DXE-3486 network_list_activations not triggering activation after network list change

[szadam0829]

Hi there,

We have an issue with the network lists activation after the network list have been modified. As per company policy, we have to activate the staging and prod network separately, because the teams have to test the changes on staging before we enable them on production. Because of this we usually run terraform -target, first for the network list, this part works fine, the change is applied, and we can see it on the UI, where we can initiate the activations, if we want. But when we run it targeting the activations, nothing happens, terraform reports, that there is no change. We checked the resources' states with terraform state show, and found, that the sync point attribute of the activations is already matching the sync point of the new network list configuration, without applying anything on those resources. It also shows that the network list is ACTIVATED, however we can see on the UI, that it's in MODIFIED state.
If we downgrade the provider to 5.3.0, where the notes property change is not yet suppressed, we can trigger the activation with changing the notes property.

Terraform Version

Terraform v1.6.6

• provider registry.terraform.io/akamai/akamai v5.5.0

Affected Resource(s)

Please list the resources as a list, for example:

• akamai_networklist_activations

Terraform Configuration Files

resource "akamai_networklist_network_list" "blacklist" {
  name        = var.blackilstname
  type        = "IP"
  description = "Synced with current config file."
  list        = local.yaml_logmeinuatips.ipaddresses
  contract_id = var.contractid
  group_id = var.goupid
  mode = "REPLACE"
}

resource "akamai_networklist_activations" "staging_blacklist" {
 network_list_id     = akamai_networklist_network_list.blacklist.network_list_id
 network             = "STAGING"
 sync_point          = akamai_networklist_network_list.blacklist.sync_point
 notes               = "<config version>"
 notification_emails = ["<notification emails>"]
}

resource "akamai_networklist_activations" "prod_blacklist" {
 network_list_id     = akamai_networklist_network_list.blacklist.network_list_id
 network             = "PRODUCTION"
 sync_point          = akamai_networklist_network_list.blacklist.sync_point
 notes               = "<config version>"
 notification_emails = ["<notification emails>"]
}

Debug Output

Please provider a link to a GitHub Gist containing the complete debug output: https://www.terraform.io/docs/internals/debugging.html. Please do NOT paste the debug output in the issue; just paste a link to the Gist.

Panic Output

None

Expected Behavior

The activation should have triggered after the network list have changed. The provider should correctly identify the network list's status as MODIFIED.

Actual Behavior

Nothing happened. Terraform reported, that there was no change to the configuration. The provider shows, that the network list is ACTIVATED, but it's not, we can see the MODIFIED status on the Akamai UI, and have to trigger it from there.

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

1. terraform apply -target akamai_networklist_network_list.blacklist
2. terraform apply -target akamai_networklist_activations.staging_blacklist

[PawelSnoch]

Hi @szadam0829 ,

Thank you for reporting this ticket.
Unfortunately I was unable to reproduce your issue.
I installed the same version:

• Finding latest version of akamai/akamai...
• Installing akamai/akamai v5.5.0...
• Installed akamai/akamai v5.5.0

Then I run:

terraform apply -target akamai_networklist_network_list.blacklist
terraform apply -target akamai_networklist_activations.staging_blacklist
terraform apply -target akamai_networklist_activations.prod_blacklist

The second and the third steps produce valid activation in tfstate file and in UI.

...
akamai_networklist_activations.prod_blacklist: Creation complete after 4m40s [id=4540603]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

Could you please check if I missed anything and provide more details about your configuration or add some logs?

Thanks,
Pawel

[szadam0829]

Hi @PawelSnoch ,
Thanks for your quick investigation!
For the first time it works as expected, when creating the activation resource, it is activating as it should.
But after the initial setup and the first activation, if we change the network list (add or remove IPs), the activation is not triggering.
The exact steps to reproduce:

1. Create a network list
2. Activate it in staging
3. Activate it in prod (until this step there are no issues, like your example)
4. Change something in the network list (add or remove IP)
5. Run terraform apply -target akamai_network_list.blacklist - this will update the network list correctly
6. Try to activate the network list again

terraform apply -target akamai_networklist_activations.staging_blacklist
terraform apply -target akamai_networklist_activations.prod_blacklist

This time terraform shows no changes in the configuration
With provider version 5.3.0, it will trigger the activation only if you change the notes attribute of the activations resources, but since it was suppressed in newer versions, it won't work either.

[PawelSnoch]

Hi @szadam0829,
thanks for your update. It was helpful for me. I was able to reproduce your issue.
We will inform you about any progress.

Thanks,
Pawel