Error when updating members via "googleworkspace_group_members"

Terraform Version

Run terraform -v to show the version. If you are not running the latest version of Terraform, please upgrade because your issue may have already been fixed.

Terraform v1.5.2
+ provider registry.terraform.io/hashicorp/google v4.70.0
+ provider registry.terraform.io/hashicorp/googleworkspace v0.7.0

Affected Resource(s)

Please list the resources as a list, for example:

googleworkspace_group_members

Terraform Configuration Files

resource "googleworkspace_group_members" "group_a" {
  group_id = "group-a@example.com"

  members {
    email             = "owner-1@example.com"
    role              = "OWNER"
    type              = "USER"
    delivery_settings = "ALL_MAIL"
  }

  # Add regular users
  dynamic "members" {
    for_each = {
      for user in local.users : user.primary_email => user if contains(user.groups == null ? [] : user.groups, "group-a")
    }
    iterator = user

    content {
      email             = user.value["primary_email"]
      role              = "MEMBER"
      type              = "USER"
      delivery_settings = "ALL_MAIL"
    }
  }
}

Expected Behavior

Update the member with the new member list (remove/add member accordingly to the new list).

Actual Behavior

When a user is a member of the group but not in the new configuration it stays member of the group
When a user is already a member the plan fails because Error: googleapi: Error 409: Member already exists., duplicate.

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

terraform apply

Workaround

Use googleworkspace_group_member instead of googleworkspace_group_members.

However I would prefer to use the plural version for simplicity. Is this a bug or it is by design?

I am try to define an authoritative configuration so that if users get added by other means I have a convenient way to restore the desired group membewrhsip.

hashicorp / terraform-provider-googleworkspace