Organizations: transform account on confirmation

[chenriksson]

• Added embedded resource SQL script for account migration
• Added UsersController confirmation action
• Added UserService migration API
• Added IDatabase for test mocks

Screenshot of error, if transform fails. Will confirm messages with @anangaur before merging.

[scottbommarito]

Looks good in general, I'm just curious why a SQL script was necessary instead of using entity framework directly. Whatever the reason, it should be in a comment in the code.

[scottbommarito]

accountName should probably be accountToTransform for clarity

[scottbommarito]

Why is this a script and not done through EntityFramework?

I can't see anything here that would make it necessary to use a script. We've done transactions through EF before.

[chenriksson]

EF has a limitation with inheritance in that it doesn't support changing an object's type. It must be done with SQL. I can add a comment in UserService.TransformToOrganizationAccount.

[chenriksson]

Regarding transactions, note that by using a sproc here I also don't need a custom transaction and suspended execution strategy in the Gallery code.

The disadvantage of suspending execution strategy in Gallery code is that I believe it disables SqlAzure strategy defaults such as retry logic.

[scottbommarito]

This isn't "ensuring", this is wiping any of these existing entities if they exist.

IMO we should fail the migration if the user has any memberships--that would suggest that the user was already an organization, which is not something we should just ignore.

[chenriksson]

Sounds reasonable... I'll add a SELECT outside the transaction and fail fast if the account has any memberships.

Gallery-side, we should also check for memberships before allowing migration. Account would need to be removed from organization(s) to be eligible for migration.

[scottbommarito]

I would assume if that user was already an organization, we would also want to reject the transformation. Any reason this condition isn't also filtered here?

[chenriksson]

I could add additional validation here to guard against it.

[scottbommarito]

How about: You account must have an Azure AD sign-in with a tenant ID.

[chenriksson]

This would be shown on confirmation (admin sign-in), so it's not 'Your account'.

/cc @anangaur

Anand, let me know if you want to provide the exact error messages for these migration failure scenarios. Spec didn't go into details on this.

[scottbommarito]

"Database error" is a little bit cryptic to the average user.

How about: There was an unexpected error in transforming the account.

You can also throw in Contact support or something like that if this is something they should contact us about.

[chenriksson]

This would happen if the migration request didn't exist, a DB constraint prevented the update, etc. Probably not very likely. I'm ok with 'unexpected error'.

[scottbommarito]

If there isn't a TransformError, we should probably should a default message of some sort.

[chenriksson]

On migration success, this should redirect to the (future) 'Manage Organization' page. For now, I redirect to the admin account page.

I only added this view because I needed a way of displaying an error to the user.

[scottbommarito]

nit: might be easier to use users from Fakes for this

E.g.

var fakes = Get<Fakes>();
var currentUser = fakes.User;

The advantages are clearer when you need an Admin user below:

var fakes = Get<Fakes>();
var adminUser = fakes.AdminUser;

[skofman1]

microsoft.com should be set in our private configs, not the default ones

[chenriksson]

Forgot to remove it - will do

[skofman1]

TransformAccountException doesn't inherit from UserSafeException, so we will always show a generic message here. Is this the intention?

[skofman1]

ArgumentException since the value isn't necessarily null

[skofman1]

I don't think the average user knows what a tenant id is. Please go over the messages with Anand :)

[chenriksson]

Per discussion in stand-up, I'm going to see if I can create the migration SQL script as an embedded resource and just invoke it inline from the Gallery. Having DB tests sounds nice, but this sounds like less work.

/cc @skofman1 @joelverhagen @scottbommarito

[skofman1]

The exceptions you throw here are swallowed in UsersController, so we have no log of them. Please add a trace (somewhere)

[skofman1]

@chenriksson , we will need DB tests anyhow, since if the script breaks, there's no way to know about it.

[skofman1]

🕐

[chenriksson]

@skofman1 You're right - we still need the DB tests.

I've reverted the migration with sproc, and instead execute SQL via embedded resource.

[joelverhagen]

Couldn't execute an empty command be indicative of a bug? I think we should throw here -- or let ExecuteSqlCommandAsync do its thing.

[joelverhagen]

Track TODO unless it's gonna happen very soon

[chenriksson]

It's my next work item. I've been tracking all migration with #5112, but can split this into smaller tasks.

[anangaur]

Proposal:

Failed to transform to an organization

'Microsoft' is already an organization on NuGet.org.

[chenriksson]

@anangaur Thanks! Here's updated screenshot:

Can you confirm these other messages? Note that most of these would be detected before the user can create the migration request (PR #5241), but I also safe guard against it here.

[skofman1]

log?

[chenriksson]

Removed error handling, which seems more consistent with how we handle SQL exceptions in other places.

[skofman1]

@chenriksson , looks good! Please add a log and then