resource/aws_pinpoint_email_channel: Support using SES configuration …

…set and add plan time validations (#18314) Output from acceptance testing in AWS Commercial: ``` --- PASS: TestAccAWSPinpointEmailChannel_disappears (19.13s) --- PASS: TestAccAWSPinpointEmailChannel_configurationSet (22.62s) --- PASS: TestAccAWSPinpointEmailChannel_basic (34.66s) ``` Output from acceptance testing in AWS GovCloud (US): ``` --- PASS: TestAccAWSPinpointEmailChannel_disappears (27.30s) --- PASS: TestAccAWSPinpointEmailChannel_configurationSet (33.09s) --- PASS: TestAccAWSPinpointEmailChannel_basic (53.08s) ```
hashicorp · Mar 25, 2021 · e80ca2f · e80ca2f
1 parent 48fefb7
commit e80ca2f
Show file tree

Hide file tree

Showing 4 changed files with 161 additions and 24 deletions.
diff --git a/.changelog/18314.txt b/.changelog/18314.txt
@@ -0,0 +1,7 @@
+```release-note:enhancement
+resource/aws_pinpoint_email_channel: Add `configuration_set` argument
+```
+
+```release-note:enhancement
+resource/aws_pinpoint_email_channel: Add plan time validation for `identity` and `role_arn`
+```
diff --git a/aws/resource_aws_pinpoint_email_channel.go b/aws/resource_aws_pinpoint_email_channel.go
@@ -25,6 +25,11 @@ func resourceAwsPinpointEmailChannel() *schema.Resource {
 				Required: true,
 				ForceNew: true,
 			},
+			"configuration_set": {
+				Type:         schema.TypeString,
+				Optional:     true,
+				ValidateFunc: validateArn,
+			},
 			"enabled": {
 				Type:     schema.TypeBool,
 				Optional: true,
@@ -35,12 +40,14 @@ func resourceAwsPinpointEmailChannel() *schema.Resource {
 				Required: true,
 			},
 			"identity": {
-				Type:     schema.TypeString,
-				Required: true,
+				Type:         schema.TypeString,
+				Required:     true,
+				ValidateFunc: validateArn,
 			},
 			"role_arn": {
-				Type:     schema.TypeString,
-				Required: true,
+				Type:         schema.TypeString,
+				Required:     true,
+				ValidateFunc: validateArn,
 			},
 			"messages_per_second": {
 				Type:     schema.TypeInt,
@@ -62,14 +69,18 @@ func resourceAwsPinpointEmailChannelUpsert(d *schema.ResourceData, meta interfac
 	params.Identity = aws.String(d.Get("identity").(string))
 	params.RoleArn = aws.String(d.Get("role_arn").(string))
 
+	if v, ok := d.GetOk("configuration_set"); ok {
+		params.ConfigurationSet = aws.String(v.(string))
+	}
+
 	req := pinpoint.UpdateEmailChannelInput{
 		ApplicationId:       aws.String(applicationId),
 		EmailChannelRequest: params,
 	}
 
 	_, err := conn.UpdateEmailChannel(&req)
 	if err != nil {
-		return fmt.Errorf("error updating Pinpoint Email Channel for application %s: %s", applicationId, err)
+		return fmt.Errorf("error updating Pinpoint Email Channel for application %s: %w", applicationId, err)
 	}
 
 	d.SetId(applicationId)
@@ -92,15 +103,18 @@ func resourceAwsPinpointEmailChannelRead(d *schema.ResourceData, meta interface{
 			return nil
 		}
 
-		return fmt.Errorf("error getting Pinpoint Email Channel for application %s: %s", d.Id(), err)
+		return fmt.Errorf("error getting Pinpoint Email Channel for application %s: %w", d.Id(), err)
 	}
 
