From 0a3f7c769d5fc7f5e2a9c371940fa91091f02adf Mon Sep 17 00:00:00 2001 From: Yuriy Novostavskiy Date: Tue, 19 Nov 2024 23:03:13 +0000 Subject: [PATCH 01/41] new module helm_registry_auth --- README.md | 13 +- .../20241116-helm_registry_auth.yaml | 3 + ...ernetes.core.helm_registry_auth_module.rst | 346 ++++++++++++++++++ plugins/module_utils/helm.py | 4 +- plugins/modules/helm_registry_auth.py | 252 +++++++++++++ 5 files changed, 610 insertions(+), 8 deletions(-) create mode 100644 changelogs/fragments/20241116-helm_registry_auth.yaml create mode 100644 docs/kubernetes.core.helm_registry_auth_module.rst create mode 100644 plugins/modules/helm_registry_auth.py diff --git a/README.md b/README.md index 50260f496e..553d7f08b4 100644 --- a/README.md +++ b/README.md @@ -21,7 +21,7 @@ For more information about communication, see the [Ansible communication guide]( ## Requirements -### Ansible version compatibility +## Ansible version compatibility This collection has been tested against following Ansible versions: **>=2.15.0**. @@ -47,28 +47,28 @@ This collection supports Kubernetes versions >= 1.24. Click on the name of a plugin or module to view that content's documentation: -#### Connection plugins +### Connection plugins Name | Description --- | --- [kubernetes.core.kubectl](https://github.com/ansible-collections/kubernetes.core/blob/main/docs/kubernetes.core.kubectl_connection.rst)|Execute tasks in pods running on Kubernetes. -#### K8s filter plugins +### K8s filter plugins Name | Description --- | --- kubernetes.core.k8s_config_resource_name|Generate resource name for the given resource of type ConfigMap, Secret -#### Inventory plugins +### Inventory plugins Name | Description --- | --- [kubernetes.core.k8s](https://github.com/ansible-collections/kubernetes.core/blob/main/docs/kubernetes.core.k8s_inventory.rst)|Kubernetes (K8s) inventory source -#### Lookup plugins +### Lookup plugins Name | Description --- | --- [kubernetes.core.k8s](https://github.com/ansible-collections/kubernetes.core/blob/main/docs/kubernetes.core.k8s_lookup.rst)|Query the K8s API [kubernetes.core.kustomize](https://github.com/ansible-collections/kubernetes.core/blob/main/docs/kubernetes.core.kustomize_lookup.rst)|Build a set of kubernetes resources using a 'kustomization.yaml' file. -#### Modules +### Modules Name | Description --- | --- [kubernetes.core.helm](https://github.com/ansible-collections/kubernetes.core/blob/main/docs/kubernetes.core.helm_module.rst)|Manages Kubernetes packages with the Helm package manager @@ -76,6 +76,7 @@ Name | Description [kubernetes.core.helm_plugin](https://github.com/ansible-collections/kubernetes.core/blob/main/docs/kubernetes.core.helm_plugin_module.rst)|Manage Helm plugins [kubernetes.core.helm_plugin_info](https://github.com/ansible-collections/kubernetes.core/blob/main/docs/kubernetes.core.helm_plugin_info_module.rst)|Gather information about Helm plugins [kubernetes.core.helm_pull](https://github.com/ansible-collections/kubernetes.core/blob/main/docs/kubernetes.core.helm_pull_module.rst)|download a chart from a repository and (optionally) unpack it in local directory. +[kubernetes.core.helm_registry_auth](https://github.com/ansible-collections/kubernetes.core/blob/main/docs/kubernetes.core.helm_registry_auth_module.rst)|Helm registry authentication module [kubernetes.core.helm_repository](https://github.com/ansible-collections/kubernetes.core/blob/main/docs/kubernetes.core.helm_repository_module.rst)|Manage Helm repositories. [kubernetes.core.helm_template](https://github.com/ansible-collections/kubernetes.core/blob/main/docs/kubernetes.core.helm_template_module.rst)|Render chart templates [kubernetes.core.k8s](https://github.com/ansible-collections/kubernetes.core/blob/main/docs/kubernetes.core.k8s_module.rst)|Manage Kubernetes (K8s) objects diff --git a/changelogs/fragments/20241116-helm_registry_auth.yaml b/changelogs/fragments/20241116-helm_registry_auth.yaml new file mode 100644 index 0000000000..b4391462ab --- /dev/null +++ b/changelogs/fragments/20241116-helm_registry_auth.yaml @@ -0,0 +1,3 @@ +--- +minor_changes: + - new module helm_registry_auth to support helm registry login and logout operations. diff --git a/docs/kubernetes.core.helm_registry_auth_module.rst b/docs/kubernetes.core.helm_registry_auth_module.rst new file mode 100644 index 0000000000..cd4cbd058d --- /dev/null +++ b/docs/kubernetes.core.helm_registry_auth_module.rst @@ -0,0 +1,346 @@ +.. _kubernetes.core.helm_registry_auth_module: + + +********************************** +kubernetes.core.helm_registry_auth +********************************** + +**Helm registry authentication module** + + +Version added: 5.1.0 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- Helm registry authentication module allows you to login ``helm registry login`` and logout ``helm registry logout`` from a Helm registry. + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- helm (https://github.com/helm/helm/releases) + + +Parameters +---------- + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsComments
+
+ binary_path + +
+ path +
+ 		+ +
The path of a helm binary to use.
+
+
+ ca_file + +
+ path +
+ 		+ +
Path to the CA certificate SSL file for verify registry server certificate.
+
+
+ cert_file + +
+ path +
+ 		+ +
Path to the client certificate SSL file for identify registry client using this certificate file.
+
+
+ host + +
+ string + / required +
+ 		+ +
Provide a URL for accessing the registry.
+

aliases: registry_url
+
+
+ insecure + +
+ boolean +
+ 		+
    Choices: +
  • no ←
    • +
  • yes
    • +
+ 		+
Allow connections to SSL sites without certs.
+
+
+ key_file + +
+ path +
+ 		+ +
Path to the client key SSL file for identify registry client using this key file.
+
+
+ password + +
+ string +
+ 		+ +
Password for the registry.
+

aliases: repo_password
+
+
+ state + +
+ string +
+ 		+
    Choices: +
  • present ←
    • +
  • absent
    • +
+ 		+
Desired state of the registry.
+
If set to present attempt to log in to the remote registry server using the URL specified in host.
+
If set to absent attempt to log out from the remote registry server using the URL specified in host.
+
+
+ username + +
+ string +
+ 		+ +
Username for the registry.
+

aliases: repo_username
+
+
+ + + + +Examples +-------- + +.. code-block:: yaml + + - name: Login to remote registry + kubernetes.core.helm_registry_auth: + username: admin + password: "sample_password" + host: localhost:5000 + + - name: Logout from remote registry + kubernetes.core.helm_registry_auth: + state: absent + host: localhost:5000 + + + +Return Values +------------- +Common return values are documented `here `_, the following are the fields unique to this module: + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KeyReturnedDescription
+
+ changed + +
+ boolean +
+ 		always +
+
+
+ command + +
+ string +
+ 		always +
Full `helm` command executed
+
+
Sample:
+
/usr/local/bin/helm registry login oci-registry.domain.example --username=admin --password-stdin --insecure
+
+
+ failed + +
+ boolean +
+ 		always +
Indicate if the `helm` command failed
+
+
+
+ stderr + +
+ string +
+ 		always +
Full `helm` command stderr, in case you want to display it or examine the event log. Please be note that helm binnary may print messages to stderr even if the command is successful.
