From 9e27396bb30d466b13c10aeaa4d60f7d053ebcf8 Mon Sep 17 00:00:00 2001 From: Marc Jay Date: Tue, 14 Jan 2020 23:58:03 +0000 Subject: [PATCH 1/4] Add delivery options to aws_ses_configuration_set resource to allow a TlsPolicy to be specified --- aws/resource_aws_ses_configuration_set.go | 56 ++++++++- ...resource_aws_ses_configuration_set_test.go | 119 +++++++++++++++++- 2 files changed, 171 insertions(+), 4 deletions(-) diff --git a/aws/resource_aws_ses_configuration_set.go b/aws/resource_aws_ses_configuration_set.go index 883a132335d..383190d6e2a 100644 --- a/aws/resource_aws_ses_configuration_set.go +++ b/aws/resource_aws_ses_configuration_set.go @@ -7,11 +7,13 @@ import ( "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/service/ses" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" ) func resourceAwsSesConfigurationSet() *schema.Resource { return &schema.Resource{ Create: resourceAwsSesConfigurationSetCreate, + Update: resourceAwsSesConfigurationSetUpdate, Read: resourceAwsSesConfigurationSetRead, Delete: resourceAwsSesConfigurationSetDelete, Importer: &schema.ResourceImporter{ @@ -24,6 +26,22 @@ func resourceAwsSesConfigurationSet() *schema.Resource { Required: true, ForceNew: true, }, + "delivery_options": { + Type: schema.TypeSet, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "tls_policy": { + Type: schema.TypeString, + Required: true, + ValidateFunc: validation.StringInSlice([]string{ + ses.TlsPolicyRequire, + ses.TlsPolicyOptional, + }, false), + }, + }, + }, + }, }, } } @@ -46,6 +64,31 @@ func resourceAwsSesConfigurationSetCreate(d *schema.ResourceData, meta interface d.SetId(configurationSetName) + return resourceAwsSesConfigurationSetUpdate(d, meta) +} + +func resourceAwsSesConfigurationSetUpdate(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).sesconn + + configurationSetName := d.Get("name").(string) + + updateOpts := &ses.PutConfigurationSetDeliveryOptionsInput{ + ConfigurationSetName: aws.String(configurationSetName), + } + + if v, ok := d.GetOk("delivery_options"); ok { + options := v.(*schema.Set).List() + delivery := options[0].(map[string]interface{}) + updateOpts.DeliveryOptions = &ses.DeliveryOptions{ + TlsPolicy: aws.String(delivery["tls_policy"].(string)), + } + } + + _, err := conn.PutConfigurationSetDeliveryOptions(updateOpts) + if err != nil { + return fmt.Errorf("Error updating SES configuration set: %s", err) + } + return resourceAwsSesConfigurationSetRead(d, meta) } @@ -53,7 +96,8 @@ func resourceAwsSesConfigurationSetRead(d *schema.ResourceData, meta interface{} conn := meta.(*AWSClient).sesconn configSetInput := &ses.DescribeConfigurationSetInput{ - ConfigurationSetName: aws.String(d.Id()), + ConfigurationSetName: aws.String(d.Id()), + ConfigurationSetAttributeNames: aws.StringSlice([]string{ses.ConfigurationSetAttributeDeliveryOptions}), } response, err := conn.DescribeConfigurationSet(configSetInput) @@ -67,6 +111,16 @@ func resourceAwsSesConfigurationSetRead(d *schema.ResourceData, meta interface{} return err } + if response.DeliveryOptions != nil { + var deliveryOptions []map[string]interface{} + tlsPolicy := map[string]interface{}{ + "tls_policy": response.DeliveryOptions.TlsPolicy, + } + + deliveryOptions = append(deliveryOptions, tlsPolicy) + d.Set("delivery_options", deliveryOptions) + } + d.Set("name", aws.StringValue(response.ConfigurationSet.Name)) return nil diff --git a/aws/resource_aws_ses_configuration_set_test.go b/aws/resource_aws_ses_configuration_set_test.go index 454f7df9b0a..ef68609fd96 100644 --- a/aws/resource_aws_ses_configuration_set_test.go +++ b/aws/resource_aws_ses_configuration_set_test.go @@ -79,7 +79,7 @@ func TestAccAWSSESConfigurationSet_basic(t *testing.T) { CheckDestroy: testAccCheckSESConfigurationSetDestroy, Steps: []resource.TestStep{ { - Config: testAccAWSSESConfigurationSetConfig(escRandomInteger), + Config: testAccAWSSESConfigurationSetBasicConfig(escRandomInteger), Check: resource.ComposeTestCheckFunc( testAccCheckAwsSESConfigurationSetExists("aws_ses_configuration_set.test"), ), @@ -93,6 +93,77 @@ func TestAccAWSSESConfigurationSet_basic(t *testing.T) { }) } +func TestAccAWSSESConfigurationSet_deliveryOptions(t *testing.T) { + var escRandomInteger = acctest.RandInt() + resourceName := "aws_ses_configuration_set.