avoid unsafe condition in integration

changelogs/fragments/20231206-fix-unsafe-condition-in-integration.yml

@@ -0,0 +1,3 @@
+---
+bugfixes:
+  - avoid unsafe conditions in integration tests (https://github.com/ansible-collections/kubernetes.core/pull/665).

tests/integration/targets/helm/tasks/tests_chart.yml

@@ -73,7 +73,7 @@
       assert:
         that:
           - install is changed
-          - install.status.chart == "{{ chart_test }}-{{ chart_test_version }}"
+          - install.status.chart == chart_test+"-"+chart_test_version
           - install.status.status | lower == 'deployed'
 
     - name: Check helm_info content
@@ -95,7 +95,7 @@
     - name: "Assert that {{ chart_test }} is installed from {{ source }} with helm_info"
       assert:
         that:
-          - content_info.status.chart == "{{ chart_test }}-{{ chart_test_version }}"
+          - content_info.status.chart == chart_test+"-"+chart_test_version
           - content_info.status.status | lower == 'deployed'
           - release_state_content_info.status.status | lower == 'deployed'
 
@@ -112,7 +112,7 @@
       assert:
         that:
           - install is not changed
-          - install.status.chart == "{{ chart_test }}-{{ chart_test_version }}"
+          - install.status.chart == chart_test+"-"+chart_test_version
           - install.status.status | lower == 'deployed'
 
     - name: "Add vars to {{ chart_test }} from {{ source }}"
@@ -130,7 +130,7 @@
         that:
           - install is changed
           - install.status.status | lower == 'deployed'
-          - install.status.chart == "{{ chart_test }}-{{ chart_test_version }}"
+          - install.status.chart == chart_test+"-"+chart_test_version
           - "install.status['values'].revisionHistoryLimit == 0"
 
     - name: Check idempotency after adding vars
@@ -148,7 +148,7 @@
         that:
           - install is not changed
           - install.status.status | lower == 'deployed'
-          - install.status.chart == "{{ chart_test }}-{{ chart_test_version }}"
+          - install.status.chart == chart_test+"-"+chart_test_version
           - "install.status['values'].revisionHistoryLimit == 0"
 
     - name: "Remove Vars to {{ chart_test }} from {{ source }}"
@@ -165,7 +165,7 @@
         that:
           - install is changed
           - install.status.status | lower == 'deployed'
-          - install.status.chart == "{{ chart_test }}-{{ chart_test_version }}"
+          - install.status.chart == chart_test+"-"+chart_test_version
           - install.status['values'] == {}
 
     - name: Check idempotency after removing vars
@@ -182,7 +182,7 @@
         that:
           - install is not changed
           - install.status.status | lower == 'deployed'
-          - install.status.chart == "{{ chart_test }}-{{ chart_test_version }}"
+          - install.status.chart == chart_test+"-"+chart_test_version
           - install.status['values'] == {}
 
     - name: "Upgrade {{ chart_test }} from {{ source }}"
@@ -199,7 +199,7 @@
         that:
           - install is changed
           - install.status.status | lower == 'deployed'
-          - install.status.chart == "{{ chart_test }}-{{ chart_test_version_upgrade }}"
+          - install.status.chart == chart_test+"-"+chart_test_version_upgrade
 
     - name: Check idempotency after upgrade
       helm:
@@ -215,7 +215,7 @@
         that:
           - install is not changed
           - install.status.status | lower == 'deployed'
-          - install.status.chart == "{{ chart_test }}-{{ chart_test_version_upgrade }}"
+          - install.status.chart == chart_test+"-"+chart_test_version_upgrade
 
     - name: "Remove {{ chart_test }} from {{ source }}"
       helm:
@@ -316,7 +316,7 @@
         that:
           - install is changed
           - install.status.status | lower == 'deployed'
-          - install.status.chart == "{{ chart_test }}-{{ chart_test_version }}"
+          - install.status.chart == chart_test+"-"+chart_test_version
           - "install.status['values'].revisionHistoryLimit == 0"
 
     - name: "Install {{ chart_test }} from {{ source }} with values_files (again)"
@@ -357,7 +357,7 @@
           - result is changed
           - result is not failed
           - result.rc == 0
-          - result.command is match("{{ helm_binary }} template {{ chart_source }}")
+          - result.command is match(helm_binary+" template "+chart_source)
 
     - name: Check templates created
       stat:
@@ -388,7 +388,7 @@
           - result is changed
           - result is not failed
           - result.rc == 0
-          - result.command is match("{{ helm_binary }} template MyRelease {{ chart_source }}")
+          - result.command is match(helm_binary+" template MyRelease "+chart_source)
           - result.stdout is search("ThisValue")
       when: chart_source is search("test-chart")
       # limit assertion of test result to controlled (local) chart_source

tests/integration/targets/k8s_drain/tasks/main.yml

@@ -182,7 +182,7 @@
   - name: assert that pods are running on cordoned node
     assert:
       that:
-      - "{{ Pod.resources | selectattr('status.phase', 'equalto', 'Running') | selectattr('spec.nodeName', 'equalto', node_to_drain) | list | length > 0 }}"
+      - Pod.resources | selectattr('status.phase', 'equalto', 'Running') | selectattr('spec.nodeName', 'equalto', node_to_drain) | list | length > 0
 
   - name: Uncordon node
     k8s_drain:
@@ -236,7 +236,7 @@
     assert:
       that:
       - drain_result is changed
-      - '"node {{ node_to_drain }} marked unschedulable." in drain_result.result'
+      - '"node "+node_to_drain+" marked unschedulable." in drain_result.result'
 
   - name: assert that unmanaged pod were deleted
     k8s_info:
@@ -338,7 +338,7 @@
     assert:
       that:
       - disable_evict is changed
-      - '"node {{ node_to_drain }} marked unschedulable." in disable_evict.result'
+      - '"node "+node_to_drain+" marked unschedulable." in disable_evict.result'
 
   - name: assert that unmanaged pod were deleted
     k8s_info:
@@ -401,7 +401,7 @@
     assert:
       that:
       - drain_pod_selector is changed
-      - '"node {{ node_to_drain }} marked unschedulable." in drain_pod_selector.result'
+      - '"node "+node_to_drain+" marked unschedulable." in drain_pod_selector.result'
 
   - name: assert that pod created before is still running
     k8s_info:
@@ -429,8 +429,8 @@
     assert:
       that:
       - drain_pod_selector_equal is changed
-      - '"node {{ node_to_drain }} already marked unschedulable." in drain_pod_selector_equal.result'
-      - '"Deleting Pods not managed by ReplicationController, ReplicaSet, Job, DaemonSet or StatefulSet: {{ test_namespace }}/ansible-drain-pod." in drain_pod_selector_equal.warnings'
+      - '"node "+node_to_drain+" already marked unschedulable." in drain_pod_selector_equal.result'
+      - '"Deleting Pods not managed by ReplicationController, ReplicaSet, Job, DaemonSet or StatefulSet: "+test_namespace+"/ansible-drain-pod." in drain_pod_selector_equal.warnings'
 
   - name: Uncordon node
     k8s_drain:

tests/integration/targets/k8s_full/tasks/main.yml

@@ -424,7 +424,7 @@
 
     - assert:
         that:
-          - result.resources[0].data.testkey == "{{ cmap_data.stdout | b64encode }}"
+          - result.resources[0].data.testkey == (cmap_data.stdout | b64encode)
 
     # test setting module defaults for kubernetes.core.k8s_info
     - block:

tests/integration/targets/k8s_generate_name/tasks/main.yml

@@ -69,7 +69,7 @@
   - name: assert pod has been created
     assert:
       that:
-      - "{{ pods.resources | length == 1 }}"
+      - pods.resources | length == 1
 
