Open aukevanleeuwen opened 6 days ago
Also: the PUT
seems rather slow, compared to the GET
:
❯ time akamai edgekv show status
----------------------------------
--- EdgeKV already INITIALIZED ---
----------------------------------
AccountStatus ProductionStatus StagingStatus Cpcode DataAccessPolicy
------------- ---------------- ------------- ------- -----------------------------------------------------------
INITIALIZED INITIALIZED INITIALIZED xxxxxxx restrictDataAccess=true, allowNamespacePolicyOverride=false
akamai edgekv show status 0.22s user 0.07s system 21% cpu 1.354 total
❯ time akamai edgekv init
---------------------------------------
--- EdgeKV INITIALIZED successfully ---
---------------------------------------
AccountStatus ProductionStatus StagingStatus Cpcode DataAccessPolicy
------------- ---------------- ------------- ------- ----------------
INITIALIZED INITIALIZED INITIALIZED xxxxxxx N/A
akamai edgekv init 0.28s user 0.13s system 2% cpu 13.921 total
Hi @aukevanleeuwen
Thanks for reporting this issue. We need analyze impact of this change and we will inform you about progress.
BR, Lukasz
Terraform and Akamai Terraform Provider Versions
Affected Resource(s)
Please list the resources as a list, for example:
akamai_edgekv
Terraform Configuration Files
Expected Behavior
I would to have this resource run with the least amount of privileges.
Actual Behavior
Looking at my access denied error messages, but more specifically here: https://github.com/akamai/terraform-provider-akamai/blob/e591db9b56b78954f9825d174fc914ec98d4dd38/pkg/providers/edgeworkers/resource_akamai_edgekv.go#L141-L144 It appears the EdgeWorker Initialize call is always issued. If I'm reading everything correctly that would need quite a bit of permissions. Even write permission on the root group for CP codes for example. I would want to run this 'initialization' manually through some admin CLI credentials perhaps just once, after which it should ideally work with less permissions.
I'm no Golang expert, but looking at the code it should be quite trivial to first query the initialization status (i.e.
client.GetEdgeKVInitializationStatus(ctx)
and depending on that start the initialization or just skip that call all together. By my testing, theclient.GetEdgeKVInitializationStatus(ctx)
needs a lot less permissions.Steps to Reproduce
Please list the steps required to reproduce the issue, for example:
terraform apply
with the above mentioned resource