[DXE-3803] I need to remove akamai_property_activation from Akamai export-property
isss802 opened this issue · comments
Perhaps Property activation has been managed since v1.12.0.
https://github.com/akamai/cli-terraform/releases/tag/v1.12.0
This change caused an incident.
The Property was Deactivated when it was accidentally commented out, causing a communication impact.
Terraform is only a configuration change tool, and the timing of Staging and Production changes are managed separately via CLI or other means.
Whether or not to do akamai_property_activation in Terraform should be done at a different time from the configuration change, and akamai_property_activation should not be enabled by default.
Please consider adding a setting to exclude akamai_property_activation in the akamai terraform export-property command options.
Unnecessary import
cat import.sh
terraform import akamai_property_activation.staging prp_:STAGING
terraform import akamai_property_activation.production prp_:PRODUCTION
Making it controlled makes accidents more likely to occur.
cat propery.tf
resource "akamai_property_activation" "test-edgesuite-net-staging" {
property_id = akamai_property.test-edgesuite-net.id
contact = ["jsmith@akamai.com"]
version = var.activate_latest_on_staging ? akamai_property.test-edgesuite-net.latest_version : akamai_property.test-edgesuite-net.staging_version
network = "STAGING"
auto_acknowledge_rule_warnings = false
Hello @isss802
Thank you for opening the issue. The property activation resource is being exported for a long time. Within the 1.12.0 we introduced a way to easier activate latest version on production/staging.
There are two ways that may help you with the issue that you faced. While keeping whole configuration (with activation resource):
- using of newly added
activate_latest_on_stagingandactivate_latest_on_productionvariables. As long as the variable value isfalse, the latest version will not be activated. - using target option that Terraform natively supports
Hope that helps,
Best regards,
Wojciech
Hello @wzagrajcz san
Thank you for your reply.
I would like to be further informed on this issue.
I would like to make the decision based on the values of activate_latest_on_staging and activate_latest_on_production.
Are these values false by default when exported?
variable "activate_latest_on_staging" {
type = bool
default = false
}
variable "activate_latest_on_production" {
type = bool
default = false
}
Regards,
Hiroyuki Sato
The activate_latest_on_staging and activate_latest_on_production are exported as false to avoid activating latest version by accident on staging/production.
I'm not sure if I got your response so let me clarify that: the usage of activate_latest_on_... is a satisfactory solution for you or do you prefer for us to consider adding some option for cli-terraform to not export property activation resources?
Best regards,
Wojciech
Ideally I would like to omit the import of akamai_property_activation itself and the Terraform settings from Export.
This is because the after-the-fact happened when I inadvertently deleted the settings.
But for now, the response to set activate_latest_on_staging and activate_latest_on_production to false is sufficient.
What I am concerned about is that this setting may be true on Export.
I am concerned that the set value will be true for the following items.
If activate_latest_on_staging and activate_latest_on_production are True on Export, a posteriori may occur, so this value should be changed from false to true when necessary.
Thank you for this ask. Because you or other users could do any number of things with the return, creating and supporting a flag for each of those becomes unmanageable.