search

ansible-collections / community.general

Ansible Community General Collection
https://galaxy.ansible.com/ui/repo/published/community/general/
GNU General Public License v3.0
814 stars 1.49k forks source link

cloudflare_dns: solo: true should consider algorithm and type for SSHFP record #7333

Closed JoyceBabu closed 11 months ago

JoyceBabu commented 11 months ago

Summary

Setting solo to true for SSHFP record removes all the other SSHFP records for the hostname. A single hostname could have multiple SSHFP records with different algorithm/type. The values of algorithm / type should also be considered before removing existing record.

Issue Type

Bug Report

Component Name

cloudflare_dns

Ansible Version

$ ansible --version
ansible [core 2.15.4]
  config file = /home/sysadmin/playbook-ansible/ansible.cfg
  configured module search path = ['/home/sysadmin/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/sysadmin/playbook-ansible/.venv/lib/python3.10/site-packages/ansible
  ansible collection location = /home/sysadmin/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/sysadmin/playbook-ansible/.venv/bin/ansible
  python version = 3.10.12 (main, Jun 11 2023, 05:26:28) [GCC 11.4.0] (/home/sysadmin/playbook-ansible/.venv/bin/python3)
  jinja version = 3.1.2
  libyaml = True

Community.general Version

$ ansible-galaxy collection list community.general

Configuration

$ ansible-config dump --only-changed
CACHE_PLUGIN(/home/sysadmin/playbook-ansible/ansible.cfg) = jsonfile
CACHE_PLUGIN_CONNECTION(/home/sysadmin/playbook-ansible/ansible.cfg) = /tmp/facts_cache
CACHE_PLUGIN_TIMEOUT(/home/sysadmin/playbook-ansible/ansible.cfg) = 7200
CONFIG_FILE() = /home/sysadmin/playbook-ansible/ansible.cfg
DEFAULT_GATHERING(/home/sysadmin/playbook-ansible/ansible.cfg) = smart
DEFAULT_TRANSPORT(/home/sysadmin/playbook-ansible/ansible.cfg) = ssh

OS / Environment

Ubuntu 22.04

Steps to Reproduce

- cloudflare_dns:
    zone: example.net
    record: xyz
    type: SSHFP
    algorithm: 3
    hash_type: 2
    api_token: "CLOUDFLARE_API_TOKEN"
    value: "7faf174938cd3a67deb16948bde495c08b557eaf1772e504af50bff9e46c420c"
- cloudflare_dns:
    zone: example.net
    record: xyz
    type: SSHFP
    algorithm: 4
    hash_type: 2
    api_token: "CLOUDFLARE_API_TOKEN"
    value: "dd5b25544538c1848a50803688d717bffc6017e8802de1ad5b9bd258877a74c5"

Expected Results

Both records should be retained.

Actual Results

First record is replaced.

Code of Conduct

ansibullbot commented 11 months ago

Files identified in the description:

If these files are incorrect, please update the component name section of the description or use the !component bot command.

click here for bot help

ansibullbot commented 11 months ago

cc @mgruener click here for bot help

felixfontein commented 11 months ago

Please read the documentation for the solo option:

This will delete all other records with the same record name and type.

What you describe is the intended behavior, and not a bug.

If you want to manage multiple SSHFP records for the same record name, you should not use solo: true.

JoyceBabu commented 11 months ago

If I understand correctly, the intention of the solo: true record is to prevent duplicates by automatically removing obsolete records. It is common to have more than one SSHFP record for a host name with different algorithm and type. So, if deduplication is the objective, then that should be done by considering the record name, algorithm and type for SSHFP records.

felixfontein commented 11 months ago

That's not what solo does (and is intended for). It only cares about record names and types.

JoyceBabu commented 11 months ago

Considering the algo/type would have made it much more useful. But I will go ahead and close this issue. Thank you.