+
+
Sample:
+
Login Succeeded\n
+
+
+ stderr_lines + +
+ list +
+ 		always +
Full `helm` command stderr, in case you want to display it or examine the event log
+
+
+
+ stdout + +
+ string +
+ 		always +
Full `helm` command stdout, in case you want to display it or examine the event log
+
+
+
+ stout_lines + +
+ list +
+ 		always +
Full `helm` command stdout, in case you want to display it or examine the event log
+
+
+

+ + +Status +------ + + +Authors +~~~~~~~ + +- Yuriy Novostavskiy (@yurnov) diff --git a/plugins/module_utils/helm.py b/plugins/module_utils/helm.py index 4318ff0851..0f58267b6a 100644 --- a/plugins/module_utils/helm.py +++ b/plugins/module_utils/helm.py @@ -159,11 +159,11 @@ def env_update(self): self.helm_env = self._prepare_helm_environment() return self.helm_env - def run_helm_command(self, command, fails_on_error=True): + def run_helm_command(self, command, fails_on_error=True, data=None): if not HAS_YAML: self.fail_json(msg=missing_required_lib("PyYAML"), exception=YAML_IMP_ERR) - rc, out, err = self.run_command(command, environ_update=self.env_update) + rc, out, err = self.run_command(command, environ_update=self.env_update, data=data) if fails_on_error and rc != 0: self.fail_json( msg="Failure when executing Helm command. Exited {0}.\nstdout: {1}\nstderr: {2}".format( diff --git a/plugins/modules/helm_registry_auth.py b/plugins/modules/helm_registry_auth.py new file mode 100644 index 0000000000..52885d4db3 --- /dev/null +++ b/plugins/modules/helm_registry_auth.py @@ -0,0 +1,252 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright: (c) 2024, Yuriy Novostavskiy <@yurnov> +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + + +DOCUMENTATION = r""" +--- +module: helm_registry_auth + +short_description: Helm registry authentication module + +version_added: 5.1.0 + +author: + - Yuriy Novostavskiy (@yurnov) + +requirements: + - "helm (https://github.com/helm/helm/releases)" + +description: + - Helm registry authentication module allows you to login C(helm registry login) and logout C(helm registry logout) from a Helm registry. + +options: + state: + description: + - Desired state of the registry. + - If set to C(present) attempt to log in to the remote registry server using the URL specified in I(host). + - If set to C(absent) attempt to log out from the remote registry server using the URL specified in I(host). + required: false + default: present + choices: ['present', 'absent'] + type: str + host: + description: + - Provide a URL for accessing the registry. + required: true + aliases: [ registry_url ] + type: str + insecure: + description: + - Allow connections to SSL sites without certs. + required: false + default: false + type: bool + username: + description: + - Username for the registry. + required: false + type: str + aliases: [ repo_username ] + password: + description: + - Password for the registry. + required: false + type: str + aliases: [ repo_password ] + key_file: + description: + - Path to the client key SSL file for identify registry client using this key file. + required: false + type: path + cert_file: + description: + - Path to the client certificate SSL file for identify registry client using this certificate file. + required: false + type: path + ca_file: + description: + - Path to the CA certificate SSL file for verify registry server certificate. + required: false + type: path + binary_path: + description: + - The path of a helm binary to use. + required: false + type: path +""" + +EXAMPLES = r""" +- name: Login to remote registry + kubernetes.core.helm_registry_auth: + username: admin + password: "sample_password" + host: localhost:5000 + +- name: Logout from remote registry + kubernetes.core.helm_registry_auth: + state: absent + host: localhost:5000 +""" + +RETURN = r""" +stdout: + type: str + description: Full `helm` command stdout, in case you want to display it or examine the event log + returned: always +stout_lines: + type: list + description: Full `helm` command stdout, in case you want to display it or examine the event log + returned: always +stderr: + type: str + description: Full `helm` command stderr, in case you want to display it or examine the event log. Please be note that helm binnary may print messages to stderr even if the command is successful. + returned: always + sample: 'Login Succeeded\n' +stderr_lines: + type: list + description: Full `helm` command stderr, in case you want to display it or examine the event log + returned: always +command: + type: str + description: Full `helm` command executed + returned: always + sample: '/usr/local/bin/helm registry login oci-registry.domain.example --username=admin --password-stdin --insecure' +failed: + type: bool + description: Indicate if the `helm` command failed + returned: always + sample: false +changed: + type: bool + returned: always +""" + +import copy +import traceback + + +from ansible.module_utils.basic import missing_required_lib +from ansible.module_utils.common.process import get_bin_path +from ansible_collections.kubernetes.core.plugins.module_utils.helm import ( + AnsibleHelmModule, +) +from ansible_collections.kubernetes.core.plugins.module_utils.helm_args_common import ( + HELM_AUTH_ARG_SPEC, + HELM_AUTH_MUTUALLY_EXCLUSIVE, +) + + +def argument_spec(): + arg_spec = copy.deepcopy(HELM_AUTH_ARG_SPEC) + arg_spec.update( + dict( + host=dict(type="str", aliases=["registry_url"], required=True), + state=dict( + default="present", choices=["present", "absent"], required=False + ), + insecure=dict(type="bool", default=False, required=False), + username=dict(type="str", aliases=["repo_username"], required=False), + password=dict( + type="str", aliases=["repo_password"], no_log=True, required=False + ), + key_file=dict(type="path", required=False), + cert_file=dict(type="path", required=False), + ca_file=dict(type="path", required=False), + ) + ) + return arg_spec + + +def login( + command, + host, + insecure, + username, + password, + key_file, + cert_file, + ca_file, +): + login_command = command + " registry login " + host + + if username is not None and password is not None: + login_command += " --username=" + username + " --password-stdin" + + if insecure: + login_command += " --insecure" + + if key_file is not None: + login_command += " --key-file=" + key_file + + if cert_file is not None: + login_command += " --cert-file=" + cert_file + + if ca_file is not None: + login_command += " --ca-file=" + ca_file + + return login_command + + +def logout(command, host): + return command + " registry logout " + host + + +def main(): + global module + + module = AnsibleHelmModule( + argument_spec=argument_spec(), + required_together=[["username", "password"]], + mutually_exclusive=HELM_AUTH_MUTUALLY_EXCLUSIVE, + supports_check_mode=True, + ) + + changed = False + + host = module.params.get("host") + state = module.params.get("state") + insecure = module.params.get("insecure") + username = module.params.get("username") + password = module.params.get("password") + key_file = module.params.get("key_file") + cert_file = module.params.get("cert_file") + ca_file = module.params.get("ca_file") + + helm_cmd = module.get_helm_binary() + + if state == "absent": + helm_cmd = logout(helm_cmd, host) + changed = True + elif state == "present": + helm_cmd = login( + helm_cmd, host, insecure, username, password, key_file, cert_file, ca_file + ) + changed = True + + if module.check_mode: + module.exit_json(changed=changed) + # This one is reduntant, but it's here for clarity + elif not changed: + module.exit_json(changed=False) + + rc, out, err = module.run_helm_command(helm_cmd, data=password) + + if rc != 0: + module.fail_json( + msg="Failure when executing Helm command. Exited {0}.\nstdout: {1}\nstderr: {2}".format( + rc, out, err + ), + command=helm_cmd, + ) + + module.exit_json(changed=changed, stdout=out, stderr=err, command=helm_cmd) + + +if __name__ == "__main__": + main() From a79ee9da09bcb5f4e01e341335b79a877fd1dd17 Mon Sep 17 00:00:00 2001 From: Yuriy Novostavskiy Date: Wed, 20 Nov 2024 00:27:42 +0000 Subject: [PATCH 02/41] Initial integration tests --- .../helm_registry_auth/defaults/main.yaml | 9 + .../files/registry.password | 1 + .../targets/helm_registry_auth/meta/main.yml | 3 + .../targets/helm_registry_auth/playbook.yaml | 7 + .../targets/helm_registry_auth/runme.sh | 5 + .../helm_registry_auth/tasks/main.yaml | 185 ++++++++++++++++++ tests/sanity/ignore-2.14.txt | 1 + tests/sanity/ignore-2.15.txt | 1 + tests/sanity/ignore-2.16.txt | 1 + tests/sanity/ignore-2.17.txt | 1 + tests/sanity/ignore-2.18.txt | 1 + tests/sanity/ignore-2.19.txt | 1 + 12 files changed, 216 insertions(+) create mode 100644 tests/integration/targets/helm_registry_auth/defaults/main.yaml create mode 100644 tests/integration/targets/helm_registry_auth/files/registry.password create mode 100644 tests/integration/targets/helm_registry_auth/meta/main.yml create mode 100644 tests/integration/targets/helm_registry_auth/playbook.yaml create mode 100755 tests/integration/targets/helm_registry_auth/runme.sh create mode 100644 tests/integration/targets/helm_registry_auth/tasks/main.yaml diff --git a/tests/integration/targets/helm_registry_auth/defaults/main.yaml b/tests/integration/targets/helm_registry_auth/defaults/main.yaml new file mode 100644 index 0000000000..da3f3368c7 --- /dev/null +++ b/tests/integration/targets/helm_registry_auth/defaults/main.yaml @@ -0,0 +1,9 @@ +--- +# Username and password for the registry +# ../files/registry.password contains username and hashed password +username: testuser +password: testpassword +wrong_password: 'WrongPassword' +registry_name: oci_registry +registry_port: 5000 +test_chart: https://github.com/grafana/helm-charts/releases/download/k8s-monitoring-1.6.8/k8s-monitoring-1.6.8.tgz diff --git a/tests/integration/targets/helm_registry_auth/files/registry.password b/tests/integration/targets/helm_registry_auth/files/registry.password new file mode 100644 index 0000000000..0b76d4d0c3 --- /dev/null +++ b/tests/integration/targets/helm_registry_auth/files/registry.password @@ -0,0 +1 @@ +testuser:$2y$05$PmdUjSCJYdRUZlsYy8QGWuJDiwuHtWXa28YrELlN5haeHkZ1seZZG diff --git a/tests/integration/targets/helm_registry_auth/meta/main.yml b/tests/integration/targets/helm_registry_auth/meta/main.yml new file mode 100644 index 0000000000..cf4590dee9 --- /dev/null +++ b/tests/integration/targets/helm_registry_auth/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - install_helm diff --git a/tests/integration/targets/helm_registry_auth/playbook.yaml b/tests/integration/targets/helm_registry_auth/playbook.yaml new file mode 100644 index 0000000000..6444271ae6 --- /dev/null +++ b/tests/integration/targets/helm_registry_auth/playbook.yaml @@ -0,0 +1,7 @@ +--- +- name: Test helm_registry_auth module + hosts: localhost + connection: local + gather_facts: true + roles: + - helm_registry_auth diff --git a/tests/integration/targets/helm_registry_auth/runme.sh b/tests/integration/targets/helm_registry_auth/runme.sh new file mode 100755 index 0000000000..29fda1c9af --- /dev/null +++ b/tests/integration/targets/helm_registry_auth/runme.sh @@ -0,0 +1,5 @@ +#!