From 0684384751ef937746c39128fccb23c6f30ea66b Mon Sep 17 00:00:00 2001
From: Sergiu Ghitea <28300158+sergiught@users.noreply.github.com>
Date: Tue, 20 Jun 2023 19:13:16 +0200
Subject: [PATCH] DXCDT-473: Fix how we guard against erasing unwanted changes
 in resources (#645)

---
 .../organization/resource_connections.go      | 33 ++++++++++++++-----
 .../auth0/organization/resource_members.go    | 19 ++++++++---
 2 files changed, 40 insertions(+), 12 deletions(-)

diff --git a/internal/auth0/organization/resource_connections.go b/internal/auth0/organization/resource_connections.go
index e45eb49f4..e1b22b195 100644
--- a/internal/auth0/organization/resource_connections.go
+++ b/internal/auth0/organization/resource_connections.go
@@ -89,15 +89,18 @@ func createOrganizationConnections(ctx context.Context, data *schema.ResourceDat
 		return diagnostics
 	}
 
-	var result *multierror.Error
-	for _, connection := range connectionsToAdd {
-		if err := api.Organization.AddConnection(organizationID, connection); err != nil {
-			result = multierror.Append(result, err)
+	if len(connectionsToAdd) > len(alreadyEnabledConnections.OrganizationConnections) {
+		var result *multierror.Error
+
+		for _, connection := range connectionsToAdd {
+			if err := api.Organization.AddConnection(organizationID, connection); err != nil {
+				result = multierror.Append(result, err)
+			}
 		}
-	}
 
-	if result.ErrorOrNil() != nil {
-		return diag.FromErr(result.ErrorOrNil())
+		if result.ErrorOrNil() != nil {
+			return diag.FromErr(result.ErrorOrNil())
+		}
 	}
 
 	return readOrganizationConnections(ctx, data, meta)
@@ -198,11 +201,25 @@ func guardAgainstErasingUnwantedConnections(
 		return nil
 	}
 
+	alreadyEnabledConnectionsIDs := make([]string, 0)
+	for _, conn := range alreadyEnabledConnections {
+		alreadyEnabledConnectionsIDs = append(alreadyEnabledConnectionsIDs, conn.GetConnectionID())
+	}
+
+	connectionIDsToAdd := make([]string, 0)
+	for _, conn := range connectionsToAdd {
+		connectionIDsToAdd = append(connectionIDsToAdd, conn.GetConnectionID())
+	}
+
+	if cmp.Equal(connectionIDsToAdd, alreadyEnabledConnectionsIDs) {
+		return nil
+	}
+
 	return diag.Diagnostics{
 		diag.Diagnostic{
 			Severity: diag.Error,
 			Summary:  "Organization with non empty enabled connections",
-			Detail: cmp.Diff(connectionsToAdd, alreadyEnabledConnections) +
+			Detail: cmp.Diff(connectionIDsToAdd, alreadyEnabledConnectionsIDs) +
 				fmt.Sprintf("\nThe organization already has enabled connections attached to it. "+
 					"Import the resource instead in order to proceed with the changes. "+
 					"Run: 'terraform import auth0_organization_connections.<given-name> %s'.", organizationID),
diff --git a/internal/auth0/organization/resource_members.go b/internal/auth0/organization/resource_members.go
index e5a83cd33..9da13c31e 100644
--- a/internal/auth0/organization/resource_members.go
+++ b/internal/auth0/organization/resource_members.go
@@ -72,8 +72,10 @@ func createOrganizationMembers(ctx context.Context, data *schema.ResourceData, m
 		return diagnostics
 	}
 
-	if err := api.Organization.AddMembers(organizationID, membersToAdd); err != nil {
-		return diag.FromErr(err)
+	if len(membersToAdd) > len(alreadyMembers.Members) {
+		if err := api.Organization.AddMembers(organizationID, membersToAdd); err != nil {
+			return diag.FromErr(err)
+		}
 	}
 
 	return readOrganizationMembers(ctx, data, meta)
@@ -166,17 +168,26 @@ func deleteOrganizationMembers(_ context.Context, data *schema.ResourceData, met
 func guardAgainstErasingUnwantedMembers(
 	organizationID string,
 	alreadyMembers []management.OrganizationMember,
-	membersToAdd []string,
+	memberIDsToAdd []string,
 ) diag.Diagnostics {
 	if len(alreadyMembers) == 0 {
 		return nil
 	}
 
+	alreadyMemberIDs := make([]string, 0)
+	for _, member := range alreadyMembers {
+		alreadyMemberIDs = append(alreadyMemberIDs, member.GetUserID())
+	}
+
+	if cmp.Equal(memberIDsToAdd, alreadyMemberIDs) {
+		return nil
+	}
+
 	return diag.Diagnostics{
 		diag.Diagnostic{
 			Severity: diag.Error,
 			Summary:  "Organization with non empty members",
-			Detail: cmp.Diff(membersToAdd, alreadyMembers) +
+			Detail: cmp.Diff(memberIDsToAdd, alreadyMemberIDs) +
 				fmt.Sprintf("\nThe organization already has members attached to it. "+
 					"Import the resource instead in order to proceed with the changes. "+
 					"Run: 'terraform import auth0_organization_members.<given-name> %s'.", organizationID),