diff --git a/manifests/zone.pp b/manifests/zone.pp index cd552691..c6f97697 100644 --- a/manifests/zone.pp +++ b/manifests/zone.pp @@ -54,6 +54,10 @@ # '192.168.100.102 port 1234' ]`. Defaults to an empty array, which # means no forwarding will be done. # +# [*allow_query*] +# An array of IP addresses from which queries should be allowed +# Defaults to an empty array, which allows all ip to query the zone +# # [*also_notify*] # This is an array of IP addresses and optional port numbers to # which this DNS server will send notifies when the master DNS server @@ -144,6 +148,7 @@ $zone_type = 'master', $allow_transfer = [], $allow_forwarder = [], + $allow_query =[], $forward_policy = 'first', $slave_masters = undef, $zone_notify = undef, @@ -158,6 +163,7 @@ if !member(['first', 'only'], $forward_policy) { error('The forward policy can only be set to either first or only') } + validate_array($allow_query) validate_array($also_notify) $valid_zone_notify = ['yes', 'no', 'explicit', 'master-only'] diff --git a/spec/defines/dns__zone_spec.rb b/spec/defines/dns__zone_spec.rb index 3dd84297..69225117 100644 --- a/spec/defines/dns__zone_spec.rb +++ b/spec/defines/dns__zone_spec.rb @@ -5,6 +5,28 @@ let(:title) { 'test.com' } let(:facts) {{ :osfamily => 'Debian', :concat_basedir => '/mock_dir' }} + describe 'passing something other than an array to $allow_query ' do + let(:params) {{ :allow_query => '127.0.0.1' }} + it { should raise_error(Puppet::Error, /is not an Array/) } + end + + describe 'passing an array to $allow_query' do + let(:params) {{ :allow_query => ['192.0.2.0', '2001:db8::/32'] }} + it { should_not raise_error } + it { + should contain_concat__fragment('named.conf.local.test.com.include'). + with_content(/allow-query/) + } + it { + should contain_concat__fragment('named.conf.local.test.com.include'). + with_content(/192\.0\.2\.0;/) + } + it { + should contain_concat__fragment('named.conf.local.test.com.include'). + with_content(/2001:db8::\/32/) + } + end + describe 'passing something other than an array to $allow_transfer' do let(:params) {{ :allow_transfer => '127.0.0.1' }} it { should raise_error(Puppet::Error, /is not an Array/) } diff --git a/templates/zone.erb b/templates/zone.erb index 722fb5d5..3e18919d 100644 --- a/templates/zone.erb +++ b/templates/zone.erb @@ -36,5 +36,12 @@ type <%= @zone_type %>; <% end -%> }; <% end -%> + <% if @allow_query.size != 0 %> + allow-query { + <% @allow_query.each do |ip| -%> + <%= ip %>; + <% end -%> + }; + <% end -%> }; diff --git a/tests/init.pp b/tests/init.pp index 7178fdbd..0547d1bb 100644 --- a/tests/init.pp +++ b/tests/init.pp @@ -10,7 +10,8 @@ soa => 'ns1.example.com', soa_email => 'admin.example.com', nameservers => [ 'ns1' ], - allow_transfer => [ '192.0.2.0', '2001:db8::/32' ] + allow_transfer => [ '192.0.2.0', '2001:db8::/32' ], + allow_query => [ '192.168.0.0/16' ], } dns::zone { '56.168.192.IN-ADDR.ARPA':