Previously only `query_filter` had this support via an inconsistent `_${QUERY_KIND}` ENV suffix.
This has been shifted to the left under the new `POSTFIX_` prefix, so that it can easily leverage the ENV prefix with config templates, layering after the generic `POSTFIX_` template. Naming is now consistent with `${QUERY_KIND}` (upper-cased). This also enables using the common `LDAP_` prefix in the Postfix `.base` template.
As a part of the previous commit toggling based on presence of `query_filter`, this is now dropped from the Postfix `.base` template.
Generic approach to configuring Postfix with the LDAP tables in `main.cf`. Instead of opt-in when file exists (always did), opt-out when the `query_filter` is missing.
This fixes a bug reported when deployment does not require LDAP queries for a lookup type, like groups. Avoids introducing misconfiguration by default.
Remove the prefix in favor of moving these files into a subdirectory: `/etc/postfix/ldap/`.
Original LDAP config files provided via `Dockerfile` are now removed as the new `.tmpl` generation makes them redundant.
- `postfix.base` defaults are now potentially breaking:
- The `query_filter` default is common between `ldap-users.cf` and `ldap-senders.cf`, but the `mailEnabled` attribute locks it in to requiring the `postfix-book` OpenLDAP schema. Like the `result_attribute` setting, this is only set as a convenient default but not as broadly useful like the `bind` + `version` settings.
- `version = 3` is required as unlike SASLAuthd and Dovecot, the default for Postfix is `2`.
- `bind = yes` because we only support configuring for this in DMS?
- `ldap-senders.cf` originally differed with it's `result_attribute` setting, but that default chosen looks to be more of a workaround introduced and should be more explicit?
- The Postfix `.base` template does not include the four common attributes (_that Dovecot and SASLAuthd base configs do_), as the `LDAP_` prefix is presently the same (no`POSTFIX_` prefix), thus would override user config regardless..
- `sender_login_maps.ldap` doesn't exist and isn't relevant to LDAP queries (seems to be accidentally included here). `ldap-senders.cf` provides this functionality.
- `ldap-senders.cf` was not supporting copying over a user-provided config, it does now.
- Internal location for these Postfix generated configs is now `/etc/postfix/ldap/`.
Same process as described by earlier commits for SASLAuthd.
To avoid introducing potential breakage, the ENV fallback convenience for `DOVECOT_PASS_FILTER` is retained.
From a inline config via HereDoc to using a `.tmpl` file that has of all supported keys for SASLAuthd LDAP config.
This additionally supports layering the ENV `.tmpl` generated config over a user-provided config. With a utility method that will ensure earlier duplicate keys are removed.
The two new utilities are documented well enough to grok. `Dockerfile` and `packages.sh` updated to bring in new dependencies and provide the `.tmpl` file.
`log_level` is not documented as a LDAP config key. Original PR did not explain why this key and value chosen were added.
* fix: `supervisor-app.conf` - Correct `postgrey` log location
Looks like this should have been like every other service and reference a log file(s) based on program name in the supervisor log directory.
* tests: Adjust log location for `postgrey_enabled.bats`
* docs: Debugging - Delivery failure from service downtime
Services may be temporarily down, such as when restarted when certificates are updated due to the `check-for-changes.sh` service. This is another known source of intermittent delivery failures.
* ci: Allow lint workflow to be manually triggered
Without this a different event must occur to trigger the workflow, which is inconvenient for automated PRs.
The file is managed by the `contributors.yml` workflow, no need for linting to be triggered on PRs for that change.
This should ideally skip the required check status for the lint workflow which cannot trigger implicitly for automated PRs. If this doesn't work the change should be reverted.
* chore: Extract out Dovecot Quota test cases into new test file
Test cases are just cut + paste, no logic changed there yet.
* chore: Rename test case descriptions
* chore: Use `setup ...` methods instead of direct calls
* chore: Adjust `_run_in_container_bash` to `_run_in_container`
Plus some additional bug fixes in the disabled test case
* tests(refactor): Revise ENV test cases for max mailbox and message sizes
* tests(refactor): Revise ENV test cases for mailbox and message limits v2
Removes the extra variables and filtering in favour of explicit values instead of matching for comparison.
- Easier at a glance to know what is actually expected.
- Additionally reworks the quota limit checks in other test cases. Using a different formatter for `doveadm` is easier to match the desired value (`Limit`).
* chore: Sync improvement from `tests.bats` master
---
NOTE: This PR has been merged to avoid additional maintenance burden without losing the improvements. It was not considered complete, but remaining tasks were not documented in the PR.
* scripts: Install rspamd from official repository instead of debian backports on arm64 architecture
* Remove unnecessary deb-src repository for rspamd
* Remove note about ARM64 rspamd version, update CHANGELOG.md
---------
Co-authored-by: Peter Adam <p.adam@cygnusnetworks.de>
* fix: Source `VERSION` from image ENV
Now CI builds triggered from tagged releases will always have the correct version. No need for manually updating a separate file.
* fix: Query latest GH release tag
Compare to the remote GH release tag published, rather than contents of a `VERSION` file.
`VERSION` file remains in source for now as prior releases still rely on it for an update notification.
* chore: Switch from `yq` to `jaq`
- Can more easily express a string subslice.
- Lighter weight: 9.3M vs 1.7M.
- Drawback, no YAML input/output support.
If `yq` is preferred, the `v` prefix could be removed via BASH easily enough.
* chore: Add entry to `CHANGELOG.md`
* ci: `VERSION` has no relevance to `:edge`
* docs: Update build guide + simplify `make build`
---------
Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
Previously, we did not run the workflow on push on `master` when a
release happened because the push on master is guarded by a check on
which files were changed.
With this change, I added `VERSION` to the list of files to consider
when updating `:edge`.
polarathene
Georg Lauterbach
Casper
github-actions[bot]
dependabot[bot]
René Plötz
Peter Adam
Jean-Kevin KPADEY