Feature request: Ability to configure Swarm to send outgoing emails
Opened this issue · 3 comments
Use case
We would like to be able to set up Swarm to be able to send outgoing emails from Swarm notifications. The instructions on how to set up Swarm for mail can be found here:
https://www.perforce.com/manuals/swarm/Content/Swarm/admin.email.html
Solution/User Experience
The Swarm Terraform module would set up Simple Email Service and then use it's configuration to set up Swarm email settings.
Found this SES TF module: https://github.com/cloudposse/terraform-aws-ses
Alternative solutions
The Swarm Terraform module would allow users to pass in email settings if they wanted to use their own email setup.
Here is my attempt at implementation instructions.
1. Provide variables for specifying Swarm transport configuration
From the Swarm documentation:
'mail' => array(
'transport' => array(
'name' => 'localhost', // name of SMTP host
'host' => '127.0.0.1', // host/IP of SMTP host
'port' => 587, // SMTP host listening port
'connection_class' => 'plain', // 'smtp', 'plain', 'login', 'crammd5'
'connection_config' => array( // include when auth required to send
'username' => 'user', // user on SMTP host
'password' => 'pass', // password for user on SMTP host
'ssl' => 'tls', // empty, 'tls', or 'ssl'
)
),Currently, we set SSO configurables in the config.php via sed. This approach is tedious and requires complex bash commands to be completed by a sidecar container to the Swarm service. It may make sense to support a template config.php file and use the Terraform templatefile function to inject these values (SSO enable, transport block). Then upload that file to S3 and pull it down via the sidecar container.
on The Terraform side we can then instantiate Helix Swarm with the following details:
module "helix_swarm" {
source = "cloud-game-development-toolkit/modules/perforce/helix-swarm"
...
mail = {
sender = "swarm@example.com"
name = "MySMTPServer"
host = "smtp.example.com"
port = 587
connection_config = {
username = "user"
password = "password"
ssl = "tls"
}2. Automate SES SMTP user creation as part of the Helix Swarm module
Many of the variables above could be automatically injected. The sender domain needs to be verified with Route53 using aws_ses_domain_identity and aws_ses_domain_identity_verification. The host can be determined by deployment region. Connection configuration user can be created using IAM and mapping the user credentials to SMTP credentials..
Alternative SES integration solutions
We could consider using the path option for the Swarm mail configuration to write emails to S3, and then use a Lambda + the SES SDKs to trigger those emails to send. This option is more secure because it does not require IAM User creation - the Lambda would have role access for SES APIs. However, it requires us to define a Lambda function as part of the Swarm module.
This is a fantastic breakdown. I really like the idea of using terraform templatefile for injecting configurations as the current solution can be quite daunting for someone who is not familiar with bash. We should encapsulate this process into a little module and reuse it across the rest of our portfolio (the Horde configuration file comes to mind as a good candidate). Thoughts?
We'll need to figure out how we want to handle shared "subsidiary" modules like that. To my knowledge, TF doesn't have a great mechanism for that sort of importing structure since the paths will have to be relative. You couldn't just copy the source for the module since you'd need that other dependency now as well.