proposal for improvement to have a better split between data and code

README.md

@@ -42,6 +42,14 @@ class { 'bind':
   allow_recursion   => [ 'localhost', ],
 }
 ```
+Or with hiera
+```puppet
+bind::listen_on: 127.0.0.1
+bind::listen_on_v6: none
+bind::allow_query: localhost
+bind::allow_query_cache: localhost
+bind::allow_recursion: localhost
+```
 
 ## Usage
 
@@ -60,6 +68,22 @@ bind::acl { 'lan':
   address_match_list => [ '192.168.10.0/24' ],
 }
 ```
+Or with hiera
+```puppet
+bind::allow_query:
+  - localhost
+  - lan
+bind::allow_query_cache:
+  - localhost
+  - lan
+bind::allow_recursion:
+  - localhost
+  - lan
+
+bind::acls:
+  lan:
+    address_match_list: 192.168.10.0/24
+```
 
 ### Caching name server with forwarders
 
@@ -73,6 +97,21 @@ class { 'bind':
   forwarders        => [ '10.0.0.53', '10.1.1.53', ],
 }
 ```
+Or with hiera
+```puppet
+bind::allow_query:
+  - localhost
+  - 10/8
+bind::allow_query_cache:
+  - localhost
+  - 10/8
+bind::allow_recursion:
+  - localhost
+  - 10/8
+bind::forwarders:
+  - 10.0.0.53
+  - 10.1.1.53
+```
 
 ### Manage a primary zone
 
@@ -83,6 +122,12 @@ bind::zone::primary { 'example.com':
   source => 'puppet:///modules/profile/dns/example.com.zone',
 }
 ```
+Or with hiera
+```puppet
+bind::zone::primaries:
+  example.com:
+    source: 'puppet:///modules/profile/dns/example.com.zone'
+```
 
 The zone file will be managed on the server as `/var/lib/bind/primary/com/example/db.example.com`. This tree structure is better than a flat directory structure if many zones will be managed by the server.
 
@@ -101,6 +146,18 @@ bind::zone::primary { 'example.com':
   content       => epp("profile/dynamic-zone-template.epp", $params),
 }
 ```
+Or with hiera
+```puppet
+bind::keys:
+  nsupdate:
+    secret: TopSecret
+    keyfile: /etc/bind/nsupdate.key
+
+bind::zone::primaries:
+  example.com:
+    update_policy: grant nsupdate zonesub any
+    content: 'epp("profile/dynamic-zone-template.epp", $params)'
+```
 
 If the zone file `/var/lib/bind/primary/com/example/db.example.com` does not exist on the name server, a new file will be created using the specified template. After that the file content can not be managed by Puppet as `named` will periodically need to update the zone file when processing dynamic updates. The `source` or `content` parameters are ignored in this case.
 
@@ -122,6 +179,20 @@ bind::zone::primary { 'example.net':
   source         => 'puppet:///modules/profile/dns/example.net.zone',
 }
 ```
+Or with hiera
+```puppet
+bind::dnssec_policies:
+  standard:
+    csk_lifetime: unlimited
+    csk_algorithm: ecdsap256sha256
+
+bind::zone::primaries:
+  example.net:
+    dnssec_policy: standard
+    inline_signing: true
+    source: 'puppet:///modules/profile/dns/example.net.zone'
+}
+```
 
 DNSSEC policies are available with Bind 9.16 and later.
 
