New Resource: aws_ses_domain_identity_verification

[vexingcodes]

Description

This PR introduces a new resource that ensures a domain identity in SES has passed verification. This can be used to create SES domain identities in a fully automated fashion as described in the documentation updates. This resource is quite similar to aws_acm_certificate_validation.

Since this requires modification of records in Route 53 corresponding to a real domain, a new environment variable SES_DOMAIN_IDENTITY_ROOT_DOMAIN has been introduced for the acceptance tests to specify the domain against which the records should be created. If the environment variable is not specified the acceptance test will be skipped with a warning. The basic acceptance test relies on propagation of DNS records, so it can take quite a while to complete.

Test Results

TF_ACC=1 go test ./aws -v -run=TestAccAwsSesDomainIdentityVerification_ -timeout 120m
=== RUN   TestAccAwsSesDomainIdentityVerification_basic
--- PASS: TestAccAwsSesDomainIdentityVerification_basic (550.43s)
=== RUN   TestAccAwsSesDomainIdentityVerification_timeout
--- PASS: TestAccAwsSesDomainIdentityVerification_timeout (12.41s)
=== RUN   TestAccAwsSesDomainIdentityVerification_nonexistent
--- PASS: TestAccAwsSesDomainIdentityVerification_nonexistent (3.71s)
PASS
ok      github.com/terraform-providers/terraform-provider-aws/aws       566.569s

I built the documentation and it looks good to me.

[bflad]

Hi @vexingcodes 👋 Thanks for this contribution! It looks like its in pretty good shape. I'll need to manually verify it and can fix the relatively minor items below on merge. More soon.

[bflad]

This construct is a little awkward to read. While it most likely works as intended, it'd be clearer to return nil out of the retry function, then call these "normally":

err := resource.Retry//...
  //...
  return nil
}
if err != nil {
  return err
}

log.Printf("[INFO] Domain verification successful for %s", domainName)
d.SetId(domainName)
return resourceAwsSesDomainIdentityVerificationRead(d, meta)

[bflad]

To prevent a panic in the scenario that att.VerificationStatus is nil, we should wrap this in aws.StringValue(att.VerificationStatus)

[bflad]

d.SetId("") is unnecessary in delete functions 👍 (see also #4191)

[bflad]

Since we need to wire this to an existing public Route53 zone that is tied to an actual registrar with the correct NS records, this should be the data source instead of the resource. 👍

[bflad]

Nitpick: usually the Example Usage is above the arguments (one day we'll have automated documentation 😄 )

[bflad]

Verified! 🚀 Great job!

make testacc TEST=./aws TESTARGS='-run=TestAccAwsSesDomainIdentityVerification'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -run=TestAccAwsSesDomainIdentityVerification -timeout 120m
=== RUN   TestAccAwsSesDomainIdentityVerification_basic
--- PASS: TestAccAwsSesDomainIdentityVerification_basic (119.20s)
=== RUN   TestAccAwsSesDomainIdentityVerification_timeout
--- PASS: TestAccAwsSesDomainIdentityVerification_timeout (9.45s)
=== RUN   TestAccAwsSesDomainIdentityVerification_nonexistent
--- PASS: TestAccAwsSesDomainIdentityVerification_nonexistent (1.77s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	130.459s

[bflad]

This has been released in version 1.15.0 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!