GSA · mogul · May 13, 2021 · Apr 26, 2021 · May 4, 2021 · May 4, 2021
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,41 @@
+# When a tag is pushed, create a tag-named release with the brokerpak in it 
+name: 'release'
+on:
+  push:
+    tags:
+    - '*'
+
+jobs:
+  release:
+    name: 'Release'
+    runs-on: ubuntu-latest
+
+    # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest
+    defaults:
+      run:
+        shell: bash
+
+    steps:  
+    - name: Install the eden OSBAPI CLI tool
+      run: |
+        wget -q -O - https://raw.githubusercontent.com/starkandwayne/homebrew-cf/master/public.key | sudo apt-key add -
+        echo "deb http://apt.starkandwayne.com stable main" | sudo tee /etc/apt/sources.list.d/starkandwayne.list
+        sudo apt-get update
+        sudo apt-get install eden
+    - name: Check out repository
+      uses: actions/checkout@v2
+      with: 
+        fetch-depth: '0'
+
+    - name: Build the brokerpak
+      run: make build
+
+    - name: Rename the brokerpak file based on the tag
+      run: mv aws-services-0.1.0.brokerpak aws-services-${GITHUB_REF#refs/*/}.brokerpak
+
+    - name: Create a release and upload the files
+      uses: ncipollo/release-action@v1
+      with:
+        artifacts: "*.brokerpak"
+        artifactErrorsFailBuild: true
+        token: ${{ secrets.GITHUB_TOKEN }}    
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -0,0 +1,50 @@
+name: 'Test'
+
+on: [push]
+
+jobs:
+  make:
+    name: 'Make'
+    runs-on: ubuntu-latest
+    env:
+      # For storing the Terraform state for the deployment
+      AWS_ACCESS_KEY_ID: "${{ secrets.AWS_ACCESS_KEY_ID }}"
+      AWS_SECRET_ACCESS_KEY: "${{ secrets.AWS_SECRET_ACCESS_KEY }}"
+
+    # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest
+    defaults:
+      run:
+        shell: bash
+
+    # Checkout the repository to the GitHub Actions runner
+    steps:
+    - name: Install the eden OSBAPI CLI tool
+      run: |
+        wget -q -O - https://raw.githubusercontent.com/starkandwayne/homebrew-cf/master/public.key | sudo apt-key add -
+        echo "deb http://apt.starkandwayne.com stable main" | sudo tee /etc/apt/sources.list.d/starkandwayne.list
+        sudo apt-get update
+        sudo apt-get install eden
+    - uses: actions/checkout@v2
+      with:
+        fetch-depth: '0'
+
+    - name: Supply an empty .env.secrets file
+      run: |
+        echo "AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID" > .env.secrets
+        echo "AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY" >> .env.secrets
+    - name: Build
+      run: make build
+
+    - name: Set the instance name for subsequent steps
+      # Use an instance name that corresponds to this particular branch+run.
+      # Docs for this method:
+      # https://docs.github.com/en/actions/reference/workflow-commands-for-github-actions#setting-an-environment-variable
+      run: |
+        INSTANCE_NAME="$(echo ci-${{ github.event.pull_request.number }}-${GITHUB_RUN_ID})"
+        echo "INSTANCE_NAME=${INSTANCE_NAME}" | tee -a $GITHUB_ENV
+
+    - name: Run
+      run: make run &
+
+    - name: Run examples (tests)
+      run: service_name=csb-aws-ses example_name=ses  make run-examples
diff --git a/aws-ses.yml b/aws-ses.yml
@@ -0,0 +1,126 @@
+# Copyright 2020 Pivotal Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http:#www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+version: 1
+name: csb-aws-ses
+id: b90ace67-954b-4b33-8f84-95cacc55b94c
+description: AWS SES
+display_name: AWS SES
+image_url: https://www.pikpng.com/pngl/m/107-1078218_aws-ses-logo-png-transparent-ses-aws-clipart.png
+documentation_url: https://aws.amazon.com/ses/
+support_url: https://aws.amazon.com/ses/
+tags: [aws, ses, preview]
+plan_updateable: true
+plans:
+- name: common
+  id: dc109a6e-c4a8-4fbb-8c49-acf9740ab819
+  description: 'Amazon Simple Email Service (SES) is a pay-as-you-go service based on the volume of emails sent and received.'
+  display_name: "common"
+  properties:
+provision:
+  plan_inputs:
+  user_inputs:
+    - field_name: region
+      type: string
+      details: The region of the SES service.
