From 16c2ec4588325e182d700100a51e332a0fe638a4 Mon Sep 17 00:00:00 2001
From: "supun.wickramatilake" <supun.wickramatilake@exactprosystems.com>
Date: Thu, 16 May 2024 17:10:17 +0000
Subject: [PATCH 1/4] Add response-policy to dns::view

---
 manifests/view.pp               |  9 +++++++++
 templates/named.view_header.erb |  7 +++++++
 types/responsepolicy.pp         | 12 ++++++++++++
 3 files changed, 28 insertions(+)
 create mode 100644 types/responsepolicy.pp

diff --git a/manifests/view.pp b/manifests/view.pp
index fae5a58c..beecc6c0 100644
--- a/manifests/view.pp
+++ b/manifests/view.pp
@@ -38,6 +38,14 @@
 #    not to be unmanaged to be effective.
 # @param order
 #   The order parameter to the concat fragment.
+# @param response_policy
+#   Optional. An array of response policy configurations for the view in the
+#   following format:
+#   [{'zone' => '<ZONE_NAME>', 'policy' => '<POLICY_ACTION>', 'log' => true|false,
+#     'max_policy_ttl' => <TTL_VALUE>, 'cname_domain' => '<CNAME_DOMAIN>'}]
+#   Example: [{'zone' => 'example.com', 'policy' => 'passthru', 'log' => true,
+#              'max_policy_ttl' => 3600}, {'zone' => 'example.net',
+#              'policy' => 'cname', 'cname_domain' => 'example.com'}]
 #
 define dns::view (
   Array[String]                         $match_clients        = [],
@@ -57,6 +65,7 @@
   Boolean                               $include_localzones   = true,
   Boolean                               $include_defaultzones = true,
   String                                $order                = '-',
+  Optional[Dns::ResponsePolicy]         $response_policy      = undef,
 ) {
   unless $dns::enable_views {
     fail('Must set $dns::enable_views to true in order to use dns::view')
diff --git a/templates/named.view_header.erb b/templates/named.view_header.erb
index a0d01ff2..843afc92 100644
--- a/templates/named.view_header.erb
+++ b/templates/named.view_header.erb
@@ -41,6 +41,13 @@ view "<%= @title %>" {
 <% if @dnssec_validation -%>
     dnssec-validation <%= @dnssec_validation %>;
 <% end -%>
+<% if @response_policy -%>
+    response-policy {
+<% @response_policy.each do |policy| -%>
+        zone "<%= policy['zone'] %>"<% if policy['policy'] -%> policy <%= policy['policy'] %><% end -%><% if policy['policy'] == 'cname' && policy['cname_domain'] -%> <%= policy['cname_domain'] %><% end -%><% if policy['max_policy_ttl'] -%> max-policy-ttl <%= policy['max_policy_ttl'] %><% end -%><% if policy['log'] -%> log <%= policy['log'] %><% end -%>;
+<% end -%>
+    };
+<% end -%>
 
 <% if @include_localzones -%>
 <% if scope.lookupvar("::dns::localzonepath") != 'unmanaged' -%>
diff --git a/types/responsepolicy.pp b/types/responsepolicy.pp
new file mode 100644
index 00000000..67efb46d
--- /dev/null
+++ b/types/responsepolicy.pp
@@ -0,0 +1,12 @@
+type Dns::ResponsePolicy = Array[
+  Struct[{
+    zone           => String[1],
+    policy         => Optional[Enum[
+      'given', 'disabled', 'passthru', 'drop',
+      'nxdomain', 'nodata', 'tcp-only', 'cname'
+    ]],
+    cname_domain   => Optional[String[1]],
+    max_policy_ttl => Optional[Integer],
+    log            => Optional[Boolean]
+  }], 1, 32
+]

From ec0bc603b1cd207f79769b1a4ad13782311ca995 Mon Sep 17 00:00:00 2001
From: supun983 <51007851+supun983@users.noreply.github.com>
Date: Thu, 28 Nov 2024 13:18:24 +0530
Subject: [PATCH 2/4] Update types/responsepolicy.pp

Implemented as suggested

Co-authored-by: Ewoud Kohl van Wijngaarden <ewoud@kohlvanwijngaarden.nl>
---
 types/responsepolicy.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/types/responsepolicy.pp b/types/responsepolicy.pp
index 67efb46d..c214af20 100644
--- a/types/responsepolicy.pp
+++ b/types/responsepolicy.pp
@@ -1,6 +1,6 @@
 type Dns::ResponsePolicy = Array[
   Struct[{
-    zone           => String[1],
+    zone           => Stdlib::Fqdn,
     policy         => Optional[Enum[
       'given', 'disabled', 'passthru', 'drop',
       'nxdomain', 'nodata', 'tcp-only', 'cname'

From 122e00be7d3e8b66cfec9bacbd6ac6a238b95093 Mon Sep 17 00:00:00 2001
From: supun983 <51007851+supun983@users.noreply.github.com>
Date: Thu, 28 Nov 2024 13:19:33 +0530
Subject: [PATCH 3/4] Update types/responsepolicy.pp

Implemented as suggested

Co-authored-by: Ewoud Kohl van Wijngaarden <ewoud@kohlvanwijngaarden.nl>
---
 types/responsepolicy.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/types/responsepolicy.pp b/types/responsepolicy.pp
index c214af20..ed6a480f 100644
--- a/types/responsepolicy.pp
+++ b/types/responsepolicy.pp
@@ -6,7 +6,7 @@
       'nxdomain', 'nodata', 'tcp-only', 'cname'
     ]],
     cname_domain   => Optional[String[1]],
-    max_policy_ttl => Optional[Integer],
+    max_policy_ttl => Optional[Integer[0]],
     log            => Optional[Boolean]
   }], 1, 32
 ]

From 9c9f14f483c13a62981045146f44feda3537c08c Mon Sep 17 00:00:00 2001
From: supun983 <51007851+supun983@users.noreply.github.com>
Date: Thu, 28 Nov 2024 13:39:33 +0530
Subject: [PATCH 4/4] Update types/responsepolicy.pp

Implementing as suggested

Co-authored-by: Ewoud Kohl van Wijngaarden <ewoud@kohlvanwijngaarden.nl>
---
 types/responsepolicy.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/types/responsepolicy.pp b/types/responsepolicy.pp
index ed6a480f..0e314e15 100644
--- a/types/responsepolicy.pp
+++ b/types/responsepolicy.pp
@@ -5,7 +5,7 @@
       'given', 'disabled', 'passthru', 'drop',
       'nxdomain', 'nodata', 'tcp-only', 'cname'
     ]],
-    cname_domain   => Optional[String[1]],
+    cname_domain   => Optional[Stdlib::Fqdn],
     max_policy_ttl => Optional[Integer[0]],
     log            => Optional[Boolean]
   }], 1, 32