Add response-policy to dns::view

[supun983]

This PR, try to addresses the issue #251, which involves adding a response-policy to the dns::view.

Below example shows how to use the dns::view defined type with the response-policy parameter:

dns::view { 'example_view':
  # ...
  response_policy      => [
    {
      'zone'           => 'example.com',
      'policy'         => 'passthru',
      'max_policy_ttl' => 3600,
      'log'            => true,
    },
    {
      'zone'         => 'example.net',
      'policy'       => 'cname',
      'cname_domain' => 'example.net',
    },
  ],
}

It will generate the following BIND configuration:

view "example_view" {
    # ...
    response-policy {
        zone "example.com" policy passthru max-policy-ttl 3600 log true;
        zone "example.net" policy cname example.net;
    };
}

The response-policy may support a few other parameters, which I have not included for simplicity.

[ekohl]

Thanks for the PR. It looks good, just some minor comments.
It would be great if you could add a test or 2 in https://github.com/theforeman/puppet-dns/blob/master/spec/defines/dns_view_spec.rb.

[ekohl]

I imagine zone is a domain, so we can enforce a stricter type

Suggested change

	zone => String[1],
	zone => Stdlib::Fqdn,

[supun983]

It seems Stdlib::Fqdn might be too restrictive for the zone field
example: rpz
Using String[1] will allow more flexibility in specifying zone to allow both FQDN and non-FQDN values

[ekohl]

Technically Stdlib::Fqdn allows rpz. It may be poorly named, but I'd prefer that. Strong validation is important to me.

[supun983]

yes, you are correct.

[ekohl]

Is this also a domain?

Suggested change

	cname_domain => Optional[String[1]],
	cname_domain => Optional[Stdlib::Fqdn],

[supun983]

yes, It should be a domain.

[ekohl]

Can we tighten this with a lower bound like 0?

Suggested change

	max_policy_ttl => Optional[Integer],
	max_policy_ttl => Optional[Integer[0]],

[supun983]

okay, no problem

[ekohl]

puppet-strings should link to the type alias, so explaining the format is probably redundant.

[ekohl]

Perhaps add a full @example instead?

[supun983]

How about this

# @param response_policy
#   Optional. An array of response policy configurations for the view in the
#   following format:
# @example
#   dns::view { 'example':
#     response_policy => [
#       {'zone' => 'example', 'policy' => 'passthru', 'log' => true, 'max_policy_ttl' => 3600},
#       {'zone' => 'example.net', 'policy' => 'cname', 'cname_domain' => 'example.com'}
#     ],
#   }
#

[ekohl]

I think that's good, but @example takes a description of the example. This allows puppet-strings to correctly list multiple examples and link to them.

[supun983]

Yes, a brief description is important. Further, I would like to add multiple examples for separate use cases like below.

# @param response_policy
#   Optional. An array of response policy configurations for the view.
#
# @example Complex response policy with multiple zones and policies
#   dns::view { 'complex_example':
#     response_policy => [
#       {
#         'zone' => 'example',
#         'policy' => 'passthru',
#         'log' => true,
#         'max_policy_ttl' => 3600
#       },
#       {
#         'zone' => 'example.net',
#         'policy' => 'cname',
#         'cname_domain' => 'example.com'
#       }
#     ],
#   }
#
# @example Simple response policy with a single zone
#   dns::view { 'simple_example':
#     response_policy => [
#       {
#         'zone' => 'rpz.example.com'
#       }
#     ],
#   }

[supun983]

Hi,
kindly review this and please proceed if everything is okay

[supun983]

For the test case, I have added most of the possible combinations below. However, I am not much familliar with this :)

context "with response policy configuration" do
  let(:title) { "response_policy_view" }
  let :pre_condition do
    'class {"::dns": enable_views => true}'
  end
  let(:params) { {
    response_policy: [
      {'zone' => 'example.com', 'policy' => 'passthru', 'log' => true, 'max_policy_ttl' => 3600},
      {'zone' => 'rpz', 'policy' => 'drop'},
      {'zone' => 'example.net', 'policy' => 'cname', 'cname_domain' => 'example.com'},
      {'zone' => 'rpz.local', 'policy' => 'nxdomain'},
      {'zone' => 'example.org', 'policy' => 'nodata', 'log' => false},
      {'zone' => 'private', 'policy' => 'passthru'},
    ],
  } }

  it { should compile.with_all_deps }

  it "should have response policy configuration" do
    verify_concat_fragment_exact_contents(catalogue, 'dns_view_header_response_policy_view.dns', [
      'view "response_policy_view" {',
      '    response-policy {',
      '        zone "example.com" policy passthru max-policy-ttl 3600 log true;',
      '        zone "rpz" policy drop;',
      '        zone "example.net" policy cname example.com;',
      '        zone "rpz.local" policy nxdomain;',
      '        zone "example.org" policy nodata log false;',
      '        zone "private" policy passthru;',
      '    };',
    ])
  end
end

[supun983]

Hi, please let me know how to proceed with the changes.