[BUG] citrixadc_lbvserver_servicegroup_binding throws an error if SG has something bound

[rhelfand]

Contact us

For any immediate issues or help , reach out to us at NetScaler-AutomationToolkit@cloud.com !

Bug Report

Describe the bug
We create some lb_vservers using "count", then bind each to one of a few different serviceGroups depending on which datacenter we're in (we use a map variable for this).

We get an error when attempting to run the apply:
│ Error: Provider produced inconsistent result after apply
│
│ When applying changes to citrixadc_lbvserver_servicegroup_binding.dcb_sg_remote_bindings["2"], provider "provider["registry.terraform.io/citrix/citrixadc"]" produced an unexpected new value: Root resource was present, but now absent.
│
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.

To Reproduce
Steps to reproduce the behaviour:

1. My terraform files are

# main
resource "citrixadc_lbvserver" "create_my_rstacks" {
  count           = 4
  name            = "my_rstack_${count.index + 1}_lb_vs"
  ipv46           = "0.0.0.0"
  servicetype     = "SSL"
  persistencetype = "NONE"
  clttimeout      = 300
  somethod        = "DYNAMICCONNECTION"
  sobackupaction  = "DROP"
  downstateflush  = "DISABLED"
  appflowlog      = "DISABLED"
}

resource "citrixadc_servicegroup" "dcb_sg" {
  count            = (var.datacenter != "DC_B") ? 1 : 0
  servicegroupname = "my_dcb_sg"
  servicetype      = "SSL"
  maxclient        = 0
  maxreq           = 0
  cip              = "ENABLED"
  cipheader        = "X-Forwarded-For"
  usip             = "NO"
  useproxyport     = "YES"
  clttimeout       = 300
  svrtimeout       = 360
  cka              = "YES"
  tcpb             = "YES"
  cmp              = "NO"
  downstateflush   = "DISABLED"
  appflowlog       = "DISABLED"
}

resource "citrixadc_lbvserver_servicegroup_binding" "dcb_sg_remote_bindings" {
  for_each = {
    for sgkey, sgvalue in var.primary_stack_locations :
    sgkey => sgvalue if(sgvalue == "DC_B" && var.datacenter != "DC_B")
  }

  servicegroupname = citrixadc_servicegroup.dcb_sg[0].servicegroupname
  name             = "my_rstack_${each.key}_lb_vs"

  depends_on = [
    citrixadc_lbvserver.create_my_rstacks
  ]
}

# variables
variable "datacenter" {
  type = string
}

variable "ns_hostname" {
  type = string
}

variable "primary_stack_locations" {
  description = "The datacenter where the primary database resides for a given stack"
  type        = map(any)

  default = {
    1  = "DC_A"
    2  = "DC_B"
    3  = "DC_A"
    4  = "DC_C"
  }
}

# variables
tfns_pw = "*****"
datacenter = "DC_A"
ns_hostname = "coresredev1000"

2. which terraform command I am getting the error

## This errors out if we have a server bound to a serviceGroup, and it works if the serviceGroup does not have anything bound
terraform apply -var-file ./myvars

3. Terraform output logs to the log file (./tf.log). Append TF_LOG=TRACE NS_LOG=TRACE TF_LOG_PATH=./tf.log to your terraform command

Attached.

bound_sg.tf.log
unbound_sg.tf.log

4. Error I am facing on the console

│ Error: Provider produced inconsistent result after apply
│
│ When applying changes to citrixadc_lbvserver_servicegroup_binding.dcb_sg_remote_bindings["2"], provider "provider[\"registry.terraform.io/citrix/citrixadc\"]" produced an unexpected new value: Root resource was present, but now absent.
│
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.

Expected behaviour
My serviceGroup should be bound to my lb_vservers.

Screenshots
If applicable, add screenshots to help explain your problem.

Environment (please fill the following information):

• OS: Mac
• terraform version output

$ terraform -version
Terraform v1.5.7
on darwin_arm64
+ provider registry.terraform.io/citrix/citrixadc v1.37.0
- terraform-provider-citrixadc version
v1.37.0 (also tried on v1.33.0)
- `go version` output
go version go1.22.0 darwin/arm64

**Additional context**
Add any other context about the problem here.

[rhelfand]

At first I thought perhaps this was related to:
#275

However I'm not sure of that now.

[rhelfand]

Hi @sumanth-lingappa, I have been working with my colleague to try to figure this out and we believe this is a Citrix bug. We are going to submit a ticket to Citrix. I will try to summarize.

If you try to bind a servicegroup to an lb_vserver, and the servicegroup has members in it:
bind lb vserver my_lb_vs my_svcgrp

This command will work, HOWEVER, if you examine the lb_vserver either on the CLI or using the NITRO API, it does not show you the serviceGroup information. The output looks like this:

{ "errorcode": 0, "message": "Done", "severity": "NONE" }

And if you run show lb vserver my_lb_vs, there is no Bound Service Groups section at the bottom of the output.

If you bind a servicegroup to an lb_vserver, and the servicegroup is empty, and you examine the lb_vserver on the CLI or using the NITRO API, you get more output:

{ "errorcode": 0, "message": "Done", "severity": "NONE", "lbvserver_servicegroup_binding": [ { "name": "my_lb_vs", "servicegroupname": "my_svcgrp", "stateflag": "536936464", "servicename": "my_svcgrp" } ] }

Running show lb vserver my_lb_vs on the command line shows:

Bound Service Groups:
1)	Group Name: my_svcgrp
 Done

at the bottom of the output.