cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

New aws_ses_identity module to manage AWS Simple Email Service Identity (#31140)

Browse source 
* Add aws_ses_identity module

* Update CI alias, add BotoCoreError exception handling.

* Add SES and SNS permissions to hacking/aws_config to run aws_ses_identity integration tests
This commit is contained in:
Ed Costello 2018-01-30 09:35:49 +13:00 committed by Sloane Hertel
parent bbdddffa1e
commit d16bc1c3f4
7 changed files with 916 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
hacking/aws_config/testing_policies/compute-policy.json
View file

@ -249,6 +249,37 @@
"Resource": [
"*"
]
},
{
"Sid": "AllowSESManagement",
"Effect": "Allow",
"Action": [
"ses:VerifyEmailIdentity",
"ses:DeleteIdentity",
"ses:GetIdentityVerificationAttributes",
"ses:GetIdentityNotificationAttributes",
"ses:VerifyDomainIdentity",
"ses:SetIdentityNotificationTopic",
"ses:SetIdentityHeadersInNotificationsEnabled",
"ses:SetIdentityFeedbackForwardingEnabled"
],
"Resource": [
"*"
]
},
{
"Sid": "AllowSNSManagement",
"Effect": "Allow",
"Action": [
"SNS:CreateTopic",
"SNS:DeleteTopic",
"SNS:ListTopics",
"SNS:GetTopicAttributes",
"SNS:ListSubscriptionsByTopic"
],
"Resource": [
"*"
]
}
]
}

