"
assert:
that:
- cloudflare_dns is successful
- cloudflare_dns is not changed