212 lines
6.4 KiB
Go
212 lines
6.4 KiB
Go
package main
|
|
|
|
import (
|
|
"fmt"
|
|
"io"
|
|
"log"
|
|
|
|
"github.com/pulumi/pulumi-oci/sdk/go/oci/email"
|
|
"github.com/pulumi/pulumi-oci/sdk/go/oci/identity"
|
|
"github.com/pulumi/pulumi-oci/sdk/go/oci/logging"
|
|
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
|
|
"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
|
|
)
|
|
|
|
func setupEmails(ctx *pulumi.Context, ocicfg *config.Config, compartment *identity.Compartment) (io.Reader, *identity.SmtpCredential, error) {
|
|
// Configure domain for email delivery
|
|
email_domain, err := email.NewEmailDomain(ctx, "happyDomain-domain", &email.EmailDomainArgs{
|
|
CompartmentId: compartment.ID(),
|
|
Name: pulumi.String("happydomain.org"),
|
|
})
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
|
|
loggroup, err := logging.NewLogGroup(ctx, "happyDomain-email-loggroup", &logging.LogGroupArgs{
|
|
CompartmentId: compartment.ID(),
|
|
DisplayName: pulumi.String("email-log-group"),
|
|
Description: pulumi.String("email log group"),
|
|
})
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
|
|
_, err = logging.NewLog(ctx, "happyDomain-relayed-email-logging", &logging.LogArgs{
|
|
DisplayName: pulumi.String("relayed-email-logging"),
|
|
LogGroupId: loggroup.ID(),
|
|
LogType: pulumi.String("SERVICE"),
|
|
Configuration: &logging.LogConfigurationArgs{
|
|
Source: &logging.LogConfigurationSourceArgs{
|
|
Category: pulumi.String("outboundrelayed"),
|
|
Resource: email_domain.ID(),
|
|
Service: pulumi.String("emaildelivery"),
|
|
SourceType: pulumi.String("OCISERVICE"),
|
|
},
|
|
CompartmentId: compartment.ID(),
|
|
},
|
|
RetentionDuration: pulumi.Int(30),
|
|
})
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
|
|
_, err = logging.NewLog(ctx, "happyDomain-accepted-email-logging", &logging.LogArgs{
|
|
DisplayName: pulumi.String("accepted-email-logging"),
|
|
LogGroupId: loggroup.ID(),
|
|
LogType: pulumi.String("SERVICE"),
|
|
Configuration: &logging.LogConfigurationArgs{
|
|
Source: &logging.LogConfigurationSourceArgs{
|
|
Category: pulumi.String("outboundaccepted"),
|
|
Resource: email_domain.ID(),
|
|
Service: pulumi.String("emaildelivery"),
|
|
SourceType: pulumi.String("OCISERVICE"),
|
|
},
|
|
CompartmentId: compartment.ID(),
|
|
},
|
|
RetentionDuration: pulumi.Int(30),
|
|
})
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
|
|
// DKIM
|
|
dkim, err := email.NewDkim(ctx, "happyDomain-dkim", &email.DkimArgs{
|
|
EmailDomainId: email_domain.ID(),
|
|
})
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
|
|
// Export the infos
|
|
ctx.Export("dkim-domain-to-add", dkim.DnsSubdomainName)
|
|
ctx.Export("dkim-domain-cname-to", dkim.CnameRecordValue)
|
|
|
|
// Approved senders
|
|
_, err = email.NewSender(ctx, "happyDomain-sender1", &email.SenderArgs{
|
|
CompartmentId: compartment.ID(),
|
|
EmailAddress: pulumi.String("contact@happydomain.org"),
|
|
})
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
|
|
_, err = email.NewSender(ctx, "happyDomain-sender-bis", &email.SenderArgs{
|
|
CompartmentId: compartment.ID(),
|
|
EmailAddress: pulumi.String("no-reply@happydomain.org"),
|
|
})
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
|
|
_, err = email.NewSender(ctx, "happyDomain-sender-ter", &email.SenderArgs{
|
|
CompartmentId: compartment.ID(),
|
|
EmailAddress: pulumi.String("noreply@happydomain.org"),
|
|
})
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
|
|
// Identity for mail sender
