# @summary A single dns key (for zone updates and the like)
# 
# TODO add stuff to autogenerate these, and instead dump them to individual files.
#
# @param algorithm
#   Algorithm used, must match secret
# @param secret
#   Secret hash, must match algorithm
# @param keyname
#   Name of key
# @param ensure
#   Allows for manual removal of the key. Note that if
#   $dns::purge_keyconf is true then simply removing the
#   dns::key resource removes the file.
define dns::key (
  String $algorithm,
  Variant[String, Sensitive[String]] $secret,
  String $keyname = $name,
  Enum['present', 'absent'] $ensure = 'present',
) {
  file { "${dns::keyconf_dir}/${keyname}.conf":
    ensure  => $ensure,
    content => epp("${module_name}/key.epp", {
        keyname   => $keyname,
        algorithm => $algorithm,
        secret    => $secret,
    }),
    notify  => Service[$dns::servicename],
  }
}