From cfa94e300ed5df2d11a083fc52027bc029f38e7a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Torstein=20Huseb=C3=B8?= <torstein@huseboe.net>
Date: Sun, 13 Oct 2024 16:54:19 +0200
Subject: [PATCH] Try to fix zone deligation, by allowing to specifiy record
 type == NS in rrsets array

---
 CHANGELOG.md                         | 2 ++
 src/plugins/modules/zone.py          | 4 ++--
 workflow-support/test-zone-rrset.yml | 8 ++++----
 3 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7f5b9f1..89357d1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -28,6 +28,8 @@ for emergencies).
 
 - Removed support for Python 3.8.
 
+- Fix ability to make zone deligation
+
 ## [24.1.0] - 2024-02-09
 
 ### Changed
diff --git a/src/plugins/modules/zone.py b/src/plugins/modules/zone.py
index 1292f1d..51cef4e 100755
--- a/src/plugins/modules/zone.py
+++ b/src/plugins/modules/zone.py
@@ -159,7 +159,7 @@
             Only used when O(properties.kind=Native), O(properties.kind=Master),
             or O(properties.kind=Producer).
           - Only used when zone is being created (O(state=present) and zone is not present).
-          - SOA and NS records are not permitted.
+          - SOA records are not permitted.
         type: list
         elements: dict
         suboptions:
@@ -1438,7 +1438,7 @@ def main():
 
             if props["rrsets"]:
                 for rrset in props["rrsets"]:
-                    if rrset["type"] in ["SOA", "NS"]:
+                    if rrset["type"] in ["SOA"]:
                         module.fail_json(
                             msg=(
                                 f"'{rrset['type']}' type is not permitted in 'properties -> rrsets'"
diff --git a/workflow-support/test-zone-rrset.yml b/workflow-support/test-zone-rrset.yml
index ed8dea4..be6a2e3 100644
--- a/workflow-support/test-zone-rrset.yml
+++ b/workflow-support/test-zone-rrset.yml
@@ -46,7 +46,7 @@
       vars:
         d1_rrset: "{{ lookup('dig_local', 't1.d1.rrset.example.', qtype='A', flat=0, fail_on_error=false, real_empty=false) }}"
 
-    - name: check for failure when rrset includes NS
+    - name: check zone creation with zone deligation
       kpfleming.powerdns_auth.zone:
         <<: *common
         name: d2.rrset.example.
@@ -59,10 +59,10 @@
             mname: localhost.
             rname: hostmaster.localhost.
           rrsets:
-            - name: d2.rrset.example.
+            - name: sub.d2.rrset.example.
               type: NS
               records:
-                - content: ns1.invalid.
+                - content: ns2.example.
       ignore_errors: true
       register: result
 
@@ -70,7 +70,7 @@
         quiet: true
         that:
           - result['exception'] is not defined
-          - result.failed
+          - result.changed
 
     - name: check for failure when rrset includes SOA
       kpfleming.powerdns_auth.zone: