It seems that user creation currently attempts to handle both new user creation and import and updates: (https://github.com/DeviaVir/terraform-provider-gsuite/blob/master/gsuite/resource_user.go#L464). I am curious why this pattern was chosen when typically we'd expect for all three actions to be independent and explicit?

My concern here is largely that the code assumes I want to update when in fact I may be trying to add a new user with a duplicate email by mistake. If that is the case I want to fail instead of updating the existing user with the new user details.

Further, if this happens it results in resource flapping between runs. Take for example the following use case:

1. A user is added with the following definition:

   resource "gsuite_user" "alexander_mcqueen" {
     name = {
       given_name  = "Alexander"
       family_name = "McQueen"
     }
   
     primary_email  = "alex@example.com"
     recovery_email = ""
     recovery_phone = ""
   }
   

2. At some time later, a user is added with the following definition:

   resource "gsuite_user" "alexandra_daddario" {
     name = {
       given_name  = "Alexandra"
       family_name = "Daddario"
     }
   
     primary_email  = "alex@example.com"
     recovery_email = ""
     recovery_phone = ""
   }
   

The current code allows for this but results in the two resources both pointing to the same gsuite user. As a result alternating runs of terraform switch the users given_name and family_name back and forth.

I am happy to submit a pull request that removes the current update logic in the gsuite.resourceUserCreate method in favor of making creation fail. I only opened an issue before doing so because this is a breaking change and wanted to get your opinion about this first. If you agree that this is a bug, I can move forward.

@joshua-rutherford I agree this is a bug and the logic is flawed, we should not be able to have two terraform resources connected to the same email and trading updates.