def create_keytab()

in Templates/kerberosSideCar/krb_side_car.py [0:0]

• 58 lines of code
• 5 McCabe index (conditional complexity)

def create_keytab(username_arg, password_arg, directory_name_arg,
                  spn_arg, keytab_filename):
    """
    Creates kerberos keytab file in krb_dir_arg/krb5.keytab, such as
    /var/scratch/krb5.keytab
    Keytab file must be protected.
    Throws exception if keytab creation fails.
    :param username_arg: Username in Active Directory domain
    :type username_arg: basestring
    :param password_arg: Plain text password of above user
    :type password_arg: basestring
    :param directory_name_arg: Directory name of AD domain such as example.com
    :type directory_name_arg: basestring
    :param spn_arg: SPN such as HTTP://<hostname>:<port>
    :type spn_arg: basestring
    :param keytab_filename: file location of keytab
    :type keytab_filename: basestring
    :rtype: nothing
    """

    server_names = get_dc_server_names(directory_name_arg)

    keytab_creation_status = False
    for server in server_names:
        # Create keytab file
        print("Server name = " + server, flush=True)
        with subprocess.Popen(
                [
                    "msktutil", "create", "--use-service-account", "--service",
                    spn_arg,
                    "--account-name", username_arg,
                    "--server", server,
                    "-N", "--dont-change-password",
                    "--old-account-password", password_arg,
                    "--password", password_arg, "-k",
                    keytab_filename,
                    "--realm", directory_name_arg.upper()
                    # "--verbose"
                ],
                stdin=subprocess.PIPE,
                stdout=subprocess.PIPE,
                encoding="utf-8",
                shell=False
        ) as proc:
            output, error = proc.communicate(timeout=30)
            if proc.returncode != 0:
                print(
                    "keytab file create failed %d %s %s %s" % (
                        proc.returncode, error,
                        output, server), flush=True)
                continue
            else:
                print("keytab file created " + output, flush=True)
                with subprocess.Popen(
                        [
                            "kinit", "-kt", keytab_filename,
                            "-S",
                            spn_arg,
                            username_arg + "@" + directory_name_arg.upper()
                        ],
                        stdin=subprocess.PIPE,
                        stdout=subprocess.PIPE,
                        encoding="utf-8",
                        shell=False
                ) as proc:
                    output, error = proc.communicate(timeout=30)
                    if proc.returncode != 0:
                        print(
                            "keytab file verification failed %d %s %s %s" % (
                                proc.returncode, error,
                                output, server), flush=True)
                        raise NameError("ERROR** Keytab verification failed")
                    else:
                        print("Keytab file validated", flush=True)
                        keytab_creation_status = True
                        break

    if not keytab_creation_status:
        raise NameError("ERROR** keytab creation failed")
    return