[Bug]: hcloud_network_subnet not removing old connection to vSwitch

[vsalomaki]

What happened?

I have a vSwitch and I am connecting the Cloud network to a vSwitch using hcloud_network_subnet. While testing this setup I ran terraform apply/destroy multiple times and I noticed that the previously-destroyed connection can't be overriden using the hcloud_network_subnet module. That is, before the connection is evicted from the Robot-side after some minutes.

However, overriding the subnet-connection of a previously-destroyed vSwitch works fine with the hcloud-cli and the UI.

The error recorded is:

[DEBUG] provider.terraform-provider-hcloud_v1.53.1: HTTP/2.0 422 Unprocessable Entity
....
[DEBUG] provider.terraform-provider-hcloud_v1.53.1: {
[DEBUG] provider.terraform-provider-hcloud_v1.53.1:     "error": {
[DEBUG] provider.terraform-provider-hcloud_v1.53.1:         "code": "vswitch_id_already_used",
[DEBUG] provider.terraform-provider-hcloud_v1.53.1:         "message": "vswitch id already used by another network",
[DEBUG] provider.terraform-provider-hcloud_v1.53.1:         "details": null
[DEBUG] provider.terraform-provider-hcloud_v1.53.1:     }
[DEBUG] provider.terraform-provider-hcloud_v1.53.1: }

What did you expect to happen?

The hcloud_network_subnet-module to override the vSwitch-connection, when the previous connection has been already deleted. Or the connection from vSwitch to the no-longer-existing-subnet to be deleted at the same time as deletion of the subnet itself.

Please provide a minimal working example

Here is a minimal example, replace <vswitch_id> with an id of already existing vSwitch.

resource "hcloud_network" "test-network" {
  name     = "my-network"
  ip_range = "10.0.0.0/16"
}

resource "hcloud_network_subnet" "test-subnet-cloud" {
  type         = "cloud"
  network_id   = hcloud_network.test-network.id
  network_zone = "eu-central"
  ip_range     = "10.0.1.0/24"
}

resource "hcloud_network_subnet" "test-subnet-vswitch" {
  type         = "vswitch"
  network_id   = hcloud_network.test-network.id
  network_zone = "eu-central"
  ip_range     = "10.0.2.0/24"
  vswitch_id   = <vswitch_id>
}

terraform {
  required_version = ">= 1.8.0"
  required_providers {
    hcloud = {
      source  = "hetznercloud/hcloud"
      version = ">= 1.53.1"
    }
  }
}

Run with this command sequence:

# Works if the connection doesn't exist. Check in the UI Robot->Servers->vSwitches if the vSwitch is connected.
terraform apply -auto-approve 

# Doesn't destroy the connection from Robot-side. It does get auto-evicted after some time.
terraform destroy -auto-approve 

# Fails if the connection still exists. Works if the auto-eviction has run
terraform apply -auto-approve 

# However, this command does work right away without waiting for the auto-eviction
hcloud network add-subnet --debug --type vswitch --ip-range 10.0.2.0/24 --vswitch-id <vswitch_id> --network-zone eu-central <network_id>

[jooola]

Detaching from a vSwitch may take a long time (sometimes ~ 10 minutes). We are also lacking an action that could track the progress for this task to complete. Sadly, this is a known issue.