Last Modified: Jul 12, 2023
Affected Product(s):
BIG-IQ ADC
Known Affected Versions:
7.1.0, 8.0.0, 8.0.0.1
Fixed In:
7.1.0.1
Opened: May 05, 2020 Severity: 4-Minor
When adding a Pool or Virtual Server to a Resource Group, the related Pool Members appear individually instead of all Pool Members.
You must add Pool Members individually to Resource Groups after they are created or they will not be visible to the user with the associated role.
When adding a Pool or Virtual Server to Resource Group.
You can use an API call to create a Resource Group (RG) with the pools as you want them and use that Resource Group in a Role. Here are the steps for that, 1. Find the pool (or pools that you want in the role and capture it's membersCollectionReference: GET cm/adc-core/working-config/ltm/pool 2. modify the json body below to match the retrieved pool members URI path - change the name, description, and expression (note the /* at the end of the membersCollectionReference URI path) - you just need the pool members expression (the pool that owns it will be automatically added to the RG.) - you can have more than one expression in the referenceExpressions array. { "resourceGroupName": "workaroundRGSample", "resourceGroupDisplayName": "workaroundRGSample", "resourceGroupDescription": "", "referenceExpressionsPatches": [ { "targetKind": "cm:adc-core:working-config:ltm:pool:members:adcpoolmemberstate", "referenceExpressions": [ { "name": "All Pool Members for newPool", "description": "All existing and future Pool Members for newPool.", "expression": "/cm/adc-core/working-config/ltm/pool/4c6ad591-26e5-3e5a-bc72-d0eb41dab631/members/*" } ] } ] } 3. POST that to here: /shared/authorization/patch-resource-groups - note this is a declarative API. If you want to change the RG you need to include ALL expressions that you want in the RG and POST to the same endpoint again. Like if you wnted to add a pool/members then the body above would contain two referenceExpressions. 4. You'll get a response like this: { "id": "cccd8304-3ec9-3bcf-aa58-e4a7d22ae57b", "kind": "shared:authorization:resource-groups:resourcegroupstate", "name": "workaroundRGSampleXX", "isPublic": true, "selfLink": "https://localhost/mgmt/shared/authorization/resource-groups/cccd8304-3ec9-3bcf-aa58-e4a7d22ae57b", "isBuiltIn": false, "generation": 1, "description": "", "displayName": "workaroundRGSampleXX", "isSystemManaged": false, "lastUpdateMicros": 1588021146636422, "referenceExpressionCollectionReference": { "link": "https://localhost/mgmt/shared/authorization/resource-groups/cccd8304-3ec9-3bcf-aa58-e4a7d22ae57b/reference-expressions", "isSubcollection": true }, "differences": { "added": [ "/cm/adc-core/working-config/ltm/pool/4c6ad591-26e5-3e5a-bc72-d0eb41dab631/members", "/cm/adc-core/working-config/ltm/pool", "/cm/adc-core/working-config/ltm/pool/4c6ad591-26e5-3e5a-bc72-d0eb41dab631/members/*", "/cm/adc-core/working-config/ltm/pool/4c6ad591-26e5-3e5a-bc72-d0eb41dab631" ], "removed": [] } } 5. Now create a second Resource Group in the UI that does NOT include the Pool and Pool Members for the VIP. 6. Create a role that includes the RG you manually created above and the second RG (without the Pool and Pool Member) that you created in the UI.
This issue is fixed.