package main import ( "fmt" "io" "log" "github.com/pulumi/pulumi-oci/sdk/go/oci/email" "github.com/pulumi/pulumi-oci/sdk/go/oci/identity" "github.com/pulumi/pulumi-oci/sdk/go/oci/logging" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" "github.com/pulumi/pulumi/sdk/v3/go/pulumi/config" ) func setupEmails(ctx *pulumi.Context, ocicfg *config.Config, compartment *identity.Compartment) (io.Reader, *identity.SmtpCredential, error) { // Configure domain for email delivery email_domain, err := email.NewEmailDomain(ctx, "happyDomain-domain", &email.EmailDomainArgs{ CompartmentId: compartment.ID(), Name: pulumi.String("happydomain.org"), }) if err != nil { return nil, nil, err } loggroup, err := logging.NewLogGroup(ctx, "happyDomain-email-loggroup", &logging.LogGroupArgs{ CompartmentId: compartment.ID(), DisplayName: pulumi.String("email-log-group"), Description: pulumi.String("email log group"), }) if err != nil { return nil, nil, err } _, err = logging.NewLog(ctx, "happyDomain-relayed-email-logging", &logging.LogArgs{ DisplayName: pulumi.String("relayed-email-logging"), LogGroupId: loggroup.ID(), LogType: pulumi.String("SERVICE"), Configuration: &logging.LogConfigurationArgs{ Source: &logging.LogConfigurationSourceArgs{ Category: pulumi.String("outboundrelayed"), Resource: email_domain.ID(), Service: pulumi.String("emaildelivery"), SourceType: pulumi.String("OCISERVICE"), }, CompartmentId: compartment.ID(), }, RetentionDuration: pulumi.Int(30), }) if err != nil { return nil, nil, err } _, err = logging.NewLog(ctx, "happyDomain-accepted-email-logging", &logging.LogArgs{ DisplayName: pulumi.String("accepted-email-logging"), LogGroupId: loggroup.ID(), LogType: pulumi.String("SERVICE"), Configuration: &logging.LogConfigurationArgs{ Source: &logging.LogConfigurationSourceArgs{ Category: pulumi.String("outboundaccepted"), Resource: email_domain.ID(), Service: pulumi.String("emaildelivery"), SourceType: pulumi.String("OCISERVICE"), }, CompartmentId: compartment.ID(), }, RetentionDuration: pulumi.Int(30), }) if err != nil { return nil, nil, err } // DKIM dkim, err := email.NewDkim(ctx, "happyDomain-dkim", &email.DkimArgs{ EmailDomainId: email_domain.ID(), }) if err != nil { return nil, nil, err } // Export the infos ctx.Export("dkim-domain-to-add", dkim.DnsSubdomainName) ctx.Export("dkim-domain-cname-to", dkim.CnameRecordValue) // Approved senders _, err = email.NewSender(ctx, "happyDomain-sender1", &email.SenderArgs{ CompartmentId: compartment.ID(), EmailAddress: pulumi.String("contact@happydomain.org"), }) if err != nil { return nil, nil, err } _, err = email.NewSender(ctx, "happyDomain-sender-bis", &email.SenderArgs{ CompartmentId: compartment.ID(), EmailAddress: pulumi.String("no-reply@happydomain.org"), }) if err != nil { return nil, nil, err } _, err = email.NewSender(ctx, "happyDomain-sender-ter", &email.SenderArgs{ CompartmentId: compartment.ID(), EmailAddress: pulumi.String("noreply@happydomain.org"), }) if err != nil { return nil, nil, err } // Identity for mail sender user, err := identity.NewUser(ctx, "happyDomain-smtp-user", &identity.UserArgs{ CompartmentId: ocicfg.RequireSecret("tenancyOcid"), Description: pulumi.String("SMTP user for happyDomain"), Name: pulumi.String("happyDomain"), Email: pulumi.String("postmaster+smtp@happydomain.org"), }) if err != nil { return nil, nil, err } _, err = identity.NewUserCapabilitiesManagement(ctx, "happyDomain-smtp-user-caps", &identity.UserCapabilitiesManagementArgs{ UserId: user.ID(), CanUseApiKeys: pulumi.Bool(true), CanUseAuthTokens: pulumi.Bool(false), CanUseConsolePassword: pulumi.Bool(false), CanUseCustomerSecretKeys: pulumi.Bool(false), CanUseSmtpCredentials: pulumi.Bool(true), }) if err != nil { return nil, nil, err } // Create groups smtpGroup, err := identity.NewGroup(ctx, "happyDomain-smtp-group", &identity.GroupArgs{ Name: pulumi.String("SMTP"), Description: pulumi.String("Users that can send emails and manage suppression list"), }) if err != nil { return nil, nil, err } // Add users to groups _, err = identity.NewUserGroupMembership(ctx, "listmonk-smtp-membership", &identity.UserGroupMembershipArgs{ GroupId: smtpGroup.ID(), UserId: user.ID(), }) if err != nil { return nil, nil, err } // Define policy for the group compartment.Name.ApplyT(func(compartmentName string) string { compartment.CompartmentId.ApplyT(func(compartmentId string) (string, error) { var statements pulumi.StringArray statements = append(statements, pulumi.String(fmt.Sprintf("Allow group 'Default'/'SMTP' to use email-family in compartment %s", compartmentName))) statements = append(statements, pulumi.String("Allow group 'Default'/'SMTP' to manage suppressions in tenancy")) _, err := identity.NewPolicy(ctx, "happyDomain-listmonk-send-mail", &identity.PolicyArgs{ CompartmentId: pulumi.String(compartmentId), Name: pulumi.String("happyDomain-listmonk-send-mail"), Description: pulumi.String("let listmonk send mail"), Statements: statements, }) if err != nil { log.Println(err.Error()) return "", err } return "", err }) return "" }) // Create SMTP credentials creds, err := identity.NewSmtpCredential(ctx, "happyDomain-smtp-user-credentials", &identity.SmtpCredentialArgs{ Description: pulumi.String("HAPPYDOMAIN SMTP credentials"), UserId: user.ID(), }) if err != nil { return nil, nil, err } // Create API key pemprvkey, pempubkey, err := generateOrRetrieveRSAKeys("happyDomain-smtp", 2048) if err != nil { return nil, nil, err } _, err = identity.NewApiKey(ctx, "happyDomain-smtp-user-apikey", &identity.ApiKeyArgs{ KeyValue: pulumi.String(string(pempubkey)), UserId: user.ID(), }) if err != nil { return nil, nil, err } // Export SMTP password ctx.Export("smtp-username", creds.Username) ctx.Export("smtp-password", creds.Password) // Configure RP _, err = email.NewEmailReturnPath(ctx, "happyDomain-rp", &email.EmailReturnPathArgs{ ParentResourceId: email_domain.ID(), Name: pulumi.String(ocicfg.Require("region") + ".rp.happydomain.org"), Description: pulumi.String("ReturnPath for happydomain.org"), }) if err != nil { log.Println(err.Error()) return nil, nil, err } return pemprvkey, creds, nil }