-	d.Set("application_id", output.EmailChannelResponse.ApplicationId)
-	d.Set("enabled", output.EmailChannelResponse.Enabled)
-	d.Set("from_address", output.EmailChannelResponse.FromAddress)
-	d.Set("identity", output.EmailChannelResponse.Identity)
-	d.Set("role_arn", output.EmailChannelResponse.RoleArn)
-	d.Set("messages_per_second", aws.Int64Value(output.EmailChannelResponse.MessagesPerSecond))
+	res := output.EmailChannelResponse
+	d.Set("application_id", res.ApplicationId)
+	d.Set("enabled", res.Enabled)
+	d.Set("from_address", res.FromAddress)
+	d.Set("identity", res.Identity)
+	d.Set("role_arn", res.RoleArn)
+	d.Set("configuration_set", res.ConfigurationSet)
+	d.Set("messages_per_second", aws.Int64Value(res.MessagesPerSecond))
+
 	return nil
 }
 
@@ -117,7 +131,7 @@ func resourceAwsPinpointEmailChannelDelete(d *schema.ResourceData, meta interfac
 	}
 
 	if err != nil {
-		return fmt.Errorf("error deleting Pinpoint Email Channel for application %s: %s", d.Id(), err)
+		return fmt.Errorf("error deleting Pinpoint Email Channel for application %s: %w", d.Id(), err)
 	}
 	return nil
 }
diff --git a/aws/resource_aws_pinpoint_email_channel_test.go b/aws/resource_aws_pinpoint_email_channel_test.go
@@ -6,13 +6,14 @@ import (
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/service/pinpoint"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
 )
 
 func TestAccAWSPinpointEmailChannel_basic(t *testing.T) {
 	var channel pinpoint.EmailChannelResponse
-	resourceName := "aws_pinpoint_email_channel.test_email_channel"
+	resourceName := "aws_pinpoint_email_channel.test"
 
 	resource.ParallelTest(t, resource.TestCase{
 		PreCheck:      func() { testAccPreCheck(t); testAccPreCheckAWSPinpointApp(t) },
@@ -27,6 +28,8 @@ func TestAccAWSPinpointEmailChannel_basic(t *testing.T) {
 					testAccCheckAWSPinpointEmailChannelExists(resourceName, &channel),
 					resource.TestCheckResourceAttr(resourceName, "enabled", "false"),
 					resource.TestCheckResourceAttrSet(resourceName, "messages_per_second"),
+					resource.TestCheckResourceAttrPair(resourceName, "role_arn", "aws_iam_role.test", "arn"),
+					resource.TestCheckResourceAttrPair(resourceName, "identity", "aws_ses_domain_identity.test", "arn"),
 				),
 			},
 			{
@@ -46,6 +49,56 @@ func TestAccAWSPinpointEmailChannel_basic(t *testing.T) {
 	})
 }
 
+func TestAccAWSPinpointEmailChannel_configurationSet(t *testing.T) {
+	var channel pinpoint.EmailChannelResponse
+	resourceName := "aws_pinpoint_email_channel.test"
+	rName := acctest.RandomWithPrefix("tf-acc-test")
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:      func() { testAccPreCheck(t); testAccPreCheckAWSPinpointApp(t) },
+		ErrorCheck:    testAccErrorCheck(t, pinpoint.EndpointsID),
+		IDRefreshName: resourceName,
+		Providers:     testAccProviders,
+		CheckDestroy:  testAccCheckAWSPinpointEmailChannelDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAWSPinpointEmailChannelConfigConfigurationSet("[email protected]", rName),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAWSPinpointEmailChannelExists(resourceName, &channel),
+					resource.TestCheckResourceAttrPair(resourceName, "configuration_set", "aws_ses_configuration_set.test", "arn"),
+				),
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+func TestAccAWSPinpointEmailChannel_disappears(t *testing.T) {
+	var channel pinpoint.EmailChannelResponse
+	resourceName := "aws_pinpoint_email_channel.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:      func() { testAccPreCheck(t); testAccPreCheckAWSPinpointApp(t) },
+		ErrorCheck:    testAccErrorCheck(t, pinpoint.EndpointsID),
+		IDRefreshName: resourceName,
+		Providers:     testAccProviders,
+		CheckDestroy:  testAccCheckAWSPinpointEmailChannelDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAWSPinpointEmailChannelConfig_FromAddress("[email protected]"),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAWSPinpointEmailChannelExists(resourceName, &channel),
+					testAccCheckResourceDisappears(testAccProvider, resourceAwsPinpointEmailChannel(), resourceName),
+				),
+				ExpectNonEmptyPlan: true,
+			},
+		},
+	})
+}
+
 func testAccCheckAWSPinpointEmailChannelExists(n string, channel *pinpoint.EmailChannelResponse) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		rs, ok := s.RootModule().Resources[n]
@@ -77,21 +130,21 @@ func testAccCheckAWSPinpointEmailChannelExists(n string, channel *pinpoint.Email
 
