From 7b905da5a8065fd4c609d5558e33ee0090e70fc3 Mon Sep 17 00:00:00 2001
From: Chris Coley <chris@codingallnight.com>
Date: Sun, 24 Jun 2018 22:31:35 -0700
Subject: [PATCH] Refactor the lookup tables to be more flexible and DRY

This takes the templates for the transport map table and sasl_passwd lookup
table and replaces them with a single template. The templates were already
nearly identical and we would have needed to create more duplicates for every
new lookup table we implemented.

Also, the 'postfix__transport_map' and 'postfix__smtp_sasl_password_map'
variables have been replaced with a single dictionary 'postfix__tables' where
each key in the dictionary is the name of the lookup table, and the value is a
dictionary of entries for that lookup table. By using a dictionary we can
implement default lookup tables per operationg system and then allow downstream
additions or overrides via combining the dictionary with a new dictionary
instead of having to redefine the entire thing to override a single value.
---
 defaults/main.yml           | 61 +++++++++++++------------------------
 tasks/main.yml              | 14 +++++----
 templates/lookup_table.j2   |  5 +++
 templates/sasl_passwd.in.j2 |  5 ---
 templates/transport.in.j2   |  5 ---
 5 files changed, 35 insertions(+), 55 deletions(-)
 create mode 100644 templates/lookup_table.j2
 delete mode 100644 templates/sasl_passwd.in.j2
 delete mode 100644 templates/transport.in.j2

diff --git a/defaults/main.yml b/defaults/main.yml
index bc24882..d26ce0b 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -2,6 +2,28 @@
 # The name of this mail system, set in '/etc/mailname'
 postfix__mailname: '{{ ansible_fqdn }}'
 
+# These dictionaries build the lookup tables with the corresponding name. So
+# postfix__tables.transport is used to build the transport lookup table,
+# postfix__tables.sasl_passwd is used to build the SASL password map table, etc.
+# Within each dictionary the 'key' is the lookup pattern and the 'value' is the
+# returned value.
+#
+# For example, this postfix__tables.transport example:
+#
+#     postfix__tables:
+#       transport:
+#         'codingallnight.com': ':'
+#         '*': 'discard:'
+#
+# would result in the following transport table:
+#
+#     codingallnight.com :
+#     * discard:
+#
+postfix__tables:
+  sasl_passwd: {}
+  transport: {}
+
 
 
 # Default variables for the main.cf template. These are always included.
@@ -28,44 +50,5 @@ postfix__mailbox_size_limit: 0
 postfix__recipient_delimiter: '+'
 postfix__inet_interfaces: all
 postfix__inet_protocols: all
-
-
-
-# Transport map
-# <pattern> is an email address, domain name, or * to lookup the mail recipient
-# <result> specificies how and where to deliver mail and has the format
-#          <transport>:<nexthop>. Both <transport> and <nexthop> are optional,
-#          but the delimiting ':' is required.
-#
-# EXAMPLES:
-#
-# This configuration will pass mail for the domain 'internal.domain.com' without
-# modifying it, while discard all mail addressed to other recipient domains.
-#
-# postfix__transport_map:
-#   - { pattern: 'internal.domain.com', result: ':' }
-#   - { pattern: '*', result: 'discard:' }
-#
-#
-# This configuration will discard mail sent to localhost and will relay all
-# other mail through Mailgun.
-#
-# postfix__transport_map:
-#   - { pattern: 'localhost', result: 'discard:' }
-#   - { pattern: 'localhost.localdomain', result: 'discard:' }
-#   - { pattern: '*', result: 'relay:[smtp.mailgun.org]:587' }
-#
-#
-# Valid <transport> and <nexthop> values are described in the postfix transport
-# documentation. http://www.postfix.org/transport.5.html
-postfix__transport_map: []
-
-
-
-# SASL Password Maps
-postfix__smtp_sasl_password_map: []
-postfix__smtp_sasl_auth_enable: yes
-postfix__smtp_sasl_security_options: noanonymous
-postfix__smtp_sasl_tls_security_options: '{{ postfix__smtp_sasl_security_options }}'
 ...
 # vi: set ts=2 sts=2 sw=2 et ft=yaml:
diff --git a/tasks/main.yml b/tasks/main.yml
index 31bb81b..a339487 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -26,24 +26,26 @@
     group: root
     mode: 0644
 
-- name: Generate Postfix sasl_passwd map
+- name: Create the SASL password lookup table
   template:
-    src: templates/sasl_passwd.in.j2
+    src: lookup_table.j2
     dest: /etc/postfix/sasl_passwd.in
     owner: root
     group: root
     mode: 0600
-  when: postfix__smtp_sasl_password_map
+  vars:
+    table: '{{ postfix__tables.sasl_passwd }}'
   notify: ['make postfix sasl_passwd.db']
 
-- name: Generate Postfix transport map
+- name: Create the transport lookup table
   template:
-    src: templates/transport.in.j2
+    src: lookup_table.j2
     dest: /etc/postfix/transport.in
     owner: root
     group: root
     mode: 0644
-  when: postfix__transport_map
+  vars:
+    table: '{{ postfix__tables.transport }}'
   notify: ['make postfix transport.db']
 ...
 # vi: set ts=2 sts=2 sw=2 et ft=yaml: 
diff --git a/templates/lookup_table.j2 b/templates/lookup_table.j2
new file mode 100644
index 0000000..43d3c79
--- /dev/null
+++ b/templates/lookup_table.j2
@@ -0,0 +1,5 @@
+# {{ ansible_managed }}
+
+{% for key, value in table.items() %}
+{{ key }} {{ value }}
+{% endfor %}
diff --git a/templates/sasl_passwd.in.j2 b/templates/sasl_passwd.in.j2
deleted file mode 100644
index eb2cb96..0000000
--- a/templates/sasl_passwd.in.j2
+++ /dev/null
@@ -1,5 +0,0 @@
-# {{ ansible_managed }}
-
-{% for item in postfix__smtp_sasl_password_map %}
-{{ item.lookup }} {{ item.credentials }}
-{% endfor %}
diff --git a/templates/transport.in.j2 b/templates/transport.in.j2
deleted file mode 100644
index 715d8a2..0000000
--- a/templates/transport.in.j2
+++ /dev/null
@@ -1,5 +0,0 @@
-# {{ ansible_managed }}
-
-{% for item in postfix__transport_map %}
-{{ item.pattern }} {{ item.result }}
-{% endfor %}
-- 
GitLab