remove deprecated unbound_domain API (fix #117)

README.md

@@ -113,7 +113,6 @@ not implemented => development => [testing](https://github.com/ansibleguy/collec
 | **DNS**                   | ansibleguy.opnsense.unbound_forward                                    | [Docs](https://opnsense.ansibleguy.net/en/latest/modules/unbound_forwarding.html)                                            | stable   |
 | **DNS**                   | ansibleguy.opnsense.unbound_dot                                        | [Docs](https://opnsense.ansibleguy.net/en/latest/modules/unbound_dot.html)                                                   | stable   |
 | **DNS**                   | ansibleguy.opnsense.unbound_host                                       | [Docs](https://opnsense.ansibleguy.net/en/latest/modules/unbound_host.html)                                                  | stable   |
-| **DNS**                   | ansibleguy.opnsense.unbound_domain                                     | [Docs](https://opnsense.ansibleguy.net/en/latest/modules/unbound_domain.html)                                                | stable   |
 | **DNS**                   | ansibleguy.opnsense.unbound_host_alias                                 | [Docs](https://opnsense.ansibleguy.net/en/latest/modules/unbound_host_alias.html)                                            | stable   |
 | **DNS**                   | ansibleguy.opnsense.unbound_dnsbl                                      | [Docs](https://opnsense.ansibleguy.net/en/latest/modules/unbound_host_alias.html)                                            | unstable || **Syslog**                | ansibleguy.opnsense.syslog                                             | [Docs](https://opnsense.ansibleguy.net/en/latest/modules/syslog.html)                                                        | stable   |
 | **IPSec**                 | ansibleguy.opnsense.ipsec_connection, ansibleguy.opnsense.ipsec_tunnel | [Docs](https://opnsense.ansibleguy.net/en/latest/modules/ipsec.html)                                                         | stable   |

docs/source/modules/2_list.rst

@@ -21,7 +21,7 @@ In most cases the returned type of this module ist a list of dictionaries.
     :header: "Parameter", "Type", "Required", "Default", "Aliases", "Comment"
     :widths: 15 10 10 10 10 45
 
-    "target","string","true","\-","tgt, t","What part of the running config should be queried/listed. One of: 'alias', 'rule', 'route', 'cron', 'syslog', 'package', 'unbound_general', 'unbound_acl', 'unbound_host', 'unbound_domain', 'unbound_dot', 'unbound_forward', 'unbound_host_alias', 'ipsec_cert', 'shaper_pipe', 'shaper_queue', 'shaper_rule', 'monit_service', 'monit_test', 'monit_alert', 'wireguard_server', 'wireguard_peer', 'interface_lagg', 'interface_vlan', 'interface_vxlan', 'source_nat', 'frr_bfd', 'frr_bgp_general', 'frr_bgp_neighbor', 'frr_bgp_prefix_list', 'frr_bgp_community_list', 'frr_bgp_as_path', 'frr_bgp_route_map', 'frr_ospf_general', 'frr_ospf_prefix_list', 'frr_ospf_interface', 'frr_ospf_route_map', 'frr_ospf_network', 'frr_ospf3_general', 'frr_ospf3_interface', 'frr_rip', 'bind_general', 'bind_blocklist', 'bind_acl', 'bind_domain', 'bind_record', 'interface_vip', 'webproxy_general', 'webproxy_cache', 'webproxy_parent', 'webproxy_traffic', 'webproxy_forward', 'webproxy_acl', 'webproxy_icap', 'webproxy_auth', 'webproxy_remote_acl', 'webproxy_pac_proxy', 'webproxy_pac_match', 'webproxy_pac_rule', 'unbound_dnsbl'"
+    "target","string","true","\-","tgt, t","What part of the running config should be queried/listed. One of: 'alias', 'rule', 'route', 'cron', 'syslog', 'package', 'unbound_general', 'unbound_acl', 'unbound_host', 'unbound_dot', 'unbound_forward', 'unbound_host_alias', 'ipsec_cert', 'shaper_pipe', 'shaper_queue', 'shaper_rule', 'monit_service', 'monit_test', 'monit_alert', 'wireguard_server', 'wireguard_peer', 'interface_lagg', 'interface_vlan', 'interface_vxlan', 'source_nat', 'frr_bfd', 'frr_bgp_general', 'frr_bgp_neighbor', 'frr_bgp_prefix_list', 'frr_bgp_community_list', 'frr_bgp_as_path', 'frr_bgp_route_map', 'frr_ospf_general', 'frr_ospf_prefix_list', 'frr_ospf_interface', 'frr_ospf_route_map', 'frr_ospf_network', 'frr_ospf3_general', 'frr_ospf3_interface', 'frr_rip', 'bind_general', 'bind_blocklist', 'bind_acl', 'bind_domain', 'bind_record', 'interface_vip', 'webproxy_general', 'webproxy_cache', 'webproxy_parent', 'webproxy_traffic', 'webproxy_forward', 'webproxy_acl', 'webproxy_icap', 'webproxy_auth', 'webproxy_remote_acl', 'webproxy_pac_proxy', 'webproxy_pac_match', 'webproxy_pac_rule', 'unbound_dnsbl'"
 
 .. include:: ../_include/param_basic.rst
 

docs/source/modules/unbound_forwarding.rst

@@ -25,6 +25,7 @@ Definition
     "domain","string","false","\-","dom, d","Domain of the host. All queries for this domain will be forwarded to the nameserver specified. Leave empty to catch all queries and forward them to the nameserver"
     "target","string","true","\-","server, srv, tgt","Server to forward the dns queries to"
     "port","string","false","53","p","DNS port of the target server"
+    "forward_tcp","boolean","false","false","forward_tcp_upstream, fwd_tcp","Upstream queries use TCP only for transport regardless of global flag tcp-upstream. Please note this setting applies to the domain, so when multiple forwarders are defined for the same domain, all are assumed to use tcp only."
     "reload","boolean","false","true","\-", .. include:: ../_include/param_reload.rst
 
