azuread_group prevent_duplicate_names Error instead of Warning

[akingscote]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritise this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritise the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

The azuread_group creation dosent seem to recognise existing groups and creates a new group every time. When i add the prevent_duplicate_names flag, it returns an error.

I am running deployments via CICD and this error is causing my pipelines to fail. I think that this message should be a Warning rather than an Error.

If you are managing your infrastructure via terraform, then presumably the existing group has been created by a previous terraform run and will be identical to the one you are trying to create. So it wont be a problem that the resource already exists, as it should look how you want it to look. In my opinion, its not an error. Its only really a problem if you are trying to create an existing group that is not created by terraform.

Im using terragrunt modules so importing the group isnt really an option with our structure. Ideally the azure ad group state would be properly managed as with other resources, but ill happily settle for the message not crashing our pipelines.

New or Affected Resource(s)

• azuread_group

Created a pull request here -> https://github.com/terraform-providers/terraform-provider-azuread/pull/304

[manicminer]

Hi @akingscote, thanks for raising this issue. It sounds like you might have misunderstood the behavior of the prevent_duplicate_names attribute. In Azure Active Directory, group names do not have to be unique, so this attribute enables you to avoid confusion (and duplication) by preventing creation of groups where one already exists with the same name. It's not necessarily true that an existing group can be assumed to have been created with Terraform.

If you are looking to manage an existing group (or any other resource) with Terraform, you'll need to import the resource using terraform import. This is a core feature of Terraform, not unique to this provider or this resource type. You can find instructions and an example towards the end of any documentation page for a given resource. In the case of groups, you'll need to find the object ID of the group and import it using:

terraform import azuread_group.my_group 10000000-2000-3000-4000-500000000000

(substituting your resource name and the actual group ID)

Hope this helps! Please feel free to comment further if this does not clarify the intended behaviour.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks!