terraform-provider-akamai icon indicating copy to clipboard operation
terraform-provider-akamai copied to clipboard

Published 20 hours ago verified publisher icon akamai

Unable to create property - Lock-error: restrictObjectCaching: Unable to edit read-only element

Open Podginator opened this issue 2 years ago • 6 comments

Hello,

I have been attempting to create a Property using the terraform Provider.

When I apply this - I receive the following error:

│ Error: updating rule tree: API error: 
│ {
│ 	"type": "https://problems.luna.akamaiapis.net/papi/v0/property-version/lock-error",
│ 	"title": "Unable to edit read-only element",
│ 	"detail": "Only Akamai representatives can change read-only behaviors, criteria and child rules.",
│ 	"instance": "https://akab-gcp5as64xcrotgpz-akl676oht44bq2ku.luna.akamaiapis.net/papi/v1/properties/prp_805874/versions/1/rules?contractId=ctr_M-28TWRP0\u0026groupId=grp_109985#8494629b72a712f0",
│ 	"statusCode": 403,
│ 	"errors": [
│ 		{
│ 			"removed": [
│ 				{
│ 					"behavior": {
│ 						"name": "restrictObjectCaching",
│ 						"options": {
│ 							"maximumSize": "100MB"
│ 						},
│ 						"uuid": "a3ca1498-8da7-4ef9-b5a2-90a38acaa6dc"
│ 					},
│ 					"location": "#/rules/behaviors/3"
│ 				}
│ 			],

I have attached the Akamai Property TF. I will warn that it has been created using the Terraform CDK, and so is not immediately the most readable thing.

      "testtomcloudstack_testtomcloudcomponents_akamai_squadcdnakamaiproperty_2BAD3E76": {
        "//": {
          "metadata": {
            "path": "test-tomcloud-stack/test-tomcloud-components/akamai/squad-cdn-akamai-property",
            "uniqueId": "testtomcloudstack_testtomcloudcomponents_akamai_squadcdnakamaiproperty_2BAD3E76"
          }
        },
        "contract_id": "_",
        "group_id": "_",
        "hostnames": [
          {
            "cert_provisioning_type": "CPS_MANAGED",
            "cname_from": "test-tomcloud-akamai.blah.com",
            "cname_to": "${akamai_edge_hostname.testtomcloudstack_testtomcloudcomponents_akamai_squadcdnhost_7E6F9083.edge_hostname}"
          }
        ],
        "name": "test-tomcloud-property",
        "product_id": "prd_Obj_Delivery",
        "rule_format": "latest",
        "rules": "{\"rules\":{\"name\":\"default\",\"children\":[{\"name\":\"default-origin\",\"criteriaMustSatisfy\":null,\"criteria\":[],\"behaviors\":[{\"name\":\"origin\",\"options\":{\"forwardHostHeader\":\"REQUEST_HOST_HEADER\",\"cacheKeyHostname\":\"ORIGIN_HOSTNAME\",\"enableTrueClientIp\":true,\"originCertificate\":\"\",\"compress\":true,\"httpPort\":443,\"ports\":\"PLATFORM_SETTINGS\",\"httpsPort\":443,\"originType\":\"CUSTOMER\",\"hostname\":\"https://httpbin.org\",\"trueClientIpHeader\":\"true-client-ip\",\"verificationMode\":\"PLATFORM_SETTINGS\",\"originSni\":true,\"trueClientIpClientSetting\":false}},{\"name\":\"cpCode\",\"options\":{\"id\":\"${akamai_cp_code.testtomcloudstack_testtomcloudcomponents_akamai_squadcdncpCode_25F6EFD7.id}\"}},{\"name\":\"caching\",\"options\":{\"ttl\":\"1d\",\"behaviour\":\"MAX_AGE\",\"mustRevalidate\":false}}]}]}}"
      }
    }
  }

I noticed that in issue 277 that it was recommended to use prd_Object_Delivery instead of prd_Obj_Delivery. Attempting that I get the following issue:

