From 93260955718db2f546f1692f1c8b76fae284c1e0 Mon Sep 17 00:00:00 2001
From: Scott Reid <scott@mdgit.com>
Date: Wed, 2 Sep 2015 11:59:57 -0700
Subject: [PATCH 1/4] enable creation of smtp_sasl_password_maps file from
 pillar

---
 pillar.example        |  3 +++
 postfix/files/main.cf |  6 +++++-
 postfix/init.sls      | 19 +++++++++++++++++++
 postfix/sasl_passwd   |  2 ++
 4 files changed, 29 insertions(+), 1 deletion(-)
 create mode 100644 postfix/sasl_passwd

diff --git a/pillar.example b/pillar.example
index cd0e51b..ec2f913 100644
--- a/pillar.example
+++ b/pillar.example
@@ -9,6 +9,9 @@ postfix:
      - someuser_2@example.com
     singlealiasexample: 'someuser_3@example.com'
 
+  sasl_passwd:
+    smtp.example.com: 'somepassword'
+
   sender_canonical:
     root: 'servers@example.com'
     nagios: 'alerts@example.com'
diff --git a/postfix/files/main.cf b/postfix/files/main.cf
index d11e35d..421dec6 100644
--- a/postfix/files/main.cf
+++ b/postfix/files/main.cf
@@ -1,6 +1,6 @@
 {%- from "postfix/map.jinja" import postfix with context -%}
 {%- set config = salt['pillar.get']('postfix:config', {}) -%}
-{% set processed_parameters = ['aliases_file', 'virtual', 'sender_canonical'] %}
+{% set processed_parameters = ['aliases_file', 'virtual', 'sasl_passwd', 'sender_canonical'] %}
 {%- macro set_parameter(parameter, default=None) -%}
 {% set value = config.get(parameter, default) %}
 {%- if value is not none %}
@@ -103,6 +103,10 @@ policy-spf_time_limit = {{ policyd_spf.get('time_limit', '3600s') }}
 virtual_alias_maps = hash:/etc/postfix/virtual
 {% endif %}
 
+{% if 'sasl_passwd' in pillar.get('postfix','') %}
+smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
+{% endif %}
+
 {% if 'sender_canonical' in pillar.get('postfix','') %}
 sender_canonical_maps = hash:/etc/postfix/sender_canonical
 {% endif %}
diff --git a/postfix/init.sls b/postfix/init.sls
index eaa5c11..31a305f 100644
--- a/postfix/init.sls
+++ b/postfix/init.sls
@@ -52,6 +52,25 @@ run-postmap:
       - file: /etc/postfix/virtual
 {% endif %}
 
+# manage /etc/postfix/sasl_passwd if data found in pillar
+{% if 'sasl_passwd' in pillar.get('postfix', '') %}
+/etc/postfix/sasl_passwd:
+  file.managed:
+    - source: salt://postfix/sasl_passwd
+    - user: root
+    - group: root
+    - mode: 644
+    - template: jinja
+    - require:
+      - pkg: postfix
+
+  cmd.wait:
+    - name: /usr/sbin/postmap /etc/postfix/sasl_passwd
+    - cwd: /
+    - watch:
+      - file: /etc/postfix/sasl_passwd
+{% endif %}
+
 # manage /etc/postfix/sender_canonical if data found in pillar
 {% if 'sender_canonical' in pillar.get('postfix', '') %}
 /etc/postfix/sender_canonical:
diff --git a/postfix/sasl_passwd b/postfix/sasl_passwd
new file mode 100644
index 0000000..b567fe2
--- /dev/null
+++ b/postfix/sasl_passwd
@@ -0,0 +1,2 @@
+# Managed by config management
+{{pillar['postfix']['sasl_passwd']}}

From d520b6f2c5c332d5c6ff1aebfec766b3aed82aca Mon Sep 17 00:00:00 2001
From: Scott Reid <scott@mdgit.com>
Date: Wed, 2 Sep 2015 12:07:37 -0700
Subject: [PATCH 2/4] Fix sasl_passwd handling - can't just dump json to
 sasl_passwd

---
 postfix/sasl_passwd | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/postfix/sasl_passwd b/postfix/sasl_passwd
index b567fe2..9aa8cae 100644
--- a/postfix/sasl_passwd
+++ b/postfix/sasl_passwd
@@ -1,2 +1,7 @@
 # Managed by config management
-{{pillar['postfix']['sasl_passwd']}}
+{% set canonical = salt['pillar.get']('postfix:sasl_passwd',{}) -%}
+{% if canonical is iterable -%}
+  {% for key,value in salt['pillar.get']('postfix:sasl_passwd',{}).iteritems() -%}
+    {{ key }}  {{ value }}
+  {% endfor %}
+{% endif %}

From f890079a9f38c5dfeaab110afae59d81e0a4f61b Mon Sep 17 00:00:00 2001
From: Scott Reid <scott@mdgit.com>
Date: Wed, 2 Sep 2015 12:11:05 -0700
Subject: [PATCH 3/4] Fix sasl_passwd indentation

---
 postfix/sasl_passwd | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/postfix/sasl_passwd b/postfix/sasl_passwd
index 9aa8cae..a81d2b9 100644
--- a/postfix/sasl_passwd
+++ b/postfix/sasl_passwd
@@ -2,6 +2,6 @@
 {% set canonical = salt['pillar.get']('postfix:sasl_passwd',{}) -%}
 {% if canonical is iterable -%}
   {% for key,value in salt['pillar.get']('postfix:sasl_passwd',{}).iteritems() -%}
-    {{ key }}  {{ value }}
+{{ key }}  {{ value }}
   {% endfor %}
 {% endif %}

From 7c8836a8d9b487aeda9f0b49f67347948b6604b7 Mon Sep 17 00:00:00 2001
From: Scott Reid <scott@mdgit.com>
Date: Wed, 2 Sep 2015 12:17:17 -0700
Subject: [PATCH 4/4] Fix sasl_passwd indentation

---
 postfix/sasl_passwd | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/postfix/sasl_passwd b/postfix/sasl_passwd
index a81d2b9..df651c3 100644
--- a/postfix/sasl_passwd
+++ b/postfix/sasl_passwd
@@ -1,7 +1,7 @@
 # Managed by config management
 {% set canonical = salt['pillar.get']('postfix:sasl_passwd',{}) -%}
 {% if canonical is iterable -%}
-  {% for key,value in salt['pillar.get']('postfix:sasl_passwd',{}).iteritems() -%}
+{% for key,value in salt['pillar.get']('postfix:sasl_passwd',{}).iteritems() -%}
 {{ key }}  {{ value }}
-  {% endfor %}
+{% endfor %}
 {% endif %}