Expand PR899 to also cover Entity Groups

vault/resource_identity_entity.go

@@ -115,10 +115,10 @@ func identityEntityCreate(d *schema.ResourceData, meta interface{}) error {
 		}
 
 		return fmt.Errorf("Identity Entity %q already exists. %s", name, entityMsg)
+	} else {
+		log.Printf("[DEBUG] Wrote IdentityEntity %q", name)
 	}
 
-	log.Printf("[DEBUG] Wrote IdentityEntity %q", name)
-
 	d.SetId(resp.Data["id"].(string))
 
 	return identityEntityRead(d, meta)

vault/resource_identity_group.go

@@ -156,7 +156,19 @@ func identityGroupCreate(d *schema.ResourceData, meta interface{}) error {
 	if err != nil {
 		return fmt.Errorf("error writing IdentityGroup to %q: %s", name, err)
 	}
-	log.Printf("[DEBUG] Wrote IdentityGroup %q", resp.Data["name"])
+
+	if resp == nil {
+		path := identityGroupNamePath(name)
+		groupMsg := "Unable to determine group id."
+
+		if group, err := client.Logical().Read(path); err == nil {
+			groupMsg = fmt.Sprintf("Group resource ID %q may be imported.", group.Data["id"])
+		}
+
+		return fmt.Errorf("Identity Group %q already exists. %s", name, groupMsg)
+	} else {
+		log.Printf("[DEBUG] Wrote IdentityGroup %q", resp.Data["name"])
+	}
 
 	d.SetId(resp.Data["id"].(string))
 
@@ -257,6 +269,10 @@ func identityGroupExists(d *schema.ResourceData, meta interface{}) (bool, error)
 	return resp != nil, nil
 }
 
+func identityGroupNamePath(name string) string {
+	return fmt.Sprintf("%s/name/%s", identityGroupPath, name)
+}
+
 func identityGroupIDPath(id string) string {
 	return fmt.Sprintf("%s/id/%s", identityGroupPath, id)
 }

website/docs/r/identity_group.html.md

@@ -67,3 +67,11 @@ The following arguments are supported:
 In addition to all arguments above, the following attributes are exported:
 
 * `id` - The `id` of the created group.
+
+## Import
+
+Identity group can be imported using the `id`, e.g.
+
+```
+$ terraform import vault_identity_group.test 'fcbf1efb-2b69-4209-bed8-811e3475dad3'
+```