From cfa481816424c39b65b9b474fbe3416f0d414bc9 Mon Sep 17 00:00:00 2001 From: abikouo Date: Tue, 28 Mar 2023 16:57:51 +0200 Subject: [PATCH 1/8] add support for helm registry login/logout via new module --- plugins/module_utils/helm.py | 10 +- plugins/modules/helm_registry_auth.py | 190 ++++++++++++++++++ .../targets/helm_registry_auth/aliases | 2 + .../helm_registry_auth/defaults/main.yml | 9 + .../files/python-chart/Chart.yaml | 7 + .../python-chart/templates/deployment.yaml | 21 ++ .../files/python-chart/values.yaml | 5 + .../helm_registry_auth/handlers/main.yml | 3 + .../targets/helm_registry_auth/meta/main.yml | 5 + .../targets/helm_registry_auth/tasks/main.yml | 3 + .../tasks/remove_docker_container.yml | 15 ++ .../tasks/setup_registry.yml | 65 ++++++ .../tasks/teardown_registry.yml | 9 + .../helm_registry_auth/tasks/tests.yml | 114 +++++++++++ .../targets/install_helm/tasks/main.yml | 10 + tests/sanity/ignore-2.10.txt | 1 + tests/sanity/ignore-2.11.txt | 1 + tests/sanity/ignore-2.12.txt | 1 + tests/sanity/ignore-2.13.txt | 1 + tests/sanity/ignore-2.14.txt | 1 + tests/sanity/ignore-2.15.txt | 1 + tests/sanity/ignore-2.9.txt | 1 + tests/sanity/refresh_ignore_files | 1 + 23 files changed, 471 insertions(+), 5 deletions(-) create mode 100644 plugins/modules/helm_registry_auth.py create mode 100644 tests/integration/targets/helm_registry_auth/aliases create mode 100644 tests/integration/targets/helm_registry_auth/defaults/main.yml create mode 100644 tests/integration/targets/helm_registry_auth/files/python-chart/Chart.yaml create mode 100644 tests/integration/targets/helm_registry_auth/files/python-chart/templates/deployment.yaml create mode 100644 tests/integration/targets/helm_registry_auth/files/python-chart/values.yaml create mode 100644 tests/integration/targets/helm_registry_auth/handlers/main.yml create mode 100644 tests/integration/targets/helm_registry_auth/meta/main.yml create mode 100644 tests/integration/targets/helm_registry_auth/tasks/main.yml create mode 100644 tests/integration/targets/helm_registry_auth/tasks/remove_docker_container.yml create mode 100644 tests/integration/targets/helm_registry_auth/tasks/setup_registry.yml create mode 100644 tests/integration/targets/helm_registry_auth/tasks/teardown_registry.yml create mode 100644 tests/integration/targets/helm_registry_auth/tasks/tests.yml diff --git a/plugins/module_utils/helm.py b/plugins/module_utils/helm.py index 8bd06eccde..88bdafdb9a 100644 --- a/plugins/module_utils/helm.py +++ b/plugins/module_utils/helm.py @@ -160,11 +160,11 @@ def env_update(self): self.helm_env = self._prepare_helm_environment() return self.helm_env - def run_helm_command(self, command, fails_on_error=True): - if not HAS_YAML: - self.fail_json(msg=missing_required_lib("PyYAML"), exception=YAML_IMP_ERR) - - rc, out, err = self.run_command(command, environ_update=self.env_update) + def run_helm_command(self, command, fails_on_error=True, add_env_update=None): + env_update = self.env_update + if add_env_update: + env_update.update(add_env_update) + rc, out, err = self.run_command(command, environ_update=env_update) if fails_on_error and rc != 0: self.fail_json( msg="Failure when executing Helm command. Exited {0}.\nstdout: {1}\nstderr: {2}".format( diff --git a/plugins/modules/helm_registry_auth.py b/plugins/modules/helm_registry_auth.py new file mode 100644 index 0000000000..3642d3bb60 --- /dev/null +++ b/plugins/modules/helm_registry_auth.py @@ -0,0 +1,190 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright: (c) 2023, Ansible Project +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + + +DOCUMENTATION = r""" +--- +module: helm_registry_auth + +short_description: login or logout to a registry. + +version_added: "2.5.0" + +author: + - Aubin Bikouo (@abikouo) + +requirements: + - "helm (https://github.com/helm/helm/releases)" + +description: + - Authenticate to a remote registry analogous to C(helm registry login) + or Remove credentials stored for a remote registry analogous to C(helm registry logout). + +options: + state: + description: + - If set to I(present) attempt to log in to the remote registry server using the URL specified in C(host). + - If set to I(absent) attempt to log out by removing credentials stored for the remote registry server specified in C(host). + default: present + choices: + - present + - absent + type: str + host: + description: + - Provide a URL for accessing the remote registry. + type: str + required: True + validate_certs: + description: + - Whether or not to verify the Registry server's SSL certificates. + type: bool + aliases: [ verify_ssl ] + default: True + username: + description: + - Provide a username for authenticating with the remote registry. + - Required when C(state) is set to I(present). + type: str + password: + description: + - Provide a password for authenticating with the remote registry. + - Required when C(state) is set to I(present). + type: str + binary_path: + description: + - The path of a helm binary to use. + type: path +""" + +EXAMPLES = r""" +- hosts: localhost + tasks: + - block: + # It's good practice to store login credentials in a secure vault and not + # directly in playbooks. + - include_vars: helm_registry_passwords.yml + + - name: Login to remote registry + kubernetes.core.helm_registry_auth: + username: admin + password: "{{ helm_admin_password }}" + host: localhost:5000 + + - name: Download Chart from Registry + kubernetes.core.helm_pull: + chart_ref: mychart + repo_url: oci://localhost:5000/helm-charts + + always: + - name: Logout to Remote registry + kubernetes.core.helm_registry_auth: + host: localhost:5000 + state: absent +""" + +RETURN = r""" +stdout: + type: str + description: Full `helm` command stdout, in case you want to display it or examine the event log + returned: always + sample: '' +stderr: + type: str + description: Full `helm` command stderr, in case you want to display it or examine the event log + returned: always + sample: '' +command: + type: str + description: Full `helm` command built by this module, in case you want to re-run the command outside the module or debug a problem. + returned: always + sample: helm registry login... +""" + + +from ansible_collections.kubernetes.core.plugins.module_utils.helm import ( + AnsibleHelmModule, +) +from ansible_collections.kubernetes.core.plugins.module_utils.version import ( + LooseVersion, +) + + +def argument_spec(): + arg_spec = { + "state": { + "type": "str", + "default": "present", + "choices": ["present", "absent"], + }, + "host": {"type": "str", "required": True}, + "validate_certs": {"type": "bool", "default": True, "aliases": ["verify_ssl"]}, + "username": {}, + "password": {"no_log": True}, + "binary_path": {"type": "path"}, + } + + return arg_spec + + +def main(): + + module = AnsibleHelmModule( + argument_spec=argument_spec(), + required_if=[ + ("state", "present", ["username", "password"]), + ], + supports_check_mode=True, + ) + + state = module.params.get("state") + command = [module.get_helm_binary(), "registry"] + if state == "present": + command.extend( + [ + "login", + "--username", + module.params.get("username"), + "--password", + module.params.get("password"), + ] + ) + else: + command.append("logout") + + command.append(module.params.get("host")) + command = " ".join(command) + out, err = "", "" + changed = True + if not module.check_mode: + env_update = {} + if LooseVersion(module.get_helm_version()) < LooseVersion("3.0.0"): + env_update["HELM_EXPERIMENTAL_OCI"] = "1" + rc, out, err = module.run_helm_command( + command, fails_on_error=False, add_env_update=env_update + ) + if rc != 0: + if state == "absent" and "Error: not logged in" in err: + err = err.replace("Error: ", "") + changed = False + else: + module.fail_json( + msg="Failure when executing Helm command. Exited {0}.\nstdout: {1}\nstderr: {2}".format( + rc, out, err + ), + stdout=out, + stderr=err, + command=command, + ) + + module.exit_json(changed=changed, stdout=out, stderr=err, command=command) + + +if __name__ == "__main__": + main() diff --git a/tests/integration/targets/helm_registry_auth/aliases b/tests/integration/targets/helm_registry_auth/aliases new file mode 100644 index 0000000000..a35dcf9957 --- /dev/null +++ b/tests/integration/targets/helm_registry_auth/aliases @@ -0,0 +1,2 @@ +time=16 +helm_registry_auth diff --git a/tests/integration/targets/helm_registry_auth/defaults/main.yml b/tests/integration/targets/helm_registry_auth/defaults/main.yml new file mode 100644 index 0000000000..5c73f41433 --- /dev/null +++ b/tests/integration/targets/helm_registry_auth/defaults/main.yml @@ -0,0 +1,9 @@ +--- +# user: testuser, password: pass123! +registry_credentials: testuser:$2y$05$d8tw6L1hojRFW.FjHOAnIOihJWAvFb0/Pu/30hLbQNJIYzCmlyBCi +registry_name: helm_registry +registry_port: 6035 +test_namespace: + - "helm-registry-auth-1" + - "helm-registry-auth-2" +helm_version: v3.8.0 diff --git a/tests/integration/targets/helm_registry_auth/files/python-chart/Chart.yaml b/tests/integration/targets/helm_registry_auth/files/python-chart/Chart.yaml new file mode 100644 index 0000000000..412fd1d380 --- /dev/null +++ b/tests/integration/targets/helm_registry_auth/files/python-chart/Chart.yaml @@ -0,0 +1,7 @@ +apiVersion: v2 +name: python-app +description: | + A Helm chart used to test OCI registry login for Kubernetes.core Ansible collection +type: application +version: 0.1.0 +appVersion: "default" diff --git a/tests/integration/targets/helm_registry_auth/files/python-chart/templates/deployment.yaml b/tests/integration/targets/helm_registry_auth/files/python-chart/templates/deployment.yaml new file mode 100644 index 0000000000..a9bcbd8c22 --- /dev/null +++ b/tests/integration/targets/helm_registry_auth/files/python-chart/templates/deployment.yaml @@ -0,0 +1,21 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: test-python-deployment + labels: + app: python +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: python + template: + metadata: + labels: + app: python + spec: + containers: + - name: {{ .Values.container.name }} + image: {{ .Values.container.image }} + imagePullPolicy: {{ .Values.container.imagePullPolicy }} + args: ['/bin/sh', '-c', 'while true; do echo $(date); sleep 10; done'] diff --git a/tests/integration/targets/helm_registry_auth/files/python-chart/values.yaml b/tests/integration/targets/helm_registry_auth/files/python-chart/values.yaml new file mode 100644 index 0000000000..a729eb888a --- /dev/null +++ b/tests/integration/targets/helm_registry_auth/files/python-chart/values.yaml @@ -0,0 +1,5 @@ +replicaCount: 1 +container: + name: "python3" + image: "python:3.7-alpine" + imagePullPolicy: "IfNotPresent" diff --git a/tests/integration/targets/helm_registry_auth/handlers/main.yml b/tests/integration/targets/helm_registry_auth/handlers/main.yml new file mode 100644 index 0000000000..07db50e880 --- /dev/null +++ b/tests/integration/targets/helm_registry_auth/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: teardown registry + include_tasks: teardown_registry.yml diff --git a/tests/integration/targets/helm_registry_auth/meta/main.yml b/tests/integration/targets/helm_registry_auth/meta/main.yml new file mode 100644 index 0000000000..00ab1d3b9c --- /dev/null +++ b/tests/integration/targets/helm_registry_auth/meta/main.yml @@ -0,0 +1,5 @@ +--- +dependencies: + - remove_namespace + - role: install_helm + helm_version: v3.8.0 diff --git a/tests/integration/targets/helm_registry_auth/tasks/main.yml b/tests/integration/targets/helm_registry_auth/tasks/main.yml new file mode 100644 index 0000000000..a8f9f3fc0a --- /dev/null +++ b/tests/integration/targets/helm_registry_auth/tasks/main.yml @@ -0,0 +1,3 @@ +--- +- include_tasks: setup_registry.yml +- include_tasks: tests.yml diff --git a/tests/integration/targets/helm_registry_auth/tasks/remove_docker_container.yml b/tests/integration/targets/helm_registry_auth/tasks/remove_docker_container.yml new file mode 100644 index 0000000000..77d33b61ac --- /dev/null +++ b/tests/integration/targets/helm_registry_auth/tasks/remove_docker_container.yml @@ -0,0 +1,15 @@ +--- +- name: Inspect docker container + command: docker container inspect {{ registry_name }} -f '{{ '{{' }} .State.Running {{ '}}' }}' + register: _inspect + ignore_errors: true + +- name: Remove container + when: _inspect.rc == 0 + block: + - name: Stop running container + command: docker container stop {{ registry_name }} + when: _inspect.stdout == "true" + + - name: Remove container + command: docker container rm {{ registry_name }} diff --git a/tests/integration/targets/helm_registry_auth/tasks/setup_registry.yml b/tests/integration/targets/helm_registry_auth/tasks/setup_registry.yml new file mode 100644 index 0000000000..cf5c273ebb --- /dev/null +++ b/tests/integration/targets/helm_registry_auth/tasks/setup_registry.yml @@ -0,0 +1,65 @@ +--- +- name: Ensure docker is present + command: | + command -v docker + ignore_errors: true + register: check_docker + +- name: Setup OCI registry + block: + - name: create docker registry + tempfile: + state: directory + suffix: .auth + register: _tmpfile + notify: + - teardown registry + + - name: create auth file + copy: + content: "{{ registry_credentials }}" + dest: "{{ _tmpfile.path }}/htpasswd" + + - include_tasks: remove_docker_container.yml + + - name: Create registry container + command: >- + docker run -d + -p {{ registry_port }}:5000 + --restart=always + --name "{{ registry_name }}" + -v "{{ _tmpfile.path }}:/auth" + -e "REGISTRY_AUTH=htpasswd" + -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" + -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd + registry:2 + + - name: try login to OCI registry + command: >- + {{ helm_binary_path }} registry login + -u testuser + -p 'pass123!' + localhost:{{ registry_port }} + + - name: Package helm chart + command: >- + {{ helm_binary_path }} package + "{{ role_path }}/files/python-chart" + --destination {{ _tmpfile.path }} + + - name: Helm push chart to the registry + command: >- + {{ helm_binary_path }} push + {{ _tmpfile.path }}/python-app-0.1.0.tgz + oci://localhost:{{ registry_port }}/helm-charts + + - name: Show chart from registry + command: >- + {{ helm_binary_path }} show all oci://localhost:{{ registry_port }}/helm-charts/python-app + + - name: Logout from registry + command: >- + {{ helm_binary_path }} registry logout localhost:{{ registry_port }} + + when: + - check_docker.rc == 0 diff --git a/tests/integration/targets/helm_registry_auth/tasks/teardown_registry.yml b/tests/integration/targets/helm_registry_auth/tasks/teardown_registry.yml new file mode 100644 index 0000000000..1966b63460 --- /dev/null +++ b/tests/integration/targets/helm_registry_auth/tasks/teardown_registry.yml @@ -0,0 +1,9 @@ +--- +- name: Remove Docker container + include_tasks: remove_docker_container.yml + +- name: Delete temporary directory + file: + state: absent + path: '{{ _tmpfile.path }}' + ignore_errors: true diff --git a/tests/integration/targets/helm_registry_auth/tasks/tests.yml b/tests/integration/targets/helm_registry_auth/tasks/tests.yml new file mode 100644 index 0000000000..4c07dea744 --- /dev/null +++ b/tests/integration/targets/helm_registry_auth/tasks/tests.yml @@ -0,0 +1,114 @@ +--- +# testing login +- name: login to remote registry (check_mode) + kubernetes.core.helm_registry_auth: + state: present + host: "localhost:{{ registry_port }}" + validate_certs: false + username: testuser + password: pass123! + binary_path: "{{ helm_binary_path }}" + register: _login_check_mode + check_mode: true + +- assert: + that: + - _login_check_mode is changed + +- name: trying to install chart with login in check_mode + kubernetes.core.helm: + binary_path: "{{ helm_binary_path }}" + name: "test-chart-registry" + chart_ref: "oci://localhost:{{ registry_port }}/helm-charts/python-app" + chart_version: 0.1.0 + namespace: "{{ test_namespace[0] }}" + create_namespace: true + ignore_errors: true + register: install_fail + +- name: Validate module failure + assert: + that: + - install_fail is failed + +- name: login to remote registry + kubernetes.core.helm_registry_auth: + state: present + host: "localhost:{{ registry_port }}" + validate_certs: false + username: testuser + password: pass123! + binary_path: "{{ helm_binary_path }}" + register: _login + +- assert: + that: + - _login is changed + +- name: Install chart should succeed now since login was performed + kubernetes.core.helm: + binary_path: "{{ helm_binary_path }}" + name: "test-chart-registry" + chart_ref: "oci://localhost:{{ registry_port }}/helm-charts/python-app" + chart_version: 0.1.0 + namespace: "{{ test_namespace[0] }}" + create_namespace: true + +# testing logout +- name: logout from remote registry (check_mode) + kubernetes.core.helm_registry_auth: + state: absent + host: "localhost:{{ registry_port }}" + binary_path: "{{ helm_binary_path }}" + register: _logout_check_mode + check_mode: true + +- assert: + that: + - _logout_check_mode is changed + +- name: Install chart should succeed (logout has been performed in check mode) + kubernetes.core.helm: + binary_path: "{{ helm_binary_path }}" + name: "test-chart-registry-2" + chart_ref: "oci://localhost:{{ registry_port }}/helm-charts/python-app" + chart_version: 0.1.0 + namespace: "{{ test_namespace[1] }}" + create_namespace: true + +- name: logout from remote registry + kubernetes.core.helm_registry_auth: + state: absent + host: "localhost:{{ registry_port }}" + binary_path: "{{ helm_binary_path }}" + register: _logout + +- assert: + that: + - _logout is changed + +- name: Install chart should failed + kubernetes.core.helm: + binary_path: "{{ helm_binary_path }}" + name: "test-chart-registry-2" + chart_ref: "oci://localhost:{{ registry_port }}/helm-charts/python-app" + chart_version: 0.1.0 + namespace: "{{ test_namespace[1] }}" + create_namespace: true + register: _install_fail + ignore_errors: true + +- assert: + that: + - _install_fail is failed + +- name: logout once again (idempotency) + kubernetes.core.helm_registry_auth: + state: absent + host: "localhost:{{ registry_port }}" + binary_path: "{{ helm_binary_path }}" + register: _logout + +- assert: + that: + - _logout is not changed diff --git a/tests/integration/targets/install_helm/tasks/main.yml b/tests/integration/targets/install_helm/tasks/main.yml index 49e36a4608..aa83b458e0 100644 --- a/tests/integration/targets/install_helm/tasks/main.yml +++ b/tests/integration/targets/install_helm/tasks/main.yml @@ -1,4 +1,10 @@ --- +- name: Delete existing folder + file: + path: "{{ helm_install_path }}" + state: absent + ignore_errors: true + - name: Init Helm folders file: path: "{{ helm_install_path }}" @@ -13,3 +19,7 @@ delay: 5 register: result until: result is not failed + +- name: set helm binary path + set_fact: + helm_binary_path: "{{ helm_install_path }}/{{ ansible_system | lower }}-amd64/helm" diff --git a/tests/sanity/ignore-2.10.txt b/tests/sanity/ignore-2.10.txt index b617363d19..c9f1ca13fe 100644 --- a/tests/sanity/ignore-2.10.txt +++ b/tests/sanity/ignore-2.10.txt @@ -614,3 +614,4 @@ plugins/modules/k8s_rollback.py validate-modules!skip plugins/modules/k8s_scale.py validate-modules!skip plugins/modules/k8s_service.py validate-modules!skip plugins/modules/k8s_taint.py validate-modules!skip +tests/integration/targets/helm_registry_auth/files/python-chart/templates/deployment.yaml yamllint!skip diff --git a/tests/sanity/ignore-2.11.txt b/tests/sanity/ignore-2.11.txt index ffd29612e4..9d3d42186d 100644 --- a/tests/sanity/ignore-2.11.txt +++ b/tests/sanity/ignore-2.11.txt @@ -591,3 +591,4 @@ tests/integration/targets/helm/library/helm_test_version.py compile-2.6!skip tests/integration/targets/helm/library/helm_test_version.py compile-2.7!skip tests/integration/targets/helm/library/helm_test_version.py compile-3.5!skip tests/integration/targets/k8s_delete/files/deployments.yaml yamllint!skip +tests/integration/targets/helm_registry_auth/files/python-chart/templates/deployment.yaml yamllint!skip diff --git a/tests/sanity/ignore-2.12.txt b/tests/sanity/ignore-2.12.txt index c0d1d58963..a3097712c7 100644 --- a/tests/sanity/ignore-2.12.txt +++ b/tests/sanity/ignore-2.12.txt @@ -31,3 +31,4 @@ plugins/modules/k8s_scale.py validate-modules:return-syntax-error plugins/modules/k8s_service.py validate-modules:return-syntax-error plugins/modules/k8s_taint.py validate-modules:return-syntax-error tests/integration/targets/k8s_delete/files/deployments.yaml yamllint!skip +tests/integration/targets/helm_registry_auth/files/python-chart/templates/deployment.yaml yamllint!skip diff --git a/tests/sanity/ignore-2.13.txt b/tests/sanity/ignore-2.13.txt index c0d1d58963..a3097712c7 100644 --- a/tests/sanity/ignore-2.13.txt +++ b/tests/sanity/ignore-2.13.txt @@ -31,3 +31,4 @@ plugins/modules/k8s_scale.py validate-modules:return-syntax-error plugins/modules/k8s_service.py validate-modules:return-syntax-error plugins/modules/k8s_taint.py validate-modules:return-syntax-error tests/integration/targets/k8s_delete/files/deployments.yaml yamllint!skip +tests/integration/targets/helm_registry_auth/files/python-chart/templates/deployment.yaml yamllint!skip diff --git a/tests/sanity/ignore-2.14.txt b/tests/sanity/ignore-2.14.txt index e71702746f..176a88267b 100644 --- a/tests/sanity/ignore-2.14.txt +++ b/tests/sanity/ignore-2.14.txt @@ -34,3 +34,4 @@ plugins/modules/k8s_scale.py validate-modules:return-syntax-error plugins/modules/k8s_service.py validate-modules:return-syntax-error plugins/modules/k8s_taint.py validate-modules:return-syntax-error tests/integration/targets/k8s_delete/files/deployments.yaml yamllint!skip +tests/integration/targets/helm_registry_auth/files/python-chart/templates/deployment.yaml yamllint!skip diff --git a/tests/sanity/ignore-2.15.txt b/tests/sanity/ignore-2.15.txt index 0ac8409759..7b68ba750b 100644 --- a/tests/sanity/ignore-2.15.txt +++ b/tests/sanity/ignore-2.15.txt @@ -35,3 +35,4 @@ plugins/modules/k8s.py validate-modules:return-syntax-error plugins/modules/k8s_scale.py validate-modules:return-syntax-error plugins/modules/k8s_service.py validate-modules:return-syntax-error plugins/modules/k8s_taint.py validate-modules:return-syntax-error +tests/integration/targets/helm_registry_auth/files/python-chart/templates/deployment.yaml yamllint!skip diff --git a/tests/sanity/ignore-2.9.txt b/tests/sanity/ignore-2.9.txt index 5016d54c47..ed196f8acd 100644 --- a/tests/sanity/ignore-2.9.txt +++ b/tests/sanity/ignore-2.9.txt @@ -607,3 +607,4 @@ plugins/modules/k8s_rollback.py validate-modules!skip plugins/modules/k8s_scale.py validate-modules!skip plugins/modules/k8s_service.py validate-modules!skip plugins/modules/k8s_taint.py validate-modules!skip +tests/integration/targets/helm_registry_auth/files/python-chart/templates/deployment.yaml yamllint!skip diff --git a/tests/sanity/refresh_ignore_files b/tests/sanity/refresh_ignore_files index 2f94f12ee8..2a9414ed4b 100644 --- a/tests/sanity/refresh_ignore_files +++ b/tests/sanity/refresh_ignore_files @@ -47,6 +47,7 @@ YAML_LINT_SKIPS = [ "tests/integration/targets/helm_diff/files/test-chart/templates/configmap.yaml", "tests/integration/targets/k8s_scale/files/deployment.yaml", "tests/integration/targets/k8s_delete/files/deployments.yaml", + "tests/integration/targets/helm_registry_auth/files/python-chart/templates/deployment.yaml", ] # Add shebang!skip From ed90f37195b1ae0837ef216151f26b1348c39269 Mon Sep 17 00:00:00 2001 From: abikouo Date: Wed, 29 Mar 2023 10:22:45 +0000 Subject: [PATCH 2/8] automated changes for changelog and/or black formatting --- plugins/modules/helm_registry_auth.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/plugins/modules/helm_registry_auth.py b/plugins/modules/helm_registry_auth.py index 3642d3bb60..150914f381 100644 --- a/plugins/modules/helm_registry_auth.py +++ b/plugins/modules/helm_registry_auth.py @@ -148,11 +148,11 @@ def main(): if state == "present": command.extend( [ - "login", - "--username", - module.params.get("username"), - "--password", - module.params.get("password"), + "login", + "--username", + module.params.get("username"), + "--password", + module.params.get("password"), ] ) else: From 3091c418f699b68ead7591b3a274a584721671f2 Mon Sep 17 00:00:00 2001 From: abikouo Date: Fri, 10 Nov 2023 17:32:46 +0100 Subject: [PATCH 3/8] Remove useless sanity ignore --- tests/sanity/ignore-2.10.txt | 1 - tests/sanity/ignore-2.11.txt | 1 - tests/sanity/ignore-2.12.txt | 1 - tests/sanity/ignore-2.13.txt | 1 - tests/sanity/ignore-2.9.txt | 1 - 5 files changed, 5 deletions(-) diff --git a/tests/sanity/ignore-2.10.txt b/tests/sanity/ignore-2.10.txt index c9f1ca13fe..b617363d19 100644 --- a/tests/sanity/ignore-2.10.txt +++ b/tests/sanity/ignore-2.10.txt @@ -614,4 +614,3 @@ plugins/modules/k8s_rollback.py validate-modules!skip plugins/modules/k8s_scale.py validate-modules!skip plugins/modules/k8s_service.py validate-modules!skip plugins/modules/k8s_taint.py validate-modules!skip -tests/integration/targets/helm_registry_auth/files/python-chart/templates/deployment.yaml yamllint!skip diff --git a/tests/sanity/ignore-2.11.txt b/tests/sanity/ignore-2.11.txt index 9d3d42186d..ffd29612e4 100644 --- a/tests/sanity/ignore-2.11.txt +++ b/tests/sanity/ignore-2.11.txt @@ -591,4 +591,3 @@ tests/integration/targets/helm/library/helm_test_version.py compile-2.6!skip tests/integration/targets/helm/library/helm_test_version.py compile-2.7!skip tests/integration/targets/helm/library/helm_test_version.py compile-3.5!skip tests/integration/targets/k8s_delete/files/deployments.yaml yamllint!skip -tests/integration/targets/helm_registry_auth/files/python-chart/templates/deployment.yaml yamllint!skip diff --git a/tests/sanity/ignore-2.12.txt b/tests/sanity/ignore-2.12.txt index a3097712c7..c0d1d58963 100644 --- a/tests/sanity/ignore-2.12.txt +++ b/tests/sanity/ignore-2.12.txt @@ -31,4 +31,3 @@ plugins/modules/k8s_scale.py validate-modules:return-syntax-error plugins/modules/k8s_service.py validate-modules:return-syntax-error plugins/modules/k8s_taint.py validate-modules:return-syntax-error tests/integration/targets/k8s_delete/files/deployments.yaml yamllint!skip -tests/integration/targets/helm_registry_auth/files/python-chart/templates/deployment.yaml