[BUG] citrixadc_lbvserver setting attribute authn401 = "ON" is not possible

[kaiAsmOne]

Contact us

For any immediate issues or help , reach out to us at NetScaler-AutomationToolkit@cloud.com !

When creating an lb_vserver with authn401 = "ON" returns the following error:

╷ │ Error: [ERROR] nitro-go: Failed to create resource of type lbvserver, name=lb_app.company.com, err=failed: 599 Netscaler specific error ({ "errorcode": 2652, "message": "Turn authentication off first", "severity": "ERROR" }) │ │ with module.app_app_company_com.citrixadc_lbvserver.app_lb, │ on .terraform/modules/app_app_company_com/main.tf line 36, in resource "citrixadc_lbvserver" "app_lb": │ 36: resource "citrixadc_lbvserver" "app_lb" { │

How do i implement an lb_vserver with 401 enabled ? as of now i have to create the lb_vserver with 401=off and manually activate it in the gui after each terraform apply..

The lb_vserver terraform plan output is as follows:

module.app_app_company_com.citrixadc_lbvserver.app_lb will be created

• resource "citrixadc_lbvserver" "app_lb" {
  • appflowlog = (known after apply)
  • authentication = "ON"
  • authenticationhost = (known after apply)
  • authn401 = "ON"
  • authnprofile = "aaa_prf_app.company.com"
  • authnvsname = (known after apply)
  • backuplbmethod = (known after apply)
  • backuppersistencetimeout = (known after apply)
  • backupvserver = (known after apply)
  • bypassaaaa = (known after apply)
  • cacheable = (known after apply)
  • clttimeout = 1800
  • comment = (known after apply)
  • connfailover = (known after apply)
  • cookiename = "on_nefid_swsxds"
  • datalength = (known after apply)
  • dataoffset = (known after apply)
  • dbprofilename = (known after apply)
  • dbslb = (known after apply)
  • disableprimaryondown = (known after apply)
  • dns64 = (known after apply)
  • dnsprofilename = (known after apply)
  • downstateflush = (known after apply)
  • hashlength = (known after apply)
  • healththreshold = 0
  • httpprofilename = (known after apply)
  • httpsredirecturl = (known after apply)
  • icmpvsrresponse = "PASSIVE"
  • id = (known after apply)
  • insertvserveripport = (known after apply)
  • ipmask = (known after apply)
  • ippattern = (known after apply)
  • ipset = (known after apply)
  • ipv46 = (known after apply)
  • l2conn = (known after apply)
  • lbmethod = "LEASTRESPONSETIME"
  • lbprofilename = (known after apply)
  • listenpolicy = (known after apply)
  • listenpriority = (known after apply)
  • m = (known after apply)
  • macmoderetainvlan = (known after apply)
  • maxautoscalemembers = (known after apply)
  • minautoscalemembers = (known after apply)
  • mssqlserverversion = (known after apply)
  • mysqlcharacterset = (known after apply)
  • mysqlprotocolversion = (known after apply)
  • mysqlservercapabilities = (known after apply)
  • mysqlserverversion = (known after apply)
  • name = "lb_app.company.com"
  • netmask = (known after apply)
  • netprofile = (known after apply)
  • newname = (known after apply)
  • newservicerequest = (known after apply)
  • newservicerequestincrementinterval = (known after apply)
  • newservicerequestunit = (known after apply)
  • oracleserverversion = (known after apply)
  • persistencebackup = "SOURCEIP"
  • persistencetype = "COOKIEINSERT"
  • persistmask = "255.255.255.255"
  • port = (known after apply)
  • pq = (known after apply)
  • processlocal = (known after apply)
  • push = (known after apply)
  • pushlabel = (known after apply)
  • pushmulticlients = (known after apply)
  • pushvserver = (known after apply)
  • range = (known after apply)
  • recursionavailable = (known after apply)
  • redirectfromport = (known after apply)
  • redirectportrewrite = (known after apply)
  • redirurl = (known after apply)
  • redirurlflags = (known after apply)
  • resrule = (known after apply)
  • retainconnectionsoncluster = (known after apply)
  • rhistate = (known after apply)
  • rtspnat = (known after apply)
  • rule = (known after apply)
  • sc = (known after apply)
  • servicename = (known after apply)
  • servicetype = "HTTP"
  • sessionless = (known after apply)
  • skippersistency = (known after apply)
  • sobackupaction = (known after apply)
  • somethod = (known after apply)
  • sopersistence = (known after apply)
  • sopersistencetimeout = (known after apply)
  • sothreshold = (known after apply)
  • sslprofile = (known after apply)
  • state = "ENABLED"
  • tcpprofilename = (known after apply)
  • td = (known after apply)
  • timeout = 60
  • tosid = (known after apply)
  • trofspersistence = (known after apply)
  • v6netmasklen = (known after apply)
  • v6persistmasklen = (known after apply)
  • vipheader = (known after apply)
  • weight = (known after apply) }

Describe the bug A clear and concise description of what the bug is.

To Reproduce Steps to reproduce the behaviour:

1. My terraform files are

   # my terraform script here

2. which terraform command I am getting the error

   # terrafrom command

3. Terraform output logs to the log file (./tf.log). Append TF_LOG=TRACE NS_LOG=TRACE TF_LOG_PATH=./tf.log to your terraform command

   # terraform output logs.

4. Error I am facing on the console

   # console error

Expected behaviour A clear and concise description of what you expected to happen.

Screenshots If applicable, add screenshots to help explain your problem.

Environment (please fill the following information):

• OS: Mac/Linux/Windows/Others
• terraform version output
• terraform-provider-citrixadc version: 1.35.0
• go version output

Additional context Add any other context about the problem here.

[kaiAsmOne]

This bug is messing up all the lb_vservers i have that do OAuth 2.0 V2 MSAL JWT API Authentication. If a lb_vserver has authn401 = "ON" every terraform apply will set the lb_vserver back to Forms Based Authentication.

If i manually in the terraform code set authn401 = "OFF", Do a terraform apply, Then manually in the GUI set the lb_vserver back to authn401 = "ON", change the code to authn401 = "ON" and do a terraform apply the terraform apply will set the lb_vserver back to Forms Based Authentication.

Due to this all of our exposed API´s with OAuth 2.0 V2 MSAL JWT API Authentication stops working everytime i do a terraform apply and forget to login to all the netscalers and change the lb_vservers back to authn401 = "ON"

[kaiAsmOne]

This is actually a documentation issue. The Attribute authentication is described to Enable or disable authentication. This attribute is actually = Enable Forms Based Authentication.

I advise you to update the documentation on this attribute.

When i changed my terraform code to have attribute authentication = "OFF" && authn401 = "ON" my terraform code works as expected / intended.

[kaiAsmOne]

I will close this issue to reduce the workload on this provider. I Hope if other people struggle with confusing documentation regarding this attribute they will be able to find this info using google