404s in Read should remove state and not error

okta/policy.go

@@ -154,7 +154,7 @@ func getPolicy(d *schema.ResourceData, m interface{}) (*articulateOkta.Policy, e
 	policy, resp, err := client.Policies.GetPolicy(d.Id())
 
 	if is404(resp.StatusCode) {
-		return policy, nil
+		return nil, nil
 	}
 
 	return policy, err

okta/resource_okta_app_auto_login.go

@@ -92,6 +92,11 @@ func resourceAppAutoLoginRead(d *schema.ResourceData, m interface{}) error {
 	app := okta.NewAutoLoginApplication()
 	err := fetchApp(d, m, app)
 
+	if app == nil {
+		d.SetId("")
+		return nil
+	}
+
 	if err != nil {
 		return err
 	}

okta/resource_okta_app_bookmark.go

@@ -61,6 +61,11 @@ func resourceAppBookmarkRead(d *schema.ResourceData, m interface{}) error {
 	app := okta.NewBookmarkApplication()
 	err := fetchApp(d, m, app)
 
+	if app == nil {
+		d.SetId("")
+		return nil
+	}
+
 	if err != nil {
 		return err
 	}

okta/resource_okta_app_group_assignment.go

@@ -105,12 +105,17 @@ func resourceAppGroupAssignmentUpdate(d *schema.ResourceData, m interface{}) err
 }
 
 func resourceAppGroupAssignmentRead(d *schema.ResourceData, m interface{}) error {
-	g, _, err := getOktaClientFromMetadata(m).Application.GetApplicationGroupAssignment(
+	g, resp, err := getOktaClientFromMetadata(m).Application.GetApplicationGroupAssignment(
 		d.Get("app_id").(string),
 		d.Get("group_id").(string),
 		nil,
 	)
 
+	if is404(resp.StatusCode) {
+		d.SetId("")
+		return nil
+	}
+
 	if err != nil {
 		return err
 	}

okta/resource_okta_app_oauth.go

@@ -298,6 +298,11 @@ func resourceAppOAuthRead(d *schema.ResourceData, m interface{}) error {
 	app := okta.NewOpenIdConnectApplication()
 	err := fetchApp(d, m, app)
 
+	if app == nil {
+		d.SetId("")
+		return nil
+	}
+
 	if err != nil {
 		return err
 	}

okta/resource_okta_app_saml.go

@@ -356,6 +356,12 @@ func resourceAppSamlCreate(d *schema.ResourceData, m interface{}) error {
 func resourceAppSamlRead(d *schema.ResourceData, m interface{}) error {
 	app := okta.NewSamlApplication()
 	err := fetchApp(d, m, app)
+
+	if app == nil {
+		d.SetId("")
+		return nil
+	}
+
 	if err != nil {
 		return err
 	}

okta/resource_okta_app_secure_password_store.go

@@ -123,9 +123,15 @@ func resourceAppSecurePasswordStoreRead(d *schema.ResourceData, m interface{}) e
 	app := okta.NewSecurePasswordStoreApplication()
 	err := fetchApp(d, m, app)
 
+	if app == nil {
+		d.SetId("")
+		return nil
+	}
+
 	if err != nil {
 		return err
 	}
+
 	d.Set("password_field", app.Settings.App.PasswordField)
 	d.Set("username_field", app.Settings.App.UsernameField)
 	d.Set("url", app.Settings.App.Url)

okta/resource_okta_app_swa.go

@@ -82,6 +82,11 @@ func resourceAppSwaRead(d *schema.ResourceData, m interface{}) error {
 	app := okta.NewSwaApplication()
 	err := fetchApp(d, m, app)
 
+	if app == nil {
+		d.SetId("")
+		return nil
+	}
+
 	if err != nil {
 		return err
 	}

okta/resource_okta_app_three_field.go

@@ -80,6 +80,11 @@ func resourceAppThreeFieldRead(d *schema.ResourceData, m interface{}) error {
 	app := okta.NewSwaThreeFieldApplication()
 	err := fetchApp(d, m, app)
 
+	if app == nil {
+		d.SetId("")
+		return nil
+	}
+
 	if err != nil {
 		return err
 	}

okta/resource_okta_app_user.go

@@ -92,12 +92,17 @@ func resourceAppUserUpdate(d *schema.ResourceData, m interface{}) error {
 }
 
 func resourceAppUserRead(d *schema.ResourceData, m interface{}) error {
-	u, _, err := getOktaClientFromMetadata(m).Application.GetApplicationUser(
+	u, resp, err := getOktaClientFromMetadata(m).Application.GetApplicationUser(
 		d.Get("app_id").(string),
 		d.Get("user_id").(string),
 		nil,
 	)
 
+	if is404(resp.StatusCode) {
+		d.SetId("")
+		return nil
+	}
+
 	if err != nil {
 		return err
 	}

okta/resource_okta_app_user_base_schema.go

@@ -45,7 +45,8 @@ func resourceAppUserBaseSchemaRead(d *schema.ResourceData, m interface{}) error
 	if err != nil {
 		return err
 	} else if subschema == nil {
-		return fmt.Errorf("Okta did not return a subschema for \"%s\"", d.Id())
+		d.SetId("")
+		return nil
 	}
 
 	syncBaseUserSchema(d, subschema)

okta/resource_okta_app_user_schema.go

@@ -47,7 +47,8 @@ func resourceAppUserSchemaRead(d *schema.ResourceData, m interface{}) error {
 	if err != nil {
 		return err
 	} else if subschema == nil {
-		return fmt.Errorf("Okta did not return a subschema for \"%s\". This is a known limitation of Okta's API, these must be created one at a time to avoid overwritting. One way to do this is via depends_on, see link for example https://github.com/articulate/terraform-provider-okta/blob/master/examples/okta_user/custom_attributes.tf.", d.Id())
+		d.SetId("")
+		return nil
 	}
 
 	return syncUserSchema(d, subschema)

okta/resource_okta_auth_server.go

@@ -117,6 +117,12 @@ func resourceAuthServerExists(d *schema.ResourceData, m interface{}) (bool, erro
 
 func resourceAuthServerRead(d *schema.ResourceData, m interface{}) error {
 	authServer, err := fetchAuthServer(d, m)
+
+	if authServer == nil {
+		d.SetId("")
+		return nil
+	}
+
 	if err != nil {
 		return err
 	}

okta/resource_okta_auth_server_claim.go

@@ -99,6 +99,12 @@ func resourceAuthServerClaimExists(d *schema.ResourceData, m interface{}) (bool,
 
 func resourceAuthServerClaimRead(d *schema.ResourceData, m interface{}) error {
 	authServerClaim, err := fetchAuthServerClaim(d, m)
+
+	if authServerClaim == nil {
+		d.SetId("")
+		return nil
+	}
+
 	if err != nil {
 		return err
 	}

okta/resource_okta_auth_server_policy.go

@@ -1,9 +1,10 @@
 package okta
 
 import (
+	"net/http"
+
 	"github.com/articulate/terraform-provider-okta/sdk"
 	"github.com/hashicorp/terraform/helper/schema"
-	"net/http"
 )
 
 func resourceAuthServerPolicy() *schema.Resource {
@@ -86,6 +87,12 @@ func resourceAuthServerPolicyExists(d *schema.ResourceData, m interface{}) (bool
 
 func resourceAuthServerPolicyRead(d *schema.ResourceData, m interface{}) error {
 	authServerPolicy, err := fetchAuthServerPolicy(d, m)
+
+	if authServerPolicy == nil {
+		d.SetId("")
+		return nil
+	}
+
 	if err != nil {
 		return err
 	}

okta/resource_okta_auth_server_policy_rule.go

@@ -137,6 +137,12 @@ func resourceAuthServerPolicyRuleExists(d *schema.ResourceData, m interface{}) (
 
 func resourceAuthServerPolicyRuleRead(d *schema.ResourceData, m interface{}) error {
 	authServerPolicyRule, err := fetchAuthServerPolicyRule(d, m)
+
+	if authServerPolicyRule == nil {
+		d.SetId("")
+		return nil
+	}
+
 	if err != nil {
 		return err
 	}

okta/resource_okta_auth_server_scope.go

@@ -86,6 +86,12 @@ func resourceAuthServerScopeExists(d *schema.ResourceData, m interface{}) (bool,
 
 func resourceAuthServerScopeRead(d *schema.ResourceData, m interface{}) error {
 	authServerScope, err := fetchAuthServerScope(d, m)
+
+	if authServerScope == nil {
+		d.SetId("")
+		return nil
+	}
+
 	if err != nil {
 		return err
 	}

okta/resource_okta_factor.go

@@ -75,6 +75,12 @@ func resourceFactorDelete(d *schema.ResourceData, m interface{}) error {
 
 func resourceFactorRead(d *schema.ResourceData, m interface{}) error {
 	factor, err := findFactor(d, m)
+
+	if factor == nil {
+		d.SetId("")
+		return nil
+	}
+
 	if err != nil {
 		return err
 	}

okta/resource_okta_group.go

@@ -72,6 +72,12 @@ func resourceGroupExists(d *schema.ResourceData, m interface{}) (bool, error) {
 
 func resourceGroupRead(d *schema.ResourceData, m interface{}) error {
 	g, err := fetchGroup(d, m)
+
+	if g == nil {
+		d.SetId("")
+		return nil
+	}
+
 	if err != nil {
 		return err
 	}

okta/resource_okta_group_roles.go

@@ -77,7 +77,13 @@ func resourceGroupRolesCreate(d *schema.ResourceData, m interface{}) error {
 
 func resourceGroupRolesRead(d *schema.ResourceData, m interface{}) error {
 	groupId := d.Get("group_id").(string)
-	existingRoles, _, err := getSupplementFromMetadata(m).ListAdminRoles(groupId, nil)
+	existingRoles, resp, err := getSupplementFromMetadata(m).ListAdminRoles(groupId, nil)
+
+	if is404(resp.StatusCode) {
+		d.SetId("")
+		return nil
+	}
+
 	if err != nil {
 		return err
 	}

okta/resource_okta_group_rule.go

@@ -1,9 +1,10 @@
 package okta
 
 import (
-	"github.com/okta/okta-sdk-golang/okta"
 	"net/http"
 
