From 1bb847e735010242a4fab09ca7ec4b55644b1f5a Mon Sep 17 00:00:00 2001
From: Felix Wong <waf@xilef.org>
Date: Mon, 15 Sep 2014 21:57:34 -0700
Subject: [PATCH] support multiple sasl_passwd entries

with tests

Signed-off-by: Felix Wong <gnowxilef@gmail.com>
---
 .kitchen.yml                                  | 41 +++++++++++++++----
 README.md                                     | 24 ++++++++---
 templates/sasl_passwd.erb                     |  8 +++-
 .../serverspec/sasl_auth_multiple_spec.rb     | 32 +++++++++++++++
 .../serverspec/sasl_auth_none_spec.rb}        |  4 ++
 .../serverspec/sasl_auth_one_spec.rb          | 32 +++++++++++++++
 6 files changed, 126 insertions(+), 15 deletions(-)
 create mode 100644 test/integration/sasl_auth_multiple/serverspec/sasl_auth_multiple_spec.rb
 rename test/integration/{sasl_auth/serverspec/sasl_auth_spec.rb => sasl_auth_none/serverspec/sasl_auth_none_spec.rb} (86%)
 create mode 100644 test/integration/sasl_auth_one/serverspec/sasl_auth_one_spec.rb

diff --git a/.kitchen.yml b/.kitchen.yml
index 9c58a8b..b6e3214 100644
--- a/.kitchen.yml
+++ b/.kitchen.yml
@@ -44,7 +44,24 @@ suites:
   run_list:
   - recipe[postfix::server]
 
-- name: sasl_auth
+- name: canonical
+  run_list:
+  - recipe[postfix]
+  attributes:
+    postfix:
+      recipient_canonical_map_entries:
+        john: john@doe.com
+        
+- name: sasl_auth_none
+  run_list:
+  - recipe[postfix::sasl_auth]
+  attributes:
+    postfix:
+      main:
+        relayhost: "localhost"
+        smtp_sasl_auth_enable: "yes"
+
+- name: sasl_auth_multiple
   run_list:
   - recipe[postfix::sasl_auth]
   attributes:
@@ -53,14 +70,22 @@ suites:
         relayhost: "localhost"
         smtp_sasl_auth_enable: "yes"
       sasl:
-        smtp_sasl_user_name: "kitchenuser"
-        smtp_sasl_passwd: "not-a-real-thing"
+        relayhost1:
+          username: "kitchenuser"
+          password: "not-a-real-thing"
+        relayhost2:
+          username: "anotherkitchenuser"
+          password: "yet-not-a-real-thing"
 
-- name: canonical
+- name: sasl_auth_one
   run_list:
-  - recipe[postfix]
+  - recipe[postfix::sasl_auth]
   attributes:
     postfix:
-      recipient_canonical_map_entries:
-        john: john@doe.com
-        
\ No newline at end of file
+      main:
+        relayhost: "localhost"
+        smtp_sasl_auth_enable: "yes"
+      sasl:
+        relayhost:
+          username: "kitchenuser"
+          password: "not-a-real-thing"
diff --git a/README.md b/README.md
index 9ef9e4f..f78e425 100644
--- a/README.md
+++ b/README.md
@@ -75,12 +75,20 @@ This change in namespace to `node['postfix']['main']` should allow for greater f
 - `node['postfix']['main']['smtp_sasl_password_maps']` - Set to `hash:/etc/postfix/sasl_passwd` template file
 - `node['postfix']['main']['smtp_sasl_security_options']` - Set to noanonymous
 - `node['postfix']['main']['relayhost']` - Set to empty string
-- `node['postfix']['sasl']['smtp_sasl_user_name']` - SASL user to authenticate as. Default empty
-- `node['postfix']['sasl']['smtp_sasl_passwd']` - SASL password to use. Default empty.
 - `node['postfix']['sender_canonical_map_entries']` - (hash with key value pairs); default not configured. Setup generic canonical maps. See `man 5 canonical`. If has at least one value, then will be enabled in config.
 - `node['postfix']['smtp_generic_map_entries']` - (hash with key value pairs); default not configured. Setup generic postfix maps. See `man 5 generic`. If has at least one value, then will be enabled in config.
 - `node['postfix']['recipient_canonical_map_entries']` - (hash with key value pairs); default not configured. Setup generic canonical maps. See `man 5 canonical`. If has at least one value, then will be enabled in config.
-
+- `node['postfix']['sasl']['smtp_sasl_user_name']` - SASL user to authenticate as. Default empty. You can only use this until the current version. The new syntax is below.
+- `node['postfix']['sasl']['smtp_sasl_passwd']` - SASL password to use. Default empty. You can only use this until the current version. The new syntax is below.
+- `node['postfix']['sasl']` = ```json {
+    "relayhost1" => {
+      'username' => 'foo',
+      'password' => 'bar'
+    },
+    "relayhost2" => {
+      ...
+    }
+  }``` - You must set the following attribute, otherwise the attribute will default to empty
 
