Whitelist feature can fail after pools are whitelisted post CCCL creation

[russokj]

JIRA won’t let me post comments, so I’ll just send it to you directly.

Based on feedback from ad-hoc testing:

I create a Route and let the controller create all the resources. I then whitelist a pool. If I try to add a pre-existing health monitor to the pool (/Common/http for example), the controller deletes the monitor off of the pool. I then delete the Route, the controller attempts to “restore” the pool back to its original state, and I get this error:

2018/04/09 17:23:39 [ERROR] [2018-04-09 17:23:39,307 f5_cccl.resource.resource ERROR] HTTP error(400): CCCL resource(IcrPool) /test/openshift_default_svc-1.
2018/04/09 17:23:39 [ERROR] [2018-04-09 17:23:39,307 f5_cccl.service.manager ERROR] F5CcclResourceRequestError - 400 Unexpected Error: Bad Request for uri: https://172.16.2.8:443/mgmt/tm/ltm/pool/~test~openshift_default_svc-1/
2018/04/09 17:23:39 [INFO] Text: u'{"code":400,"message":"invalid property value \\"session\\":\\"monitor-enabled\\"","errorStack":[],"apiError":26214401}'```

[russokj]

Looks like the merge function can't handle the pool's multi-level object. May have to tailor the merge to each specific type of resource if a general solution cannot be implemented.

CCCL request config (for pool):

Merging source: {'monitor': 'default', 'description': None, 'partition': u'test', 'loadBalancingMode': u'round-robin', 'membersReference': {'isSubcollection': True, 'items': [{'ratio': 1, 'name': '10.130.0.54%0:80', 'partition': u'test', 'session': u'user-enabled', 'priorityGroup': 0, 'connectionLimit': 0, 'description': None}]}, 'metadata': [{'name': 'user_agent', 'value': u'k8s-bigip-ctlr-1.5.0-WIP-vagrant-2f7bdb1-dirty-20180413110325', 'persist': 'true'}], 'name': u'openshift_default_svc-1'}

Big-IP requested config (for pool):

Merging destination: {'monitor': u'/Common/http ', 'description': None, 'partition': u'test', 'loadBalancingMode': u'round-robin', 'membersReference': {'isSubcollection': True, 'items': [{'ratio': 1, 'name': u'10.130.0.54%0:80', 'partition': u'test', 'session': u'monitor-enabled', 'priorityGroup': 0, 'connectionLimit': 0, 'description': None}]}, 'metadata': [{u'name': u'cccl-whitelist', u'value': u'1', u'persist': u'true'}, {u'name': u'user_agent', u'value': u'k8s-bigip-ctlr-1.5.0-WIP-vagrant-2f7bdb1-dirty-20180413110325', u'persist': u'true'}], 'name': u'openshift_default_svc-1'}

Merged Result:

2018/04/13 17:10:49 [INFO] [2018-04-13 17:10:49,316 f5_cccl.utils.resource_merge INFO] Merged result: {'monitor': 'default', 'description': None, 'partition': u'test', 'loadBalancingMode': u'round-robin', 'membersReference': {'isSubcollection': True, 'items': [{'ratio': 1, 'name': '10.130.0.54%0:80', 'partition': u'test', 'session': u'user-enabled', 'priorityGroup': 0, 'connectionLimit': 0, 'description': None}]}, 'metadata': [{'name': 'user_agent', 'value': u'k8s-bigip-ctlr-1.5.0-WIP-vagrant-2f7bdb1-dirty-20180413110325', 'persist': 'true'}, {u'name': u'cccl-whitelist', u'value': u'1', u'persist': u'true'}], 'name': u'openshift_default_svc-1'}

This is a result of the monitors not being a list (array) like other resources (profiles, policies, irules, etc). Instead it's a scalar value (a string in this case) so the merge see it as a conflict between what CCCL wants and what Big-IP has. For scalars, conflicts always resolve to the CCCL desired setting. UGH!

[amudukutore]

This may not be needed if we migrate to an alternate implementation (like AS3) instead of CCCL to configure the BIG-IP.