Can anyone clarify why terraform apply fails with a 409 Conflict on genesyscloud_auth_division? I am getting this error even though the division ID does not exist in the org. The API returns 409 Conflict: The entity with the specified id already exists. This is blocking my CI/CD pipeline for quality evaluation form deployments.
I am using the Genesys Cloud Terraform provider v1.52.0. My code is minimal and uses the external ID provider to handle case-sensitivity normalization. I have verified via the /api/v2/auth/divisions endpoint that no division with the target ID exists. The state file is clean and synced.
Here is the resource definition causing the failure:
resource "genesyscloud_auth_division" "quality_qa" {
id = data.external.division_id.result.value
name = "Quality QA Division"
description = "Division for automated quality scoring"
external_id = "ext-qa-001"
}
The data.external block correctly resolves the ID. I suspect a race condition or a cached state issue in the provider’s create logic. Has anyone seen this specific 409 on division creation when the entity is truly absent? I need a code-level workaround or a provider flag to force overwrite.
Make sure you verify the external ID source. The 409 usually stems from a mismatch between the Terraform state and the actual Genesys Cloud API response.
409 Conflict: The entity with the specified id already exists
Check if the division was created manually or via API outside of Terraform. Use terraform import to reconcile the state, or delete the orphaned division in the UI before re-applying.
Check your orchestration layer’s retry logic and ensure you are validating the HTTP response headers before assuming a 409 indicates a true data conflict. The suggestion above about stale cache is plausible, but in my experience with MuleSoft integrations, this error often stems from the platform’s eventual consistency model where the index update lags behind the write operation. You must implement a strict exponential backoff mechanism in your CI/CD pipeline or Terraform wrapper to allow the Genesys Cloud backend to synchronize its internal state. Simply sleeping for two seconds is insufficient for high-throughput environments. Instead, query the division status directly via the API to confirm existence before proceeding. This approach prevents false positives and ensures your state file remains accurate.
// Java SDK example for validating division existence before retry
public boolean isDivisionActive(String divisionId) {
try {
AuthorizationApi authApi = platformClient.getAuthorizationApi();
// Verify token validity first
authApi.verify();
DivisionApi divisionApi = platformClient.getDivisionApi();
// Attempt to fetch the division to check its actual state
Division division = divisionApi.getDivision(divisionId);
return division != null && "active".equals(division.getStatus());
} catch (ApiException e) {
// 404 means it doesn't exist yet, safe to create
if (e.getCode() == 404) {
return false;
}
// Log other errors for debugging
logger.error("Division check failed", e);
return false;
}
}
Integrate this validation step into your Terraform provider’s custom data source or pre-apply script to handle the 409 conflict gracefully by waiting for the platform to acknowledge the previous operation.
Make sure you verify the exact sequence of operations in your Terraform lifecycle hooks because the 409 Conflict on genesyscloud_auth_division is often a symptom of race conditions in the provider’s internal state management rather than a true duplicate entity. The suggestion above about eventual consistency is partially correct, but the real issue usually lies in how the Genesys Cloud Terraform Provider handles the external ID validation during the create phase.
When you specify an external ID that already exists in the platform’s index but not in your Terraform state, the provider attempts a PUT request to update the existing entity instead of a POST to create a new one. If the entity is locked by another process or if the platform’s internal consistency check fails due to a split-second timing issue, you get a 409.
To fix this, you need to explicitly force the provider to recognize the existing resource before attempting any modifications. Instead of relying on a sleep delay, use the terraform import command to sync the state, then add a depends_on or lifecycle block to manage the order of operations.
Here is the corrected Terraform configuration pattern:
resource "genesyscloud_auth_division" "my_division" {
name = "My Division"
description = "Managed by Terraform"
lifecycle {
ignore_changes = [external] # Prevent drift detection on external ID
}
}
Run terraform import genesyscloud_auth_division.my_division <division_id> to align the state. Then, ensure your CI/CD pipeline waits for the genesyscloud_auth_division resource to be fully available before proceeding with dependent resources like quality evaluation forms. This prevents the 409 by ensuring the provider knows the resource already exists and skips the creation attempt, moving directly to verification.