diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b37d609..43d17a4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -8,13 +8,11 @@ name: ci jobs: lint-unit: - uses: sous-chefs/.github/.github/workflows/lint-unit.yml@5.0.3 + uses: sous-chefs/.github/.github/workflows/lint-unit.yml@6.0.0 permissions: - actions: write checks: write pull-requests: write statuses: write - issues: write secrets: inherit integration: @@ -24,15 +22,17 @@ jobs: matrix: os: - almalinux-8 - - centos-7 - - centos-stream-8 - - debian-10 - - debian-11 + - almalinux-9 + - amazonlinux-2023 + - centos-stream-9 + - debian-12 - fedora-latest + - oraclelinux-8 + - oraclelinux-9 - rockylinux-8 - - ubuntu-1804 - - ubuntu-2004 + - rockylinux-9 - ubuntu-2204 + - ubuntu-2404 suite: - default - resources @@ -40,12 +40,13 @@ jobs: - views - logging - linked-zones + - zone-options fail-fast: false steps: - name: Check out code - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Install Chef - uses: actionshub/chef-install@main + uses: sous-chefs/.github/.github/actions/install-workstation@6.0.0 - name: Dokken uses: actionshub/test-kitchen@main env: diff --git a/.github/workflows/prevent-file-change.yml b/.github/workflows/prevent-file-change.yml index 406ce47..bf966e2 100644 --- a/.github/workflows/prevent-file-change.yml +++ b/.github/workflows/prevent-file-change.yml @@ -7,7 +7,7 @@ name: 'Prevent file change' jobs: prevent-file-change: - uses: sous-chefs/.github/.github/workflows/prevent-file-change.yml@5.0.3 + uses: sous-chefs/.github/.github/workflows/prevent-file-change.yml@6.0.0 permissions: pull-requests: write secrets: diff --git a/.markdownlint-cli2.yaml b/.markdownlint-cli2.yaml index ac5076b..6b8643f 100644 --- a/.markdownlint-cli2.yaml +++ b/.markdownlint-cli2.yaml @@ -3,7 +3,9 @@ config: line-length: false # MD013 no-duplicate-heading: false # MD024 reference-links-images: false # MD052 + table-column-style: false # MD060 no-multiple-blanks: maximum: 2 ignores: - .github/copilot-instructions.md + - .windsurf/** diff --git a/Berksfile b/Berksfile index 80fb3f0..39643cc 100644 --- a/Berksfile +++ b/Berksfile @@ -4,5 +4,5 @@ metadata group :integration do cookbook 'apt' - cookbook 'bind_test', path: 'test/fixtures/cookbooks/bind_test' + cookbook 'test', path: 'test/cookbooks/test' end diff --git a/CHANGELOG.md b/CHANGELOG.md index e2e2c2d..e011da7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,18 @@ This file is used to list changes made in each version of the bind cookbook. +## Unreleased + +### BREAKING CHANGES + +* Remove the public `bind::default` recipe. Use `bind_service`, `bind_config`, + `bind_acl`, and the other `bind_*` custom resources directly. + +### Features + +* Migrate the cookbook to a full custom-resource-only public API. +* Move integration examples into `test/cookbooks/test`. + ## [3.5.0](https://github.com/sous-chefs/bind/compare/bind-v3.4.0...bind-v3.5.0) (2026-04-20) @@ -28,7 +40,7 @@ This file is used to list changes made in each version of the bind cookbook. ## 3.3.9 - *2023-10-31* -- Remove sup html formatting +* Remove sup html formatting ## 3.3.4 - *2023-06-08* @@ -36,158 +48,158 @@ Standardise files with files in sous-chefs/repo-management ## 3.3.3 - *2023-03-01* -- Update workflows to 2.0.1 -- Remove mdl and replace with markdownlint-cli2 +* Update workflows to 2.0.1 +* Remove mdl and replace with markdownlint-cli2 ## 3.3.1 - *2022-12-19* -- Fix CI workflow -- Add testing for Alma Linux, Rocky Linux and Ubuntu 22.04 -- Formatting fixes +* Fix CI workflow +* Add testing for Alma Linux, Rocky Linux and Ubuntu 22.04 +* Formatting fixes ## 3.3.0 - *2021-11-29* -- add `primaries` option to `bind_config` - - see [the upstream docs](https://bind9.readthedocs.io/en/v9_16_23/reference.html?highlight=primaries#primaries-statement-definition-and-usage) - - this used the old terminology `master` on platforms that do not have a new enough `named` (9.16.12) +* add `primaries` option to `bind_config` + * see [the upstream docs](https://bind9.readthedocs.io/en/v9_16_23/reference.html?highlight=primaries#primaries-statement-definition-and-usage) + * this used the old terminology `master` on platforms that do not have a new enough `named` (9.16.12) ## 3.2.0 - *2021-11-23* -- add `:create_config_only` action to `bind_primary_zone` +* add `:create_config_only` action to `bind_primary_zone` ## 3.1.0 - *2021-10-20* -- Add source file parameter to `bind_primary_zone` +* Add source file parameter to `bind_primary_zone` ## 3.0.2 - *2021-10-13* -- Convert `node['platform_version']` to a float for correct comparison +* Convert `node['platform_version']` to a float for correct comparison ## 3.0.1 - *2021-10-13* -- Include `BindCookbook::Helpers` via `action_class` in `bind_config` -- Add `CHEF_PRODUCT_NAME` variable for setting `product_name` +* Include `BindCookbook::Helpers` via `action_class` in `bind_config` +* Add `CHEF_PRODUCT_NAME` variable for setting `product_name` ## 3.0.0 - *2021-10-11* -- Sous Chefs adoption -- Restart `bind_service` immediately when using `delayed_action :create` -- Enable resource `unified_mode` for Chef 17 compatibility -- Add `create_if_missing` to `primary_zone_template` -- Workaround upstream issue as described in -- Update named.ca to latest upstream version -- Cookstyle fixes -- Switch to using an InSpec profile for reusable testing -- Fix issues with chroot on Debian and Ubuntu systems -- Install dnsutils package on Debian-based systems to get dig binary -- Remove sysvinit support -- Fix AppArmor permissions for `bind_logging_channel` when files are used +* Sous Chefs adoption +* Restart `bind_service` immediately when using `delayed_action :create` +* Enable resource `unified_mode` for Chef 17 compatibility +* Add `create_if_missing` to `primary_zone_template` +* Workaround upstream issue as described in +* Update named.ca to latest upstream version +* Cookstyle fixes +* Switch to using an InSpec profile for reusable testing +* Fix issues with chroot on Debian and Ubuntu systems +* Install dnsutils package on Debian-based systems to get dig binary +* Remove sysvinit support +* Fix AppArmor permissions for `bind_logging_channel` when files are used ## 2.3.1 - *2020-01-23* -- #58: Multiple statistices channel support - bmhughes -- #59: fix bug in additional config files directive - ramereth +* #58: Multiple statistices channel support - bmhughes +* #59: fix bug in additional config files directive - ramereth ## 2.3.0 - *2019-10-21* -- Update supported OS and Chef clients. -- Support chroot on ubuntu 18. -- Add `bind_stub_zone` resource. -- Add `controls`, `per_view_additional_config`, and `additional_config_files` to `bind_config` resource. +* Update supported OS and Chef clients. +* Support chroot on ubuntu 18. +* Add `bind_stub_zone` resource. +* Add `controls`, `per_view_additional_config`, and `additional_config_files` to `bind_config` resource. ## 2.2.1 - *2018-10-08* -- Add support for in-view directive using `bind_linked_zone` resource. +* Add support for in-view directive using `bind_linked_zone` resource. ## 2.2.0 - *2018-03-08* -- Add `bind_logging_channel` and `bind_logging_category` custom resources. -- Add `bind_view` custom resource. -- Add `:create_if_missing` action to `bind_primary_zone` resource. +* Add `bind_logging_channel` and `bind_logging_category` custom resources. +* Add `bind_view` custom resource. +* Add `:create_if_missing` action to `bind_primary_zone` resource. ## 2.1.1 - *2017-12-01* -- According to RFC1035, FQDN length max is 255 characters, and each label (dot delimited) is 63 characters. Setting first column width to 65 characters +* According to RFC1035, FQDN length max is 255 characters, and each label (dot delimited) is 63 characters. Setting first column width to 65 characters ## 2.1.0 - *2017-12-01* -- Add support for chrooted install -- Chroot Supported platforms: CentOS/RedHat 6.x+, Debian 8.x+, Ubuntu 14.04 LTS -- Chroot Incompatible platforms: Ubuntu 16.04 LTS [ubuntu/+source/bind9/+bug/1630025](https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1630025) -- Updated rndc call to be compliant with current auto-configuration standards -- Updated file paths using `::File,join()` method -- Delayed all template creation to avoid file busy conflicts -- Added `.kitchen.dokken.yml` for faster testing with [kitchen-dokken](https://github.com/someara/kitchen-dokken) -- Added support for env var `CHEF_VERSION` to affect kitchen-dokken chef-client version -- Supports chef-client version 12.21.26 and 13.6.4 +* Add support for chrooted install +* Chroot Supported platforms: CentOS/RedHat 6.x+, Debian 8.x+, Ubuntu 14.04 LTS +* Chroot Incompatible platforms: Ubuntu 16.04 LTS [ubuntu/+source/bind9/+bug/1630025](https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1630025) +* Updated rndc call to be compliant with current auto-configuration standards +* Updated file paths using `::File,join()` method +* Delayed all template creation to avoid file busy conflicts +* Added `.kitchen.dokken.yml` for faster testing with [kitchen-dokken](https://github.com/someara/kitchen-dokken) +* Added support for env var `CHEF_VERSION` to affect kitchen-dokken chef-client version +* Supports chef-client version 12.21.26 and 13.6.4 ## 2.0.1 - *2017-11-17* -- Add `manage_serial` option to `bind_primary_zone_template` resource +* Add `manage_serial` option to `bind_primary_zone_template` resource ## 2.0.0 - *2017-11-07* -- Migrate to using custom resources. See MIGRATION.md for details on migrating from v1.x. +* Migrate to using custom resources. See MIGRATION.md for details on migrating from v1.x. ## 1.3.0 - *2017-04-17* -- Change default for statistics channel to be false, and add an attribute to set the bind address. +* Change default for statistics channel to be false, and add an attribute to set the bind address. ## 1.2.0 - *2015-01-02* -- Add server clause. - - See [documentation](http://www.zytrax.com/books/dns/ch7/server.html) for reference. -- Add bind forwardzones attribute. +* Add server clause. + * See [documentation](http://www.zytrax.com/books/dns/ch7/server.html) for reference. +* Add bind forwardzones attribute. ## 1.1.4 - *2014-11-19* -- Restore previous default for querylog size and amount -- Correct quoting for log file rotation -- Minor rubocop corrections +* Restore previous default for querylog size and amount +* Correct quoting for log file rotation +* Minor rubocop corrections ## 1.1.3 - *2014-10-08* -- Added `log_file_size` attribute. +* Added `log_file_size` attribute. ## 1.1.1 - *2014-08-13* -- Added array for `domainzones` attribute +* Added array for `domainzones` attribute ## 1.1.0 - *2014-05-25* -- Add named-checkconf sanity checking -- Add thor/scmversion -- Update specs +* Add named-checkconf sanity checking +* Add thor/scmversion +* Update specs ## 1.0.3 - *2014-03-17* -- Update documentation +* Update documentation ## 1.0.2 - *2014-02-18* -- Stub file for service tests +* Stub file for service tests ## 1.0.1 - *2014-02-16* -- Add delayed timing to service reload -- Fix a minor issue with `rndc.key` on CentOS 6.x +* Add delayed timing to service reload +* Fix a minor issue with `rndc.key` on CentOS 6.x ## 1.0.0 - *2014-02-13* Clearing out backlog of issues. -- Add standalone logging support, to `named.options` file. #4 -- Revert incorrect `/etc/named.conf` location for EL6. -- Graceful handling for lack of data_bags. #7 -- Added documentation for standalone logging support. #8 -- Added statistics-channel support. #9 -- Updated kitchen and build files. -- Added bats tests. -- Removed minitests/Added chefspec +* Add standalone logging support, to `named.options` file. #4 +* Revert incorrect `/etc/named.conf` location for EL6. +* Graceful handling for lack of data_bags. #7 +* Added documentation for standalone logging support. #8 +* Added statistics-channel support. #9 +* Updated kitchen and build files. +* Added bats tests. +* Removed minitests/Added chefspec ### BREAKING CHANGE -- Removed `etc_cookbook_files` and `etc_template_files` in favor of simpler `bind['included_files']` attribute +* Removed `etc_cookbook_files` and `etc_template_files` in favor of simpler `bind['included_files']` attribute Explanation: @@ -199,43 +211,43 @@ This is the first cookbook, I have validated with @fnichol re-write of [test-kit I identified two RHEL 5, and one Ubuntu, recipe bugs which nobody including myself has caught. I cannot overstate, how much time this has saved me. If you have not tried the test-kitchen re-write, do yourself the favor and start working with it now. -- Add test-kitchen/Berkshelf skeleton files -- Platform-specific fixes - - Correct location of `/etc/named.conf` on RHEL 5 - - Added `conf_file` and `options_file` are attributes - - Refactor service actions, and config file rendering - - Enabled usage of search also on chef-solo via @fabn - - Various Ubuntu platform fixes via @fabn - - Added apt recipe to pass test-kitchen +* Add test-kitchen/Berkshelf skeleton files +* Platform-specific fixes + * Correct location of `/etc/named.conf` on RHEL 5 + * Added `conf_file` and `options_file` are attributes + * Refactor service actions, and config file rendering + * Enabled usage of search also on chef-solo via @fabn + * Various Ubuntu platform fixes via @fabn + * Added apt recipe to pass test-kitchen ## 0.1.1 - *2013-04-15* -- Pass zone array to template with `uniq` and `sort` +* Pass zone array to template with `uniq` and `sort` ## 0.1.0 - *2013-03-26* -- Add bind zones attributes for "role (attribute)", "ldap", and "databag" sources. +* Add bind zones attributes for "role (attribute)", "ldap", and "databag" sources. ## 0.0.9 - *2013-03-25* -- ldap host incorrectly being scoped as `node.default` +* ldap host incorrectly being scoped as `node.default` ## 0.0.8 - *2013-03-25* -- Change node scope to `node.default` for Chef 11 +* Change node scope to `node.default` for Chef 11 ## 0.0.7 - *2013-01-24* -- Update root nameserver D +* Update root nameserver D ## 0.0.6 - *2012-08-01* -- Move masters keyword to slave block +* Move masters keyword to slave block ## 0.0.4 - *2012-01-05* -- Clean up and public release +* Clean up and public release ## 0.0.2 - *2011-04-22* -- Initial prototype for internal use +* Initial prototype for internal use diff --git a/LIMITATIONS.md b/LIMITATIONS.md new file mode 100644 index 0000000..6a5fcec --- /dev/null +++ b/LIMITATIONS.md @@ -0,0 +1,50 @@ +# Limitations + +## Package Availability + +The cookbook installs BIND from operating system package repositories. ISC also +publishes current BIND 9 packages for selected Debian, Ubuntu, RHEL/CentOS, and +Fedora platforms. + +### APT (Debian/Ubuntu) + +* Debian 12: supported by ISC for BIND 9.18 and 9.20 on amd64 CI. +* Ubuntu 22.04 LTS: supported by ISC for BIND 9.18 and 9.20 on amd64 CI. +* Ubuntu 24.04 LTS: supported by ISC for BIND 9.18 and 9.20 on amd64 CI. +* Debian LTS releases are community-maintained from ISC's perspective and are + not included in the active Kitchen matrix. + +### DNF/YUM (RHEL family) + +* RHEL 8, RHEL 9, and RHEL 10: supported by ISC for BIND 9.18 and 9.20 on amd64 + CI. +* CentOS Stream 9: community-maintained by ISC and covered by the cookbook test + matrix. +* AlmaLinux 8/9, Oracle Linux 8/9, and Rocky Linux 8/9: supported by this + cookbook through compatible distribution packages and CI coverage. +* Amazon Linux 2023: supported by this cookbook through distribution packages + and CI coverage. +* CentOS 7 and CentOS Stream 8 are end-of-life and are not supported. + +### Fedora + +* Fedora latest: supported by ISC for BIND 9.18 and 9.20 on amd64 CI. + +## Architecture Limitations + +ISC's supported-platforms guidance describes primary support in terms of amd64 +CI coverage. Other CPU architectures are best-effort or community-maintained +depending on the operating system and BIND branch. + +## Source/Compiled Installation + +This cookbook does not compile BIND from source. BIND 9 requires a POSIX system, +a C11-capable compiler, OpenSSL, libuv, and nghttp2 for current releases. +Package availability and build dependencies are delegated to the operating +system repositories used by each supported platform. + +## Known Issues + +* Windows is not supported by BIND 9.18 and later. +* Legacy cookbook recipes and node attributes are removed. Use the `bind_*` + custom resources directly from a wrapper or policy cookbook. diff --git a/README.md b/README.md index ac9c1bc..46ce180 100644 --- a/README.md +++ b/README.md @@ -12,51 +12,57 @@ A chef cookbook to manage BIND servers and zones. ## Requirements -This cookbook follows the library pattern. To use the cookbook effectively you'll need a wrapper cookbook that uses the resources provided in this cookbook. - -A default recipe is provided. It only provides a basic recursive name server. +This cookbook provides custom resources only. Use a wrapper cookbook or policy +cookbook to declare the `bind_*` resources directly. ### Platforms -- CentOS/RHEL 7+ -- Debian 10+ -- Ubuntu 18.04+ +* AlmaLinux 8+ +* Amazon Linux 2023+ +* CentOS Stream 9+ +* Debian 12+ +* Fedora latest +* Oracle Linux 8+ +* Red Hat Enterprise Linux 8+ +* Rocky Linux 8+ +* Ubuntu 22.04+ ### Chef -- Chef 15.3+ +* Chef 15.3+ -## Attributes +## Migration -Most attributes have been removed in favour of custom resources. See the [MIGRATION.md](MIGRATION.md) document. +Legacy recipes and node attributes have been removed in favour of custom +resources. See the [migration guide](migration.md) for upgrade details. ## Resources The following resources are provided: -- [bind_acl](documentation/bind_acl.md) -- [bind_config](documentation/bind_config.md) -- [bind_forward_zone](documentation/bind_forward_zone.md) -- [bind_key](documentation/bind_key.md) -- [bind_linked_zone](documentation/bind_linked_zone.md) -- [bind_logging_category](documentation/bind_logging_category.md) -- [bind_logging_channel](documentation/bind_logging_channel.md) -- [bind_primary_zone](documentation/bind_primary_zone.md) -- [bind_primary_zone_template](documentation/bind_primary_zone_template.md) -- [bind_secondary_zone](documentation/bind_secondary_zone.md) -- [bind_server](documentation/bind_server.md) -- [bind_service](documentation/bind_service.md) -- [bind_stub_zone](documentation/bind_stub_zone.md) -- [bind_view](documentation/bind_view.md) +* [bind_acl](documentation/bind_acl.md) +* [bind_config](documentation/bind_config.md) +* [bind_forward_zone](documentation/bind_forward_zone.md) +* [bind_key](documentation/bind_key.md) +* [bind_linked_zone](documentation/bind_linked_zone.md) +* [bind_logging_category](documentation/bind_logging_category.md) +* [bind_logging_channel](documentation/bind_logging_channel.md) +* [bind_primary_zone](documentation/bind_primary_zone.md) +* [bind_primary_zone_template](documentation/bind_primary_zone_template.md) +* [bind_secondary_zone](documentation/bind_secondary_zone.md) +* [bind_server](documentation/bind_server.md) +* [bind_service](documentation/bind_service.md) +* [bind_stub_zone](documentation/bind_stub_zone.md) +* [bind_view](documentation/bind_view.md) ## Usage