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { + testAccPreCheck(t) + testAccPreCheckAWSSES(t) + }, + Providers: testAccProviders, + CheckDestroy: testAccCheckSESConfigurationSetDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSSESConfigurationSetDeliveryOptionsConfig(escRandomInteger), + Check: resource.ComposeTestCheckFunc( + testAccCheckAwsSESConfigurationSetExists(resourceName), + testAccCheckAwsSESConfigurationSetRequiresTLS(resourceName), + resource.TestCheckResourceAttr(resourceName, "delivery_options.#", "1"), + resource.TestCheckTypeSetElemNestedAttrs(resourceName, "delivery_options.*", map[string]string{ + "tls_policy": "Require", + }), + ), + }, + { + ResourceName: "aws_ses_configuration_set.test", + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + +func TestAccAWSSESConfigurationSet_deliveryOptionsUpdate(t *testing.T) { + var escRandomInteger = acctest.RandInt() + resourceName := "aws_ses_configuration_set.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { + testAccPreCheck(t) + testAccPreCheckAWSSES(t) + }, + Providers: testAccProviders, + CheckDestroy: testAccCheckSESConfigurationSetDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSSESConfigurationSetBasicConfig(escRandomInteger), + Check: resource.ComposeTestCheckFunc( + testAccCheckAwsSESConfigurationSetExists("aws_ses_configuration_set.test"), + resource.TestCheckNoResourceAttr(resourceName, "delivery_options.#"), + ), + }, + { + Config: testAccAWSSESConfigurationSetDeliveryOptionsConfig(escRandomInteger), + Check: resource.ComposeTestCheckFunc( + testAccCheckAwsSESConfigurationSetExists("aws_ses_configuration_set.test"), + testAccCheckAwsSESConfigurationSetRequiresTLS("aws_ses_configuration_set.test"), + resource.TestCheckResourceAttr(resourceName, "delivery_options.#", "1"), + resource.TestCheckTypeSetElemNestedAttrs(resourceName, "delivery_options.*", map[string]string{ + "tls_policy": "Require", + }), + ), + }, + { + ResourceName: "aws_ses_configuration_set.test", + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + func testAccCheckAwsSESConfigurationSetExists(n string) resource.TestCheckFunc { return func(s *terraform.State) error { rs, ok := s.RootModule().Resources[n] @@ -122,6 +193,37 @@ func testAccCheckAwsSESConfigurationSetExists(n string) resource.TestCheckFunc { } } +func testAccCheckAwsSESConfigurationSetRequiresTLS(n string) resource.TestCheckFunc { + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[n] + if !ok { + return fmt.Errorf("SES configuration set not found: %s", n) + } + + conn := testAccProvider.Meta().(*AWSClient).sesconn + + describeOpts := &ses.DescribeConfigurationSetInput{ + ConfigurationSetName: aws.String(rs.Primary.ID), + ConfigurationSetAttributeNames: aws.StringSlice([]string{ses.ConfigurationSetAttributeDeliveryOptions}), + } + + response, err := conn.DescribeConfigurationSet(describeOpts) + if err != nil { + return err + } + + if response.DeliveryOptions == nil { + return fmt.Errorf("The configuration set did not have DeliveryOptions set") + } + + if aws.StringValue(response.DeliveryOptions.TlsPolicy) != ses.TlsPolicyRequire { + return fmt.Errorf("The configuration set did not have DeliveryOptions with a TlsPolicy setting set to Require") + } + + return nil + } +} + func testAccCheckSESConfigurationSetDestroy(s *terraform.State) error { conn := testAccProvider.Meta().