/usr/bin/env bash +set -eux +export ANSIBLE_CALLBACKS_ENABLED=profile_tasks +export ANSIBLE_ROLES_PATH=../ +ansible-playbook playbook.yaml "$@" diff --git a/tests/integration/targets/helm_registry_auth/tasks/main.yaml b/tests/integration/targets/helm_registry_auth/tasks/main.yaml new file mode 100644 index 0000000000..14bbdbeb23 --- /dev/null +++ b/tests/integration/targets/helm_registry_auth/tasks/main.yaml @@ -0,0 +1,185 @@ +--- +- name: Run module test + # using a shell and command module to run the test as test can be non-idempotent + # and it allow to not install any additional dependencies + block: + - name: Ensure that helm is installed + ansible.builtin.shell: helm version --client --short | grep v3 + register: _helm_version + failed_when: _helm_version.rc != 0 + + - name: Ensure that Docker demon is running + ansible.builtin.command: "docker info" + register: _docker_info + failed_when: _docker_info.rc != 0 + + - name: Create a tmpfile htpasswd directory + ansible.builtin.tempfile: + state: directory + suffix: .httppasswd + register: _tmpfile + + - name: Copy htpasswd to the tmpfile directory + ansible.builtin.copy: + src: registry.password + dest: "{{ _tmpfile.path }}/registry.password" + + - name: Setup the registry + ansible.builtin.command: >- + docker run -d --rm + -p {{ registry_port }}:5000 + --name "{{ registry_name }}" + -v "{{ _tmpfile.path }}:/auth" + -e "REGISTRY_AUTH=htpasswd" + -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" + -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/registry.password + registry:2 + register: _setup_registry + failed_when: _setup_registry.rc != 0 + + - name: Ensure that the registry is running and rechable + ansible.builtin.wait_for: + host: localhost + port: "{{ registry_port }}" + + - name: Test the registry with correct credentials to ensure that the registry is running + ansible.builtin.shell: >- + echo {{ password | quote }} | helm registry login localhost:{{ registry_port }} + -u {{ username }} --password-stdin + register: _login_correct + failed_when: _login_correct.rc != 0 + + # - name: Clean up credentials to run test on clean environment + # ansible.builtin.shell: >- + # helm registry logout localhost:{{ registry_port }} + # register: _logout + # failed_when: _logout.rc != 0 + + - name: Create directory for helm chart + ansible.builtin.tempfile: + state: directory + suffix: ".helm" + register: _destination + + - name: Pull test helm chart + ansible.builtin.uri: + url: "{{ test_chart }}" + dest: "{{ _destination.path }}/k8s-monitoring-1.6.8.tgz" + return_content: no + status_code: 200 + + # - name: Test module helm_registry_auth with correct credentials + # helm_registry_auth: + # username: "{{ username }}" + # password: "{{ password }}" + # registry: localhost:{{ registry_port }} + # state: present + # register: _helm_registry_auth_correct + # failed_when: _helm_registry_auth_correct.failed + - name: Test the registry with correct credentials (to be removed) + ansible.builtin.shell: >- + echo {{ password | quote }} | helm registry login localhost:{{ registry_port }} + -u {{ username }} --password-stdin + register: _helm_registry_auth_correct + + - name: Assert that the registry is logged in + # Helm binary prints the message to stderr, refence: https://github.com/helm/helm/issues/13464 + assert: + that: + - "'Login Succeeded' in _helm_registry_auth_correct.stderr" + # - "'{{ password }}' not in _helm_registry_auth_correct.command" + # - "'{{ password }}' not in _helm_registry_auth_correct.stdout" + # - "'{{ password }}' not in _helm_registry_auth_correct.stderr" + + - name: Ensure that push to the registry is working + ansible.builtin.shell: >- + helm push "{{ _destination.path }}/k8s-monitoring-1.6.8.tgz" oci://localhost:{{ registry_port }}/test/ + register: _save_chart + failed_when: _save_chart.rc != 0 + + - name: Assert that the chart is saved + # Helm binary prints the message to stderr, refence: https://github.com/helm/helm/issues/13464 + assert: + that: "'Pushed: localhost:{{ registry_port }}/test/k8s-monitoring' in _save_chart.stderr" + + + # - name: Test logout + # helm_registry_auth: + # registry: localhost:{{ registry_port }} + # state: absent + # register: _helm_registry_auth_logout + # failed_when: _helm_registry_auth_logout.failed + - name: Test logout (to be removed) + ansible.builtin.shell: helm registry logout localhost:{{ registry_port }} + register: _helm_registry_auth_logout + + - name: Assert logout + # Helm binary prints the message to stderr + assert: + that: "'Removing login credentials' in _helm_registry_auth_logout.stderr" + + - name: Ensure that not able to push to the registry + ansible.builtin.shell: >- + helm push "{{ _destination.path }}/k8s-monitoring-1.6.8.tgz" oci://localhost:{{ registry_port }}/test/ + register: _save_chart + failed_when: _save_chart.rc == 0 + + - name: Read content of ~/.config/helm/registry/config.json + ansible.builtin.slurp: + src: ~/.config/helm/registry/config.json + register: _config_json + + - name: Assert that auth data is remove and the chart is not saved + # Helm binary prints the message to stderr + ansible.builtin.assert: + that: + - "'push access denied' in _save_chart.stderr" + - "'authorization failed' in _save_chart.stderr" + - "_save_chart.rc != 0" + - "'localhost' not in _config_json.content | b64decode" + + # - name: Test module helm_registry_auth with wrong credentials + # helm_registry_auth: + # username: "{{ username }}" + # password: "{{ wrong_password }}" + # registry: localhost:{{ registry_port }} + # state: present + # register: _helm_registry_auth_wrong + # failed_when: _helm_registry_auth_wrong.rc == 0 + - name: Test module helm_registry_auth with wrong credentials (to be removed) + ansible.builtin.shell: >- + echo {{ wrong_password | quote }} | helm registry login localhost:{{ registry_port }} + -u {{ username }} --password-stdin + register: _helm_registry_auth_wrong + failed_when: _helm_registry_auth_wrong.rc == 0 + + - name: Read content of ~/.config/helm/registry/config.json + ansible.builtin.slurp: + src: ~/.config/helm/registry/config.json + register: _config_json + + - name: Assert that the registry is not logged in and auth data is not saved + ansible.builtin.assert: + that: + - "'401 Unauthorized' in _helm_registry_auth_wrong.stderr" + - "_helm_registry_auth_wrong.rc != 0" + # - "'{{ wrong_password }}' not in _helm_registry_auth_correct.command" + # - "'{{ wrong_password }}' not in _helm_registry_auth_correct.stdout" + # - "'{{ wrong_password }}' not in _helm_registry_auth_correct.stderr" + - "'localhost' not in _config_json.content | b64decode" + + # Clean up + always: + - name: Stop and remove the registry + ansible.builtin.command: docker stop {{ registry_name }} + ignore_errors: true + + - name: Remove the tmpfile + ansible.builtin.file: + state: absent + path: "{{ item }}" + force: true + loop: + - "{{ _tmpfile.path }}" + - "{{ _destination.path }}" + ignore_errors: true diff --git a/tests/sanity/ignore-2.14.txt b/tests/sanity/ignore-2.14.txt index 5f1713d7dc..16046a2fa4 100644 --- a/tests/sanity/ignore-2.14.txt +++ b/tests/sanity/ignore-2.14.txt @@ -25,3 +25,4 @@ plugins/modules/k8s_service.py validate-modules:return-syntax-error plugins/modules/k8s_taint.py validate-modules:return-syntax-error tests/integration/targets/k8s_delete/files/deployments.yaml yamllint!skip tests/integration/targets/helm_diff/files/test-chart-reuse-values/templates/configmap.yaml yamllint!skip +tests/integration/targets/helm_registry_auth/tasks/main.yaml yamllint!skip diff --git a/tests/sanity/ignore-2.15.txt b/tests/sanity/ignore-2.15.txt index 7eee4a23c7..05432cfdc2 100644 --- a/tests/sanity/ignore-2.15.txt +++ b/tests/sanity/ignore-2.15.txt @@ -26,3 +26,4 @@ plugins/modules/k8s_scale.py validate-modules:return-syntax-error plugins/modules/k8s_service.py validate-modules:return-syntax-error plugins/modules/k8s_taint.py validate-modules:return-syntax-error tests/integration/targets/helm_diff/files/test-chart-reuse-values/templates/configmap.yaml yamllint!skip +tests/integration/targets/helm_registry_auth/tasks/main.yaml yamllint!skip diff --git a/tests/sanity/ignore-2.16.txt b/tests/sanity/ignore-2.16.txt index c154baaf2d..6553d11af6 100644 --- a/tests/sanity/ignore-2.16.txt +++ b/tests/sanity/ignore-2.16.txt @@ -29,3 +29,4 @@ plugins/modules/k8s_scale.py validate-modules:return-syntax-error plugins/modules/k8s_service.py validate-modules:return-syntax-error plugins/modules/k8s_taint.py validate-modules:return-syntax-error tests/integration/targets/helm_diff/files/test-chart-reuse-values/templates/configmap.yaml yamllint!skip +tests/integration/targets/helm_registry_auth/tasks/main.yaml yamllint!skip diff --git a/tests/sanity/ignore-2.17.txt b/tests/sanity/ignore-2.17.txt index c154baaf2d..6553d11af6 100644 --- a/tests/sanity/ignore-2.17.txt +++ b/tests/sanity/ignore-2.17.txt @@ -29,3 +29,4 @@ plugins/modules/k8s_scale.py validate-modules:return-syntax-error plugins/modules/k8s_service.py validate-modules:return-syntax-error plugins/modules/k8s_taint.py validate-modules:return-syntax-error tests/integration/targets/helm_diff/files/test-chart-reuse-values/templates/configmap.yaml yamllint!skip +tests/integration/targets/helm_registry_auth/tasks/main.yaml yamllint!skip diff --git a/tests/sanity/ignore-2.18.txt b/tests/sanity/ignore-2.18.txt index 39dca9ac9c..76b0a9c768 100644 --- a/tests/sanity/ignore-2.18.txt +++ b/tests/sanity/ignore-2.18.txt @@ -26,3 +26,4 @@ plugins/modules/k8s_scale.py validate-modules:return-syntax-error plugins/modules/k8s_service.py validate-modules:return-syntax-error plugins/modules/k8s_taint.py validate-modules:return-syntax-error tests/integration/targets/helm_diff/files/test-chart-reuse-values/templates/configmap.yaml yamllint!skip +tests/integration/targets/helm_registry_auth/tasks/main.yaml yamllint!skip diff --git a/tests/sanity/ignore-2.19.txt b/tests/sanity/ignore-2.19.txt index 39dca9ac9c..76b0a9c768 100644 --- a/tests/sanity/ignore-2.19.txt +++ b/tests/sanity/ignore-2.19.txt @@ -26,3 +26,4 @@ plugins/modules/k8s_scale.py validate-modules:return-syntax-error plugins/modules/k8s_service.py validate-modules:return-syntax-error plugins/modules/k8s_taint.py validate-modules:return-syntax-error tests/integration/targets/helm_diff/files/test-chart-reuse-values/templates/configmap.yaml yamllint!skip +tests/integration/targets/helm_registry_auth/tasks/main.yaml yamllint!skip From 88b80ddfba865ab0bf31bd6f8ab5aa0bfe273b01 Mon Sep 17 00:00:00 2001 From: Yuriy Novostavskiy Date: Fri, 29 Nov 2024 13:44:15 +0000 Subject: [PATCH 03/41] final update copyright and integration test before pr --- plugins/modules/helm_registry_auth.py | 4 +- .../helm_registry_auth/tasks/main.yaml | 70 +++++++------------ 2 files changed, 29 insertions(+), 45 deletions(-) diff --git a/plugins/modules/helm_registry_auth.py b/plugins/modules/helm_registry_auth.py index 52885d4db3..69cd24f095 100644 --- a/plugins/modules/helm_registry_auth.py +++ b/plugins/modules/helm_registry_auth.py @@ -1,7 +1,7 @@ #!/usr/bin/python # -*- coding: utf-8 -*- -# Copyright: (c) 2024, Yuriy Novostavskiy <@yurnov> +# Copyright: © Ericsson AB 2024 # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) from __future__ import absolute_import, division, print_function @@ -39,7 +39,7 @@ description: - Provide a URL for accessing the registry. required: true - aliases: [ registry_url ] + aliases: [ registry_url ] type: str insecure: description: diff --git a/tests/integration/targets/helm_registry_auth/tasks/main.yaml b/tests/integration/targets/helm_registry_auth/tasks/main.yaml index 14bbdbeb23..3a5845a8c9 100644 --- a/tests/integration/targets/helm_registry_auth/tasks/main.yaml +++ b/tests/integration/targets/helm_registry_auth/tasks/main.yaml @@ -49,11 +49,11 @@ register: _login_correct failed_when: _login_correct.rc != 0 - # - name: Clean up credentials to run test on clean environment - # ansible.builtin.shell: >- - # helm registry logout localhost:{{ registry_port }} - # register: _logout - # failed_when: _logout.rc != 0 + - name: Clean up credentials to run test on clean environment + ansible.builtin.shell: >- + helm registry logout localhost:{{ registry_port }} + register: _logout + failed_when: _logout.rc != 0 - name: Create directory for helm chart ansible.builtin.tempfile: @@ -68,18 +68,12 @@ return_content: no status_code: 200 - # - name: Test module helm_registry_auth with correct credentials - # helm_registry_auth: - # username: "{{ username }}" - # password: "{{ password }}" - # registry: localhost:{{ registry_port }} - # state: present - # register: _helm_registry_auth_correct - # failed_when: _helm_registry_auth_correct.failed - - name: Test the registry with correct credentials (to be removed) - ansible.builtin.shell: >- - echo {{ password | quote }} | helm registry login localhost:{{ registry_port }} - -u {{ username }} --password-stdin + - name: Test module helm_registry_auth with correct credentials + helm_registry_auth: + username: "{{ username }}" + password: "{{ password }}" + registry: localhost:{{ registry_port }} + state: present register: _helm_registry_auth_correct - name: Assert that the registry is logged in @@ -87,9 +81,9 @@ assert: that: - "'Login Succeeded' in _helm_registry_auth_correct.stderr" - # - "'{{ password }}' not in _helm_registry_auth_correct.command" - # - "'{{ password }}' not in _helm_registry_auth_correct.stdout" - # - "'{{ password }}' not in _helm_registry_auth_correct.stderr" + - "'{{ password }}' not in _helm_registry_auth_correct.command" + - "'{{ password }}' not in _helm_registry_auth_correct.stdout" + - "'{{ password }}' not in _helm_registry_auth_correct.stderr" - name: Ensure that push to the registry is working ansible.builtin.shell: >- @@ -103,14 +97,10 @@ that: "'Pushed: localhost:{{ registry_port }}/test/k8s-monitoring' in _save_chart.stderr" - # - name: Test logout - # helm_registry_auth: - # registry: localhost:{{ registry_port }} - # state: absent - # register: _helm_registry_auth_logout - # failed_when: _helm_registry_auth_logout.failed - - name: Test logout (to be removed) - ansible.builtin.shell: helm registry logout localhost:{{ registry_port }} + - name: Test logout + helm_registry_auth: + registry: localhost:{{ registry_port }} + state: absent register: _helm_registry_auth_logout - name: Assert logout @@ -138,18 +128,12 @@ - "_save_chart.rc != 0" - "'localhost' not in _config_json.content | b64decode" - # - name: Test module helm_registry_auth with wrong credentials - # helm_registry_auth: - # username: "{{ username }}" - # password: "{{ wrong_password }}" - # registry: localhost:{{ registry_port }} - # state: present - # register: _helm_registry_auth_wrong - # failed_when: _helm_registry_auth_wrong.rc == 0 - - name: Test module helm_registry_auth with wrong credentials (to be removed) - ansible.builtin.shell: >- - echo {{ wrong_password | quote }} | helm registry login localhost:{{ registry_port }} - -u {{ username }} --password-stdin + - name: Test module helm_registry_auth with wrong credentials + helm_registry_auth: + username: "{{ username }}" + password: "{{ wrong_password }}" + registry: localhost:{{ registry_port }} + state: present register: _helm_registry_auth_wrong failed_when: _helm_registry_auth_wrong.rc == 0 @@ -163,9 +147,9 @@ that: - "'401 Unauthorized' in _helm_registry_auth_wrong.stderr" - "_helm_registry_auth_wrong.rc != 0" - # - "'{{ wrong_password }}' not in _helm_registry_auth_correct.command" - # - "'{{ wrong_password }}' not in _helm_registry_auth_correct.stdout" - # - "'{{ wrong_password }}' not in _helm_registry_auth_correct.stderr" + - "'{{ wrong_password }}' not in _helm_registry_auth_correct.command" + - "'{{ wrong_password }}' not in _helm_registry_auth_correct.stdout" + - "'{{ wrong_password }}' not in _helm_registry_auth_correct.stderr" - "'localhost' not in _config_json.content | b64decode" # Clean up From b15ea2ce12ed4209a2c8385b53147b13c8c44d99 Mon Sep 17 00:00:00 2001 From: Yuriy Novostavskiy Date: Fri, 29 Nov 2024 14:12:36 +0000 Subject: [PATCH 04/41] update link to pr in changelog fragment --- changelogs/fragments/20241116-helm_registry_auth.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/changelogs/fragments/20241116-helm_registry_auth.yaml b/changelogs/fragments/20241116-helm_registry_auth.yaml index b4391462ab..3d02483b86 100644 --- a/changelogs/fragments/20241116-helm_registry_auth.yaml +++ b/changelogs/fragments/20241116-helm_registry_auth.yaml @@ -1,3 +1,3 @@ --- minor_changes: - - new module helm_registry_auth to support helm registry login and logout operations. + - new module helm_registry_auth to support helm registry login and logout operations (https://github.com/ansible-collections/kubernetes.core/pull/800). From 82f00df724978d540d83782038cb10fa0143db5d Mon Sep 17 00:00:00 2001 From: Yuriy Novostavskiy Date: Fri, 29 Nov 2024 14:17:30 +0000 Subject: [PATCH 05/41] reformat plugins/module_utils/helm.py with black to fix linters in actions --- plugins/module_utils/helm.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/plugins/module_utils/helm.py b/plugins/module_utils/helm.py index 0f58267b6a..331c9ad718 100644 --- a/plugins/module_utils/helm.py +++ b/plugins/module_utils/helm.py @@ -163,7 +163,9 @@ def run_helm_command(self, command, fails_on_error=True, data=None): if not HAS_YAML: self.fail_json(msg=missing_required_lib("PyYAML"), exception=YAML_IMP_ERR) - rc, out, err = self.run_command(command, environ_update=self.env_update, data=data) + rc, out, err = self.run_command( + command, environ_update=self.env_update, data=data + ) if fails_on_error and rc != 0: self.fail_json( msg="Failure when executing Helm command. Exited {0}.\nstdout: {1}\nstderr: {2}".format( From 187efa0a62d7a7ce33a76e231d079410b69a4776 Mon Sep 17 00:00:00 2001 From: Yuriy Novostavskiy Date: Fri, 29 Nov 2024 14:30:29 +0000 Subject: [PATCH 06/41] attempt to fix unit test unit test was missing initially --- tests/unit/module_utils/test_helm.