As with other fields it is ok to have one empty value: empty string. You making own life harder making it pointer.

Let's make it simple string as we discussed + add != "" check in app start (ytsaurus object creation to be specific).

Couldn't Attrs be nil? I've had such panics when I've run tests here https://github.com/nebius/ytsaurus-active-directory-integration/pull/3/files before I've add a check for nil.

Code in this file should be moved to the other files (packages in the future) to be flexible and aligned with golang philosophy.
In short, golang interfaces are not intended to be used like interfaces in OOP languages, they are more like duck-typing in dynamic languages. There couple rules of thumb here:

• interfaces are declared in the place of usage (client code), often such interfaces are private for client package;
• functions should accept interfaces and return structs (it is very good rule for New functions espessially).

This is an article i've googled which can give the idea: https://alok87.in/blog/interfaces-go

Therefore:

1. All interfaces should be defined in the place of usage:

• Source should move in app.go
• SourceUser, SourceGroup in diff.go
• SourceGroupWithMembers also in diff.go

2. AzureUser, AzureGroup and everything Azure should be in azure*.go
3. NewSource{User,Group} functions shouldn't exists. It should be NewAzureUser (and NewLdapUser in the future) in azure*.go which should return AzureUser struct (not SourceUser interface).

File is not goimports-ed with -local go.ytsaurus.tech (goimports)

actually I think we should remove that rule from linter config, because this library is external to this project.

When I've wrote this code initially I didn't succeed to make the attribute configurable and ytsaurus code knows too much about azure fields, but it is not its area of responsibility (only knowing how to communicate with ytsaurus is). Now since we can configure attribute we can fix that flaw.

I suggest we store map[string]any in YtsaurusUser.SourceData and let app code delegate parsing it to the source (azure/ldap) if needed (I'm actually not sure if we need to parse map to AzureUser/LdapUser at all, because as far as i remember we only serialize one way AzureUser > YtsaurusUser).
I.e. app.buildYtsaurusUser should either call Source method or maybe simpler AzureUser/LdapUser/SourceUser should have a method like AsMap() map[string]any and its result being written in YtsaurusUser.SourceData field.

That way we ensure our components are loosely coupled.

We don't need to store that in ytsaurus, we have it in config.

No, we don't. In config we have only SourceAttributeName (for "azure" or "source" values).

my bad, but still think since source is configured in the app we can delegate handling source-fields to that source without storing it in attributes.

Lets simplify diff for tests by introducing some helper structs like testYtsaurusAzureUser with same fields as current YtsaurusUser and call converter function where needed in test code.

These interfaces/structs are belong to app files, not to ytsaurus files. Particullary to diff.go since they used only there.

As I said earlier I don't see the need to duplicate source type (which is already configured in config file) in each user in ytsaurus.
I suggest we simple add NewUser method in Source interface, implement it in azure source (calling NewAzureUser) and here we may simply call a.source.NewUser.

That way code would be cleaner because:

1. we don't need to duplicate and store source type in all users (and we don't need to migrate our data).
2. we don't need to check source type in the runtime — source method existence would be checked in the compile time
3. we don't need to support list of possible source types here.

I think we can break backward compatibility here since I am the only app user currently.
Just lets check that sourceAttribute is not empty at the app start.

Please add a comment that it will be the attribute name of user object in ytsaurus.

Let's make it simple string as we discussed + add != "" check in app start (ytsaurus object creation to be specific).

Basically managed user must have non empty/non nil SourceRaw, let's just check emptiness of this map. And so we don't accidentally initialise this structure wrongly lets add:

• NewAutoManagedYtsaurusUser(username, sourceRaw, bannedSince) function, that would return error if function is called with empty sourceRaw.
• NewManualManagedYtsaurusUser(username) for creating manually managed users.

It looks paranoid since GetUsers shouldn't and don't return such users. We must (and maybe already have) have test case for such cases instead of runtime check

failed to build source user

This marshall/unmarshall trick is cool, but it may give misleading feeling that AzureUser struct somehow related to yson encoding/decoding. But I think json and any other encoder can be here.

I suppose this small lib https://pkg.go.dev/github.com/mitchellh/mapstructure#example-Decode can help to replace yson marshal/unmarshal boilerplate here and in GetRaw() and same code in Groups and in future ldap source code.

But I not insist on changing this code.

syntax in this file and in app_integration_test.go is broken after signature changes.

If you use idea/goland you can add integration in custom tags field in go > build tags setting to see such issues more easily.

revert back to azure i suppose

I suppose after the changes I suggest earlier we won't need this constant.

THis should be in azure_real.go

Lets use sourceAttributeName here.

Minor, but don't understand why timeout field is moved between filters.

Better make a const.

it seems it is an empty file now and can be deleted :)

Since tests are okey, I assume diffUsers works correctly, but it seem overcomplicated a bit.
I see the implementation that way:
0. create maps sourceUsers [id]sourceUser and ytUsers [id]ytsaurusUser from slices

1. iterate through sourceUsers map, check ytUsers map and append to create list
2. iterate through ytUsers map, check sourceUsers map:
   • not found in sourceUsers go to delete list
   • changed go to update list.

Here we have
1)existedUsersMap which has two fields and one of them (sourceUser) is not used. So i suggest we rename it to ytUsers [id]ytsaurusUser.
2) ytUsersFromSourceMap which has the same keys as sourceUsers, so we can simple drop building ytUsersFromSourceMap and use sourceUsers for checking and call buildYtsaurusUser only for once we plan to create.

Also resultUsersMap is not being updating in case of user delete, though it should i guess (don't we have a test case for that?)

so existedGroup.sourceGroup is not used therefore code can be little simplified here as in diffUsers i suppose

this change must be supported in azure_real_integration_test.go also

I think ytUsersFromSourceMap can be safely removed now, I don't see usages anymore