(*AWSClient).sesconn @@ -144,10 +246,21 @@ func testAccCheckSESConfigurationSetDestroy(s *terraform.State) error { return nil } -func testAccAWSSESConfigurationSetConfig(escRandomInteger int) string { +func testAccAWSSESConfigurationSetBasicConfig(escRandomInteger int) string { + return fmt.Sprintf(` +resource "aws_ses_configuration_set" "test" { + name = "some-configuration-set-%d" +} +`, escRandomInteger) +} + +func testAccAWSSESConfigurationSetDeliveryOptionsConfig(escRandomInteger int) string { return fmt.Sprintf(` resource "aws_ses_configuration_set" "test" { - name = "some-configuration-set-%d" + name = "some-configuration-set-%d" + delivery_options { + tls_policy = "Require" + } } `, escRandomInteger) } From b4983adfe8120c2b3a327505fddde73e4c58bef3 Mon Sep 17 00:00:00 2001 From: Marc Jay Date: Wed, 15 Jan 2020 02:53:40 +0000 Subject: [PATCH 2/4] Add acceptance test for aws_ses_configuration_set resource updates Update r/aws_ses_configuration_set documentation for delivery_options/tls_policy References #11197 --- aws/resource_aws_ses_configuration_set.go | 9 ++++++--- website/docs/r/ses_configuration_set.markdown | 16 ++++++++++++++++ 2 files changed, 22 insertions(+), 3 deletions(-) diff --git a/aws/resource_aws_ses_configuration_set.go b/aws/resource_aws_ses_configuration_set.go index 383190d6e2a..572d6da69a1 100644 --- a/aws/resource_aws_ses_configuration_set.go +++ b/aws/resource_aws_ses_configuration_set.go @@ -33,7 +33,8 @@ func resourceAwsSesConfigurationSet() *schema.Resource { Schema: map[string]*schema.Schema{ "tls_policy": { Type: schema.TypeString, - Required: true, + Optional: true, + Default: ses.TlsPolicyOptional, ValidateFunc: validation.StringInSlice([]string{ ses.TlsPolicyRequire, ses.TlsPolicyOptional, @@ -116,9 +117,11 @@ func resourceAwsSesConfigurationSetRead(d *schema.ResourceData, meta interface{} tlsPolicy := map[string]interface{}{ "tls_policy": response.DeliveryOptions.TlsPolicy, } - deliveryOptions = append(deliveryOptions, tlsPolicy) - d.Set("delivery_options", deliveryOptions) + + if err := d.Set("delivery_options", deliveryOptions); err != nil { + return fmt.Errorf("Error setting delivery_options for SES configuration set %s: %s", d.Id(), err) + } } d.Set("name", aws.StringValue(response.ConfigurationSet.Name)) diff --git a/website/docs/r/ses_configuration_set.markdown b/website/docs/r/ses_configuration_set.markdown index 98b2c0beef2..f3b9be2b26f 100644 --- a/website/docs/r/ses_configuration_set.markdown +++ b/website/docs/r/ses_configuration_set.markdown @@ -18,12 +18,28 @@ resource "aws_ses_configuration_set" "test" { } ``` +### Require TLS Connections + +```hcl +resource "aws_ses_configuration_set" "test" { + name = "some-configuration-set-test" + + delivery_options { + tls_policy = "Require" + } +} +``` + ## Argument Reference The following arguments are supported: * `name` - (Required) The name of the configuration set +Delivery Options (`delivery_options`) support the following: + +* `tls_policy` - (Optional) Specifies whether messages that use the configuration set are required to use Transport Layer Security (TLS). Valid values: `Require` and `Optional`. If the value is `Require`, messages are only delivered if a TLS connection can be established. If the value is `Optional`, messages can be delivered in plain text if a TLS connection can't be established. Defaults to `Optional`. + ## Import SES Configuration Sets can be imported using their `name`, e.g. From b9061447986565351f8afbdd8895d2b06af25612 Mon Sep 17 00:00:00 2001 From: Angie Pinilla Date: Thu, 11 Feb 2021 09:51:32 -0500 Subject: [PATCH 3/4] CR updates including documentation, acctest coverage, create->read flow --- aws/resource_aws_ses_configuration_set.go | 118 +++++++----- ...resource_aws_ses_configuration_set_test.go | 180 ++++++++++++------ website/docs/r/ses_configuration_set.markdown | 7 +- 3 files changed, 202 insertions(+), 103 deletions(-) diff --git a/aws/resource_aws_ses_configuration_set.go b/aws/resource_aws_ses_configuration_set.go index 572d6da69a1..3af7f7ddae3 100644 --- a/aws/resource_aws_ses_configuration_set.go +++ b/aws/resource_aws_ses_configuration_set.go @@ -13,36 +13,34 @@ import ( func resourceAwsSesConfigurationSet() *schema.Resource { return &schema.Resource{ Create: resourceAwsSesConfigurationSetCreate, - Update: resourceAwsSesConfigurationSetUpdate, Read: resourceAwsSesConfigurationSetRead, + Update: resourceAwsSesConfigurationSetUpdate, Delete: resourceAwsSesConfigurationSetDelete, Importer: &schema.ResourceImporter{ State: schema.ImportStatePassthrough, }, Schema: map[string]*schema.Schema{ - "name": { - Type: schema.TypeString, - Required: true, - ForceNew: true, - }, "delivery_options": { - Type: schema.TypeSet, + Type: schema.TypeList, Optional: true, + MaxItems: 1, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "tls_policy": { - Type: schema.TypeString, - Optional: true, - Default: ses.TlsPolicyOptional, - ValidateFunc: validation.StringInSlice([]string{ - ses.TlsPolicyRequire, - ses.TlsPolicyOptional, - }, false), + Type: schema.TypeString, + Optional: true, + Default: ses.TlsPolicyOptional, + ValidateFunc: validation.StringInSlice(ses.TlsPolicy_Values(), false), }, }, }, }, + "name": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + }, }, } } @@ -60,34 +58,21 @@ func resourceAwsSesConfigurationSetCreate(d *schema.ResourceData, meta interface _, err := conn.CreateConfigurationSet(createOpts) if err != nil { - return fmt.Errorf("Error creating SES configuration set: %s", err) + return fmt.Errorf("error creating SES configuration set (%s): %w", configurationSetName, err) } d.SetId(configurationSetName) - return resourceAwsSesConfigurationSetUpdate(d, meta) -} - -func resourceAwsSesConfigurationSetUpdate(d *schema.ResourceData, meta interface{}) error { - conn := meta.(*AWSClient).sesconn - - configurationSetName := d.Get("name").(string) - - updateOpts := &ses.PutConfigurationSetDeliveryOptionsInput{ - ConfigurationSetName: aws.String(configurationSetName), - } - - if v, ok := d.GetOk("delivery_options"); ok { - options := v.(*schema.Set).List() - delivery := options[0].(map[string]interface{}) - updateOpts.DeliveryOptions = &ses.DeliveryOptions{ - TlsPolicy: aws.String(delivery["tls_policy"].(string)), + if v, ok := d.GetOk("delivery_options"); ok && len(v.([]interface{})) > 0 && v.([]interface{})[0] != nil { + input := &ses.PutConfigurationSetDeliveryOptionsInput{ + ConfigurationSetName: aws.String(configurationSetName), + DeliveryOptions: expandSesConfigurationSetDeliveryOptions(v.([]interface{})), } - } - _, err := conn.PutConfigurationSetDeliveryOptions(updateOpts) - if err != nil { - return fmt.Errorf("Error updating SES configuration set: %s", err) + _, err := conn.PutConfigurationSetDeliveryOptions(input) + if err != nil { + return fmt.Errorf("error adding SES configuration set (%s) delivery options: %w", configurationSetName, err) + } } return resourceAwsSesConfigurationSetRead(d, meta) @@ -112,16 +97,8 @@ func resourceAwsSesConfigurationSetRead(d *schema.ResourceData, meta interface{} return err } - if response.DeliveryOptions != nil { - var deliveryOptions []map[string]interface{} - tlsPolicy := map[string]interface{}{ - "tls_policy": response.DeliveryOptions.TlsPolicy, - } - deliveryOptions = append(deliveryOptions, tlsPolicy) - - if err := d.Set("delivery_options", deliveryOptions); err != nil { - return fmt.Errorf("Error setting delivery_options for SES configuration set %s: %s", d.Id(), err) - } + if err := d.Set("delivery_options", flattenSesConfigurationSetDeliveryOptions(response.DeliveryOptions)); err != nil { + return fmt.Errorf("error setting delivery_options: %w", err) } d.Set("name", aws.StringValue(response.ConfigurationSet.Name)) @@ -129,6 +106,24 @@ func resourceAwsSesConfigurationSetRead(d *schema.ResourceData, meta interface{} return nil } +func resourceAwsSesConfigurationSetUpdate(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).sesconn + + if d.HasChange("delivery_options") { + input := &ses.PutConfigurationSetDeliveryOptionsInput{ + ConfigurationSetName: aws.String(d.Id()), + DeliveryOptions: expandSesConfigurationSetDeliveryOptions(d.Get("delivery_options").