krb_ticket: Create module

[abakanovskii]

SUMMARY

I created a krb_ticket module to serve as wrapper around kinit/klist/kdestroy

ISSUE TYPE

• New Module/Plugin Pull Request

COMPONENT NAME

krb_ticket

ADDITIONAL INFORMATION

So It is a simple yet very useful wrapper around krb5 base utilities because although It is used quite often there are not module to manage these without using shell/command modules
I took @russoz suggestion about simple unit testing using Helper class with yaml, thanks you very much :)

# Before this module
- name: Variant 1
  ansible.builtin.shell: kinit admin
  args:
    stdin: "{{ admin_password }}"
  changed_when: true

- name: Variant 2
  ansible.builtin.shell: echo {{ admin_password }} | kinit admin
  changed_when: true
  
# Now you can do something like this
- name: Will return CHANGED
  community.general.krb_ticket:
    principal: admin
    password: "{{ admin_password }}"

- name: Will return OK  
  community.general.krb_ticket:
    principal: admin
    password: "{{ admin_password }}"

[abakanovskii]

Hello @russoz! Could you please provide some help for using Helper class to unit test
It says that it can not recognize mock path although when using directly like this it should work as intended

        self.mock_run_command = patch('%s.run_command' % ansible_module_path)
        self.module_main_command = self.mock_run_command.start()
        self.mock_get_bin_path = patch('%s.get_bin_path' % ansible_module_path)
        self.get_bin_path = self.mock_get_bin_path.start()
        self.get_bin_path.return_value = '/testbin/kinit'

[russoz]

The YAML spec used has changed - apologies, I should have let you know - and the outcome of the old test structure running in the new code is that get_bin_path() does not get to be mocked, therefore it fails to find the binary and the problem cascades.

Thanks for exposing this, please do apply the necessary changes, whilst I update the docs and the code to be more comprehensive and resilient.

[russoz]

Couple of comments about your code.

[russoz]

If I may suggest, give it a try to andebox by yours truly:

https://pypi.org/project/andebox/

You can run this sanity test easily in your local machine by simply running:

$ andebox test -- sanity --docker default --python 3.10 plugins/modules/kutils.py

[abakanovskii]

If I may suggest, give it a try to andebox by yours truly:

https://pypi.org/project/andebox/

You can run this sanity test easily in your local machine by simply running:

$ andebox test -- sanity --docker default --python 3.10 plugins/modules/kutils.py

Thats very useful, thanks!

[felixfontein]

Thanks for your contribution! I have a few docs comments :)

[abakanovskii]

Thanks for the review! @felixfontein

[russoz]

Some wordsmithing: delimiters usually mean something between things - not the case here. Maybe:

Suggested change

	- "The value for O(renewable) must be followed by one of the following delimiters: V(s) - seconds, V(m) - minutes, V(h) - hours, V(d) - days."
	- "The value for O(renewable) must be followed by one of the following suffixes: V(s) - seconds, V(m) - minutes, V(h) - hours, V(d) - days."

?

[russoz]

The docs for keytab_path state that when it is provided, then keytab must be True. This required_by will not guarantee you that - it will only guarantee that keytab is not None. Maybe the module needs to check and raise and exception if keytab_path is not None and keytab is not True.

[abakanovskii]

I changed the name from kutils to krb_ticket to make it more clear for future users

[russoz]

LGTM

[felixfontein]

@abakanovskii thanks for your contribution!
@russoz thanks for reviewing!