Feature Request: Prevent Removal of Server Object if Bound to any Service Group

[stefanschlipfi]

Problem

When using the Citrix ADC Terraform provider, I've encountered an issue where if I have multiple service groups bound to one server, Terraform removes the server without any warning.

Soulution

I would like to request the addition of a new flag or feature that allows the server object to be prevented from being removed if it is bound to any other servicegroup. This would help prevent unintended removal of servers that are still in use by other service groups.

Thank you for considering this feature request.

[sumanth-lingappa]

@stefanschlipfi, thank you posting the request.

Can you please help us with the terraform scripts to reproduce the scenario? This will help us to reproduce your issue and can faster support your request.

Thank you

[stefanschlipfi]

On NS

add server sv_appserver_1 192.168.100.1

add serviceGroup lb_sg_test_1_443 SSL
add serviceGroup lb_sg_test_2_443 SSL

bind serviceGroup lb_sg_test_1_443 sv_appserver_1 443
bind serviceGroup lb_sg_test_2_443 sv_appserver_1 443

Terraform

resouces.tf for Servicegroup: test_1

resource "citrixadc_server" "sv_appserver_1" {
    name      = "sv_appserver_1"
    ipaddress = "192.168.100.1"
}    

resource "citrixadc_servicegroup" "lb_sg_test_1_443" {
  servicegroupname = "lb_sg_test_1_443"
  servicetype      = "SSL"
}

resource "citrixadc_servicegroup_servicegroupmember_binding" "lb_sg_test_1_443_appserver_1_binding" {
    servicegroupname = "lb_sg_test_1_443"
    servername       = "sv_appserver_1"
    port             = 443
    weight           = 1
}

resouces.tf for Servicegroup: test_2

resource "citrixadc_server" "sv_appserver_1" {
    name      = "sv_appserver_1"
    ipaddress = "192.168.100.1"
}    

resource "citrixadc_servicegroup" "lb_sg_test_2_443" {
  servicegroupname = "lb_sg_test_2_443"
  servicetype      = "SSL"
}

resource "citrixadc_servicegroup_servicegroupmember_binding" "lb_sg_test_2_443_appserver_1_binding" {
    servicegroupname = "lb_sg_test_2_443"
    servername       = "sv_appserver_2"
    port             = 443
    weight           = 1
}

Problem

now if I remove with Terraform or with the CLI:

1. lb_sg_test_1_443
2. sv_appserver_1
   the servicegroup lb_sg_test_2_443 lost his server.

I am wondering why there is no exception to prevent unintended removal of servers

[stefanschlipfi]

@sumanth-lingappa
Hi, can you take a look at this issue too.

Thanks a lot.

[ravager-dk]

@stefanschlipfi I am trying to understand your code and issue here.
I am a bit confused why you are defining servername in the bindings via string and not via referencing citrixadc_server.sv_appserver_1.name. That would be the normal way to define it to make sure the dependencies are worked out by terraform. If you then were to remove the citrixadc_server.sv_appserver_1 resource, terraform validation would catch that.

resource "citrixadc_servicegroup_servicegroupmember_binding" "lb_sg_test_1_443_appserver_1_binding" {
servicegroupname = citrixadc_servicegroup.lb_sg_test_1_443.servicegroupname
servername = citrixadc_server.sv_appserver_1.name
port = 443
weight = 1
}

[stefanschlipfi]

Hi,
Sorry for my late response.
Yes, you are absolutely right. However, if there is a binding apart from the terraform resource file (for example, added with the CLI), terraform will still remove the server.