support disabling exsiting user import on creation

examples/user/devteam.tf

@@ -53,4 +53,7 @@ resource "gsuite_user" "developer" {
     type  = "organization"
     value = "1234"
   }
+
+  # If omitted or `true` existing GSuite users defined as Terraform will be imported by `terraform apply`.
+  update_existing = true
 }

gsuite/config.go

@@ -39,6 +39,8 @@ type Config struct {
 
 	OauthScopes []string
 
+	UpdateExisting bool
+
 	directory *directory.Service
 
 	groupSettings *groupSettings.Service

gsuite/provider.go

@@ -43,6 +43,10 @@ func Provider() *schema.Provider {
 				Optional: true,
 				Default:  1, // 1 + (n*2) roof 16 = 1+2+4+8+16 = 31 seconds, 1 min should be "normal" operations
 			},
+			"update_existing": {
+				Type:     schema.TypeBool,
+				Optional: true,
+			},
 		},
 		DataSourcesMap: map[string]*schema.Resource{
 			"gsuite_group":           dataGroup(),
@@ -111,12 +115,19 @@ func providerConfigure(d *schema.ResourceData, terraformVersion string) (interfa
 	timeoutMinutes := d.Get("timeout_minutes").(int)
 
 	oauthScopes := oauthScopesFromConfigOrDefault(d.Get("oauth_scopes").(*schema.Set))
+
+	updateExisting := true
+	if v, ok := d.GetOk("update_existing"); ok {
+		updateExisting = v.(bool)
+	}
+
 	config := Config{
 		Credentials:           credentials,
 		ImpersonatedUserEmail: impersonatedUserEmail,
 		OauthScopes:           oauthScopes,
 		CustomerId:            customerID,
 		TimeoutMinutes:        timeoutMinutes,
+		UpdateExisting:        updateExisting,
 	}
 
 	if err := config.loadAndValidate(terraformVersion); err != nil {

gsuite/resource_user.go

@@ -320,6 +320,10 @@ func resourceUser() *schema.Resource {
 					},
 				},
 			},
+			"update_existing": {
+				Type:     schema.TypeBool,
+				Optional: true,
+			},
 		},
 	}
 }
@@ -429,41 +433,50 @@ func resourceUserCreate(d *schema.ResourceData, meta interface{}) error {
 	user.Name = userName
 
 	var err error
-	var existingUsers *directory.Users
-	err = retry(func() error {
-		existingUsers, err = config.directory.Users.List().Customer(config.CustomerId).Query("email:" + user.PrimaryEmail).Do()
-		return err
-	}, config.TimeoutMinutes)
 
-	var locatedUser *directory.User
-	for _, existingUser := range existingUsers.Users {
-		if existingUser.PrimaryEmail == user.PrimaryEmail {
-			locatedUser = existingUser
-			break
-		}
+	updateExisting := config.UpdateExisting
+	if v, ok := d.GetOk("update_existing"); ok {
+		updateExisting = v.(bool)
 	}
 
-	if locatedUser != nil {
-		log.Printf("[INFO] found existing user %s", locatedUser.PrimaryEmail)
+	if updateExisting {
 
+		var existingUsers *directory.Users
 		err = retry(func() error {
-			_, err = config.directory.Users.Update(locatedUser.Id, user).Do()
+			existingUsers, err = config.directory.Users.List().Customer(config.CustomerId).Query("email:" + user.PrimaryEmail).Do()
 			return err
 		}, config.TimeoutMinutes)
 
-		if err != nil {
-			return fmt.Errorf("[ERROR] Error updating existing user: %s", err)
+		var locatedUser *directory.User
+		for _, existingUser := range existingUsers.Users {
+			if existingUser.PrimaryEmail == user.PrimaryEmail {
+				locatedUser = existingUser
+				break
+			}
 		}
 
-		err = userAliasesUpdate(config, locatedUser, aliases)
+		if locatedUser != nil {
+			log.Printf("[INFO] found existing user %s", locatedUser.PrimaryEmail)
 
-		if err != nil {
-			return err
-		}
+			err = retry(func() error {
+				_, err = config.directory.Users.Update(locatedUser.Id, user).Do()
+				return err
+			}, config.TimeoutMinutes)
+
+			if err != nil {
+				return fmt.Errorf("[ERROR] Error updating existing user: %s", err)
+			}
 
-		log.Printf("[INFO] Updated user: %s", user.PrimaryEmail)
-		d.SetId(locatedUser.Id)
-		return resourceUserRead(d, meta)
+			err = userAliasesUpdate(config, locatedUser, aliases)
+
+			if err != nil {
+				return err
+			}
+
+			log.Printf("[INFO] Updated user: %s", user.PrimaryEmail)
+			d.SetId(locatedUser.Id)
+			return resourceUserRead(d, meta)
+		}
 	}
 
 	// Transimt password related state on account creation only.