## - verification

resource "aws_ses_domain_identity" "social" {
  domain = local.domain_name
}

module "ses_zone_records" {
  #  count = local.route53_zone == "" ? 0 : 1

  source    = "terraform-aws-modules/route53/aws//modules/records"
  version   = "~> 2.0"
  zone_name = keys(module.zone.route53_zone_zone_id)[0]

  records = [
    {
      name    = "_amazonses"
      type    = "TXT"
      ttl     = "600"
      records = [ aws_ses_domain_identity.social.verification_token ]
    },
    {
      name    = ""
      type    = "MX"
      ttl     = "600"
      records = ["10 feedback-smtp.${local.aws_region}.amazonses.com"]
    },
    {
      name    = "bounce"
      type    = "MX"
      ttl     = "600"
      records = ["10 feedback-smtp.${local.aws_region}.amazonses.com"]
    },

    # SPF
    {
      name    = "bounce"
      type    = "TXT"
      ttl     = "600"
      records = [ "v=spf1 include:amazonses.com ~all" ]
    },
    {
      name    = ""
      type    = "TXT"
      ttl     = "600"
      records = [ "v=spf1 include:amazonses.com -all" ]
    },

    # DKIM
    {
      name    = "${aws_ses_domain_dkim.social.dkim_tokens[0]}._domainkey"
      type    = "CNAME"
      ttl     = "600"
      records = ["${aws_ses_domain_dkim.social.dkim_tokens[0]}.dkim.amazonses.com"]
    },
    {
      name    = "${aws_ses_domain_dkim.social.dkim_tokens[1]}._domainkey"
      type    = "CNAME"
      ttl     = "600"
      records = ["${aws_ses_domain_dkim.social.dkim_tokens[1]}.dkim.amazonses.com"]
    },
    {
      name    = "${aws_ses_domain_dkim.social.dkim_tokens[2]}._domainkey"
      type    = "CNAME"
      ttl     = "600"
      records = ["${aws_ses_domain_dkim.social.dkim_tokens[2]}.dkim.amazonses.com"]
    },


  ]

  depends_on = [module.zone]
}

resource "aws_ses_domain_identity_verification" "social" {
  domain = aws_ses_domain_identity.social.id

  depends_on = [ module.ses_zone_records ]
}

resource "aws_ses_domain_dkim" "social" {
  domain = aws_ses_domain_identity.social.domain
}

## - mx record

resource "aws_ses_domain_mail_from" "social" {
  domain           = aws_ses_domain_identity.social.domain
  mail_from_domain = "bounce.${aws_ses_domain_identity.social.domain}"
}


#resource "aws_route53_record" "mx_receive" {
#  count = var.enable_incoming_email_record ? 1 : 0
#
#  name    = data.aws_route53_zone.domain.name
#  zone_id = var.zone_id
#  type    = "MX"
#  ttl     = "600"
#  records = concat(["10 inbound-smtp.${data.aws_region.current.name}.amazonaws.com"], var.additional_incoming_email_records)
#}

## SMTP credentials

resource "random_pet" "smtp" {}

resource "aws_iam_user" "ses" {
  name = "smtp-${random_pet.smtp.id}"
}

resource "aws_iam_user_policy_attachment" "send_mail" {
  policy_arn = aws_iam_policy.send_mail.arn
  user       = aws_iam_user.ses.name
}

resource "aws_iam_policy" "send_mail" {
  name   = "social-send-mail"
  policy = data.aws_iam_policy_document.send_mail.json
}

data "aws_iam_policy_document" "send_mail" {
  statement {
    actions   = ["ses:SendRawEmail"]
    resources = [ "*" ]
    #resources = [ aws_ses_domain_identity.social.arn ]
  }
}

resource "aws_iam_access_key" "ses" {
  user = aws_iam_user.ses.name
}

resource "local_file" "ses_secret" {
  filename = ".ses_secret"
  content  = "${aws_iam_access_key.ses.secret}\n"
}
resource "local_file" "ses_id" {
  filename = ".ses_id"
  content  = "${aws_iam_access_key.ses.id}\n"
  #content  = "${aws_iam_user.ses.name}\n"
}