From 642eb936c012a355afc0eb6425ef92a8faa1d888 Mon Sep 17 00:00:00 2001 From: Yuriy Novostavskiy Date: Tue, 8 Jul 2025 12:50:08 +0300 Subject: [PATCH] Fix the integration test for helm_registry_auth with helm >= 3.18.0 and clarify idempotency. (#946) SUMMARY Fix the integration test for helm_registry_auth with helm >= 3.18.0 and clarify idempotency. Fixes #944 ISSUE TYPE Bugfix Pull Request COMPONENT NAME helm_registry_auth ADDITIONAL INFORMATION Caused by the changes in helm starting from 3.18.0 Reviewed-by: Bianca Henderson Reviewed-by: Alina Buzachis Reviewed-by: Yuriy Novostavskiy Reviewed-by: Bikouo Aubin --- ...x-helm_registry_auth-integration_test.yaml | 2 ++ ...ernetes.core.helm_registry_auth_module.rst | 1 + plugins/modules/helm_registry_auth.py | 11 ++++++++ .../helm_registry_auth/tasks/main.yaml | 26 +++++++++++-------- 4 files changed, 29 insertions(+), 11 deletions(-) create mode 100644 changelogs/fragments/20250605-fix-helm_registry_auth-integration_test.yaml diff --git a/changelogs/fragments/20250605-fix-helm_registry_auth-integration_test.yaml b/changelogs/fragments/20250605-fix-helm_registry_auth-integration_test.yaml new file mode 100644 index 00000000..35be708a --- /dev/null +++ b/changelogs/fragments/20250605-fix-helm_registry_auth-integration_test.yaml @@ -0,0 +1,2 @@ +minor_changes: + - Module helm_registry_auth do not support idempotency with `helm >= 3.18.0` (https://github.com/ansible-collections/kubernetes.core/pull/946) diff --git a/docs/kubernetes.core.helm_registry_auth_module.rst b/docs/kubernetes.core.helm_registry_auth_module.rst index 5860749f..83a9b217 100644 --- a/docs/kubernetes.core.helm_registry_auth_module.rst +++ b/docs/kubernetes.core.helm_registry_auth_module.rst @@ -170,6 +170,7 @@ Parameters
Desired state of the registry.
If set to V(present) attempt to log in to the remote registry server using the URL specified in O(host).
If set to V(absent) attempt to log out from the remote registry server using the URL specified in O(host).
+
As helm >= 3.18.0 reports successful logout even if the user is not logged in, this module will report a change regardless of the current state.
diff --git a/plugins/modules/helm_registry_auth.py b/plugins/modules/helm_registry_auth.py index b9cf4a01..fce2abfe 100644 --- a/plugins/modules/helm_registry_auth.py +++ b/plugins/modules/helm_registry_auth.py @@ -31,6 +31,7 @@ options: - Desired state of the registry. - If set to V(present) attempt to log in to the remote registry server using the URL specified in O(host). - If set to V(absent) attempt to log out from the remote registry server using the URL specified in O(host). + - As helm >= 3.18.0 reports successful logout even if the user is not logged in, this module will report a change regardless of the current state. required: false default: present choices: ['present', 'absent'] @@ -129,6 +130,9 @@ failed: from ansible_collections.kubernetes.core.plugins.module_utils.helm import ( AnsibleHelmModule, ) +from ansible_collections.kubernetes.core.plugins.module_utils.version import ( + LooseVersion, +) def arg_spec(): @@ -231,6 +235,13 @@ def main(): command=helm_cmd, ) + helm_version = module.get_helm_version() + if LooseVersion(helm_version) >= LooseVersion("3.18.0") and state == "absent": + # https://github.com/ansible-collections/kubernetes.core/issues/944 + module.warn( + "The helm_registry_auth is not idempotent with helm >= 3.18.0, always report a change." + ) + module.exit_json(changed=changed, stdout=out, stderr=err, command=helm_cmd) diff --git a/tests/integration/targets/helm_registry_auth/tasks/main.yaml b/tests/integration/targets/helm_registry_auth/tasks/main.yaml index 096f4e31..8e15452c 100644 --- a/tests/integration/targets/helm_registry_auth/tasks/main.yaml +++ b/tests/integration/targets/helm_registry_auth/tasks/main.yaml @@ -108,15 +108,19 @@ assert: that: "'Removing login credentials' in _helm_registry_auth_logout.stderr" - - name: Test logout idempotency - helm_registry_auth: - host: localhost:{{ registry_port }} - state: absent - register: _helm_registry_auth_logout_idempotency + - name: Test idempotency of logout with helm < 3.18.0 + when: _helm_version.stdout is ansible.builtin.version('v3.18.0', '<') + block: - - name: Assert logout operation did not report change - ansible.builtin.assert: - that: _helm_registry_auth_logout_idempotency is not changed + - name: Test logout idempotency + helm_registry_auth: + host: localhost:{{ registry_port }} + state: absent + register: _helm_registry_auth_logout_idempotency + + - name: Assert logout operation did not report change + ansible.builtin.assert: + that: _helm_registry_auth_logout_idempotency is not changed - name: Ensure that not able to push to the registry ansible.builtin.shell: >- @@ -133,8 +137,7 @@ # Helm binary prints the message to stderr ansible.builtin.assert: that: - - "'push access denied' in _save_chart.stderr" - - "'authorization failed' in _save_chart.stderr" + - "'push access denied' in _save_chart.stderr or 'basic credential not found' in _save_chart.stderr" - "_save_chart.rc != 0" - "'localhost:{{ registry_port }}' not in _config_json.content | b64decode" @@ -155,7 +158,8 @@ - name: Assert that the registry is not logged in and auth data is not saved ansible.builtin.assert: that: - - "'401 Unauthorized' in _helm_registry_auth_wrong.stderr" + - "'401' in _helm_registry_auth_wrong.stderr" + - "'unauthorized' in _helm_registry_auth_wrong.stderr | lower" - "'{{ wrong_password }}' not in _helm_registry_auth_correct.command" - "'{{ wrong_password }}' not in _helm_registry_auth_correct.stdout" - "'{{ wrong_password }}' not in _helm_registry_auth_correct.stderr"