AS3 bigip pointer is unable to find pre-existing virtual-address with %rd

[adityoari]

Environment

• Application Services Version: 3.51.0
• BIG-IP Version: 17.1.1.3

Summary

Using bigip pointer in virtualAddresses object to reference pre-exising virtual-address with %RD prefix in Common partition results in 422 error response "Unable to find /Common/10.1.100.1%1 for /Tenant01/A1/vs1/virtualAddresses/0"

Steps To Reproduce

Steps to reproduce the behavior:

1. Have a virtual-address with %RD in Common partition

   ltm virtual-address 10.1.100.1%1 {
   address 10.1.100.1%1
   auto-delete false
   mask 255.255.255.255
   traffic-group traffic-group-1
   }

2. Submit the following declaration:

   {
   "class": "AS3",
   "declaration": {
   "class": "ADC",
   "schemaVersion": "3.0.0",
   "Tenant01": {
     "class": "Tenant",
     "defaultRouteDomain": 1,
     "A1": {
       "class": "Application",
       "template": "generic",
       "vs1": {
         "class": "Service_UDP",
         "sourceAddress": "0.0.0.0%1/0",
         "virtualAddresses": [
           { "bigip": "/Common/10.1.100.1%1" }
         ],
         "virtualPort": 80,
         "pool": "web_pool"
       },
       "web_pool": {
         "class": "Pool",
         "monitors": [{
           "bigip": "/Common/udp"
         }],
         "members": [
           {
             "servicePort": 80,
             "serverAddresses": [
               "192.0.1.10"
             ]
           }]
       }
     }
   }
   }
   }

3. Observe the following error response:

   {
   "code": 422,
   "declarationFullId": "",
   "message": "Unable to find /Common/10.1.100.1%1 for /Tenant01/A1/vs1/virtualAddresses/0"
   }

4. Using TMSH to create VS works fine:

   [admin@ip-10-1-1-4:Standby:Disconnected] tmp # tmsh cre ltm virtual rd1_vs2 destination 10.1.100.1%1:8082
   [admin@ip-10-1-1-4:Standby:Disconnected] tmp # tmsh li ltm virtual rd1_vs2
   ltm virtual rd1_vs2 {
   creation-time 2024-07-20:06:24:49
   destination 10.1.100.1%1:8082
   last-modified-time 2024-07-20:06:24:49
   mask 255.255.255.255
   profiles {
       fastL4 { }
   }
   serverssl-use-sni disabled
   source 0.0.0.0%1/0
   translate-address enabled
   translate-port enabled
   vs-index 6
   }

   Jul 20 06:24:49 ip-10-1-1-4.us-west-2.compute.internal notice mcpd[25830]: 01070417:5: AUDIT - client tmsh, tmsh-pid-12232, user admin - transaction #33968-2 - object 0 - create { virtual_server { virtual_server_name "/Common/rd1_vs2" virtual_server_va_name "10.1.100.1%1" virtual_server_port 8082 } } [Status=Command OK]
   Jul 20 06:24:49 ip-10-1-1-4.us-west-2.compute.internal notice tmsh[12232]: 01420002:5: AUDIT - pid=12232 user=admin folder=/Common module=(tmos)# status=[Command OK] cmd_data=cre ltm virtual rd1_vs2 destination 10.1.100.1%1:8082

Expected Behavior

AS3 is able to create the VS with pre-existing virtual-address having %rRD suffix

Actual Behavior

Declaration fails with code 422 and error message "Unable to find /Common/10.1.100.1%1 for /Tenant01/A1/vs1/virtualAddresses/0"

Additional Notes

Using Service_Address in AS3 or creating the virtual-address manually using non-literal address is currently not feasible for the customer due to BIG-IP Bug ID1589133

[adityoari]

Chances are this is stemmed on how iControl REST presents the virtual-address objects in BIG-IP by URL encoding the % character to %25. I reckon AS3 would search for the literal value of virtualAddresses element (e.g. 10.1.100.1%1), but since the iControl REST server indexes the object with the URL encoding 10.1.100.1%251 it would return Not Found error.

Sample REST output showing the URL encoding in the selfLink property:

[admin@ip-10-1-1-4:Standby:In Sync] tmp # curl -sku rest: 'http://localhost:8100/mgmt/tm/ltm/virtual-address/~Common~10.1.100.1%251' | jq .
{
  "kind": "tm:ltm:virtual-address:virtual-addressstate",
  "name": "10.1.100.1%1",
  "partition": "Common",
  "fullPath": "/Common/10.1.100.1%1",
  "generation": 4024,
  "selfLink": "https://localhost/mgmt/tm/ltm/virtual-address/~Common~10.1.100.1%251?ver=16.1.4.1",
  "address": "10.1.100.1%1",
  "arp": "enabled",
  <!--- snipped for brevity --->
}

This means that the ideal fix would need to cater for such URL encoding during object name search, in at least one of the following scenarios:

• dynamically when AS3 sees a % character (and perhaps other characters which require URL encoding) in bigip property value
• statically for virtualAddresses element value (and perhaps other similar properties e.g. sourceAddress)

[sunitharonan]

AUTOTOOL-4448 has been created and added to our backlog, mentioned the same in the escalation raised for this issue.