docs: add ADR for course authoring automatic migration

[BryanttV]

Related issue: #223

Description

This PR adds ADR 0013 - Course Authoring Automatic Migration, proposing an automatic and asynchronous migration mechanism triggered by changes in the authz.enable_course_authoring feature flag,

Merge checklist

Check off if complete or not applicable:

• Version bumped
• Changelog record added
• Documentation updated (not only docstrings)
• Fixup commits are squashed away
• Unit tests added/updated
• Manual testing instructions provided
• Noted any: Concerns, dependencies, migration issues, deadlines, tickets

[openedx-webhooks]

Thanks for the pull request, @BryanttV!

This repository is currently maintained by @openedx/committers-openedx-authz.

Once you've gone through the following steps feel free to tag them in a comment and let them know that your changes are ready for engineering review.

🔘 Get product approval

If you haven't already, check this list to see if your contribution needs to go through the product review process.

• If it does, you'll need to submit a product proposal for your contribution, and have it reviewed by the Product Working Group.
  • This process (including the steps you'll need to take) is documented here.
• If it doesn't, simply proceed with the next step.

🔘 Provide context

To help your reviewers and other members of the community understand the purpose and larger context of your changes, feel free to add as much of the following information to the PR description as you can:

• Dependencies

  This PR must be merged before / after / at the same time as ...

• Blockers

  This PR is waiting for OEP-1234 to be accepted.

• Timeline information

  This PR must be merged by XX date because ...

• Partner information

  This is for a course on edx.org.

• Supporting documentation
• Relevant Open edX discussion forum threads

🔘 Get a green build

If one or more checks are failing, continue working on your changes until this is no longer the case and your build turns green.

Details

---

Where can I find more information?

If you'd like to get more details on all aspects of the review process for open source pull requests (OSPRs), check out the following resources:

• Overview of Review Process for Community Contributions
• Pull Request Status Guide
• Making changes to your pull request

When can I expect my changes to be merged?

Our goal is to get community contributions seen and reviewed as efficiently as possible.

However, the amount of time that it takes to review and merge a PR can vary significantly based on factors such as:

• The size and impact of the changes that it introduces
• The need for product review
• Maintenance status of the parent repository

💡 As a result it may take up to several weeks or months to complete a review and merge your PR.

[rodmgwgu]

Looking good, just some comments, thanks!

[rodmgwgu]

nit: "but the definition of the specific mechanism was deferred"

[rodmgwgu]

I like this approach, however I'm wondering if we should be more specific in the setting name so it's clear that it relates to Authz? like ENABLE_AUTOMATIC_AUTHZ_COURSE_AUTHORING_MIGRATION.

[rodmgwgu]

Same here, should we be more specific like "AuthzCourseAuthoringMigrationRun"?

[rodmgwgu]

What happens when there is a lock and we change the flag again? would it enter a queue and execute when the lock is freed?

[mariajgrimaldi]

This is a bit contradictory, given that we currently don't have this automation and the ADR proposes it. This concurrency issue arises only with the automation.

[mariajgrimaldi]

I want to make sure I understand the need for a different mechanism than a 1-time migration or a more controlled migration that on-demand job operators could use. I'm thinking of a mechanism like in forums V2, when the storage backend is changed:

1. If the flag is on during initialization (tutor), then the migration is executed
2. If not then not much happens
3. If there's a failure during the migration, then automatically rollback

Why is this not an acceptable solution, given that it directly impacts operators and that they can manage this kind of controlled migration better than in a live environment?

[mariajgrimaldi]

I think these functions should stay agnostic of the locking strategy, no? Their only job is to migrate data like any other migration command. Maybe we can encapsulate the utility functions in another function that ensures these migrations run asynchronously and 1 at a time. What do you think?

nit: also, this I don't think should be utilities anymore so I don't know if we should move them elsewhere

[mariajgrimaldi]

We could have a safe migration with the lock that calls this utility functions and manages the locks, and auditability so these functions stay with a single responsibility.

[mariajgrimaldi]

Why not post_save instead?

[mariajgrimaldi]

If it failed how would I get the exact log / error?

[mariajgrimaldi]

The main risk for me here still is a data migration in a live instance which is not a controlled environment.