[SQSERVICES-1067] Address user account consistency issue when SCIM provisioning crashes

[elland]

This should prevent issues when creating a user fails midway, and we end up with dangling data that needs to be manually deleted in order to enable user creation.

As part of this effort, we're taking steps to break down createUser into multiple, use-case specific functions, which take more specific arguments to what it actually needs.

I've left a few checkmarks below unchecked, but I'll be getting those done soon, it shouldn't affect review.

Special attention should be paid to the new NewUserSpar record and its usage as well as a change in the createSAML functions. Also, this adds a new internal endpoint, POST i/users/spar, to disambiguate from the (hopefully soon to be legacy) i/users.

Checklist

• The PR Title explains the impact of the change.
• The PR description provides context as to why the change should occur and what the code contributes to that effect. This could also be a link to a JIRA ticket or a Github issue, if there is one.
• changelog.d contains the following bits of information (details):
  • A file with the changelog entry in one or more suitable sub-sections. The sub-sections are marked by directories inside changelog.d.

[elland]

Organising code.

[elland]

Less is more :)

[fisx]

I'll read the rest later.

[fisx]

In fact I've been thinking about turning that off globally. I don't think this hint is ever incredibly helpful, it just ranges between harmless and obnoxious-yet-harmless.

[elland]

Yeah, it's certainly contentious.

[mdimjasevic]

There are several things I would change and you can find comments inlined.

I wasn't able to grasp the logic behind your proposed change so it would be great if you can walk me through the PR in a call.

[mdimjasevic]

What's the need for making the list explicit?

[elland]

Oh I think this was HLS being too proactive.

[mdimjasevic]

You haven't addressed this TODO note.

[mdimjasevic]

If possible, I'd away the generic Text type here and use/create a type specific to external IDs.

[elland]

Same. Since I just moved this code from somewhere else, I didn't want to make this PR even larger than it already was by refactoring this + all the call sites.

[mdimjasevic]

I believe there's an easier way to specify an endpoint, i.e., without having to write AsUnion instances. Perhaps if you look at the Galley API routes module, you should find inspiration there.

Also, to me it doesn't sound like these HTTP-specific types belong to the module.

[elland]

Let's see about improving that in our call later 👍

[mdimjasevic]

Why have left and right for errors? It's not wrong, but it looks unusual. Errors are typically kept on the left, and the right side is kept for happy case values.

[elland]

1. This is only used to make working with schema profunctor easier.
2. I didn't want to create a custom Either isomorphism, on top of the one already created to handle these two different error types, just to not re-use Either, when… either already exists and has the upside of already being supported in schema profunctor.

[mdimjasevic]

There's mapLeft, or alternatively you could use first.

[mdimjasevic]

An unhandled TODO note.

[mdimjasevic]

This looks like withExceptT.

[mdimjasevic]

Just take care of remaining TODOs and that's it! Thanks for the walk-through during the call!

checked that all review comments have been taken care of.