 .. include:: ../_include/param_basic.rst

meta/runtime.yml

@@ -18,7 +18,6 @@ action_groups:
     - ansibleguy.opnsense.unbound_forward
     - ansibleguy.opnsense.unbound_dot
     - ansibleguy.opnsense.unbound_host
-    - ansibleguy.opnsense.unbound_domain
     - ansibleguy.opnsense.unbound_host_alias
     - ansibleguy.opnsense.unbound_dnsbl
   ipsec:

plugins/module_utils/main/unbound_forward.py

@@ -22,14 +22,15 @@ class Forward(BaseModule):
     API_CONT = 'settings'
     API_CONT_REL = 'service'
     API_CMD_REL = 'reconfigure'
-    FIELDS_CHANGE = ['domain', 'target', 'port']
+    FIELDS_CHANGE = ['domain', 'target', 'port', 'forward_tcp']
     FIELDS_ALL = ['type', 'enabled']
     FIELDS_ALL.extend(FIELDS_CHANGE)
     FIELDS_TRANSLATE = {
         'target': 'server',
+        'forward_tcp': 'forward_tcp_upstream',
     }
     FIELDS_TYPING = {
-        'bool': ['enabled'],
+        'bool': ['enabled', 'forward_tcp'],
         'int': ['port'],
     }
     EXIST_ATTR = 'fwd'

plugins/modules/list.py

@@ -23,7 +23,7 @@
 # EXAMPLES = 'https://opnsense.ansibleguy.net/en/latest/modules/list.html'
 
 TARGETS = [
-    'alias', 'rule', 'rule_interface_group', 'route', 'gateway', 'syslog', 'package', 'unbound_host', 'unbound_domain',
+    'alias', 'rule', 'rule_interface_group', 'route', 'gateway', 'syslog', 'package', 'unbound_host',
     'frr_ospf_general', 'frr_ospf3_general', 'unbound_forward', 'shaper_pipe', 'shaper_queue', 'shaper_rule',
     'monit_service', 'monit_test', 'monit_alert', 'wireguard_server', 'bind_domain', 'wireguard_peer', 'interface_vlan',
     'unbound_host_alias', 'interface_vxlan', 'frr_bfd_neighbor', 'frr_bgp_general', 'frr_bgp_neighbor',
@@ -107,10 +107,6 @@ def run_module():
             from ansible_collections.ansibleguy.opnsense.plugins.module_utils.main.unbound_host_alias \
                 import Alias as Target_Obj
 
-        elif target == 'unbound_domain':
-            from ansible_collections.ansibleguy.opnsense.plugins.module_utils.main.unbound_domain import  \
-                Domain as Target_Obj
-
         elif target == 'unbound_dot':
             from ansible_collections.ansibleguy.opnsense.plugins.module_utils.main.unbound_dot \
                 import DnsOverTls as Target_Obj

plugins/modules/unbound_forward.py

@@ -41,6 +41,12 @@ def run_module():
             description='DNS port of the target server'
         ),
         type=dict(type='str', required=False, choices=['forward'], default='forward'),
+        forward_tcp=dict(
+            type='bool', required=False, default=False, aliases=['forward_tcp_upstream', 'fwd_tcp'],
+            description='Upstream queries use TCP only for transport regardless of global flag tcp-upstream. '
+                        'Please note this setting applies to the domain, so when multiple forwarders are '
+                        'defined for the same domain, all are assumed to use tcp only.'
+        ),
         **RELOAD_MOD_ARG,
         **STATE_MOD_ARG,
         **OPN_MOD_ARGS,

scripts/test.sh

@@ -70,7 +70,6 @@ run_test 'unbound_acl' 1
 run_test 'unbound_dot' 1
 run_test 'unbound_forward' 1
 run_test 'unbound_host' 1
-run_test 'unbound_domain' 1
 run_test 'unbound_host_alias' 1
 run_test 'unbound_dnsbl' 1
 run_test 'syslog' 1

tests/cleanup.yml

@@ -111,19 +111,6 @@
 '
         - 'ANSIBLE_TEST_2_1'
 
-    - name: Cleanup Unbound DNS domain-overrides
-      ansibleguy.opnsense.unbound_domain:
-        description: "{{ item }}"
-        domain: 'dummy.local'
-        server: '192.168.0.1'
-        state: 'absent'
-        match_fields: ['description']
-        reload: false  # speed
-      loop:
-        - 'ANSIBLE_TEST_1_1'
-        - 'ANSIBLE_TEST_1_2'
-        - 'ANSIBLE_TEST_1_3'
-
     - name: Cleanup syslog
       ansibleguy.opnsense.syslog:
         description: "{{ item }}"

tests/list.yml

@@ -20,7 +20,7 @@
       ansibleguy.opnsense.list:
         target: "{{ item }}"
       when: not ansible_check_mode
-      loop: ['unbound_general', 'unbound_acl', 'unbound_host', 'unbound_domain', 'unbound_forward', 'unbound_host_alias', 'unbound_dot']
+      loop: ['unbound_general', 'unbound_acl', 'unbound_host', 'unbound_forward', 'unbound_host_alias', 'unbound_dot']
 
     - name: Querying config - Traffic shaper
       ansibleguy.opnsense.list: