Extend email plugin settings api

api/proto/teleport/legacy/types/types.proto

@@ -6236,6 +6236,8 @@ message PluginSpecV1 {
     PluginDatadogAccessSettings datadog = 15;
     // PluginAWSICSettings holds settings for AWSICSettings
     PluginAWSICSettings aws_ic = 16;
+    // Settings for the Email Access Request plugin
+    PluginEmailSettings email = 17;
   }
 
   // generation contains a unique ID that should:
@@ -6576,6 +6578,63 @@ message AWSICProvisioningSpec {
   string bearer_token = 2;
 }
 
+// PluginEmailSettings holds the settings for an Email Access Request plugin.
+message PluginEmailSettings {
+  option (gogoproto.equal) = true;
+
+  // Sender specifies the email sender.
+  string sender = 1;
+  // FallbackRecipient specifies the default recipient.
+  string fallback_recipient = 2;
+
+  // Spec configures the mail service settings.
+  oneof spec {
+    // MailgunSpec configures Mailgun service settings.
+    MailgunSpec mailgun_spec = 3;
+    // SmtpSpec configures generic SMTP service settings.
+    SMTPSpec smtp_spec = 4;
+  }
+}
+
+// MailgunSpec holds Mailgun-specific settings.
+message MailgunSpec {
+  option (gogoproto.equal) = true;
+
+  // Domain specifies the Mailgun sending domain.
+  string domain = 1;
+}
+
+// SMTPSpec holds a generic SMTP service specific settings.
+message SMTPSpec {
+  option (gogoproto.equal) = true;
+
+  // Host specifies the SMTP service host name.
+  string host = 1;
+  // Port specifies the SMTP service port number.
+  int32 port = 2;
+  // StartTLSPolicy specifies the SMTP start TLS policy used to send emails over
+  // SMTP.
+  SMTPStartTLSPolicy start_tls_policy = 3;
+}
+
+// SMTPStartTLSPolicy defines the start TLS policy used to communicate with the
+// SMTP service.
+enum SMTPStartTLSPolicy {
+  // SMTP_MANDATORY_START_TLS means that SMTP transactions must be encrypted.
+  // SMTP transactions are aborted unless STARTTLS is supported by the
+  // SMTP server. Recommended for all modern SMTP servers.
+  SMTP_MANDATORY_START_TLS = 0;
+
+  // SMTP_OPPORTUNISTIC_START_TLS means that SMTP transactions are encrypted if
+  // STARTTLS is supported by the SMTP server. Otherwise, messages are
+  // sent in the clear.
+  SMTP_OPPORTUNISTIC_START_TLS = 1;
+
+  // SMTP_NO_START_TLS means encryption is disabled and messages are sent in the
+  // clear.
+  SMTP_NO_START_TLS = 2;
+}
+
 message PluginBootstrapCredentialsV1 {
   oneof credentials {
     PluginOAuth2AuthorizationCodeCredentials oauth2_authorization_code = 1;

api/types/plugin.go

@@ -43,6 +43,7 @@ var AllPluginTypes = []PluginType{
 	PluginTypeSCIM,
 	PluginTypeDatadog,
 	PluginTypeAWSIdentityCenter,
+	PluginTypeEmail,
 }
 
 const (
@@ -78,6 +79,8 @@ const (
 	PluginTypeDatadog = "datadog"
 	// PluginTypeAWSIdentityCenter indicates AWS Identity Center plugin
 	PluginTypeAWSIdentityCenter = "aws-identity-center"
+	// PluginTypeEmail indicates an Email Access Request plugin
+	PluginTypeEmail = "email"
 )
 
 // PluginSubkind represents the type of the plugin, e.g., access request, MDM etc.
@@ -356,6 +359,20 @@ func (p *PluginV1) CheckAndSetDefaults() error {
 		if err := settings.AwsIc.CheckAndSetDefaults(); err != nil {
 			return trace.Wrap(err)
 		}
+	case *PluginSpecV1_Email:
+		if settings.Email == nil {
+			return trace.BadParameter("missing Email settings")
+		}
+		if err := settings.Email.CheckAndSetDefaults(); err != nil {
+			return trace.Wrap(err)
+		}
+		staticCreds := p.Credentials.GetStaticCredentialsRef()
+		if staticCreds == nil {
+			return trace.BadParameter("Email plugin must be used with the static credentials ref type")
+		}
+		if len(staticCreds.Labels) == 0 {
+			return trace.BadParameter("labels must be specified")
+		}
 	default:
 		return nil
 	}
@@ -522,6 +539,8 @@ func (p *PluginV1) GetType() PluginType {
 		return PluginTypeDatadog
 	case *PluginSpecV1_AwsIc:
 		return PluginTypeAWSIdentityCenter
+	case *PluginSpecV1_Email:
+		return PluginTypeEmail
 	default:
 		return PluginTypeUnknown
 	}
@@ -740,6 +759,52 @@ func (c *AWSICProvisioningSpec) CheckAndSetDefaults() error {
 	return nil
 }
 
+func (c *PluginEmailSettings) CheckAndSetDefaults() error {
+	if c.Sender == "" {
+		return trace.BadParameter("sender must be set")
+	}
+	if c.FallbackRecipient == "" {
+		return trace.BadParameter("fallback_recipient must be set")
+	}
+
+	switch spec := c.GetSpec().(type) {
+	case *PluginEmailSettings_MailgunSpec:
+		if c.GetMailgunSpec() == nil {
+			return trace.BadParameter("missing Mailgun Spec")
+		}
+		if err := c.GetMailgunSpec().CheckAndSetDefaults(); err != nil {
+			return trace.Wrap(err)
+		}
+	case *PluginEmailSettings_SmtpSpec:
+		if c.GetSmtpSpec() == nil {
+			return trace.BadParameter("missing SMTP Spec")
+		}
+		if err := c.GetSmtpSpec().CheckAndSetDefaults(); err != nil {
+			return trace.Wrap(err)
+		}
+	default:
+		return trace.BadParameter("unknown email spec: %T", spec)
+	}
+	return nil
+}
+
+func (c *MailgunSpec) CheckAndSetDefaults() error {
+	if c.Domain == "" {
+		return trace.BadParameter("domain must be set")
+	}
+	return nil
+}
+
+func (c *SMTPSpec) CheckAndSetDefaults() error {
+	if c.Host == "" {
+		return trace.BadParameter("host must be set")
+	}
+	if c.Port == 0 {
+		return trace.BadParameter("port must be set")
+	}
+	return nil
+}
+
 // GetCode returns the status code
 func (c PluginStatusV1) GetCode() PluginStatusCode {
 	return c.Code