diff --git a/examples/user/devteam.tf b/examples/user/devteam.tf index 55b2b436..74845d3b 100644 --- a/examples/user/devteam.tf +++ b/examples/user/devteam.tf @@ -53,4 +53,7 @@ resource "gsuite_user" "developer" { type = "organization" value = "1234" } + + # If omitted or `true` existing GSuite users defined as Terraform resources will be imported by `terraform apply`. + update_existing = true } diff --git a/gsuite/config.go b/gsuite/config.go index 10887c15..1d812d0c 100644 --- a/gsuite/config.go +++ b/gsuite/config.go @@ -39,6 +39,8 @@ type Config struct { OauthScopes []string + UpdateExisting bool + directory *directory.Service groupSettings *groupSettings.Service diff --git a/gsuite/provider.go b/gsuite/provider.go index 8d160086..07d66ef8 100644 --- a/gsuite/provider.go +++ b/gsuite/provider.go @@ -43,6 +43,10 @@ func Provider() *schema.Provider { Optional: true, Default: 1, // 1 + (n*2) roof 16 = 1+2+4+8+16 = 31 seconds, 1 min should be "normal" operations }, + "update_existing": { + Type: schema.TypeBool, + Optional: true, + }, }, DataSourcesMap: map[string]*schema.Resource{ "gsuite_group": dataGroup(), @@ -111,12 +115,19 @@ func providerConfigure(d *schema.ResourceData, terraformVersion string) (interfa timeoutMinutes := d.Get("timeout_minutes").(int) oauthScopes := oauthScopesFromConfigOrDefault(d.Get("oauth_scopes").(*schema.Set)) + + updateExisting := true + if v, ok := d.GetOk("update_existing"); ok { + updateExisting = v.(bool) + } + config := Config{ Credentials: credentials, ImpersonatedUserEmail: impersonatedUserEmail, OauthScopes: oauthScopes, CustomerId: customerID, TimeoutMinutes: timeoutMinutes, + UpdateExisting: updateExisting, } if err := config.loadAndValidate(terraformVersion); err != nil { diff --git a/gsuite/resource_user.go b/gsuite/resource_user.go index b6fd18d3..a06a2369 100644 --- a/gsuite/resource_user.go +++ b/gsuite/resource_user.go @@ -320,6 +320,10 @@ func resourceUser() *schema.Resource { }, }, }, + "update_existing": { + Type: schema.TypeBool, + Optional: true, + }, }, } } @@ -429,41 +433,50 @@ func resourceUserCreate(d *schema.ResourceData, meta interface{}) error { user.Name = userName var err error - var existingUsers *directory.Users - err = retry(func() error { - existingUsers, err = config.directory.Users.List().Customer(config.CustomerId).Query("email:" + user.PrimaryEmail).Do() - return err - }, config.TimeoutMinutes) - var locatedUser *directory.User - for _, existingUser := range existingUsers.Users { - if existingUser.PrimaryEmail == user.PrimaryEmail { - locatedUser = existingUser - break - } + updateExisting := config.UpdateExisting + if v, ok := d.GetOk("update_existing"); ok { + updateExisting = v.(bool) } - if locatedUser != nil { - log.Printf("[INFO] found existing user %s", locatedUser.PrimaryEmail) + if updateExisting { + var existingUsers *directory.Users err = retry(func() error { - _, err = config.directory.Users.Update(locatedUser.Id, user).Do() + existingUsers, err = config.directory.Users.List().Customer(config.CustomerId).Query("email:" + user.PrimaryEmail).Do() return err }, config.TimeoutMinutes) - if err != nil { - return fmt.Errorf("[ERROR] Error updating existing user: %s", err) + var locatedUser *directory.User + for _, existingUser := range existingUsers.Users { + if existingUser.PrimaryEmail == user.PrimaryEmail { + locatedUser = existingUser + break + } } - err = userAliasesUpdate(config, locatedUser, aliases) + if locatedUser != nil { + log.Printf("[INFO] found existing user %s", locatedUser.PrimaryEmail) - if err != nil { - return err - } + err = retry(func() error { + _, err = config.directory.Users.Update(locatedUser.Id, user).Do() + return err + }, config.TimeoutMinutes) + + if err != nil { + return fmt.Errorf("[ERROR] Error updating existing user: %s", err) + } - log.Printf("[INFO] Updated user: %s", user.PrimaryEmail) - d.SetId(locatedUser.Id) - return resourceUserRead(d, meta) + err = userAliasesUpdate(config, locatedUser, aliases) + + if err != nil { + return err + } + + log.Printf("[INFO] Updated user: %s", user.PrimaryEmail) + d.SetId(locatedUser.Id) + return resourceUserRead(d, meta) + } } // Transimt password related state on account creation only.