appliance_sdwan_internet_policies deletion does nothing, which blocks appliance_vlans deletion

[vozhyk-]

When appliance_sdwan_internet_policies uses a subnet configured in appliance_vlans,
appliance_vlans deletion fails even when it's done after appliance_sdwan_internet_policies deletion.

module.meraki.meraki_appliance_vlan.networks_appliance_vlans["EMEA/Dev-WB/netascode-network-01/20"]: Destroying... [id=20]
module.meraki.meraki_appliance_vlan.networks_appliance_vlans["EMEA/Dev-WB/netascode-network-01/20"]: Still destroying... [id=20, 10s elapsed]
module.meraki.meraki_appliance_vlan.networks_appliance_vlans["EMEA/Dev-WB/netascode-network-01/20"]: Still destroying... [id=20, 20s elapsed]
╷
│ Error: Client Error
│
│ Failed to delete object (DELETE), got error: HTTP Request failed: StatusCode 400, {"errors":["The IP address range for traffic filter with src: 192.168.20.0/24
│ does not apply to any configured subnets."]} 

This is due to appliance_sdwan_internet_policies deletion doing nothing, so the config remains and still refers to the subnet configured in appliance_vlans, and the API blocks deletion of the latter.

1. Delete appliance_sdwan_internet_policies:

  # module.meraki.meraki_appliance_sdwan_internet_policies.networks_appliance_sdwan_internet_policies["EMEA/Dev-WB/netascode-network-01"] will be destroyed
  # (because key ["EMEA/Dev-WB/netascode-network-01"] is not in for_each map)
  - resource "meraki_appliance_sdwan_internet_policies" "networks_appliance_sdwan_internet_policies" {
      - id                             = "L_4005951868546056935" -> null
      - network_id                     = "L_4005951868546056935" -> null
      - wan_traffic_uplink_preferences = [
          - {
              - builtin_performance_class_name = "VoIP" -> null
              - fail_over_criterion            = "poorPerformance" -> null
              - performance_class_type         = "builtin" -> null
              - preferred_uplink               = "wan1" -> null
              - traffic_filters                = [
                  - {
                      - destination_cidr = "any" -> null
                      - destination_port = "any" -> null
                      - protocol         = "tcp" -> null
                      - source_cidr      = "any" -> null
                      - source_port      = "1-1024" -> null
                      - type             = "custom" -> null
                    },
                ] -> null
            },
          - {
              - builtin_performance_class_name = "VoIP" -> null
              - fail_over_criterion            = "poorPerformance" -> null
              - performance_class_type         = "builtin" -> null
              - preferred_uplink               = "wan1" -> null
              - traffic_filters                = [
                  - {
                      - destination_applications = [
                          - {
                              - id   = "meraki:layer7/application/1" -> null
                              - name = "Office 365 Suite" -> null
                              - type = "major" -> null
                            },
                        ] -> null
                      - protocol                 = "udp" -> null
                      - source_cidr              = "any" -> null
                      - source_port              = "1-1024" -> null
                      - type                     = "majorApplication" -> null
                    },
                ] -> null
            },
          - {
              - builtin_performance_class_name = "VoIP" -> null
              - fail_over_criterion            = "poorPerformance" -> null
              - performance_class_type         = "builtin" -> null
              - preferred_uplink               = "wan1" -> null
              - traffic_filters                = [
                  - {
                      - destination_applications = [
                          - {
                              - id   = "meraki:layer7/application/7" -> null
                              - name = "Rackspace Hosted Exchange" -> null
                              - type = "nbar" -> null
                            },
                          - {
                              - id   = "meraki:layer7/application/39" -> null
                              - name = "Hotmail" -> null
                              - type = "nbar" -> null
                            },
                        ] -> null
                      - protocol                 = "any" -> null
                      - source_cidr              = "192.168.20.0/24" -> null
                      - type                     = "application" -> null
                    },
                ] -> null
            },
        ] -> null
    }