 Example of json role config, for setup *_map_entries:
 
@@ -333,8 +341,14 @@ override_attributes(
       "smtp_sasl_auth_enable" => "yes"
     },
     "sasl" => {
-      "smtp_sasl_passwd" => "your_password",
-      "smtp_sasl_user_name" => "your_username"
+      "relayhost1" => {
+        "username" => "your_password",
+        "password" => "your_username"
+      },
+      "relayhost2" => {
+        ...
+      },
+      ...
     }
   }
 )
diff --git a/templates/sasl_passwd.erb b/templates/sasl_passwd.erb
index 18f16b3..7ead10e 100644
--- a/templates/sasl_passwd.erb
+++ b/templates/sasl_passwd.erb
@@ -1,4 +1,8 @@
 # Auto-generated by Chef.
 # Local modifications will be overwritten.
-#
-<%= node['postfix']['main']['relayhost'] %> <%= @settings['smtp_sasl_user_name'] %>:<%= @settings['smtp_sasl_passwd'] %>
+
+<% if !@settings.nil? && !@settings.empty? -%>
+<%   @settings.sort.map do |relayhost,value| -%>
+<%= relayhost %> <%= value['username'] %>:<%= value['password'] %>
+<%   end -%>
+<% end -%>
diff --git a/test/integration/sasl_auth_multiple/serverspec/sasl_auth_multiple_spec.rb b/test/integration/sasl_auth_multiple/serverspec/sasl_auth_multiple_spec.rb
new file mode 100644
index 0000000..6c247ff
--- /dev/null
+++ b/test/integration/sasl_auth_multiple/serverspec/sasl_auth_multiple_spec.rb
@@ -0,0 +1,32 @@
+# encoding: utf-8
+# Copyright 2012, Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+require_relative './spec_helper'
+
+describe 'postfix::sasl_auth' do
+  let(:sasl_passwd_file) { '/etc/postfix/sasl_passwd' }
+
+  it 'manages postfix sasl_passwd' do
+    expect(file(sasl_passwd_file).content).to match(/^# This file is generated by Chef for/)
+  end
+
+  it 'configures postfix to use the sasl_passwd file' do
+    expect(file('/etc/postfix/main.cf').content).to match(/^\s*smtp_sasl_password_maps\s*=.*#{sasl_passwd_file}\s*$/)
+  end
+
+  it 'configures postfix sasl_passwd with multiple entries' do
+    expect(file(sasl_passwd_file).content).to match(/^# This file is generated by Chef for .*\nrelayhost1 kitchenuser:not-a-real-thing\nrelayhost2 anotherkitchenuser:yet-not-a-real-thing\n/)
+  end
+end
diff --git a/test/integration/sasl_auth/serverspec/sasl_auth_spec.rb b/test/integration/sasl_auth_none/serverspec/sasl_auth_none_spec.rb
similarity index 86%
rename from test/integration/sasl_auth/serverspec/sasl_auth_spec.rb
rename to test/integration/sasl_auth_none/serverspec/sasl_auth_none_spec.rb
index d9cf2f9..20d16ec 100644
--- a/test/integration/sasl_auth/serverspec/sasl_auth_spec.rb
+++ b/test/integration/sasl_auth_none/serverspec/sasl_auth_none_spec.rb
@@ -24,4 +24,8 @@ describe 'postfix::sasl_auth' do
   it 'configures postfix to use the sasl_passwd file' do
     expect(file('/etc/postfix/main.cf').content).to match(/^\s*smtp_sasl_password_maps\s*=.*#{sasl_passwd_file}\s*$/)
   end
+
+  it 'configures postfix sasl_passwd with nothing in it' do
+    expect(file(sasl_passwd_file).content).to match(/^# This file is generated by Chef for .*\n/)
+  end
 end
diff --git a/test/integration/sasl_auth_one/serverspec/sasl_auth_one_spec.rb b/test/integration/sasl_auth_one/serverspec/sasl_auth_one_spec.rb
new file mode 100644
index 0000000..8a19b65
--- /dev/null
+++ b/test/integration/sasl_auth_one/serverspec/sasl_auth_one_spec.rb
@@ -0,0 +1,32 @@
+# encoding: utf-8
+# Copyright 2012, Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+require_relative './spec_helper'
+
+describe 'postfix::sasl_auth' do
+  let(:sasl_passwd_file) { '/etc/postfix/sasl_passwd' }
+
+  it 'manages postfix sasl_passwd' do
+    expect(file(sasl_passwd_file).content).to match(/^# This file is generated by Chef for/)
+  end
+
+  it 'configures postfix to use the sasl_passwd file' do
+    expect(file('/etc/postfix/main.cf').content).to match(/^\s*smtp_sasl_password_maps\s*=.*#{sasl_passwd_file}\s*$/)
+  end
+
+  it 'configures postfix sasl_passwd with one entry' do
+    expect(file(sasl_passwd_file).content).to match(/^# This file is generated by Chef for .*\nrelayhost kitchenuser:not-a-real-thing\n/)
+  end
+end