Skip to content

provider/aws: Implement aws_ses_domain_identity #13098

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Apr 1, 2017
Merged

provider/aws: Implement aws_ses_domain_identity #13098

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
9233db7
provider/aws: New resource: aws_ses_domain_identity
dougneal Mar 27, 2017
5d0e6a1
provider/aws: Acceptance tests for aws_ses_domain_identity
dougneal Mar 27, 2017
68f9884
Resource aws_ses_domain_identity: Documentation update
dougneal Mar 27, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions builtin/providers/aws/provider.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -383,6 +383,7 @@ func Provider() terraform.ResourceProvider {
"aws_route_table": resourceAwsRouteTable(),
"aws_route_table_association": resourceAwsRouteTableAssociation(),
"aws_ses_active_receipt_rule_set": resourceAwsSesActiveReceiptRuleSet(),
"aws_ses_domain_identity": resourceAwsSesDomainIdentity(),
"aws_ses_receipt_filter": resourceAwsSesReceiptFilter(),
"aws_ses_receipt_rule": resourceAwsSesReceiptRule(),
"aws_ses_receipt_rule_set": resourceAwsSesReceiptRuleSet(),
Expand Down
99 changes: 99 additions & 0 deletions builtin/providers/aws/resource_aws_ses_domain_identity.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,99 @@
package aws

import (
"fmt"
"log"

"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/service/ses"
"github.com/hashicorp/terraform/helper/schema"
)

func resourceAwsSesDomainIdentity() *schema.Resource {
return &schema.Resource{
Create: resourceAwsSesDomainIdentityCreate,
Read: resourceAwsSesDomainIdentityRead,
Delete: resourceAwsSesDomainIdentityDelete,
Importer: &schema.ResourceImporter{
State: schema.ImportStatePassthrough,
},

Schema: map[string]*schema.Schema{
"domain": &schema.Schema{
Type: schema.TypeString,
Required: true,
ForceNew: true,
},

"verification_token": &schema.Schema{
Type: schema.TypeString,
Computed: true,
},
},
}
}

func resourceAwsSesDomainIdentityCreate(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).sesConn

domainName := d.Get("domain").(string)

createOpts := &ses.VerifyDomainIdentityInput{
Domain: aws.String(domainName),
}

_, err := conn.VerifyDomainIdentity(createOpts)
if err != nil {
return fmt.Errorf("Error requesting SES domain identity verification: %s", err)
}

d.SetId(domainName)

return resourceAwsSesDomainIdentityRead(d, meta)
}

func resourceAwsSesDomainIdentityRead(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).sesConn

domainName := d.Id()
d.Set("domain", domainName)

readOpts := &ses.GetIdentityVerificationAttributesInput{
Identities: []*string{
aws.String(domainName),
},
}

response, err := conn.GetIdentityVerificationAttributes(readOpts)
if err != nil {
log.Printf("[WARN] Error fetching identity verification attributes for %s: %s", d.Id(), err)
return err
}

verificationAttrs, ok := response.VerificationAttributes[domainName]
if !ok {
log.Printf("[WARN] Domain not listed in response when fetching verification attributes for %s", d.Id())
d.SetId("")
return nil
}

d.Set("verification_token", verificationAttrs.VerificationToken)
return nil
}

func resourceAwsSesDomainIdentityDelete(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).sesConn

domainName := d.Get("domain").(string)

deleteOpts := &ses.DeleteIdentityInput{
Identity: aws.String(domainName),
}

_, err := conn.DeleteIdentity(deleteOpts)
if err != nil {
return fmt.Errorf("Error deleting SES domain identity: %s", err)
}

return nil
}
100 changes: 100 additions & 0 deletions builtin/providers/aws/resource_aws_ses_domain_identity_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,100 @@
package aws

import (
"fmt"
"testing"

"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/service/ses"
"github.com/hashicorp/terraform/helper/acctest"
"github.com/hashicorp/terraform/helper/resource"
"github.com/hashicorp/terraform/terraform"
)

func TestAccAwsSESDomainIdentity_basic(t *testing.T) {
resource.Test(t, resource.TestCase{
PreCheck: func() {
testAccPreCheck(t)
},
Providers: testAccProviders,
CheckDestroy: testAccCheckAwsSESDomainIdentityDestroy,
Steps: []resource.TestStep{
resource.TestStep{
Config: fmt.Sprintf(
testAccAwsSESDomainIdentityConfig,
acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum),
),
Check: resource.ComposeTestCheckFunc(
testAccCheckAwsSESDomainIdentityExists("aws_ses_domain_identity.test"),
),
},
},
})
}

