search

akamai / terraform-provider-akamai

Terraform Akamai provider
https://www.terraform.io/docs/providers/akamai/
Mozilla Public License 2.0
110 stars 97 forks source link

DXE-2496 Advice/suggestion on how to handle network list being deleted from code #405

Closed BAu0002 closed 1 year ago

BAu0002 commented 1 year ago

I'm looking at how to manage network list using terraform

We are looking to create a tfvar that contains a list of network list and their details.

How does terraform manage the situation where a network list is removed from the tfvar?

As far I'm aware, we do not have the authority to delete network lists once it has been activated. Am I right to say that terraform would remove the network list from state file and leave the network list in place?

How do people mange network list removal ?

JPLodineAK commented 1 year ago

Can you supply a sample config.tf showing what you are trying to do?

BAu0002 commented 1 year ago

I'm looking at a way to mange network list fully in terraform.

"networkListDetails": [
    {
      "networkListName": "DummyNetworkList",
      "description": "Dummy network list",
      "networkListType": "IP",
      "listOfAddresses": []
    }
  ]
}
resource "akamai_networklist_network_list" "network_list" {
 for_each    = { for details in var.networkListDetails : details.networkListName => details }
 name        = each.key
 type        = each.value["networkListType"]
 description = each.value["description"]
 list        = each.value["listOfAddresses"]
 mode        = "REPLACE"
}

var.networkListDetails would contain a list of network lists. I ran a test where I removed a networklist from var.networkListDetails, this result in the network list being destroyed from terraform statefile and leave the network list on akamai. This would leave a lot of redundant network list that may or may not contain ip Addresses.

JPLodineAK commented 1 year ago

Thanks for the additional info. Will investigate whether the networklist subprovider is managing these lists correctly. (We should probably not be removing the network list from the local state if the attempt to remove it from the actual configuration fails, since the idea is to have the local state and the config be in sync.)

JPLodineAK commented 1 year ago

Update: the Open API does not currently support destroying network lists. Given this limitation, the provider's action (removing the list from the local state) is the expected behavior.