DXE-4326 akamai_edgekv resource always issues a PUT /edgekv/v1/initialize

[aukevanleeuwen]

Terraform and Akamai Terraform Provider Versions

❯ terraform -v
Terraform v1.9.4
on darwin_arm64
+ provider registry.terraform.io/akamai/akamai v6.5.0
+ provider registry.terraform.io/hashicorp/aws v5.72.1

Affected Resource(s)

Please list the resources as a list, for example:

• akamai_edgekv

Terraform Configuration Files

resource "akamai_edgekv" "edgekv-staging" {
  count = var.orchestrated == null ? 0 : 1

  # EdgeKV for the staging network can only be US
  geo_location         = "US"
  group_id             = var.orchestrated.group_id
  namespace_name       = var.orchestrated.edgekv.config_namespace
  network              = "staging"
  retention_in_seconds = 0 # Infinite
}

Expected Behavior

I would to have this resource run with the least amount of privileges.

Actual Behavior

Looking at my access denied error messages, but more specifically here:

terraform-provider-akamai/pkg/providers/edgeworkers/resource_akamai_edgekv.go

Lines 141 to 144 in e591db9

	// initialize edgekv
	logger.Debugf("Initializing EdgeKV...")
	initStart := time.Now()
	initStatus, err := client.InitializeEdgeKV(ctx)

It appears the EdgeWorker Initialize call is always issued. If I'm reading everything correctly that would need quite a bit of permissions. Even write permission on the root group for CP codes for example. I would want to run this 'initialization' manually through some admin CLI credentials perhaps just once, after which it should ideally work with less permissions.

I'm no Golang expert, but looking at the code it should be quite trivial to first query the initialization status (i.e. client.GetEdgeKVInitializationStatus(ctx) and depending on that start the initialization or just skip that call all together. By my testing, the client.GetEdgeKVInitializationStatus(ctx) needs a lot less permissions.

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

1. terraform apply with the above mentioned resource

[aukevanleeuwen]

Also: the PUT seems rather slow, compared to the GET:

❯ time akamai edgekv show status
----------------------------------
--- EdgeKV already INITIALIZED ---
----------------------------------
AccountStatus  ProductionStatus  StagingStatus  Cpcode   DataAccessPolicy
-------------  ----------------  -------------  -------  -----------------------------------------------------------
INITIALIZED    INITIALIZED       INITIALIZED    xxxxxxx  restrictDataAccess=true, allowNamespacePolicyOverride=false

akamai edgekv show status  0.22s user 0.07s system 21% cpu 1.354 total

❯ time akamai edgekv init
---------------------------------------
--- EdgeKV INITIALIZED successfully ---
---------------------------------------
AccountStatus  ProductionStatus  StagingStatus  Cpcode   DataAccessPolicy
-------------  ----------------  -------------  -------  ----------------
INITIALIZED    INITIALIZED       INITIALIZED    xxxxxxx  N/A

akamai edgekv init  0.28s user 0.13s system 2% cpu 13.921 total

[lsadlon]

Hi @aukevanleeuwen

Thanks for reporting this issue. We need analyze impact of this change and we will inform you about progress.

BR,
Lukasz

[lkowalsk-akamai-com]

Hi @aukevanleeuwen this issue has been addressed in recent release.