#67 -[COOK-4662] Added support for access control

Signed-off-by: Sean OMeara <someara@opscode.com>

attributes/default.rb

@@ -22,6 +22,7 @@ default['postfix']['multi_environment_relay'] = false
 default['postfix']['use_procmail'] = false
 default['postfix']['aliases'] = {}
 default['postfix']['transports'] = {}
+default['postfix']['access'] = {}
 default['postfix']['main_template_source'] = 'postfix'
 default['postfix']['master_template_source'] = 'postfix'
 default['postfix']['sender_canonical_map_entries'] = {}
@@ -36,11 +37,17 @@ when 'omnios'
   default['postfix']['conf_dir'] = '/opt/omni/etc/postfix'
   default['postfix']['aliases_db'] = 'opt/omni/etc/postfix/aliases'
   default['postfix']['transport_db'] = '/opt/omni/etc/postfix/transport'
+  default['postfix']['access_db'] = '/opt/local/etc/postfix/aliases'
+when 'omnios'
+  default['postfix']['conf_dir'] = '/opt/omni/etc/postfix'
+  default['postfix']['aliases_db'] = 'opt/omni/etc/postfix/aliases'
+  default['postfix']['access_db'] = 'opt/omni/etc/postfix/aliases'
   default['postfix']['uid'] = 11
 else
   default['postfix']['conf_dir'] = '/etc/postfix'
   default['postfix']['aliases_db'] = '/etc/aliases'
   default['postfix']['transport_db'] = '/etc/postfix/transport'
+  default['postfix']['access_db'] = '/etc/postfix/access'
 end
 
 # Non-default main.cf attributes
@@ -54,6 +61,7 @@ default['postfix']['main']['smtpd_use_tls'] = 'yes'
 default['postfix']['main']['smtp_use_tls'] = 'yes'
 default['postfix']['main']['alias_maps'] = ["hash:#{node['postfix']['aliases_db']}"]
 default['postfix']['main']['transport_maps'] = [ "hash:#{node['postfix']['transport_db']}" ]
+default['postfix']['main']['access_maps'] = ["hash:#{node['postfix']['access_db']}"]
 default['postfix']['main']['mailbox_size_limit'] = 0
 default['postfix']['main']['smtp_sasl_auth_enable'] = 'no'
 default['postfix']['main']['mynetworks'] = '127.0.0.0/8'

metadata.rb

@@ -9,6 +9,7 @@ recipe 'postfix', 'Installs and configures postfix'
 recipe 'postfix::sasl_auth', 'Set up postfix to auth to a server with sasl'
 recipe 'postfix::aliases', 'Manages /etc/aliases'
 recipe 'postfix::transports', 'Manages /etc/postfix/transport'
+recipe 'postfix::access', 'Manages /etc/postfix/access'
 recipe 'postfix::client', 'Searches for the relayhost based on an attribute'
 recipe 'postfix::server', 'Sets the mail_type attribute to master'
 
@@ -31,6 +32,11 @@ attribute 'postfix/transports',
           description: "Hash of Postfix transports mapping a destination to a smtp server. Example 'my.domain' => 'smtp:outbound-relay.my.domain'. See transport man page for details.",
           type: 'hash'
 
+attribute 'postfix/access',
+          display_name: 'Postfix Access Table',
+          description: "Hash of Postfix accesses mapping a pattern to a action.  Example 'domain.tld' => 'OK'.  See access man page for details.",
+          type: 'hash'
+
 attribute 'postfix/mail_type',
           display_name: 'Postfix Mail Type',
           description: 'Is this node a client or server?',

recipes/access.rb

@@ -0,0 +1,28 @@
+# encoding: utf-8
+# Copyright:: Copyright (c) 2012, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "postfix"
+
+execute "update-postfix-access" do
+  command "postmap #{node['postfix']['access_db']}"
+  environment PATH: "#{ENV['PATH']}:/opt/omni/bin:/opt/omni/sbin" if platform_family?('omnios')
+  action :nothing
+end
+
+template "/etc/postfix/access" do
+  source "access.erb"
+  notifies :run, "execute[update-postfix-access]"
+end

templates/default/access.erb

@@ -0,0 +1,10 @@
+#
+# This file is generated by Chef for <%= node['fqdn'] %>
+#
+# Local changes will be overwritten
+#
+# See man 5 access for format
+
+<% node['postfix']['access'].each do |name, value| %>
+<%= name %> <%= value %>
+<% end unless node['postfix']['access'].nil? %>