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/unit/module_utils/test_helm.py b/tests/unit/module_utils/test_helm.py index c4b09e4083..ec181b2d93 100644 --- a/tests/unit/module_utils/test_helm.py +++ b/tests/unit/module_utils/test_helm.py @@ -242,7 +242,7 @@ def test_module_run_helm_command(_ansible_helm_module): assert (rc, out, err) == (0, output, error) _ansible_helm_module.run_command.assert_called_once_with( - command, environ_update=env_update + command, environ_update=env_update, data=None ) From b1421bc7712efe966c72be40ad98e99fc3fa8ba1 Mon Sep 17 00:00:00 2001 From: Yuriy Novostavskiy Date: Fri, 29 Nov 2024 14:42:40 +0000 Subject: [PATCH 07/41] fix https://pycqa.github.io/isort/ linter --- plugins/modules/helm_registry_auth.py | 1 - 1 file changed, 1 deletion(-) diff --git a/plugins/modules/helm_registry_auth.py b/plugins/modules/helm_registry_auth.py index 69cd24f095..cfd81889ee 100644 --- a/plugins/modules/helm_registry_auth.py +++ b/plugins/modules/helm_registry_auth.py @@ -130,7 +130,6 @@ import copy import traceback - from ansible.module_utils.basic import missing_required_lib from ansible.module_utils.common.process import get_bin_path from ansible_collections.kubernetes.core.plugins.module_utils.helm import ( From 8c2d17e4be02027530ab416addda1b0037920502 Mon Sep 17 00:00:00 2001 From: Yuriy Novostavskiy Date: Fri, 29 Nov 2024 14:50:46 +0000 Subject: [PATCH 08/41] next attemp to fix unit-test --- tests/unit/modules/test_helm_template_module.py | 4 +++- tests/unit/modules/test_module_helm.py | 8 ++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/tests/unit/modules/test_helm_template_module.py b/tests/unit/modules/test_helm_template_module.py index 0ff6ad016a..499e01d921 100644 --- a/tests/unit/modules/test_helm_template_module.py +++ b/tests/unit/modules/test_helm_template_module.py @@ -51,7 +51,7 @@ def test_dependency_update_option_not_defined(self): with self.assertRaises(AnsibleExitJson) as result: helm_template.main() mock_run_command.assert_called_once_with( - "/usr/bin/helm template /tmp/path", environ_update={} + "/usr/bin/helm template /tmp/path", environ_update={}, data=None ) assert result.exception.args[0]["command"] == "/usr/bin/helm template /tmp/path" @@ -74,6 +74,7 @@ def test_dependency_update_option_false(self): mock_run_command.assert_called_once_with( "/usr/bin/helm template test --repo=https://charts.com/test", environ_update={}, + data=None, ) assert ( result.exception.args[0]["command"] @@ -95,6 +96,7 @@ def test_dependency_update_option_true(self): mock_run_command.assert_called_once_with( "/usr/bin/helm template https://charts/example.tgz --dependency-update", environ_update={}, + data=None, ) assert ( result.exception.args[0]["command"] diff --git a/tests/unit/modules/test_module_helm.py b/tests/unit/modules/test_module_helm.py index 199bd828f2..21bf791f97 100644 --- a/tests/unit/modules/test_module_helm.py +++ b/tests/unit/modules/test_module_helm.py @@ -88,6 +88,7 @@ def test_dependency_update_option_not_defined(self): mock_run_command.assert_called_once_with( "/usr/bin/helm upgrade -i --reset-values test '/tmp/path'", environ_update={"HELM_NAMESPACE": "test"}, + data=None, ) assert ( result.exception.args[0]["command"] @@ -118,6 +119,7 @@ def test_dependency_update_option_false(self): mock_run_command.assert_called_once_with( "/usr/bin/helm upgrade -i --reset-values test '/tmp/path'", environ_update={"HELM_NAMESPACE": "test"}, + data=None, ) assert ( result.exception.args[0]["command"] @@ -251,6 +253,7 @@ def test_dependency_update_option_not_defined(self): mock_run_command.assert_called_once_with( "/usr/bin/helm --repo=http://repo.example/charts upgrade -i --reset-values test 'chart1'", environ_update={"HELM_NAMESPACE": "test"}, + data=None, ) assert ( result.exception.args[0]["command"] @@ -280,6 +283,7 @@ def test_dependency_update_option_False(self): mock_run_command.assert_called_once_with( "/usr/bin/helm --repo=http://repo.example/charts upgrade -i --reset-values test 'chart1'", environ_update={"HELM_NAMESPACE": "test"}, + data=None, ) assert ( result.exception.args[0]["command"] @@ -338,6 +342,7 @@ def test_dependency_update_option_True_and_replace_option_enabled(self): mock_run_command.assert_called_once_with( "/usr/bin/helm --repo=http://repo.example/charts install --dependency-update --replace test 'chart1'", environ_update={"HELM_NAMESPACE": "test"}, + data=None, ) assert ( result.exception.args[0]["command"] @@ -405,6 +410,7 @@ def test_dependency_update_option_not_defined(self): mock_run_command.assert_called_once_with( "/usr/bin/helm upgrade -i --reset-values test 'http://repo.example/charts/application.tgz'", environ_update={"HELM_NAMESPACE": "test"}, + data=None, ) assert ( result.exception.args[0]["command"] @@ -433,6 +439,7 @@ def test_dependency_update_option_False(self): mock_run_command.assert_called_once_with( "/usr/bin/helm upgrade -i --reset-values test 'http://repo.example/charts/application.tgz'", environ_update={"HELM_NAMESPACE": "test"}, + data=None, ) assert ( result.exception.args[0]["command"] @@ -489,6 +496,7 @@ def test_dependency_update_option_True_and_replace_option_enabled(self): mock_run_command.assert_called_once_with( "/usr/bin/helm install --dependency-update --replace test 'http://repo.example/charts/application.tgz'", environ_update={"HELM_NAMESPACE": "test"}, + data=None, ) assert ( result.exception.args[0]["command"] From 68ba05deb86bb3dc80558eac4d4202a747ce86ee Mon Sep 17 00:00:00 2001 From: Yuriy Novostavskiy Date: Fri, 29 Nov 2024 15:05:57 +0000 Subject: [PATCH 09/41] remove unused and unsupported helm_args_common --- plugins/modules/helm_registry_auth.py | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/plugins/modules/helm_registry_auth.py b/plugins/modules/helm_registry_auth.py index cfd81889ee..fcaf742485 100644 --- a/plugins/modules/helm_registry_auth.py +++ b/plugins/modules/helm_registry_auth.py @@ -123,6 +123,7 @@ returned: always sample: false changed: + description: Indicate if the state of the registry was changed type: bool returned: always """ @@ -135,14 +136,9 @@ from ansible_collections.kubernetes.core.plugins.module_utils.helm import ( AnsibleHelmModule, ) -from ansible_collections.kubernetes.core.plugins.module_utils.helm_args_common import ( - HELM_AUTH_ARG_SPEC, - HELM_AUTH_MUTUALLY_EXCLUSIVE, -) def argument_spec(): - arg_spec = copy.deepcopy(HELM_AUTH_ARG_SPEC) arg_spec.update( dict( host=dict(type="str", aliases=["registry_url"], required=True), @@ -202,7 +198,7 @@ def main(): module = AnsibleHelmModule( argument_spec=argument_spec(), required_together=[["username", "password"]], - mutually_exclusive=HELM_AUTH_MUTUALLY_EXCLUSIVE, + mutually_exclusive=None, supports_check_mode=True, ) From 65641ba2caa5efe831513e277943a9f6766951de Mon Sep 17 00:00:00 2001 From: Yuriy Novostavskiy Date: Fri, 29 Nov 2024 15:24:15 +0000 Subject: [PATCH 10/41] remove unused imports and fix other linters errors --- docs/kubernetes.core.helm_registry_auth_module.rst | 1 + plugins/modules/helm_registry_auth.py | 13 +++++-------- 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/docs/kubernetes.core.helm_registry_auth_module.rst b/docs/kubernetes.core.helm_registry_auth_module.rst index cd4cbd058d..a6114830e6 100644 --- a/docs/kubernetes.core.helm_registry_auth_module.rst +++ b/docs/kubernetes.core.helm_registry_auth_module.rst @@ -235,6 +235,7 @@ Common return values are documented `here always +
Indicate if the state of the registry was changed

diff --git a/plugins/modules/helm_registry_auth.py b/plugins/modules/helm_registry_auth.py index fcaf742485..217ffc0696 100644 --- a/plugins/modules/helm_registry_auth.py +++ b/plugins/modules/helm_registry_auth.py @@ -105,7 +105,9 @@ returned: always stderr: type: str - description: Full `helm` command stderr, in case you want to display it or examine the event log. Please be note that helm binnary may print messages to stderr even if the command is successful. + description: >- + Full `helm` command stderr, in case you want to display it or examine the event log. + Please be note that helm binnary may print messages to stderr even if the command is successful. returned: always sample: 'Login Succeeded\n' stderr_lines: @@ -128,17 +130,12 @@ returned: always """ -import copy -import traceback - -from ansible.module_utils.basic import missing_required_lib -from ansible.module_utils.common.process import get_bin_path from ansible_collections.kubernetes.core.plugins.module_utils.helm import ( AnsibleHelmModule, ) -def argument_spec(): +def arg_spec(): arg_spec.update( dict( host=dict(type="str", aliases=["registry_url"], required=True), @@ -196,7 +193,7 @@ def main(): global module module = AnsibleHelmModule( - argument_spec=argument_spec(), + argument_spec=arg_spec(), required_together=[["username", "password"]], mutually_exclusive=None, supports_check_mode=True, From ef29dc9f350b2abcf8299ee4068b19db1ff5a05e Mon Sep 17 00:00:00 2001 From: Yuriy Novostavskiy Date: Fri, 29 Nov 2024 15:39:46 +0000 Subject: [PATCH 11/41] another fix for unit test --- tests/unit/modules/test_module_helm.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/unit/modules/test_module_helm.py b/tests/unit/modules/test_module_helm.py index 21bf791f97..c22730e175 100644 --- a/tests/unit/modules/test_module_helm.py +++ b/tests/unit/modules/test_module_helm.py @@ -149,6 +149,7 @@ def test_dependency_update_option_true(self): call( "/usr/bin/helm upgrade -i --reset-values test '/tmp/path'", environ_update={"HELM_NAMESPACE": "test"}, + data=None, ) ] ) @@ -183,6 +184,7 @@ def test_dependency_update_option_true_without_dependencies_block(self): call( "/usr/bin/helm upgrade -i --reset-values test '/tmp/path'", environ_update={"HELM_NAMESPACE": "test"}, + data=None, ) ] ) From bbe2dc5271439098f833718c72782d4ac89c5cf9 Mon Sep 17 00:00:00 2001 From: Yuriy Novostavskiy Date: Fri, 29 Nov 2024 15:47:05 +0000 Subject: [PATCH 12/41] fix issue introducied by commit ff02893a12a31f9c44b5c48f9a8bf85057295961 --- plugins/modules/helm_registry_auth.py | 27 +++++++++++---------------- 1 file changed, 11 insertions(+), 16 deletions(-) diff --git a/plugins/modules/helm_registry_auth.py b/plugins/modules/helm_registry_auth.py index 217ffc0696..223371e2a0 100644 --- a/plugins/modules/helm_registry_auth.py +++ b/plugins/modules/helm_registry_auth.py @@ -136,23 +136,18 @@ def arg_spec(): - arg_spec.update( - dict( - host=dict(type="str", aliases=["registry_url"], required=True), - state=dict( - default="present", choices=["present", "absent"], required=False - ), - insecure=dict(type="bool", default=False, required=False), - username=dict(type="str", aliases=["repo_username"], required=False), - password=dict( - type="str", aliases=["repo_password"], no_log=True, required=False - ), - key_file=dict(type="path", required=False), - cert_file=dict(type="path", required=False), - ca_file=dict(type="path", required=False), - ) + return dict( + host=dict(type="str", aliases=["registry_url"], required=True), + state=dict(default="present", choices=["present", "absent"], required=False), + insecure=dict(type="bool", default=False, required=False), + username=dict(type="str", aliases=["repo_username"], required=False), + password=dict( + type="str", aliases=["repo_password"], no_log=True, required=False + ), + key_file=dict(type="path", required=False), + cert_file=dict(type="path", required=False), + ca_file=dict(type="path", required=False), ) - return arg_spec def login( From 61c6926c04310a5fe235f44e3211db25a72614c7 Mon Sep 17 00:00:00 2001 From: Yuriy Novostavskiy Date: Fri, 29 Nov 2024 16:04:39 +0000 Subject: [PATCH 13/41] add binary_path to arg_spec --- plugins/modules/helm_registry_auth.py | 1 + 1 file changed, 1 insertion(+) diff --git a/plugins/modules/helm_registry_auth.py b/plugins/modules/helm_registry_auth.py index 223371e2a0..98f7c6502e 100644 --- a/plugins/modules/helm_registry_auth.py +++ b/plugins/modules/helm_registry_auth.py @@ -137,6 +137,7 @@ def arg_spec(): return dict( + binary_path=dict(type="path", required=False), host=dict(type="str", aliases=["registry_url"], required=True), state=dict(default="present", choices=["present", "absent"], required=False), insecure=dict(type="bool", default=False, required=False), From a6100bcd827b8b57a6633eb2cbb6813287211419 Mon Sep 17 00:00:00 2001 From: Yuriy Novostavskiy Date: Wed, 11 Dec 2024 14:59:10 +0000 Subject: [PATCH 14/41] return helm_cmd in the output of check mode remove changlog fragment --- changelogs/fragments/20241116-helm_registry_auth.yaml | 3 --- plugins/modules/helm_registry_auth.py | 2 +- 2 files changed, 1 insertion(+), 4 deletions(-) delete mode 100644 changelogs/fragments/20241116-helm_registry_auth.yaml diff --git a/changelogs/fragments/20241116-helm_registry_auth.yaml b/changelogs/fragments/20241116-helm_registry_auth.yaml deleted file mode 100644 index 3d02483b86..0000000000 --- a/changelogs/fragments/20241116-helm_registry_auth.