Using custom resources leads to a quite flexible configuration, but requires a little bit more work in a wrapper cookbook to use. The following examples are presented here: -- Internal recursive nameserver -- Authoritative primary nameserver -- Authoritative secondary nameserver -- Using views for internal recursion and external authoritative name service +* Internal recursive nameserver +* Authoritative primary nameserver +* Authoritative secondary nameserver +* Using views for internal recursion and external authoritative name service ### Internal recursive nameserver diff --git a/documentation/bind_acl.md b/documentation/bind_acl.md index da8f2da..eac681f 100644 --- a/documentation/bind_acl.md +++ b/documentation/bind_acl.md @@ -21,11 +21,11 @@ This resource allows you to create a named ACL list within the BIND configuratio Each entry should be a valid BIND address match list. This means it can be: -- an IP address -- an IP prefix -- a key id -- the name of a different address march list from another acl statement -- a nested address match list enclosed in braces +* an IP address +* an IP prefix +* a key id +* the name of a different address march list from another acl statement +* a nested address match list enclosed in braces Predefined ACLs (from BIND itself) which do not need additional configuration are: any, none, localhost, and localnets. diff --git a/kitchen.dokken.yml b/kitchen.dokken.yml index 47eff95..561837e 100644 --- a/kitchen.dokken.yml +++ b/kitchen.dokken.yml @@ -22,36 +22,11 @@ platforms: image: dokken/amazonlinux-2023 pid_one_command: /usr/lib/systemd/systemd - - name: centos-7 - driver: - image: dokken/centos-7 - pid_one_command: /usr/lib/systemd/systemd - - - name: centos-stream-8 - driver: - image: dokken/centos-stream-8 - pid_one_command: /usr/lib/systemd/systemd - - name: centos-stream-9 driver: image: dokken/centos-stream-9 pid_one_command: /usr/lib/systemd/systemd - - name: debian-9 - driver: - image: dokken/debian-9 - pid_one_command: /bin/systemd - - - name: debian-10 - driver: - image: dokken/debian-10 - pid_one_command: /bin/systemd - - - name: debian-11 - driver: - image: dokken/debian-11 - pid_one_command: /bin/systemd - - name: debian-12 driver: image: dokken/debian-12 @@ -62,16 +37,6 @@ platforms: image: dokken/fedora-latest pid_one_command: /usr/lib/systemd/systemd - - name: opensuse-leap-15 - driver: - image: dokken/opensuse-leap-15 - pid_one_command: /usr/lib/systemd/systemd - - - name: oraclelinux-7 - driver: - image: dokken/oraclelinux-7 - pid_one_command: /usr/lib/systemd/systemd - - name: oraclelinux-8 driver: image: dokken/oraclelinux-8 @@ -92,22 +57,12 @@ platforms: image: dokken/rockylinux-9 pid_one_command: /usr/lib/systemd/systemd - - name: ubuntu-18.04 - driver: - image: dokken/ubuntu-18.04 - pid_one_command: /bin/systemd - - - name: ubuntu-20.04 - driver: - image: dokken/ubuntu-20.04 - pid_one_command: /bin/systemd - - name: ubuntu-22.04 driver: image: dokken/ubuntu-22.04 pid_one_command: /bin/systemd - - name: ubuntu-23.04 + - name: ubuntu-24.04 driver: - image: dokken/ubuntu-23.04 + image: dokken/ubuntu-24.04 pid_one_command: /bin/systemd diff --git a/kitchen.exec.yml b/kitchen.exec.yml deleted file mode 100644 index ba7b2a9..0000000 --- a/kitchen.exec.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -driver: { name: exec } -transport: { name: exec } - -platforms: - - name: macos-latest - - name: windows-latest diff --git a/kitchen.global.yml b/kitchen.global.yml index a382fcd..0bab8e1 100644 --- a/kitchen.global.yml +++ b/kitchen.global.yml @@ -18,21 +18,12 @@ platforms: - name: almalinux-8 - name: almalinux-9 - name: amazonlinux-2023 - - name: centos-7 - - name: centos-stream-8 - name: centos-stream-9 - - name: debian-9 - - name: debian-10 - - name: debian-11 - name: debian-12 - name: fedora-latest - - name: opensuse-leap-15 - - name: oraclelinux-7 - name: oraclelinux-8 - name: oraclelinux-9 - name: rockylinux-8 - name: rockylinux-9 - - name: ubuntu-18.04 - - name: ubuntu-20.04 - name: ubuntu-22.04 - - name: ubuntu-23.04 + - name: ubuntu-24.04 diff --git a/kitchen.yml b/kitchen.yml index 0db3d8a..7b9c786 100644 --- a/kitchen.yml +++ b/kitchen.yml @@ -14,54 +14,55 @@ provisioner: platforms: - name: almalinux-8 - - name: centos-7 - - name: centos-stream-8 - - name: debian-10 - - name: debian-11 + - name: almalinux-9 + - name: amazonlinux-2023 + - name: centos-stream-9 + - name: debian-12 - name: fedora-latest + - name: oraclelinux-8 + - name: oraclelinux-9 - name: rockylinux-8 - - name: ubuntu-18.04 - - name: ubuntu-20.04 + - name: rockylinux-9 - name: ubuntu-22.04 + - name: ubuntu-24.04 verifier: name: inspec inspec_tests: - - path: test/integration/bind + - path: test/integration/default suites: - name: default run_list: - - recipe[bind_test::disable_resolved] - - recipe[bind::default] + - recipe[test::default] - name: resources run_list: - - recipe[bind_test] + - recipe[test] verifier: inputs: domain: ns1.example.org host_string: "ns1.example.org has address 1.1.1.1" - name: chroot run_list: - - recipe[bind_test::chroot] + - recipe[test::chroot] verifier: inputs: chroot: true - name: views run_list: - - recipe[bind_test::views] + - recipe[test::views] verifier: inputs: views: true - name: logging run_list: - - recipe[bind_test::logging] + - recipe[test::logging] verifier: inputs: logging: true - name: linked-zones run_list: - - recipe[bind_test::linked_zones] + - recipe[test::linked_zones] verifier: inputs: domain: ns1.example.net @@ -69,7 +70,7 @@ suites: linked: true - name: zone-options run_list: - - recipe[bind_test::zone_options] + - recipe[test::zone_options] verifier: inputs: domain: ns1.example.org diff --git a/libraries/helpers.rb b/libraries/helpers.rb index fa76256..11ea9ff 100644 --- a/libraries/helpers.rb +++ b/libraries/helpers.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module BindCookbook module Helpers def default_property_for(property_name, chroot) diff --git a/libraries/resource_helpers.rb b/libraries/resource_helpers.rb index 9a35606..5b4c99f 100644 --- a/libraries/resource_helpers.rb +++ b/libraries/resource_helpers.rb @@ -1,3 +1,4 @@ +# frozen_string_literal: true module BindCookbook module ResourceHelpers diff --git a/metadata.rb b/metadata.rb index 7e6795f..fcbe182 100644 --- a/metadata.rb +++ b/metadata.rb @@ -8,8 +8,12 @@ source_url 'https://github.com/sous-chefs/bind' chef_version '>= 15.3' -supports 'ubuntu' -supports 'redhat' -supports 'centos' +supports 'almalinux', '>= 8.0' +supports 'amazon', '>= 2023.0' +supports 'centos_stream', '>= 9.0' +supports 'debian', '>= 12.0' supports 'fedora' -supports 'debian' +supports 'oracle', '>= 8.0' +supports 'redhat', '>= 8.0' +supports 'rocky', '>= 8.0' +supports 'ubuntu', '>= 22.04' diff --git a/MIGRATION.md b/migration.md similarity index 77% rename from MIGRATION.md rename to migration.md index 5640cff..d09e118 100644 --- a/MIGRATION.md +++ b/migration.md @@ -1,5 +1,40 @@ # Migration Assistance +## Migrating from 3.x to 4.x + +Version 4.x is a full custom resource migration. The cookbook no longer ships a +public `bind::default` recipe and no longer supports configuring BIND with node +attributes. Declare `bind_service`, `bind_config`, `bind_acl`, and the zone or +logging resources directly from a wrapper cookbook or Policyfile. + +The removed default recipe previously configured a simple recursive server. The +equivalent resource usage is: + +```ruby +bind_service 'default' do + action [:create, :start] +end + +bind_config 'default' do + options [ + 'allow-query { trusted-nets; }', + 'recursion yes', + 'allow-recursion { trusted-nets; }', + ] +end + +bind_acl 'trusted-nets' do + entries %w( + localhost + localnets + ) +end +``` + +Integration examples now live in `test/cookbooks/test/recipes/`. Use those +recipes as copyable examples for common recursive, authoritative, chroot, +logging, view, and linked-zone configurations. + ## Migrating from 1.x to 2.x In version 2.x the BIND cookbook has become a library cookbook. Thus to use it diff --git a/recipes/default.rb b/recipes/default.rb deleted file mode 100644 index 8b9f0ee..0000000 --- a/recipes/default.rb +++ /dev/null @@ -1,37 +0,0 @@ -# -# Cookbook:: bind -# Recipe:: default -# -# Copyright:: 2011, Gerald L. Hevener, Jr, M.S. -# Copyright:: 2011, Eric G. Wolfe -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -bind_service 'default' do - action [:create, :start] -end - -bind_config 'default' do - options [ - 'allow-query { trusted-nets; }', - 'recursion yes', - 'allow-recursion { trusted-nets; }', - ] -end - -bind_acl 'trusted-nets' do - entries %w( - localhost - localnets) -end diff --git a/resources/acl.rb b/resources/acl.rb