DXE-4326 akamai_edgekv resource always issues a `PUT /edgekv/v1/initialize`

[aukevanleeuwen]

Terraform and Akamai Terraform Provider Versions

❯ terraform -v
Terraform v1.9.4
on darwin_arm64
+ provider registry.terraform.io/akamai/akamai v6.5.0
+ provider registry.terraform.io/hashicorp/aws v5.72.1

Affected Resource(s)

Please list the resources as a list, for example:

• akamai_edgekv

Terraform Configuration Files

resource "akamai_edgekv" "edgekv-staging" {
  count = var.orchestrated == null ? 0 : 1

  # EdgeKV for the staging network can only be US
  geo_location         = "US"
  group_id             = var.orchestrated.group_id
  namespace_name       = var.orchestrated.edgekv.config_namespace
  network              = "staging"
  retention_in_seconds = 0 # Infinite
}

Expected Behavior

I would to have this resource run with the least amount of privileges.

Actual Behavior

Looking at my access denied error messages, but more specifically here: https://github.com/akamai/terraform-provider-akamai/blob/e591db9b56b78954f9825d174fc914ec98d4dd38/pkg/providers/edgeworkers/resource_akamai_edgekv.go#L141-L144 It appears the EdgeWorker Initialize call is always issued. If I'm reading everything correctly that would need quite a bit of permissions. Even write permission on the root group for CP codes for example. I would want to run this 'initialization' manually through some admin CLI credentials perhaps just once, after which it should ideally work with less permissions.

I'm no Golang expert, but looking at the code it should be quite trivial to first query the initialization status (i.e. client.GetEdgeKVInitializationStatus(ctx) and depending on that start the initialization or just skip that call all together. By my testing, the client.GetEdgeKVInitializationStatus(ctx) needs a lot less permissions.

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

1. terraform apply with the above mentioned resource