Remove configuration of BIND 9 service

The feature was deprecated in 2024.1 release[1] and is ready for removal. Note that the configure_bind parameter is still kept, because the parameter had to be set to disable the configuration. It may be removed after 2025.1 release. [1] 2896fe16c0 Change-Id: I3b84a382608bbf094cfc5b48bb0ced848e73b2f1
2024-05-02 23:31:05 +09:00 · 2024-05-02 23:31:05 +09:00 · 8bd62fc862
parent 7e09ca63d7
commit 8bd62fc862
3 changed files with 13 additions and 51 deletions
--- a/manifests/backend/bind9.pp
+++ b/manifests/backend/bind9.pp
@ -63,7 +63,8 @@
 # [*configure_bind*]
 #  (Optional) Enables running bind9/named configuration for hosts where
 #  designate and designate bind services are collocated.
-#  Defaults to true
+#  Note that this parameter has no effect now.
+#  Defaults to undef
 #
 class designate::backend::bind9 (
  $rndc_config_file                      = '/etc/rndc.conf',
@ -80,34 +81,16 @@ class designate::backend::bind9 (
  Array[String[1]] $also_notifies        = [],
  Hash[String[1], String[1]] $attributes = {},
  # DEPRECATED PARAMETERS
-  Boolean $configure_bind                = true,
+  Optional[Boolean] $configure_bind      = undef,
 ) {

  include designate::deps
  include designate::params

  if $configure_bind {
-    warning("Configuragion of BIND 9 by designate::backend::bind9 is deprecated \
-and will be removed in a future release.")
-
-    $dns_additional_options = {
-      'allow-new-zones'   => 'yes',
-      # Recommended by Designate docs as a mitigation for potential cache
-      # poisoning attacks:
-      # https://docs.openstack.org/designate/latest/admin/production-guidelines.html#bind9-mitigation
-      'minimal-responses' => 'yes',
-    }
-
-    if $rndc_controls {
-      class { 'dns':
-        controls           => $rndc_controls,
-        additional_options => $dns_additional_options,
-      }
-    } else {
-      class { 'dns':
-        additional_options => $dns_additional_options,
-      }
-    }
+    fail('Configuration of BIND 9 is no longer supported')
+  } elsif $configure_bind != undef {
+    warning('The configure_bind parameter is deprecated and has no effect.')
  }

  file { '/etc/designate/pools.yaml':
--- a/releasenotes/notes/remove-bind9-configuration-0999987234bcdf32.yaml
+++ b/releasenotes/notes/remove-bind9-configuration-0999987234bcdf32.yaml
@ -0,0 +1,6 @@
+---
+upgrade:
+  - |
+    The ``designate::backend::bind9`` class no longer supports configuration of
+    the BIND 9 service. Because of this change, setting the ``configure_bind``
+    parameter to ``true`` now fails.
--- a/spec/classes/designate_backend_bind9_spec.rb
+++ b/spec/classes/designate_backend_bind9_spec.rb
@ -10,13 +10,7 @@ describe 'designate::backend::bind9' do
      let :params do
        {}
      end
-      it 'configures named and pool' do
-        is_expected.to contain_class('dns').with(
-          :additional_options => {
-            'allow-new-zones'   => 'yes',
-            'minimal-responses' => 'yes'
-          },
-        )
+      it 'configures the bind9 pool' do
        is_expected.to contain_file('/etc/designate/pools.yaml').with(
          :ensure => 'present',
          :path   => '/etc/designate/pools.yaml',
@ -32,15 +26,6 @@ describe 'designate::backend::bind9' do
        )
      end
    end
-
-    context 'with named configuration disabled' do
-      let :params do
-        { :configure_bind => false }
-      end
-      it 'does not configure named' do
-        is_expected.to_not contain_class('dns')
-      end
-    end
  end

  on_supported_os({
@ -51,18 +36,6 @@ describe 'designate::backend::bind9' do
        facts.merge!(OSDefaults.get_facts())
      end

-      let(:platform_params) do
-        case facts[:os]['family']
-        when 'Debian'
-          {
-            :dns_optionspath => '/etc/bind/named.conf.options'
-          }
-        when 'RedHat'
-          {
-            :dns_optionspath => '/etc/named/options.conf'
-          }
-        end
-      end
      it_behaves_like 'designate-backend-bind9'
    end
  end