Email Verification - Not Suitable for Terraform

[Trozz]

Analysis: Email Verification Triggers

Summary

Email verification triggers are not recommended for Terraform implementation.

Reasoning

1. One-Time Action: Email verification is a workflow/action, not a manageable resource
2. No State Management: There's no resource state to track - emails are sent and done
3. Side Effects: Sending emails is a side effect that shouldn't happen during terraform plan
4. Not Idempotent: Re-running Terraform would resend verification emails, which is undesirable

Terraform Principles Violated

• Declarative vs Imperative: Terraform declares desired state, it doesn't trigger actions
• Idempotency: Resources should be safely re-applied without side effects
• State Management: Resources must have state that can be created, read, updated, and deleted

Correct Pattern

Email verification should be triggered through:

1. The application's normal user registration flow
2. API calls in provisioning scripts
3. User self-service through the UI
4. Automated workflows outside of Terraform

Example Alternative

If automation is needed, use a provisioning script:

# After creating user with Terraform
terraform apply

# Then trigger verification via API
curl -X POST https://pocketid.example.com/api/users/${USER_ID}/send-verification \
  -H "Authorization: Bearer ${API_TOKEN}"

Recommendation

• This is an application workflow, not infrastructure
• Document that verification emails are sent automatically during user creation (if enabled)
• Provide examples of using the API for automation needs

Conclusion

This feature should not be implemented in the Terraform provider as it represents an action/workflow rather than a manageable resource.