maintain_user_from_groups.py #5 

#!/usr/bin/env python3
#
# Usage:
#	maintain_user_from_groups.py [instance]
#
# Defaults to instance 1 if parameter not given.
#
# What this scripts does:
#	Reads users from groups
#	Creates any missing user accounts
#   Removes accounts that are not in the group

# Set this for your environment to get the correct email address for your users.

import os
import os.path
import re
import subprocess
import sys
import sdputils

if len(sys.argv) > 1:  # see params above
  SDP_INSTANCE = str(sys.argv[1])
else:
  SDP_INSTANCE = '1'

utils = sdputils.SDPUtils(SDP_INSTANCE)
p4 = utils.p4
utils.login()
domain = (utils.get('domain'))

clientlist = []
users = []
groupusers = []

###############################################################################
def getusers():
  with open('users.txt', 'r') as userfile:
    for user in userfile.readlines():
      user = re.sub(r'<.*', r'', user)
      user = user.strip()
      if user:
        users.append(user)

###############################################################################
def getgroupusers():
  with open('groups.txt', 'r') as groups:
    for group in groups.readlines():
      group = group.rstrip()
      result = subprocess.run(
        [p4, "group", "-o", group],
        capture_output=True, text=True
      )
      inusers = 0
      for user in result.stdout.splitlines():
        user = user.strip()
        if re.search('^Users:', user):
          inusers = 1
          continue
        if inusers:
          if user:
            groupusers.append(user)

###############################################################################
def createuser(user):
  result = subprocess.run(
    [p4, "-c", domain, "user", "-f", "-o", user],
    capture_output=True, text=True
  )
  subprocess.run(
    [p4, "user", "-f", "-i"],
    input=result.stdout, text=True
  )

###############################################################################
def delete_users(userlist):
  for user in userlist:
    print("Deleting User: %s" % (user))
    subprocess.run([p4, "user", "-FDy", user])

###############################################################################
def cleanup():
  for f in ['users.txt', 'groups.txt', 'ztagfiles.txt']:
    if os.path.isfile(f):
      os.remove(f)

###############################################################################
def setup():
  with open('users.txt', 'w') as f:
    subprocess.run([p4, "users"], stdout=f)
  with open('groups.txt', 'w') as f:
    subprocess.run([p4, "groups"], stdout=f)
  with open('ztagfiles.txt', 'w') as f:
    subprocess.run([p4, "-Ztag", "opened", "-a"], stdout=f)

###############################################################################
def main():
  removeusers = []
  addusers = []

  setup()
  getusers()
  getgroupusers()

  for user in users:
    if user not in groupusers:
      removeusers.append(user)
      print('Adding user %s to removeusers' % user)

  for user in groupusers:
    if user not in users:
      addusers.append(user)
      print('Adding user %s to addusers' % user)

  delete_users(removeusers)

  for user in addusers:
    createuser(user)

  cleanup()

###############################################################################
if __name__ == '__main__':
  main()
# Change User Description Committed
#5 32423 Russell C. Jackson (Rusty) Modernize SDP maintenance scripts: security, correctness, and Python 3

- Replace all os.system() and os.popen() calls with subprocess.run() using
  argument lists to eliminate shell injection vulnerabilities
- Fix critical bugs: broken indentation in convert_label_to_autoreload.py,
  malformed print() in p4lock/p4unlock, wrong variable in isitalabel,
  format string typo in maintain_user_from_groups
- Add p4 property alias and shared SKIP_USERS constant to sdputils.py
- Add try/finally with p4.disconnect() to all P4Python scripts
- Replace bare except: with specific exception types throughout
- Update all shebangs to python3, remove unnecessary __future__ imports
- Use context managers for all file handle operations
- Replace from subprocess import * with explicit imports
#4 32388 Russell C. Jackson (Rusty) Updates using Claude.ai to clean up the code, reduce duplication, enhanace security, and use current standards.
#3 30843 Russell C. Jackson (Rusty) Updated to use parameters for the user and client commands.
#2 24675 Russell C. Jackson (Rusty) Fixed bugs in sdputils.py and scripts using it.
Converted to standard 2 space spacing, removed copyright stuff.
#1 22693 Russell C. Jackson (Rusty) Branched a Unix only version of the SDP.
Removed extra items to create a cleaner tree.
Moved a few items around to make more sense without Windows in the mix.
//guest/perforce_software/sdp/dev/Maintenance/maintain_user_from_groups.py
#6 16638 C. Thomas Tyler Routine merge down to dev from main using:
p4 merge -b perforce_software-sdp-dev
#5 16029 C. Thomas Tyler Routine merge to dev from main using:
p4 merge -b perforce_software-sdp-dev
#4 13906 C. Thomas Tyler Normalized P4INSTANCE to SDP_INSTANCE to get Unix/Windows
implementations in sync.

Reasons:
1. Things that interact with SDP in both Unix and Windows
environments shoudn't have to account for this obscure
SDP difference between Unix and Windows.  (I came across
this doing CBD work).

2. The Windows and Unix scripts have different variable
names for defining the same concept, the SDP instance.
Unix uses P4INSTANCE, while Windows uses SDP_INSTANCE.

3. This instance tag, a data set identifier, is an SDP concept.
I prefer the SDP_INSTANCE name over P4INSTANCE, so I prpose
to normalize to SDP_INSTANCE.

4. The P4INSTANCE name makes it look like a setting that might be
recognized by the p4d itself, which it is not.  (There are other
such things such as P4SERVER that could perhaps be renamed as
a separate task; but I'm not sure we want to totally disallow
the P4 prefix for variable names. It looks too right to be wrong
in same cases, like P4BIN and P4DBIN.  That's a discussion for
another day, outside the scope of this task).

Meanwhile:
* Fixed a bug in the Windows 2013.3 upgrade script that
was referencing undefined P4INSTANCE, as the Windows
environment defined only SDP_INSTANCE.

* Had P4INSTANCE been removed completely, this change would
likely cause trouble for users doing updates for existing
SDP installations.  So, though it involves slight technical debt,
I opted to keep a redundant definition of P4INSTANCE
in p4_vars.template, with comments indicating SDP_INSTANCE should be
used in favor of P4INSTANCE, with a warning that P4INSTANCE
may go away in a future release.  This should avoid unnecessary
upgrade pain.

* In mkdirs.sh, the varialbe name was INSTANCE rather than
SDP_INSTANCE.  I changed that as well.  That required manual
change rather than sub/replace to avoid corrupting other similar
varialbe names (e.g.  MASTERINSTANCE).

This is a trivial change technically (a substitute/replace, plus
tweaks in p4_vars.template), but impacts many files.
#3 11477 Russell C. Jackson (Rusty) Updated to use /usr/bin/env python

Added workshop header.

 Changed cfg to config.
#2 11464 Russell C. Jackson (Rusty) Current maintenance scripts.
#1 10638 C. Thomas Tyler Populate perforce_software-sdp-dev.
//guest/perforce_software/sdp/main/Maintenance/maintain_user_from_groups.py
#1 10148 C. Thomas Tyler Promoted the Perforce Server Deployment Package to The Workshop.