│ Error: creating property: API error: 
│ {
│ 	"type": "https://problems.luna.akamaiapis.net/papi/v0/property/product-does-not-exist",
│ 	"title": "Product not found",
│ 	"detail": "Product `Object_Delivery` not found.",
│ 	"instance": "https://akab-gcp5as64xcrotgpz-akl676oht44bq2ku.luna.akamaiapis.net/papi/v1/properties?contractId=ctr_M-28TWRP0\u0026groupId=grp_109985#a77a629b765f13bd",
│ 	"statusCode": 400
│ }

I was hoping you could provide some more insight on this - or point in the direction of what I might be doing wrong

Podginator avatar Jun 06 '22 21:06 Podginator

Hello @Podginator ,

Thank you for reporting this issue. We have started our investigation on it. I will inform you about updates.

Thanks, Tatiana

Slonimskaia avatar Jun 07 '22 09:06 Slonimskaia

@Podginator the second error indicates, that you don't have an access for the product, which you have used in your configuration for the property :

Error: creating property: API error: 
 {
 	"type": "https://problems.luna.akamaiapis.net/papi/v0/property/product-does-not-exist",
 	"title": "Product not found",
 	"detail": "Product `Object_Delivery` not found.",
 	"instance": "https://akab-gcp5as64xcrotgpz-akl676oht44bq2ku.luna.akamaiapis.net/papi/v1/properties?contractId=ctr_M-28TWRP0\u0026groupId=grp_109985#a77a629b765f13bd",
 	"statusCode": 400
}

You can use the akamai_property_products data source to list the products included on your contract, there is a related documentation https://registry.terraform.io/providers/akamai/akamai/latest/docs/data-sources/property_products . Or you can use an API to check that https://techdocs.akamai.com/property-mgr/reference/get-products

Slonimskaia avatar Jun 07 '22 10:06 Slonimskaia

It was more that this was the proposed solution to the other issue in #277

However, using the API I can see that we do have the Object_Delivery product enabled on the listed group and contract

[
    {
        "productName": "Object Delivery",
        "productId": "Object_Delivery",
        "groups": [
        ```

Podginator avatar Jun 07 '22 13:06 Podginator

Another workaround would be to use Download Delivery instead as a delivery product if that is available on the account. Both delivery products should offer similar caching and performance benefits.

Screen Shot 2022-06-08 at 15 05 44

Object Delivery does indeed have this built-in behavior that cannot be modified or removed and gets created automatically. This behavior distinguishes Object Delivery from Download Delivery. But Download Delivery can cache both under 100MB and over 100MB files.

securitylevelup avatar Jun 08 '22 13:06 securitylevelup

Thanks for that, I will try with Download Delivery

The ruleset that I have given doesn't actually modify the object caching behaviour, I was wondering why I couldn't add rules without overriding the defaults

Podginator avatar Jun 08 '22 13:06 Podginator

Hello @Podginator,

Is this issue still valid?

Thanks, Tatiana

Slonimskaia avatar Jul 14 '22 14:07 Slonimskaia

Hi @Slonimskaia ,

I'm experiencing the same issue.

We are using prod_Obj_Delivery, when trying to use prod_Object_Delivery we get an error saying that we don't have that product.

And the property creation fails because the uuid changes and does not allow us to create the property.

How is the resolution process in akamai side going? Is anyone working in a solution that effectively allows people use terraform?

We are using the last version of the terraform provider (5.2.0)

Cheers,

GerardSoleCa avatar Sep 15 '23 13:09 GerardSoleCa

Hello @GerardSoleCa, Terraform during creating property checks if product_id in state has prd_ prefix and if it does not have it, it will add to product_id. Please not that prod_ is not supported by Terraform and it only checks and adds prd_ prefix.

As both GH issues with your comment are closed, please open new issue and add configuration and var file which will allows use to perform further investigation .

Regards, Michał

mimazaka avatar Sep 19 '23 08:09 mimazaka