Add response-policy to dns::view #252
Conversation
There was a problem hiding this comment.
Thanks for the PR. It looks good, just some minor comments.
It would be great if you could add a test or 2 in https://github.com/theforeman/puppet-dns/blob/master/spec/defines/dns_view_spec.rb.
| @@ -0,0 +1,12 @@ | |||
| type Dns::ResponsePolicy = Array[ | |||
| Struct[{ | |||
| zone => String[1], | |||
There was a problem hiding this comment.
I imagine zone is a domain, so we can enforce a stricter type
| zone => String[1], | |
| zone => Stdlib::Fqdn, |
There was a problem hiding this comment.
It seems Stdlib::Fqdn might be too restrictive for the zone field
example: rpz
Using String[1] will allow more flexibility in specifying zone to allow both FQDN and non-FQDN values
There was a problem hiding this comment.
Technically Stdlib::Fqdn allows rpz. It may be poorly named, but I'd prefer that. Strong validation is important to me.
| 'given', 'disabled', 'passthru', 'drop', | ||
| 'nxdomain', 'nodata', 'tcp-only', 'cname' | ||
| ]], | ||
| cname_domain => Optional[String[1]], |
There was a problem hiding this comment.
Is this also a domain?
| cname_domain => Optional[String[1]], | |
| cname_domain => Optional[Stdlib::Fqdn], |
| 'nxdomain', 'nodata', 'tcp-only', 'cname' | ||
| ]], | ||
| cname_domain => Optional[String[1]], | ||
| max_policy_ttl => Optional[Integer], |
There was a problem hiding this comment.
Can we tighten this with a lower bound like 0?
| max_policy_ttl => Optional[Integer], | |
| max_policy_ttl => Optional[Integer[0]], |
| # Optional. An array of response policy configurations for the view in the | ||
| # following format: | ||
| # [{'zone' => '<ZONE_NAME>', 'policy' => '<POLICY_ACTION>', 'log' => true|false, | ||
| # 'max_policy_ttl' => <TTL_VALUE>, 'cname_domain' => '<CNAME_DOMAIN>'}] |
There was a problem hiding this comment.
puppet-strings should link to the type alias, so explaining the format is probably redundant.
| # Example: [{'zone' => 'example.com', 'policy' => 'passthru', 'log' => true, | ||
| # 'max_policy_ttl' => 3600}, {'zone' => 'example.net', | ||
| # 'policy' => 'cname', 'cname_domain' => 'example.com'}] |
There was a problem hiding this comment.
Perhaps add a full @example instead?
There was a problem hiding this comment.
How about this
# @param response_policy
# Optional. An array of response policy configurations for the view in the
# following format:
# @example
# dns::view { 'example':
# response_policy => [
# {'zone' => 'example', 'policy' => 'passthru', 'log' => true, 'max_policy_ttl' => 3600},
# {'zone' => 'example.net', 'policy' => 'cname', 'cname_domain' => 'example.com'}
# ],
# }
#
There was a problem hiding this comment.
I think that's good, but @example takes a description of the example. This allows puppet-strings to correctly list multiple examples and link to them.
There was a problem hiding this comment.
Yes, a brief description is important. Further, I would like to add multiple examples for separate use cases like below.
# @param response_policy
# Optional. An array of response policy configurations for the view.
#
# @example Complex response policy with multiple zones and policies
# dns::view { 'complex_example':
# response_policy => [
# {
# 'zone' => 'example',
# 'policy' => 'passthru',
# 'log' => true,
# 'max_policy_ttl' => 3600
# },
# {
# 'zone' => 'example.net',
# 'policy' => 'cname',
# 'cname_domain' => 'example.com'
# }
# ],
# }
#
# @example Simple response policy with a single zone
# dns::view { 'simple_example':
# response_policy => [
# {
# 'zone' => 'rpz.example.com'
# }
# ],
# }
|
For the test case, I have added most of the possible combinations below. However, I am not much familliar with this :) |
This PR, try to addresses the issue #251, which involves adding a response-policy to the
dns::view.Below example shows how to use the
dns::viewdefined type with theresponse-policyparameter:It will generate the following
BINDconfiguration:The
response-policymay support a few other parameters, which I have not included for simplicity.