yamllint!skip diff --git a/tests/sanity/ignore-2.13.txt b/tests/sanity/ignore-2.13.txt index a3097712c7..c0d1d58963 100644 --- a/tests/sanity/ignore-2.13.txt +++ b/tests/sanity/ignore-2.13.txt @@ -31,4 +31,3 @@ plugins/modules/k8s_scale.py validate-modules:return-syntax-error plugins/modules/k8s_service.py validate-modules:return-syntax-error plugins/modules/k8s_taint.py validate-modules:return-syntax-error tests/integration/targets/k8s_delete/files/deployments.yaml yamllint!skip -tests/integration/targets/helm_registry_auth/files/python-chart/templates/deployment.yaml yamllint!skip diff --git a/tests/sanity/ignore-2.9.txt b/tests/sanity/ignore-2.9.txt index ed196f8acd..5016d54c47 100644 --- a/tests/sanity/ignore-2.9.txt +++ b/tests/sanity/ignore-2.9.txt @@ -607,4 +607,3 @@ plugins/modules/k8s_rollback.py validate-modules!skip plugins/modules/k8s_scale.py validate-modules!skip plugins/modules/k8s_service.py validate-modules!skip plugins/modules/k8s_taint.py validate-modules!skip -tests/integration/targets/helm_registry_auth/files/python-chart/templates/deployment.yaml yamllint!skip From bd3c8c1ee86ab211dc0d178fe8a9e0ce636b6f72 Mon Sep 17 00:00:00 2001 From: abikouo Date: Fri, 10 Nov 2023 17:34:24 +0100 Subject: [PATCH 4/8] black format --- plugins/modules/helm_registry_auth.py | 1 - 1 file changed, 1 deletion(-) diff --git a/plugins/modules/helm_registry_auth.py b/plugins/modules/helm_registry_auth.py index 150914f381..dbc6a4d052 100644 --- a/plugins/modules/helm_registry_auth.py +++ b/plugins/modules/helm_registry_auth.py @@ -134,7 +134,6 @@ def argument_spec(): def main(): - module = AnsibleHelmModule( argument_spec=argument_spec(), required_if=[ From ffff53445f8f184ae45349612a2b77c88e800a46 Mon Sep 17 00:00:00 2001 From: abikouo Date: Fri, 10 Nov 2023 17:39:09 +0100 Subject: [PATCH 5/8] some ansible-lint fixes --- plugins/modules/helm_registry_auth.py | 35 +++++++++------------------ 1 file changed, 12 insertions(+), 23 deletions(-) diff --git a/plugins/modules/helm_registry_auth.py b/plugins/modules/helm_registry_auth.py index dbc6a4d052..9237d5dade 100644 --- a/plugins/modules/helm_registry_auth.py +++ b/plugins/modules/helm_registry_auth.py @@ -64,29 +64,18 @@ """ EXAMPLES = r""" -- hosts: localhost - tasks: - - block: - # It's good practice to store login credentials in a secure vault and not - # directly in playbooks. - - include_vars: helm_registry_passwords.yml - - - name: Login to remote registry - kubernetes.core.helm_registry_auth: - username: admin - password: "{{ helm_admin_password }}" - host: localhost:5000 - - - name: Download Chart from Registry - kubernetes.core.helm_pull: - chart_ref: mychart - repo_url: oci://localhost:5000/helm-charts - - always: - - name: Logout to Remote registry - kubernetes.core.helm_registry_auth: - host: localhost:5000 - state: absent +# Login to helm registry +- name: Login to remote registry + kubernetes.core.helm_registry_auth: + username: admin + password: "sample_password" + host: localhost:5000 + +# Logout from helm registry +- name: Logout to Remote registry + kubernetes.core.helm_registry_auth: + host: localhost:5000 + state: absent """ RETURN = r""" From b8dd52c52d7d0060c16d80e97106672118521d73 Mon Sep 17 00:00:00 2001 From: abikouo Date: Fri, 10 Nov 2023 17:50:06 +0100 Subject: [PATCH 6/8] fix sanity --- tests/sanity/ignore-2.16.txt | 1 + tests/sanity/ignore-2.17.txt | 41 ++++++++++++++++++++++++++++++++++++ 2 files changed, 42 insertions(+) create mode 100644 tests/sanity/ignore-2.17.txt diff --git a/tests/sanity/ignore-2.16.txt b/tests/sanity/ignore-2.16.txt index 6a2d4d0e77..b4091de2de 100644 --- a/tests/sanity/ignore-2.16.txt +++ b/tests/sanity/ignore-2.16.txt @@ -38,3 +38,4 @@ plugins/modules/k8s.py validate-modules:return-syntax-error plugins/modules/k8s_scale.py validate-modules:return-syntax-error plugins/modules/k8s_service.py validate-modules:return-syntax-error plugins/modules/k8s_taint.py validate-modules:return-syntax-error +tests/integration/targets/helm_registry_auth/files/python-chart/templates/deployment.yaml yamllint!skip diff --git a/tests/sanity/ignore-2.17.txt b/tests/sanity/ignore-2.17.txt new file mode 100644 index 0000000000..b4091de2de --- /dev/null +++ b/tests/sanity/ignore-2.17.txt @@ -0,0 +1,41 @@ +plugins/module_utils/client/discovery.py import-3.6!skip +plugins/module_utils/client/discovery.py