.github/workflows/ci.yml

@@ -14,6 +14,6 @@ jobs:
     name: Puppet
     uses: voxpupuli/gha-puppet/.github/workflows/beaker.yml@v2
     with:
-      pidfile_workaround: 'CentOS'
+      pidfile_workaround: 'CentOS,AlmaLinux'
       rubocop: false
       cache-version: '1'

.sync.yml

@@ -1,2 +1,2 @@
 .github/workflows/ci.yml:
-  pidfile_workaround: CentOS
+  pidfile_workaround: CentOS,AlmaLinux

CHANGELOG.md

@@ -1,6 +1,26 @@
 # Changelog
 
-## [10.4.0](https://github.com/theforeman/puppet-dns/tree/10.4.0) (2024-05-15)
+## [11.0.0](https://github.com/theforeman/puppet-dns/tree/11.0.0) (2024-07-18)
+
+[Full Changelog](https://github.com/theforeman/puppet-dns/compare/10.4.0...11.0.0)
+
+**Breaking changes:**
+
+- Remove unused date function [\#263](https://github.com/theforeman/puppet-dns/pull/263) ([ekohl](https://github.com/ekohl))
+- Drop RHEL 7, CentOS 7 & 8, Scientific 7 & Debian 10; Add RHEL 9 & Fedora 39 & 40 [\#262](https://github.com/theforeman/puppet-dns/pull/262) ([ekohl](https://github.com/ekohl))
+- Drop files/named.ca [\#258](https://github.com/theforeman/puppet-dns/pull/258) ([bigon](https://github.com/bigon))
+- Update ensure\_packages-\>stdlib::ensure\_packages; require stdlib 9 [\#249](https://github.com/theforeman/puppet-dns/pull/249) ([bastelfreak](https://github.com/bastelfreak))
+
+**Implemented enhancements:**
+
+- Update puppet\_metadata to ~\> 4.0 and voxpupuli-acceptance to ~\> 3.0 [\#261](https://github.com/theforeman/puppet-dns/pull/261) ([archanaserver](https://github.com/archanaserver))
+- Fixes [\#37604](https://projects.theforeman.org/issues/37604) - Validate DNS forwarders [\#260](https://github.com/theforeman/puppet-dns/pull/260) ([ekohl](https://github.com/ekohl))
+- Add parameter to set disable-empty-zone option [\#259](https://github.com/theforeman/puppet-dns/pull/259) ([bigon](https://github.com/bigon))
+- Add AlmaLinux 8 & 9 support [\#254](https://github.com/theforeman/puppet-dns/pull/254) ([archanaserver](https://github.com/archanaserver))
+- Refs [\#37121](https://projects.theforeman.org/issues/37121) - Add dns::tsig\_keygen function [\#253](https://github.com/theforeman/puppet-dns/pull/253) ([ekohl](https://github.com/ekohl))
+- Add dns::dnssec\_keygen function [\#246](https://github.com/theforeman/puppet-dns/pull/246) ([ekohl](https://github.com/ekohl))
+
+## [10.4.0](https://github.com/theforeman/puppet-dns/tree/10.4.0) (2024-05-16)
 
 [Full Changelog](https://github.com/theforeman/puppet-dns/compare/10.3.0...10.4.0)
 

Gemfile

@@ -10,9 +10,9 @@ gem 'kafo_module_lint', {"groups"=>["test"]}
 gem 'puppet-lint-spaceship_operator_without_tag-check', '~> 1.0', {"groups"=>["test"]}
 gem 'voxpupuli-test', '~> 7.0', {"groups"=>["test"]}
 gem 'github_changelog_generator', '>= 1.15.0', {"groups"=>["development"]}
-gem 'puppet_metadata', '~> 3.4'
+gem 'puppet_metadata', '~> 4.0'
 gem 'puppet-blacksmith', '>= 6.0.0', {"groups"=>["development"]}
-gem 'voxpupuli-acceptance', '~> 2.0', {"groups"=>["system_tests"]}
+gem 'voxpupuli-acceptance', '~> 3.0', {"groups"=>["system_tests"]}
 gem 'puppetlabs_spec_helper', {"groups"=>["system_tests"]}
 
