DXE-5849 Merge pull request #99 from akamai/release/v2.6.0

Release/v2.6.0

Author: mimazaka

CHANGELOG.md

@@ -1,5 +1,28 @@
 # RELEASE NOTES
 
+## 2.6.0 (Nov 13, 2025)
+
+#### FEATURES/ENHANCEMENTS:
+
+* Cloud Certificates (Beta)
+  * Added the `export-cloudcertificate` command that generates the configuration for the
+    `akamai_cloudcertificates_certificate` and `akamai_cloudcertificates_upload_signed_certificate` resources.
+
+* PAPI Domain Ownership Validation (Beta)
+    * Added support for exporting the `akamai_property_domainownership_validation` and `akamai_property_domainownership_domains` resources
+      for specified domains and optionally validation scopes using the `export-domainownership` command.
+      If a domain is not validated, it is exported as commented out in the `akamai_property_domainownership_validation` resource.
+
+* PAPI
+  * Modified the `export-property` command to generate `CCM` specific information for hostnames in the `akamai_property` resource.
+    Additionally, for `CCM` related hostnames, the `akamai_edge_hostname` resource is not generated.
+  * Added support for the new rule format `v2025-10-16`.
+
+#### BUG FIXES:
+
+* AppSec
+  * Fixed an export of the `akamai_appsec_ip_geo` resource for the `asn_controls`, `geo_controls`, and `ip_controls` fields, which wasn't working correctly since Akamai Terraform 9.0.0.
+
 ## 2.5.0 (Oct 15, 2025)
 
 #### FEATURES/ENHANCEMENTS:

README.md

@@ -148,10 +148,12 @@ Global Flags:
   <li><a href="#exportappsec">export-appsec</a></li>
   <li><a href="#exportclientlist">export-clientlist</a></li>
   <li><a href="#export-cloudaccess">export-cloudaccess</a></li>
+  <li><a href="#export-cloudcertificate">export-cloudcertificate</a></li>
   <li><a href="#exportcloudlets-policy">export-cloudlets-policy</a></li>
   <li><a href="#exportcloudwrapper">export-cloudwrapper</a></li>
   <li><a href="#exportcps">export-cps</a></li>
   <li><a href="#exportdomain">export-domain</a></li>
+  <li><a href="#exportdomainownership">export-domainownership</a></li>
   <li><a href="#exportedgekv">export-edgekv</a></li>
   <li><a href="#exportedgeworker">export-edgeworker</a></li>
   <li><a href="#exportiam">export-iam</a></li>
@@ -280,6 +282,27 @@ akamai terraform export-cloudaccess 98765
     </tbody>
 </table>
 
+## export-cloudcertificate
+
+Export a Terraform configuration for your cloud certificate.
+
+> **Note:**
+>
+> If the certificate is in the `READY_FOR_USE` or `ACTIVE` status, the `akamai_cloudcertificates_upload_signed_certificate` resource will also be included in your configuration. 
+> If the certificate is in the `CSR_READY` status, the `akamai_cloudcertificates_upload_signed_certificate` resource will be generated but commented out.
+
+### Syntax
+
+```shell
+akamai [global flags] terraform export-cloudcertificate [command flags] <cloud_certificate_name>
+```
+
+### Basic usage
+
+```shell
+akamai terraform export-cloudcertificate "my-cloudcertificate"
+```
+
 ## export‑cloudlets-policy
 