@@ -138,6 +209,16 @@ bind::view { 'internal':
   order           => '10',
 }
 ```
+Or with hiera
+```puppet
+bind::views:
+  internal:
+    match_clients: localnets
+    allow_query: localnets
+    allow_recursion: localnets
+    recursion: true
+    order: 10
+```
 
 The view `external` is for all other hosts and should only be used for your primary or secondary zones.
 
@@ -151,6 +232,17 @@ bind::view { 'external':
   order                    => '20',
 }
 ```
+Or with hiera
+```puppet
+bind::views:
+  external:
+    match_clients: any
+    allow_query: any
+    recursion: false
+    localhost_forward_enable: false
+    localhost_reverse_enable: false
+    order: 20
+```
 
 The defined types `bind::zone::primary` and `bind::zone::secondary` can be used to add zones to this view.
 

manifests/init.pp

@@ -321,6 +321,73 @@
 #   once a day the DNSSEC trust anchors in use will be transmitted to the zon
 #   owners. This is enabled by default.
 #
+# @param bind:acls
+#   Hash of `bind::acls` resources.
+#   source the hash of bind::acls and trigger the class bind::acl 
+#
+# @param bind:amls
+#   Hash of `bind::amls` resources.
+#   source the hash of bind::amls and trigger the class bind::aml 
+#
+# @param dnssec_policies
+#   Hash of `bind::dnssec_policies` resources.
+#   source the hash of bind::dnssec_policies and trigger the class bind::dnssec_policy
+#
+# @param keys
+#   Hash of `bind::keys` resources.
+#   source the hash of bind::keys and trigger the class bind::key
+#
+# @param views
+#   Hash of `bind::views` resources.
+#   source the hash of bind::views and trigger the class bind::view
+#
+# @param statistics_channels
+#   Hash of `bind::statistics_channels` resources.
+#   source the hash of bind::statistics_channels and trigger the class bind::statistics_channel
+#
+# @param controls_inets
+#   Hash of `bind::controls::inets` resources.
+#   source the hash of bind::controls::inets and trigger the class bind::controls::inet
+#
+# @param controls_unixs
+#   Hash of `bind::controls::unixs` resources.
+#   source the hash of bind::controls::unixs and trigger the class bind::controls::unix
+#
+# @param logging_categories
+#   Hash of `bind::logging::categories` resources.
+#   source the hash of bind::logging::categories and trigger the class bind::logging::category
+#
+# @param logging_channel_files
+#   Hash of `bind::logging::channel_files` resources.
+#   source the hash of bind::logging::channel_files and trigger the class bind::logging::channel_file
+#
+# @param logging_channel_syslogs
+#   Hash of `bind::logging::channel_syslogs` resources.
+#   source the hash of bind::logging::channel_syslogs and trigger the class bind::logging::channel_syslog
+#
+# @param zone_forwards
+#   Hash of `bind::zone::forwards` resources.
+#   source the hash of bind::zone::forwards and trigger the class bind::zone::forward
+#
+# @param zone_hints
+#   Hash of `bind::zone::hints` resources.
+#   source the hash of bind::zone::hints and trigger the class bind::zone::hint
+#
+# @param zone_in_views
+#   Hash of `bind::zone::in_views` resources.
+#   source the hash of bind::zone::in_views and trigger the class bind::zone::in_view
+#
+# @param zone_mirrors
+#   Hash of `bind::zone::mirrors` resources.
+#   source the hash of bind::zone::mirrors and trigger the class bind::zone::mirror
+#
+# @param zone_primaries
+#   Hash of `bind::zone::primaries` resources.
+#   source the hash of bind::zone::primaries and trigger the class bind::zone::primary
+#
+# @param zone_secondaries
+#   Hash of `bind::zone::secondaries` resources.
+#   source the hash of bind::zone::secondaries and trigger the class bind::zone::secondary
 #
 class bind (
   Stdlib::Absolutepath      $confdir,
@@ -385,6 +452,24 @@
   Optional[String]          $report_version           = undef,
   Optional[Boolean]         $querylog_enable          = undef,
   Optional[Boolean]         $trust_anchor_telemetry   = undef,
+  Optional[Hash]            $acls                     = {},
+  Optional[Hash]            $amls                     = {},
+  Optional[Hash]            $configs                  = {},
+  Optional[Hash]            $dnssec_policies          = {},
+  Optional[Hash]            $keys                     = {},
+  Optional[Hash]            $statistics_channels      = {},
+  Optional[Hash]            $views                    = {},
+  Optional[Hash]            $controls_inets           = lookup(bind::controls::inets,         undef, undef, {}),
+  Optional[Hash]            $controls_unixes          = lookup(bind::controls::unixes,        undef, undef, {}),
+  Optional[Hash]            $logging_categories       = lookup(bind::logging::categories,     undef, undef, {}),
+  Optional[Hash]            $logging_channel_files    = lookup(bind::logging::channel_files,  undef, undef, {}),
+  Optional[Hash]            $logging_channel_syslogs  = lookup(bind::logging::syslogs,        undef, undef, {}),
+  Optional[Hash]            $zone_forwards            = lookup(bind::zone::forwards,          undef, undef, {}),
+  Optional[Hash]            $zone_hints               = lookup(bind::zone::hints,             undef, undef, {}),
+  Optional[Hash]            $zone_in_views            = lookup(bind::zone::in_views,          undef, undef, {}),
+  Optional[Hash]            $zone_mirrors             = lookup(bind::zone::mirrors,           undef, undef, {}),
+  Optional[Hash]            $zone_primaries           = lookup(bind::zone::primaries,         undef, undef, {}),
+  Optional[Hash]            $zone_secondaries         = lookup(bind::zone::secondaries,       undef, undef, {}),
 ) {
   $header_message = '// This file is managed by Puppet. DO NOT EDIT.'
 
