-
Notifications
You must be signed in to change notification settings - Fork 9.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New Resource: aws_ses_domain_identity_verification #4108
Conversation
Fix log messages by consistently using "verification" instead of "validation" for the aws_ses_domain_identity_verification resource.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @vexingcodes 👋 Thanks for this contribution! It looks like its in pretty good shape. I'll need to manually verify it and can fix the relatively minor items below on merge. More soon.
|
||
log.Printf("[INFO] Domain verification successful for %s", domainName) | ||
d.SetId(domainName) | ||
return resource.NonRetryableError(resourceAwsSesDomainIdentityVerificationRead(d, meta)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This construct is a little awkward to read. While it most likely works as intended, it'd be clearer to return nil
out of the retry function, then call these "normally":
err := resource.Retry//...
//...
return nil
}
if err != nil {
return err
}
log.Printf("[INFO] Domain verification successful for %s", domainName)
d.SetId(domainName)
return resourceAwsSesDomainIdentityVerificationRead(d, meta)
return resource.NonRetryableError(fmt.Errorf("SES Domain Identity %s not found in AWS", domainName)) | ||
} | ||
|
||
if *att.VerificationStatus != "Success" { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To prevent a panic in the scenario that att.VerificationStatus
is nil
, we should wrap this in aws.StringValue(att.VerificationStatus)
|
||
func resourceAwsSesDomainIdentityVerificationDelete(d *schema.ResourceData, meta interface{}) error { | ||
// No need to do anything, domain identity will be deleted when aws_ses_domain_identity is deleted | ||
d.SetId("") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
d.SetId("")
is unnecessary in delete functions 👍 (see also #4191)
|
||
func testAccAwsSesDomainIdentityVerification_basic(rootDomain string, domain string) string { | ||
return fmt.Sprintf(` | ||
resource "aws_route53_zone" "zone" { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since we need to wire this to an existing public Route53 zone that is tied to an actual registrar with the correct NS records, this should be the data source instead of the resource. 👍
|
||
- `create` - (Default `45m`) How long to wait for a domain identity to be verified. | ||
|
||
## Example Usage |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nitpick: usually the Example Usage is above the arguments (one day we'll have automated documentation 😄 )
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Verified! 🚀 Great job!
make testacc TEST=./aws TESTARGS='-run=TestAccAwsSesDomainIdentityVerification'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -run=TestAccAwsSesDomainIdentityVerification -timeout 120m
=== RUN TestAccAwsSesDomainIdentityVerification_basic
--- PASS: TestAccAwsSesDomainIdentityVerification_basic (119.20s)
=== RUN TestAccAwsSesDomainIdentityVerification_timeout
--- PASS: TestAccAwsSesDomainIdentityVerification_timeout (9.45s)
=== RUN TestAccAwsSesDomainIdentityVerification_nonexistent
--- PASS: TestAccAwsSesDomainIdentityVerification_nonexistent (1.77s)
PASS
ok github.com/terraform-providers/terraform-provider-aws/aws 130.459s
This has been released in version 1.15.0 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
Description
This PR introduces a new resource that ensures a domain identity in SES has passed verification. This can be used to create SES domain identities in a fully automated fashion as described in the documentation updates. This resource is quite similar to
aws_acm_certificate_validation
.Since this requires modification of records in Route 53 corresponding to a real domain, a new environment variable
SES_DOMAIN_IDENTITY_ROOT_DOMAIN
has been introduced for the acceptance tests to specify the domain against which the records should be created. If the environment variable is not specified the acceptance test will be skipped with a warning. The basic acceptance test relies on propagation of DNS records, so it can take quite a while to complete.Test Results
I built the documentation and it looks good to me.