+	"github.com/okta/okta-sdk-golang/okta"
+
 	"github.com/hashicorp/terraform/helper/schema"
 )
 
@@ -96,6 +97,12 @@ func resourceGroupRuleExists(d *schema.ResourceData, m interface{}) (bool, error
 
 func resourceGroupRuleRead(d *schema.ResourceData, m interface{}) error {
 	g, err := fetchGroupRule(d, m)
+
+	if g == nil {
+		d.SetId("")
+		return nil
+	}
+
 	if err != nil {
 		return err
 	}

okta/resource_okta_idp_oidc.go

@@ -99,6 +99,11 @@ func resourceIdpRead(d *schema.ResourceData, m interface{}) error {
 		return err
 	}
 
+	if idp == nil {
+		d.SetId("")
+		return nil
+	}
+
 	d.Set("name", idp.Name)
 	d.Set("type", idp.Type)
 	d.Set("max_clock_skew", idp.Policy.MaxClockSkew)

okta/resource_okta_idp_saml.go

@@ -97,6 +97,11 @@ func resourceIdpSamlRead(d *schema.ResourceData, m interface{}) error {
 		return err
 	}
 
+	if idp == nil {
+		d.SetId("")
+		return nil
+	}
+
 	d.Set("name", idp.Name)
 	d.Set("provisioning_action", idp.Policy.Provisioning.Action)
 	d.Set("deprovisioned_action", idp.Policy.Provisioning.Conditions.Deprovisioned.Action)

okta/resource_okta_idp_saml_signing_key.go

@@ -1,9 +1,10 @@
 package okta
 
 import (
+	"net/http"
+
 	"github.com/articulate/terraform-provider-okta/sdk"
 	"github.com/hashicorp/terraform/helper/schema"
-	"net/http"
 )
 
 func resourceIdpSigningKey() *schema.Resource {
@@ -71,7 +72,13 @@ func resourceIdpSigningKeyExists(d *schema.ResourceData, m interface{}) (bool, e
 }
 
 func resourceIdpSigningKeyRead(d *schema.ResourceData, m interface{}) error {
-	key, _, err := getSupplementFromMetadata(m).GetIdentityProviderCertificate(d.Id())
+	key, resp, err := getSupplementFromMetadata(m).GetIdentityProviderCertificate(d.Id())
+
+	if is404(resp.StatusCode) {
+		d.SetId("")
+		return nil
+	}
+
 	if err != nil {
 		return err
 	}

okta/resource_okta_idp_social.go

@@ -96,6 +96,11 @@ func resourceIdpSocialRead(d *schema.ResourceData, m interface{}) error {
 		return err
 	}
 
+	if idp == nil {
+		d.SetId("")
+		return nil
+	}
+
 	d.Set("name", idp.Name)
 	d.Set("max_clock_skew", idp.Policy.MaxClockSkew)
 	d.Set("provisioning_action", idp.Policy.Provisioning.Action)

okta/resource_okta_inline_hooks.go

@@ -140,10 +140,17 @@ func resourceInlineHookExists(d *schema.ResourceData, m interface{}) (bool, erro
 }
 
 func resourceInlineHookRead(d *schema.ResourceData, m interface{}) error {
-	hook, _, err := getSupplementFromMetadata(m).GetInlineHook(d.Id())
+	hook, resp, err := getSupplementFromMetadata(m).GetInlineHook(d.Id())
+
+	if is404(resp.StatusCode) {
+		d.SetId("")
+		return nil
+	}
+
 	if err != nil {
 		return err
 	}
+
 	d.Set("name", hook.Name)
 	d.Set("status", hook.Status)
 	d.Set("type", hook.Type)

okta/resource_okta_network_zone.go

@@ -66,10 +66,17 @@ func resourceNetworkZoneCreate(d *schema.ResourceData, m interface{}) error {
 }
 
 func resourceNetworkZoneRead(d *schema.ResourceData, m interface{}) error {
-	zone, _, err := getSupplementFromMetadata(m).GetNetworkZone(d.Id())
+	zone, resp, err := getSupplementFromMetadata(m).GetNetworkZone(d.Id())
+
+	if is404(resp.StatusCode) {
+		d.SetId("")
+		return nil
+	}
+
 	if err != nil {
 		return err
 	}
+
 	d.Set("name", zone.Name)
 	d.Set("type", zone.Type)