([]interface{})), + } + + _, err := conn.PutConfigurationSetDeliveryOptions(input) + if err != nil { + return fmt.Errorf("error updating SES configuration set (%s) delivery options: %w", d.Id(), err) + } + } + + return resourceAwsSesConfigurationSetRead(d, meta) +} + func resourceAwsSesConfigurationSetDelete(d *schema.ResourceData, meta interface{}) error { conn := meta.(*AWSClient).sesconn @@ -139,3 +134,34 @@ func resourceAwsSesConfigurationSetDelete(d *schema.ResourceData, meta interface return err } + +func expandSesConfigurationSetDeliveryOptions(l []interface{}) *ses.DeliveryOptions { + if len(l) == 0 || l[0] == nil { + return nil + } + + tfMap, ok := l[0].(map[string]interface{}) + if !ok { + return nil + } + + options := &ses.DeliveryOptions{} + + if v, ok := tfMap["tls_policy"].(string); ok && v != "" { + options.TlsPolicy = aws.String(v) + } + + return options +} + +func flattenSesConfigurationSetDeliveryOptions(options *ses.DeliveryOptions) []interface{} { + if options == nil { + return nil + } + + m := map[string]interface{}{ + "tls_policy": aws.StringValue(options.TlsPolicy), + } + + return []interface{}{m} +} diff --git a/aws/resource_aws_ses_configuration_set_test.go b/aws/resource_aws_ses_configuration_set_test.go index ef68609fd96..d2c0611797c 100644 --- a/aws/resource_aws_ses_configuration_set_test.go +++ b/aws/resource_aws_ses_configuration_set_test.go @@ -69,6 +69,7 @@ func testSweepSesConfigurationSets(region string) error { func TestAccAWSSESConfigurationSet_basic(t *testing.T) { var escRandomInteger = acctest.RandInt() + resourceName := "aws_ses_configuration_set.test" resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { @@ -81,11 +82,12 @@ func TestAccAWSSESConfigurationSet_basic(t *testing.T) { { Config: testAccAWSSESConfigurationSetBasicConfig(escRandomInteger), Check: resource.ComposeTestCheckFunc( - testAccCheckAwsSESConfigurationSetExists("aws_ses_configuration_set.test"), + testAccCheckAwsSESConfigurationSetExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "delivery_options.#", "0"), ), }, { - ResourceName: "aws_ses_configuration_set.test", + ResourceName: resourceName, ImportState: true, ImportStateVerify: true, }, @@ -106,18 +108,99 @@ func TestAccAWSSESConfigurationSet_deliveryOptions(t *testing.T) { CheckDestroy: testAccCheckSESConfigurationSetDestroy, Steps: []resource.TestStep{ { - Config: testAccAWSSESConfigurationSetDeliveryOptionsConfig(escRandomInteger), + Config: testAccAWSSESConfigurationSetDeliveryOptionsConfig(escRandomInteger, ses.TlsPolicyRequire), + Check: resource.ComposeTestCheckFunc( + testAccCheckAwsSESConfigurationSetExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "delivery_options.#", "1"), + resource.TestCheckResourceAttr(resourceName, "delivery_options.0.tls_policy", ses.TlsPolicyRequire), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + +func TestAccAWSSESConfigurationSet_update_deliveryOptions(t *testing.T) { + var escRandomInteger = acctest.RandInt() + resourceName := "aws_ses_configuration_set.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { + testAccPreCheck(t) + testAccPreCheckAWSSES(t) + }, + Providers: testAccProviders, + CheckDestroy: testAccCheckSESConfigurationSetDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSSESConfigurationSetBasicConfig(escRandomInteger), + Check: resource.ComposeTestCheckFunc( + testAccCheckAwsSESConfigurationSetExists(resourceName), + ), + }, + { + Config: testAccAWSSESConfigurationSetDeliveryOptionsConfig(escRandomInteger, ses.TlsPolicyRequire), + Check: resource.ComposeTestCheckFunc( + testAccCheckAwsSESConfigurationSetExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "delivery_options.#", "1"), + resource.TestCheckResourceAttr(resourceName, "delivery_options.0.tls_policy", ses.TlsPolicyRequire), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + }, + { + Config: testAccAWSSESConfigurationSetDeliveryOptionsConfig(escRandomInteger, ses.TlsPolicyOptional), + Check: resource.ComposeTestCheckFunc( + testAccCheckAwsSESConfigurationSetExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "delivery_options.