`sf org create user` does not roll back on error if permset mentioned in definition file is non-existent

[RupertBarrow]

Summary

When I run the command sf org create user with a --definition-file parameter which points to a non-existent permission set, the user is created and returns an error. It should not create the user.

Steps To Reproduce

• use any Salesforce scratch org
• create a config.json file with contents :

{
  "permsets": ["unknown_permset"],
  "profileName": "Minimum Access - API Only Integrations"
}

• create a scratch org with alias myscratchorg
• then run the command :
  sf org create user --target-org myscratchorg --definition-file config.json

Expected result

An error should be returned, and the user should not be created

Actual result

We get a "partial success" :

=== Partial Success

Successfully created user "171691914xxx49_test-lurrmgg4oww9@example.com" with ID 005AW00000ATcMxxxAL for org 00DAW000xxx6Olh2AE.

See more details about this user by running "sf org user display -o 171691914xxx49_test-lurrmgg4oww9@example.com".

=== Failures

 Action                    Error Message                                                                                                    
 ───────────────────────── ─────────────────────────── 
 Permission Set Assignment Permission set "unknown_permset" not found in target org. Do you need to push source? 

System Information

{
  "architecture": "darwin-x64",
  "cliVersion": "@salesforce/cli/2.42.6",
  "nodeVersion": "node-v20.8.0",
  "osVersion": "Darwin 21.6.0",
  "rootPath": "/Users/rupert/.nvm/versions/node/v20.8.0/lib/node_modules/@salesforce/cli",
  "shell": "zsh",
  "pluginVersions": [
    "@oclif/plugin-autocomplete 3.0.18 (core)",
    "@oclif/plugin-commands 3.3.4 (core)",
    "@oclif/plugin-help 6.0.22 (core)",
    "@oclif/plugin-not-found 3.1.9 (core)",
    "@oclif/plugin-plugins 5.0.21 (core)",
    "@oclif/plugin-search 1.0.24 (core)",
    "@oclif/plugin-update 4.2.12 (core)",
    "@oclif/plugin-version 2.1.2 (core)",
    "@oclif/plugin-warn-if-update-available 3.0.19 (core)",
    "@oclif/plugin-which 3.1.10 (core)",
    "@rupertbarrow/rapido-sf-plugin 1.11.12 (user) published 29 days ago (Mon Apr 29 2024)",
    "@salesforce/cli 2.42.6 (core)",
    "apex 3.1.11 (core)",
    "auth 3.6.11 (core)",
    "data 3.3.5 (core)",
    "deploy-retrieve 3.6.14 (core)",
    "dev 2.2.0 (user) published 63 days ago (Mon Mar 25 2024) (latest is 2.3.1)",
    "info 3.2.8 (core)",
    "limits 3.3.7 (core)",
    "marketplace 1.2.5 (core)",
    "org 4.1.10 (core)",
    "packaging 2.4.4 (core)",
    "schema 3.3.6 (core)",
    "settings 2.2.6 (core)",
    "sobject 1.4.2 (core)",
    "source 3.3.12 (core)",
    "telemetry 3.3.7 (core)",
    "templates 56.2.7 (core)",
    "trust 3.6.11 (core)",
    "user 3.5.8 (core)",
    "@salesforce/sfdx-scanner 3.24.0 (user) published 28 days ago (Tue Apr 30 2024) (latest is 3.25.0)",
  ]
}

Additional information

[github-actions]

Thank you for filing this issue. We appreciate your feedback and will review the issue as soon as possible. Remember, however, that GitHub isn't a mechanism for receiving support under any agreement or SLA. If you require immediate assistance, contact Salesforce Customer Support.

[iowillhoit]

Hey @RupertBarrow, I am going to convert this to a discussion. If folks have scripted around scenarios like this, it would be a change in behavior.

This reminds me of a similar scenario with Scratch Org creation here: #202