From 51eadd4b9abc0e281da6e420cf59d49a6539006d Mon Sep 17 00:00:00 2001
From: bdeshi <bdeshi@bdeshi.space>
Date: Tue, 28 May 2024 05:26:50 +0600
Subject: [PATCH] add email dkim & admin smtp cred

---
 README.terraform.md    |  7 ++++++-
 oci.email.tf           |  7 +++++++
 oci.identity.tf        |  7 +++++++
 terraform.outputs.tf   | 20 ++++++++++++++++++++
 terraform.variables.tf |  2 ++
 5 files changed, 42 insertions(+), 1 deletion(-)

diff --git a/README.terraform.md b/README.terraform.md
index 7d422c3..d6501fb 100644
--- a/README.terraform.md
+++ b/README.terraform.md
@@ -31,6 +31,7 @@ No modules.
 | [oci_core_public_ip.static](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_public_ip) | resource |
 | [oci_core_subnet.public](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_subnet) | resource |
 | [oci_core_vcn.vcn](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_vcn) | resource |
+| [oci_email_dkim.domain](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/email_dkim) | resource |
 | [oci_email_email_domain.domain](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/email_email_domain) | resource |
 | [oci_email_sender.sender](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/email_sender) | resource |
 | [oci_email_suppression.suppression](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/email_suppression) | resource |
@@ -41,6 +42,7 @@ No modules.
 | [oci_identity_group.administrators](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/identity_group) | resource |
 | [oci_identity_policy.administrators](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/identity_policy) | resource |
 | [oci_identity_policy.kms_service_policy](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/identity_policy) | resource |
+| [oci_identity_smtp_credential.admin](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/identity_smtp_credential) | resource |
 | [oci_identity_ui_password.admin_initial](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/identity_ui_password) | resource |
 | [oci_identity_user.admin](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/identity_user) | resource |
 | [oci_identity_user_group_membership.admin](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/identity_user_group_membership) | resource |
@@ -63,7 +65,7 @@ No modules.
 |------|-------------|------|---------|:--------:|
 | <a name="input_oci_region"></a> [oci\_region](#input\_oci\_region) | The region for the OCI provider | `string` | n/a | yes |
 | <a name="input_tenancy_id"></a> [tenancy\_id](#input\_tenancy\_id) | The OCID of the tenancy | `string` | n/a | yes |
-| <a name="input_admin_create_credentials"></a> [admin\_create\_credentials](#input\_admin\_create\_credentials) | Types of credentials to create for the admin user | <pre>object({<br>    api_key      = bool<br>    auth_token   = bool<br>    customer_key = bool<br>    password     = bool<br>  })</pre> | <pre>{<br>  "api_key": true,<br>  "auth_token": false,<br>  "customer_key": false,<br>  "password": false<br>}</pre> | no |
+| <a name="input_admin_create_credentials"></a> [admin\_create\_credentials](#input\_admin\_create\_credentials) | Types of credentials to create for the admin user | <pre>object({<br>    api_key      = bool<br>    auth_token   = bool<br>    customer_key = bool<br>    password     = bool<br>    smtp         = bool<br>  })</pre> | <pre>{<br>  "api_key": true,<br>  "auth_token": false,<br>  "customer_key": false,<br>  "password": false,<br>  "smtp": true<br>}</pre> | no |
 | <a name="input_create_instances"></a> [create\_instances](#input\_create\_instances) | Create compute instances types | <pre>object({<br>    micro = bool<br>    flex  = bool<br>  })</pre> | <pre>{<br>  "flex": true,<br>  "micro": true<br>}</pre> | no |
 | <a name="input_create_static_ip"></a> [create\_static\_ip](#input\_create\_static\_ip) | Create a reserved static IP | `bool` | `true` | no |
 | <a name="input_create_topics"></a> [create\_topics](#input\_create\_topics) | Create notification topics | `bool` | `true` | no |
@@ -87,6 +89,8 @@ No modules.
 |------|-------------|
 | <a name="output_admin_auth_token"></a> [admin\_auth\_token](#output\_admin\_auth\_token) | The auth token of the admin user |
 | <a name="output_admin_initial_password"></a> [admin\_initial\_password](#output\_admin\_initial\_password) | The initial password of the admin user |
+| <a name="output_admin_smtp_password"></a> [admin\_smtp\_password](#output\_admin\_smtp\_password) | The SMTP password of the admin user |
+| <a name="output_admin_smtp_username"></a> [admin\_smtp\_username](#output\_admin\_smtp\_username) | The SMTP username of the admin user |
 | <a name="output_admin_user_id"></a> [admin\_user\_id](#output\_admin\_user\_id) | The ID of the admin user |
 | <a name="output_api_key_fingerprint"></a> [api\_key\_fingerprint](#output\_api\_key\_fingerprint) | The fingerprint of the admin user API key |
 | <a name="output_api_key_private"></a> [api\_key\_private](#output\_api\_key\_private) | The private part of the admin user API key |
@@ -94,6 +98,7 @@ No modules.
 | <a name="output_compartment_name"></a> [compartment\_name](#output\_compartment\_name) | The name of the created compartment |
 | <a name="output_customer_key_id"></a> [customer\_key\_id](#output\_customer\_key\_id) | The ID of the customer key |
 | <a name="output_customer_key_key"></a> [customer\_key\_key](#output\_customer\_key\_key) | The ID of the customer key |
+| <a name="output_email_dkim_records"></a> [email\_dkim\_records](#output\_email\_dkim\_records) | The DKIM records for the email domain |
 | <a name="output_email_endpoints"></a> [email\_endpoints](#output\_email\_endpoints) | The email configuration endpoints |
 | <a name="output_instance_availability_domains"></a> [instance\_availability\_domains](#output\_instance\_availability\_domains) | The availability domains of the instances |
 | <a name="output_instance_ips"></a> [instance\_ips](#output\_instance\_ips) | The public IP addresses of the instances |
diff --git a/oci.email.tf b/oci.email.tf
index d01dbae..413fa51 100644
--- a/oci.email.tf
+++ b/oci.email.tf
@@ -5,6 +5,13 @@ resource "oci_email_email_domain" "domain" {
   freeform_tags  = local.freeform_tags
 }
 
