gws: add diff for google accounts

[ubiratansoares]

First PR to enable diffs betwen our configuration and Google Workspace state.

The whole feature would be a much bigger PR, so I decided to split it. This PR looks big but it brings a non negletable amount of boilterplate, so hopefully it is not hard to read. I hope the code style is familiar enough compared with other services we also diff and sync.

For now, this PR adds support for diffing google workspace users, supporting creation and deletion operations. Everything is still detached from the app entrypoint, and integration will come after we are able to run live dry-runs in CI (which requires further configuration on Github Actions).

To make it sure we can define and safely test some rules we want to encode as part of the diff logic, I added a fake GWS API similar approach similar to what we use in github.

Towards #2363

[github-actions]

Dry-run check results

[WARN  rust_team::sync] sync-team is running in dry mode, no changes will be applied.
[INFO  rust_team::sync] synchronizing crates-io
[INFO  rust_team::sync] synchronizing github

[rustbot]

rust_team_data/src/v1.rs has been modified, it is used (as a git dependency) by multiple sub-projects like triagebot, the www.rust-lang.org website and others.

If you are changing the data structures, please make sure that the changes are not going to break serde deserialization (adding a field is fine; removing or renaming a field isn't).

If you must do a breaking change to the format, make sure to coordinate it with all the users of the rust_team_data crate.

[marcoieni]

Suggested change

	println!("Nothing to diff");
	println!("google-workspace: Nothing to diff");

Otherwise, CI will print just "Nothing to diff" and that's confusing.

Btw I assume the diff itself will be implemented in a later PR 👍

[ubiratansoares]

Indeed, but happy to change it to make it clear

[marcoieni]

Suggested change

	pub google_workspace: Option<GoogleWorkspace>,
	#[serde(skip_serializing_if = "Option::is_none")]
	pub google_workspace: Option<GoogleWorkspace>,

Otherwise the response contains "google_workspace": null

[marcoieni]

Suggested change

	.filter_map(|team| match team.google_workspace_saml_group {
	None => None,
	Some(opt_in) => {
	if opt_in {
	Some(&team.members)
	} else {
	None
	}
	}
	})
	.flatten()
	.filter(|team| team.google_workspace_saml_group.unwrap_or_default())
	.flat_map(|team| &team.members)

obtained by just asking codex 5.5 low reasoning "make this more idiomatic"

[marcoieni]

why do we have a mismatch between these fields and the fields in the schema?
Isn't it easier if we call them the same? 🤔

[ubiratansoares]

No particular reason, I can make them equal for simplicity! :)

[marcoieni]

this code is duplicated from above. Maybe we can have a From implementation or something like this?

[marcoieni]

I noticed that the function google_workspace() returns &Option<Something>, but Option<&Something> is more idiomatic.

We could change the function like this:

    pub(crate) fn google_workspace(&self) -> Option<&GoogleWorkspace> {
        self.google_workspace.as_ref()
    }

[marcoieni]

this function is unused

[marcoieni]

Suggested change

	let declared_users = members_from_gws_enabled_teams
	.iter()
	.filter_map(|member| member.google_workspace.as_ref().map(User::from))
	.collect::<Vec<_>>();
	let mut seen_primary_emails = BTreeSet::new();
	let declared_users = members_from_gws_enabled_teams
	.iter()
	.filter_map(|member| member.google_workspace.as_ref().map(User::from))
	.filter(|user| seen_primary_emails.insert(user.primary_email.clone()))
	.collect::<Vec<_>>();

Should we deduplicated by some kind of criteria (eg email)?
So that we don't try to create users multiple times?

[ubiratansoares]

I did not focused on dedup because, in practice, the number of users will be quite small (~ 30 after everyone onboarded). But happy to try a better approach. Commit to follow