User Provisioning Script

Problem/Feature Description

A startup's DevOps team needs to provision Linux user accounts on a fleet of servers from a CSV file generated by their HR system. Each row contains a username, full name, department, and an optional SSH public key. The script will be run by a senior engineer but needs to be auditable — every action (account created, key added, account skipped because it already exists) must be logged with a timestamp so the team can answer compliance questions later.

The script will process user-supplied data, so the team is worried about accidentally interpreting a malformed username as a shell command. They want any username that contains characters outside of the standard alphanumeric-plus-hyphen set to be rejected loudly before any system call is made, rather than causing silent corruption or a security incident.

Output Specification

Produce a file named provision_users.sh. The script should:

• Read from a CSV file provided as a command-line argument.
• Validate each username against a safe character pattern before attempting to create the account.
• Log every action at an appropriate level (info for success, warning for skipped, error for failures) with a timestamp.
• Support a dry-run mode that logs what would happen without making any system changes.

The following file is provided as an input. Extract it before beginning.

=============== FILE: inputs/users.csv =============== username,full_name,department,ssh_key alice,Alice Smith,Engineering,ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC alice@example.com bob,Bob Jones,Marketing, charlie123,Charlie Brown,Engineering,ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC charlie@example.com bad;user,Attacker,Hacking, dave-ops,Dave Wilson,Operations,ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC dave@example.com