feat(tem): add support for blockedlist

jremy42 · jremy42 · commit 88dc5637b625 · 2025-03-14T14:33:19.000+01:00
diff --git a/internal/provider/provider.go b/internal/provider/provider.go
@@ -224,6 +224,7 @@ func Provider(config *Config) plugin.ProviderFunc {
 				"scaleway_secret_version":                      secret.ResourceVersion(),
 				"scaleway_tem_domain":                          tem.ResourceDomain(),
 				"scaleway_tem_domain_validation":               tem.ResourceDomainValidation(),
+				"scaleway_tem_blocked_list":                    tem.ResourceBlockedList(),
 				"scaleway_tem_webhook":                         tem.ResourceWebhook(),
 				"scaleway_vpc":                                 vpc.ResourceVPC(),
 				"scaleway_vpc_gateway_network":                 vpcgw.ResourceNetwork(),
diff --git a/internal/services/tem/blockedlist.go b/internal/services/tem/blockedlist.go
@@ -0,0 +1,135 @@
+package tem
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
+	tem "github.com/scaleway/scaleway-sdk-go/api/tem/v1alpha1"
+	"github.com/scaleway/scaleway-sdk-go/scw"
+	"github.com/scaleway/terraform-provider-scaleway/v2/internal/httperrors"
+	"github.com/scaleway/terraform-provider-scaleway/v2/internal/locality/regional"
+	"github.com/scaleway/terraform-provider-scaleway/v2/internal/services/account"
+)
+
+func ResourceBlockedList() *schema.Resource {
+	return &schema.Resource{
+		CreateContext: ResourceBlockedListCreate,
+		ReadContext:   ResourceBlockedListRead,
+		DeleteContext: ResourceBlockedListDelete,
+		Importer: &schema.ResourceImporter{
+			StateContext: schema.ImportStatePassthroughContext,
+		},
+		Schema: map[string]*schema.Schema{
+			"domain_id": {
+				Type:        schema.TypeString,
+				Required:    true,
+				ForceNew:    true,
+				Description: "The ID of the domain affected by the blocklist.",
+			},
+			"email": {
+				Type:        schema.TypeString,
+				Required:    true,
+				ForceNew:    true,
+				Description: "Email address to block.",
+			},
+			"type": {
+				Type:         schema.TypeString,
+				Required:     true,
+				ForceNew:     true,
+				Description:  "Type of the blocked list. (mailbox_full or mailbox_not_found)",
+				ValidateFunc: validation.StringInSlice([]string{"mailbox_full", "mailbox_not_found"}, false),
+			},
+			"reason": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Default:     "manual_block",
+				ForceNew:    true,
+				Description: "Reason for blocking the emails.",
+			},
+			"region":     regional.Schema(),
+			"project_id": account.ProjectIDSchema(),
+		},
+	}
+}
+
+func ResourceBlockedListCreate(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
+	api, region, err := temAPIWithRegion(d, m)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	region, domainID, err := regional.ParseID(d.Get("domain_id").(string))
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	emails := []string{d.Get("email").(string)}
+	reason := d.Get("reason").(string)
+	typeBlockedList := d.Get("type").(string)
+
+	_, err = api.BulkCreateBlocklists(&tem.BulkCreateBlocklistsRequest{
+		Emails:   emails,
+		Region:   region,
+		DomainID: domainID,
+		Type:     tem.BlocklistType(typeBlockedList),
+		Reason:   &reason,
+	}, scw.WithContext(ctx))
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	d.SetId(fmt.Sprintf("%s-%s", region, domainID))
+
+	return ResourceBlockedListRead(ctx, d, m)
+}
+
+func ResourceBlockedListRead(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
+	api, region, _, err := NewAPIWithRegionAndID(m, d.Id())
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	blocklists, err := api.ListBlocklists(&tem.ListBlocklistsRequest{
+		Region:   region,
+		Email:    scw.StringPtr(d.Get("email").(string)),
+		DomainID: d.Get("domain_id").(string),
+	}, scw.WithContext(ctx))
+	if err != nil {
+		if httperrors.Is404(err) {
+			d.SetId("")
+			return nil
+		}
+		return diag.FromErr(err)
+	}
+
+	if len(blocklists.Blocklists) == 0 {
+		d.SetId("")
+		return nil
+	}
+
+	_ = d.Set("email", blocklists.Blocklists[0].Email)
+	_ = d.Set("reason", blocklists.Blocklists[0].Reason)
+	_ = d.Set("domain_id", blocklists.Blocklists[0].DomainID)
+	_ = d.Set("type", blocklists.Blocklists[0].Type)
+	return nil
+}
+
+func ResourceBlockedListDelete(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
+	api, region, id, err := NewAPIWithRegionAndID(m, d.Id())
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	err = api.DeleteBlocklist(&tem.DeleteBlocklistRequest{
