Skip to content

DeltyDevUserGroupHandler Service

Overview

The DeltyDevUserGroupHandler is a specialized Azure Function microservice designed to manage user group memberships in Azure Active Directory (Azure AD). This service specifically handles adding users to the delty-dev-users Azure AD group, which grants user-level access privileges to the Publisher Portal.

Business Purpose

This service serves as an automated user provisioning system that: - Adds users to the delty-dev-users Azure AD group when needed - Supports both qwdelty.onmicrosoft.com and qwpublisheridp.onmicrosoft.com tenants - Ensures proper access control for Publisher Portal users - Prevents duplicate group memberships by checking existing memberships first

Architecture

Service Type

  • Platform: Azure Functions (Containerized Kubernetes Microservice)
  • Runtime: Node.js
  • Trigger: HTTP Trigger (Anonymous authentication)
  • Pattern: Request-Response Handler

Key Components

graph TD
    A[HTTP Request] --> B[index.js Entry Point]
    B --> C[Handler.js]
    C --> D[UserService]
    D --> E[GraphProvider]
    E --> F[Microsoft Graph API]

    D --> G{User in Group?}
    G -->|No| H[Add to Group]
    G -->|Yes| I[Skip Addition]

    H --> F
    I --> J[Return Success]
    H --> J

    K[AuthProvider] --> E
    L[AzureIEFRestError] --> C

API Specification

Endpoint

  • Method: POST
  • Authentication: Anonymous
  • Content-Type: application/json

Request Format

{
    "userId": "string"
}

Parameters

  • userId (required): Azure AD user identifier

Response Format

Success Response

{
    "status": 200
}

Error Response

{
    "status": 400|500,
    "userMessage": "Error processing user group request",
    "developerMessage": "Detailed error message",
    "requestId": "request-id"
}

Core Functionality

User Group Management Process

  1. Request Validation: Validates incoming request contains required userId
  2. Group Membership Check: Queries Microsoft Graph API to check if user is already in the target group
  3. Conditional Addition: Only adds user to group if not already a member
  4. Error Handling: Provides structured error responses for various failure scenarios

Key Features

  • Idempotent Operations: Safe to call multiple times for the same user
  • Multi-Tenant Support: Works with multiple Azure AD tenants
  • Comprehensive Logging: Detailed logging for debugging and monitoring
  • Error Resilience: Graceful handling of Graph API errors

Dependencies

External Services

  • Microsoft Graph API: For Azure AD group management operations
  • Azure AD: Authentication and authorization provider

Key NPM Packages

  • @microsoft/microsoft-graph-client: Microsoft Graph SDK
  • http-errors: HTTP error handling
  • axios: HTTP client for API calls
  • lodash: Utility functions

Configuration

Environment-Specific Settings

  • Development: Basic logging and development tenant configuration
  • Integration: Integration testing environment settings
  • Production: Production tenant and enhanced security settings

Key Configuration Elements

  • Azure AD tenant IDs
  • Group IDs for delty-dev-users groups
  • Application Insights connection strings
  • Logging levels

Deployment

Container Configuration

  • Deployed as containerized microservice in Kubernetes
  • Uses Azure Functions runtime in container
  • Supports multiple environment deployments (dev, int, prod)

Health Monitoring

  • Application Insights integration for telemetry
  • Structured logging for operational monitoring
  • Error tracking and alerting capabilities

Security Considerations

  • Authentication: Uses Azure AD service principal authentication
  • Authorization: Requires appropriate Graph API permissions
  • Data Privacy: Handles user identifiers securely
  • Audit Trail: Comprehensive logging for compliance

Testing

Available Test Commands

npm run test        # Run all tests (unit and integration)
npm run test:unit   # Run unit tests only
npm run test:int    # Run integration tests only

Test Coverage

  • Unit tests for core business logic
  • Integration tests for Graph API interactions
  • Mock data for testing scenarios

Monitoring and Observability

Logging

  • Structured logging with configurable levels
  • Request/response logging for debugging
  • Error logging with stack traces

Metrics

  • Application Insights telemetry
  • Performance monitoring
  • Error rate tracking

This service integrates with the broader Publisher Portal ecosystem: - Publisher Portal: Primary consumer of this service - Azure AD B2C: Identity provider integration - Other Publisher Microservices: Part of the larger microservices architecture

Troubleshooting

Common Issues

  1. User Not Found: Verify userId exists in Azure AD
  2. Permission Errors: Check Graph API permissions for the service principal
  3. Group Not Found: Verify group configuration in target tenant

Debug Steps

  1. Check Application Insights logs
  2. Verify Azure AD group configuration
  3. Test Graph API connectivity
  4. Review service principal permissions

Development

Local Development Setup

  1. Clone repository
  2. Install dependencies: npm install
  3. Configure environment variables
  4. Run tests: npm test
  5. Build: npm run build:verify

Code Structure

  • src/Handler.js: Main business logic
  • src/services/UserService.js: User management operations
  • src/providers/GraphProvider.js: Microsoft Graph API client
  • src/models/: Data models and error types
  • config/: Environment-specific configurations