import-3.7!skip +plugins/module_utils/client/discovery.py import-3.8!skip +plugins/module_utils/client/discovery.py import-3.9!skip +plugins/module_utils/client/discovery.py import-3.10!skip +plugins/module_utils/client/discovery.py import-3.11!skip +plugins/module_utils/client/discovery.py import-3.12!skip +plugins/module_utils/client/resource.py import-3.6!skip +plugins/module_utils/client/resource.py import-3.7!skip +plugins/module_utils/client/resource.py import-3.8!skip +plugins/module_utils/client/resource.py import-3.9!skip +plugins/module_utils/client/resource.py import-3.10!skip +plugins/module_utils/client/resource.py import-3.11!skip +plugins/module_utils/client/resource.py import-3.12!skip +plugins/module_utils/k8sdynamicclient.py import-3.6!skip +plugins/module_utils/k8sdynamicclient.py import-3.7!skip +plugins/module_utils/k8sdynamicclient.py import-3.8!skip +plugins/module_utils/k8sdynamicclient.py import-3.9!skip +plugins/module_utils/k8sdynamicclient.py import-3.10!skip +plugins/module_utils/k8sdynamicclient.py import-3.11!skip +plugins/module_utils/k8sdynamicclient.py import-3.12!skip +plugins/module_utils/version.py pylint!skip +plugins/modules/k8s.py validate-modules:parameter-type-not-in-doc +plugins/modules/k8s_scale.py validate-modules:parameter-type-not-in-doc +plugins/modules/k8s_service.py validate-modules:parameter-type-not-in-doc +tests/unit/module_utils/fixtures/definitions.yml yamllint!skip +tests/unit/module_utils/fixtures/deployments.yml yamllint!skip +tests/integration/targets/k8s_delete/files/deployments.yaml yamllint!skip +tests/unit/module_utils/fixtures/pods.yml yamllint!skip +tests/integration/targets/helm/files/appversionless-chart-v2/templates/configmap.yaml yamllint!skip +tests/integration/targets/helm/files/appversionless-chart/templates/configmap.yaml yamllint!skip +tests/integration/targets/helm/files/test-chart-v2/templates/configmap.yaml yamllint!skip +tests/integration/targets/helm/files/test-chart/templates/configmap.yaml yamllint!skip +tests/integration/targets/helm_diff/files/test-chart/templates/configmap.yaml yamllint!skip +tests/integration/targets/k8s_scale/files/deployment.yaml yamllint!skip +tests/sanity/refresh_ignore_files shebang!skip +plugins/modules/k8s.py validate-modules:return-syntax-error +plugins/modules/k8s_scale.py validate-modules:return-syntax-error +plugins/modules/k8s_service.py validate-modules:return-syntax-error +plugins/modules/k8s_taint.py validate-modules:return-syntax-error +tests/integration/targets/helm_registry_auth/files/python-chart/templates/deployment.yaml yamllint!skip From f7ae78881c7a3ae9e8cbff3b274741d9796f2563 Mon Sep 17 00:00:00 2001 From: abikouo Date: Mon, 13 Nov 2023 17:25:05 +0100 Subject: [PATCH 7/8] Ensure we can talk to docker --- .../helm_registry_auth/tasks/setup_registry.yml | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/tests/integration/targets/helm_registry_auth/tasks/setup_registry.yml b/tests/integration/targets/helm_registry_auth/tasks/setup_registry.yml index cf5c273ebb..a6a703eb63 100644 --- a/tests/integration/targets/helm_registry_auth/tasks/setup_registry.yml +++ b/tests/integration/targets/helm_registry_auth/tasks/setup_registry.yml @@ -1,9 +1,7 @@ --- -- name: Ensure docker is present - command: | - command -v docker - ignore_errors: true - register: check_docker +- name: Ensure we can talk to docker daemon + ansible.builtin.shell: + cmd: docker ps - name: Setup OCI registry block: @@ -60,6 +58,3 @@ - name: Logout from registry command: >- {{ helm_binary_path }} registry logout localhost:{{ registry_port }} - - when: - - check_docker.rc == 0 From 5f28b2c4383b9ffda32d9811c74071cb9e6f5a8b Mon Sep 17 00:00:00 2001 From: abikouo Date: Mon, 13 Nov 2023 17:29:59 +0100 Subject: [PATCH 8/8] fix linters --- .../targets/helm_registry_auth/tasks/setup_registry.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/integration/targets/helm_registry_auth/tasks/setup_registry.yml b/tests/integration/targets/helm_registry_auth/tasks/setup_registry.yml index a6a703eb63..70b1ba2ffd 100644 --- a/tests/integration/targets/helm_registry_auth/tasks/setup_registry.yml +++ b/tests/integration/targets/helm_registry_auth/tasks/setup_registry.yml @@ -1,6 +1,6 @@ --- - name: Ensure we can talk to docker daemon - ansible.builtin.shell: + ansible.builtin.shell: cmd: docker ps - name: Setup OCI registry