448
lib/ansible/modules/cloud/amazon/aws_ses_identity.py Normal file
View file

@ -0,0 +1,448 @@
#!/usr/bin/python
# Copyright (c) 2017 Ansible Project
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
ANSIBLE_METADATA = {
'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'
}
DOCUMENTATION = '''
---
module: aws_ses_identity
short_description: Manages SES email and domain identity
description:
- This module allows the user to manage verified email and domain identity for SES.
- This covers verifying and removing identities as well as setting up complaint, bounce
and delivery notification settings.
version_added: "2.5"
author: Ed Costello (@orthanc)
options:
identity:
description:
- This is the email address or domain to verify / delete.
- If this contains an '@' then it will be considered an email. Otherwise it will be considered a domain.
required: true
state:
description: Whether to create(or update) or delete the identity.
default: present
choices: [ 'present', 'absent' ]
bounce_notifications:
description:
- Setup the SNS topic used to report bounce notifications.
- If omitted, bounce notifications will not be delivered to a SNS topic.
- If bounce notifications are not delivered to a SNS topic, I(feedback_forwarding) must be enabled.
suboptions:
topic:
description:
- The ARN of the topic to send notifications to.
- If omitted, notifications will not be delivered to a SNS topic.
include_headers:
description:
- Whether or not to include headers when delivering to the SNS topic.
- If I(topic) is not specified this will have no impact, but the SES setting is updated even if there is no topic.
type: bool
default: No
complaint_notifications:
description:
- Setup the SNS topic used to report complaint notifications.
- If omitted, complaint notifications will not be delivered to a SNS topic.
- If complaint notifications are not delivered to a SNS topic, I(feedback_forwarding) must be enabled.
suboptions:
topic:
description:
- The ARN of the topic to send notifications to.
- If omitted, notifications will not be delivered to a SNS topic.
include_headers:
description:
- Whether or not to include headers when delivering to the SNS topic.
- If I(topic) is not specified this will have no impact, but the SES setting is updated even if there is no topic.
type: bool
default: No
delivery_notifications:
description:
- Setup the SNS topic used to report delivery notifications.
- If omitted, delivery notifications will not be delivered to a SNS topic.
suboptions:
topic:
description:
- The ARN of the topic to send notifications to.
- If omitted, notifications will not be delivered to a SNS topic.
include_headers:
description:
- Whether or not to include headers when delivering to the SNS topic.
- If I(topic) is not specified this will have no impact, but the SES setting is updated even if there is no topic.
type: bool
default: No
feedback_forwarding:
description:
- Whether or not to enable feedback forwarding.
- This can only be false if both I(bounce_notifications) and I(complaint_notifications) specify SNS topics.
type: 'bool'
default: True
requirements: [ 'botocore', 'boto3' ]
extends_documentation_fragment:
- aws
- ec2
'''
EXAMPLES = '''
# Note: These examples do not set authentication details, see the AWS Guide for details.
- name: Ensure example@example.com email identity exists
aws_ses_identity:
identity: example@example.com
state: present
- name: Delete example@example.com email identity
aws_ses_identity:
email: example@example.com
state: absent
- name: Ensure example.com domain identity exists
aws_ses_identity:
identity: example.com
state: present
# Create an SNS topic and send bounce and complaint notifications to it
# instead of emailing the identity owner
- name: Ensure complaints-topic exists
sns_topic:
name: "complaints-topic"
state: present
purge_subscriptions: False
register: topic_info
- name: Deliver feedback to topic instead of owner email
ses_identity:
identity: example@example.com
state: present
complaint_notifications:
topic: "{{ topic_info.sns_arn }}"
include_headers: True
bounce_notifications:
topic: "{{ topic_info.sns_arn }}"
include_headers: False
feedback_forwarding: False
# Create an SNS topic for delivery notifications and leave complaints
# Being forwarded to the identity owner email
- name: Ensure delivery-notifications-topic exists
sns_topic:
name: "delivery-notifications-topic"
state: present
purge_subscriptions: False
register: topic_info
- name: Delivery notifications to topic
ses_identity:
identity: example@example.com
state: present
delivery_notifications:
topic: "{{ topic_info.sns_arn }}"
'''
RETURN = '''
identity:
description: The identity being modified.
returned: success
type: string
