Implement "allowed_nets" option

This patchset implements the "allowed_nets" charm option which is described in the charm config file. Change-Id: Id47c4a78effd274477abd5690a70b69c75797a16 Closes-Bug: 1693013
2018-05-30 16:16:10 +02:00 · 2018-05-30 16:16:10 +02:00 · 1fbc05d287
parent 4f5b553153
commit 1fbc05d287
2 changed files with 10 additions and 1 deletions
--- a/src/config.yaml
+++ b/src/config.yaml
@ -1,6 +1,6 @@
 options:
  allowed_nets:
-    default: "p2p"
+    default: ""
    type: string
    description: |
      String containing a list of allowed networks, separated by semicolons: e.g., "10.172.0.0/16;10.10.0.0/18"
--- a/src/templates/named.conf.options
+++ b/src/templates/named.conf.options
@ -1,3 +1,9 @@
+{% if options.allowed_nets -%}
+acl allow_query {
+        {{ options.allowed_nets }};
+};
+
+{% endif -%}
 options {
        directory "/var/cache/bind";

@ -29,4 +35,7 @@ options {
        statistics-file "/var/cache/bind/named.stats";
        zone-statistics yes;
        allow-notify { {{ dns_backend.control_ips }}; };
+        {% if options.allowed_nets -%}
+        allow-query { allow_query; };
+        {% endif -%}
 };