# ExternalDNS BIND master server class
class externaldns::master inherits externaldns {

  include bind

  # Query PuppetDB for slave server IP addresses
  $slave_ips = $externaldns::slave_servers.map |$fqdn| {
    puppetdb_query("inventory[facts.networking.ip] { certname = '${fqdn}' }")[0]['facts.networking.ip']
  }.filter |$ip| { $ip != undef }

  # Create TSIG key for ExternalDNS authentication
  bind::key { 'externaldns-key':
    algorithm => $externaldns::externaldns_key_algorithm,
    secret    => $externaldns::externaldns_key_secret,
  }

  # Create ACL for slave servers
  if !empty($slave_ips) {
    bind::acl { 'dns-slaves':
      addresses => $slave_ips,
    }
  }

  # Create master zones for each Kubernetes domain
  $externaldns::k8s_zones.each |$zone| {
    bind::zone { $zone:
      zone_type       => 'master',
      dynamic         => true,
      allow_updates   => ['key externaldns-key'],
      allow_transfers => empty($slave_ips) ? {
        true  => [],
        false => ['dns-slaves'],
      },
      ns_notify       => !empty($slave_ips),
      also_notify     => $slave_ips,
      dnssec          => false,
    }
  }

  # Create default view to include the zones
  bind::view { 'externaldns':
    recursion => false,
    zones     => $externaldns::k8s_zones,
  }
}