fix: handle preexisting identity_group (#1010)

* detect preexisting identity group prior to creation, and suggest importing the resource in this case.
hashicorp · Jul 23, 2021 · 7d09bf0 · 7d09bf0
1 parent 1eb44c8
commit 7d09bf0
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 3 deletions.
diff --git a/vault/resource_identity_entity.go b/vault/resource_identity_entity.go
@@ -131,10 +131,10 @@ func identityEntityCreate(d *schema.ResourceData, meta interface{}) error {
 		}
 
 		return fmt.Errorf("Identity Entity %q already exists. %s", name, entityMsg)
+	} else {
+		log.Printf("[DEBUG] Wrote IdentityEntity %q", name)
 	}
 
-	log.Printf("[DEBUG] Wrote IdentityEntity %q", name)
-
 	d.SetId(resp.Data["id"].(string))
 
 	return identityEntityRead(d, meta)

diff --git a/vault/resource_identity_group.go b/vault/resource_identity_group.go
@@ -178,7 +178,19 @@ func identityGroupCreate(d *schema.ResourceData, meta interface{}) error {
 	if err != nil {
 		return fmt.Errorf("error writing IdentityGroup to %q: %s", name, err)
 	}
-	log.Printf("[DEBUG] Wrote IdentityGroup %q", resp.Data["name"])
+
+	if resp == nil {
+		path := identityGroupNamePath(name)
+		groupMsg := "Unable to determine group id."
+
+		if group, err := client.Logical().Read(path); err == nil {
+			groupMsg = fmt.Sprintf("Group resource ID %q may be imported.", group.Data["id"])
+		}
+
+		return fmt.Errorf("Identity Group %q already exists. %s", name, groupMsg)
+	} else {
+		log.Printf("[DEBUG] Wrote IdentityGroup %q", resp.Data["name"])
+	}
 
 	d.SetId(resp.Data["id"].(string))
 
@@ -279,6 +291,10 @@ func identityGroupExists(d *schema.ResourceData, meta interface{}) (bool, error)
 	return resp != nil, nil
 }
 
+func identityGroupNamePath(name string) string {
+	return fmt.Sprintf("%s/name/%s", identityGroupPath, name)
+}
+
 func identityGroupIDPath(id string) string {
 	return fmt.Sprintf("%s/id/%s", identityGroupPath, id)
 }

diff --git a/website/docs/r/identity_group.html.md b/website/docs/r/identity_group.html.md
@@ -67,3 +67,11 @@ The following arguments are supported:
 In addition to all arguments above, the following attributes are exported:
 
 * `id` - The `id` of the created group.
+
+## Import
+
+Identity group can be imported using the `id`, e.g.
+
+```
+$ terraform import vault_identity_group.test 'fcbf1efb-2b69-4209-bed8-811e3475dad3'
+```