Moving policy with same name from one watch to other fails

Describe the bug I updated my configuration to move one policy to a new watch. Terraform apply seemed to destroy it, but when the api tries to generate it it fails with a 409 error:

module.watch-all-repos-xxx.xray_security_policy.critical_cvss: Destroying... [id=security-policy-critical-cvss]
module.watch-critical-all-repos-xxx.xray_security_policy.critical_cvss: Creating...
module.watch-all-repos-xxx.xray_security_policy.high_severity: Modifying... [id=security-policy-high-severity]
module.watch-all-repos-xxx.xray_security_policy.critical_cvss: Destruction complete after 0s
module.watch-all-repos-xxx.xray_security_policy.high_severity: Modifications complete after 0s [id=security-policy-high-severity]
module.watch-all-repos-xxx.xray_watch.all-repos: Modifying... [id=watch-all-repos-xxx]
module.watch-all-repos-xxx.xray_watch.all-repos: Modifications complete after 1s [id=watch-all-repos-xxx]
╷
│ Error: 
│ 409 POST https://artifactory-staging.xxx.net/xray/api/v2/policies
│ {"error":"Policy already exists"}
│ 
│   with module.watch-critical-all-repos-xxx.xray_security_policy.critical_cvss,
│   on .terraform/modules/watch-critical-all-repos-xxx/ops/terraform/modules/xray-security/watch-critical/main.tf line 10, in resource "xray_security_policy" "critical_cvss":
│   10: resource "xray_security_policy" "critical_cvss" {
│ 
╵

The policy security-policy-critical-cvss used to exist in the watch I'm using Terraform modules to save the configuration into the watch watch-all-repos-xxx. I was moving it to a new one named watch-critical-all-repos-xxx

My CI first ran terraform plan and then terraform apply. During plan it is stated that will be destroyed:

module.watch-all-repos-xxx.xray_security_policy.critical_cvss will be destroyed
resource "xray_security_policy" "critical_cvss" {
...
Plan: 2 to add, 4 to change, 1 to destroy.

But, as stated above it fails during apply. I'm using version 1.11.1

Former configuration:

terraform {
  required_providers {
    xray = {
      source  = "registry.terraform.io/jfrog/xray"
      version = ">= 1.11.1, <= 1.12"
    }
  }
}
resource "xray_security_policy" "high_severity" {
  name        = "security-policy-high-severity"
  description = "Security policy to alert on High severity vulnerabilities"
  type        = "security"

  rule {
    name     = "rule-high-severity"
    priority = 1

    criteria {
      min_severity          = "High"
    }

    actions {
      webhooks                           = []
      mails                              = []
      notify_watch_recipients            = true

      block_download {
        unscanned = false
        active    = false
      }
    }
  }
}

resource "xray_security_policy" "critical_cvss" {
  name        = "security-policy-critical-cvss"
  description = "Security policy to flag artifacts with Critical CVSS score 10.0 vulnerabilities"
  type        = "security"

  rule {
    name     = "cvss-ten"
    priority = 1

    criteria {

      cvss_range {
        from = 10.0
        to   = 10.0
      }
    }

    actions {
      webhooks                           = []
      mails                              = []
      notify_watch_recipients            = true

      block_download {
        unscanned = false
        active    = false
      }
    }
  }
}

resource "xray_watch" "all-repos" {
  name        = "watch-critical-all-repos-lyft"
  description = "Watch policy violations for top critical vulnerabilities in all repositories"
  active      = true

  watch_resource {
    type = "all-repos"

    filter {
      type  = "regex"
      value = ".*"
    }
  }

  assigned_policy {
    name = xray_security_policy.high_severity.name
    type = "security"
  }

  assigned_policy {
    name = xray_security_policy.critical_cvss.name
    type = "security"
  }

  watch_recipients = ["vuln-mgmt@xxx.com"]
}

New configuration:

terraform {
  required_providers {
    xray = {
      source  = "registry.terraform.io/jfrog/xray"
      version = ">= 1.11.1, <= 1.12"
    }
  }
}
resource "xray_security_policy" "high_severity" {
  name        = "security-policy-high-severity"
  description = "Security policy to alert on High severity vulnerabilities"
  type        = "security"

  rule {
    name     = "rule-high-severity"
    priority = 1

    criteria {
      min_severity          = "High"
    }

    actions {
      webhooks                           = []
      mails                              = []
      block_release_bundle_distribution  = false
      fail_build                         = false
      notify_watch_recipients            = false

      block_download {
        unscanned = false
        active    = false
      }
    }
  }
}

resource "xray_watch" "all-repos" {
  name        = "watch-critical-all-repos-lyft"
  description = "Watch policy violations for top critical vulnerabilities in all repositories"
  active      = true

  watch_resource {
    type = "all-repos"

    filter {
      type  = "regex"
      value = ".*"
    }
  }

  assigned_policy {
    name = xray_security_policy.high_severity.name
    type = "security"
  }

  watch_recipients = ["vuln-mgmt@xxx.com"]
}

Artifactory version: 7.41.7 Xray version: 3.41.5 Terraform: 1.0.2

Requirements for and issue

[x] A fully functioning terraform snippet that can be copy&pasted (no outside files or ENV vars unless that's part of the issue)
[x] Your version of Artifactory and Xray (you can curl Artifactory version at $host/artifactory/api/system/version and Xray version at $host/xray/api/v1/system/version
[x] Your version of terraform

Expected behavior The policy from the original watch should be destroyed and a new one with the same name be created into the new watch.

Additional context We use project atlantis to run Terraform as part of our pipeline.

jfrog / terraform-provider-xray

Moving policy with same name from one watch to other fails #125