+		Region:      region,
+		BlocklistID: id,
+	}, scw.WithContext(ctx))
+	if err != nil && !httperrors.Is404(err) {
+		return diag.FromErr(err)
+	}
+	d.SetId("")
+	return nil
+}
diff --git a/internal/services/tem/blockedlist_test.go b/internal/services/tem/blockedlist_test.go
@@ -0,0 +1,137 @@
+package tem_test
+
+import (
+	"context"
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
+	temSDK "github.com/scaleway/scaleway-sdk-go/api/tem/v1alpha1"
+	"github.com/scaleway/scaleway-sdk-go/scw"
+	"github.com/scaleway/terraform-provider-scaleway/v2/internal/acctest"
+	"github.com/scaleway/terraform-provider-scaleway/v2/internal/services/tem"
+)
+
+func TestAccBlockedList_Basic(t *testing.T) {
+	tt := acctest.NewTestTools(t)
+	defer tt.Cleanup()
+
+	subDomainName := "test-blockedlist"
+
+	blockedEmail := "spam@example.com"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:          func() { acctest.PreCheck(t) },
+		ProviderFactories: tt.ProviderFactories,
+		CheckDestroy:      isBlockedEmailDestroyed(tt),
+		Steps: []resource.TestStep{
+			{
+				Config: fmt.Sprintf(`
+
+				resource "scaleway_domain_zone" "test" {
+  						domain    = "%s"
+  						subdomain = "%s"
+					}
+
+					resource scaleway_tem_domain cr01 {
+						name       = scaleway_domain_zone.test.id
+						accept_tos = true
+						autoconfig = true
+					}
+
+					resource scaleway_tem_domain_validation valid {
+  						domain_id = scaleway_tem_domain.cr01.id
+  						region = scaleway_tem_domain.cr01.region
+						timeout = 3600
+					}
+
+					resource "scaleway_tem_blocked_list" "test" {
+						domain_id  = scaleway_tem_domain.cr01.id
+						email      = "%s"
+						type       = "mailbox_full"
+						reason     = "Spam detected"
+						region     = "fr-par"
+ 						depends_on = [
+    						scaleway_tem_domain_validation.valid
+  						]
+					}
+				`, domainNameValidation, subDomainName, blockedEmail),
+				Check: resource.ComposeTestCheckFunc(
+					isBlockedEmailPresent(tt, "scaleway_tem_blocked_list.test"),
+					resource.TestCheckResourceAttr("scaleway_tem_blocked_list.test", "email", blockedEmail),
+					resource.TestCheckResourceAttr("scaleway_tem_blocked_list.test", "type", "mailbox_full"),
+					resource.TestCheckResourceAttr("scaleway_tem_blocked_list.test", "reason", "Spam detected"),
+					acctest.CheckResourceAttrUUID("scaleway_tem_blocked_list.test", "id"),
+				),
+			},
+		},
+	})
+}
+
+// Checks if the blocked email is present in Scaleway TEM API
+func isBlockedEmailPresent(tt *acctest.TestTools, n string) resource.TestCheckFunc {
+	return func(state *terraform.State) error {
+		rs, ok := state.RootModule().Resources[n]
+		if !ok {
+			return fmt.Errorf("resource not found: %s", n)
+		}
+
+		api, region, domainID, err := tem.NewAPIWithRegionAndID(tt.Meta, rs.Primary.Attributes["domain_id"])
+		if err != nil {
+			return err
+		}
+
+		blockedEmail := rs.Primary.Attributes["email"]
+
+		blocklists, err := api.ListBlocklists(&temSDK.ListBlocklistsRequest{
+			Region:   scw.Region(region),
+			DomainID: domainID,
+			Email:    scw.StringPtr(blockedEmail),
+		}, scw.WithContext(context.Background()))
+
+		if err != nil {
+			return err
+		}
+
+		if len(blocklists.Blocklists) == 0 {
+			return fmt.Errorf("blocked email %s not found in blocklist", blockedEmail)
+		}
+
+		return nil
+	}
+}
+
+// Checks if the blocked email is properly destroyed
+func isBlockedEmailDestroyed(tt *acctest.TestTools) resource.TestCheckFunc {
+	return func(state *terraform.State) error {
+		for _, rs := range state.RootModule().Resources {
+			if rs.Type != "scaleway_tem_blocked_list" {
+				continue
+			}
+
+			api, region, domainID, err := tem.NewAPIWithRegionAndID(tt.Meta, rs.Primary.Attributes["domain_id"])
+			if err != nil {
+				return err
+			}
+
+			blockedEmail := rs.Primary.Attributes["email"]
+
+			blocklists, err := api.ListBlocklists(&temSDK.ListBlocklistsRequest{
+				Region:   scw.Region(region),
+				DomainID: domainID,
+				Email:    scw.StringPtr(blockedEmail),
+			}, scw.WithContext(context.Background()))
+
+			if err != nil {
+				return err
+			}
+
+			if len(blocklists.Blocklists) > 0 {
+				return fmt.Errorf("blocked email %s still present after deletion", blockedEmail)
+			}
+		}
+
+		return nil
+	}
+}
diff --git a/internal/services/tem/testdata/blocked-list-basic.cassette.yaml b/internal/services/tem/testdata/blocked-list-basic.cassette.yaml