   - name: create pod using generate_name parameter should succeed
     k8s:
@@ -86,7 +86,7 @@
   - name: assert pod has been created
     assert:
       that:
-      - "{{ pods.resources | length == 2 }}"
+      - pods.resources | length == 2
 
   - name: create pod using metadata.generateName parameter should succeed
     k8s:
@@ -102,7 +102,7 @@
   - name: assert pod has been created
     assert:
       that:
-      - "{{ pods.resources | length == 3 }}"
+      - pods.resources | length == 3
 
   - name: create object using metadata.generateName should support wait option
     k8s:

tests/integration/targets/k8s_info/tasks/wait.yml

@@ -192,7 +192,7 @@
     - name: Check that module waited
       assert:
         that:
-          - "{{ lookup('pipe', 'date +%s') }} - {{ start }} > 30"
+          - ( lookup('pipe', 'date +%s') - start ) > 30
 
     - name: Create simple pod
       k8s:

tests/integration/targets/k8s_log/tasks/main.yml

@@ -11,7 +11,7 @@
       assert:
         that:
           - fake_pod is failed
-          - 'fake_pod.msg == "Pod {{ test_namespace }}/this_pod_does_exist not found."'
+          - fake_pod.msg == "Pod "+test_namespace+"/this_pod_does_exist not found."
 
     - name: create hello-world deployment
       k8s:

tests/integration/targets/k8s_taint/tasks/main.yml

@@ -65,7 +65,7 @@
     assert:
       that:
       - _result.result.status.phase == 'Running'
-      - _result.result.spec.nodeName == "{{ node_to_taint }}"
+      - _result.result.spec.nodeName == node_to_taint
 
   - name: Taint node (check_mode)
     kubernetes.core.k8s_taint:
@@ -89,8 +89,8 @@
     assert:
       that:
       - _result.changed
-      - "{{ item['effect'] == taint_patch_1[0]['effect'] }}"
-      - "{{ item['key'] == taint_patch_1[0]['key'] }}"
+      - item['effect'] == taint_patch_1[0]['effect']
+      - item['key'] == taint_patch_1[0]['key']
     loop: "{{ _result.result.spec.taints }}"
 
   - name: Taint node (idempotency) - (check_mode)

tests/integration/targets/k8s_template/tasks/main.yml

@@ -213,8 +213,8 @@
     - name: check that resources creation failed
       assert:
         that:
-          - '{{ resource.results[0].resources | length == 0 }}'
-          - '{{ resource.results[1].resources | length == 0 }}'
+          - resource.results.0.resources | length == 0
+          - resource.results.1.resources | length == 0
 
     - name: create pod without namespace (continue_on_error = true)
       kubernetes.core.k8s:

tests/integration/targets/lookup_k8s/tasks/main.yml

@@ -130,9 +130,9 @@
       assert:
         that:
           - result_configmap.apiVersion == 'v1'
-          - result_configmap.metadata.name == "{{ configmap_name }}"
-          - result_configmap.metadata.namespace == "{{ test_namespace[2] }}"
-          - result_configmap.data.value == "{{ configmap_data }}"
+          - result_configmap.metadata.name == configmap_name
+          - result_configmap.metadata.namespace == test_namespace[2]
+          - result_configmap.data.value == configmap_data
 
     # test lookup plugin using src parameter
     - block:
@@ -159,9 +159,9 @@
           assert:
             that:
               - src_configmap.apiVersion == 'v1'
-              - src_configmap.metadata.name == "{{ configmap_name }}"
-              - src_configmap.metadata.namespace == "{{ test_namespace[2] }}"
-              - src_configmap.data.value == "{{ configmap_data }}"
+              - src_configmap.metadata.name == configmap_name
+              - src_configmap.metadata.namespace == test_namespace[2]
+              - src_configmap.data.value == configmap_data
 
       always:
         - name: Delete temporary file created
@@ -198,9 +198,9 @@
           assert:
             that:
               - configmap_no_ssl.apiVersion == 'v1'
-              - configmap_no_ssl.metadata.name == "{{ configmap_name }}"
-              - configmap_no_ssl.metadata.namespace == "{{ test_namespace[2] }}"
-              - configmap_no_ssl.data.value == "{{ configmap_data }}"
+              - configmap_no_ssl.metadata.name == configmap_name
+              - configmap_no_ssl.metadata.namespace == test_namespace[2]
+              - configmap_no_ssl.data.value == configmap_data
 
