// vim: set ft=groovy sw=4 ts=4 sts=4 et :

pipeline {
    agent {
        label 'ansible'
    }

    triggers {
        cron 'H H * * *'
    }

    stages {
        stage('kinit') {
            steps {
                withCredentials([file(
                        credentialsId: 'keytab-jenkins@pyrocufflink.blue',
                        variable: 'KEYTAB')]) {
                    sh 'kinit -kt "${KEYTAB}" jenkins@PYROCUFFLINK.BLUE'
                }
            }
        }

        stage('Domain Controller') {
            steps {
                withCredentials([
                        file(
                            credentialsId: 'ansible-vault',
                            variable: 'ANSIBLE_VAULT_PASSWORD_FILE',
                        ),
                        file(
                            credentialsId: 'vault-jenkins@pyrocufflink.blue',
                            variable: 'SUDO_PASS_FILE',
                        ),
                        ]) {
                    sh '''
ansible-playbook --check --diff -b domain-controller.yml -e "@${SUDO_PASS_FILE}"
'''
                }
            }
        }
    }

    post {
        always {
            sh 'kdestroy'
        }
    }
}