sample: example@example.com
identity_arn:
description: The arn of the identity being modified.
returned: success
type: string
sample: arn:aws:ses:us-east-1:12345678:identity/example@example.com
verification_attributes:
description: The verification information for the identity.
returned: success
type: complex
sample: {
"verification_status": "Pending",
"verification_token": "...."
}
contains:
verification_status:
description: The verification status of the identity.
type: string
sample: "Pending"
verification_token:
description: The verification token for a domain identity.
type: string
notification_attributes:
description: The notification setup for the identity.
returned: success
type: complex
sample: {
"bounce_topic": "arn:aws:sns:....",
"complaint_topic": "arn:aws:sns:....",
"delivery_topic": "arn:aws:sns:....",
"forwarding_enabled": false,
"headers_in_bounce_notifications_enabled": true,
"headers_in_complaint_notifications_enabled": true,
"headers_in_delivery_notifications_enabled": true
}
contains:
bounce_topic:
description:
- The ARN of the topic bounce notifications are delivered to.
- Omitted if bounce notifications are not delivered to a topic.
type: string
complaint_topic:
description:
- The ARN of the topic complaint notifications are delivered to.
- Omitted if complaint notifications are not delivered to a topic.
type: string
delivery_topic:
description:
- The ARN of the topic delivery notifications are delivered to.
- Omitted if delivery notifications are not delivered to a topic.
type: string
forwarding_enabled:
description: Whether or not feedback forwarding is enabled.
type: bool
headers_in_bounce_notifications_enabled:
description: Whether or not headers are included in messages delivered to the bounce topic.
type: bool
headers_in_complaint_notifications_enabled:
description: Whether or not headers are included in messages delivered to the complaint topic.
type: bool
headers_in_delivery_notifications_enabled:
description: Whether or not headers are included in messages delivered to the delivery topic.
type: bool
error:
description: The details of the error response from AWS.
returned: on client error from AWS
type: complex
sample: {
"code": "InvalidParameterValue",
"message": "Feedback notification topic is not set.",
"type": "Sender"
}
contains:
code:
description: The AWS error code.
type: string
message:
description: The AWS error message.
type: string
type:
description: The AWS error type.
type: string
'''
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ec2 import camel_dict_to_snake_dict, ec2_argument_spec, get_aws_connection_info, boto3_conn
from ansible.module_utils.ec2 import HAS_BOTO3
import traceback
try:
from botocore.exceptions import BotoCoreError, ClientError, ParamValidationError
except ImportError:
pass # caught by imported HAS_BOTO3
def call_and_handle_errors(module, method, **kwargs):
try:
return method(**kwargs)
except ClientError as e:
module.fail_json(msg=str(e), exception=traceback.format_exc(),
**camel_dict_to_snake_dict(e.response))
except BotoCoreError as e:
module.fail_json(msg=str(e), exception=traceback.format_exc())
def get_verification_attributes(connection, module, identity):
response = call_and_handle_errors(module, connection.get_identity_verification_attributes, Identities=[identity])
identity_verification = response['VerificationAttributes']
if identity not in identity_verification:
return None
return identity_verification[identity]
def get_identity_notifications(connection, module, identity):
response = call_and_handle_errors(module, connection.get_identity_notification_attributes, Identities=[identity])
notification_attributes = response['NotificationAttributes']
if identity not in notification_attributes:
return None
return notification_attributes[identity]
def update_notification_topic(connection, module, identity, identity_notifications, notification_type):
arg_dict = module.params.get(notification_type.lower() + '_notifications')
topic_key = notification_type + 'Topic'
if topic_key in identity_notifications:
current = identity_notifications[topic_key]
else:
current = None
if arg_dict is not None and 'topic' in arg_dict:
required = arg_dict['topic']
else:
required = None
if current != required:
call_and_handle_errors(
module,
connection.set_identity_notification_topic,
Identity=identity,
NotificationType=notification_type,
SnsTopic=required,
)
return True
return False
def update_notification_topic_headers(connection, module, identity, identity_notifications, notification_type):
arg_dict = module.params.get(notification_type.lower() + '_notifications')
header_key = 'HeadersIn' + notification_type + 'NotificationsEnabled'
if header_key in identity_notifications:
current = identity_notifications[header_key]
else:
current = False
if arg_dict is not None and 'include_headers' in arg_dict:
required = arg_dict['include_headers']
else:
required = False
if current != required:
call_and_handle_errors(
module,
connection.set_identity_headers_in_notifications_enabled,
Identity=identity,
NotificationType=notification_type,
Enabled=required,
)
return True
return False
def update_feedback_forwarding(connection, module, identity, identity_notifications):
if 'ForwardingEnabled' in identity_notifications:
current = identity_notifications['ForwardingEnabled']
else:
current = False
required = module.params.get('feedback_forwarding')
if current != required:
call_and_handle_errors(
module,
connection.set_identity_feedback_forwarding_enabled,
Identity=identity,
ForwardingEnabled=required,
)
return True
return False
def update_identity_notifications(connection, module):
identity = module.params.get('identity')
changed = False
identity_notifications = get_identity_notifications(connection, module, identity)
for notification_type in ('Bounce', 'Complaint', 'Delivery'):
changed |= update_notification_topic(connection, module, identity, identity_notifications, notification_type)
changed |= update_notification_topic_headers(connection, module, identity, identity_notifications, notification_type)
changed |= update_feedback_forwarding(connection, module, identity, identity_notifications)
if changed:
identity_notifications = get_identity_notifications(connection, module, identity)
return changed, identity_notifications
def create_or_update_identity(connection, module, region, account_id):
identity = module.params.get('identity')
changed = False
verification_attributes = get_verification_attributes(connection, module, identity)
if verification_attributes is None:
if '@' in identity:
call_and_handle_errors(module, connection.verify_email_identity, EmailAddress=identity)
else:
call_and_handle_errors(module, connection.verify_domain_identity, Domain=identity)
verification_attributes = get_verification_attributes(connection, module, identity)
changed = True
elif verification_attributes['VerificationStatus'] not in ('Pending', 'Success'):
module.fail_json(msg="Identity " + identity + " in bad status " + verification_attributes['VerificationStatus'],
verification_attributes=camel_dict_to_snake_dict(verification_attributes))
notifications_changed, notification_attributes = update_identity_notifications(connection, module)
changed |= notifications_changed
identity_arn = 'arn:aws:ses:' + region + ':' + account_id + ':identity/' + identity
module.exit_json(
changed=changed,
identity=identity,
identity_arn=identity_arn,
verification_attributes=camel_dict_to_snake_dict(verification_attributes),
notification_attributes=camel_dict_to_snake_dict(notification_attributes),
)
def destroy_identity(connection, module):
identity = module.params.get('identity')
changed = False
verification_attributes = get_verification_attributes(connection, module, identity)
if verification_attributes is not None:
call_and_handle_errors(module, connection.delete_identity, Identity=identity)
changed = True
module.exit_json(
changed=changed,
identity=identity,
)
def get_account_id(sts):
caller_identity = sts.get_caller_identity()
return caller_identity['Account']
def main():
argument_spec = ec2_argument_spec()
argument_spec.update(
dict(
identity=dict(required=True, type='str'),
state=dict(default='present', choices=['present', 'absent']),
bounce_notifications=dict(type='dict'),
complaint_notifications=dict(type='dict'),
delivery_notifications=dict(type='dict'),
feedback_forwarding=dict(default=True, type='bool'),
)
)
module = AnsibleModule(
argument_spec=argument_spec,
)
if not HAS_BOTO3:
module.fail_json(msg='boto3 required for this module')
for notification_type in ('bounce', 'complaint', 'delivery'):
param_name = notification_type + '_notifications'
arg_dict = module.params.get(param_name)
if arg_dict:
extra_keys = [x for x in arg_dict.keys() if x not in ('topic', 'include_headers')]
if extra_keys:
module.fail_json(msg='Unexpected keys ' + str(extra_keys) + ' in ' + param_name + ' valid keys are topic or include_headers')
region, ec2_url, aws_connect_params = get_aws_connection_info(module, boto3=True)
connection = boto3_conn(module, conn_type='client', resource='ses', region=region, endpoint=ec2_url, **aws_connect_params)
state = module.params.get("state")
if state == 'present':
sts = boto3_conn(module, conn_type='client', resource='sts', region=region, endpoint=ec2_url, **aws_connect_params)
account_id = get_account_id(sts)
create_or_update_identity(connection, module, region, account_id)
else:
destroy_identity(connection, module)
if __name__ == '__main__':
main()

