## p4syncservice ## Aaron Bockelie <# .SYNOPSIS Logs into all depots defined in xml file. Synchronises all group memberships. #> function p4syncservice {param([switch]$verboseReport) p4start-scriptinglog #start the event recorder. $start = get-date trap { p4fail-scriptinglog #what to do if we break or fail. return } $env:CYGWIN = "nodosfilewarning" $static = ([xml](gc $env:depotsxml)).perforce.syncService #load static definitions for the checkpoint service function ValidateEmail #internal function to validate an email {param([string]$address) ($address -as [System.Net.Mail.MailAddress]).Address -eq $address -and $address -ne $null } $result = (p4sync-alldepots).groupsyncresult #need to fix this so it's batched instead of one giant blob. #That means probably removing sync-alldepots and replacing with a sync-depot command that returns the same data structure. #something nice with that is it can become a multi threaded operation and sync a whole lot faster. Maybe after christmas break $result | out-file -filepath .\result.log $groupedservers = $result | group-object server foreach ($group in $result) { if ($group.accountschanged -eq $true) #if the new accounts flag is set { $thisdepot = $depotxml.perforce.depot | ?{$_.name -eq $group.server} #load the current depot we're iterating through. foreach ($user in $group.added) #send an email to the account holder if they've been added to a new auth group. { if ($group.isauthgroup -eq $true) #if we added someone to an auth group, let's send an email to announce their membership change. { $smtpto = @() #reset the mailto array $depotmemberships = @() #set up a simple empty array $depotmemberships += "" #pad so it looks nice foreach ($server in $groupedservers) { $groups = @() #clear the groups for reporting to this user. $groups = ($server.group | ?{$_.nochange -eq $user}| %{"`t"+$_.group+"`r`n"}) + "`r`n" #get groups from the server for that user. if (!($groups.length -eq 2)) #as long as we do not have two groups, I R TU DUM to figure out how to resolve cases like that. { $depotmemberships += "Server Name: " + $server.name + "`r`n" #create the depot membership report header $depotmemberships += "--------------------------------`r`n" #a nice line $depotmemberships += $groups #all the groups the user is a member of for this server. } } $aduser = get-qaduser -samaccountname $user $SmtpSubject = "You have a new Perforce account on " + $thisdepot.name + ":" + $thisdepot.port $SmtpBody = "You have recently been granted access to a Perforce depot. If attempts to log onto the depot fail, please contact Information Systems Support for more information.`r`n`r`nUser Name: " + $aduser.samaccountname + "`r`nDepot Name: " + $thisdepot.name + "`r`nDepot Port: "+$thisdepot.port+"`r`n`r`nThe following table is a report of all depot memberships currently availabe to you:`r`n" + $depotmemberships $SmtpTo += $aduser.email $emailPriority = 'High' if ((ValidateEmail $SmtpTo) -eq $false) #if there isn't an email, warn like crazy. { $body += "`r`n`r`n***********************WARNING***********************`r`n`r`nThis account enrollment email cannot be sent. The user account specified does not have an email address." $SmtpSubject = "WARNING: No valid email address for perforce account " + $user Send-MailMessage -to $static.P4AdminEmail -subject $SmtpSubject -from $SmtpFrom -body $SmtpBody -smtpserver $SmtpServer -priority $emailPriority } else { "Sending onboarding message for server " + $thisdepot.name + " to the following email address:" + $smtpto + "`r`n" Send-MailMessage -to $SmtpTo -subject $SmtpSubject -from $SmtpFrom -body $SmtpBody -smtpserver $SmtpServer -priority $emailPriority } } } foreach ($user in $group.removed) #send an email to the new account holder. { if ($group.isauthgroup -eq $true) #if we added someone to an auth group, let's send an email to announce their membership change. { $smtpto = @() #reset the mailto array $depotmemberships = @() #reset the depotmemberships array $depotmemberships += "" #pad so it looks nice. foreach ($server in $groupedservers) { if ($server.name) { if ($server.group | ?{$_.nochange -eq $user}| %{"`t"+$_.group+"`r`n"}) #if the group list is not empty, report it. { $depotmemberships += "Server Name: " + $server.name + "`r`n" $depotmemberships += "--------------------------------`r`n" $depotmemberships += ($server.group | ?{$_.nochange -eq $user}| %{"`t"+$_.group+"`r`n"}) + "`r`n" } } } $aduser = get-qaduser -samaccountname $user $SmtpSubject = "You have been removed from the Perforce server " + $thisdepot.name + ":" + $thisdepot.port $SmtpBody = "You have recently been removed from the perforce depot `'" + $thisdepot.name + "`'. If you believe this is an error, please immediately contact Information Systems Support.`r`n`r`nThe following table is a report of all depot memberships currently availabe to you:`r`n`r`n" + $depotmemberships $SmtpTo += $aduser.email $emailPriority = 'High' if ((ValidateEmail $SmtpTo) -eq $false) #if there isn't an email, warn like crazy. { $body += "`r`n`r`n***********************WARNING***********************`r`n`r`nThis account removal email cannot be sent. The user account specified does not have an email address." $SmtpSubject = "WARNING: No valid email address for perforce account " + $user Send-MailMessage -to $static.P4AdminEmail -subject $SmtpSubject -from $SmtpFrom -body $SmtpBody -smtpserver $SmtpServer -priority $emailPriority } else { "Sending offboarding message for server " + $thisdepot.name + " to the following email addresss:" + $smtpto + "`r`n" Send-MailMessage -to $SmtpTo -subject $SmtpSubject -from $SmtpFrom -body $SmtpBody -smtpserver $SmtpServer -priority $emailPriority } } } } } if (($result | ?{$_.removed}) -or ($result | ?{$_.added}) -or ($verbosereport.ispresent -eq "true")) #if ANY change was made, report the results. { "The following groups and users were modified:`r`n`'=`' Did Not Change`r`n`'+`' Added`r`n`'-`' Removed`r`n" foreach ($group in $result) { if ($group.accountschanged -eq $true) { "`r`n" ("Server Name: " + $group.server + "`r`n") ("Group Name: " + $group.group + "`r`n") if ($verbosereport) #only execute this if the verbose flag is set. Normally we don't care about nochange users. { if ($group.nochange) { $nochange = $nochange + $group.nochange.count ($group.nochange | %{(" = " + $_)}) } } if ($group.added) { $added = $added + $group.added.count ($group.added | %{(" + " + $_)}) } if ($group.removed) { $removed = $removed + $group.removed.count ($group.removed | %{(" - " + $_)}) } } } if (($nochange -gt 0) -and ($added -eq 0) -and ($removed -eq 0)) #if no items were changed at all, but there were items. { #don't announce anything. "Account action totals:`r`nUnchanged Accounts: $nochange`r`nAdded Accounts: $added`r`nRemoved Accounts: $removed`r`n" p4stop-scriptinglog } if (($added -gt 0) -and ($removed -gt 0)) #if an item was added or removed. { #announce the changes. "Account action totals:`r`nUnchanged Accounts: $nochange`r`nAdded Accounts: $added`r`nRemoved Accounts: $removed`r`n" p4stop-scriptinglog -subjectText "Unchanged $nochange, Added $added, Removed $removed" -EmailOnSuccess } if (($nochange -le 0) -and ($added -le 0) -and ($removed -le 0)) #if no items were changed at all, there is probably a problem. { "Account action totals:`r`nUnchanged Accounts: $nochange`r`nAdded Accounts: $added`r`nRemoved Accounts: $removed`r`n" p4stop-scriptinglog -failed -subjectText "ERROR NO ACCOUNTS FOUND" } "One or more objects were syncronized on this job." $subject = "Sync completed successfully with changes." p4stop-scriptinglog -subjectText $subject -emailonsuccess } else { "No objects were syncronized on this job." $subject = "Sync completed successfully with no changes." p4stop-scriptinglog -subjectText $subject } }