provider/aws: Implement aws_ses_domain_identity (#13098)

* provider/aws: New resource: aws_ses_domain_identity

Provide a resource to manage domain identities in SES. Exports the
verification_code attribute which can be used to add the TXT record to
the domain to complete the domain verification.

* provider/aws: Acceptance tests for aws_ses_domain_identity

* Resource aws_ses_domain_identity: Documentation update

Provide documentation for the new resource type.
This commit is contained in:
Doug Neal 2017-04-01 06:57:34 +01:00 committed by Radek Simko
parent 173bf10e7b
commit 0c4c578552
6 changed files with 251 additions and 0 deletions

View File

@ -386,6 +386,7 @@ func Provider() terraform.ResourceProvider {
"aws_route_table": resourceAwsRouteTable(),
"aws_route_table_association": resourceAwsRouteTableAssociation(),
"aws_ses_active_receipt_rule_set": resourceAwsSesActiveReceiptRuleSet(),
"aws_ses_domain_identity": resourceAwsSesDomainIdentity(),
"aws_ses_receipt_filter": resourceAwsSesReceiptFilter(),
"aws_ses_receipt_rule": resourceAwsSesReceiptRule(),
"aws_ses_receipt_rule_set": resourceAwsSesReceiptRuleSet(),

View File

@ -0,0 +1,99 @@
package aws
import (
"fmt"
"log"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/service/ses"
"github.com/hashicorp/terraform/helper/schema"
)
func resourceAwsSesDomainIdentity() *schema.Resource {
return &schema.Resource{
Create: resourceAwsSesDomainIdentityCreate,
Read: resourceAwsSesDomainIdentityRead,
Delete: resourceAwsSesDomainIdentityDelete,
Importer: &schema.ResourceImporter{
State: schema.ImportStatePassthrough,
},
Schema: map[string]*schema.Schema{
"domain": &schema.Schema{
Type: schema.TypeString,
Required: true,
ForceNew: true,
},
"verification_token": &schema.Schema{
Type: schema.TypeString,
Computed: true,
},
},
}
}
func resourceAwsSesDomainIdentityCreate(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).sesConn
domainName := d.Get("domain").(string)
createOpts := &ses.VerifyDomainIdentityInput{
Domain: aws.String(domainName),
}
_, err := conn.VerifyDomainIdentity(createOpts)
if err != nil {
return fmt.Errorf("Error requesting SES domain identity verification: %s", err)
}
d.SetId(domainName)
return resourceAwsSesDomainIdentityRead(d, meta)
}
func resourceAwsSesDomainIdentityRead(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).sesConn
domainName := d.Id()
d.Set("domain", domainName)
readOpts := &ses.GetIdentityVerificationAttributesInput{
Identities: []*string{
aws.String(domainName),
},
}
response, err := conn.GetIdentityVerificationAttributes(readOpts)
if err != nil {
log.Printf("[WARN] Error fetching identity verification attributes for %s: %s", d.Id(), err)
return err
}
verificationAttrs, ok := response.VerificationAttributes[domainName]
if !ok {
log.Printf("[WARN] Domain not listed in response when fetching verification attributes for %s", d.Id())
d.SetId("")
return nil
}
d.Set("verification_token", verificationAttrs.VerificationToken)
return nil
}
func resourceAwsSesDomainIdentityDelete(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).sesConn
domainName := d.Get("domain").(string)
deleteOpts := &ses.DeleteIdentityInput{
Identity: aws.String(domainName),
}
_, err := conn.DeleteIdentity(deleteOpts)
if err != nil {
return fmt.Errorf("Error deleting SES domain identity: %s", err)
}
return nil
}