@@ -844,6 +929,12 @@
     before  => Service['bind'],
   }
 
+  $configs.each |$key, $value| {
+    bind::config { $key:
+      * => $value,
+    }
+  }
+
   #
   # Misc zone files
   #
@@ -938,4 +1029,106 @@
     name    => $service_name,
     restart => "${rndc_program} reconfig",
   }
+
+  $acls.each |$key, $value| {
+    bind::acl { $key:
+      * => $value,
+    }
+  }
+
+  $amls.each |$key, $value| {
+    bind::aml { $key:
+      * => $value,
+    }
+  }
+
+  $dnssec_policies.each |$key, $value| {
+    bind::dnssec_policy { $key:
+      * => $value,
+    }
+  }
+
+  $keys.each |$key, $value| {
+    bind::key { $key:
+      * => $value,
+    }
+  }
+
+  $statistics_channels.each |$key, $value| {
+    bind::statistics_channel { $key:
+      * => $value,
+    }
+  }
+
+  $views.each |$key, $value| {
+    bind::view { $key:
+      * => $value,
+    }
+  }
+
+  $controls_inets.each |$key, $value| {
+    bind::controls::inet { $key:
+      * => $value,
+    }
+  }
+
+  $controls_unixes.each |$key, $value| {
+    bind::controls::unix { $key:
+      * => $value,
+    }
+  }
+
+  $logging_categories.each |$key, $value| {
+    bind::logging::category { $key:
+      * => $value,
+    }
+  }
+
+  $logging_channel_files.each |$key, $value| {
+    bind::logging::channel_file { $key:
+      * => $value,
+    }
+  }
+
+  $logging_channel_syslogs.each |$key, $value| {
+    bind::logging::channel_syslog { $key:
+      * => $value,
+    }
+  }
+
+  $zone_forwards.each |$key, $value| {
+    bind::zone::forward { $key:
+      * => $value,
+    }
+  }
+
+  $zone_hints.each |$key, $value| {
+    bind::zone::hint { $key:
+      * => $value,
+    }
+  }
+
+  $zone_in_views.each |$key, $value| {
+    bind::zone::in_view { $key:
+      * => $value,
+    }
+  }
+
+  $zone_mirrors.each |$key, $value| {
+    bind::zone::mirror { $key:
+      * => $value,
+    }
+  }
+
+  $zone_primaries.each |$key, $value| {
+    bind::zone::primary { $key:
+      * => $value,
+    }
+  }
+
+  $zone_secondaries.each |$key, $value| {
+    bind::zone::secondary { $key:
+      * => $value,
+    }
+  }
 }