index 0db32ae..34b1d91 100644 --- a/resources/acl.rb +++ b/resources/acl.rb @@ -1,3 +1,6 @@ +# frozen_string_literal: true + +provides :bind_acl unified_mode true ACL = Struct.new(:name, :entries) diff --git a/resources/config.rb b/resources/config.rb index 59fb716..f4237cf 100644 --- a/resources/config.rb +++ b/resources/config.rb @@ -1,3 +1,6 @@ +# frozen_string_literal: true + +provides :bind_config unified_mode true property :additional_config_files, Array, @@ -88,7 +91,7 @@ end Chef::Log.deprecation( - 'Use of the `query_log` property is deprecated in favour of '\ + 'Use of the `query_log` property is deprecated in favour of ' \ 'using `bind_logging_channel` and `bind_logging_category`'.dup ) if new_resource.query_log @@ -104,21 +107,26 @@ per_view_additional_config_files.push(new_resource.per_view_additional_config_files) end - cookbook_file ::File.join(bind_service.sysconfdir, 'named.rfc1912.zones') do + template ::File.join(bind_service.sysconfdir, 'named.rfc1912.zones') do owner bind_service.run_user group bind_service.run_group mode '0644' action :create cookbook 'bind' + source 'named.rfc1912.zones' end %w(named.empty named.ca named.loopback named.localhost).each do |var_file| - cookbook_file ::File.join(bind_service.vardir, var_file) do + zone_file = ::File.join(bind_service.vardir, var_file) + + template ::File.join(bind_service.vardir, var_file) do owner bind_service.run_user group bind_service.run_group mode '0644' action :create cookbook 'bind' + source var_file + not_if { ::File.symlink?(zone_file) } end end @@ -179,7 +187,7 @@ command '/sbin/apparmor_parser -r -T -W /etc/apparmor.d/usr.sbin.named' action :nothing notifies :restart, 'bind_service[default]', :delayed - only_if { ::File.exist?('/sbin/apparmor_parser') } + only_if { ::File.exist?('/sbin/apparmor_parser') && ::File.exist?('/sys/kernel/security/apparmor/profiles') } end logging_channels = [] diff --git a/resources/forward_zone.rb b/resources/forward_zone.rb index 21d6d51..19dd548 100644 --- a/resources/forward_zone.rb +++ b/resources/forward_zone.rb @@ -1,3 +1,6 @@ +# frozen_string_literal: true + +provides :bind_forward_zone unified_mode true ForwardZone = Struct.new(:name, :forwarders, :forward, :view) diff --git a/resources/key.rb b/resources/key.rb index 8a4b521..0239990 100644 --- a/resources/key.rb +++ b/resources/key.rb @@ -1,3 +1,6 @@ +# frozen_string_literal: true + +provides :bind_key unified_mode true KeyOptions = Struct.new(:name, :algorithm, :secret) diff --git a/resources/linked_zone.rb b/resources/linked_zone.rb index cdbe103..a3364ae 100644 --- a/resources/linked_zone.rb +++ b/resources/linked_zone.rb @@ -1,3 +1,6 @@ +# frozen_string_literal: true + +provides :bind_linked_zone unified_mode true LinkedZone = Struct.new(:name, :in_view, :view) diff --git a/resources/logging_category.rb b/resources/logging_category.rb index 1a64ec1..04697ff 100644 --- a/resources/logging_category.rb +++ b/resources/logging_category.rb @@ -1,3 +1,6 @@ +# frozen_string_literal: true + +provides :bind_logging_category unified_mode true LoggingCategory = Struct.new(:name, :channels) diff --git a/resources/logging_channel.rb b/resources/logging_channel.rb index 41bd686..1ad0e94 100644 --- a/resources/logging_channel.rb +++ b/resources/logging_channel.rb @@ -1,3 +1,6 @@ +# frozen_string_literal: true + +provides :bind_logging_channel unified_mode true property :bind_config, String, diff --git a/resources/primary_zone.rb b/resources/primary_zone.rb index 67f0038..18fe1fb 100644 --- a/resources/primary_zone.rb +++ b/resources/primary_zone.rb @@ -1,3 +1,6 @@ +# frozen_string_literal: true + +provides :bind_primary_zone unified_mode true PrimaryZone = Struct.new(:name, :options, :view, :file_name) diff --git a/resources/primary_zone_template.rb b/resources/primary_zone_template.rb index 455e3e6..780304d 100644 --- a/resources/primary_zone_template.rb +++ b/resources/primary_zone_template.rb @@ -1,3 +1,6 @@ +# frozen_string_literal: true + +provides :bind_primary_zone_template unified_mode true require 'digest' diff --git a/resources/secondary_zone.rb b/resources/secondary_zone.rb index 985ea1e..68ab19b 100644 --- a/resources/secondary_zone.rb +++ b/resources/secondary_zone.rb @@ -1,3 +1,6 @@ +# frozen_string_literal: true + +provides :bind_secondary_zone unified_mode true SecondaryZone = Struct.new(:name, :primaries, :options, :view, :file_name) diff --git a/resources/server.rb b/resources/server.rb index bb68805..44b0737 100644 --- a/resources/server.rb +++ b/resources/server.rb @@ -1,3 +1,6 @@ +# frozen_string_literal: true + +provides :bind_server unified_mode true ServerOptions = Struct.new(:name, :options) diff --git a/resources/service.rb b/resources/service.rb index d510b0c..2e34360 100644 --- a/resources/service.rb +++ b/resources/service.rb @@ -1,3 +1,6 @@ +# frozen_string_literal: true + +provides :bind_service unified_mode true property :chroot_dir, [String, nil], @@ -167,16 +170,24 @@ mode '0755' end - directory "/etc/systemd/system/#{new_resource.service_name}.service.d" + systemd_service_names = [new_resource.service_name] + systemd_service_names << 'named' if bind_env_file == '/etc/default/named' && new_resource.service_name == 'bind9' + + systemd_service_settings = [ + '# Generated by Chef', + '# Workaround upstream issue as described in https://bugs.debian.org/983216', + '[Service]', + ] + systemd_service_settings << 'Type=simple' if new_resource.chroot && (platform?('debian') || (platform?('ubuntu') && node['platform_version'].to_f >= 24.04)) + systemd_service_settings << 'ExecCondition=/usr/local/lib/named/clear-managed-keys.sh' - file "/etc/systemd/system/#{new_resource.service_name}.service.d/managed-keys.conf" do - content <<~EOU - # Generated by Chef - # Workaround upstream issue as described in https://bugs.debian.org/983216 - [Service] - ExecCondition=/usr/local/lib/named/clear-managed-keys.sh - EOU - notifies :run, 'execute[systemctl daemon-reload]', :immediately + systemd_service_names.uniq.each do |systemd_service_name| + directory "/etc/systemd/system/#{systemd_service_name}.service.d" + + file "/etc/systemd/system/#{systemd_service_name}.service.d/managed-keys.conf" do + content "#{systemd_service_settings.join("\n")}\n" + notifies :run, 'execute[systemctl daemon-reload]', :immediately + end end execute 'systemctl daemon-reload' do diff --git a/resources/stub_zone.rb b/resources/stub_zone.rb index 9f17443..f472c17 100644 --- a/resources/stub_zone.rb +++ b/resources/stub_zone.rb @@ -1,3 +1,6 @@ +# frozen_string_literal: true + +provides :bind_stub_zone unified_mode true StubZone = Struct.new(:name, :primaries, :options, :view, :file_name) diff --git a/resources/view.rb b/resources/view.rb index 1b8662d..2c1e8df 100644 --- a/resources/view.rb +++ b/resources/view.rb @@ -1,3 +1,6 @@ +# frozen_string_literal: true + +provides :bind_view unified_mode true View = Struct.new( diff --git a/spec/chroot_spec.rb b/spec/chroot_spec.rb index 15200a7..b49d212 100644 --- a/spec/chroot_spec.rb +++ b/spec/chroot_spec.rb @@ -1,6 +1,8 @@ +# frozen_string_literal: true + require 'spec_helper' -describe 'bind_test::chroot' do +describe 'test::chroot' do context 'on CentOS 7' do let(:chef_run) do ChefSpec::SoloRunner.new( @@ -46,7 +48,7 @@ %w(named.empty named.loopback named.localhost named.ca).each do |var_file| it "it creates cookbook file #{::File.join('/var/named', var_file)}" do - expect(chef_run).to create_cookbook_file(::File.join('/var/named', var_file)) + expect(chef_run).to create_template(::File.join('/var/named', var_file)) end end @@ -204,7 +206,7 @@ end it 'renders file /var/bind9/chroot/etc/bind/named.rfc1912.zones' do - expect(chef_run).to create_cookbook_file('/var/bind9/chroot/etc/bind/named.rfc1912.zones') + expect(chef_run).to create_template('/var/bind9/chroot/etc/bind/named.rfc1912.zones') end it 'renders file /var/bind9/chroot/etc/bind/named.conf with included files' do @@ -214,7 +216,7 @@ %w(named.empty named.loopback named.localhost named.ca).each do |var_file| it "it creates cookbook file /var/bind9/chroot/var/cache/bind/#{var_file}" do - expect(chef_run).to create_cookbook_file("/var/bind9/chroot/var/cache/bind/#{var_file}") + expect(chef_run).to create_template("/var/bind9/chroot/var/cache/bind/#{var_file}") end end diff --git a/spec/default_spec.rb b/spec/default_spec.rb index 6106a30..a4670e2 100644 --- a/spec/default_spec.rb +++ b/spec/default_spec.rb @@ -1,6 +1,8 @@ +# frozen_string_literal: true + require 'spec_helper' -describe 'bind::default' do +describe 'test::default' do context 'on unspecified platform (EL 5/6 as reference)' do let(:chef_run) do ChefSpec::SoloRunner.new( @@ -39,7 +41,7 @@ end it 'renders file /etc/named/named.rfc1912.zones' do - expect(chef_run).to create_cookbook_file('/etc/named/named.rfc1912.zones') + expect(chef_run).to create_template('/etc/named/named.rfc1912.zones') end it 'renders file /etc/named.conf with included files' do @@ -49,7 +51,7 @@ %w(named.empty named.loopback named.localhost named.ca).each do |var_file| it "it creates cookbook file /var/named/#{var_file}" do - expect(chef_run).to create_cookbook_file("/var/named/#{var_file}") + expect(chef_run).to create_template("/var/named/#{var_file}") end end @@ -107,7 +109,7 @@ end it 'renders file /etc/bind/named.rfc1912.zones' do - expect(chef_run).to create_cookbook_file('/etc/bind/named.rfc1912.zones') + expect(chef_run).to create_template('/etc/bind/named.rfc1912.zones') end it 'renders file /etc/bind/named.conf with included files' do @@ -117,7 +119,7 @@ %w(named.empty named.loopback named.localhost named.ca).each do |var_file| it "it creates cookbook file /var/cache/bind/#{var_file}" do - expect(chef_run).to create_cookbook_file("/var/cache/bind/#{var_file}") + expect(chef_run).to create_template("/var/cache/bind/#{var_file}") end end diff --git a/spec/resources/acl_spec.rb b/spec/resources/acl_spec.rb index d97a3b1..d66e216 100644 --- a/spec/resources/acl_spec.rb +++ b/spec/resources/acl_spec.rb @@ -1,10 +1,12 @@ +# frozen_string_literal: true + require 'spec_helper' describe 'adding access control lists' do let(:chef_run) do ChefSpec::SoloRunner.new( platform: 'centos', version: '8', step_into: %w(bind_config bind_acl) - ).converge('bind_test::spec_acl') + ).converge('test::spec_acl') end include_context 'version_stub' diff --git a/spec/resources/config_spec.rb b/spec/resources/config_spec.rb index ceca245..714a588 100644 --- a/spec/resources/config_spec.rb +++ b/spec/resources/config_spec.rb @@ -1,10 +1,12 @@ +# frozen_string_literal: true + require 'spec_helper' describe 'creating a basic configuration' do let(:chef_run) do ChefSpec::SoloRunner.new( platform: 'centos', version: '8', step_into: ['bind_config'] - ).converge('bind_test::spec_basic') + ).converge('test::spec_basic') end include_context 'version_stub' @@ -14,11 +16,11 @@ end it 'puts default zone files in place' do - expect(chef_run).to create_cookbook_file('/etc/named/named.rfc1912.zones') - expect(chef_run).to create_cookbook_file('/var/named/named.empty') - expect(chef_run).to create_cookbook_file('/var/named/named.ca') - expect(chef_run).to create_cookbook_file('/var/named/named.loopback') - expect(chef_run).to create_cookbook_file('/var/named/named.localhost') + expect(chef_run).to create_template('/etc/named/named.rfc1912.zones') + expect(chef_run).to create_template('/var/named/named.empty') + expect(chef_run).to create_template('/var/named/named.ca') + expect(chef_run).to create_template('/var/named/named.loopback') + expect(chef_run).to create_template('/var/named/named.localhost') end context 'the basic options file' do @@ -48,17 +50,17 @@ let(:chef_run) do ChefSpec::SoloRunner.new( platform: 'centos', version: '8', step_into: ['bind_config'] - ).converge('bind_test::spec_overridden') + ).converge('test::spec_overridden') end include_context 'version_stub' it 'puts default zone files in place' do - expect(chef_run).to create_cookbook_file('/test/etc/named.rfc1912.zones') - expect(chef_run).to create_cookbook_file('/test/var/named.empty') - expect(chef_run).to create_cookbook_file('/test/var/named.ca') - expect(chef_run).to create_cookbook_file('/test/var/named.loopback') - expect(chef_run).to create_cookbook_file('/test/var/named.localhost') + expect(chef_run).to create_template('/test/etc/named.rfc1912.zones') + expect(chef_run).to create_template('/test/var/named.empty') + expect(chef_run).to create_template('/test/var/named.ca') + expect(chef_run).to create_template('/test/var/named.loopback') + expect(chef_run).to create_template('/test/var/named.localhost') end context 'the options file' do @@ -113,7 +115,7 @@ let(:chef_run) do ChefSpec::SoloRunner.new( platform: 'centos', version: '8', step_into: ['bind_config'] - ).converge('bind_test::spec_additional_config_files') + ).converge('test::spec_additional_config_files') end include_context 'version_stub' diff --git a/spec/resources/forward_zone_spec.rb b/spec/resources/forward_zone_spec.rb index 23d0cb9..c176e81 100644 --- a/spec/resources/forward_zone_spec.rb +++ b/spec/resources/forward_zone_spec.rb @@ -1,10 +1,12 @@ +# frozen_string_literal: true + require 'spec_helper' describe 'adding forward only zones' do let(:chef_run) do ChefSpec::SoloRunner.new( platform: 'centos', version: '8', step_into: %w(bind_config bind_forward_zone) - ).converge('bind_test::spec_forward_zone') + ).converge('test::spec_forward_zone') end include_context 'version_stub' diff --git a/spec/resources/key_spec.rb b/spec/resources/key_spec.rb index 13f1856..6f9c843 100644 --- a/spec/resources/key_spec.rb +++ b/spec/resources/key_spec.rb @@ -1,10 +1,12 @@ +# frozen_string_literal: true + require 'spec_helper' describe 'key stanza' do let(:chef_run) do ChefSpec::SoloRunner.new( platform: 'centos', version: '8', step_into: %w(bind_config bind_key) - ).converge('bind_test::spec_key') + ).converge('test::spec_key') end include_context 'version_stub' diff --git a/spec/resources/linked_zones_spec.rb b/spec/resources/linked_zones_spec.rb index f8f42d5..5455e25 100644 --- a/spec/resources/linked_zones_spec.rb +++ b/spec/resources/linked_zones_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper' describe 'adding linked zone' do @@ -6,7 +8,7 @@ platform: 'ubuntu', version: '16.04', step_into: %w( bind_config bind_view bind_primary_zone bind_linked_zone ) - ).converge('bind_test::spec_linked_zones') + ).converge('test::spec_linked_zones') end include_context 'version_stub' diff --git a/spec/resources/logging_spec.rb b/spec/resources/logging_spec.rb index e15fb47..67fdacc 100644 --- a/spec/resources/logging_spec.rb +++ b/spec/resources/logging_spec.rb @@ -1,3 +1,4 @@ +# frozen_string_literal: true require 'spec_helper' @@ -9,7 +10,7 @@ bind_logging_channel bind_logging_category ) - ).converge('bind_test::spec_basic_logging_channel') + ).converge('test::spec_basic_logging_channel') end include_context 'version_stub' diff --git a/spec/resources/primary_zone_spec.rb b/spec/resources/primary_zone_spec.rb index 475df63..a3e4eb5 100644 --- a/spec/resources/primary_zone_spec.rb +++ b/spec/resources/primary_zone_spec.rb @@ -1,10 +1,12 @@ +# frozen_string_literal: true + require 'spec_helper' describe 'adding primary zones' do let(:chef_run) do ChefSpec::SoloRunner.new( platform: 'centos', version: '8', step_into: %w(bind_config bind_primary_zone) - ).converge('bind_test::spec_primary_zone') + ).converge('test::spec_primary_zone') end include_context 'version_stub' diff --git a/spec/resources/primary_zone_template_spec.rb b/spec/resources/primary_zone_template_spec.rb index c293f23..46dcd7d 100644 --- a/spec/resources/primary_zone_template_spec.rb +++ b/spec/resources/primary_zone_template_spec.rb @@ -1,10 +1,12 @@ +# frozen_string_literal: true + require 'spec_helper' describe 'adding primary zones' do let(:chef_run) do ChefSpec::SoloRunner.new( platform: 'centos', version: '8', step_into: %w(bind_config bind_primary_zone_template) - ).converge('bind_test::spec_primary_zone_template') + ).converge('test::spec_primary_zone_template') end include_context 'version_stub' @@ -74,7 +76,7 @@ node.default['bind']['zone']['custom.example.com']['hash'] = '100' node.default['bind']['zone']['nochange.example.com'].tap do |zone| zone['serial'] = '999' - zone['hash'] = '6a4740b2f4c1ba64e4b54ec4c3344e4c067d6015939af6c614a3e32babb4c52f' + zone['hash'] = 'ba764135482976fa2c1953075a8077f5d5a951052133456f83c1084c8bfcf173' end end end @@ -88,14 +90,14 @@ end it 'persists a serial number to the node' do - chef_run.converge('bind_test::spec_primary_zone_template_manage_serial') + chef_run.converge('test::spec_primary_zone_template_manage_serial') attribute = chef_run.node.default expect(attribute['bind']['zone']['empty.example.com'].empty?).to be false expect(attribute['bind']['zone']['empty.example.com']['serial']).to eq '1' end it 'persists a hash code to the node object' do - chef_run.converge('bind_test::spec_primary_zone_template_manage_serial') + chef_run.converge('test::spec_primary_zone_template_manage_serial') attribute = chef_run.node.default hash_code = attribute['bind']['zone']['empty.example.com']['hash'] expect(hash_code).to eq '54fb331da7106128dacb7162f72493684c46e5cbd12f9d830ec87d07cbbf3e83' @@ -104,34 +106,34 @@ context 'a zone with no changes' do it 'does not change the persisted serial number' do - chef_run.converge('bind_test::spec_primary_zone_template_manage_serial') + chef_run.converge('test::spec_primary_zone_template_manage_serial') attribute = chef_run.node.default expect(attribute['bind']['zone']['nochange.example.com']['serial']).to eq '999' end it 'does not change the persisted hash code' do - chef_run.converge('bind_test::spec_primary_zone_template_manage_serial') + chef_run.converge('test::spec_primary_zone_template_manage_serial') attribute = chef_run.node.default hash_code = attribute['bind']['zone']['nochange.example.com']['hash'] - expect(hash_code).to eq '6a4740b2f4c1ba64e4b54ec4c3344e4c067d6015939af6c614a3e32babb4c52f' + expect(hash_code).to eq 'ba764135482976fa2c1953075a8077f5d5a951052133456f83c1084c8bfcf173' end end context 'a zone where the hash value has changed' do it 'changes the serial number persisted' do - chef_run.converge('bind_test::spec_primary_zone_template_manage_serial') + chef_run.converge('test::spec_primary_zone_template_manage_serial') attribute = chef_run.node.default['bind']['zone']['custom.example.com'] expect(attribute['serial']).to eq '101' end it 'changes the serial number when managed' do - chef_run.converge('bind_test::spec_primary_zone_template_manage_serial') + chef_run.converge('test::spec_primary_zone_template_manage_serial') attribute = chef_run.node.default['bind']['zone']['nochange.example.com'] expect(attribute['serial']).to eq '999' end it 'uses the custom resource' do - chef_run.converge('bind_test::spec_primary_zone_template_manage_serial') + chef_run.converge('test::spec_primary_zone_template_manage_serial') expect(chef_run).to render_file('/var/named/primary/db.nochange.example.com') expect(chef_run).to create_bind_primary_zone_template('nochange.example.com') expect(chef_run).to create_bind_primary_zone_template('custom.example.com') diff --git a/spec/resources/secondary_zone_spec.rb b/spec/resources/secondary_zone_spec.rb index 3678774..7c95d9c 100644 --- a/spec/resources/secondary_zone_spec.rb +++ b/spec/resources/secondary_zone_spec.rb @@ -1,10 +1,12 @@ +# frozen_string_literal: true + require 'spec_helper' describe 'adding secondary zones' do let(:chef_run) do ChefSpec::SoloRunner.new( platform: 'centos', version: '8', step_into: %w(bind_config bind_secondary_zone) - ).converge('bind_test::spec_secondary_zone') + ).converge('test::spec_secondary_zone') end include_context 'version_stub' diff --git a/spec/resources/server_spec.rb b/spec/resources/server_spec.rb index 8a7f220..e2b97bd 100644 --- a/spec/resources/server_spec.rb +++ b/spec/resources/server_spec.rb @@ -1,10 +1,12 @@ +# frozen_string_literal: true + require 'spec_helper' describe 'set server options' do let(:chef_run) do ChefSpec::SoloRunner.new( platform: 'centos', version: '8', step_into: %w(bind_service bind_config bind_server) - ).converge('bind_test::spec_server') + ).converge('test::spec_server') end include_context 'version_stub' diff --git a/spec/resources/service_spec.rb b/spec/resources/service_spec.rb index fd7bfce..4da6eda 100644 --- a/spec/resources/service_spec.rb +++ b/spec/resources/service_spec.rb @@ -1,10 +1,12 @@ +# frozen_string_literal: true + require 'spec_helper' describe 'basic recipe on centos 8' do let(:chef_run) do ChefSpec::SoloRunner.new( platform: 'centos', version: '8', step_into: ['bind_service'] - ).converge('bind_test::spec_basic') + ).converge('test::spec_basic') end include_context 'version_stub' @@ -40,7 +42,7 @@ let(:chef_run) do ChefSpec::SoloRunner.new( platform: 'ubuntu', version: '18.04', step_into: ['bind_service'] - ).converge('bind_test::spec_chroot') + ).converge('test::spec_chroot') end include_context 'version_stub' @@ -112,11 +114,71 @@ end end +describe 'chroot recipe on debian 12' do + let(:chef_run) do + ChefSpec::SoloRunner.new( + platform: 'debian', version: '12', step_into: ['bind_service'] + ).converge('test::spec_chroot') + end + + include_context 'version_stub' + + it 'creates systemd drop-ins for the alias and canonical service names' do + expect(chef_run).to create_directory('/etc/systemd/system/bind9.service.d') + expect(chef_run).to create_directory('/etc/systemd/system/named.service.d') + end + + it 'uses simple systemd service type for chrooted named' do + expect(chef_run).to render_file('/etc/systemd/system/named.service.d/managed-keys.conf') + .with_content(/^Type=simple$/) + expect(chef_run).to render_file('/etc/systemd/system/named.service.d/managed-keys.conf') + .with_content(%r{^ExecCondition=/usr/local/lib/named/clear-managed-keys\.sh$}) + end +end + +describe 'chroot recipe on ubuntu 24.04' do + let(:chef_run) do + ChefSpec::SoloRunner.new( + platform: 'ubuntu', version: '24.04', step_into: ['bind_service'] + ).converge('test::spec_chroot') + end + + include_context 'version_stub' + + it 'creates systemd drop-ins for the alias and canonical service names' do + expect(chef_run).to create_directory('/etc/systemd/system/bind9.service.d') + expect(chef_run).to create_directory('/etc/systemd/system/named.service.d') + end + + it 'uses simple systemd service type for chrooted named' do + expect(chef_run).to render_file('/etc/systemd/system/named.service.d/managed-keys.conf') + .with_content(/^Type=simple$/) + expect(chef_run).to render_file('/etc/systemd/system/named.service.d/managed-keys.conf') + .with_content(%r{^ExecCondition=/usr/local/lib/named/clear-managed-keys\.sh$}) + end +end + +describe 'chroot recipe on ubuntu 22.04' do + let(:chef_run) do + ChefSpec::SoloRunner.new( + platform: 'ubuntu', version: '22.04', step_into: ['bind_service'] + ).converge('test::spec_chroot') + end + + include_context 'version_stub' + + it 'does not use simple systemd service type for chrooted named' do + expect(chef_run).to render_file('/etc/systemd/system/named.service.d/managed-keys.conf') + expect(chef_run).to_not render_file('/etc/systemd/system/named.service.d/managed-keys.conf') + .with_content(/^Type=simple$/) + end +end + describe 'chroot recipe on centos 8' do let(:chef_run) do ChefSpec::SoloRunner.new( platform: 'centos', version: '8', step_into: ['bind_service'] - ).converge('bind_test::spec_chroot') + ).converge('test::spec_chroot') end include_context 'version_stub' @@ -166,7 +228,7 @@ let(:chef_run) do ChefSpec::SoloRunner.new( platform: 'centos', version: '8', step_into: ['bind_service'] - ).converge('bind_test::spec_overridden') + ).converge('test::spec_overridden') end it 'creates configuration directories' do @@ -185,7 +247,7 @@ let(:chef_run) do ChefSpec::SoloRunner.new( platform: 'ubuntu', version: '18.04', step_into: ['bind_service'] - ).converge('bind_test::spec_basic') + ).converge('test::spec_basic') end include_context 'version_stub' diff --git a/spec/resources/stub_zone_spec.rb b/spec/resources/stub_zone_spec.rb index 83aadc9..8033a2d 100644 --- a/spec/resources/stub_zone_spec.rb +++ b/spec/resources/stub_zone_spec.rb @@ -1,10 +1,12 @@ +# frozen_string_literal: true + require 'spec_helper' describe 'adding stub zones' do let(:chef_run) do ChefSpec::SoloRunner.new( platform: 'centos', version: '8', step_into: %w(bind_config bind_stub_zone) - ).converge('bind_test::spec_stub_zone') + ).converge('test::spec_stub_zone') end include_context 'version_stub' diff --git a/spec/resources/view_spec.rb b/spec/resources/view_spec.rb index 5e94f80..60d0ca2 100644 --- a/spec/resources/view_spec.rb +++ b/spec/resources/view_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper' describe 'adding a single view' do @@ -10,7 +12,7 @@ bind_secondary_zone bind_forward_zone ) - ).converge('bind_test::spec_single_view') + ).converge('test::spec_single_view') end include_context 'version_stub' @@ -50,7 +52,7 @@ let(:chef_run) do ChefSpec::SoloRunner.new( platform: 'centos', version: '8', step_into: %w(bind_config bind_view bind_primary_zone) - ).converge('bind_test::spec_single_view_with_options') + ).converge('test::spec_single_view_with_options') end include_context 'version_stub' @@ -84,7 +86,7 @@ platform: 'centos', version: '8', step_into: %w( bind_config bind_view bind_primary_zone bind_primary_zone_template ) - ).converge('bind_test::spec_multiple_views') + ).converge('test::spec_multiple_views') end include_context 'version_stub' diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 7a29874..e4f63a3 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -1,13 +1,14 @@ +# frozen_string_literal: true + require 'chefspec' require 'chefspec/berkshelf' RSpec.configure(&:raise_errors_for_deprecations!) -# RSpec.configure do |config| -# config.cookbook_path = 'test/fixtures/cookbooks' -# end shared_context 'version_stub' do before do + stub_command('systemctl is-enabled systemd-resolved.service 2>/dev/null | grep -q "^masked$"').and_return(false) + stubs_for_provider('bind_config[default]') do |provider| allow(provider).to receive_shell_out('named -v', stdout: 'BIND 9.16.23 (Extended Support Version) ') end diff --git a/files/default/named.ca b/templates/default/named.ca similarity index 100% rename from files/default/named.ca rename to templates/default/named.ca diff --git a/files/default/named.empty b/templates/default/named.empty similarity index 100% rename from files/default/named.empty rename to templates/default/named.empty diff --git a/files/default/named.localhost b/templates/default/named.localhost similarity index 100% rename from files/default/named.localhost rename to templates/default/named.localhost diff --git a/files/default/named.loopback b/templates/default/named.loopback similarity index 100% rename from files/default/named.loopback rename to templates/default/named.loopback diff --git a/files/default/named.rfc1912.zones b/templates/default/named.rfc1912.zones similarity index 100% rename from files/default/named.rfc1912.zones rename to templates/default/named.rfc1912.zones diff --git a/test/fixtures/cookbooks/bind_test/files/default/custom-example.net b/test/cookbooks/test/files/default/custom-example.net similarity index 100% rename from test/fixtures/cookbooks/bind_test/files/default/custom-example.net rename to test/cookbooks/test/files/default/custom-example.net diff --git a/test/fixtures/cookbooks/bind_test/files/default/example.org b/test/cookbooks/test/files/default/example.org similarity index 100% rename from test/fixtures/cookbooks/bind_test/files/default/example.org rename to test/cookbooks/test/files/default/example.org diff --git a/test/cookbooks/test/metadata.rb b/test/cookbooks/test/metadata.rb new file mode 100644 index 0000000..60b9d90 --- /dev/null +++ b/test/cookbooks/test/metadata.rb @@ -0,0 +1,8 @@ +# frozen_string_literal: true + +name 'test' +version '1.0.0' +maintainer 'Sous Chefs' +maintainer_email 'help@sous-chefs.org' + +depends 'bind' diff --git a/test/fixtures/cookbooks/bind_test/recipes/chroot.rb b/test/cookbooks/test/recipes/chroot.rb similarity index 93% rename from test/fixtures/cookbooks/bind_test/recipes/chroot.rb rename to test/cookbooks/test/recipes/chroot.rb index cefc5e0..b0e3161 100644 --- a/test/fixtures/cookbooks/bind_test/recipes/chroot.rb +++ b/test/cookbooks/test/recipes/chroot.rb @@ -1,4 +1,6 @@ -include_recipe 'bind_test::disable_resolved' +# frozen_string_literal: true + +include_recipe 'test::disable_resolved' bind_service 'default' do chroot true diff --git a/test/fixtures/cookbooks/bind_test/recipes/default.rb b/test/cookbooks/test/recipes/default.rb similarity index 81% rename from test/fixtures/cookbooks/bind_test/recipes/default.rb rename to test/cookbooks/test/recipes/default.rb index 7eefae7..0a3b057 100644 --- a/test/fixtures/cookbooks/bind_test/recipes/default.rb +++ b/test/cookbooks/test/recipes/default.rb @@ -1,4 +1,6 @@ -include_recipe 'bind_test::disable_resolved' +# frozen_string_literal: true + +include_recipe 'test::disable_resolved' bind_service 'default' do action [:create, :start] @@ -6,10 +8,22 @@ bind_config 'default' do controls ['inet 127.0.0.1 port 953 allow { 127.0.0.1; }'] + options [ + 'allow-query { trusted-nets; }', + 'recursion yes', + 'allow-recursion { trusted-nets; }', + ] statistics_channel address: '127.0.0.1', port: 8080, allow: '127.0.0.1' action :create end +bind_acl 'trusted-nets' do + entries %w( + localhost + localnets + ) +end + bind_primary_zone 'example.org' bind_secondary_zone 'secondary.example.org' do diff --git a/test/cookbooks/test/recipes/disable_resolved.rb b/test/cookbooks/test/recipes/disable_resolved.rb new file mode 100644 index 0000000..75a4962 --- /dev/null +++ b/test/cookbooks/test/recipes/disable_resolved.rb @@ -0,0 +1,6 @@ +# frozen_string_literal: true + +execute 'mask_systemd_resolved' do + command 'systemctl mask --now systemd-resolved.service systemd-resolved.socket' + not_if 'systemctl is-enabled systemd-resolved.service 2>/dev/null | grep -q "^masked$"' +end diff --git a/test/fixtures/cookbooks/bind_test/recipes/linked_zones.rb b/test/cookbooks/test/recipes/linked_zones.rb similarity index 88% rename from test/fixtures/cookbooks/bind_test/recipes/linked_zones.rb rename to test/cookbooks/test/recipes/linked_zones.rb index ff87551..f696718 100644 --- a/test/fixtures/cookbooks/bind_test/recipes/linked_zones.rb +++ b/test/cookbooks/test/recipes/linked_zones.rb @@ -1,4 +1,6 @@ -include_recipe 'bind_test::disable_resolved' +# frozen_string_literal: true + +include_recipe 'test::disable_resolved' bind_service 'default' do action [:create, :start] diff --git a/test/fixtures/cookbooks/bind_test/recipes/logging.rb b/test/cookbooks/test/recipes/logging.rb similarity index 93% rename from test/fixtures/cookbooks/bind_test/recipes/logging.rb rename to test/cookbooks/test/recipes/logging.rb index 3e48f09..c4b2fdf 100644 --- a/test/fixtures/cookbooks/bind_test/recipes/logging.rb +++ b/test/cookbooks/test/recipes/logging.rb @@ -1,4 +1,6 @@ -include_recipe 'bind_test::disable_resolved' +# frozen_string_literal: true + +include_recipe 'test::disable_resolved' bind_service 'default' do action [:create, :start] diff --git a/test/fixtures/cookbooks/bind_test/recipes/spec_acl.rb b/test/cookbooks/test/recipes/spec_acl.rb similarity index 91% rename from test/fixtures/cookbooks/bind_test/recipes/spec_acl.rb rename to test/cookbooks/test/recipes/spec_acl.rb index 1a4e383..5330d3d 100644 --- a/test/fixtures/cookbooks/bind_test/recipes/spec_acl.rb +++ b/test/cookbooks/test/recipes/spec_acl.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + bind_service 'default' do action [:create, :start] end diff --git a/test/fixtures/cookbooks/bind_test/recipes/spec_additional_config_files.rb b/test/cookbooks/test/recipes/spec_additional_config_files.rb similarity index 86% rename from test/fixtures/cookbooks/bind_test/recipes/spec_additional_config_files.rb rename to test/cookbooks/test/recipes/spec_additional_config_files.rb index f15b957..5a9120e 100644 --- a/test/fixtures/cookbooks/bind_test/recipes/spec_additional_config_files.rb +++ b/test/cookbooks/test/recipes/spec_additional_config_files.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + bind_service 'default' do action [:create, :start] end diff --git a/test/fixtures/cookbooks/bind_test/recipes/spec_basic.rb b/test/cookbooks/test/recipes/spec_basic.rb similarity index 72% rename from test/fixtures/cookbooks/bind_test/recipes/spec_basic.rb rename to test/cookbooks/test/recipes/spec_basic.rb index 1dff225..87f5c95 100644 --- a/test/fixtures/cookbooks/bind_test/recipes/spec_basic.rb +++ b/test/cookbooks/test/recipes/spec_basic.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + bind_service 'default' do action [:create, :start] end diff --git a/test/fixtures/cookbooks/bind_test/recipes/spec_basic_logging_channel.rb b/test/cookbooks/test/recipes/spec_basic_logging_channel.rb similarity index 95% rename from test/fixtures/cookbooks/bind_test/recipes/spec_basic_logging_channel.rb rename to test/cookbooks/test/recipes/spec_basic_logging_channel.rb index 18f76a8..f031e98 100644 --- a/test/fixtures/cookbooks/bind_test/recipes/spec_basic_logging_channel.rb +++ b/test/cookbooks/test/recipes/spec_basic_logging_channel.rb @@ -1,3 +1,4 @@ +# frozen_string_literal: true bind_service 'default' do action [:create, :start] diff --git a/test/fixtures/cookbooks/bind_test/recipes/spec_chroot.rb b/test/cookbooks/test/recipes/spec_chroot.rb similarity index 79% rename from test/fixtures/cookbooks/bind_test/recipes/spec_chroot.rb rename to test/cookbooks/test/recipes/spec_chroot.rb index 8ef54b0..202287a 100644 --- a/test/fixtures/cookbooks/bind_test/recipes/spec_chroot.rb +++ b/test/cookbooks/test/recipes/spec_chroot.rb @@ -1,3 +1,4 @@ +# frozen_string_literal: true bind_service 'default' do chroot true diff --git a/test/fixtures/cookbooks/bind_test/recipes/spec_forward_zone.rb b/test/cookbooks/test/recipes/spec_forward_zone.rb similarity index 87% rename from test/fixtures/cookbooks/bind_test/recipes/spec_forward_zone.rb rename to test/cookbooks/test/recipes/spec_forward_zone.rb index 0d2417a..3c83cff 100644 --- a/test/fixtures/cookbooks/bind_test/recipes/spec_forward_zone.rb +++ b/test/cookbooks/test/recipes/spec_forward_zone.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + bind_service 'default' do action [:create, :start] end diff --git a/test/fixtures/cookbooks/bind_test/recipes/spec_key.rb b/test/cookbooks/test/recipes/spec_key.rb similarity index 84% rename from test/fixtures/cookbooks/bind_test/recipes/spec_key.rb rename to test/cookbooks/test/recipes/spec_key.rb index f3c7fdc..01eac6e 100644 --- a/test/fixtures/cookbooks/bind_test/recipes/spec_key.rb +++ b/test/cookbooks/test/recipes/spec_key.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + bind_service 'default' do action [:create, :start] end diff --git a/test/fixtures/cookbooks/bind_test/recipes/spec_linked_zones.rb b/test/cookbooks/test/recipes/spec_linked_zones.rb similarity index 93% rename from test/fixtures/cookbooks/bind_test/recipes/spec_linked_zones.rb rename to test/cookbooks/test/recipes/spec_linked_zones.rb index 6d0db97..e27a38b 100644 --- a/test/fixtures/cookbooks/bind_test/recipes/spec_linked_zones.rb +++ b/test/cookbooks/test/recipes/spec_linked_zones.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + bind_service 'default' do action [:create, :start] end diff --git a/test/fixtures/cookbooks/bind_test/recipes/spec_multiple_views.rb b/test/cookbooks/test/recipes/spec_multiple_views.rb similarity index 94% rename from test/fixtures/cookbooks/bind_test/recipes/spec_multiple_views.rb rename to test/cookbooks/test/recipes/spec_multiple_views.rb index 862ce2f..10234a4 100644 --- a/test/fixtures/cookbooks/bind_test/recipes/spec_multiple_views.rb +++ b/test/cookbooks/test/recipes/spec_multiple_views.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + bind_service 'default' do action [:create, :start] end diff --git a/test/fixtures/cookbooks/bind_test/recipes/spec_overridden.rb b/test/cookbooks/test/recipes/spec_overridden.rb similarity index 92% rename from test/fixtures/cookbooks/bind_test/recipes/spec_overridden.rb rename to test/cookbooks/test/recipes/spec_overridden.rb index b9874ea..48e0d25 100644 --- a/test/fixtures/cookbooks/bind_test/recipes/spec_overridden.rb +++ b/test/cookbooks/test/recipes/spec_overridden.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + bind_service 'default' do sysconfdir '/test/etc' vardir '/test/var' diff --git a/test/fixtures/cookbooks/bind_test/recipes/spec_primary_zone.rb b/test/cookbooks/test/recipes/spec_primary_zone.rb similarity index 92% rename from test/fixtures/cookbooks/bind_test/recipes/spec_primary_zone.rb rename to test/cookbooks/test/recipes/spec_primary_zone.rb index 636cc0f..e5bde0e 100644 --- a/test/fixtures/cookbooks/bind_test/recipes/spec_primary_zone.rb +++ b/test/cookbooks/test/recipes/spec_primary_zone.