[DXE-3803] I need to remove akamai_property_activation from Akamai export-property

[isss802]

Perhaps Property activation has been managed since v1.12.0. https://github.com/akamai/cli-terraform/releases/tag/v1.12.0

This change caused an incident. The Property was Deactivated when it was accidentally commented out, causing a communication impact.

Terraform is only a configuration change tool, and the timing of Staging and Production changes are managed separately via CLI or other means.

Whether or not to do akamai_property_activation in Terraform should be done at a different time from the configuration change, and akamai_property_activation should not be enabled by default.

Please consider adding a setting to exclude akamai_property_activation in the akamai terraform export-property command options.

Unnecessary import

cat import.sh
terraform import akamai_property_activation.staging prp_:STAGING
terraform import akamai_property_activation.production prp_:PRODUCTION

Making it controlled makes accidents more likely to occur.

cat propery.tf
resource "akamai_property_activation" "test-edgesuite-net-staging" {
  property_id                    = akamai_property.test-edgesuite-net.id
  contact                        = ["jsmith@akamai.com"]
  version                        = var.activate_latest_on_staging ? akamai_property.test-edgesuite-net.latest_version : akamai_property.test-edgesuite-net.staging_version
  network                        = "STAGING"
  auto_acknowledge_rule_warnings = false

[wzagrajcz]

Hello @isss802 Thank you for opening the issue. The property activation resource is being exported for a long time. Within the 1.12.0 we introduced a way to easier activate latest version on production/staging.

There are two ways that may help you with the issue that you faced. While keeping whole configuration (with activation resource):

• using of newly added activate_latest_on_staging and activate_latest_on_production variables. As long as the variable value is false, the latest version will not be activated.
• using target option that Terraform natively supports

Hope that helps, Best regards,

Wojciech

[isss802]

Hello @wzagrajcz san

Thank you for your reply.

I would like to be further informed on this issue.

I would like to make the decision based on the values of activate_latest_on_staging and activate_latest_on_production.

Are these values false by default when exported?

variable "activate_latest_on_staging" {
  type    = bool
  default = false
}

variable "activate_latest_on_production" {
  type    = bool
  default = false
}

Regards, Hiroyuki Sato

[wzagrajcz]

The activate_latest_on_staging and activate_latest_on_production are exported as false to avoid activating latest version by accident on staging/production.

I'm not sure if I got your response so let me clarify that: the usage of activate_latest_on_... is a satisfactory solution for you or do you prefer for us to consider adding some option for cli-terraform to not export property activation resources?

Best regards, Wojciech

[isss802]

Ideally I would like to omit the import of akamai_property_activation itself and the Terraform settings from Export.

This is because the after-the-fact happened when I inadvertently deleted the settings.

But for now, the response to set activate_latest_on_staging and activate_latest_on_production to false is sufficient.

What I am concerned about is that this setting may be true on Export.

I am concerned that the set value will be true for the following items.

https://github.com/akamai/cli-terraform/blob/4d2579059f344bb26db5f49860edd675a222280b/pkg/providers/papi/templates/variables.tmpl#L24

If activate_latest_on_staging and activate_latest_on_production are True on Export, a posteriori may occur, so this value should be changed from false to true when necessary.

[lkowalsk-akamai-com]

Thank you for this ask. Because you or other users could do any number of things with the return, creating and supporting a flag for each of those becomes unmanageable.