New aws_ses_identity module to manage AWS Simple Email Service Identity (#31140)

* Add aws_ses_identity module

* Update CI alias, add BotoCoreError exception handling.

* Add SES and SNS permissions to hacking/aws_config to run aws_ses_identity integration tests

test/integration/targets/aws_ses_identity/aliases

@@ -0,0 +1,2 @@
+cloud/aws
+posix/ci/cloud/group4/aws

test/integration/targets/aws_ses_identity/defaults/main.yaml

@@ -0,0 +1,4 @@
+---
+email_identity: "{{ resource_prefix }}@example.com"
+domain_identity: "{{ resource_prefix }}.example.com"
+notification_queue_name: "{{ resource_prefix }}-notification-queue"

test/integration/targets/aws_ses_identity/tasks/assert_defaults.yaml

@@ -0,0 +1,23 @@
+- name: assert returned identity
+  assert:
+    that:
+      - result.identity == identity
+- name: assert returned identity_arn
+  assert:
+    that:
+      - "result.identity_arn|regex_search('^arn:aws:ses:' + ec2_region + ':[0-9]*:identity/' + identity + '$')"
+    msg: "'{{ result.identity_arn}}' doesn't match regex '^arn:aws:ses:{{ ec2_region }}:[0-9]*:identity/{{ identity }}'"
+- name: assert verification_attributes.verification_status == 'Pending'
+  assert:
+    that:
+      - result.verification_attributes.verification_status == 'Pending'
+- name: assert notification defaults
+  assert:
+    that:
+      - result.notification_attributes.forwarding_enabled == True
+      - result.notification_attributes.headers_in_bounce_notifications_enabled == False
+      - result.notification_attributes.headers_in_complaint_notifications_enabled == False
+      - result.notification_attributes.headers_in_delivery_notifications_enabled == False
+      - "'bounce_topic' not in result.notification_attributes"
+      - "'complaint_topic' not in result.notification_attributes"
+      - "'delivery_topic' not in result.notification_attributes"