#", "1"), + resource.TestCheckResourceAttr(resourceName, "delivery_options.0.tls_policy", ses.TlsPolicyOptional), + ), + }, + { + Config: testAccAWSSESConfigurationSetBasicConfig(escRandomInteger), + Check: resource.ComposeTestCheckFunc( + testAccCheckAwsSESConfigurationSetExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "delivery_options.#", "0"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + +func TestAccAWSSESConfigurationSet_emptyDeliveryOptions(t *testing.T) { + var escRandomInteger = acctest.RandInt() + resourceName := "aws_ses_configuration_set.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { + testAccPreCheck(t) + testAccPreCheckAWSSES(t) + }, + Providers: testAccProviders, + CheckDestroy: testAccCheckSESConfigurationSetDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSSESConfigurationSetEmptyDeliveryOptionsConfig(escRandomInteger), Check: resource.ComposeTestCheckFunc( testAccCheckAwsSESConfigurationSetExists(resourceName), - testAccCheckAwsSESConfigurationSetRequiresTLS(resourceName), resource.TestCheckResourceAttr(resourceName, "delivery_options.#", "1"), - resource.TestCheckTypeSetElemNestedAttrs(resourceName, "delivery_options.*", map[string]string{ - "tls_policy": "Require", - }), + resource.TestCheckResourceAttr(resourceName, "delivery_options.0.tls_policy", ses.TlsPolicyOptional), ), }, { - ResourceName: "aws_ses_configuration_set.test", + ResourceName: resourceName, ImportState: true, ImportStateVerify: true, }, @@ -125,7 +208,7 @@ func TestAccAWSSESConfigurationSet_deliveryOptions(t *testing.T) { }) } -func TestAccAWSSESConfigurationSet_deliveryOptionsUpdate(t *testing.T) { +func TestAccAWSSESConfigurationSet_update_emptyDeliveryOptions(t *testing.T) { var escRandomInteger = acctest.RandInt() resourceName := "aws_ses_configuration_set.test" @@ -140,23 +223,32 @@ func TestAccAWSSESConfigurationSet_deliveryOptionsUpdate(t *testing.T) { { Config: testAccAWSSESConfigurationSetBasicConfig(escRandomInteger), Check: resource.ComposeTestCheckFunc( - testAccCheckAwsSESConfigurationSetExists("aws_ses_configuration_set.test"), - resource.TestCheckNoResourceAttr(resourceName, "delivery_options.#"), + testAccCheckAwsSESConfigurationSetExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "delivery_options.#", "0"), ), }, { - Config: testAccAWSSESConfigurationSetDeliveryOptionsConfig(escRandomInteger), + Config: testAccAWSSESConfigurationSetEmptyDeliveryOptionsConfig(escRandomInteger), Check: resource.ComposeTestCheckFunc( - testAccCheckAwsSESConfigurationSetExists("aws_ses_configuration_set.test"), - testAccCheckAwsSESConfigurationSetRequiresTLS("aws_ses_configuration_set.test"), + testAccCheckAwsSESConfigurationSetExists(resourceName), resource.TestCheckResourceAttr(resourceName, "delivery_options.#", "1"), - resource.TestCheckTypeSetElemNestedAttrs(resourceName, "delivery_options.*", map[string]string{ - "tls_policy": "Require", - }), + resource.TestCheckResourceAttr(resourceName, "delivery_options.0.tls_policy", ses.TlsPolicyOptional), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + }, + { + Config: testAccAWSSESConfigurationSetBasicConfig(escRandomInteger), + Check: resource.ComposeTestCheckFunc( + testAccCheckAwsSESConfigurationSetExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "delivery_options.#", "0"), ), }, { - ResourceName: "aws_ses_configuration_set.test", + ResourceName: resourceName, ImportState: true, ImportStateVerify: true, }, @@ -193,37 +285,6 @@ func testAccCheckAwsSESConfigurationSetExists(n string) resource.TestCheckFunc { } } -func testAccCheckAwsSESConfigurationSetRequiresTLS(n string) resource.TestCheckFunc { - return func(s *terraform.State) error { - rs, ok := s.RootModule().Resources[n] - if !ok { - return fmt.Errorf("SES configuration set not found: %s", n) - } - - conn := testAccProvider.Meta().