Adds control keys and specifying update policy #108
Conversation
manifests/key.pp
Outdated
| ) { | ||
| $keyfilename = "${keydir}/${filename}" | ||
|
|
||
| if ! $secret { |
There was a problem hiding this comment.
This can be unless $secret but it might be better to use if $secret { file ... } else { exec ... file ... } instead
manifests/key.pp
Outdated
|
|
||
| if ! $secret { | ||
| exec { "create-${filename}": | ||
| command => "${dns::rndcconfgen} -r /dev/urandom -a -c ${keyfilename} -b 512 -k ${name}", |
There was a problem hiding this comment.
Would it make sense to make the keysize a parameter?
manifests/key.pp
Outdated
| } | ||
| } | ||
|
|
||
| concat::fragment { 'named.conf+20-keys.dns': |
There was a problem hiding this comment.
You should include the key name in here because otherwise you get duplicate resource definitions when dns::key is used multiple times.
templates/named.zone.erb
Outdated
| @@ -12,6 +12,11 @@ zone "<%= @zone %>" { | |||
| <% if @zonetype == 'master' -%> | |||
| update-policy { | |||
| grant rndc-key zonesub ANY; | |||
| <%- unless @update_policy_rules.empty? -%> | |||
There was a problem hiding this comment.
I think this line is redundant since iterating over an empty hash will not produce any output either.
spec/defines/dns_key_spec.rb
Outdated
| end | ||
|
|
||
|
|
||
| # # context 'secret set' do |
There was a problem hiding this comment.
What's the plan with this commented code?
| key "<%= @name %>" { | ||
| algorithm <%= @algorithm %>; | ||
| secret "<%= @secret %>"; | ||
| }; |
| Enum['first', 'only'] $forward = 'first', | ||
| Array $forwarders = [], | ||
| Optional[Enum['yes', 'no', 'explicit']] $dns_notify = undef, | ||
| Hash[String, Hash[String, Data]] $update_policy_rules = {}, |
There was a problem hiding this comment.
Instead of Data you could add a custom data type to verify the fields in it similar to theforeman/puppet-foreman#601 but that does break with kafo so I'd be fine with holding that off.
theforeman-bot
added
Waiting on contributor
Needs re-review
Needs testing
and removed
Not yet reviewed
Waiting on contributor
labels
|
Bedankt!. That was a very fast reply and review 👍 . I have applied all the requested changes. btw, re-reading the issues. I think this one also fixes: GH-90. No the part for the custom template but for specifying additional update-zone-policies. |
Fixes theforemanGH-94 This commit adds a new resource type key, which creates a rndc key which can be used to control bind using nsupdate. Also this commit allows to specify update policy rules for zones.
zyronix
force-pushed
the
feature_dns_keys
branch
from
4cd1449
to
8a62ca2
Compare
|
I think we already had failing beaker tests before this patch so I think you can ignore that. Especially since we don't test the modified code. |
|
What is next? Do I have to do something to get this merged? |
|
merged, bedankt @zyronix! |
Fixes GH-94
This commit adds a new resource type key, which creates a rndc key which can be used to control bind using nsupdate.
Also this commit allows to specify update policy rules for zones.
I see that the beaker tests are failing and I also have not written a beaker test for this one.
Please let me know a beaker test is required.