Initial commit: handle email delivery
This commit is contained in:
commit
b45e29c278
8 changed files with 745 additions and 0 deletions
211
emails.go
Normal file
211
emails.go
Normal file
|
|
@ -0,0 +1,211 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"io"
|
||||
"log"
|
||||
|
||||
"github.com/pulumi/pulumi-oci/sdk/go/oci/email"
|
||||
"github.com/pulumi/pulumi-oci/sdk/go/oci/identity"
|
||||
"github.com/pulumi/pulumi-oci/sdk/go/oci/logging"
|
||||
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
|
||||
"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
|
||||
)
|
||||
|
||||
func setupEmails(ctx *pulumi.Context, ocicfg *config.Config, compartment *identity.Compartment) (io.Reader, *identity.SmtpCredential, error) {
|
||||
// Configure domain for email delivery
|
||||
email_domain, err := email.NewEmailDomain(ctx, "happyDomain-domain", &email.EmailDomainArgs{
|
||||
CompartmentId: compartment.ID(),
|
||||
Name: pulumi.String("happydomain.org"),
|
||||
})
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
|
||||
loggroup, err := logging.NewLogGroup(ctx, "happyDomain-email-loggroup", &logging.LogGroupArgs{
|
||||
CompartmentId: compartment.ID(),
|
||||
DisplayName: pulumi.String("email-log-group"),
|
||||
Description: pulumi.String("email log group"),
|
||||
})
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
|
||||
_, err = logging.NewLog(ctx, "happyDomain-relayed-email-logging", &logging.LogArgs{
|
||||
DisplayName: pulumi.String("relayed-email-logging"),
|
||||
LogGroupId: loggroup.ID(),
|
||||
LogType: pulumi.String("SERVICE"),
|
||||
Configuration: &logging.LogConfigurationArgs{
|
||||
Source: &logging.LogConfigurationSourceArgs{
|
||||
Category: pulumi.String("outboundrelayed"),
|
||||
Resource: email_domain.ID(),
|
||||
Service: pulumi.String("emaildelivery"),
|
||||
SourceType: pulumi.String("OCISERVICE"),
|
||||
},
|
||||
CompartmentId: compartment.ID(),
|
||||
},
|
||||
RetentionDuration: pulumi.Int(30),
|
||||
})
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
|
||||
_, err = logging.NewLog(ctx, "happyDomain-accepted-email-logging", &logging.LogArgs{
|
||||
DisplayName: pulumi.String("accepted-email-logging"),
|
||||
LogGroupId: loggroup.ID(),
|
||||
LogType: pulumi.String("SERVICE"),
|
||||
Configuration: &logging.LogConfigurationArgs{
|
||||
Source: &logging.LogConfigurationSourceArgs{
|
||||
Category: pulumi.String("outboundaccepted"),
|
||||
Resource: email_domain.ID(),
|
||||
Service: pulumi.String("emaildelivery"),
|
||||
SourceType: pulumi.String("OCISERVICE"),
|
||||
},
|
||||
CompartmentId: compartment.ID(),
|
||||
},
|
||||
RetentionDuration: pulumi.Int(30),
|
||||
})
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
|
||||
// DKIM
|
||||
dkim, err := email.NewDkim(ctx, "happyDomain-dkim", &email.DkimArgs{
|
||||
EmailDomainId: email_domain.ID(),
|
||||
})
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
|
||||
// Export the infos
|
||||
ctx.Export("dkim-domain-to-add", dkim.DnsSubdomainName)
|
||||
ctx.Export("dkim-domain-cname-to", dkim.CnameRecordValue)
|
||||
|
||||
// Approved senders
|
||||
_, err = email.NewSender(ctx, "happyDomain-sender1", &email.SenderArgs{
|
||||
CompartmentId: compartment.ID(),
|
||||
EmailAddress: pulumi.String("contact@happydomain.org"),
|
||||
})
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
|
||||
_, err = email.NewSender(ctx, "happyDomain-sender-bis", &email.SenderArgs{
|
||||
CompartmentId: compartment.ID(),
|
||||
EmailAddress: pulumi.String("no-reply@happydomain.org"),
|
||||
})
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
|
||||
_, err = email.NewSender(ctx, "happyDomain-sender-ter", &email.SenderArgs{
|
||||
CompartmentId: compartment.ID(),
|
||||
EmailAddress: pulumi.String("noreply@happydomain.org"),
|
||||
})
