Add support for managing header_checks.

This support is modeled after the existing TLS policy management:  the
header_cheks file is produced by merging snippets shipped by the Puppet
fileserver, a site-module and/or postfix::header_checks_snippet defines.

diff --git a/README b/README
index 337193fb2350fe6e210c329541a71a0c7c4efc38..7d74ea9ad29dfadfd9d5125680d801aa62ad839f 100644 (file)
--- a/README
+++ b/README
@@ -7,6 +7,8 @@ A couple of classes will preconfigure postfix for common needs.
 Config
 ------
 - set $postfix_use_amavisd="yes" to include postfix::amavis
+- set $postfix_manage_header_checks="yes" to manage header checks (see
+  postfix::header_checks for details)
 - set $postfix_manage_tls_policy="yes" to manage TLS policy (see
   postfix::tlspolicy for details)
 

diff --git a/files/header_checks.d/.ignore b/files/header_checks.d/.ignore
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/manifests/classes/postfix-header_checks.pp b/manifests/classes/postfix-header_checks.pp
new file mode 100644 (file)
index 0000000..071f6b0
--- /dev/null
+++ b/manifests/classes/postfix-header_checks.pp
@@ -0,0 +1,57 @@
+#
+# == Class: postfix::header_checks
+#
+# Manages Postfix header_checks by merging snippets shipped:
+# - in the module's files/header_checks.d/ or puppet:///files/etc/postfix/header_checks.d
+#   (the latter takes precedence if present); site-postfix module is supported
+#   as well, see the source argument of file {"$postfix_header_checks_snippets_dir"
+#   bellow for details.
+# - via postfix::header_checks_snippet defines
+#
+# Example usage:
+# 
+#   node "toto.example.com" {
+#     $postfix_manage_header_checks = yes
+#     include postfix
+#   }
+#
+class postfix::header_checks {
+
+  include common::moduledir
+  module_dir{'postfix/header_checks': }
+
+  $postfix_header_checks_dir          = "${common::moduledir::module_dir_path}/postfix/header_checks"
+  $postfix_header_checks_snippets_dir = "${postfix_header_checks_dir}/header_checks.d"
+  $postfix_merged_header_checks       = "${postfix_header_checks_dir}/merged_header_checks"
+
+  file {"$postfix_header_checks_snippets_dir":
+    ensure  => 'directory',
+    owner   => 'root',
+    group   => '0',
+    mode    => '700',
+    source  => [
+                "puppet:///modules/site-postfix/${fqdn}/header_checks.d",
+                "puppet:///modules/site-postfix/header_checks.d",
+                "puppet:///files/etc/postfix/header_checks.d",
+                "puppet:///modules/postfix/header_checks.d",
+               ],
+    recurse => true,
+    purge   => false,
+  }
+
+  concatenated_file { "$postfix_merged_header_checks":
+    dir     => "${postfix_header_checks_snippets_dir}",
+    require => File["$postfix_header_checks_snippets_dir"],
+  }
+  
+  config_file { '/etc/postfix/header_checks':
+    source    => "$postfix_merged_header_checks",
+    subscribe => File["$postfix_merged_header_checks"],
+  }
+
+  postfix::config { "header_checks":
+    value   => 'regexp:/etc/postfix/header_checks',
+    require => File['/etc/postfix/header_checks'],
+  }
+
+}

diff --git a/manifests/classes/postfix.pp b/manifests/classes/postfix.pp
index 588bfc810969f0c75872027e45b4b247d775e92b..4446c1747a9f53d9daa6670e8cd3b9eef18c797b 100644 (file)
--- a/manifests/classes/postfix.pp
+++ b/manifests/classes/postfix.pp
@@ -40,6 +40,9 @@ class postfix {
   case $root_mail_recipient {
     "":   { $root_mail_recipient = "nobody" }
   }
+  case $postfix_manage_header_checks {
+    "":   { $postfix_manage_header_checks = "no" }
+  }
   case $postfix_manage_tls_policy {
     "":   { $postfix_manage_tls_policy = "no" }
   }
@@ -64,6 +67,9 @@ class postfix {
   module_dir{'postfix': }
 
   # Include optional classes
+  if $postfix_manage_header_checks == 'yes' {
+    include postfix::header_checks
+  }
   if $postfix_manage_tls_policy == 'yes' {
     include postfix::tlspolicy
   }

diff --git a/manifests/definitions/header_checks_snippet.pp b/manifests/definitions/header_checks_snippet.pp
new file mode 100644 (file)
index 0000000..454d219
--- /dev/null
+++ b/manifests/definitions/header_checks_snippet.pp
@@ -0,0 +1,67 @@
+/*
+== Definition: postfix::header_checks_snippet
+
+Adds a header_checks snippets to /etc/postfix/header_checks.
+See the postfix::header_checks class for details.
+
+Parameters:
+- *source* or *content*: source or content of the header_checks snippet
+- *ensure*: present (default) or absent
+
+Requires:
+- Class["postfix"]
+
+Example usage:
+
+  node "toto.example.com" {
+    include postfix
+    postfix::header_checks {
+      'wrong_date': content => 'FIXME';
+      'bla':        source => 'puppet:///files/etc/postfix/header_checks.d/bla';
+    }
+  }
+
+*/
+
+define postfix::header_checks_snippet (
+  $ensure  = "present",
+  $source = '',
+  $content = undef
+) {
+
+  if $source == '' and $content == undef {
+    fail("One of \$source or \$content must be specified for postfix::header_checks_snippet ${name}")
+  }
+
+  if $source != '' and $content != undef {
+    fail("Only one of \$source or \$content must specified for postfix::header_checks_snippet ${name}")
+  }
+
+  if ($value == false) and ($ensure == "present") {
+    fail("The value parameter must be set when using the postfix::header_checks_snippet define with ensure=present.")
+  }
+
+  include postfix::header_checks
+
+  $snippetfile = "${postfix::header_checks::postfix_header_checks_snippets_dir}/${name}"
+  
+  file { "$snippetfile":
+    ensure  => "$ensure",
+    mode    => 600,
+    owner   => root,
+    group   => 0,
+    notify => Exec["concat_${postfix::header_checks::postfix_merged_header_checks}"],
+  }
+
+  if $source {
+    File["$snippetfile"] {
+      source => $source,
+    }
+  }
+  else {
+    File["$snippetfile"] {
+      content => $content,
+    }
+  }
+
+}