terraform-provider-azurerm icon indicating copy to clipboard operation
terraform-provider-azurerm copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

azurerm_virtual_hub_route_table_route should be destroyed if azurerm_virtual_hub_connection needs to be replaced

Open hwwilliams opened this issue 1 year ago • 2 comments
trafficstars

Is there an existing issue for this?

  • [X] I have searched the existing issues

Community Note

  • Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.6.4

AzureRM Provider Version

3.93.0

Affected Resource(s)/Data Source(s)

azurerm_virtual_hub_route_table_route, azurerm_virtual_hub_connection

Terraform Configuration Files

resource "azurerm_resource_group" "rg" {
  name     = "example-rg"
  location = "usgovvirginia"
}

resource "azurerm_virtual_wan" "vwan" {
  name                              = "example-vwan"
  resource_group_name               = azurerm_resource_group.rg.name
  location                          = azurerm_resource_group.rg.location
  allow_branch_to_branch_traffic    = false
  disable_vpn_encryption            = false
  office365_local_breakout_category = "None"
  type                              = "Standard"
}

resource "azurerm_virtual_hub" "vhub" {
  name                   = "example-vhub"
  resource_group_name    = azurerm_resource_group.rg.name
  location               = azurerm_resource_group.rg.location
  address_prefix         = "172.16.0.0/23"
  hub_routing_preference = "ASPath"
  sku                    = azurerm_virtual_wan.vwan.type
  virtual_wan_id         = azurerm_virtual_wan.vwan.id
}

resource "azurerm_virtual_network" "vnet" {
  name                = "example-vnet"
  resource_group_name = azurerm_resource_group.rg.name
  location            = azurerm_resource_group.rg.location
  address_space       = ["192.168.1.0/24"]
}

resource "azurerm_virtual_hub_connection" "vhub" {
  name                      = "example-vhub-connection"
  virtual_hub_id            = azurerm_virtual_hub.vhub.id
  remote_virtual_network_id = azurerm_virtual_network.vnet.id
  internet_security_enabled = false

  routing {
    associated_route_table_id                 = azurerm_virtual_hub.vhub.default_route_table_id
    static_vnet_local_route_override_criteria = "Contains"

    propagated_route_table {
      labels          = ["none"]
      route_table_ids = [replace(azurerm_virtual_hub.vhub.default_route_table_id, "defaultRouteTable", "noneRouteTable")]
    }
  }
}

resource "azurerm_virtual_hub_route_table_route" "vhub_default" {
  route_table_id    = azurerm_virtual_hub_connection.vhub.routing.0.associated_route_table_id
  name              = "Catch_All_to_vHub"
  destinations      = ["0.0.0.0/0"]
  destinations_type = "CIDR"
  next_hop          = azurerm_virtual_hub_connection.vhub.id
  next_hop_type     = "ResourceId"
}

Debug Output/Panic Output

azurerm_virtual_hub_connection.vhub: Destroying... [id=/subscriptions/***/resourceGroups/example-rg/providers/Microsoft.Network/virtualHubs/example-vhub/hubVirtualNetworkConnections/example-vhub-connection]
╷
azurerm_virtual_hub_connection.vhub: Destroying... [id=/subscriptions/***/resourceGroups/example-rg/providers/Microsoft.Network/virtualHubs/example-vhub/hubVirtualNetworkConnections/example-vhub-connection]
│ Error: waiting for deletion of Hub Virtual Network Connection: (Name "example-vhub-connection" / Virtual Hub Name "example-vhub" / Resource Group "example-rg"): Code="CannotDeleteHubVnetConnectionDueToExistingRoutes" Message="VirtualHubVnetConnection 'example-vhub-connection' cannot be deleted because it is being used as a next hop in the routeTable '/subscriptions/***/resourceGroups/example-rg/providers/Microsoft.Network/virtualHubs/example-vhub/hubRouteTables/defaultRouteTable' in route '[\"Catch_All_to_vHub\"]'. Please remove the route before deleting the connection." Details=[]
│ 
Error: Process completed with exit code 1.

Expected Behaviour

If azurerm_virtual_hub_connection needs to be replaced and a route in a route table that was created by azurerm_virtual_hub_route_table_route is referencing that vhub connection then it should destroy and recreate it as necessary. I would understand if the route in question was not being managed by Terraform and so it's assuming it is not safe to destroy the resource but since Terraform is managing it I expect it to handle the replacement cleanly.

Actual Behaviour

It fails to destroy the vhub connection because it's being referenced by a route that is being managed by Terraform.

Steps to Reproduce

  1. Deploy
  2. Change name of vhub connection
  3. Fail

Important Factoids

No response

References

No response

hwwilliams avatar Feb 27 '24 02:02 hwwilliams

Thanks for raising this issue. Maybe adding "create_before_destroy" on azurerm_virtual_hub_connection is helpful for this situation.

neil-yechenwei avatar Feb 27 '24 09:02 neil-yechenwei

Thanks for raising this issue. Maybe adding "create_before_destroy" on azurerm_virtual_hub_connection is helpful for this situation.

No that doesn't help because then you get an error about how you can only have 1 vhub connection per vnet at a time.

hwwilliams avatar Feb 27 '24 22:02 hwwilliams

Please try to add "create_before_destroy" and only apply it. Once it's applied successfully, then the order is changed for above situation.

neil-yechenwei avatar Mar 15 '24 01:03 neil-yechenwei