Plan for Akamai 4.0.0 stable release

This will definitely need a Drupal 8 version. I can't speak for @febbraro, but starting the process of converting is relatively high on my to-do list. At the moment there are several issues in progress for the D7 branch though, so I think it makes sense to get those resolved and integrated before starting serious work on D8.

I've cut an 8.x-1.x branch in the repo and am working on getting the current functionality ported over.

Lets focus this on identifying what should be in a 8.x-3.x release.

So the 8.x branch is pretty stable at the moment but doesn't do a lot. It's wholly dependent on integration with Purge for any automated clearing functionality.

I am in touch with Product Managers at Akamai and they have some new features coming soon which will be very beneficial for D8 sites. I'd like to include those features in any official release. Once the feature roadmap goes public from Akamai I'll make a similar roadmap for a fully supported 8.x-3.0.

Not sure if this qualifies as a public roadmap for Akamai but here is a community post about new and upcoming features:
https://community.akamai.com/community/web-performance/blog/2017/05/15/e...

If I am reading the post correctly, most importantly for D8 (IMO) is that purging by cache tag is now in beta with general availability scheduled for January 2018.

I'd like to propose the follow issues as being in scope as part of the 8.x-3.x branch.

Functionality:

• #2920850: Purge by Cache Tags
• #2950934: Purge by CP code -- Might want to work on that in tandem with in progress D7 issue here: #2885058: Support for CCU CP clearing
• #2950936: CCUv3 Support
• #2950938: Update Akamai Open EdgeGrid Client -- We're currently running on ~0.4.2 and it'd make sense to get on a stable release for a stable version of the module.
• #2950940: Resolve and Refactor Tests

Security:

• #2741199: Display warnings when admin page accessed over HTTP instead of HTTPs
• #2741225: Encrypt Akamai API credentials so they are not stored in plain text
• #2744253: Allow users to upload .edgerc file to specify credentials
• #2738995: Security concerns -- Before rolling a major release, I think we need to get a few eyes on things to make sure we haven't missed anything obvious, or otherwise. This existing issue seems like as good a place as any to do so.

I know @jtsnow had created a D7/D8 feature matrix and I think there are definitely some items in there not included in my list above that should be considered as well.

Basically at this point, I'm just trying to get the ball rolling again.

** edited March 7, 2018 at 12:42PM CST to link to actual issues **

Batching the purge requests might be nice too (to avoid the API request size limit), but other than that inclusion ~ this sounds like a good plan.

@pobster: Good call. I've created #2950942: Purge request batching for that.

Updating the issue summary with a list of issues currently tied to the release.

Based on work done in #2741225: Encrypt Akamai API credentials so they are not stored in plain text we will need to make sure we annotate that alpha2 is going to be a BC release. The database authentication method is no longer available. That means people will either need to install the key module or configure an .edgerc file for authentication.

Adding #3067694: Numeric cache tags give troubles with the current AkamaiTagPurger to the release plan

As this has taken us a bit longer than originally anticipated, I'm proposing to embrace semantic versioning and shoot for 4.0.0 instead of 8.x-3.0.

Also adjust the IS to include some other issues that have been completed.

Adding #2972770: Notify user of 128-character cache tag limit

Adding #3160840: Remove CCUv2 Support

Adding #3001392: Use own log table instead of key_value table to stable release plan as it's got some major performance implications.

Could we have a release of this module without #2741199: Display warnings when admin page accessed over HTTP instead of HTTPs and #2738995: Security concerns being addressed? I'm not suggesting they are not important, but at this point I would say that having a stable release without legacy code and support for D9 is more important.

Dropping from release: #2741199: Display warnings when admin page accessed over HTTP instead of HTTPs

I've tagged a 4.0.0-alpha1 release, which is exactly the same as 8.x-3.0-alpha 9 so we can switch to semantic versioning: https://www.drupal.org/project/akamai/releases/4.0.0-alpha1

It appears the drupal.org queue is a bit backed up so it may take a bit for it to finish making the release available, but it's at least been queued up.

Removing #3201432: Error "You need to provide non-default credentials for this module to work."

Adding #3128033: Akamai menu link appearing when user doesn't have permission

Having spent the last couple of days going over the issue queue with @bighappyface, we have determined we're now in a relatively good spot for a stable release, pending the completion of updated documentation in #3171615: Need Current Up-To-Date Documentation.

At this point, many sites and applications are relying on this module in production environments, and we really need to get it under security advisory coverage. We're hoping to wrap that up soon (maybe even today). This process has taken us way longer than we originally anticipated due to limited availability, but I think it will be great to have this behind us soon.

Pulling the trigger on this. Thank you everybody for your contributions.