This does not log a request being made in debug logs:

module.meraki.meraki_appliance_sdwan_internet_policies.networks_appliance_sdwan_internet_policies["EMEA/Dev-WB/netascode-network-01"]: Destroying... [id=L_4005951868546056935]
2025-05-23T14:52:24.513+0200 [INFO]  Starting apply for module.meraki.meraki_appliance_sdwan_internet_policies.networks_appliance_sdwan_internet_policies["EMEA/Dev-WB/netascode-network-01"]
2025-05-23T14:52:24.513+0200 [DEBUG] module.meraki.meraki_appliance_sdwan_internet_policies.networks_appliance_sdwan_internet_policies["EMEA/Dev-WB/netascode-network-01"]: applying the planned Delete change
2025-05-23T14:52:24.516+0200 [DEBUG] provider.terraform-provider-meraki: L_4005951868546056935: Beginning Delete: tf_resource_type=meraki_appliance_sdwan_internet_policies tf_rpc=ApplyResourceChange tf_req_id=9e8f5d10-7ccb-5de0-1d20-32712438309e @caller=/Users/wbajaryn/dev/cx/terraform-provider-meraki/internal/provider/resource_meraki_appliance_sdwan_internet_policies.go:298 @module=meraki tf_provider_addr=registry.terraform.io/CiscoDevNet/meraki timestamp="2025-05-23T14:52:24.516+0200"
2025-05-23T14:52:24.516+0200 [DEBUG] provider.terraform-provider-meraki: L_4005951868546056935: Delete finished successfully: tf_rpc=ApplyResourceChange @module=meraki tf_provider_addr=registry.terraform.io/CiscoDevNet/meraki tf_req_id=9e8f5d10-7ccb-5de0-1d20-32712438309e tf_resource_type=meraki_appliance_sdwan_internet_policies @caller=/Users/wbajaryn/dev/cx/terraform-provider-meraki/internal/provider/resource_meraki_appliance_sdwan_internet_policies.go:300 timestamp="2025-05-23T14:52:24.516+0200"
module.meraki.meraki_appliance_sdwan_internet_policies.networks_appliance_sdwan_internet_policies["EMEA/Dev-WB/netascode-network-01"]: Destruction complete after 0s

The organization-level beta GET endpoint still returns the config:

% curl -L --request GET \
--url https://api.meraki.com/api/v1/organizations/"$api_organization_id"/appliance/sdwan/internetPolicies \
--header 'Authorization: Bearer '"$MERAKI_API_KEY" \
--header 'Accept: application/json' | jq .
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1283    0  1283    0     0   2812      0 --:--:-- --:--:-- --:--:--  2807
{
  "items": [
    {
      "wanTrafficUplinkPreferences": [
        {
          "trafficFilters": [
            {
              "type": "custom",
              "value": {
                "protocol": "tcp",
                "source": {
                  "port": "1-1024",
                  "cidr": "any"
                },
                "destination": {
                  "applications": null,
                  "cidr": "any",
                  "port": "any"
                }
              }
            }
          ],
          "preferredUplink": "wan1",
          "failOverCriterion": "poorPerformance",
          "performanceClass": {
            "type": "builtin",
            "builtinPerformanceClassName": "VoIP"
          }
        },
        {
          "trafficFilters": [
            {
              "type": "majorApplication",
              "value": {
                "protocol": "udp",
                "source": {
                  "port": "1-1024",
                  "cidr": "any"
                },
                "destination": {
                  "applications": [
                    {
                      "id": "meraki:layer7/application/1",
                      "name": "Office 365 Suite",
                      "type": "major"
                    }
                  ],
                  "cidr": null,
                  "port": null
                }
              }
            }
          ],
          "preferredUplink": "wan1",
          "failOverCriterion": "poorPerformance",
          "performanceClass": {
            "type": "builtin",
            "builtinPerformanceClassName": "VoIP"
          }
        },
        {
          "trafficFilters": [
            {
              "type": "application",
              "value": {
                "protocol": "any",
                "source": {
                  "cidr": "192.168.20.0/24",
                  "port": "any"
                },
                "destination": {
                  "applications": [
                    {
                      "id": "meraki:layer7/application/7",
                      "name": "Rackspace Hosted Exchange",
                      "type": "nbar"
                    },
                    {
                      "id": "meraki:layer7/application/39",
                      "name": "Hotmail",
                      "type": "nbar"
                    }
                  ],
                  "cidr": null,
                  "port": null
                }
              }
            }
          ],
          "preferredUplink": "wan1",
          "failOverCriterion": "poorPerformance",
          "performanceClass": {
            "type": "builtin",
            "builtinPerformanceClassName": "VoIP"
          }
        }
      ],
      "networkId": "L_4005951868546056935",
      "networkName": "netascode-network-01"
    }
  ]
}