 # vim:ft=ruby

lib/puppet/functions/dns/dnssec_keygen.rb

@@ -0,0 +1,28 @@
+require 'tmpdir'
+
+# @summary Generate a DNSSEC key
+Puppet::Functions.create_function(:'dns::dnssec_keygen') do
+  dispatch :keygen do
+    param 'String[1]', :name
+    param "String[1]", :algorithm
+    optional_param 'Integer[1, 4096]', :keysize
+    optional_param 'String[1]', :nametype
+    return_type 'Hash[String, String]'
+  end
+
+  def keygen(name, algorithm, keysize: nil, nametype: nil)
+    Dir.mktmpdir do |dir|
+      command = ['dnssec-keygen', '-K', dir]
+      command << '-a' << algorithm if algorithm
+      command << '-k' << keysize if keysize
+      command << '-n' << nametype if nametype
+      command << name
+      Puppet::Util::Execution.execute(command, failonfail: true)
+
+      path = Dir.glob(File.join(dir, "K#{name}.+*.private")).first
+      raise Exception, 'No file private key generated' unless path
+
+      File.readlines(path, chomp: true).to_h { |line| line.split(': ', 2) }
+    end
+  end
+end

lib/puppet/functions/dns/tsig_keygen.rb

@@ -0,0 +1,29 @@
+require 'tmpdir'
+
+# @summary Generate a TSIG key
+Puppet::Functions.create_function(:'dns::tsig_keygen') do
+  dispatch :keygen do
+    param 'String[1]', :name
+    optional_param "String[1]", :algorithm
+    return_type 'Hash[String, String]'
+  end
+
+  def keygen(name, algorithm = nil)
+    command = ['tsig-keygen']
+    command << '-a' << algorithm if algorithm
+    command << name
+    output = Puppet::Util::Execution.execute(command, failonfail: true)
+
+    header, rest = output.split('{', 2)
+    inner, _, _ = rest.rpartition('}').first
+    options = inner.strip.split(';').to_h do |line|
+      match = line.match(/^\s*(?<option>[a-z]+)\s+(?<quote>"?)(?<value>.+)\k<quote>\s*$/)
+      [match[:option], match[:value]]
+    end
+
+    {
+      'name' => header.match(/key "(.+)\s*"/)[1],
+      'output' => output,
+    }.merge(options)
+  end
+end

manifests/init.pp

@@ -134,6 +134,9 @@
 #   A hash of logging categories to be created. See dns::logging::category for options.
 # @param logging_channels
 #   A hash of logging channels to be created. See dns::logging::channel for options.
+# @param disable_empty_zones
+#   A hash containing a list of empty zones that shouldn't be created by bind
+#   See: https://kb.isc.org/docs/aa-00800
 #
 # @see dns::zone
 # @see dns::key
@@ -155,7 +158,7 @@
   Variant[Enum['unmanaged'], Stdlib::Absolutepath] $localzonepath   = $dns::params::localzonepath,
   Variant[Enum['unmanaged'], Stdlib::Absolutepath] $defaultzonepath = $dns::params::defaultzonepath,
   Optional[Enum['only', 'first']] $forward                          = undef,
-  Array[String] $forwarders                                         = [],
+  Array[Dns::Forwarder] $forwarders                                 = [],
   Variant[String, Boolean] $listen_on_v6                            = 'any',
   Enum['yes', 'no'] $recursion                                      = 'yes',
   Array[String] $allow_recursion                                    = ['localnets', 'localhost'],
@@ -186,6 +189,7 @@
   Hash[String, Hash] $keys                                          = {},
   Hash[String, Hash] $logging_categories                            = {},
   Hash[String, Hash] $logging_channels                              = {},
+  Array[Stdlib::Fqdn] $disable_empty_zones                          = [],
 ) inherits dns::params {
   include dns::install
   include dns::config

manifests/install.pp

@@ -2,7 +2,7 @@
 # @api private
 class dns::install {
   if ! empty($dns::dns_server_package) {
-    ensure_packages([$dns::dns_server_package])
+    stdlib::ensure_packages([$dns::dns_server_package])
     $pkg_req = Package[$dns::dns_server_package]
   } else {
     $pkg_req = undef

