-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for SES MAIL FROM #2029
Conversation
@Ninir @radeksimko Is there anything that needs to be done to push this across the finish line? |
If this needs anything else done I'm willing to take it on. |
I'll be taking a look at this later today. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for this contribution! 😄 I think this is off to a great start! I left some comments below. Can you please look through them and let me know if you have any questions or if you do not have time to implement them? Thanks!
"mail_from_domain": { | ||
Type: schema.TypeString, | ||
Required: true, | ||
ForceNew: true, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should not need ForceNew: true
here since be able to support updates by calling SetIdentityMailFromDomain
just like create. 😄
mailFromDomain := d.Get("mail_from_domain").(string) | ||
|
||
createOpts := &ses.SetIdentityMailFromDomainInput{ | ||
BehaviorOnMXFailure: aws.String("UseDefaultValue"), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Two things here:
- Nitpick: SDK has a constant available
ses.BehaviorOnMXFailureUseDefaultValue
- Seems easy enough to support this as an optional attribute, that defaults to this
log.Printf("[WARN] Error fetching MAIL FROM domain attributes for %s: %s", d.Id(), err) | ||
return err | ||
} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should really be resetting the mail_from_domain
attribute in the Terraform state each read to catch drift from the Terraform configuration, e.g.
out, err := conn.GetIdentityMailFromDomainAttributes(readOpts)
if err != nil {
log.Printf("[WARN] Error fetching MAIL FROM domain attributes for %s: %s", d.Id(), err)
return err
}
if v, ok := out.MailFromDomainAttributes[domainName]; ok {
d.Set("mail_from_domain", v.MailFromDomain)
} else {
d.Set("mail_from_domain", "")
}
domainName := d.Get("domain").(string) | ||
|
||
deleteOpts := &ses.SetIdentityMailFromDomainInput{ | ||
BehaviorOnMXFailure: aws.String("UseDefaultValue"), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nitpick: this parameter is not required here
func resourceAwsSesDomainMailFromDelete(d *schema.ResourceData, meta interface{}) error { | ||
conn := meta.(*AWSClient).sesConn | ||
|
||
domainName := d.Get("domain").(string) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nitpick: We should use d.Id()
"%s.terraformtesting.com", | ||
acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum)) | ||
|
||
resource.Test(t, resource.TestCase{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you please implement a CheckDestroy:
function for the TestCase
? This is one final check in our acceptance tests to verify that the delete/destroy actually did what it was supposed to in AWS. e.g.
func testAccCheckSESDomainMailFromDestroy(s *terraform.State) error {
conn := testAccProvider.Meta().(*AWSClient).sesConn
for _, rs := range s.RootModule().Resources {
if rs.Type != "aws_ses_domain_mail_from" {
continue
}
input := &ses.GetIdentityMailFromDomainAttributesInput{
Identities: []*string{aws.String(rs.Primary.ID)},
}
out, err := conn.GetIdentityMailFromDomainAttributes(input)
if err != nil {
return fmt.Errorf("error fetching MAIL FROM domain attributes: %s", err)
}
if v, ok := out.MailFromDomainAttributes[domainName]; ok && len(v.MailFromDomain) > 0 {
return fmt.Errorf("MAIL FROM domain was not removed, found: %s", v.MailFromDomain)
}
}
return nil
}
Provides an SES domain MAIL FROM resource | ||
--- | ||
|
||
# aws\_ses\_domain\_dkim |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Copypasta 🍝 : should be aws_ses_domain_mail_from
(backslashes are no longer required in the documentation)
|
||
* (Optionally) If you want your emails to pass SPF checks, you must publish an SPF record to the DNS server of the custom MAIL FROM domain. | ||
|
||
## Example Usage |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nitpick: We generally keep the example usage above arguments.
} | ||
|
||
resource "aws_route53_record" "example_amazonses_mail_from_mx_record" { | ||
zone_id = "ABCDEFGHIJ123" # Change to appropriate Route53 Zone ID |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Feel free to point these at a "fake" resource to encourage proper references, e.g. ${aws_route53_zone.example.id}
|
||
resource "aws_route53_record" "example_amazonses_mail_from_mx_record" { | ||
zone_id = "ABCDEFGHIJ123" # Change to appropriate Route53 Zone ID | ||
name = "bounce.example.com" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nitpick: I think we should cross-reference either the ${aws_ses_domain_mail_from.example.mail_from_domain}
here or ${aws_route53_record. example_amazonses_mail_from_mx_record.name}
in aws_ses_domain_mail_from
to better show the linkage between the two
{ | ||
Config: fmt.Sprintf(testAccAwsSESDomainMailFromConfig, domain), | ||
Check: resource.ComposeTestCheckFunc( | ||
testAccCheckAwsSESDomainMailFromExists("aws_ses_domain_mail_from.test"), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry I forgot to mention in the initial review -- we should verify the attributes are set correctly in the Terraform state as well 👍 e.g.
resource.TestCheckResourceAttr("aws_ses_domain_mail_from.test", "domain", domain),
resource.TestCheckResourceAttr("aws_ses_domain_mail_from.test", "mail_from_domain", fmt.Sprintf("bounce.%s", domain)),
Not a problem, I can add a review commit to yours and get this in for you. Thanks so much for your initial work here, very appreciated! |
…llow updates, augment testing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ready to go with configurable behavior_on_mx_failure
attribute, support for updates, and some additional testing! 🚀
make testacc TEST=./aws TESTARGS='-run=TestAccAwsSESDomainMailFrom'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -run=TestAccAwsSESDomainMailFrom -timeout 120m
=== RUN TestAccAwsSESDomainMailFrom_basic
--- PASS: TestAccAwsSESDomainMailFrom_basic (22.36s)
=== RUN TestAccAwsSESDomainMailFrom_behaviorOnMxFailure
--- PASS: TestAccAwsSESDomainMailFrom_behaviorOnMxFailure (22.57s)
PASS
ok github.com/terraform-providers/terraform-provider-aws/aws 44.985s
This has been released in version 1.10.0 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
https://docs.aws.amazon.com/ses/latest/DeveloperGuide/mail-from-set.html
Would be the last missing piece after #1347