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -minor_changes: - - new module helm_registry_auth to support helm registry login and logout operations (https://github.com/ansible-collections/kubernetes.core/pull/800). diff --git a/plugins/modules/helm_registry_auth.py b/plugins/modules/helm_registry_auth.py index 98f7c6502e..5d79c84ce8 100644 --- a/plugins/modules/helm_registry_auth.py +++ b/plugins/modules/helm_registry_auth.py @@ -218,7 +218,7 @@ def main(): changed = True if module.check_mode: - module.exit_json(changed=changed) + module.exit_json(changed=changed, command=helm_cmd) # This one is reduntant, but it's here for clarity elif not changed: module.exit_json(changed=False) From f2d507a8e0f3767650ad0635ecd77fb9d1e77c12 Mon Sep 17 00:00:00 2001 From: Yuriy Novostavskiy Date: Wed, 11 Dec 2024 18:36:39 +0200 Subject: [PATCH 15/41] description suggestion from reviewer/maintainer Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com> --- plugins/modules/helm_registry_auth.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/helm_registry_auth.py b/plugins/modules/helm_registry_auth.py index 5d79c84ce8..36876f1fbd 100644 --- a/plugins/modules/helm_registry_auth.py +++ b/plugins/modules/helm_registry_auth.py @@ -29,7 +29,7 @@ state: description: - Desired state of the registry. - - If set to C(present) attempt to log in to the remote registry server using the URL specified in I(host). + - If set to V(present) attempt to log in to the remote registry server using the URL specified in O(host). - If set to C(absent) attempt to log out from the remote registry server using the URL specified in I(host). required: false default: present From dedfc3ce4d5d95ca9efdbe2bb879ffc689781c94 Mon Sep 17 00:00:00 2001 From: Yuriy Novostavskiy Date: Wed, 11 Dec 2024 18:36:59 +0200 Subject: [PATCH 16/41] description suggestion from reviewer/maintainer Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com> --- plugins/modules/helm_registry_auth.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/helm_registry_auth.py b/plugins/modules/helm_registry_auth.py index 36876f1fbd..01130a7029 100644 --- a/plugins/modules/helm_registry_auth.py +++ b/plugins/modules/helm_registry_auth.py @@ -30,7 +30,7 @@ description: - Desired state of the registry. - If set to V(present) attempt to log in to the remote registry server using the URL specified in O(host). - - If set to C(absent) attempt to log out from the remote registry server using the URL specified in I(host). + - If set to V(absent) attempt to log out from the remote registry server using the URL specified in O(host). required: false default: present choices: ['present', 'absent'] From 2f8857ef0dd3af7f00d4b8ac629b8de04b15aee6 Mon Sep 17 00:00:00 2001 From: Yuriy Novostavskiy Date: Wed, 11 Dec 2024 18:37:17 +0200 Subject: [PATCH 17/41] description suggestion from reviewer/maintainer Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com> --- plugins/modules/helm_registry_auth.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/helm_registry_auth.py b/plugins/modules/helm_registry_auth.py index 01130a7029..a399c91294 100644 --- a/plugins/modules/helm_registry_auth.py +++ b/plugins/modules/helm_registry_auth.py @@ -97,7 +97,7 @@ RETURN = r""" stdout: type: str - description: Full `helm` command stdout, in case you want to display it or examine the event log + description: Full C(helm) command stdout, in case you want to display it or examine the event log returned: always stout_lines: type: list From 7c4372c32f947cc065f8b160152e43a9e64fd095 Mon Sep 17 00:00:00 2001 From: Yuriy Novostavskiy Date: Wed, 11 Dec 2024 18:37:31 +0200 Subject: [PATCH 18/41] description suggestion from reviewer/maintainer Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com> --- plugins/modules/helm_registry_auth.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/helm_registry_auth.py b/plugins/modules/helm_registry_auth.py index a399c91294..8e17568162 100644 --- a/plugins/modules/helm_registry_auth.py +++ b/plugins/modules/helm_registry_auth.py @@ -101,7 +101,7 @@ returned: always stout_lines: type: list - description: Full `helm` command stdout, in case you want to display it or examine the event log + description: Full C(helm) command stdout, in case you want to display it or examine the event log returned: always stderr: type: str From 17299d942107f8e6876995951f2a2815300d8101 Mon Sep 17 00:00:00 2001 From: Yuriy Novostavskiy Date: Wed, 11 Dec 2024 18:37:46 +0200 Subject: [PATCH 19/41] description suggestion from reviewer/maintainer Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com> --- plugins/modules/helm_registry_auth.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/helm_registry_auth.py b/plugins/modules/helm_registry_auth.py index 8e17568162..75762a107b 100644 --- a/plugins/modules/helm_registry_auth.py +++ b/plugins/modules/helm_registry_auth.py @@ -106,7 +106,7 @@ stderr: type: str description: >- - Full `helm` command stderr, in case you want to display it or examine the event log. + Full C(helm) command stderr, in case you want to display it or examine the event log. Please be note that helm binnary may print messages to stderr even if the command is successful. returned: always sample: 'Login Succeeded\n' From 591d238bb16c99584aea489dc9b410955e00d52f Mon Sep 17 00:00:00 2001 From: Yuriy Novostavskiy Date: Wed, 11 Dec 2024 18:38:05 +0200 Subject: [PATCH 20/41] description suggestion from reviewer/maintainer Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com> --- plugins/modules/helm_registry_auth.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/helm_registry_auth.py b/plugins/modules/helm_registry_auth.py index 75762a107b..a0370e52bd 100644 --- a/plugins/modules/helm_registry_auth.py +++ b/plugins/modules/helm_registry_auth.py @@ -112,7 +112,7 @@ sample: 'Login Succeeded\n' stderr_lines: type: list - description: Full `helm` command stderr, in case you want to display it or examine the event log + description: Full C(helm) command stderr, in case you want to display it or examine the event log returned: always command: type: str From 22d04bdda7119e138b5eab50c2d38b90c5436cb5 Mon Sep 17 00:00:00 2001 From: Yuriy Novostavskiy Date: Wed, 11 Dec 2024 18:38:22 +0200 Subject: [PATCH 21/41] description suggestion from reviewer/maintainer Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com> --- plugins/modules/helm_registry_auth.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/helm_registry_auth.py b/plugins/modules/helm_registry_auth.py index a0370e52bd..1600b386cc 100644 --- a/plugins/modules/helm_registry_auth.py +++ b/plugins/modules/helm_registry_auth.py @@ -116,7 +116,7 @@ returned: always command: type: str - description: Full `helm` command executed + description: Full C(helm) command executed returned: always sample: '/usr/local/bin/helm registry login oci-registry.domain.example --username=admin --password-stdin --insecure' failed: From 11d70546629d475a388d690672e0fbef42290558 Mon Sep 17 00:00:00 2001 From: Yuriy Novostavskiy Date: Wed, 11 Dec 2024 18:38:51 +0200 Subject: [PATCH 22/41] description suggestion from reviewer/maintainer Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com> --- plugins/modules/helm_registry_auth.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/helm_registry_auth.py b/plugins/modules/helm_registry_auth.py index 1600b386cc..c6f8dc2397 100644 --- a/plugins/modules/helm_registry_auth.py +++ b/plugins/modules/helm_registry_auth.py @@ -121,7 +121,7 @@ sample: '/usr/local/bin/helm registry login oci-registry.domain.example --username=admin --password-stdin --insecure' failed: type: bool - description: Indicate if the `helm` command failed + description: Indicate if the C(helm) command failed returned: always sample: false changed: From 9ee99e4ed06d56fc3e4c32abe1157dc0f513f5e0 Mon Sep 17 00:00:00 2001 From: Yuriy Novostavskiy Date: Wed, 11 Dec 2024 18:39:35 +0200 Subject: [PATCH 23/41] remove changed from module return Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com> --- plugins/modules/helm_registry_auth.py | 4 ---- 1 file changed, 4 deletions(-) diff --git a/plugins/modules/helm_registry_auth.py b/plugins/modules/helm_registry_auth.py index c6f8dc2397..e8a71ae6be 100644 --- a/plugins/modules/helm_registry_auth.py +++ b/plugins/modules/helm_registry_auth.py @@ -124,10 +124,6 @@ description: Indicate if the C(helm) command failed returned: always sample: false -changed: - description: Indicate if the state of the registry was changed - type: bool - returned: always """ from ansible_collections.kubernetes.core.plugins.module_utils.helm import ( From 0592294dd40047e9161d33b3df1db9901a246fe9 Mon Sep 17 00:00:00 2001 From: Yuriy Novostavskiy Date: Wed, 11 Dec 2024 18:41:01 +0200 Subject: [PATCH 24/41] remove redundant code Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com> --- plugins/modules/helm_registry_auth.py | 3 --- 1 