[Enhancement] add Users command

[ceciliastevens]

Summary

Code42 administrators occasionally need to manage users in bulk, and may not have SCIM providers or other methods. Even if SCIM is present, occasionally there are one-time cleanup jobs that would benefit from the bulk processing offered by the CLI, but not available in the web UI.

One way to address this need would be to add a users command that could accomplish tasks such as:

• List users visible to the user running the CLI
• List users who have a particular role
• Add or remove a role from a user
• List users by org
• List users who are licensed
• Bulk deactivate/reactivate users
• Bulk change usernames
• Bulk change organization
• Bulk block/unblock

Proposed API

code42 users list --having-role "Customer Cloud Admin" --active-only --org-name "Example org" 
code42 users list --licensed --deactivated-only
code42 users bulk deactivate users_to_deactivate.csv
code42 users bulk block users_to_block.csv
code42 users bulk change-username users_to_rename.csv
code42 users bulk change-organization users_to_move.csv --target-org "Example org"

Intended Use Case

There are a variety of use-cases for this command:

• Admins needing to do one-time cleanup or rename operations prior to introducing a SCIM provider
• Admins needing to audit who has particular roles in their environment
• Admins needing to determine who is consuming licenses and when
• Building temporary user access controls (i.e. granting a role, and then removing it after 10 minutes)

These are just a few examples from the top of my head, doubtless more is possible in the future.

[alanag13]

This all seems like super useful functionality that I think we can safely say we would be happy to include, but I think this should probably be broken up into smaller enhancements -- otherwise this would be a monstrous PR.

[ceciliastevens]

Yeah, that makes sense. Is there any particular way you'd prefer to have it broken up?

The one that seems clearest to me should be separate would be "list licensed users", as that's currently a standalone script and isn't especially straightforward.

[alanag13]

I'd probably break it up like:

• non-license modifications to the list command
• licensed users
• bulk block / deactivate (should include unblock / reactivate, and non-bulk versions of these commands)
• bulk change username / org (include non-bulk versions of these commands)

[alanag13]

the smaller the better (I wouldn't be upset about a PR that did just block/unblock, for example), but the above is probably the largest each PR should reasonably be, imo.

[ceciliastevens]

That makes sense. Should I file separate issues, or can we have multiple PRs all pointing back to (but not closing) this issue?

[ceciliastevens]

I know @maddie-vargo plans to work on this as well, time permitting.

[alanag13]

Keeping this one open is fine. Thanks as usual for contributing, looking forward to it!

[maddie-vargo]

I would like to suggest adding user-based legal hold membership to the list here, similar to how the devices list --include-legal-hold-membership command appends membership info for all results of the query.

Currently, the legal-hold command only reports on users on one specified legal hold. This is a gap called out in Issue #176

[timabrmsn]

The only remaining items on the summary list is the license status of users, and block/unblock commands. We have a ticket for adding block/unblock on the backlog so that will eventually make it in.

And the license report is now it's own separate issue: #266