prevent_duplicate_names prevents aad group from being recreated

[josh-barker]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritise this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritise the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureAD Provider) Version

terraform version
Terraform v1.0.11
on darwin_amd64
+ provider registry.terraform.io/hashicorp/azuread v2.12.0

Affected Resource(s)

• azuread_group

Steps to Reproduce

Step 1: Create AAD Group

resource "azuread_group" "example" {
  display_name = "example"

  prevent_duplicate_names = true
  security_enabled = true

  # assignable_to_role = true
}

terraform apply -auto-approve
...
azuread_group.example: Creating...
azuread_group.example: Creation complete after 1s [id=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

Step 2: Modify AAD Group that causes replacement

resource "azuread_group" "example" {
  display_name = "example"

  prevent_duplicate_names = true
  security_enabled = true

  assignable_to_role = true # forceNew is true on this property
}

terraform apply -auto-approve
azuread_group.example: Refreshing state... [id=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx]
╷
│ Error: An existing "azuread_group" with name "example" (ID: "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx") was found and `prevent_duplicate_names` was specified. To be managed via Terraform, this resource needs to be imported into the State. Please see the resource documentation for "azuread_group" for more information.
│ 
│   with azuread_group.example,
│   on main.tf line 5, in resource "azuread_group" "example":
│    5: resource "azuread_group" "example" {

Expected behaviour

The group is updated and replaced without error.

Important Factoids

This error also can be seen when importing an AAD Group and running a plan.

[manicminer]

Hi @josh-barker, thanks for reporting this. I believe the error during recreate is due to an eventual consistency issue with the API, which we might be able to mitigate.

For the import case, can you expand a little more how you're able to trigger this error? Thanks!

[josh-barker]

Hi @manicminer,

I've just updated the description. To replicate the problem, follow the replication case:

1. Create an AAD group
2. Update the AAD group

I'll work on a small PR to show a failing test case and a potential solution.

[DesideriusE]

Nearly a year has passed and this bug is still present in provider v2.31.0. Yet a fix is available as a PR in #702. Could somebody just click on the merge button please?

[DesideriusE]

I would also like to point out that the 'prevent_duplicate_names' does not prevent the duplicate group names to be created by a terraform manifest if a pre-existing group was made in azuread by other means. It would be useful to have terraform (with the 'prevent_duplicate_names' on) insist on importing this resource as it does in many other circumstances.

[manicminer]

@DesideriusE That is precisely what the prevent_duplicate_names property does.

[github-actions[bot]]

This functionality has been released in v2.33.0 of the Terraform Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[github-actions[bot]]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.