func testAccCheckAwsSESDomainIdentityDestroy(s *terraform.State) error {
conn := testAccProvider.Meta().(*AWSClient).sesConn

for _, rs := range s.RootModule().Resources {
if rs.Type != "aws_ses_domain_identity" {
continue
}

domain := rs.Primary.ID
params := &ses.GetIdentityVerificationAttributesInput{
Identities: []*string{
aws.String(domain),
},
}

response, err := conn.GetIdentityVerificationAttributes(params)
if err != nil {
return err
}

if response.VerificationAttributes[domain] != nil {
return fmt.Errorf("SES Domain Identity %s still exists. Failing!", domain)
}
}

return nil
}

func testAccCheckAwsSESDomainIdentityExists(n string) resource.TestCheckFunc {
return func(s *terraform.State) error {
rs, ok := s.RootModule().Resources[n]
if !ok {
return fmt.Errorf("SES Domain Identity not found: %s", n)
}

if rs.Primary.ID == "" {
return fmt.Errorf("SES Domain Identity name not set")
}

domain := rs.Primary.ID
conn := testAccProvider.Meta().(*AWSClient).sesConn

params := &ses.GetIdentityVerificationAttributesInput{
Identities: []*string{
aws.String(domain),
},
}

response, err := conn.GetIdentityVerificationAttributes(params)
if err != nil {
return err
}

if response.VerificationAttributes[domain] == nil {
return fmt.Errorf("SES Domain Identity %s not found in AWS", domain)
}

return nil
}
}

const testAccAwsSESDomainIdentityConfig = `
resource "aws_ses_domain_identity" "test" {
domain = "%s.terraformtesting.com"
}
`
1 change: 1 addition & 0 deletions website/source/docs/import/importability.html.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,7 @@ To make a resource importable, please see the
* aws_route_table
* aws_s3_bucket
* aws_security_group
* aws_ses_domain_identity
* aws_ses_receipt_filter
* aws_ses_receipt_rule_set
* aws_simpledb_domain
Expand Down
46 changes: 46 additions & 0 deletions website/source/docs/providers/aws/r/ses_domain_identity.html.markdown
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
---
layout: "aws"
page_title: "AWS: ses_domain_identity"
sidebar_current: "docs-aws-resource-ses-domain-identity"
description: |-
Provides an SES domain identity resource
---

# aws\_ses\_domain_identity

Provides an SES domain identity resource
Copy link
Member

@radeksimko radeksimko Mar 30, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would you mind attaching some links and/or details about what steps are expected from the user to actually finish the verification of the domain? What do you think about adding a Route53 DNS record to the example + mentioning the WHOIS records need to point to the zone, or eventually delegate to it? It may sound like an obvious thing, but I think it's good to explain to what extent do we automate this process and help the user along the way.

http://docs.aws.amazon.com/ses/latest/DeveloperGuide/dns-txt-records.html


## Argument Reference

The following arguments are supported:

* `domain` - (Required) The domain name to assign to SES

## Attributes Reference

The following attributes are exported:

* `verification_token` - A code which when added to the domain as a TXT record
will signal to SES that the owner of the domain has authorised SES to act on
their behalf. The domain identity will be in state "verification pending"
until this is done. See below for an example of how this might be achieved
when the domain is hosted in Route 53 and managed by Terraform. Find out
more about verifying domains in Amazon SES in the [AWS SES
docs](http://docs.aws.amazon.com/ses/latest/DeveloperGuide/verify-domains.html).

## Example Usage

```
resource "aws_ses_domain_identity" "example" {
domain = "example.com"
}

resource "aws_route53_record" "example_amazonses_verification_record" {
zone_id = "ABCDEFGHIJ123"
name = "_amazonses.example.com"
type = "TXT"
ttl = "600"
records = ["${aws_ses_domain_identity.example.verification_token}"]
}
```

4 changes: 4 additions & 0 deletions website/source/layouts/aws.erb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1116,6 +1116,10 @@
<a href="/docs/providers/aws/r/ses_active_receipt_rule_set.html">aws_ses_active_receipt_rule_set</a>
</li>

<li<%= sidebar_current("docs-aws-resource-ses-domain-identity") %>>
<a href="/docs/providers/aws/r/ses_domain_identity.html">aws_ses_domain_identity</a>
</li>

<li<%= sidebar_current("docs-aws-resource-ses-receipt-filter") %>>
<a href="/docs/providers/aws/r/ses_receipt_filter.html">aws_ses_receipt_filter</a>
</li>
Expand Down