+      default: us-east-1
+      enum:
+        us-east-2 : us-east-2
+        us-east-1 : us-east-1
+        us-west-1 : us-west-1
+        us-west-2 : us-west-2
+        ap-east-1 : ap-east-1
+        ap-south-1 : ap-south-1
+        ap-northeast-3 : ap-northeast-3
+        ap-northeast-2 : ap-northeast-2
+        ap-southeast-1 : ap-southeast-1
+        ap-southeast-2 : ap-southeast-2
+        ap-northeast-1 : ap-northeast-1
+        ca-central-1 : ca-central-1
+        cn-north-1 : cn-north-1
+        cn-northwest-1 : cn-northwest-1
+        eu-central-1 : eu-central-1
+        eu-west-1 : eu-west-1
+        eu-west-2 : eu-west-2
+        eu-west-3 : eu-west-3
+        eu-north-1 : eu-north-1
+        me-south-1 : me-south-1
+        sa-east-1 : sa-east-1
+    - field_name: aws_access_key_id
+      type: string
+      details: AWS access key
+      default: ${config("aws.access_key_id")}
+    - field_name: aws_secret_access_key
+      type: string
+      details: AWS secret key
+      default: ${config("aws.secret_access_key")}
+    - field_name: domain
+      type: string
+      details: AWS SES Domain Identity
+      default: "ssb-dev.datagov.us"
+  computed_inputs:
+  - name: labels
+    default: ${json.marshal(request.default_labels)}
+    overwrite: true
+    type: object
+  template_refs:
+    main: terraform/ses/provision/main.tf
+    outputs: terraform/ses/provision/outputs.tf
+    provider: terraform/ses/provision/provider.tf
+    variables: terraform/ses/provision/variables.tf
+  outputs:
+  - field_name: region
+    type: string
+    details: AWS region for the SES
+bind:
+  plan_inputs: []
+  user_inputs:
+  - field_name: aws_access_key_id
+    type: string
+    details: AWS access key
+    default: ${config("aws.access_key_id")}
+  - field_name: aws_secret_access_key
+    type: string
+    details: AWS secret key
+    default: ${config("aws.secret_access_key")}
+  computed_inputs:
+  - name: region
+    default: ${instance.details["region"]}
+    overwrite: true
+    type: string
+  - name: user_name
+    default: csb-${request.binding_id}
+    overwrite: true
+    type: string
+  template_refs:
+    main: terraform/ses/bind/main.tf
+    outputs: terraform/ses/bind/outputs.tf
+    provider: terraform/ses/bind/provider.tf
+    variables: terraform/ses/bind/variables.tf
+  outputs:
+  - field_name: ses_smtp_server
+    type: string
+    details: AWS SES SMTP server
+  - field_name: ses_smtp_user
+    type: string
+    details: AWS SES SMTP user
+  - field_name: ses_smtp_password
+    type: string
+    details: AWS SES SMTP password
+examples:
+- name: ses
+  description: SES common
+  plan_id: dc109a6e-c4a8-4fbb-8c49-acf9740ab819
+  provision_params: {}
+  bind_params: {}
diff --git a/manifest.yml b/manifest.yml
@@ -33,6 +33,7 @@ service_definitions:
 - aws-postgresql.yml
 - aws-s3-bucket.yml
 - aws-dynamodb.yml
+- aws-ses.yml
 
 
 

diff --git a/terraform/ses/bind/main.tf b/terraform/ses/bind/main.tf
@@ -0,0 +1,44 @@
+# Copyright 2020 Pivotal Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http:#www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+resource "aws_iam_user" "user" {
+    name = var.user_name
+    path = "/cf/"
+}
+
+resource "aws_iam_access_key" "access_key" {
+    user = aws_iam_user.user.name
+}
+
+resource "aws_iam_user_policy" "user_policy" {
+    name   = format("%s-p", var.user_name)
+
+    user   = aws_iam_user.user.name
+
+    policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action":[
+        "ses:SendEmail",
+        "ses:SendRawEmail"
+      ],
+      "Resource": "*"
+    }
+  ]
+}
+EOF
+}
diff --git a/terraform/ses/bind/outputs.tf b/terraform/ses/bind/outputs.tf
@@ -0,0 +1,16 @@
+# Copyright 2020 Pivotal Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http:#www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+output ses_smtp_server { value = format("email-smtp.%s.amazonaws.com", var.region) }
+output ses_smtp_user { value = aws_iam_access_key.access_key.id}
+output ses_smtp_password { value = aws_iam_access_key.access_key.ses_smtp_password_v4 }
diff --git a/terraform/ses/bind/provider.tf b/terraform/ses/bind/provider.tf
@@ -0,0 +1,24 @@
+# Copyright 2020 Pivotal Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http:#www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+variable aws_access_key_id { type = string }
+variable aws_secret_access_key { type = string }
+variable region { type = string }
+
+provider "aws" {
+  version = "~> 3.0"
+  region  = var.region
+  access_key = var.aws_access_key_id
+  secret_key = var.aws_secret_access_key
+}
diff --git a/terraform/ses/bind/variables.tf b/terraform/ses/bind/variables.tf
@@ -0,0 +1,15 @@
+# Copyright 2020 Pivotal Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http:#www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+variable user_name { type = string }
diff --git a/terraform/ses/provision/main.tf b/terraform/ses/provision/main.tf
@@ -0,0 +1,35 @@
+# Copyright 2020 Pivotal Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http:#www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+data "aws_route53_zone" "zone" {
+  name = var.domain
+}
+
+resource "aws_ses_domain_identity" "identity" {
+  domain = var.domain
+}
+
+resource "aws_route53_record" "record" {
+  zone_id = data.aws_route53_zone.zone.zone_id
+  name    = "_amazonses.${aws_ses_domain_identity.identity.id}"
+  type    = "TXT"
+  ttl     = "600"
+  records = [aws_ses_domain_identity.identity.verification_token]
+}
+
+resource "aws_ses_domain_identity_verification" "verification" {
+  domain = aws_ses_domain_identity.identity.id
+
+  depends_on = [aws_route53_record.record]
+}
diff --git a/terraform/ses/provision/outputs.tf b/terraform/ses/provision/outputs.tf
@@ -0,0 +1,15 @@
+# Copyright 2020 Pivotal Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http:#www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+output region { value = var.region }