provider/aws: Implement aws_ses_domain_identity #13098
Conversation
dougneal
force-pushed
the
enh-aws_ses_domain_identity
branch
2 times, most recently
from
ce287f3 to
6997ddc
Compare
dougneal
changed the title
dougneal
force-pushed
the
enh-aws_ses_domain_identity
branch
from
6997ddc to
9852daf
Compare
|
Build failure appears to be caused by unrelated code. |
|
|
||
| const testAccAwsSESDomainIdentityConfig = ` | ||
| resource "aws_ses_domain_identity" "test" { | ||
| domain = "example.com" |
There was a problem hiding this comment.
Would you mind randomizing this domain, so that we can safely run this test multiple times in parallel?
Have a look at how we do it in other tests, e.g. here
I think for the purpose of this test it doesn't matter if we're ever going to be able to finish the verification process (i.e. own the domain or manage DNS for it), so I'd go for something like %d.terraformtesting.com.
| } | ||
|
|
||
| verificationAttrs := response.VerificationAttributes[domainName] | ||
| if verificationAttrs == nil { |
There was a problem hiding this comment.
I think more idiomatic way to check the existence of a key in a map would be something like
verificationAttrs, ok := response.VerificationAttributes[domainName]
if !ok {|
|
||
| # aws\_ses\_domain_identity | ||
|
|
||
| Provides an SES domain identity resource |
There was a problem hiding this comment.
Would you mind attaching some links and/or details about what steps are expected from the user to actually finish the verification of the domain? What do you think about adding a Route53 DNS record to the example + mentioning the WHOIS records need to point to the zone, or eventually delegate to it? It may sound like an obvious thing, but I think it's good to explain to what extent do we automate this process and help the user along the way.
http://docs.aws.amazon.com/ses/latest/DeveloperGuide/dns-txt-records.html
| will signal to SES that the owner of the domain has authorised SES to act on | ||
| their behalf. The domain identity will be in state "verification pending" | ||
| until this is done. Find out more about verifying domains in Amazon SES in | ||
| the [AWS SES docs](http://docs.aws.amazon.com/ses/latest/DeveloperGuide/verify-domains.html). |
There was a problem hiding this comment.
Oh, I see, you have the explanation here actually, that's good 👍 but I still think we should include an example of a DNS record, like Route53 record.
radeksimko
added
new-resource
provider/aws
waiting-response
dougneal
force-pushed
the
enh-aws_ses_domain_identity
branch
from
9852daf to
43dc3d4
Compare
|
Thanks for the feedback @radeksimko, I've addressed all points. I reordered the documentation slightly to put the example at the end including a Route 53 resource to add the verification token. |
| _, ok := err.(awserr.Error) | ||
| if !ok { | ||
| return err | ||
| } |
There was a problem hiding this comment.
Probably a nitpick, but these 4 line of code are redundant since we always return from any error above (which is the right thing to do btw. as there's nothing like NotFound error in SES API). Would you mind removing these - just to avoid confusions?
There was a problem hiding this comment.
Sure. I actually lifted most of the code from here so there is probably some further cleanup to be done across the SES code...
There was a problem hiding this comment.
Good catch, I think that is slightly different situation as you may get errors, but we should be scoping it down to specific error code(s): http://docs.aws.amazon.com/ses/latest/APIReference/API_DescribeReceiptRule.html#API_DescribeReceiptRule_Errors
| return nil | ||
| } | ||
|
|
||
| d.Set("verification_token", *verificationAttrs.VerificationToken) |
There was a problem hiding this comment.
I'm not sure why I didn't notice this one before 🙀 , but we tend to avoid pointer dereferencing in Set() - the function has a built-in functionality to do this safely for all primitive data types and we have been bitten many times in the past by doing this in the resource code.
The API (for any weird reason) may not return the token here, in which case we'd be dereferencing pointer to nil which would in turn cause crash.
There was a problem hiding this comment.
Cool, so should I just pass the pointer in?
dougneal
force-pushed
the
enh-aws_ses_domain_identity
branch
from
43dc3d4 to
de30c25
Compare
Provide a resource to manage domain identities in SES. Exports the verification_code attribute which can be used to add the TXT record to the domain to complete the domain verification.
Provide documentation for the new resource type.
dougneal
force-pushed
the
enh-aws_ses_domain_identity
branch
from
de30c25 to
68f9884
Compare
|
All done! |
radeksimko
removed
the
waiting-response
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
ghost
locked and limited conversation to collaborators
Adding the capability to add domain identities to Amazon SES and capture the domain verification code.
Tasks:
Should (partially) satisfy #11232.