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + bind_service 'default' do action [:create, :start] end diff --git a/test/fixtures/cookbooks/bind_test/recipes/spec_primary_zone_template.rb b/test/cookbooks/test/recipes/spec_primary_zone_template.rb similarity index 96% rename from test/fixtures/cookbooks/bind_test/recipes/spec_primary_zone_template.rb rename to test/cookbooks/test/recipes/spec_primary_zone_template.rb index d8a5b67..03fc54e 100644 --- a/test/fixtures/cookbooks/bind_test/recipes/spec_primary_zone_template.rb +++ b/test/cookbooks/test/recipes/spec_primary_zone_template.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + bind_service 'default' do action [:create, :start] end diff --git a/test/fixtures/cookbooks/bind_test/recipes/spec_primary_zone_template_manage_serial.rb b/test/cookbooks/test/recipes/spec_primary_zone_template_manage_serial.rb similarity index 97% rename from test/fixtures/cookbooks/bind_test/recipes/spec_primary_zone_template_manage_serial.rb rename to test/cookbooks/test/recipes/spec_primary_zone_template_manage_serial.rb index c61cb93..f810049 100644 --- a/test/fixtures/cookbooks/bind_test/recipes/spec_primary_zone_template_manage_serial.rb +++ b/test/cookbooks/test/recipes/spec_primary_zone_template_manage_serial.rb @@ -1,3 +1,4 @@ +# frozen_string_literal: true bind_service 'default' do action [:create, :start] diff --git a/test/fixtures/cookbooks/bind_test/recipes/spec_secondary_zone.rb b/test/cookbooks/test/recipes/spec_secondary_zone.rb similarity index 89% rename from test/fixtures/cookbooks/bind_test/recipes/spec_secondary_zone.rb rename to test/cookbooks/test/recipes/spec_secondary_zone.rb index 98fa914..57b147d 100644 --- a/test/fixtures/cookbooks/bind_test/recipes/spec_secondary_zone.rb +++ b/test/cookbooks/test/recipes/spec_secondary_zone.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + bind_service 'default' do action [:create, :start] end diff --git a/test/fixtures/cookbooks/bind_test/recipes/spec_server.rb b/test/cookbooks/test/recipes/spec_server.rb similarity index 82% rename from test/fixtures/cookbooks/bind_test/recipes/spec_server.rb rename to test/cookbooks/test/recipes/spec_server.rb index 993ea13..01f7553 100644 --- a/test/fixtures/cookbooks/bind_test/recipes/spec_server.rb +++ b/test/cookbooks/test/recipes/spec_server.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + bind_service 'default' do action [:create, :start] end diff --git a/test/fixtures/cookbooks/bind_test/recipes/spec_single_view.rb b/test/cookbooks/test/recipes/spec_single_view.rb similarity index 91% rename from test/fixtures/cookbooks/bind_test/recipes/spec_single_view.rb rename to test/cookbooks/test/recipes/spec_single_view.rb index c34e40c..f982395 100644 --- a/test/fixtures/cookbooks/bind_test/recipes/spec_single_view.rb +++ b/test/cookbooks/test/recipes/spec_single_view.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + bind_service 'default' do action [:create, :start] end diff --git a/test/fixtures/cookbooks/bind_test/recipes/spec_single_view_with_options.rb b/test/cookbooks/test/recipes/spec_single_view_with_options.rb similarity index 92% rename from test/fixtures/cookbooks/bind_test/recipes/spec_single_view_with_options.rb rename to test/cookbooks/test/recipes/spec_single_view_with_options.rb index 627cc8b..8ccfaa7 100644 --- a/test/fixtures/cookbooks/bind_test/recipes/spec_single_view_with_options.rb +++ b/test/cookbooks/test/recipes/spec_single_view_with_options.rb @@ -1,3 +1,4 @@ +# frozen_string_literal: true bind_service 'default' do action [:create, :start] diff --git a/test/fixtures/cookbooks/bind_test/recipes/spec_stub_zone.rb b/test/cookbooks/test/recipes/spec_stub_zone.rb similarity index 89% rename from test/fixtures/cookbooks/bind_test/recipes/spec_stub_zone.rb rename to test/cookbooks/test/recipes/spec_stub_zone.rb index 60ba51d..0453651 100644 --- a/test/fixtures/cookbooks/bind_test/recipes/spec_stub_zone.rb +++ b/test/cookbooks/test/recipes/spec_stub_zone.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + bind_service 'default' do action [:create, :start] end diff --git a/test/fixtures/cookbooks/bind_test/recipes/views.rb b/test/cookbooks/test/recipes/views.rb similarity index 95% rename from test/fixtures/cookbooks/bind_test/recipes/views.rb rename to test/cookbooks/test/recipes/views.rb index 3d0f634..ddb016d 100644 --- a/test/fixtures/cookbooks/bind_test/recipes/views.rb +++ b/test/cookbooks/test/recipes/views.rb @@ -1,4 +1,6 @@ -include_recipe 'bind_test::disable_resolved' +# frozen_string_literal: true + +include_recipe 'test::disable_resolved' bind_service 'default' do action [:create, :start] diff --git a/test/cookbooks/test/recipes/zone_options.rb b/test/cookbooks/test/recipes/zone_options.rb new file mode 100644 index 0000000..5699c84 --- /dev/null +++ b/test/cookbooks/test/recipes/zone_options.rb @@ -0,0 +1,34 @@ +# frozen_string_literal: true + +include_recipe 'test::disable_resolved' + +bind_service 'default' do + action [:create, :start] +end + +bind_config 'default' + +if platform_family?('debian') + vardir = '/var/cache/bind' + run_user = 'bind' + run_group = 'bind' +else + vardir = '/var/named' + run_user = 'named' + run_group = 'named' +end + +# manage file externally +cookbook_file "#{vardir}/primary/db.example.org" do + source 'example.org' + owner run_user + group run_group +end + +bind_primary_zone 'example.org' do + action :create_config_only +end + +bind_primary_zone 'example.net' do + source_file 'custom-example.net' +end diff --git a/test/fixtures/cookbooks/bind_test/metadata.rb b/test/fixtures/cookbooks/bind_test/metadata.rb deleted file mode 100644 index 15c7076..0000000 --- a/test/fixtures/cookbooks/bind_test/metadata.rb +++ /dev/null @@ -1,6 +0,0 @@ -name 'bind_test' -version '1.0.0' -maintainer 'David Bruce' -maintainer_email 'djb@ragnarok.net' - -depends 'bind' diff --git a/test/fixtures/cookbooks/bind_test/recipes/disable_resolved.rb b/test/fixtures/cookbooks/bind_test/recipes/disable_resolved.rb deleted file mode 100644 index 6b12133..0000000 --- a/test/fixtures/cookbooks/bind_test/recipes/disable_resolved.rb +++ /dev/null @@ -1,3 +0,0 @@ -service 'systemd-resolved' do - action :stop -end diff --git a/test/fixtures/cookbooks/bind_test/recipes/zone_options.rb b/test/fixtures/cookbooks/bind_test/recipes/zone_options.rb deleted file mode 100644 index aaec1cd..0000000 --- a/test/fixtures/cookbooks/bind_test/recipes/zone_options.rb +++ /dev/null @@ -1,25 +0,0 @@ -include_recipe 'bind_test::disable_resolved' - -bind_service 'default' do - action [:create, :start] -end - -bind_config 'default' - -::Chef::DSL::Recipe.include BindCookbook::Helpers -::Chef::Resource.include BindCookbook::Helpers - -# manage file externally -cookbook_file "#{default_property_for(:vardir, false)}/primary/db.example.org" do - source 'example.org' - owner default_property_for(:run_user, false) - group default_property_for(:run_group, false) -end - -bind_primary_zone 'example.org' do - action :create_config_only -end - -bind_primary_zone 'example.net' do - source_file 'custom-example.net' -end diff --git a/test/integration/bind/controls/default_spec.rb b/test/integration/default/controls/default_spec.rb similarity index 82% rename from test/integration/bind/controls/default_spec.rb rename to test/integration/default/controls/default_spec.rb index 5842d2a..8749300 100644 --- a/test/integration/bind/controls/default_spec.rb +++ b/test/integration/default/controls/default_spec.rb @@ -9,13 +9,9 @@ case os.family when 'debian' chroot_cmd = '-t /var/bind9/chroot' - named_cmd = if os.name == 'debian' && os.release.to_i == 10 - '/usr/sbin/named -u bind' - else - '/usr/sbin/named -f -u bind' - end + named_cmd = %r{/usr/sbin/named (?:-f )?-u bind} when 'redhat', 'fedora' - named_cmd = '/usr/sbin/named -u named -c /etc/named.conf' + named_cmd = %r{/usr/sbin/named -u named -c /etc/named\.conf} chroot_cmd = '-t /var/named/chroot' end @@ -26,10 +22,12 @@ end describe processes 'named' do + subject { processes('named').commands.join("\n") } + if chroot - its('commands') { should include "#{named_cmd} #{chroot_cmd}" } + it { should match(/#{named_cmd.source} #{Regexp.escape(chroot_cmd)}/) } else - its('commands') { should include named_cmd } + it { should match(named_cmd) } end end @@ -61,8 +59,10 @@ end if logging + queried_domain = Regexp.escape(domain) + describe file '/srv/query.log' do - its('content') { should match(/^client.*127.0.0.1#\d+.*query: www.google.com/) } + its('content') { should match(/^client.*127.0.0.1#\d+.*query: #{queried_domain}/) } end describe file '/srv/general.log' do diff --git a/test/integration/bind/inspec.yml b/test/integration/default/inspec.yml similarity index 55% rename from test/integration/bind/inspec.yml rename to test/integration/default/inspec.yml index 7820d7a..06d9e87 100644 --- a/test/integration/bind/inspec.yml +++ b/test/integration/default/inspec.yml @@ -1,12 +1,17 @@ --- -name: bind +name: default +title: Default BIND resource tests +maintainer: Sous Chefs +license: Apache-2.0 +summary: Verifies BIND service and DNS responses +version: 1.0.0 inputs: - name: domain type: String - value: www.google.com + value: ns1.example.org - name: host_string type: String - value: "www.google.com has address " + value: "ns1.example.org has address 1.1.1.1" - name: chroot type: Boolean value: false