azurerm_virtual_hub_route_table_route should be destroyed if azurerm_virtual_hub_connection needs to be replaced

hwwilliams commented 8 months ago

Is there an existing issue for this?

[X] I have searched the existing issues

Community Note

Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.6.4

AzureRM Provider Version

3.93.0

Affected Resource(s)/Data Source(s)

azurerm_virtual_hub_route_table_route, azurerm_virtual_hub_connection

Terraform Configuration Files

resource "azurerm_resource_group" "rg" {
  name     = "example-rg"
  location = "usgovvirginia"
}

resource "azurerm_virtual_wan" "vwan" {
  name                              = "example-vwan"
  resource_group_name               = azurerm_resource_group.rg.name
  location                          = azurerm_resource_group.rg.location
  allow_branch_to_branch_traffic    = false
  disable_vpn_encryption            = false
  office365_local_breakout_category = "None"
  type                              = "Standard"
}

resource "azurerm_virtual_hub" "vhub" {
  name                   = "example-vhub"
  resource_group_name    = azurerm_resource_group.rg.name
  location               = azurerm_resource_group.rg.location
  address_prefix         = "172.16.0.0/23"
  hub_routing_preference = "ASPath"
  sku                    = azurerm_virtual_wan.vwan.type
  virtual_wan_id         = azurerm_virtual_wan.vwan.id
}

resource "azurerm_virtual_network" "vnet" {
  name                = "example-vnet"
  resource_group_name = azurerm_resource_group.rg.name
  location            = azurerm_resource_group.rg.location
  address_space       = ["192.168.1.0/24"]
}

resource "azurerm_virtual_hub_connection" "vhub" {
  name                      = "example-vhub-connection"
  virtual_hub_id            = azurerm_virtual_hub.vhub.id
  remote_virtual_network_id = azurerm_virtual_network.vnet.id
  internet_security_enabled = false

  routing {
    associated_route_table_id                 = azurerm_virtual_hub.vhub.default_route_table_id
    static_vnet_local_route_override_criteria = "Contains"

    propagated_route_table {
      labels          = ["none"]
      route_table_ids = [replace(azurerm_virtual_hub.vhub.default_route_table_id, "defaultRouteTable", "noneRouteTable")]
    }
  }
}

resource "azurerm_virtual_hub_route_table_route" "vhub_default" {
  route_table_id    = azurerm_virtual_hub_connection.vhub.routing.0.associated_route_table_id
  name              = "Catch_All_to_vHub"
  destinations      = ["0.0.0.0/0"]
  destinations_type = "CIDR"
  next_hop          = azurerm_virtual_hub_connection.vhub.id
  next_hop_type     = "ResourceId"
}

Debug Output/Panic Output

azurerm_virtual_hub_connection.vhub: Destroying... [id=/subscriptions/***/resourceGroups/example-rg/providers/Microsoft.Network/virtualHubs/example-vhub/hubVirtualNetworkConnections/example-vhub-connection]
╷
azurerm_virtual_hub_connection.vhub: Destroying... [id=/subscriptions/***/resourceGroups/example-rg/providers/Microsoft.Network/virtualHubs/example-vhub/hubVirtualNetworkConnections/example-vhub-connection]
│ Error: waiting for deletion of Hub Virtual Network Connection: (Name "example-vhub-connection" / Virtual Hub Name "example-vhub" / Resource Group "example-rg"): Code="CannotDeleteHubVnetConnectionDueToExistingRoutes" Message="VirtualHubVnetConnection 'example-vhub-connection' cannot be deleted because it is being used as a next hop in the routeTable '/subscriptions/***/resourceGroups/example-rg/providers/Microsoft.Network/virtualHubs/example-vhub/hubRouteTables/defaultRouteTable' in route '[\"Catch_All_to_vHub\"]'. Please remove the route before deleting the connection." Details=[]
│ 
Error: Process completed with exit code 1.

Expected Behaviour

If azurerm_virtual_hub_connection needs to be replaced and a route in a route table that was created by azurerm_virtual_hub_route_table_route is referencing that vhub connection then it should destroy and recreate it as necessary. I would understand if the route in question was not being managed by Terraform and so it's assuming it is not safe to destroy the resource but since Terraform is managing it I expect it to handle the replacement cleanly.

Actual Behaviour

It fails to destroy the vhub connection because it's being referenced by a route that is being managed by Terraform.

Steps to Reproduce

Deploy
Change name of vhub connection
Fail

Important Factoids

No response

References

No response

neil-yechenwei commented 8 months ago

Thanks for raising this issue. Maybe adding "create_before_destroy" on azurerm_virtual_hub_connection is helpful for this situation.

hwwilliams commented 8 months ago

Thanks for raising this issue. Maybe adding "create_before_destroy" on azurerm_virtual_hub_connection is helpful for this situation.

No that doesn't help because then you get an error about how you can only have 1 vhub connection per vnet at a time.

neil-yechenwei commented 7 months ago

Please try to add "create_before_destroy" and only apply it. Once it's applied successfully, then the order is changed for above situation.

hashicorp / terraform-provider-azurerm