Skip to content

Comments

[SQSERVICES-1067] Address user account consistency issue when SCIM provisioning crashes#2526

Merged
elland merged 9 commits intodevelopfrom
clean-up-failed-user-provisioning
Aug 2, 2022
Merged

[SQSERVICES-1067] Address user account consistency issue when SCIM provisioning crashes#2526
elland merged 9 commits intodevelopfrom
clean-up-failed-user-provisioning

Conversation

@elland
Copy link
Contributor

@elland elland commented Jun 30, 2022

This should prevent issues when creating a user fails midway, and we end up with dangling data that needs to be manually deleted in order to enable user creation.

As part of this effort, we're taking steps to break down createUser into multiple, use-case specific functions, which take more specific arguments to what it actually needs.

I've left a few checkmarks below unchecked, but I'll be getting those done soon, it shouldn't affect review.

Special attention should be paid to the new NewUserSpar record and its usage as well as a change in the createSAML functions. Also, this adds a new internal endpoint, POST i/users/spar, to disambiguate from the (hopefully soon to be legacy) i/users.

Checklist

  • The PR Title explains the impact of the change.
  • The PR description provides context as to why the change should occur and what the code contributes to that effect. This could also be a link to a JIRA ticket or a Github issue, if there is one.
  • changelog.d contains the following bits of information (details):
    • A file with the changelog entry in one or more suitable sub-sections. The sub-sections are marked by directories inside changelog.d.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Organising code.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Less is more :)

@elland elland force-pushed the clean-up-failed-user-provisioning branch from 5d1534c to 026897b Compare July 4, 2022 08:14
@elland elland temporarily deployed to cachix July 4, 2022 08:14 Inactive
@elland elland force-pushed the clean-up-failed-user-provisioning branch from 026897b to 84459b1 Compare July 4, 2022 08:14
@elland elland temporarily deployed to cachix July 4, 2022 08:14 Inactive
@elland elland force-pushed the clean-up-failed-user-provisioning branch from 84459b1 to 7d68e62 Compare July 6, 2022 07:45
@elland elland temporarily deployed to cachix July 6, 2022 07:45 Inactive
@elland elland force-pushed the clean-up-failed-user-provisioning branch from 7d68e62 to df5ce4f Compare July 6, 2022 07:46
@elland elland temporarily deployed to cachix July 6, 2022 07:46 Inactive
Copy link
Contributor

@fisx fisx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll read the rest later.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In fact I've been thinking about turning that off globally. I don't think this hint is ever incredibly helpful, it just ranges between harmless and obnoxious-yet-harmless.

Copy link
Contributor Author

@elland elland Jul 11, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, it's certainly contentious.

@elland elland force-pushed the clean-up-failed-user-provisioning branch from df5ce4f to 13c0351 Compare July 12, 2022 14:38
@elland elland temporarily deployed to cachix July 13, 2022 07:20 Inactive
@elland elland marked this pull request as ready for review July 13, 2022 11:58
@supersven supersven self-requested a review July 18, 2022 10:30
Copy link
Contributor

@mdimjasevic mdimjasevic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are several things I would change and you can find comments inlined.

I wasn't able to grasp the logic behind your proposed change so it would be great if you can walk me through the PR in a call.

Comment on lines 66 to 76
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What's the need for making the list explicit?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh I think this was HLS being too proactive.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You haven't addressed this TODO note.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If possible, I'd away the generic Text type here and use/create a type specific to external IDs.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same. Since I just moved this code from somewhere else, I didn't want to make this PR even larger than it already was by refactoring this + all the call sites.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe there's an easier way to specify an endpoint, i.e., without having to write AsUnion instances. Perhaps if you look at the Galley API routes module, you should find inspiration there.

Also, to me it doesn't sound like these HTTP-specific types belong to the module.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's see about improving that in our call later 👍

Comment on lines +645 to +651
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why have left and right for errors? It's not wrong, but it looks unusual. Errors are typically kept on the left, and the right side is kept for happy case values.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. This is only used to make working with schema profunctor easier.
  2. I didn't want to create a custom Either isomorphism, on top of the one already created to handle these two different error types, just to not re-use Either, when… either already exists and has the upside of already being supported in schema profunctor.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's mapLeft, or alternatively you could use first.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

An unhandled TODO note.

@elland elland temporarily deployed to cachix August 1, 2022 09:10 Inactive
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks like withExceptT.

Copy link
Contributor

@mdimjasevic mdimjasevic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just take care of remaining TODOs and that's it! Thanks for the walk-through during the call!

@elland elland temporarily deployed to cachix August 1, 2022 12:06 Inactive
@zebot zebot added the ok-to-test Approved for running tests in CI, overrides not-ok-to-test if both labels exist label Aug 1, 2022
@fisx fisx dismissed supersven’s stale review August 1, 2022 13:57

checked that all review comments have been taken care of.

@elland elland force-pushed the clean-up-failed-user-provisioning branch from dbaa8e4 to c69989e Compare August 1, 2022 14:58
@elland elland temporarily deployed to cachix August 1, 2022 14:58 Inactive
@elland elland merged commit 669ee9c into develop Aug 2, 2022
@elland elland deleted the clean-up-failed-user-provisioning branch August 2, 2022 07:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

ok-to-test Approved for running tests in CI, overrides not-ok-to-test if both labels exist

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants