feat: change config format to all to specify priorities between email…

…s + fix permission issue
LouisBrunner · Apr 4, 2024 · 52ccfe7 · 52ccfe7
1 parent 6ebd6d3
commit 52ccfe7
Show file tree

Hide file tree

Showing 6 changed files with 57 additions and 30 deletions.
diff --git a/README.md b/README.md
@@ -13,13 +13,13 @@ resource "aws_route53_zone" "domain" {
 
 module "email" {
   source  = "LouisBrunner/ses-forwarder/aws"
-  version = "1.0.0"
+  version = "2.0.0"
   prefix  = "forwarder"
 
   emails = {
-    "example.com" = {
-      "^camille$" = ["camille@gmail.com"]
-    }
+    "example.com" = [
+      {regex = "^camille$", forward_to = ["camille@gmail.com"]}
+    ]
   }
 }
 ```
@@ -29,5 +29,5 @@ module "email" {
 You can also use the Docker image directly:
 
 ```bash
-docker pull ghcr.io/louisbrunner/terraform-aws-ses-forwarder:v1.0.0
+docker pull ghcr.io/louisbrunner/terraform-aws-ses-forwarder:v2.0.0
 ```
diff --git a/main.tf b/main.tf
@@ -73,18 +73,16 @@ module "lambda" {
 
   environment_variables = {
     CONFIG = jsonencode({
-      "emails" = {
-        for entry in flatten([
-          for domain, config in var.emails :
-          [
-            for email, aliases in config :
-            {
-              email   = "${trimsuffix(email, "$")}@${domain}$",
-              aliases = aliases,
-            }
-          ]
-        ]) : entry.email => entry.aliases
-      },
+      "emails" = flatten([
+        for domain, config in var.emails :
+        [
+          for entry in config :
+          {
+            regex      = "${trimsuffix(entry.regex, "$")}@${domain}$",
+            forward_to = entry.forward_to,
+          }
+        ]
+      ]),
     })
   }
 

diff --git a/main_ses.tf b/main_ses.tf
@@ -13,7 +13,7 @@ resource "aws_ses_domain_identity" "identity" {
 
 locals {
   destinaries = toset(flatten([for domain, config in var.emails :
-    [for email, aliases in config : aliases]
+    [for entry in config : entry.forward_to]
   ]))
 }
 
@@ -60,8 +60,29 @@ resource "aws_ses_receipt_rule" "rule" {
 }
 
 resource "aws_sns_topic" "emails" {
-  name_prefix       = var.prefix
-  kms_master_key_id = "alias/aws/sns"
+  name_prefix = var.prefix
+  policy      = data.aws_iam_policy_document.sns_access.json
+}
+
+data "aws_iam_policy_document" "sns_access" {
+  policy_id = "__default_policy_ID"
+
+  statement {
+    sid = "__default_statement_ID"
+
+    actions = [
+      "sns:Publish",
+    ]
+
+    resources = [
+      "*",
+    ]
+
+    principals {
+      type        = "Service"
+      identifiers = ["ses.amazonaws.com"]
+    }
+  }
 }
 
 resource "aws_sns_topic_subscription" "emails_and_lambda" {

diff --git a/pkg/logic/config.go b/pkg/logic/config.go
@@ -16,8 +16,13 @@ type Config struct {
 	translations []configEntry
 }
 
+type configEmail struct {
+	Regex     string   `json:"regex"`
+	ForwardTo []string `json:"forward_to"`
+}
+
 type config struct {
-	Emails map[string][]string `json:"emails"`
+	Emails []configEmail `json:"emails"`
 }
 
 // LoadConfig reads the configuration of the app from the current directory
@@ -35,13 +40,13 @@ func LoadConfig(content string) (*Config, error) {
 	conf := Config{
 		translations: make([]configEntry, 0, len(raw.Emails)),
 	}
-	for emailRegex, aliases := range raw.Emails {
-		regex, err := regexp.Compile(emailRegex)
+	for _, entry := range raw.Emails {
+		regex, err := regexp.Compile(entry.Regex)
 		if err != nil {
 			return nil, err
 		}
 
-		for _, alias := range aliases {
+		for _, alias := range entry.ForwardTo {
 			conf.translations = append(conf.translations, configEntry{
 				regex:   regex,
 				replace: alias,

diff --git a/pkg/logic/config_test.go b/pkg/logic/config_test.go
@@ -63,7 +63,7 @@ func TestLoadConfig(t *testing.T) {
 	}{
 		{
 			name:        "works",
-			config:      `{"emails": {".*@example.com":["123"]}}`,
+			config:      `{"emails": [{"regex":".*@example.com","forward_to":["123"]}]}`,
 			mapInput:    "abc@example.com",
 			mapExpected: "123",
 		},
@@ -74,17 +74,17 @@ func TestLoadConfig(t *testing.T) {
 		},
 		{
 			name:    "fails (invalid json 2)",
-			config:  `{"emails": {".*@example.com":["123"]},}`,
+			config:  `{"emails": [{"regex":".*@example.com", "forward_to":["123"]},]}`,
 			wantErr: true,
 		},
 		{
 			name:    "fails (empty)",
-			config:  `{"emails": {}}`,
+			config:  `{"emails": []}`,
 			wantErr: true,
 		},
 		{
 			name:    "fails (invalid regex)",
-			config:  `{"emails": {"[":["123"]}}`,
+			config:  `{"emails": [{"regex":"[", "forward_to":["123"]}]}`,
 			wantErr: true,
 		},
 	} {

diff --git a/variables.tf b/variables.tf
@@ -13,8 +13,11 @@ variable "mail_from" {
 }
 
 variable "emails" {
-  description = "The mapping from email accounts to their respective aliases, e.g. {\"example.com\" = {\"^info$\" = [\"camille@gmail.com\"]}}"
-  type        = map(map(list(string)))
+  description = "The mapping from email accounts to their prioritized respective aliases, e.g. {\"example.com\" = [{\"regex\" = \"^info$\", \"forward_to\" = [\"camille@gmail.com\"]}}"
+  type = map(list(object({
+    regex      = string
+    forward_to = list(string)
+  })))
 }
 
 variable "scan_enabled" {