Issue #3448936 by marvil07, drumm: Add keycloak user integrity check command

drupalorg/drupalorg.drush.inc

@@ -164,8 +164,12 @@ function drupalorg_drush_command() {
       'arguments' => [
         'differences-log-file' => 'Optional. File where the found differences information will be written to.',
       ],
+      'options' => [
+        'processed-keycloak-users-json' => 'Optional. Use a local file that contains Keycloak exported data for users, processed by migration script.',
+      ],
       'examples' => [
         'drush drupalorg-keycloak-integrity-check differences.log' => 'Find integrity check differences and write it to the passed file.',
+        'drush drupalorg-keycloak-integrity-check --processed-keycloak-users-json="/path/to/kc-user-data.json" differences.log' => 'Find integrity check differences and write it to the passed file, using kc-user-data.json as Keycloak user data source instead of its REST API.',
       ],
     ],
   ];
@@ -1961,13 +1965,55 @@ function drush_drupalorg_keycloak_integrity_check($log_filename = null) {
   ini_set('memory_limit', '-1');
 
   drush_log(dt('1. Start Keycloak users retrieval'), LogLevel::OK);
+  $keycloak_users_data = [];
+  $kc_user_data_filename = drush_get_option('processed-keycloak-users-json');
+  if (!empty($kc_user_data_filename)) {
+      $keycloak_users = json_decode(file_get_contents($kc_user_data_filename), TRUE);
+      $t1 = time();
+      $m1 = memory_get_usage();
+      drush_log(dt('(keycloak local 1) time: @time s || memory: @memory b', ['@time' => $t1 - $t0, '@memory' => $m1]), LogLevel::INFO);
+      if (is_null($keycloak_users)) {
+          drush_set_error('DRUPALORG_KEYCLOAK_INTEGRITY_KC_GET_USERS_FAIL', dt('Cannot find valid contents on passed user data file.'));
+          return FALSE;
+      }
+      $usernames_to_ignore = [
+        // Related to setup KC clients.
+        'service-account-drupalorg-drush',
+        'service-account-realm-management',
+        'service-account-migrator',
+      ];
+      foreach ($keycloak_users as $keycloak_user) {
+        if (in_array($keycloak_user['username'], $usernames_to_ignore)) {
+          continue;
+        }
+        $keycloak_users_data[$keycloak_user['uuid']] = [
+          (string) $keycloak_user['sub'],
+          $keycloak_user['uuid'],
+          $keycloak_user['username'],
+          $keycloak_user['email'],
+          $keycloak_user['enabled'],
+          $keycloak_user['created'],
+          (string) $keycloak_user['zoneinfo'],
+          (string) $keycloak_user['firstName'],
+          (string) $keycloak_user['lastName'],
+          $keycloak_user['emailVerified'],
+          $keycloak_user['confirmed'],
+          $keycloak_user['totp'],
+          (string) $keycloak_user['picture'],
+        ];
+      }
+      $keycloak_users_count = count($keycloak_users_data);
+      $t2 = time();
+      $m2 = memory_get_usage();
+      drush_log(dt('(keycloak local 2) time: @time s || memory: @memory b', ['@time' => $t2 - $t1, '@memory' => $m2]), LogLevel::INFO);
+  }
+  else {
     $integration = new KeycloakIntegration();
     // More than 1k will take a lot more time on the KC side reaching time outs
     // of 20s wich are already big; use a conservative value below that point.
     $chunk_size = 900;
     $retrieved_users = 0;
     $keycloak_users_count = $integration->countUsers();
-  $keycloak_users_data = [];
     try {
       do {
         $keycloak_users_raw = $integration->getUsers([
@@ -2007,7 +2053,7 @@ function drush_drupalorg_keycloak_integrity_check($log_filename = null) {
     }
     $t1 = time();
     $m1 = memory_get_usage();
-  drush_log(dt('(keycloak 1) time: @time s || memory: @memory b', ['@time' => $t1 - $t0, '@memory' => $m1]), LogLevel::INFO);
+    drush_log(dt('(keycloak rest 1) time: @time s || memory: @memory b', ['@time' => $t1 - $t0, '@memory' => $m1]), LogLevel::INFO);
 
     // There does not seem to be a way to get a given KC group total members
     // count without walking the whole set, and it is not part of the data in the
@@ -2045,7 +2091,8 @@ function drush_drupalorg_keycloak_integrity_check($log_filename = null) {
     }
     $t2 = time();
     $m2 = memory_get_usage();
-  drush_log(dt('(keycloak 2) time: @time s || memory: @memory b', ['@time' => $t2 - $t1, '@memory' => $m2]), LogLevel::INFO);
+    drush_log(dt('(keycloak rest 2) time: @time s || memory: @memory b', ['@time' => $t2 - $t1, '@memory' => $m2]), LogLevel::INFO);
+  }
 
   drush_log(dt('2. Start Drupal users retrieval'), LogLevel::OK);
   $pre_auth_role = variable_get('drupalorg_crosssite_email_unverified_rid', 39);