{% macro dnssec_policy(policies) %}
{% for policy in policies if policies is iterable %}
dnssec-policy "{{ policy.name }}" {
{% filter indent(2, true) %}
{% if policy.keys is defined and policy.keys %}
keys {
{% filter indent(2, true) %}
{% for dnskey in policy.keylist if policy.keylist is iterable %}
{{ dnskey.role -}}
{{ (' key-directory') if dnskey.key_directory is defined and dnskey.key_directory -}}
{{ (' lifetime ' + dnskey.lifetime | string ) -}}
{{ (' algorithm ' + dnskey.algorithm | string) -}}
{{ (' ' + dnskey.keysize | string) if dnskey.keysize is defined and dnskey.keysize }};
{% endfor %}
{% endfilter %}
};
{% endif %}
{% if policy.nsec3param is defined and policy.nsec3param %}
nsec3param
{{- (' iterations ' + policy.nsec3param.iterations | string) if policy.nsec3param.iterations is defined and policy.nsec3param.iterations -}}
{{ (' optout ' + functions.named_boolean(policy.nsec3param.optout)) if policy.nsec3param.optout is defined -}}
{{ (' salt-length ' + policy.nsec3param.salt_length) if policy.nsec3param.salt_length is defined and policy.nsec3param.salt_length -}};
{% endif %}
{{ ('dnskey-ttl ' + policy.dnskey_ttl | string  +';\n') if policy.dnskey_ttl is defined -}}
{{ ('max-zone-ttl ' + policy.max_zone_ttl | string  +';\n') if policy.max_zone_ttl is defined -}}
{{ ('parent-ds-ttl ' + policy.parent_ds_ttl | string  +';\n') if policy.parent_ds_ttl is defined -}}
{{ ('parent-propagation-delay ' + policy.parent_propagation_delay | string  +';\n') if policy.parent_propagation_delay is defined -}}
{{ ('parent-registration-delay ' + policy.parent_registration_delay | string  +';\n') if policy.parent_registration_delay is defined -}}
{{ ('publish-safety ' + policy.publish_safety | string  +';\n') if policy.publish_safety is defined -}}
{{ ('purge-keys ' + policy.purge_keys | string  +';\n') if policy.purge_keys is defined -}}
{{ ('retire-safety ' + policy.retire_safety | string  +';\n') if policy.retire_safety is defined -}}
{{ ('signatures-refresh ' + policy.signatures_refresh | string  +';\n') if policy.signatures_refresh is defined -}}
{{ ('signatures-validity ' + policy.signatures_validity | string  +';\n') if policy.signatures_validity is defined -}}
{{ ('signatures-validity-dnskey ' + policy.signatures_validity_dnskey | string  +';\n') if policy.signatures_validity_dnskey is defined -}}
{{ ('zone-propagation-delay ' + policy.zone_propagation_delay | string  +';\n') if policy.zone_propagation_delay is defined -}}
{% endfilter %}
};
{% endfor %}
{% endmacro %}