From 5e696f36bf8762da59583e85cb2ad4647417bca2 Mon Sep 17 00:00:00 2001
From: Jasmine Schladen <jschladen@netflix.com>
Date: Wed, 28 Oct 2020 16:34:31 -0700
Subject: [PATCH 1/3] Add ability to override SourceArnn for SES

---
 docs/administration.rst             | 10 ++++++++++
 lemur/plugins/lemur_email/plugin.py | 18 +++++++++++-------
 2 files changed, 21 insertions(+), 7 deletions(-)

diff --git a/docs/administration.rst b/docs/administration.rst
index 724b136f..a1eba56e 100644
--- a/docs/administration.rst
+++ b/docs/administration.rst
@@ -285,6 +285,16 @@ Lemur supports sending certificate expiration notifications through SES and SMTP
         you can send any mail. See: `Verifying Email Address in Amazon SES <http://docs.aws.amazon.com/ses/latest/DeveloperGuide/verify-email-addresses.html>`_
 
 
+.. data:: LEMUR_SES_SOURCE_ARN
+    :noindex:
+
+    Specifies an ARN to use as the SourceArn when sending emails via SES.
+
+    .. note::
+        This parameter is only required if you're using a sending authorization with SES.
+        See: `Using sending authorization with Amazon SES <https://docs.aws.amazon.com/ses/latest/DeveloperGuide/sending-authorization.html>`_
+
+
 .. data:: LEMUR_EMAIL
     :noindex:
 
diff --git a/lemur/plugins/lemur_email/plugin.py b/lemur/plugins/lemur_email/plugin.py
index 5b9c188e..39e76932 100644
--- a/lemur/plugins/lemur_email/plugin.py
+++ b/lemur/plugins/lemur_email/plugin.py
@@ -38,7 +38,7 @@ def render_html(template_name, options, certificates):
 
 def send_via_smtp(subject, body, targets):
     """
-    Attempts to deliver email notification via SES service.
+    Attempts to deliver email notification via SMTP.
 
     :param subject:
     :param body:
@@ -55,21 +55,25 @@ def send_via_smtp(subject, body, targets):
 
 def send_via_ses(subject, body, targets):
     """
-    Attempts to deliver email notification via SMTP.
+    Attempts to deliver email notification via SES service.
     :param subject:
     :param body:
     :param targets:
     :return:
     """
     client = boto3.client("ses", region_name="us-east-1")
-    client.send_email(
-        Source=current_app.config.get("LEMUR_EMAIL"),
-        Destination={"ToAddresses": targets},
-        Message={
+    source_arn = current_app.config.get("LEMUR_SES_SOURCE_ARN")
+    args = {
+        "Source": current_app.config.get("LEMUR_EMAIL"),
+        "Destination": {"ToAddresses": targets},
+        "Message": {
             "Subject": {"Data": subject, "Charset": "UTF-8"},
             "Body": {"Html": {"Data": body, "Charset": "UTF-8"}},
         },
-    )
+    }
+    if source_arn:
+        args["SourceArn"] = source_arn
+    client.send_email(**args)
 
 
 class EmailNotificationPlugin(ExpirationNotificationPlugin):

From 3e492e6310496e26c85ca1d42223b3e59c89322c Mon Sep 17 00:00:00 2001
From: Jasmine Schladen <jschladen@netflix.com>
Date: Wed, 28 Oct 2020 17:09:54 -0700
Subject: [PATCH 2/3] Add ability to override SES region

---
 docs/administration.rst             | 9 +++++++++
 lemur/plugins/lemur_email/plugin.py | 5 ++++-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/docs/administration.rst b/docs/administration.rst
index a1eba56e..7e94a4db 100644
--- a/docs/administration.rst
+++ b/docs/administration.rst
@@ -295,6 +295,15 @@ Lemur supports sending certificate expiration notifications through SES and SMTP
         See: `Using sending authorization with Amazon SES <https://docs.aws.amazon.com/ses/latest/DeveloperGuide/sending-authorization.html>`_
 
 
+.. data:: LEMUR_SES_REGION
+    :noindex:
+
+    Specifies a region for sending emails via SES.
+
+    .. note::
+        This parameter defaults to us-east-1 and is only required if you wish to use a different region.
+
+
 .. data:: LEMUR_EMAIL
     :noindex:
 
diff --git a/lemur/plugins/lemur_email/plugin.py b/lemur/plugins/lemur_email/plugin.py
index 39e76932..a9e35d16 100644
--- a/lemur/plugins/lemur_email/plugin.py
+++ b/lemur/plugins/lemur_email/plugin.py
@@ -61,7 +61,10 @@ def send_via_ses(subject, body, targets):
     :param targets:
     :return:
     """
-    client = boto3.client("ses", region_name="us-east-1")
+    ses_region = current_app.config.get("LEMUR_SES_REGION")
+    if not ses_region:
+        ses_region = "us-east-1"
+    client = boto3.client("ses", region_name=ses_region)
     source_arn = current_app.config.get("LEMUR_SES_SOURCE_ARN")
     args = {
         "Source": current_app.config.get("LEMUR_EMAIL"),

From 45cc9528d28416155197d72653996236c8843180 Mon Sep 17 00:00:00 2001
From: Jasmine Schladen <jschladen@netflix.com>
Date: Thu, 29 Oct 2020 13:48:43 -0700
Subject: [PATCH 3/3] Cleaner syntax for default region

---
 lemur/plugins/lemur_email/plugin.py | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/lemur/plugins/lemur_email/plugin.py b/lemur/plugins/lemur_email/plugin.py
index a9e35d16..f380c82e 100644
--- a/lemur/plugins/lemur_email/plugin.py
+++ b/lemur/plugins/lemur_email/plugin.py
@@ -61,9 +61,7 @@ def send_via_ses(subject, body, targets):
     :param targets:
     :return:
     """
-    ses_region = current_app.config.get("LEMUR_SES_REGION")
-    if not ses_region:
-        ses_region = "us-east-1"
+    ses_region = current_app.config.get("LEMUR_SES_REGION", "us-east-1")
     client = boto3.client("ses", region_name=ses_region)
     source_arn = current_app.config.get("LEMUR_SES_SOURCE_ARN")
     args = {