file changed, 3 deletions(-) diff --git a/plugins/modules/helm_registry_auth.py b/plugins/modules/helm_registry_auth.py index e8a71ae6be..06eecf2925 100644 --- a/plugins/modules/helm_registry_auth.py +++ b/plugins/modules/helm_registry_auth.py @@ -215,9 +215,6 @@ def main(): if module.check_mode: module.exit_json(changed=changed, command=helm_cmd) - # This one is reduntant, but it's here for clarity - elif not changed: - module.exit_json(changed=False) rc, out, err = module.run_helm_command(helm_cmd, data=password) From 50e47b520dbfebc55158176856168ddbdca34318 Mon Sep 17 00:00:00 2001 From: Yuriy Novostavskiy Date: Wed, 11 Dec 2024 18:41:31 +0200 Subject: [PATCH 25/41] Update plugins/modules/helm_registry_auth.py Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com> --- plugins/modules/helm_registry_auth.py | 1 - 1 file changed, 1 deletion(-) diff --git a/plugins/modules/helm_registry_auth.py b/plugins/modules/helm_registry_auth.py index 06eecf2925..ad9dd8150e 100644 --- a/plugins/modules/helm_registry_auth.py +++ b/plugins/modules/helm_registry_auth.py @@ -187,7 +187,6 @@ def main(): module = AnsibleHelmModule( argument_spec=arg_spec(), required_together=[["username", "password"]], - mutually_exclusive=None, supports_check_mode=True, ) From 8d2ddf29fc3ccdcf2aacab8822f5914d849f1db3 Mon Sep 17 00:00:00 2001 From: Yuriy Novostavskiy Date: Wed, 11 Dec 2024 18:44:48 +0200 Subject: [PATCH 26/41] consider support of logout when user is not logged in Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com> --- plugins/modules/helm_registry_auth.py | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/plugins/modules/helm_registry_auth.py b/plugins/modules/helm_registry_auth.py index ad9dd8150e..62bcef9e63 100644 --- a/plugins/modules/helm_registry_auth.py +++ b/plugins/modules/helm_registry_auth.py @@ -218,12 +218,15 @@ def main(): rc, out, err = module.run_helm_command(helm_cmd, data=password) if rc != 0: - module.fail_json( - msg="Failure when executing Helm command. Exited {0}.\nstdout: {1}\nstderr: {2}".format( + if state == "absent" and "Error: not logged in" in err: + changed = False + else: + module.fail_json( + msg="Failure when executing Helm command. Exited {0}.\nstdout: {1}\nstderr: {2}".format( rc, out, err - ), - command=helm_cmd, - ) + ), + command=helm_cmd, + ) module.exit_json(changed=changed, stdout=out, stderr=err, command=helm_cmd) From f20004d196cd746ecc06660dceed071a18446825 Mon Sep 17 00:00:00 2001 From: Yuriy Novostavskiy Date: Wed, 11 Dec 2024 16:51:30 +0000 Subject: [PATCH 27/41] consider support helm < 3.0.0 --- plugins/module_utils/helm.py | 3 +++ plugins/modules/helm_registry_auth.py | 8 ++++---- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/plugins/module_utils/helm.py b/plugins/module_utils/helm.py index 331c9ad718..f36fe79de9 100644 --- a/plugins/module_utils/helm.py +++ b/plugins/module_utils/helm.py @@ -151,6 +151,9 @@ def _prepare_helm_environment(self): env_update["KUBECONFIG"] = kubeconfig_path self.add_cleanup_file(kubeconfig_path) + if LooseVersion(self.get_helm_version()) < LooseVersion("3.0.0"): + env_update["HELM_EXPERIMENTAL_OCI"] = "1" + return env_update @property diff --git a/plugins/modules/helm_registry_auth.py b/plugins/modules/helm_registry_auth.py index 62bcef9e63..058f518a81 100644 --- a/plugins/modules/helm_registry_auth.py +++ b/plugins/modules/helm_registry_auth.py @@ -223,10 +223,10 @@ def main(): else: module.fail_json( msg="Failure when executing Helm command. Exited {0}.\nstdout: {1}\nstderr: {2}".format( - rc, out, err - ), - command=helm_cmd, - ) + rc, out, err + ), + command=helm_cmd, + ) module.exit_json(changed=changed, stdout=out, stderr=err, command=helm_cmd) From 37916365aade61de8566230e27a5c0576ae9e261 Mon Sep 17 00:00:00 2001 From: Yuriy Novostavskiy Date: Wed, 11 Dec 2024 16:57:44 +0000 Subject: [PATCH 28/41] Revert "consider support helm < 3.0.0" This reverts commit f20004d196cd746ecc06660dceed071a18446825. --- plugins/module_utils/helm.py | 3 --- plugins/modules/helm_registry_auth.py | 8 ++++---- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/plugins/module_utils/helm.py b/plugins/module_utils/helm.py index f36fe79de9..331c9ad718 100644 --- a/plugins/module_utils/helm.py +++ b/plugins/module_utils/helm.py @@ -151,9 +151,6 @@ def _prepare_helm_environment(self): env_update["KUBECONFIG"] = kubeconfig_path self.add_cleanup_file(kubeconfig_path) - if LooseVersion(self.get_helm_version()) < LooseVersion("3.0.0"): - env_update["HELM_EXPERIMENTAL_OCI"] = "1" - return env_update @property diff --git a/plugins/modules/helm_registry_auth.py b/plugins/modules/helm_registry_auth.py index 058f518a81..62bcef9e63 100644 --- a/plugins/modules/helm_registry_auth.py +++ b/plugins/modules/helm_registry_auth.py @@ -223,10 +223,10 @@ def main(): else: module.fail_json( msg="Failure when executing Helm command. Exited {0}.\nstdout: {1}\nstderr: {2}".format( - rc, out, err - ), - command=helm_cmd, - ) + rc, out, err + ), + command=helm_cmd, + ) module.exit_json(changed=changed, stdout=out, stderr=err, command=helm_cmd) From 741bc9752fe46a3f1ba7bfc447d69736259ea006 Mon Sep 17 00:00:00 2001 From: Yuriy Novostavskiy Date: Wed, 11 Dec 2024 17:05:20 +0000 Subject: [PATCH 29/41] reintroduce support of helm version less than 3.8.0 reference: https://helm.sh/docs/topics/registries/#enabling-oci-support-prior-to-v380 --- plugins/module_utils/helm.py | 3 +++ plugins/modules/helm_registry_auth.py | 8 ++++---- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/plugins/module_utils/helm.py b/plugins/module_utils/helm.py index 331c9ad718..c6eb517890 100644 --- a/plugins/module_utils/helm.py +++ b/plugins/module_utils/helm.py @@ -151,6 +151,9 @@ def _prepare_helm_environment(self): env_update["KUBECONFIG"] = kubeconfig_path self.add_cleanup_file(kubeconfig_path) + if LooseVersion(self.get_helm_version()) < LooseVersion("3.8.0"): + env_update["HELM_EXPERIMENTAL_OCI"] = "true" + return env_update @property diff --git a/plugins/modules/helm_registry_auth.py b/plugins/modules/helm_registry_auth.py index 62bcef9e63..058f518a81 100644 --- a/plugins/modules/helm_registry_auth.py +++ b/plugins/modules/helm_registry_auth.py @@ -223,10 +223,10 @@ def main(): else: module.fail_json( msg="Failure when executing Helm command. Exited {0}.\nstdout: {1}\nstderr: {2}".format( - rc, out, err - ), - command=helm_cmd, - ) + rc, out, err + ), + command=helm_cmd, + ) module.exit_json(changed=changed, stdout=out, stderr=err, command=helm_cmd) From 1cf7964dbec50595fca9d00e7e7f3809080f7367 Mon Sep 17 00:00:00 2001 From: Yuriy Novostavskiy Date: Wed, 11 Dec 2024 17:18:30 +0000 Subject: [PATCH 30/41] revert reintroducing support of helm < 3.8.0 reason: didn't find a quick way to deal with tests --- plugins/module_utils/helm.py | 3 --- plugins/modules/helm_registry_auth.py | 2 +- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/plugins/module_utils/helm.py b/plugins/module_utils/helm.py index c6eb517890..331c9ad718 100644 --- a/plugins/module_utils/helm.py +++ b/plugins/module_utils/helm.py @@ -151,9 +151,6 @@ def _prepare_helm_environment(self): env_update["KUBECONFIG"] = kubeconfig_path self.add_cleanup_file(kubeconfig_path) - if LooseVersion(self.get_helm_version()) < LooseVersion("3.8.0"): - env_update["HELM_EXPERIMENTAL_OCI"] = "true" - return env_update @property diff --git a/plugins/modules/helm_registry_auth.py b/plugins/modules/helm_registry_auth.py index 058f518a81..d09650645e 100644 --- a/plugins/modules/helm_registry_auth.py +++ b/plugins/modules/helm_registry_auth.py @@ -20,7 +20,7 @@ - Yuriy Novostavskiy (@yurnov) requirements: - - "helm (https://github.com/helm/helm/releases)" + - "helm (https://github.com/helm/helm/releases) => 3.8.0" description: - Helm registry authentication module allows you to login C(helm registry login) and logout C(helm registry logout) from a Helm registry. From 55598634c097874b3c53502dc231eb8d50b0e523 Mon Sep 17 00:00:00 2001 From: Yuriy Novostavskiy Date: Wed, 11 Dec 2024 17:20:07 +0000 Subject: [PATCH 31/41] update documentation with the recent module updates --- ...ernetes.core.helm_registry_auth_module.rst | 33 +++++-------------- 1 file changed, 9 insertions(+), 24 deletions(-) diff --git a/docs/kubernetes.core.helm_registry_auth_module.rst b/docs/kubernetes.core.helm_registry_auth_module.rst index a6114830e6..5860749f0c 100644 --- a/docs/kubernetes.core.helm_registry_auth_module.rst +++ b/docs/kubernetes.core.helm_registry_auth_module.rst @@ -25,7 +25,7 @@ Requirements ------------ The below requirements are needed on the host that executes this module. -- helm (https://github.com/helm/helm/releases) +- helm (https://github.com/helm/helm/releases) => 3.8.0 Parameters @@ -168,8 +168,8 @@ Parameters
Desired state of the registry.
-
If set to present attempt to log in to the remote registry server using the URL specified in host.
-
If set to absent attempt to log out from the remote registry server using the URL specified in host.
+
If set to V(present) attempt to log in to the remote registry server using the URL specified in O(host).
+
If set to V(absent) attempt to log out from the remote registry server using the URL specified in O(host).
@@ -224,21 +224,6 @@ Common return values are documented `here Returned Description - - -
- changed - -
- boolean -
- - always - -
Indicate if the state of the registry was changed
-
- -
@@ -250,7 +235,7 @@ Common return values are documented `here always -
Full `helm` command executed
+
Full helm command executed

Sample:
/usr/local/bin/helm registry login oci-registry.domain.example --username=admin --password-stdin --insecure
@@ -267,7 +252,7 @@ Common return values are documented `here always -
Indicate if the `helm` command failed
+
Indicate if the helm command failed

@@ -282,7 +267,7 @@ Common return values are documented `here always -
Full `helm` command stderr, in case you want to display it or examine the event log. Please be note that helm binnary may print messages to stderr even if the command is successful.
+
Full helm command stderr, in case you want to display it or examine the event log. Please be note that helm binnary may print messages to stderr even if the command is successful.

