Skip to content

Commit

Permalink
Introduce several dnssec related zone options
Browse files Browse the repository at this point in the history
  • Loading branch information
Damian Lukowski committed Mar 9, 2020
1 parent 26ac50e commit e39253c
Show file tree
Hide file tree
Showing 3 changed files with 41 additions and 0 deletions.
4 changes: 4 additions & 0 deletions manifests/zone.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,10 @@
Optional[Enum['yes', 'no', 'explicit']] $dns_notify = undef,
Hash[String, Hash[String, Data]] $update_policy_rules = {}, # deprecated
Optional[Dns::UpdatePolicy] $update_policy = undef,
Optional[Stdlib::Absolutepath] $key_directory = undef,
Optional[Enum['yes', 'no']] $inline_signing = undef,
Optional[Enum['yes', 'no']] $dnssec_secure_to_insecure = undef,
Optional[Enum['allow', 'maintain', 'off']] $auto_dnssec = undef,
) {

$_contact = pick($contact, "root.${zone}.")
Expand Down
25 changes: 25 additions & 0 deletions spec/defines/dns_zone_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -427,4 +427,29 @@
end
end

context 'when several dnssec related parameters are set' do
let(:params) { {
:inline_signing => 'yes',
:dnssec_secure_to_insecure => 'yes',
:key_directory => '/etc/bind/keys',
:auto_dnssec => 'maintain',
} }

it "should have valid zone configuration" do
verify_concat_fragment_exact_contents(catalogue, 'dns_zones+10__GLOBAL__example.com.dns', [
'zone "example.com" {',
' type master;',
' file "/var/named/dynamic/db.example.com";',
' auto-dnssec maintain;',
' dnssec-secure-to-insecure yes;',
' inline-signing yes;',
' key-directory "/etc/bind/keys";',
' update-policy {',
' grant rndc-key zonesub ANY;',
' };',
'};',
])
end
end

end
12 changes: 12 additions & 0 deletions templates/named.zone.erb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,18 @@ zone "<%= @zone %>" {
};
<% end -%>
<% end -%>
<% if @auto_dnssec -%>
auto-dnssec <%= @auto_dnssec %>;
<% end -%>
<% if @dnssec_secure_to_insecure -%>
dnssec-secure-to-insecure <%= @dnssec_secure_to_insecure %>;
<% end -%>
<% if @inline_signing -%>
inline-signing <%= @inline_signing %>;
<% end -%>
<% if @key_directory -%>
key-directory "<%= @key_directory %>";
<% end -%>
<% unless @zonetype == 'forward' -%>
<% unless @allow_transfer.empty? -%>
allow-transfer { <%= @allow_transfer.join('; ') %>; };
Expand Down

0 comments on commit e39253c

Please sign in to comment.