Invalid organization_access on a tfe_team still creates team, but it's not in state

[nphilbrook]

Terraform Enterprise version

HCP Terraform

Terraform version

Terraform v1.12.2
on darwin_arm64
+ provider registry.terraform.io/hashicorp/aws v6.13.0
+ provider registry.terraform.io/hashicorp/hcp v0.109.0
+ provider registry.terraform.io/hashicorp/tfe v0.69.0
+ provider registry.terraform.io/hashicorp/time v0.13.1

Terraform Configuration Files

On initial run:

resource "tfe_team" "lz_admin_team" {
  name       = "lz-admin"
  visibility = "organization"

  organization_access {
    manage_workspaces = true
    manage_projects   = true
    manage_policies   = true
    manage_teams      = true
  }
}

On subsequent run:

resource "tfe_team" "lz_admin_team" {
  name       = "lz-admin"
  visibility = "organization"

  organization_access {
    manage_workspaces = true
    manage_projects   = true
    manage_policies   = true
    manage_teams      = true
    manage_membership = true
  }
}

Debug Output

Doesn't seem relevant, but I can grab it if absolutely needed.

Expected Behavior

Initial run fails, and subsequent run updates the team and access appropriately

Actual Behavior

On the initial run, I received an expected, valid error:

Error: Error creating team lz-admin for organization midgard-initiative: invalid attribute Manage teams cannot be true without manage membership permission

On the subsequent run, with the error corrected, I received the following error:

Error: Error creating team lz-admin for organization midgard-initiative: invalid attribute Name has already been taken

The TFE provider created the team on the first run, but did not record it in state. Leading to the second error. I would expect the first run to either:

• Not create the team
• Create the team and record it in state