Sample:
Login Succeeded\n
@@ -299,7 +284,7 @@ Common return values are documented `here always -
Full `helm` command stderr, in case you want to display it or examine the event log
+
Full helm command stderr, in case you want to display it or examine the event log

@@ -314,7 +299,7 @@ Common return values are documented `here always -
Full `helm` command stdout, in case you want to display it or examine the event log
+
Full helm command stdout, in case you want to display it or examine the event log

@@ -329,7 +314,7 @@ Common return values are documented `here always -
Full `helm` command stdout, in case you want to display it or examine the event log
+
Full helm command stdout, in case you want to display it or examine the event log

From 8dc6a3afb6020ea6da8b6df514371e60a2178b40 Mon Sep 17 00:00:00 2001 From: Yuriy Novostavskiy Date: Thu, 12 Dec 2024 13:16:29 +0200 Subject: [PATCH 32/41] Update plugins/modules/helm_registry_auth.py Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com> --- plugins/modules/helm_registry_auth.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/helm_registry_auth.py b/plugins/modules/helm_registry_auth.py index d09650645e..2964126d2b 100644 --- a/plugins/modules/helm_registry_auth.py +++ b/plugins/modules/helm_registry_auth.py @@ -215,7 +215,7 @@ def main(): if module.check_mode: module.exit_json(changed=changed, command=helm_cmd) - rc, out, err = module.run_helm_command(helm_cmd, data=password) + rc, out, err = module.run_helm_command(helm_cmd, data=password, fails_on_error=False) if rc != 0: if state == "absent" and "Error: not logged in" in err: From 8ac0bc49b026f7e71347c453412c1d468762f3cf Mon Sep 17 00:00:00 2001 From: Yuriy Novostavskiy Date: Thu, 12 Dec 2024 13:17:32 +0200 Subject: [PATCH 33/41] add test of logout impendency Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com> --- .../targets/helm_registry_auth/tasks/main.yaml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tests/integration/targets/helm_registry_auth/tasks/main.yaml b/tests/integration/targets/helm_registry_auth/tasks/main.yaml index 3a5845a8c9..8b9b81f00f 100644 --- a/tests/integration/targets/helm_registry_auth/tasks/main.yaml +++ b/tests/integration/targets/helm_registry_auth/tasks/main.yaml @@ -107,6 +107,16 @@ # Helm binary prints the message to stderr assert: that: "'Removing login credentials' in _helm_registry_auth_logout.stderr" + + - name: Test logout idempotency + helm_registry_auth: + registry: localhost:{{ registry_port }} + state: absent + register: _helm_registry_auth_logout_idempotency + + - name: Assert logout operation did not report change + ansible.builtin.assert: + that: _helm_registry_auth_logout_idempotency is not changed - name: Ensure that not able to push to the registry ansible.builtin.shell: >- From 1e6b8b76c2e0163249c771783f7d4b01626c7140 Mon Sep 17 00:00:00 2001 From: Yuriy Novostavskiy Date: Thu, 12 Dec 2024 11:42:10 +0000 Subject: [PATCH 34/41] fix linters --- plugins/modules/helm_registry_auth.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/plugins/modules/helm_registry_auth.py b/plugins/modules/helm_registry_auth.py index 2964126d2b..dc599e1b36 100644 --- a/plugins/modules/helm_registry_auth.py +++ b/plugins/modules/helm_registry_auth.py @@ -215,7 +215,9 @@ def main(): if module.check_mode: module.exit_json(changed=changed, command=helm_cmd) - rc, out, err = module.run_helm_command(helm_cmd, data=password, fails_on_error=False) + rc, out, err = module.run_helm_command( + helm_cmd, data=password, fails_on_error=False + ) if rc != 0: if state == "absent" and "Error: not logged in" in err: From 92ca5188838ba4fc7fdde673bc08e134f65ba44a Mon Sep 17 00:00:00 2001 From: Yuriy Novostavskiy Date: Thu, 12 Dec 2024 11:48:47 +0000 Subject: [PATCH 35/41] fix intendations in the integration tests --- tests/integration/targets/helm_registry_auth/tasks/main.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/integration/targets/helm_registry_auth/tasks/main.yaml b/tests/integration/targets/helm_registry_auth/tasks/main.yaml index 8b9b81f00f..8f3ab378a0 100644 --- a/tests/integration/targets/helm_registry_auth/tasks/main.yaml +++ b/tests/integration/targets/helm_registry_auth/tasks/main.yaml @@ -107,8 +107,8 @@ # Helm binary prints the message to stderr assert: that: "'Removing login credentials' in _helm_registry_auth_logout.stderr" - - - name: Test logout idempotency + + - name: Test logout idempotency helm_registry_auth: registry: localhost:{{ registry_port }} state: absent From ee66a9b119b249c2508b7775e2ec497ad6743ae1 Mon Sep 17 00:00:00 2001 From: Yuriy Novostavskiy Date: Thu, 12 Dec 2024 14:58:29 +0000 Subject: [PATCH 36/41] create tests/integration/targets/helm_registry_auth/aliases --- tests/integration/targets/helm_registry_auth/aliases | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 tests/integration/targets/helm_registry_auth/aliases diff --git a/tests/integration/targets/helm_registry_auth/aliases b/tests/integration/targets/helm_registry_auth/aliases new file mode 100644 index 0000000000..3a20824104 --- /dev/null +++ b/tests/integration/targets/helm_registry_auth/aliases @@ -0,0 +1,2 @@ +time=16 +helm_registry_auth \ No newline at end of file From 9350a4475a438d567d70cdce9411ef67e0119323 Mon Sep 17 00:00:00 2001 From: Yuriy Novostavskiy Date: Thu, 12 Dec 2024 15:05:27 +0000 Subject: [PATCH 37/41] fix integration test (typo) --- .../targets/helm_registry_auth/tasks/main.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/integration/targets/helm_registry_auth/tasks/main.yaml b/tests/integration/targets/helm_registry_auth/tasks/main.yaml index 8f3ab378a0..cab44bad65 100644 --- a/tests/integration/targets/helm_registry_auth/tasks/main.yaml +++ b/tests/integration/targets/helm_registry_auth/tasks/main.yaml @@ -72,7 +72,7 @@ helm_registry_auth: username: "{{ username }}" password: "{{ password }}" - registry: localhost:{{ registry_port }} + host: localhost:{{ registry_port }} state: present register: _helm_registry_auth_correct @@ -99,7 +99,7 @@ - name: Test logout helm_registry_auth: - registry: localhost:{{ registry_port }} + host: localhost:{{ registry_port }} state: absent register: _helm_registry_auth_logout @@ -110,7 +110,7 @@ - name: Test logout idempotency helm_registry_auth: - registry: localhost:{{ registry_port }} + host: localhost:{{ registry_port }} state: absent register: _helm_registry_auth_logout_idempotency @@ -142,7 +142,7 @@ helm_registry_auth: username: "{{ username }}" password: "{{ wrong_password }}" - registry: localhost:{{ registry_port }} + host: localhost:{{ registry_port }} state: present register: _helm_registry_auth_wrong failed_when: _helm_registry_auth_wrong.rc == 0 From b91c777d99e9f4f2257c612b6f0b3eb887a33b83 Mon Sep 17 00:00:00 2001 From: Yuriy Novostavskiy Date: Thu, 12 Dec 2024 15:15:37 +0000 Subject: [PATCH 38/41] fix integration tests (test wrong cred) --- tests/integration/targets/helm_registry_auth/tasks/main.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/integration/targets/helm_registry_auth/tasks/main.yaml b/tests/integration/targets/helm_registry_auth/tasks/main.yaml index cab44bad65..c94d6cb64f 100644 --- a/tests/integration/targets/helm_registry_auth/tasks/main.yaml +++ b/tests/integration/targets/helm_registry_auth/tasks/main.yaml @@ -145,7 +145,7 @@ host: localhost:{{ registry_port }} state: present register: _helm_registry_auth_wrong - failed_when: _helm_registry_auth_wrong.rc == 0 + ignore_errors: true - name: Read content of ~/.config/helm/registry/config.json ansible.builtin.slurp: From ced6ffdcbd52e979f0df82b8b9c72c5f0fb7e7fd Mon Sep 17 00:00:00 2001 From: Yuriy Novostavskiy Date: Thu, 12 Dec 2024 15:29:04 +0000 Subject: [PATCH 39/41] add stderr when module fail --- plugins/modules/helm_registry_auth.py | 1 + 1 file changed, 1 insertion(+) diff --git a/plugins/modules/helm_registry_auth.py b/plugins/modules/helm_registry_auth.py index dc599e1b36..b9cf4a012f 100644 --- a/plugins/modules/helm_registry_auth.py +++ b/plugins/modules/helm_registry_auth.py @@ -227,6 +227,7 @@ def main(): msg="Failure when executing Helm command. Exited {0}.\nstdout: {1}\nstderr: {2}".format( rc, out, err ), + stderr=err, command=helm_cmd, ) From f13429f68ff718ace0b2e5756bde82ea373d45c2 Mon Sep 17 00:00:00 2001 From: Yuriy Novostavskiy Date: Thu, 12 Dec 2024 15:34:04 +0000 Subject: [PATCH 40/41] another attempt to fix integration test --- tests/integration/targets/helm_registry_auth/tasks/main.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/integration/targets/helm_registry_auth/tasks/main.yaml b/tests/integration/targets/helm_registry_auth/tasks/main.yaml index c94d6cb64f..61969834ac 100644 --- a/tests/integration/targets/helm_registry_auth/tasks/main.yaml +++ b/tests/integration/targets/helm_registry_auth/tasks/main.yaml @@ -156,7 +156,6 @@ ansible.builtin.assert: that: - "'401 Unauthorized' in _helm_registry_auth_wrong.stderr" - - "_helm_registry_auth_wrong.rc != 0" - "'{{ wrong_password }}' not in _helm_registry_auth_correct.command" - "'{{ wrong_password }}' not in _helm_registry_auth_correct.stdout" - "'{{ wrong_password }}' not in _helm_registry_auth_correct.stderr" From 5f48d1b549ae89510d5f5721dffa266119aae8cf Mon Sep 17 00:00:00 2001 From: Yuriy Novostavskiy Date: Tue, 17 Dec 2024 11:38:46 +0000 Subject: [PATCH 41/41] fix assertion in integration test to be not affceted by the #830 --- tests/integration/targets/helm_registry_auth/tasks/main.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/integration/targets/helm_registry_auth/tasks/main.yaml b/tests/integration/targets/helm_registry_auth/tasks/main.yaml index 61969834ac..096f4e31d7 100644 --- a/tests/integration/targets/helm_registry_auth/tasks/main.yaml +++ b/tests/integration/targets/helm_registry_auth/tasks/main.yaml @@ -136,7 +136,7 @@ - "'push access denied' in _save_chart.stderr" - "'authorization failed' in _save_chart.stderr" - "_save_chart.rc != 0" - - "'localhost' not in _config_json.content | b64decode" + - "'localhost:{{ registry_port }}' not in _config_json.content | b64decode" - name: Test module helm_registry_auth with wrong credentials helm_registry_auth: @@ -159,7 +159,7 @@ - "'{{ wrong_password }}' not in _helm_registry_auth_correct.command" - "'{{ wrong_password }}' not in _helm_registry_auth_correct.stdout" - "'{{ wrong_password }}' not in _helm_registry_auth_correct.stderr" - - "'localhost' not in _config_json.content | b64decode" + - "'localhost:{{ registry_port }}' not in _config_json.content | b64decode" # Clean up always: