`terraform plan` fails when gsuite group is "manually" removed

[opdecirkel]

When creating gsuite_group and accompanying gsuite_group_members using terraform and (this) gsuite provider, then remove the group (outside terraform, e.g. using the admin UI), terraform plan fails with Error: googleapi: Error 404: Resource Not Found: groupKey, notFound

How to reproduce:

1. Create terraform module for the group:

provider "gsuite" {
  impersonated_user_email = "me@mydomain.com"
  oauth_scopes = [
    "https://www.googleapis.com/auth/admin.directory.group",
    "https://www.googleapis.com/auth/admin.directory.user"
  ]
}
resource "gsuite_group" "tf-plugin-error" {
  email       = "tf-plugin-error@mydomain.com"
  name        = "Tf Plugin Error"
  description = "Reproduce Gsuite Tf Plugin Error"
}
resource "gsuite_group_members" "tf-plugin-error" {
  group_email = gsuite_group.tf-plugin-error.email

  member {
    email = "me@mydomain.com"
    role = "OWNER"
  }
}

2. Run terraform apply
3. Go to https://admin.google.com or https://groups.google.com and remove the group
4. Running terrafoorm plan will fail with:

Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.

gsuite_group.tf-plugin-error: Refreshing state... [id=049x2ik52rn0w79]
gsuite_group_members.tf-plugin-error: Refreshing state... [id=tf-plugin-error@mydomain.com]

Error: googleapi: Error 404: Resource Not Found: groupKey, notFound

$ terraform version
Terraform v0.12.10
+ provider.gsuite v0.1.34

[DeviaVir]

Not sure if you care but the group id of your domain is in the step 4 code.

I think you can work around this now by using a simple terraform state rm gsuite_group_members.tf-plugin-error but we should do something better here

[opdecirkel]

@DeviaVir That is a workaround I use, but when you have many groups it hard to find what actually broke because the log message does not say. Also if this is part of automated workflow, it breaks it