Add plain_http parameter to helm, helm_pull and helm_template (#934)

SUMMARY This change introduces the plain_http parameter to modules that can interact with OCI registries. This in needed in cases where the OCI registry does not use SSL encryption, forcing Helm to send HTTP requests instead of HTTPS ISSUE TYPE Feature Pull Request COMPONENT NAME helm, helm_pull and helm_template ADDITIONAL INFORMATION This is the output when trying to use an OCI registry that is not configured to use SSL certs. fatal: [localhost]: FAILED! => {"changed": false, "command": "/usr/local/bin/helm show chart 'oci://<http-registry>/charts/foo'", "msg": "Failure when executing Helm command. Exited 1.\nstdout: \nstderr: Error: Get \"https://<http-registry>/v2/charts/foo/tags/list\": http: server gave HTTP response to HTTPS client\n", "stderr": "Error: Get \"https://<http-registry>/v2/charts/foo/tags/list\": http: server gave HTTP response to HTTPS client\n", "stderr_lines": ["Error: Get \"https://<http-registry>/v2/charts/foo/tags/list\": http: server gave HTTP response to HTTPS client"], "stdout": "", "stdout_lines": []} Reviewed-by: Bikouo Aubin Reviewed-by: Matteo Danelon
2026-05-07 13:32:37 +00:00 · 2025-06-12 12:39:40 +02:00
parent 77627bb8d9
commit 775959c3f9
12 changed files with 282 additions and 2 deletions
--- a/tests/integration/targets/helm_plain_http/aliases
+++ b/tests/integration/targets/helm_plain_http/aliases
@@ -0,0 +1,3 @@
+helm_template
+helm_pull
+helm
--- a/tests/integration/targets/helm_plain_http/inventory.ini
+++ b/tests/integration/targets/helm_plain_http/inventory.ini
@@ -0,0 +1,3 @@
+[all]
+helm-3.12.3 helm_version=v3.12.3 test_namespace=helm-plain-http-v3-12-3 tests_should_failed=true
+helm-3.18.2 helm_version=v3.18.2 test_namespace=helm-plain-http-v3-18-2 tests_should_failed=false
--- a/tests/integration/targets/helm_plain_http/playbooks/play.yaml
+++ b/tests/integration/targets/helm_plain_http/playbooks/play.yaml
@@ -0,0 +1,14 @@
+- name: Run test for helm plain http option
+  hosts: all
+  gather_facts: true
+
+  vars:
+    ansible_connection: local
+    ansible_python_interpreter: "{{ ansible_playbook_python  }}"
+    chart_test_oci: "oci://registry-1.docker.io/bitnamicharts/redis"
+
+  roles:
+    - setup_namespace
+
+  tasks:
+    - ansible.builtin.include_tasks: tasks/test.yaml
--- a/tests/integration/targets/helm_plain_http/playbooks/tasks/test.yaml
+++ b/tests/integration/targets/helm_plain_http/playbooks/tasks/test.yaml
@@ -0,0 +1,99 @@
+---
+- name: Run test for helm
+  block:
+    - name: Create temporary directory to install chart In
+      ansible.builtin.tempfile:
+        state: directory
+        suffix: .helm
+      register: install_path
+
+    - name: Install required helm version
+      ansible.builtin.include_role:
+        name: install_helm
+      vars:
+        helm_install_path: "{{ install_path.path }}"
+
+    - name: Set helm binary path
+      ansible.builtin.set_fact:
+        helm_binary: "{{ install_path.path }}/{{ ansible_system | lower }}-amd64/helm"
+
+    # helm
+    - name: Run helm with plain_http
+      kubernetes.core.helm:
+        binary_path: "{{ helm_binary }}"
+        chart_ref: "{{ chart_test_oci }}"
+        release_name: test-secure
+        release_namespace: "{{ test_namespace }}"
+        create_namespace: true
+        plain_http: true
+      register: install_chart
+      ignore_errors: true
+
+    - name: Ensure module failed as expected
+      ansible.builtin.assert:
+        that:
+          - install_chart is failed
+          - '"plain_http requires helm >= 3.13.0" in install_chart.msg'
+      when: tests_should_failed | bool
+
+    - name: Ensure the result command contains the expected option
+      ansible.builtin.assert:
+        that:
+          - install_chart is not failed
+          - '"--plain-http" in install_chart.command'
+      when: not (tests_should_failed | bool)
+
+    # helm_pull
+    - name: Trying to download helm chart with option plain_http
+      kubernetes.core.helm_pull:
+        chart_ref: "{{ chart_test_oci }}"
+        destination: "{{ playbook_dir }}"
+        binary_path: "{{ helm_binary }}"
+        plain_http: true
+      register: pull_chart
+      ignore_errors: true
+
+    - name: Ensure module failed as expected
+      ansible.builtin.assert:
+        that:
+          - pull_chart is failed
+          - '"plain_http requires helm >= 3.13.0" in pull_chart.msg'
+      when: tests_should_failed | bool
+
+    - name: Ensure the result command contains the expected option
+      ansible.builtin.assert:
+        that:
+          - pull_chart is not failed
+          - '"--plain-http" in pull_chart.command'
+      when: not (tests_should_failed | bool)
+
+    # helm_template
+    - name: Test helm render template
+      kubernetes.core.helm_template:
+        binary_path: "{{ helm_binary }}"
+        chart_ref: "{{ chart_test_oci }}"
+        output_dir: "{{ playbook_dir }}"
+        plain_http: true
+      register: template
+      ignore_errors: true
+
+    - name: Ensure module failed as expected
+      ansible.builtin.assert:
+        that:
+          - template is failed
+          - '"plain_http requires helm >= 3.13.0" in template.msg'
+      when: tests_should_failed | bool
+
+    - name: Ensure the result command contains the expected option
+      ansible.builtin.assert:
+        that:
+          - template is not failed
+          - '"--plain-http" in template.command'
+      when: not (tests_should_failed | bool)
+
+  always:
+    - name: Delete temporary file
+      ansible.builtin.file:
+        path: "{{ install_path.path }}"
+        state: absent
+      ignore_errors: true
--- a/tests/integration/targets/helm_plain_http/runme.sh
+++ b/tests/integration/targets/helm_plain_http/runme.sh
@@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+set -eux
+export ANSIBLE_ROLES_PATH=../
+ansible-playbook playbooks/play.yaml -i inventory.ini "$@"