 Export a Terraform configuration for your cloudlet policy.
@@ -346,6 +369,29 @@ akamai [global flags] terraform export-domain [command flags] <domain>
 akamai terraform export-domain "my-domain"
 ```
 
+## export‑domainownership
+
+Export a Terraform configuration for your domain ownership.
+
+> **Notes:**
+> - Each domain with a validation scope must exist as an `FQDN` for the export to succeed.
+> - If a domain doesn't have a validation scope, it should match only one type: `HOST`, `DOMAIN`, or `WILDCARD`.
+> - Domains with a domain status other than `VALIDATED` are exported as commented out for the `akamai_property_domainownership_validation` resource.
+> - You can export up to 1000 domains at once.
+> - The names of the exported Terraform resources are taken from the first domain in the list. If that domain contains invalid characters, these characters are replaced with underscores in the resources’ names.
+
+### Syntax
+
+```shell
+akamai [global flags] terraform export-domainownership [command flags] <domain_name>[:validation_scope][,<domain_name>[:validation_scope]...]
+```
+
+### Basic usage
+
+```shell
+akamai terraform export-domainownership "my-domain:HOST,another-domain"
+```
+
 ## export‑edgekv
 
 Export a Terraform configuration for your namespace and network's EdgeKV.
@@ -496,6 +542,7 @@ Export a Terraform configuration for your property along with its JSON-formatted
 >
 > - Certain export conditions require the use of a particular property rule format. Verify whether your rule format matches the use case requirement and [update your rule format](https://techdocs.akamai.com/terraform/docs/set-up-property-provisioning#update-rule-format) as needed.
 > - If the property you're exporting hasn't been activated on any networks, staging or production, the `akamai_property_activation` resource will still be included in your configuration but commented out. This is to avoid accidental activation. To activate the property, uncomment the `akamai_property_activation` resource and run `terraform apply`.
+> - The `akamai_edge_hostname` resource isn't generated for `CCM` related hostnames.
 
 ### Syntax
 

cli.json

@@ -5,7 +5,7 @@
   "commands": [
     {
       "name": "terraform",
-      "version": "2.5.0",
+      "version": "2.6.0",
       "description": "Export selected resources for faster adoption in Terraform",
       "bin": "https://github.com/akamai/cli-terraform/releases/download/v{{.Version}}/akamai-{{.Name}}-{{.Version}}-{{.OS}}{{.Arch}}{{.BinSuffix}}",
       "auto-complete": true,

cli/cli.go

@@ -17,7 +17,7 @@ import (
 
 var (
 	// Version holds current version of cli-terraform
-	Version = "2.5.0"
+	Version = "2.6.0"
 )
 
 // Run initializes the cli and runs it

go.mod

@@ -3,7 +3,7 @@ module github.com/akamai/cli-terraform/v2
 go 1.23.6
 
 require (
-	github.com/akamai/AkamaiOPEN-edgegrid-golang/v12 v12.1.0
+	github.com/akamai/AkamaiOPEN-edgegrid-golang/v12 v12.2.0
 	github.com/akamai/cli/v2 v2.0.2
 	github.com/fatih/color v1.18.0
 	github.com/hashicorp/hcl/v2 v2.23.0

go.sum

@@ -6,8 +6,8 @@ github.com/Netflix/go-expect v0.0.0-20220104043353-73e0943537d2 h1:+vx7roKuyA63n
 github.com/Netflix/go-expect v0.0.0-20220104043353-73e0943537d2/go.mod h1:HBCaDeC1lPdgDeDbhX8XFpy1jqjK0IBG8W5K+xYqA0w=
 github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo=
 github.com/agext/levenshtein v1.2.3/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558=
-github.com/akamai/AkamaiOPEN-edgegrid-golang/v12 v12.1.0 h1:feVgyeLunm1eepTK9urvVpyhXCgEuSnfUxyYfMCtD0g=
-github.com/akamai/AkamaiOPEN-edgegrid-golang/v12 v12.1.0/go.mod h1:Bf6hnZkloZnfL4I/gFGnMMMdMHiu/ERnSOWtFgnodDk=
+github.com/akamai/AkamaiOPEN-edgegrid-golang/v12 v12.2.0 h1:nDx/0X2EkxwCGN/W9o+a6LcUrTRaDFFJ+7wxMoh4+lU=
+github.com/akamai/AkamaiOPEN-edgegrid-golang/v12 v12.2.0/go.mod h1:Bf6hnZkloZnfL4I/gFGnMMMdMHiu/ERnSOWtFgnodDk=
 github.com/akamai/cli/v2 v2.0.2 h1:gqjVTqN5lp3t5RjVVl+q7u+aW8YOZ4/kIYG0bg6Xhy8=
 github.com/akamai/cli/v2 v2.0.2/go.mod h1:5tLoIp57aX21plVEcI0TeYz6C54ek6zlPnIHhfe1YRk=
 github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew1u1fNQOlOtuGxQY=

pkg/commands/commands.go

@@ -6,10 +6,12 @@ import (
 	"github.com/akamai/cli-terraform/v2/pkg/providers/appsec"
 	"github.com/akamai/cli-terraform/v2/pkg/providers/clientlists"
 	"github.com/akamai/cli-terraform/v2/pkg/providers/cloudaccess"
+	"github.com/akamai/cli-terraform/v2/pkg/providers/cloudcertificates"
 	"github.com/akamai/cli-terraform/v2/pkg/providers/cloudlets"
 	"github.com/akamai/cli-terraform/v2/pkg/providers/cloudwrapper"
 	"github.com/akamai/cli-terraform/v2/pkg/providers/cps"
 	"github.com/akamai/cli-terraform/v2/pkg/providers/dns"
+	"github.com/akamai/cli-terraform/v2/pkg/providers/domainownership"
 	"github.com/akamai/cli-terraform/v2/pkg/providers/edgeworkers"
 	"github.com/akamai/cli-terraform/v2/pkg/providers/gtm"
 	"github.com/akamai/cli-terraform/v2/pkg/providers/iam"
@@ -104,6 +106,21 @@ func CommandLocator() []*cli.Command {
 			},
 			BashComplete: autocomplete.Default,
 		},
+		{
+			Name:        "export-cloudcertificate",
+			Description: "Generates Terraform configuration for CCM (Cloud Certificate Manager) resources.",
+			Usage:       "export-cloudcertificate",
+			ArgsUsage:   "<certificate_name>",
+			Action:      validatedAction(cloudcertificates.CmdCreateCloudCertificate, requireValidWorkpath, requireNArguments(1)),
+			Flags: []cli.Flag{
+				&cli.StringFlag{
+					Name:        "tfworkpath",
+					Usage:       "Directory used to store files created when running commands.",
+					DefaultText: "current directory",
+				},
+			},
+			BashComplete: autocomplete.Default,
+		},
 		{
 			Name:        "export-cloudlets-policy",
 			Description: "Generates Terraform configuration for Cloudlets Policy resources.",
@@ -164,6 +181,22 @@ func CommandLocator() []*cli.Command {
 			},
 			BashComplete: autocomplete.Default,
 		},
+		{
+			Name:        "export-domainownership",
+			Description: "Generates Terraform configuration for Property Domain Ownership domains and validation resources.",
+			Usage:       "export-domainownership",
+			ArgsUsage:   "<domain_name>[:<validation_scope>][,<domain_name>[:<validation_scope>]...]",
+			Action: validatedAction(domainownership.CmdCreateDomainOwnership, requireValidWorkpath,
+				requireNArguments(1)),
+			Flags: []cli.Flag{
+				&cli.StringFlag{
+					Name:        "tfworkpath",
+					Usage:       "Directory used to store files created when running commands.",
+					DefaultText: "current directory",
+				},
+			},
+			BashComplete: autocomplete.Default,
+		},
 		{
 			Name:        "export-edgekv",
 			Description: "Generates Terraform configuration for EdgeKV resources.",

pkg/providers/appsec/templates/modules-security-firewall.tmpl

@@ -7,27 +7,45 @@ resource "akamai_appsec_ip_geo" "{{ $policyName }}" {
     security_policy_id         = akamai_appsec_ip_geo_protection.{{ $policyName}}.security_policy_id
     {{ if eq .IPGeoFirewall.Block "blockAllTrafficExceptAllowedIPs" -}}
     mode                       = "allow"
+    {{ if .IPGeoFirewall.BlockAllAction -}}
+    block_action               = "{{ .IPGeoFirewall.BlockAllAction }}"
+    {{ end -}}
     {{ else -}}
     mode                       = "block"
     {{ end -}}
     {{ if .IPGeoFirewall.ASNControls -}}
     {{ if .IPGeoFirewall.ASNControls.BlockedIPNetworkLists -}}
     {{ if .IPGeoFirewall.ASNControls.BlockedIPNetworkLists.NetworkList -}}
+    asn_controls {
+    {{ if .IPGeoFirewall.ASNControls.BlockedIPNetworkLists.Action -}}
+    action                     = "{{ .IPGeoFirewall.ASNControls.BlockedIPNetworkLists.Action }}"
+    {{ end -}}
     asn_network_lists          = [{{ toList .IPGeoFirewall.ASNControls.BlockedIPNetworkLists.NetworkList }}]
+    }
     {{ end -}}
     {{ end -}}
     {{ end -}}
     {{ if .IPGeoFirewall.GeoControls -}}
     {{ if .IPGeoFirewall.GeoControls.BlockedIPNetworkLists -}}
     {{ if .IPGeoFirewall.GeoControls.BlockedIPNetworkLists.NetworkList -}}
+    geo_controls {
+    {{ if .IPGeoFirewall.GeoControls.BlockedIPNetworkLists.Action -}}
+    action                     = "{{ .IPGeoFirewall.GeoControls.BlockedIPNetworkLists.Action }}"
+    {{ end -}}
     geo_network_lists          = [{{ toList .IPGeoFirewall.GeoControls.BlockedIPNetworkLists.NetworkList }}]
+    }
     {{ end -}}
     {{ end -}}
     {{ end -}}
     {{ if .IPGeoFirewall.IPControls -}}
     {{ if .IPGeoFirewall.IPControls.BlockedIPNetworkLists -}}
     {{ if .IPGeoFirewall.IPControls.BlockedIPNetworkLists.NetworkList -}}
+    ip_controls {
+    {{ if .IPGeoFirewall.IPControls.BlockedIPNetworkLists.Action -}}
+    action                     = "{{ .IPGeoFirewall.IPControls.BlockedIPNetworkLists.Action }}"
+    {{ end -}}
     ip_network_lists           = [{{ toList .IPGeoFirewall.IPControls.BlockedIPNetworkLists.NetworkList }}]
+    }
     {{ end -}}
     {{ end -}}
     {{ if .IPGeoFirewall.IPControls.AllowedIPNetworkLists -}}

pkg/providers/appsec/testdata/ase-apr.json

@@ -3425,6 +3425,7 @@
                 "block": "blockSpecificIPGeo",
                 "ipControls": {
                     "blockedIPNetworkLists": {
+                        "action": "deny",
                         "networkList": [
                             "118736_TFDEMOLISTATUL"
                         ]

pkg/providers/appsec/testdata/ase-apr/modules/security/firewall.tf

@@ -3,6 +3,9 @@ resource "akamai_appsec_ip_geo" "default_policy" {
   config_id          = local.config_id
   security_policy_id = akamai_appsec_ip_geo_protection.default_policy.security_policy_id
   mode               = "block"
-  ip_network_lists   = ["118736_TFDEMOLISTATUL"]
+  ip_controls {
+    action           = "deny"
+    ip_network_lists = ["118736_TFDEMOLISTATUL"]
+  }
 }