2. Delete appliance_vlans:

<...>
  # module.meraki.meraki_appliance_vlan.networks_appliance_vlans["EMEA/Dev-WB/netascode-network-01/20"] will be destroyed
  - resource "meraki_appliance_vlan" "networks_appliance_vlans" {
      - appliance_ip = "192.168.20.1" -> null
      - id           = "20" -> null
      - name         = "VLAN20" -> null
      - network_id   = "L_4005951868546056935" -> null
      - subnet       = "192.168.20.0/24" -> null
      - vlan_id      = "20" -> null
    }
<...>

This fails:

module.meraki.meraki_appliance_vlan.networks_appliance_vlans["EMEA/Dev-WB/netascode-network-01/20"]: Destroying... [id=20]
2025-05-23T15:18:24.328+0200 [INFO]  Starting apply for module.meraki.meraki_appliance_vlan.networks_appliance_vlans["EMEA/Dev-WB/netascode-network-01/20"]
2025-05-23T15:18:24.328+0200 [DEBUG] module.meraki.meraki_appliance_vlan.networks_appliance_vlans["EMEA/Dev-WB/netascode-network-01/20"]: applying the planned Delete change
2025-05-23T15:18:24.329+0200 [DEBUG] provider.terraform-provider-meraki: 20: Beginning Delete: @module=meraki @caller=/Users/wbajaryn/dev/cx/terraform-provider-meraki/internal/provider/resource_meraki_appliance_vlan.go:390 tf_provider_addr=registry.terraform.io/CiscoDevNet/meraki tf_req_id=c237e5d4-07ff-2814-c488-3ac8fefbe91a tf_resource_type=meraki_appliance_vlan tf_rpc=ApplyResourceChange timestamp="2025-05-23T15:18:24.329+0200"
2025-05-23T15:18:24.329+0200 [DEBUG] provider.terraform-provider-meraki: 2025/05/23 15:18:24 REQUEST --------------------------
2025-05-23T15:18:24.329+0200 [DEBUG] provider.terraform-provider-meraki: 2025/05/23 15:18:24 DELETE https://api.meraki.com/api/v1/networks/L_4005951868546056935/appliance/vlans/20
2025-05-23T15:18:24.329+0200 [DEBUG] provider.terraform-provider-meraki: 2025/05/23 15:18:24 Authorization: ****
2025-05-23T15:18:24.329+0200 [DEBUG] provider.terraform-provider-meraki: 2025/05/23 15:18:24 User-Agent: [go-meraki netascode]
2025-05-23T15:18:24.329+0200 [DEBUG] provider.terraform-provider-meraki: 2025/05/23 15:18:24 Content-Type: [application/json]
2025-05-23T15:18:24.329+0200 [DEBUG] provider.terraform-provider-meraki: 2025/05/23 15:18:24 Accept: [application/json]
2025-05-23T15:18:24.329+0200 [DEBUG] provider.terraform-provider-meraki: 2025/05/23 15:18:24 --------------------------
2025-05-23T15:18:24.641+0200 [DEBUG] provider.terraform-provider-meraki: 2025/05/23 15:18:24 RESPONSE 400 --------------------------
2025-05-23T15:18:24.641+0200 [DEBUG] provider.terraform-provider-meraki: 2025/05/23 15:18:24 {
2025-05-23T15:18:24.641+0200 [DEBUG] provider.terraform-provider-meraki: 2025/05/23 15:18:24   "errors": [
2025-05-23T15:18:24.641+0200 [DEBUG] provider.terraform-provider-meraki: 2025/05/23 15:18:24     "The IP address range for traffic filter with src: 192.168.20.0/24 does not apply to any configured subnets."
2025-05-23T15:18:24.641+0200 [DEBUG] provider.terraform-provider-meraki: 2025/05/23 15:18:24   ]
2025-05-23T15:18:24.641+0200 [DEBUG] provider.terraform-provider-meraki: 2025/05/23 15:18:24 }
2025-05-23T15:18:24.641+0200 [DEBUG] provider.terraform-provider-meraki: 2025/05/23 15:18:24 --------------------------

3. Manually setting internetPolicies to [] unblocks appliance_vlans deletion.

% curl -L --request PUT \
--url https://api.meraki.com/api/v1/networks/"$api_network_id"/appliance/sdwan/internetPolicies \
--header 'Authorization: Bearer '"$MERAKI_API_KEY" \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--data '{
      "wanTrafficUplinkPreferences": []
}' | jq .