(*AWSClient).sesconn - - describeOpts := &ses.DescribeConfigurationSetInput{ - ConfigurationSetName: aws.String(rs.Primary.ID), - ConfigurationSetAttributeNames: aws.StringSlice([]string{ses.ConfigurationSetAttributeDeliveryOptions}), - } - - response, err := conn.DescribeConfigurationSet(describeOpts) - if err != nil { - return err - } - - if response.DeliveryOptions == nil { - return fmt.Errorf("The configuration set did not have DeliveryOptions set") - } - - if aws.StringValue(response.DeliveryOptions.TlsPolicy) != ses.TlsPolicyRequire { - return fmt.Errorf("The configuration set did not have DeliveryOptions with a TlsPolicy setting set to Require") - } - - return nil - } -} - func testAccCheckSESConfigurationSetDestroy(s *terraform.State) error { conn := testAccProvider.Meta().(*AWSClient).sesconn @@ -249,18 +310,27 @@ func testAccCheckSESConfigurationSetDestroy(s *terraform.State) error { func testAccAWSSESConfigurationSetBasicConfig(escRandomInteger int) string { return fmt.Sprintf(` resource "aws_ses_configuration_set" "test" { - name = "some-configuration-set-%d" + name = "some-configuration-set-%d" } `, escRandomInteger) } -func testAccAWSSESConfigurationSetDeliveryOptionsConfig(escRandomInteger int) string { +func testAccAWSSESConfigurationSetDeliveryOptionsConfig(escRandomInteger int, tlsPolicy string) string { return fmt.Sprintf(` resource "aws_ses_configuration_set" "test" { - name = "some-configuration-set-%d" - delivery_options { - tls_policy = "Require" - } + name = "some-configuration-set-%d" + delivery_options { + tls_policy = %q + } +} +`, escRandomInteger, tlsPolicy) +} + +func testAccAWSSESConfigurationSetEmptyDeliveryOptionsConfig(escRandomInteger int) string { + return fmt.Sprintf(` +resource "aws_ses_configuration_set" "test" { + name = "some-configuration-set-%d" + delivery_options {} } `, escRandomInteger) } diff --git a/website/docs/r/ses_configuration_set.markdown b/website/docs/r/ses_configuration_set.markdown index f3b9be2b26f..1565dccbb54 100644 --- a/website/docs/r/ses_configuration_set.markdown +++ b/website/docs/r/ses_configuration_set.markdown @@ -34,11 +34,14 @@ resource "aws_ses_configuration_set" "test" { The following arguments are supported: +* `delivery_options` - (Optional) A configuration block that specifies whether messages that use the configuration set are required to use Transport Layer Security (TLS). Detailed below. * `name` - (Required) The name of the configuration set -Delivery Options (`delivery_options`) support the following: +### delivery_options Argument Reference -* `tls_policy` - (Optional) Specifies whether messages that use the configuration set are required to use Transport Layer Security (TLS). Valid values: `Require` and `Optional`. If the value is `Require`, messages are only delivered if a TLS connection can be established. If the value is `Optional`, messages can be delivered in plain text if a TLS connection can't be established. Defaults to `Optional`. +The `delivery_options` configuration block supports the following argument: + +* `tls_policy` - (Optional) Specifies whether messages that use the configuration set are required to use Transport Layer Security (TLS). If the value is `Require`, messages are only delivered if a TLS connection can be established. If the value is `Optional`, messages can be delivered in plain text if a TLS connection can't be established. Valid values: `Require` or `Optional`. Defaults to `Optional`. ## Import From d0a279122a4dbffdde4e3c5ea952ee6ea0785a6e Mon Sep 17 00:00:00 2001 From: Angie Pinilla Date: Thu, 11 Feb 2021 09:59:16 -0500 Subject: [PATCH 4/4] Update CHANGELOG for #11600 --- .changelog/11600.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .changelog/11600.txt diff --git a/.changelog/11600.txt b/.changelog/11600.txt new file mode 100644 index 00000000000..c2b2bbf4dfd --- /dev/null +++ b/.changelog/11600.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +resource/aws_ses_configuration_set: Add `delivery_options` argument +``` \ No newline at end of file