2
test/integration/targets/aws_ses_identity/aliases Normal file
View file

@ -0,0 +1,2 @@
cloud/aws
posix/ci/cloud/group4/aws

4
test/integration/targets/aws_ses_identity/defaults/main.yaml Normal file
View file

@ -0,0 +1,4 @@
---
email_identity: "{{ resource_prefix }}@example.com"
domain_identity: "{{ resource_prefix }}.example.com"
notification_queue_name: "{{ resource_prefix }}-notification-queue"

0
test/integration/targets/aws_ses_identity/meta/main.yaml Normal file
View file

23
test/integration/targets/aws_ses_identity/tasks/assert_defaults.yaml Normal file
View file

@ -0,0 +1,23 @@
- name: assert returned identity
assert:
that:
- result.identity == identity
- name: assert returned identity_arn
assert:
that:
- "result.identity_arn|regex_search('^arn:aws:ses:' + ec2_region + ':[0-9]*:identity/' + identity + '$')"
msg: "'{{ result.identity_arn}}' doesn't match regex '^arn:aws:ses:{{ ec2_region }}:[0-9]*:identity/{{ identity }}'"
- name: assert verification_attributes.verification_status == 'Pending'
assert:
that:
- result.verification_attributes.verification_status == 'Pending'
- name: assert notification defaults
assert:
that:
- result.notification_attributes.forwarding_enabled == True
- result.notification_attributes.headers_in_bounce_notifications_enabled == False
- result.notification_attributes.headers_in_complaint_notifications_enabled == False
- result.notification_attributes.headers_in_delivery_notifications_enabled == False
- "'bounce_topic' not in result.notification_attributes"
- "'complaint_topic' not in result.notification_attributes"
- "'delivery_topic' not in result.notification_attributes"

408
test/integration/targets/aws_ses_identity/tasks/main.yaml Normal file
View file

@ -0,0 +1,408 @@
---
# ============================================================
- name: test register email identity
block:
- name: register email identity
aws_ses_identity:
identity: "{{ email_identity }}"
state: present
region: "{{ ec2_region }}"
aws_access_key: "{{ ec2_access_key }}"
aws_secret_key: "{{ ec2_secret_key }}"
security_token: "{{security_token}}"
register: result
- name: assert changed is True
assert:
that:
- result.changed == True
- import_tasks: assert_defaults.yaml
vars:
identity: "{{ email_identity }}"
always:
- name: cleanup email identity
aws_ses_identity:
identity: "{{ email_identity }}"
state: absent
region: "{{ ec2_region }}"
aws_access_key: "{{ ec2_access_key }}"
aws_secret_key: "{{ ec2_secret_key }}"
security_token: "{{security_token}}"
# ============================================================
- name: test register domain identity
block:
- name: register domain identity
aws_ses_identity:
identity: "{{ domain_identity }}"
state: present
region: "{{ ec2_region }}"
aws_access_key: "{{ ec2_access_key }}"
aws_secret_key: "{{ ec2_secret_key }}"
security_token: "{{security_token}}"
register: result
- name: assert changed is True
assert:
that:
- result.changed == True
- import_tasks: assert_defaults.yaml
vars:
identity: "{{ domain_identity }}"
- name: assert verification_attributes.verification_token is defined
assert:
that:
- result.verification_attributes.verification_token
always:
- name: cleanup domain identity
aws_ses_identity:
identity: "{{ domain_identity }}"
state: absent
region: "{{ ec2_region }}"
aws_access_key: "{{ ec2_access_key }}"
aws_secret_key: "{{ ec2_secret_key }}"
security_token: "{{security_token}}"
# ============================================================
- name: test email_identity unchanged when already existing
block:
- name: register identity
aws_ses_identity:
identity: "{{ email_identity }}"
state: present
region: "{{ ec2_region }}"
aws_access_key: "{{ ec2_access_key }}"
aws_secret_key: "{{ ec2_secret_key }}"
security_token: "{{security_token}}"
- name: duplicate register identity
aws_ses_identity:
identity: "{{ email_identity }}"
state: present
region: "{{ ec2_region }}"
aws_access_key: "{{ ec2_access_key }}"
aws_secret_key: "{{ ec2_secret_key }}"
security_token: "{{security_token}}"
register: result
- name: assert changed is False
assert:
that:
- result.changed == False
- import_tasks: assert_defaults.yaml
vars:
identity: "{{ email_identity }}"
always:
- name: cleanup identity
aws_ses_identity:
identity: "{{ email_identity }}"
state: absent
region: "{{ ec2_region }}"
aws_access_key: "{{ ec2_access_key }}"
aws_secret_key: "{{ ec2_secret_key }}"
security_token: "{{security_token}}"
# ============================================================
- name: test domain_identity unchanged when already existing
block:
- name: register identity
aws_ses_identity:
identity: "{{ domain_identity }}"
state: present
region: "{{ ec2_region }}"
aws_access_key: "{{ ec2_access_key }}"
aws_secret_key: "{{ ec2_secret_key }}"
security_token: "{{security_token}}"
- name: duplicate register identity
aws_ses_identity:
identity: "{{ domain_identity }}"
state: present
region: "{{ ec2_region }}"
aws_access_key: "{{ ec2_access_key }}"
aws_secret_key: "{{ ec2_secret_key }}"
security_token: "{{security_token}}"
register: result
- name: assert changed is False
assert:
that:
- result.changed == False
- import_tasks: assert_defaults.yaml
vars:
identity: "{{ domain_identity }}"
always:
- name: cleanup identity
aws_ses_identity:
identity: "{{ domain_identity }}"
state: absent
region: "{{ ec2_region }}"
aws_access_key: "{{ ec2_access_key }}"
aws_secret_key: "{{ ec2_secret_key }}"
security_token: "{{security_token}}"
# ============================================================
- name: remove non-existent email identity
aws_ses_identity:
identity: "{{ email_identity }}"
state: absent
region: "{{ ec2_region }}"
aws_access_key: "{{ ec2_access_key }}"
aws_secret_key: "{{ ec2_secret_key }}"
security_token: "{{security_token}}"
register: result
- name: assert changed is False
assert:
that:
- result.changed == False
# ============================================================
- name: remove non-existent domain identity
aws_ses_identity:
identity: "{{ domain_identity }}"
state: absent
region: "{{ ec2_region }}"
aws_access_key: "{{ ec2_access_key }}"
aws_secret_key: "{{ ec2_secret_key }}"
security_token: "{{security_token}}"
register: result
- name: assert changed is False
assert:
that:
- result.changed == False
# ============================================================
- name: test set notification queues
block:
- name: test topic
sns_topic:
name: "{{ notification_queue_name }}-{{ item }}"
state: present
region: "{{ ec2_region }}"
aws_access_key: "{{ ec2_access_key }}"
aws_secret_key: "{{ ec2_secret_key }}"
security_token: "{{security_token}}"
register: topic_info
with_items:
- bounce
- complaint
- delivery
- name: register email identity
aws_ses_identity:
identity: "{{ email_identity }}"
state: present
bounce_notifications:
topic: "{{ topic_info.results[0].sns_arn }}"
complaint_notifications:
topic: "{{ topic_info.results[1].sns_arn }}"
delivery_notifications:
topic: "{{ topic_info.results[2].sns_arn }}"
region: "{{ ec2_region }}"
aws_access_key: "{{ ec2_access_key }}"
aws_secret_key: "{{ ec2_secret_key }}"
security_token: "{{security_token}}"
register: result
- name: assert notification settings
assert:
that:
- result.notification_attributes.bounce_topic == topic_info.results[0].sns_arn
- result.notification_attributes.complaint_topic == topic_info.results[1].sns_arn
- result.notification_attributes.delivery_topic == topic_info.results[2].sns_arn
- name: assert notification headers unchanged
assert:
that:
- result.notification_attributes.headers_in_bounce_notifications_enabled == False
- result.notification_attributes.headers_in_complaint_notifications_enabled == False
- result.notification_attributes.headers_in_delivery_notifications_enabled == False
always:
- name: cleanup topics
sns_topic:
name: "{{ notification_queue_name }}-{{ item }}"
state: absent
region: "{{ ec2_region }}"
aws_access_key: "{{ ec2_access_key }}"
aws_secret_key: "{{ ec2_secret_key }}"
security_token: "{{security_token}}"
with_items:
- bounce
- complaint
- delivery
- name: cleanup email identity
aws_ses_identity:
identity: "{{ email_identity }}"
state: absent
region: "{{ ec2_region }}"
aws_access_key: "{{ ec2_access_key }}"
aws_secret_key: "{{ ec2_secret_key }}"
security_token: "{{security_token}}"
# ============================================================
- name: test change notification queues after create
block:
- name: test topic
sns_topic:
name: "{{ notification_queue_name }}-{{ item }}"
state: present
region: "{{ ec2_region }}"
aws_access_key: "{{ ec2_access_key }}"
aws_secret_key: "{{ ec2_secret_key }}"
security_token: "{{security_token}}"
register: topic_info
with_items:
- bounce
- complaint
- delivery
- name: register email identity
aws_ses_identity:
identity: "{{ email_identity }}"
state: present
region: "{{ ec2_region }}"
aws_access_key: "{{ ec2_access_key }}"
aws_secret_key: "{{ ec2_secret_key }}"
security_token: "{{security_token}}"
- name: set notification topics
aws_ses_identity:
identity: "{{ email_identity }}"
state: present
bounce_notifications:
topic: "{{ topic_info.results[0].sns_arn }}"
complaint_notifications:
topic: "{{ topic_info.results[1].sns_arn }}"
delivery_notifications:
topic: "{{ topic_info.results[2].sns_arn }}"
region: "{{ ec2_region }}"
aws_access_key: "{{ ec2_access_key }}"
aws_secret_key: "{{ ec2_secret_key }}"
security_token: "{{security_token}}"
register: result
- name: assert changed is True
assert:
that:
- result.changed == True
- name: assert notification settings
assert:
that:
- result.notification_attributes.bounce_topic == topic_info.results[0].sns_arn
- result.notification_attributes.complaint_topic == topic_info.results[1].sns_arn
- result.notification_attributes.delivery_topic == topic_info.results[2].sns_arn
always:
- name: cleanup topics
sns_topic:
name: "{{ notification_queue_name }}-{{ item }}"
state: absent
region: "{{ ec2_region }}"
aws_access_key: "{{ ec2_access_key }}"
aws_secret_key: "{{ ec2_secret_key }}"
security_token: "{{security_token}}"
with_items:
- bounce
- complaint
- delivery
- name: cleanup email identity
aws_ses_identity:
identity: "{{ email_identity }}"
state: absent
region: "{{ ec2_region }}"
aws_access_key: "{{ ec2_access_key }}"
aws_secret_key: "{{ ec2_secret_key }}"
security_token: "{{security_token}}"
# ============================================================
- name: test include headers on notification queues
block:
- name: register email identity
aws_ses_identity:
identity: "{{ email_identity }}"
state: present
bounce_notifications:
include_headers: Yes
complaint_notifications:
include_headers: Yes
delivery_notifications:
include_headers: Yes
region: "{{ ec2_region }}"
aws_access_key: "{{ ec2_access_key }}"
aws_secret_key: "{{ ec2_secret_key }}"
security_token: "{{security_token}}"
register: result
- name: assert notification headers enabled
assert:
that:
- result.notification_attributes.headers_in_bounce_notifications_enabled == True
- result.notification_attributes.headers_in_complaint_notifications_enabled == True
- result.notification_attributes.headers_in_delivery_notifications_enabled == True
always:
- name: cleanup email identity
aws_ses_identity:
identity: "{{ email_identity }}"
state: absent
region: "{{ ec2_region }}"
aws_access_key: "{{ ec2_access_key }}"
aws_secret_key: "{{ ec2_secret_key }}"
security_token: "{{security_token}}"
# ============================================================
- name: test disable feedback forwarding
block:
- name: test topic
sns_topic:
name: "{{ notification_queue_name }}-{{ item }}"
state: present
region: "{{ ec2_region }}"
aws_access_key: "{{ ec2_access_key }}"
aws_secret_key: "{{ ec2_secret_key }}"
security_token: "{{security_token}}"
register: topic_info
with_items:
- bounce
- complaint
- name: register email identity
aws_ses_identity:
identity: "{{ email_identity }}"
state: present
bounce_notifications:
topic: "{{ topic_info.results[0].sns_arn }}"
complaint_notifications:
topic: "{{ topic_info.results[1].sns_arn }}"
feedback_forwarding: No
region: "{{ ec2_region }}"
aws_access_key: "{{ ec2_access_key }}"
aws_secret_key: "{{ ec2_secret_key }}"
security_token: "{{security_token}}"
register: result
- name: assert feedback_forwarding == False
assert:
that:
- result.notification_attributes.forwarding_enabled == False
always:
- name: cleanup topics
sns_topic:
name: "{{ notification_queue_name }}-{{ item }}"
state: absent
region: "{{ ec2_region }}"
aws_access_key: "{{ ec2_access_key }}"
aws_secret_key: "{{ ec2_secret_key }}"
security_token: "{{security_token}}"
with_items:
- bounce
- complaint
- name: cleanup email identity
aws_ses_identity:
identity: "{{ email_identity }}"
state: absent
region: "{{ ec2_region }}"
aws_access_key: "{{ ec2_access_key }}"
aws_secret_key: "{{ ec2_secret_key }}"
security_token: "{{security_token}}"
# ============================================================
- name: test disable feedback forwarding fails if no topics
block:
- name: register identity
aws_ses_identity:
identity: "{{ domain_identity }}"
state: present
feedback_forwarding: No
region: "{{ ec2_region }}"
aws_access_key: "{{ ec2_access_key }}"
aws_secret_key: "{{ ec2_secret_key }}"
security_token: "{{security_token}}"
register: result
failed_when: result.failed == False
- name: assert error.code == InvalidParameterValue
assert:
that:
- result.error.code == 'InvalidParameterValue'
always:
- name: cleanup identity
aws_ses_identity:
identity: "{{ domain_identity }}"
state: absent
region: "{{ ec2_region }}"
aws_access_key: "{{ ec2_access_key }}"
aws_secret_key: "{{ ec2_secret_key }}"
security_token: "{{security_token}}"