+resource "oci_email_dkim" "domain" {
+  for_each = toset(var.enable_email_delivery ? var.email_configuration.email_domains : [])
+
+  email_domain_id = oci_email_email_domain.domain[each.value].id
+  freeform_tags   = local.freeform_tags
+}
+
 resource "oci_email_sender" "sender" {
   for_each = toset(var.enable_email_delivery ? var.email_configuration.approved_senders : [])
 
diff --git a/oci.identity.tf b/oci.identity.tf
index 2e5843e..ba15c8f 100644
--- a/oci.identity.tf
+++ b/oci.identity.tf
@@ -47,6 +47,13 @@ resource "oci_identity_auth_token" "admin" {
   description = local.common_description
 }
 
+resource "oci_identity_smtp_credential" "admin" {
+  count = var.admin_create_credentials.smtp ? 1 : 0
+
+  description = "default smtp credentials"
+  user_id     = oci_identity_user.admin.id
+}
+
 resource "tls_private_key" "admin_api_key" {
   count = var.admin_create_credentials.api_key ? 1 : 0
 
diff --git a/terraform.outputs.tf b/terraform.outputs.tf
index e80d3d8..92e961e 100644
--- a/terraform.outputs.tf
+++ b/terraform.outputs.tf
@@ -46,6 +46,17 @@ output "admin_auth_token" {
   sensitive   = true
 }
 
+output "admin_smtp_username" {
+  description = "The SMTP username of the admin user"
+  value       = oci_identity_smtp_credential.admin[0].username
+}
+
+output "admin_smtp_password" {
+  description = "The SMTP password of the admin user"
+  value       = oci_identity_smtp_credential.admin[0].password
+  sensitive   = true
+}
+
 output "api_key_private" {
   description = "The private part of the admin user API key"
   value       = try(tls_private_key.admin_api_key[0].private_key_pem, null)
@@ -121,6 +132,15 @@ output "email_endpoints" {
   }
 }
 
+output "email_dkim_records" {
+  description = "The DKIM records for the email domain"
+  value = { for k, v in oci_email_dkim.domain : k => {
+    cname_value  = v.cname_record_value
+    cname_record = v.dns_subdomain_name
+    txt_record   = v.txt_record_value
+  } }
+}
+
 output "kms_vault_id" {
   description = "The ID of the KMS vault"
   value       = oci_kms_vault.vault[0].id
diff --git a/terraform.variables.tf b/terraform.variables.tf
index 847bd9c..e5c706f 100644
--- a/terraform.variables.tf
+++ b/terraform.variables.tf
@@ -39,12 +39,14 @@ variable "admin_create_credentials" {
     auth_token   = bool
     customer_key = bool
     password     = bool
+    smtp         = bool
   })
   default = {
     api_key      = true
     auth_token   = false
     customer_key = false
     password     = false
+    smtp         = true
   }
   description = "Types of credentials to create for the admin user"
 }