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
|
||||
// Identity for mail sender
|
||||
user, err := identity.NewUser(ctx, "happyDomain-smtp-user", &identity.UserArgs{
|
||||
CompartmentId: ocicfg.RequireSecret("tenancyOcid"),
|
||||
Description: pulumi.String("SMTP user for happyDomain"),
|
||||
Name: pulumi.String("happyDomain"),
|
||||
Email: pulumi.String("postmaster+smtp@happydomain.org"),
|
||||
})
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
|
||||
_, err = identity.NewUserCapabilitiesManagement(ctx, "happyDomain-smtp-user-caps", &identity.UserCapabilitiesManagementArgs{
|
||||
UserId: user.ID(),
|
||||
CanUseApiKeys: pulumi.Bool(true),
|
||||
CanUseAuthTokens: pulumi.Bool(false),
|
||||
CanUseConsolePassword: pulumi.Bool(false),
|
||||
CanUseCustomerSecretKeys: pulumi.Bool(false),
|
||||
CanUseSmtpCredentials: pulumi.Bool(true),
|
||||
})
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
|
||||
// Create groups
|
||||
smtpGroup, err := identity.NewGroup(ctx, "happyDomain-smtp-group", &identity.GroupArgs{
|
||||
Name: pulumi.String("SMTP"),
|
||||
Description: pulumi.String("Users that can send emails and manage suppression list"),
|
||||
})
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
|
||||
// Add users to groups
|
||||
_, err = identity.NewUserGroupMembership(ctx, "listmonk-smtp-membership", &identity.UserGroupMembershipArgs{
|
||||
GroupId: smtpGroup.ID(),
|
||||
UserId: user.ID(),
|
||||
})
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
|
||||
// Define policy for the group
|
||||
compartment.Name.ApplyT(func(compartmentName string) string {
|
||||
compartment.CompartmentId.ApplyT(func(compartmentId string) (string, error) {
|
||||
var statements pulumi.StringArray
|
||||
statements = append(statements, pulumi.String(fmt.Sprintf("Allow group 'Default'/'SMTP' to use email-family in compartment %s", compartmentName)))
|
||||
statements = append(statements, pulumi.String("Allow group 'Default'/'SMTP' to manage suppressions in tenancy"))
|
||||
|
||||
_, err := identity.NewPolicy(ctx, "happyDomain-listmonk-send-mail", &identity.PolicyArgs{
|
||||
CompartmentId: pulumi.String(compartmentId),
|
||||
Name: pulumi.String("happyDomain-listmonk-send-mail"),
|
||||
Description: pulumi.String("let listmonk send mail"),
|
||||
Statements: statements,
|
||||
})
|
||||
if err != nil {
|
||||
log.Println(err.Error())
|
||||
return "", err
|
||||
}
|
||||
return "", err
|
||||
})
|
||||
return ""
|
||||
})
|
||||
|
||||
// Create SMTP credentials
|
||||
creds, err := identity.NewSmtpCredential(ctx, "happyDomain-smtp-user-credentials", &identity.SmtpCredentialArgs{
|
||||
Description: pulumi.String("HAPPYDOMAIN SMTP credentials"),
|
||||
UserId: user.ID(),
|
||||
})
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
|
||||
// Create API key
|
||||
pemprvkey, pempubkey, err := generateOrRetrieveRSAKeys("happyDomain-smtp", 2048)
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
|
||||
_, err = identity.NewApiKey(ctx, "happyDomain-smtp-user-apikey", &identity.ApiKeyArgs{
|
||||
KeyValue: pulumi.String(string(pempubkey)),
|
||||
UserId: user.ID(),
|
||||
})
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
|
||||
// Export SMTP password
|
||||
ctx.Export("smtp-username", creds.Username)
|
||||
ctx.Export("smtp-password", creds.Password)
|
||||
|
||||
// Configure RP
|
||||
_, err = email.NewEmailReturnPath(ctx, "happyDomain-rp", &email.EmailReturnPathArgs{
|
||||
ParentResourceId: email_domain.ID(),
|
||||
Name: pulumi.String(ocicfg.Require("region") + ".rp.happydomain.org"),
|
||||
Description: pulumi.String("ReturnPath for happydomain.org"),
|
||||
})
|
||||
if err != nil {
|
||||
log.Println(err.Error())
|
||||
return nil, nil, err
|
||||
}
|
||||
|
||||
return pemprvkey, creds, nil
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue