def withKerberos()

in jenkins-pipeline-shared-libraries/vars/util.groovy [488:519]

• 24 lines of code
• 6 McCabe index (conditional complexity)

def withKerberos(String keytabId, Closure closure, String domain = 'REDHAT.COM', int nRetries = 5) {
    withCredentials([file(credentialsId: keytabId, variable: 'KEYTAB_FILE')]) {
        env.KERBEROS_PRINCIPAL = sh(returnStdout: true, script: "klist -kt $KEYTAB_FILE |grep $domain | awk -F' ' 'NR==1{print \$4}' ").trim()

        if (!env.KERBEROS_PRINCIPAL?.trim()) {
            throw new Exception("[ERROR] found blank KERBEROS_PRINCIPAL, kerberos authetication failed.")
        }

        // check if kerberos authentication already exists with provided principal
        def currentPrincipal = sh(returnStdout: true, script: "klist | grep -i 'Default principal' | awk -F':' 'NR==1{print \$2}' ").trim()

        if (currentPrincipal != env.KERBEROS_PRINCIPAL) {
            def kerberosStatus = 0
            for (int i = 0; i < nRetries; i++) {
                kerberosStatus = sh(returnStatus: true, script: "kinit ${env.KERBEROS_PRINCIPAL} -kt $KEYTAB_FILE")
                if (kerberosStatus == 0) {
                    // exit at first success
                    break
                }
            }

            // if the kerberos status is still != 0 after nRetries throw exception
            if (kerberosStatus != 0) {
                throw new Exception("[ERROR] kinit failed with non-zero status.")
            }
        } else {
            println "[INFO] ${env.KERBEROS_PRINCIPAL} already authenticated, skipping kinit."
        }

        closure()
    }
}