test/integration/targets/aws_ses_identity/tasks/main.yaml

@@ -0,0 +1,408 @@
+---
+# ============================================================
+- name: test register email identity
+  block:
+    - name: register email identity
+      aws_ses_identity:
+        identity: "{{ email_identity }}"
+        state: present
+        region: "{{ ec2_region }}"
+        aws_access_key: "{{ ec2_access_key }}"
+        aws_secret_key: "{{ ec2_secret_key }}"
+        security_token: "{{security_token}}"
+      register: result
+    - name: assert changed is True
+      assert:
+        that:
+          - result.changed == True
+    - import_tasks: assert_defaults.yaml
+      vars:
+        identity: "{{ email_identity }}"
+  always:
+    - name: cleanup email identity
+      aws_ses_identity:
+        identity: "{{ email_identity }}"
+        state: absent
+        region: "{{ ec2_region }}"
+        aws_access_key: "{{ ec2_access_key }}"
+        aws_secret_key: "{{ ec2_secret_key }}"
+        security_token: "{{security_token}}"
+# ============================================================
+- name: test register domain identity
+  block:
+    - name: register domain identity
+      aws_ses_identity:
+        identity: "{{ domain_identity }}"
+        state: present
+        region: "{{ ec2_region }}"
+        aws_access_key: "{{ ec2_access_key }}"
+        aws_secret_key: "{{ ec2_secret_key }}"
+        security_token: "{{security_token}}"
+      register: result
+    - name: assert changed is True
+      assert:
+        that:
+          - result.changed == True
+    - import_tasks: assert_defaults.yaml
+      vars:
+        identity: "{{ domain_identity }}"
+    - name: assert verification_attributes.verification_token is defined
+      assert:
+        that:
+          - result.verification_attributes.verification_token
+  always:
+    - name: cleanup domain identity
+      aws_ses_identity:
+        identity: "{{ domain_identity }}"
+        state: absent
+        region: "{{ ec2_region }}"
+        aws_access_key: "{{ ec2_access_key }}"
+        aws_secret_key: "{{ ec2_secret_key }}"
+        security_token: "{{security_token}}"
+# ============================================================
+- name: test email_identity unchanged when already existing
+  block:
+    - name: register identity
+      aws_ses_identity:
+        identity: "{{ email_identity }}"
+        state: present
+        region: "{{ ec2_region }}"
+        aws_access_key: "{{ ec2_access_key }}"
+        aws_secret_key: "{{ ec2_secret_key }}"
+        security_token: "{{security_token}}"
+    - name: duplicate register identity
+      aws_ses_identity:
+        identity: "{{ email_identity }}"
+        state: present
+        region: "{{ ec2_region }}"
+        aws_access_key: "{{ ec2_access_key }}"
+        aws_secret_key: "{{ ec2_secret_key }}"
+        security_token: "{{security_token}}"
+      register: result
+    - name: assert changed is False
+      assert:
+        that:
+          - result.changed == False
+    - import_tasks: assert_defaults.yaml
+      vars:
+        identity: "{{ email_identity }}"
+  always:
+    - name: cleanup identity
+      aws_ses_identity:
+        identity: "{{ email_identity }}"
+        state: absent
+        region: "{{ ec2_region }}"
+        aws_access_key: "{{ ec2_access_key }}"
+        aws_secret_key: "{{ ec2_secret_key }}"
+        security_token: "{{security_token}}"
+# ============================================================
+- name: test domain_identity unchanged when already existing
+  block:
+    - name: register identity
+      aws_ses_identity:
+        identity: "{{ domain_identity }}"
+        state: present
+        region: "{{ ec2_region }}"
+        aws_access_key: "{{ ec2_access_key }}"
+        aws_secret_key: "{{ ec2_secret_key }}"
+        security_token: "{{security_token}}"
+    - name: duplicate register identity
+      aws_ses_identity:
+        identity: "{{ domain_identity }}"
+        state: present
+        region: "{{ ec2_region }}"
+        aws_access_key: "{{ ec2_access_key }}"
+        aws_secret_key: "{{ ec2_secret_key }}"
+        security_token: "{{security_token}}"
+      register: result
+    - name: assert changed is False
+      assert:
+        that:
+          - result.changed == False
+    - import_tasks: assert_defaults.yaml
+      vars:
+        identity: "{{ domain_identity }}"
+  always:
+    - name: cleanup identity
+      aws_ses_identity:
+        identity: "{{ domain_identity }}"
+        state: absent
+        region: "{{ ec2_region }}"
+        aws_access_key: "{{ ec2_access_key }}"
+        aws_secret_key: "{{ ec2_secret_key }}"
+        security_token: "{{security_token}}"
+# ============================================================
+- name: remove non-existent email identity
+  aws_ses_identity:
+    identity: "{{ email_identity }}"
+    state: absent
+    region: "{{ ec2_region }}"
+    aws_access_key: "{{ ec2_access_key }}"
+    aws_secret_key: "{{ ec2_secret_key }}"
+    security_token: "{{security_token}}"
+  register: result
+- name: assert changed is False
+  assert:
+    that:
+      - result.changed == False
+# ============================================================
+- name: remove non-existent domain identity
+  aws_ses_identity:
+    identity: "{{ domain_identity }}"
+    state: absent
+    region: "{{ ec2_region }}"
+    aws_access_key: "{{ ec2_access_key }}"
+    aws_secret_key: "{{ ec2_secret_key }}"
+    security_token: "{{security_token}}"
+  register: result
+- name: assert changed is False
+  assert:
+    that:
+      - result.changed == False
+# ============================================================
+- name: test set notification queues
+  block:
+    - name: test topic
+      sns_topic:
+        name: "{{ notification_queue_name }}-{{ item }}"
+        state: present
+        region: "{{ ec2_region }}"
+        aws_access_key: "{{ ec2_access_key }}"
+        aws_secret_key: "{{ ec2_secret_key }}"
+        security_token: "{{security_token}}"
+      register: topic_info
+      with_items:
+        - bounce
+        - complaint
+        - delivery
+    - name: register email identity
+      aws_ses_identity:
+        identity: "{{ email_identity }}"
+        state: present
+        bounce_notifications:
+          topic: "{{ topic_info.results[0].sns_arn }}"
+        complaint_notifications:
+          topic: "{{ topic_info.results[1].sns_arn }}"
+        delivery_notifications:
+          topic: "{{ topic_info.results[2].sns_arn }}"
+        region: "{{ ec2_region }}"
+        aws_access_key: "{{ ec2_access_key }}"
+        aws_secret_key: "{{ ec2_secret_key }}"
+        security_token: "{{security_token}}"
+      register: result
+    - name: assert notification settings
+      assert:
+        that:
+          - result.notification_attributes.bounce_topic == topic_info.results[0].sns_arn
+          - result.notification_attributes.complaint_topic == topic_info.results[1].sns_arn
+          - result.notification_attributes.delivery_topic == topic_info.results[2].sns_arn
+    - name: assert notification headers unchanged
+      assert:
+        that:
+          - result.notification_attributes.headers_in_bounce_notifications_enabled == False
+          - result.notification_attributes.headers_in_complaint_notifications_enabled == False
+          - result.notification_attributes.headers_in_delivery_notifications_enabled == False
+  always:
+    - name: cleanup topics
+      sns_topic:
+        name: "{{ notification_queue_name }}-{{ item }}"
+        state: absent
+        region: "{{ ec2_region }}"
+        aws_access_key: "{{ ec2_access_key }}"
+        aws_secret_key: "{{ ec2_secret_key }}"
+        security_token: "{{security_token}}"
+      with_items:
+        - bounce
+        - complaint
+        - delivery
+    - name: cleanup email identity
+      aws_ses_identity:
+        identity: "{{ email_identity }}"
+        state: absent
+        region: "{{ ec2_region }}"
+        aws_access_key: "{{ ec2_access_key }}"
+        aws_secret_key: "{{ ec2_secret_key }}"
+        security_token: "{{security_token}}"
+# ============================================================
+- name: test change notification queues after create
+  block:
+    - name: test topic
+      sns_topic:
+        name: "{{ notification_queue_name }}-{{ item }}"
+        state: present
+        region: "{{ ec2_region }}"
+        aws_access_key: "{{ ec2_access_key }}"
+        aws_secret_key: "{{ ec2_secret_key }}"
+        security_token: "{{security_token}}"
+      register: topic_info
+      with_items:
+        - bounce
+        - complaint
+        - delivery
+    - name: register email identity
+      aws_ses_identity:
+        identity: "{{ email_identity }}"
+        state: present
+        region: "{{ ec2_region }}"
+        aws_access_key: "{{ ec2_access_key }}"
+        aws_secret_key: "{{ ec2_secret_key }}"
+        security_token: "{{security_token}}"
+    - name: set notification topics
+      aws_ses_identity:
+        identity: "{{ email_identity }}"
+        state: present
+        bounce_notifications:
+          topic: "{{ topic_info.results[0].sns_arn }}"
+        complaint_notifications:
+          topic: "{{ topic_info.results[1].sns_arn }}"
+        delivery_notifications:
+          topic: "{{ topic_info.results[2].sns_arn }}"
+        region: "{{ ec2_region }}"
+        aws_access_key: "{{ ec2_access_key }}"
+        aws_secret_key: "{{ ec2_secret_key }}"
+        security_token: "{{security_token}}"
+      register: result
+    - name: assert changed is True
+      assert:
+        that:
+          - result.changed == True
+    - name: assert notification settings
+      assert:
+        that:
+          - result.notification_attributes.bounce_topic == topic_info.results[0].sns_arn
+          - result.notification_attributes.complaint_topic == topic_info.results[1].sns_arn
+          - result.notification_attributes.delivery_topic == topic_info.results[2].sns_arn
+  always:
+    - name: cleanup topics
+      sns_topic:
+        name: "{{ notification_queue_name }}-{{ item }}"
+        state: absent
+        region: "{{ ec2_region }}"
+        aws_access_key: "{{ ec2_access_key }}"
+        aws_secret_key: "{{ ec2_secret_key }}"
+        security_token: "{{security_token}}"
+      with_items:
+        - bounce
+        - complaint
+        - delivery
+    - name: cleanup email identity
+      aws_ses_identity:
+        identity: "{{ email_identity }}"
+        state: absent
+        region: "{{ ec2_region }}"
+        aws_access_key: "{{ ec2_access_key }}"
+        aws_secret_key: "{{ ec2_secret_key }}"
+        security_token: "{{security_token}}"
+# ============================================================
+- name: test include headers on notification queues
+  block:
+    - name: register email identity
+      aws_ses_identity:
+        identity: "{{ email_identity }}"
+        state: present
+        bounce_notifications:
+          include_headers: Yes
+        complaint_notifications:
+          include_headers: Yes
+        delivery_notifications:
+          include_headers: Yes
+        region: "{{ ec2_region }}"
+        aws_access_key: "{{ ec2_access_key }}"
+        aws_secret_key: "{{ ec2_secret_key }}"
+        security_token: "{{security_token}}"
+      register: result
+    - name: assert notification headers enabled
+      assert:
+        that:
+          - result.notification_attributes.headers_in_bounce_notifications_enabled == True
+          - result.notification_attributes.headers_in_complaint_notifications_enabled == True
+          - result.notification_attributes.headers_in_delivery_notifications_enabled == True
+  always:
+    - name: cleanup email identity
+      aws_ses_identity:
+        identity: "{{ email_identity }}"
+        state: absent
+        region: "{{ ec2_region }}"
+        aws_access_key: "{{ ec2_access_key }}"
+        aws_secret_key: "{{ ec2_secret_key }}"
+        security_token: "{{security_token}}"
+# ============================================================
+- name: test disable feedback forwarding
+  block:
+    - name: test topic
+      sns_topic:
+        name: "{{ notification_queue_name }}-{{ item }}"
+        state: present
+        region: "{{ ec2_region }}"
+        aws_access_key: "{{ ec2_access_key }}"
+        aws_secret_key: "{{ ec2_secret_key }}"
+        security_token: "{{security_token}}"
+      register: topic_info
+      with_items:
+        - bounce
+        - complaint
+    - name: register email identity
+      aws_ses_identity:
+        identity: "{{ email_identity }}"
+        state: present
+        bounce_notifications:
+          topic: "{{ topic_info.results[0].sns_arn }}"
+        complaint_notifications:
+          topic: "{{ topic_info.results[1].sns_arn }}"
+        feedback_forwarding: No
+        region: "{{ ec2_region }}"
+        aws_access_key: "{{ ec2_access_key }}"
+        aws_secret_key: "{{ ec2_secret_key }}"
+        security_token: "{{security_token}}"
+      register: result
+    - name: assert feedback_forwarding == False
+      assert:
+        that:
+          - result.notification_attributes.forwarding_enabled == False
+  always:
+    - name: cleanup topics
+      sns_topic:
+        name: "{{ notification_queue_name }}-{{ item }}"
+        state: absent
+        region: "{{ ec2_region }}"
+        aws_access_key: "{{ ec2_access_key }}"
+        aws_secret_key: "{{ ec2_secret_key }}"
+        security_token: "{{security_token}}"
+      with_items:
+        - bounce
+        - complaint
+    - name: cleanup email identity
+      aws_ses_identity:
+        identity: "{{ email_identity }}"
+        state: absent
+        region: "{{ ec2_region }}"
+        aws_access_key: "{{ ec2_access_key }}"
+        aws_secret_key: "{{ ec2_secret_key }}"
+        security_token: "{{security_token}}"
+# ============================================================
+- name: test disable feedback forwarding fails if no topics
+  block:
+    - name: register identity
+      aws_ses_identity:
+        identity: "{{ domain_identity }}"
+        state: present
+        feedback_forwarding: No
+        region: "{{ ec2_region }}"
+        aws_access_key: "{{ ec2_access_key }}"
+        aws_secret_key: "{{ ec2_secret_key }}"
+        security_token: "{{security_token}}"
+      register: result
+      failed_when: result.failed == False
+    - name: assert error.code == InvalidParameterValue
+      assert:
+        that:
+          - result.error.code == 'InvalidParameterValue'
+  always:
+    - name: cleanup identity
+      aws_ses_identity:
+        identity: "{{ domain_identity }}"
+        state: absent
+        region: "{{ ec2_region }}"
+        aws_access_key: "{{ ec2_access_key }}"
+        aws_secret_key: "{{ ec2_secret_key }}"
+        security_token: "{{security_token}}"