sasl passwd problems with 5.3.0

[fletchowns]

Cookbook version

5.3.0

Chef-client version

12.20.3

Platform Details

Red Hat Enterprise Linux Server release 7.5 (Maipo) on AWS

Scenario:

smtp relay host via SES with sasl uesrname & password

Steps to Reproduce:

I had been using this for awhile in my attributes:

default["postfix"]["main"]["relayhost"] = "email-smtp.us-east-1.amazonaws.com:587"
default["postfix"]["main"]["smtp_sasl_auth_enable"] = "yes"
default["postfix"]["main"]["smtpd_use_tls"] = "no"
default["postfix"]["sasl"]["smtp_sasl_user_name"] = "<snip>"
default["postfix"]["sasl"]["smtp_sasl_passwd"] = "<snip>"

Expected Result:

Previously, this seemed to result in:

default["postfix"]["main"]["relayhost"] = "email-smtp.us-east-1.amazonaws.com:587"
default["postfix"]["main"]["smtp_sasl_auth_enable"] = "yes"
default["postfix"]["main"]["smtpd_use_tls"] = "no"
default["postfix"]["sasl"]["smtp_sasl_user_name"] = "<snip>"
default["postfix"]["sasl"]["smtp_sasl_passwd"] = "<snip>"


$ cat /etc/postfix/sasl_passwd
# Auto-generated by Chef.
# Local modifications will be overwritten.
#
email-smtp.us-east-1.amazonaws.com:587 <snip>:<snip>

Actual Result:

Now with 5.3.0 I ended up with:

$ cat /etc/postfix/sasl_passwd
# Auto-generated by Chef.
# Local modifications will be overwritten.

smtp_sasl_passwd :
smtp_sasl_user_name :

I was able to resolve it by changing the attributes:

default["postfix"]["sasl"] = {
	"email-smtp.us-east-1.amazonaws.com:587" => {
		"username" => "<snip>",
		"password" => "<snip>"
	}
}

It seems like it was a breaking change with a minor version bump though

[koertkuipers]

we ran into same issue. it broke our deployment.
note that the way @fletchowns resolved it works for us too but it still leaves funny looking empty' values in the file like this:

email-smtp.us-east-1.amazonaws.com:587 <snip>:<snip>
smtp_sasl_passwd :
smtp_sasl_user_name :

[wk8]

+1 . This should be caught by unit tests :)

[voroniys]

I was about to post this issue, but found it is already posted.
The issue is deeper - the recipe code changed, corresponded attributes - does not.
To match what I see in ERB file the lines:

  node.default_unless['postfix']['sasl']['smtp_sasl_user_name'] = ''
  node.default_unless['postfix']['sasl']['smtp_sasl_passwd']    = ''

in /var/chef/cache/cookbooks/postfix/recipes/_attributes.rb file has to be replaced with:

node.default_unless['postfix']['sasl'] = {}

This will eliminate the lines:

smtp_sasl_passwd :
smtp_sasl_user_name :

The actual configuration, as @fletchowns indicated should be:

default["postfix"]["sasl"] = {
	"email-smtp.us-east-1.amazonaws.com:587" => {
		"username" => "<snip>",
		"password" => "<snip>"
	}
}

This needs to be updated in documentation as well.

[scalp42]

Instead of node['postfix']['sasl'] attributes, simply move them to your namespace say my-cookbook:

default['my-cookbook']['sasl']['[smtp.sendgrid.net]:587'] = {
  'username' => 'SendGridUsername',
  'password' => 'SendGridPassword',
}

Then anywhere in your wrapper cookbook, edit the template resource:

edit_resource!(:template, node['postfix']['sasl_password_file']) do
  variables(settings: node['my-cookbook']['sasl'])
end

You'll end up with the right file:

root@default-ubuntu-1804:/etc/postfix# cat /etc/postfix/sasl_passwd
# Auto-generated by Chef.
# Local modifications will be overwritten.

[smtp.sendgrid.net]:587 SendGridUsername:SendGridPassword

Hopefully it helps! 👨‍🍳

[github-actions]

Marking stale due to inactivity. Remove stale label or comment or this will be closed in 7 days. Alternatively drop by the #sous-chefs channel on the Chef Community Slack and we'll be happy to help! Thanks, Sous-Chefs.

[scalp42]

it's still an issue 😅

[newfylox]

@scalp42 Indeed it's still an issue. Following @voroniys solution feels wrong because we have to edit _attributes.rb file.
Any updates on this?