 func testAccAWSPinpointEmailChannelConfig_FromAddress(fromAddress string) string {
 	return fmt.Sprintf(`
-resource "aws_pinpoint_app" "test_app" {}
+resource "aws_pinpoint_app" "test" {}
 
-resource "aws_pinpoint_email_channel" "test_email_channel" {
-  application_id = aws_pinpoint_app.test_app.application_id
+resource "aws_pinpoint_email_channel" "test" {
+  application_id = aws_pinpoint_app.test.application_id
   enabled        = "false"
   from_address   = %[1]q
-  identity       = aws_ses_domain_identity.test_identity.arn
-  role_arn       = aws_iam_role.test_role.arn
+  identity       = aws_ses_domain_identity.test.arn
+  role_arn       = aws_iam_role.test.arn
 }
 
-resource "aws_ses_domain_identity" "test_identity" {
+resource "aws_ses_domain_identity" "test" {
   domain = "example.com"
 }
 
-resource "aws_iam_role" "test_role" {
+resource "aws_iam_role" "test" {
   assume_role_policy = <<EOF
 {
   "Version": "2012-10-17",
@@ -109,9 +162,9 @@ resource "aws_iam_role" "test_role" {
 EOF
 }
 
-resource "aws_iam_role_policy" "test_role_policy" {
-  name = "test_policy"
-  role = aws_iam_role.test_role.id
+resource "aws_iam_role_policy" "test" {
+  name = "test"
+  role = aws_iam_role.test.id
 
   policy = <<EOF
 {
@@ -132,6 +185,68 @@ EOF
 `, fromAddress)
 }
 
+func testAccAWSPinpointEmailChannelConfigConfigurationSet(fromAddress, rName string) string {
+	return fmt.Sprintf(`
+resource "aws_pinpoint_app" "test" {}
+
+resource "aws_ses_configuration_set" "test" {
+  name = %[2]q
+}
+
+resource "aws_pinpoint_email_channel" "test" {
+  application_id    = aws_pinpoint_app.test.application_id
+  enabled           = "false"
+  from_address      = %[1]q
+  identity          = aws_ses_domain_identity.test.arn
+  role_arn          = aws_iam_role.test.arn
+  configuration_set = aws_ses_configuration_set.test.arn
+}
+
+resource "aws_ses_domain_identity" "test" {
+  domain = "example.com"
+}
+
+resource "aws_iam_role" "test" {
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "pinpoint.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "test" {
+  name = "test"
+  role = aws_iam_role.test.id
+
+  policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": {
+    "Action": [
+      "mobileanalytics:PutEvents",
+      "mobileanalytics:PutItems"
+    ],
+    "Effect": "Allow",
+    "Resource": [
+      "*"
+    ]
+  }
+}
+EOF
+}
+`, fromAddress, rName)
+}
+
 func testAccCheckAWSPinpointEmailChannelDestroy(s *terraform.State) error {
 	conn := testAccProvider.Meta().(*AWSClient).pinpointconn
 

diff --git a/website/docs/r/pinpoint_email_channel.markdown b/website/docs/r/pinpoint_email_channel.markdown
@@ -73,6 +73,7 @@ The following arguments are supported:
 
 * `application_id` - (Required) The application ID.
 * `enabled` - (Optional) Whether the channel is enabled or disabled. Defaults to `true`.
+* `configuration_set` - (Optional) The ARN of the Amazon SES configuration set that you want to apply to messages that you send through the channel.
 * `from_address` - (Required) The email address used to send emails from.
 * `identity` - (Required) The ARN of an identity verified with SES.
 * `role_arn` - (Required) The ARN of an IAM Role used to submit events to Mobile Analytics' event ingestion service.