View File

@ -0,0 +1,100 @@
package aws
import (
"fmt"
"testing"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/service/ses"
"github.com/hashicorp/terraform/helper/acctest"
"github.com/hashicorp/terraform/helper/resource"
"github.com/hashicorp/terraform/terraform"
)
func TestAccAwsSESDomainIdentity_basic(t *testing.T) {
resource.Test(t, resource.TestCase{
PreCheck: func() {
testAccPreCheck(t)
},
Providers: testAccProviders,
CheckDestroy: testAccCheckAwsSESDomainIdentityDestroy,
Steps: []resource.TestStep{
resource.TestStep{
Config: fmt.Sprintf(
testAccAwsSESDomainIdentityConfig,
acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum),
),
Check: resource.ComposeTestCheckFunc(
testAccCheckAwsSESDomainIdentityExists("aws_ses_domain_identity.test"),
),
},
},
})
}
func testAccCheckAwsSESDomainIdentityDestroy(s *terraform.State) error {
conn := testAccProvider.Meta().(*AWSClient).sesConn
for _, rs := range s.RootModule().Resources {
if rs.Type != "aws_ses_domain_identity" {
continue
}
domain := rs.Primary.ID
params := &ses.GetIdentityVerificationAttributesInput{
Identities: []*string{
aws.String(domain),
},
}
response, err := conn.GetIdentityVerificationAttributes(params)
if err != nil {
return err
}
if response.VerificationAttributes[domain] != nil {
return fmt.Errorf("SES Domain Identity %s still exists. Failing!", domain)
}
}
return nil
}
func testAccCheckAwsSESDomainIdentityExists(n string) resource.TestCheckFunc {
return func(s *terraform.State) error {
rs, ok := s.RootModule().Resources[n]
if !ok {
return fmt.Errorf("SES Domain Identity not found: %s", n)
}
if rs.Primary.ID == "" {
return fmt.Errorf("SES Domain Identity name not set")
}
domain := rs.Primary.ID
conn := testAccProvider.Meta().(*AWSClient).sesConn
params := &ses.GetIdentityVerificationAttributesInput{
Identities: []*string{
aws.String(domain),
},
}
response, err := conn.GetIdentityVerificationAttributes(params)
if err != nil {
return err
}
if response.VerificationAttributes[domain] == nil {
return fmt.Errorf("SES Domain Identity %s not found in AWS", domain)
}
return nil
}
}
const testAccAwsSESDomainIdentityConfig = `
resource "aws_ses_domain_identity" "test" {
domain = "%s.terraformtesting.com"
}
`

View File

@ -92,6 +92,7 @@ To make a resource importable, please see the
* aws_route_table
* aws_s3_bucket
* aws_security_group
* aws_ses_domain_identity
* aws_ses_receipt_filter
* aws_ses_receipt_rule_set
* aws_simpledb_domain

View File

@ -0,0 +1,46 @@
---
layout: "aws"
page_title: "AWS: ses_domain_identity"
sidebar_current: "docs-aws-resource-ses-domain-identity"
description: |-
Provides an SES domain identity resource
---
# aws\_ses\_domain_identity
Provides an SES domain identity resource
## Argument Reference
The following arguments are supported:
* `domain` - (Required) The domain name to assign to SES
## Attributes Reference
The following attributes are exported:
* `verification_token` - A code which when added to the domain as a TXT record
will signal to SES that the owner of the domain has authorised SES to act on
their behalf. The domain identity will be in state "verification pending"
until this is done. See below for an example of how this might be achieved
when the domain is hosted in Route 53 and managed by Terraform. Find out
more about verifying domains in Amazon SES in the [AWS SES
docs](http://docs.aws.amazon.com/ses/latest/DeveloperGuide/verify-domains.html).
## Example Usage
```
resource "aws_ses_domain_identity" "example" {
domain = "example.com"
}
resource "aws_route53_record" "example_amazonses_verification_record" {
zone_id = "ABCDEFGHIJ123"
name = "_amazonses.example.com"
type = "TXT"
ttl = "600"
records = ["${aws_ses_domain_identity.example.verification_token}"]
}
```

View File

@ -1127,6 +1127,10 @@
<a href="/docs/providers/aws/r/ses_active_receipt_rule_set.html">aws_ses_active_receipt_rule_set</a>
</li>
<li<%= sidebar_current("docs-aws-resource-ses-domain-identity") %>>
<a href="/docs/providers/aws/r/ses_domain_identity.html">aws_ses_domain_identity</a>
</li>
<li<%= sidebar_current("docs-aws-resource-ses-receipt-filter") %>>
<a href="/docs/providers/aws/r/ses_receipt_filter.html">aws_ses_receipt_filter</a>
</li>