Property rules are not updated, but deleted

Terraform Version

1.6.4

Affected Resource(s)

akamai_property

Terraform Configuration Files

terraform {
  backend "s3" {
    bucket  = "imgarena-terraform-state"
    key     = "streams-distribution-core-infra/terraform.tfstate"
    region  = "eu-west-1"
    profile = "for-terraform"
  }
  required_version = "1.6.4"
  required_providers {
    akamai = {
      source  = "akamai/akamai"
      version = "5.4.0"
    }
  }
provider "akamai" {
  config {
    host          = xxx
    access_token  = xxx
    client_token  = xxx
    client_secret = xxx
}

module "ll_property" {
  source = "./modules/akamai_property"

  for_each = {
    for index, data in local.media_package_origins :
    data.aws_region => data
  }

  property_name = "${local.akamai_env_identifier}-ll-${each.key}"

  akamai_contract_id = jsondecode(data.aws_secretsmanager_secret_version.akamai_api_auth_secret_version.secret_string)["contract_id"]
  akamai_group_id    = jsondecode(data.aws_secretsmanager_secret_version.akamai_api_auth_secret_version.secret_string)["group_id"]

  change_notification_emails = local.akamai_change_notification_emails

  rules = templatefile("./akamai-property-rules.json",
    merge(each.value, local.common_template_params, {
      origin_country = local.aws_region_to_akamai_geographical_region[each.value["aws_region"]],
      origin_servers = local.channel_group_modules[each.value["aws_region"]].origin_servers
    }
  ))

}

variable "rules" {
  type        = string
  description = "Akamai property rules."

  validation {
    condition     = try(jsondecode(var.rules), null) != null
    error_message = "Expecting a json string."
  }
}

resource "akamai_property" "ll_hls" {
  name = var.property_name

  product_id  = "prd_Adaptive_Media_Delivery"
  contract_id = var.akamai_contract_id
  group_id    = var.akamai_group_id

  hostnames {
    cname_from             = akamai_edge_hostname.ll_hls.edge_hostname
    cname_to               = akamai_edge_hostname.ll_hls.edge_hostname
    cert_provisioning_type = "CPS_MANAGED"
  }

  rule_format = "v2023-05-30"
  rules       = var.rules
}

Debug Output

https://gist.github.com/ASarco/59411d5fd76e24b89c85dee97650fb9e (note that the log contains runs of other AWS resources)

Expected Behavior

This TF creates/updates properties for a set of AWS regions (one per region), based on data generated from other resources previously created or updated by the same TF run. I'd expect the current rules to be updated, but they are actually just deleted.

Actual Behavior

The property rules are deleted, instead of being updated.

Fragment of terraform apply output:

  # module.ll_property["us-east-2"].akamai_property.ll_hls will be updated in-place
  ~ resource "akamai_property" "ll_hls" {
        id                 = "prp_957816"
      ~ latest_version     = 17 -> (known after apply)
        name               = "streams-sandbox-ll-us-east-2"
      ~ production_version = 17 -> (known after apply)
      ~ rules              = jsonencode(
            {
              - rules = {
                  - behaviors = [
                      - {
                          - name    = "origin"
                          - options = {
                              - cacheKeyHostname               = "REQUEST_HOST_HEADER"
                              - compress                       = true
                              - customValidCnValues            = [
                                  - "{{Origin Hostname}}",
                                  - "{{Forward Host Header}}",
                                ]

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

terraform apply

Important Factoids

These properties and its rules were created with this same TF scripts.

akamai / terraform-provider-akamai

Property rules are not updated, but deleted #497