manifests/params.pp

@@ -20,23 +20,15 @@
         'Ubuntu' => if versioncmp($facts['os']['release']['major'], '22.04') >= 0 { '/usr/bin/named-checkconf' } else { '/usr/sbin/named-checkconf' },
         default  => if versioncmp($facts['os']['release']['major'], '12') >= 0 { '/usr/bin/named-checkconf' } else { '/usr/sbin/named-checkconf' },
       }
-      $sysconfig_file     = $facts['os']['name'] ? {
-        'Debian' => if versioncmp($facts['os']['release']['major'], '11') >= 0 { '/etc/default/named' } else { '/etc/default/bind9' },
-        'Ubuntu' => if versioncmp($facts['os']['release']['major'], '20.04') >= 0 { '/etc/default/named' } else { '/etc/default/bind9' },
-        default  => '/etc/default/named',
-      }
+      $sysconfig_file     = '/etc/default/named'
       $sysconfig_template = "dns/sysconfig.${facts['os']['family']}.erb"
       $sysconfig_startup_options = '-u bind'
       $sysconfig_resolvconf_integration = false
 
       # This option is not relevant for Debian
       $sysconfig_disable_zone_checking = undef
 
-      $dnssec_enable = $facts['os']['name'] ? {
-        'Debian' => if versioncmp($facts['os']['release']['major'], '11') >= 0 { undef } else { 'yes' },
-        'Ubuntu' => if versioncmp($facts['os']['release']['major'], '20.04') >= 0 { undef } else { 'yes' },
-        default  => undef,
-      }
+      $dnssec_enable = undef
     }
     'RedHat': {
       $dnsdir             = '/etc'

manifests/view.pp

@@ -48,7 +48,7 @@
   Array[String]                         $allow_query          = [],
   Array[String]                         $allow_query_cache    = [],
   Array[String]                         $also_notify          = [],
-  Array[String]                         $forwarders           = [],
+  Array[Dns::Forwarder]                 $forwarders           = [],
   Optional[Enum['only','first']]        $forward              = undef,
   Optional[Enum['yes','no']]            $recursion            = undef,
   Optional[Enum['yes','no']]            $dnssec_enable        = undef,

manifests/zone.pp

@@ -94,7 +94,7 @@
   Boolean $replace_file                                   = false,
   Enum['first', 'only'] $forward                          = 'first',
   Boolean $master_empty_forwarders_enable                 = false,
-  Array $forwarders                                       = [],
+  Array[Dns::Forwarder] $forwarders                       = [],
   Optional[Enum['yes', 'no', 'explicit']] $dns_notify     = undef,
   Optional[Enum['yes', 'no']] $zone_statistics            = undef,
   Optional[Dns::UpdatePolicy] $update_policy              = undef,

metadata.json

@@ -1,6 +1,6 @@
 {
   "name": "theforeman-dns",
-  "version": "10.4.0",
+  "version": "11.0.0",
   "author": "theforeman",
   "summary": "Manage the ISC BIND daemon",
   "license": "Apache-2.0",
@@ -22,7 +22,7 @@
     },
     {
       "name": "puppetlabs/stdlib",
-      "version_requirement": ">= 4.13.1 < 10.0.0"
+      "version_requirement": ">= 9.0.0 < 10.0.0"
     }
   ],
   "requirements": [
@@ -35,43 +35,33 @@
     {
       "operatingsystem": "RedHat",
       "operatingsystemrelease": [
-        "7",
-        "8"
-      ]
-    },
-    {
-      "operatingsystem": "CentOS",
-      "operatingsystemrelease": [
-        "7",
         "8",
         "9"
       ]
     },
     {
-      "operatingsystem": "Scientific",
+      "operatingsystem": "CentOS",
       "operatingsystemrelease": [
-        "7"
+        "9"
       ]
     },
     {
       "operatingsystem": "Fedora",
       "operatingsystemrelease": [
-        "37",
-        "38"
+        "39",
+        "40"
       ]
     },
     {
       "operatingsystem": "Debian",
       "operatingsystemrelease": [
-        "10",
         "11",
         "12"
       ]
     },
     {
       "operatingsystem": "Ubuntu",
       "operatingsystemrelease": [
-        "18.04",
         "20.04",
         "22.04"
       ]
@@ -90,6 +80,13 @@
       "operatingsystemrelease": [
         "4"
       ]
+    },
+    {
+      "operatingsystem": "AlmaLinux",
+      "operatingsystemrelease": [
+        "8",
+        "9"
+      ]
     }
   ]
 }