/
unbound_forward.yml
141 lines (125 loc) · 3.63 KB
/
unbound_forward.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
---
# todo: test default matching
- name: Testing Unbound DNS-Forwarding
hosts: localhost
gather_facts: no
module_defaults:
group/ansibleguy.opnsense.all:
firewall: "{{ lookup('ansible.builtin.env', 'TEST_FIREWALL') }}"
api_credential_file: "{{ lookup('ansible.builtin.env', 'TEST_API_KEY') }}"
ssl_verify: false
ansibleguy.opnsense.unbound_forward:
timeout: 60
ansibleguy.opnsense.list:
target: 'unbound_forward'
tasks:
- name: Listing
ansibleguy.opnsense.list:
register: opn10
failed_when: >
'data' not in opn10 or
opn10.data | length != 0
- name: Removing - does not exist
ansibleguy.opnsense.unbound_forward:
domain: 'fwd.opnsense.test.ansibleguy.net'
target: '1.1.1.1'
state: 'absent'
reload: false
register: opn1
failed_when: >
opn1.failed or
opn1.changed
- name: Adding 1
ansibleguy.opnsense.unbound_forward:
domain: 'fwd.opnsense.test.ansibleguy.net'
target: '1.1.1.1'
reload: false # speed
register: opn4
failed_when: >
opn4.failed or
not opn4.changed
- name: Adding 2
ansibleguy.opnsense.unbound_forward:
domain: 'fwd.opnsense.test.ansibleguy.net'
target: '1.1.1.2'
reload: false # speed
register: opn5
failed_when: >
opn5.failed or
not opn5.changed
- name: Adding 3 - catch-all
ansibleguy.opnsense.unbound_forward:
target: '1.1.1.3'
reload: false # speed
register: opn11
failed_when: >
opn11.failed or
not opn11.changed
- name: Disabling 2
ansibleguy.opnsense.unbound_forward:
domain: 'fwd.opnsense.test.ansibleguy.net'
target: '1.1.1.2'
enabled: false
reload: false
register: opn6
failed_when: >
opn6.failed or
not opn6.changed
when: not ansible_check_mode
- name: Disabling 2 - nothing changed
ansibleguy.opnsense.unbound_forward:
domain: 'fwd.opnsense.test.ansibleguy.net'
target: '1.1.1.2'
enabled: false
reload: false # speed
register: opn9
failed_when: >
opn9.failed or
opn9.changed
when: not ansible_check_mode
- name: Enabling 2
ansibleguy.opnsense.unbound_forward:
domain: 'fwd.opnsense.test.ansibleguy.net'
target: '1.1.1.2'
reload: false # speed
register: opn7
failed_when: >
opn7.failed or
not opn7.changed
when: not ansible_check_mode
- name: Removing 2
ansibleguy.opnsense.unbound_forward:
domain: 'fwd.opnsense.test.ansibleguy.net'
target: '1.1.1.2'
state: 'absent'
reload: false # speed
register: opn8
failed_when: >
opn8.failed or
not opn8.changed
when: not ansible_check_mode
- name: Listing
ansibleguy.opnsense.list:
register: opn3
failed_when: >
'data' not in opn3 or
opn3.data | length != 2
when: not ansible_check_mode
- name: Cleanup
ansibleguy.opnsense.unbound_forward:
domain: "{{ item.d }}"
target: "{{ item.t }}"
state: 'absent'
reload: false
loop:
- {d: 'fwd.opnsense.test.ansibleguy.net', t: '1.1.1.1'}
- {d: 'fwd.opnsense.test.ansibleguy.net', t: '1.1.1.2'}
- {d: '', t: '1.1.1.3'}
when: not ansible_check_mode
- name: Listing
ansibleguy.opnsense.list:
register: opn2
failed_when: >
'data' not in opn2 or
opn2.data | length != 0
when: not ansible_check_mode