From 8641534f8bb7dbc2df6a32b6a5536931e5ccfa8a Mon Sep 17 00:00:00 2001
From: Dimitris Stafylarakis <dimitris.stafylarakis@quby.nl>
Date: Sat, 2 Apr 2016 13:20:19 +0200
Subject: [PATCH 1/2] added controls clause

---
 manifests/server/conf.pp        |  5 ++++-
 spec/fixtures/manifests/site.pp |  0
 templates/named.conf.erb        | 18 ++++++++++++++++++
 3 files changed, 22 insertions(+), 1 deletion(-)
 create mode 100644 spec/fixtures/manifests/site.pp

diff --git a/manifests/server/conf.pp b/manifests/server/conf.pp
index 14fcbc1fc..c587c5f9a 100644
--- a/manifests/server/conf.pp
+++ b/manifests/server/conf.pp
@@ -5,6 +5,8 @@
 # Parameters:
 #  $acls:
 #   Hash of client ACLs, name as key and array of config lines. Default: empty
+#  $controls:
+#   Hash of administrative channels, inet as key and array of config lines. Default: empty
 #  $masters:
 #   Hash of master ACLs, name as key and array of config lines. Default: empty
 #  $listen_on_port:
@@ -80,7 +82,7 @@
 #        'masters { mymasters; }',
 #      ],
 #    }
-#    keys                 => { 
+#    keys                 => {
 #      'example.org-tsig' => [
 #        'algorithm hmac-md5',
 #        'secret "aaabbbcccddd"',
@@ -90,6 +92,7 @@
 #
 define bind::server::conf (
   $acls                   = {},
+  $controls               = {},
   $masters                = {},
   $listen_on_port         = '53',
   $listen_on_addr         = [ '127.0.0.1' ],
diff --git a/spec/fixtures/manifests/site.pp b/spec/fixtures/manifests/site.pp
new file mode 100644
index 000000000..e69de29bb
diff --git a/templates/named.conf.erb b/templates/named.conf.erb
index 8d0c47155..9558b7932 100644
--- a/templates/named.conf.erb
+++ b/templates/named.conf.erb
@@ -12,6 +12,24 @@ acl <%= key %> {
 };
 
 <% end -%>
+<% end -%>
+<% unless @controls.empty? -%>
+controls {
+<% @controls.each do |inet, settings|
+    next unless settings.has_key? address_match_list and settings['address_match_list'].is_a? Array
+    control_statement = "inet #{inet}"
+    if settings.has_key? 'port'
+        control_statement << " port #{settings['port']}"
+    end
+    control_statement << " allow { #{settings['address_match_list'].join('; ')}; }"
+    if settings.has_key? 'keys' and settings['keys_list'].is_? Array
+        control_statement << " keys { #{settings['keys'].join('; ')}; };"
+    end
+-%>
+    <%= control_statement %>
+<% end -%>
+}
+
 <% end -%>
 <% if !@keys.empty? -%>
 <% @keys.sort_by {|key, value| key}.each do |key,value| -%>

From 39a41eb4fb8b277434900cde4994dbf675354db9 Mon Sep 17 00:00:00 2001
From: Dimitris Stafylarakis <dimitris.stafylarakis@quby.nl>
Date: Sat, 2 Apr 2016 20:24:58 +0200
Subject: [PATCH 2/2] refactor template, add example

---
 manifests/server/conf.pp |  6 ++++++
 templates/named.conf.erb | 16 ++++++++--------
 2 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/manifests/server/conf.pp b/manifests/server/conf.pp
index c587c5f9a..e1921f806 100644
--- a/manifests/server/conf.pp
+++ b/manifests/server/conf.pp
@@ -68,6 +68,12 @@
 #    acls => {
 #      'rfc1918' => [ '10/8', '172.16/12', '192.168/16' ],
 #    },
+#    controls => {
+#      '127.0.0.1' => {
+#        address_match_list => ['localhost'],
+#        keys_list          => ['rndc-key'],
+#        port               => 953,
+#    },
 #    masters => {
 #      'mymasters' => [ '192.0.2.1', '198.51.100.1' ],
 #    },
diff --git a/templates/named.conf.erb b/templates/named.conf.erb
index 9558b7932..9e566be63 100644
--- a/templates/named.conf.erb
+++ b/templates/named.conf.erb
@@ -16,19 +16,19 @@ acl <%= key %> {
 <% unless @controls.empty? -%>
 controls {
 <% @controls.each do |inet, settings|
-    next unless settings.has_key? address_match_list and settings['address_match_list'].is_a? Array
-    control_statement = "inet #{inet}"
+    next unless settings.has_key? 'address_match_list' and settings['address_match_list'].is_a? Array
+    control_settings = ''
     if settings.has_key? 'port'
-        control_statement << " port #{settings['port']}"
+        control_settings << " port #{settings['port']}"
     end
-    control_statement << " allow { #{settings['address_match_list'].join('; ')}; }"
-    if settings.has_key? 'keys' and settings['keys_list'].is_? Array
-        control_statement << " keys { #{settings['keys'].join('; ')}; };"
+    control_settings << " allow { #{settings['address_match_list'].join('; ')}; }"
+    if settings.has_key? 'keys_list' and settings['keys_list'].is_a? Array
+        control_settings << " keys { #{settings['keys_list'].join('; ')}; }"
     end
 -%>
-    <%= control_statement %>
+    inet <%= inet %><%= control_settings %>;
 <% end -%>
-}
+};
 
 <% end -%>
 <% if !@keys.empty? -%>