happyDomain/emails.go

212 lines
6.4 KiB
Go

package main
import (
"fmt"
"io"
"log"
"github.com/pulumi/pulumi-oci/sdk/go/oci/email"
"github.com/pulumi/pulumi-oci/sdk/go/oci/identity"
"github.com/pulumi/pulumi-oci/sdk/go/oci/logging"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
)
func setupEmails(ctx *pulumi.Context, ocicfg *config.Config, compartment *identity.Compartment) (io.Reader, *identity.SmtpCredential, error) {
// Configure domain for email delivery
email_domain, err := email.NewEmailDomain(ctx, "happyDomain-domain", &email.EmailDomainArgs{
CompartmentId: compartment.ID(),
Name: pulumi.String("happydomain.org"),
})
if err != nil {
return nil, nil, err
}
loggroup, err := logging.NewLogGroup(ctx, "happyDomain-email-loggroup", &logging.LogGroupArgs{
CompartmentId: compartment.ID(),
DisplayName: pulumi.String("email-log-group"),
Description: pulumi.String("email log group"),
})
if err != nil {
return nil, nil, err
}
_, err = logging.NewLog(ctx, "happyDomain-relayed-email-logging", &logging.LogArgs{
DisplayName: pulumi.String("relayed-email-logging"),
LogGroupId: loggroup.ID(),
LogType: pulumi.String("SERVICE"),
Configuration: &logging.LogConfigurationArgs{
Source: &logging.LogConfigurationSourceArgs{
Category: pulumi.String("outboundrelayed"),
Resource: email_domain.ID(),
Service: pulumi.String("emaildelivery"),
SourceType: pulumi.String("OCISERVICE"),
},
CompartmentId: compartment.ID(),
},
RetentionDuration: pulumi.Int(30),
})
if err != nil {
return nil, nil, err
}
_, err = logging.NewLog(ctx, "happyDomain-accepted-email-logging", &logging.LogArgs{
DisplayName: pulumi.String("accepted-email-logging"),
LogGroupId: loggroup.ID(),
LogType: pulumi.String("SERVICE"),
Configuration: &logging.LogConfigurationArgs{
Source: &logging.LogConfigurationSourceArgs{
Category: pulumi.String("outboundaccepted"),
Resource: email_domain.ID(),
Service: pulumi.String("emaildelivery"),
SourceType: pulumi.String("OCISERVICE"),
},
CompartmentId: compartment.ID(),
},
RetentionDuration: pulumi.Int(30),
})
if err != nil {
return nil, nil, err
}
// DKIM
dkim, err := email.NewDkim(ctx, "happyDomain-dkim", &email.DkimArgs{
EmailDomainId: email_domain.ID(),
})
if err != nil {
return nil, nil, err
}
// Export the infos
ctx.Export("dkim-domain-to-add", dkim.DnsSubdomainName)
ctx.Export("dkim-domain-cname-to", dkim.CnameRecordValue)
// Approved senders
_, err = email.NewSender(ctx, "happyDomain-sender1", &email.SenderArgs{
CompartmentId: compartment.ID(),
EmailAddress: pulumi.String("contact@happydomain.org"),
})
if err != nil {
return nil, nil, err
}
_, err = email.NewSender(ctx, "happyDomain-sender-bis", &email.SenderArgs{
CompartmentId: compartment.ID(),
EmailAddress: pulumi.String("no-reply@happydomain.org"),
})
if err != nil {
return nil, nil, err
}
_, err = email.NewSender(ctx, "happyDomain-sender-ter", &email.SenderArgs{
CompartmentId: compartment.ID(),
EmailAddress: pulumi.String("noreply@happydomain.org"),
})
if err != nil {
return nil, nil, err
}
// Identity for mail sender
user, err := identity.NewUser(ctx, "happyDomain-smtp-user", &identity.UserArgs{
CompartmentId: ocicfg.RequireSecret("tenancyOcid"),
Description: pulumi.String("SMTP user for happyDomain"),
Name: pulumi.String("happyDomain"),
Email: pulumi.String("postmaster+smtp@happydomain.org"),
})
if err != nil {
return nil, nil, err
}
_, err = identity.NewUserCapabilitiesManagement(ctx, "happyDomain-smtp-user-caps", &identity.UserCapabilitiesManagementArgs{
UserId: user.ID(),
CanUseApiKeys: pulumi.Bool(true),
CanUseAuthTokens: pulumi.Bool(false),
CanUseConsolePassword: pulumi.Bool(false),
CanUseCustomerSecretKeys: pulumi.Bool(false),
CanUseSmtpCredentials: pulumi.Bool(true),
})
if err != nil {
return nil, nil, err
}
// Create groups
smtpGroup, err := identity.NewGroup(ctx, "happyDomain-smtp-group", &identity.GroupArgs{
Name: pulumi.String("SMTP"),
Description: pulumi.String("Users that can send emails and manage suppression list"),
})
if err != nil {
return nil, nil, err
}
// Add users to groups
_, err = identity.NewUserGroupMembership(ctx, "listmonk-smtp-membership", &identity.UserGroupMembershipArgs{
GroupId: smtpGroup.ID(),
UserId: user.ID(),
})
if err != nil {
return nil, nil, err
}
// Define policy for the group
compartment.Name.ApplyT(func(compartmentName string) string {
compartment.CompartmentId.ApplyT(func(compartmentId string) (string, error) {
var statements pulumi.StringArray
statements = append(statements, pulumi.String(fmt.Sprintf("Allow group 'Default'/'SMTP' to use email-family in compartment %s", compartmentName)))
statements = append(statements, pulumi.String("Allow group 'Default'/'SMTP' to manage suppressions in tenancy"))
_, err := identity.NewPolicy(ctx, "happyDomain-listmonk-send-mail", &identity.PolicyArgs{
CompartmentId: pulumi.String(compartmentId),
Name: pulumi.String("happyDomain-listmonk-send-mail"),
Description: pulumi.String("let listmonk send mail"),
Statements: statements,
})
if err != nil {
log.Println(err.Error())
return "", err
}
return "", err
})
return ""
})
// Create SMTP credentials
creds, err := identity.NewSmtpCredential(ctx, "happyDomain-smtp-user-credentials", &identity.SmtpCredentialArgs{
Description: pulumi.String("HAPPYDOMAIN SMTP credentials"),
UserId: user.ID(),
})
if err != nil {
return nil, nil, err
}
// Create API key
pemprvkey, pempubkey, err := generateOrRetrieveRSAKeys("happyDomain-smtp", 2048)
if err != nil {
return nil, nil, err
}
_, err = identity.NewApiKey(ctx, "happyDomain-smtp-user-apikey", &identity.ApiKeyArgs{
KeyValue: pulumi.String(string(pempubkey)),
UserId: user.ID(),
})
if err != nil {
return nil, nil, err
}
// Export SMTP password
ctx.Export("smtp-username", creds.Username)
ctx.Export("smtp-password", creds.Password)
// Configure RP
_, err = email.NewEmailReturnPath(ctx, "happyDomain-rp", &email.EmailReturnPathArgs{
ParentResourceId: email_domain.ID(),
Name: pulumi.String(ocicfg.Require("region") + ".rp.happydomain.org"),
Description: pulumi.String("ReturnPath for happydomain.org"),
})
if err != nil {
log.Println(err.Error())
return nil, nil, err
}
return pemprvkey, creds, nil
}