|
|
user, err := identity.NewUser(ctx, "happyDomain-smtp-user", &identity.UserArgs{
|
|
CompartmentId: ocicfg.RequireSecret("tenancyOcid"),
|
|
Description: pulumi.String("SMTP user for happyDomain"),
|
|
Name: pulumi.String("happyDomain"),
|
|
Email: pulumi.String("postmaster+smtp@happydomain.org"),
|
|
})
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
|
|
_, err = identity.NewUserCapabilitiesManagement(ctx, "happyDomain-smtp-user-caps", &identity.UserCapabilitiesManagementArgs{
|
|
UserId: user.ID(),
|
|
CanUseApiKeys: pulumi.Bool(true),
|
|
CanUseAuthTokens: pulumi.Bool(false),
|
|
CanUseConsolePassword: pulumi.Bool(false),
|
|
CanUseCustomerSecretKeys: pulumi.Bool(false),
|
|
CanUseSmtpCredentials: pulumi.Bool(true),
|
|
})
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
|
|
// Create groups
|
|
smtpGroup, err := identity.NewGroup(ctx, "happyDomain-smtp-group", &identity.GroupArgs{
|
|
Name: pulumi.String("SMTP"),
|
|
Description: pulumi.String("Users that can send emails and manage suppression list"),
|
|
})
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
|
|
// Add users to groups
|
|
_, err = identity.NewUserGroupMembership(ctx, "listmonk-smtp-membership", &identity.UserGroupMembershipArgs{
|
|
GroupId: smtpGroup.ID(),
|
|
UserId: user.ID(),
|
|
})
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
|
|
// Define policy for the group
|
|
compartment.Name.ApplyT(func(compartmentName string) string {
|
|
compartment.CompartmentId.ApplyT(func(compartmentId string) (string, error) {
|
|
var statements pulumi.StringArray
|
|
statements = append(statements, pulumi.String(fmt.Sprintf("Allow group 'Default'/'SMTP' to use email-family in compartment %s", compartmentName)))
|
|
statements = append(statements, pulumi.String("Allow group 'Default'/'SMTP' to manage suppressions in tenancy"))
|
|
|
|
_, err := identity.NewPolicy(ctx, "happyDomain-listmonk-send-mail", &identity.PolicyArgs{
|
|
CompartmentId: pulumi.String(compartmentId),
|
|
Name: pulumi.String("happyDomain-listmonk-send-mail"),
|
|
Description: pulumi.String("let listmonk send mail"),
|
|
Statements: statements,
|
|
})
|
|
if err != nil {
|
|
log.Println(err.Error())
|
|
return "", err
|
|
}
|
|
return "", err
|
|
})
|
|
return ""
|
|
})
|
|
|
|
// Create SMTP credentials
|
|
creds, err := identity.NewSmtpCredential(ctx, "happyDomain-smtp-user-credentials", &identity.SmtpCredentialArgs{
|
|
Description: pulumi.String("HAPPYDOMAIN SMTP credentials"),
|
|
UserId: user.ID(),
|
|
})
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
|
|
// Create API key
|
|
pemprvkey, pempubkey, err := generateOrRetrieveRSAKeys("happyDomain-smtp", 2048)
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
|
|
_, err = identity.NewApiKey(ctx, "happyDomain-smtp-user-apikey", &identity.ApiKeyArgs{
|
|
KeyValue: pulumi.String(string(pempubkey)),
|
|
UserId: user.ID(),
|
|
})
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
|
|
// Export SMTP password
|
|
ctx.Export("smtp-username", creds.Username)
|
|
ctx.Export("smtp-password", creds.Password)
|
|
|
|
// Configure RP
|
|
_, err = email.NewEmailReturnPath(ctx, "happyDomain-rp", &email.EmailReturnPathArgs{
|
|
ParentResourceId: email_domain.ID(),
|
|
Name: pulumi.String(ocicfg.Require("region") + ".rp.happydomain.org"),
|
|
Description: pulumi.String("ReturnPath for happydomain.org"),
|
|
})
|
|
if err != nil {
|
|
log.Println(err.Error())
|
|
return nil, nil, err
|
|
}
|
|
|
|
return pemprvkey, creds, nil
|
|
}
|