         - name: Retrieve configmap using authentication aliases (validate_certs=true)
           set_fact:
@@ -210,9 +210,9 @@
           assert:
             that:
               - configmap_with_ssl.apiVersion == 'v1'
-              - configmap_with_ssl.metadata.name == "{{ configmap_name }}"
-              - configmap_with_ssl.metadata.namespace == "{{ test_namespace[2] }}"
-              - configmap_with_ssl.data.value == "{{ configmap_data }}"
+              - configmap_with_ssl.metadata.name == configmap_name
+              - configmap_with_ssl.metadata.namespace == test_namespace[2]
+              - configmap_with_ssl.data.value == configmap_data
 
       always:
         - name: Delete temporary directory

tests/sanity/ignore-2.17.txt

@@ -0,0 +1,37 @@
+plugins/module_utils/client/discovery.py import-3.7!skip
+plugins/module_utils/client/discovery.py import-3.8!skip
+plugins/module_utils/client/discovery.py import-3.9!skip
+plugins/module_utils/client/discovery.py import-3.10!skip
+plugins/module_utils/client/discovery.py import-3.11!skip
+plugins/module_utils/client/discovery.py import-3.12!skip
+plugins/module_utils/client/resource.py import-3.7!skip
+plugins/module_utils/client/resource.py import-3.8!skip
+plugins/module_utils/client/resource.py import-3.9!skip
+plugins/module_utils/client/resource.py import-3.10!skip
+plugins/module_utils/client/resource.py import-3.11!skip
+plugins/module_utils/client/resource.py import-3.12!skip
+plugins/module_utils/k8sdynamicclient.py import-3.7!skip
+plugins/module_utils/k8sdynamicclient.py import-3.8!skip
+plugins/module_utils/k8sdynamicclient.py import-3.9!skip
+plugins/module_utils/k8sdynamicclient.py import-3.10!skip
+plugins/module_utils/k8sdynamicclient.py import-3.11!skip
+plugins/module_utils/k8sdynamicclient.py import-3.12!skip
+plugins/module_utils/version.py pylint!skip
+plugins/modules/k8s.py validate-modules:parameter-type-not-in-doc
+plugins/modules/k8s_scale.py validate-modules:parameter-type-not-in-doc
+plugins/modules/k8s_service.py validate-modules:parameter-type-not-in-doc
+tests/unit/module_utils/fixtures/definitions.yml yamllint!skip
+tests/unit/module_utils/fixtures/deployments.yml yamllint!skip
+tests/integration/targets/k8s_delete/files/deployments.yaml yamllint!skip
+tests/unit/module_utils/fixtures/pods.yml yamllint!skip
+tests/integration/targets/helm/files/appversionless-chart-v2/templates/configmap.yaml yamllint!skip
+tests/integration/targets/helm/files/appversionless-chart/templates/configmap.yaml yamllint!skip
+tests/integration/targets/helm/files/test-chart-v2/templates/configmap.yaml yamllint!skip
+tests/integration/targets/helm/files/test-chart/templates/configmap.yaml yamllint!skip
+tests/integration/targets/helm_diff/files/test-chart/templates/configmap.yaml yamllint!skip
+tests/integration/targets/k8s_scale/files/deployment.yaml yamllint!skip
+tests/sanity/refresh_ignore_files shebang!skip
+plugins/modules/k8s.py validate-modules:return-syntax-error
+plugins/modules/k8s_scale.py validate-modules:return-syntax-error
+plugins/modules/k8s_service.py validate-modules:return-syntax-error
+plugins/modules/k8s_taint.py validate-modules:return-syntax-error