terraform-provider-citrixadc icon indicating copy to clipboard operation
terraform-provider-citrixadc copied to clipboard

Published 20 hours ago verified publisher icon citrix

Loses csvserver policy bindings on ADC 13.1

Open luggage66 opened this issue 3 years ago • 2 comments

After updating to Citrix ADC 13.1 I noticed that citrixadc_csvserverpolicy now attempts to re-create each apply due to a missing csvserver attribute. I have traced this down to a difference in the response from GET /nitro/v1/config/cspolicy_binding/{my_policy}

In 13.0, this is the response:

{
  "errorcode": 0,
  "message": "Done",
  "severity": "NONE",
  "cspolicy_binding": [
    {
      "policyname": "csp_trafficdirector_gws",
      "cspolicy_csvserver_binding": [
        {
          "policyname": "csp_trafficdirector_gws",
          "domain": "TEST-traffic-director",
          "stateflag": "132",
          "priority": "12",
          "hits": "0",
          "pihits": "0",
          "pipolicyhits": "0"
        }
      ]
    }
  ]
}

Note the presense of domain which is not in the 13.1 response:

{
  "errorcode": 0,
  "message": "Done",
  "severity": "NONE",
  "cspolicy_binding": [
    {
      "policyname": "csp_trafficdirector_gws",
      "cspolicy_csvserver_binding": [
        {
          "policyname": "csp_trafficdirector_gws",
          "boundto": "TEST-traffic-director",
          "stateflag": "132",
          "priority": "12",
          "hits": "0",
          "bindhits": "0"
        }
      ]
    }
  ]
}

And the domain property that is missing is used by this provider's code at: https://github.com/citrix/terraform-provider-citrixadc/blob/master/citrixadc/resource_citrixadc_cspolicy.go#L196

This results in:

2022-05-31T15:32:15.159Z [WARN]  Provider "provider[\"registry.terraform.io/citrix/citrixadc\"]" produced an unexpected new value for module.vp_loadtesting3_filebet.citrixadc_cspolicy.this, but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .csvserver: was cty.StringVal("TEST-traffic-director"), but now cty.StringVal("")

And this causes the citrixadc_cspolicy be be stuck in a state of needing to be recreated by terraform.

luggage66 avatar May 31 '22 16:05 luggage66

I verified this bug.

Thanks for the input.

Until we fix this I recommend using the citrixadc_csvserver_cspolicy_binding resource for binding the policy to the cs vserver.

giorgos-nikolopoulos avatar Jun 03 '22 08:06 giorgos-nikolopoulos

Any updates on this? I have the same issue and currently using ignore_changes to avoid a change on every terrraform apply.

resource "citrixadc_cspolicy" "cspolicy" {
  for_each = var.cspolicies

  csvserver  = "tf_csvserver_${each.value.csvserver}"
  policyname = "tf_cspolicy_${each.key}"
  action     = "tf_csaction_${each.key}"
  rule       = each.value.rule
  priority   = each.value.priority

  # bug in the provider? always wants to recreate the ressource
  lifecycle {
    ignore_changes = [
      csvserver
    ]
  }

  depends_on = [
    citrixadc_csaction.csaction
  ]
}

slauger avatar Jul 15 '22 07:07 slauger

Hello. I have same problem to.

vintury avatar Nov 08 '22 14:11 vintury

Hello @luggage66 , @slauger , Thanks for raising this issue. We updated the citrixadc_cspolicy resource. Please use csvserver_cspolicy_binding to bind csvserver to cspolicy insted of this resource. The support for binding csvserver to cspolicy in cspolicy resource will get deprecated soon. Refer here for documentation

rohit-myali avatar Nov 15 '22 14:11 rohit-myali