Helm - Fix issue with alternative kubeconfig (#563)

Helm - Fix issue with alternative kubeconfig SUMMARY closes #538 ISSUE TYPE Bugfix Pull Request COMPONENT NAME helm modules Reviewed-by: Mike Graves <mgraves@redhat.com>
2026-05-07 13:32:37 +00:00 · 2023-01-12 10:46:42 +01:00
parent 26cd550bc0
commit 804b9ab57c
20 changed files with 872 additions and 384 deletions
--- a/tests/integration/targets/helm/defaults/main.yml
+++ b/tests/integration/targets/helm/defaults/main.yml
@@ -1,5 +1,5 @@
 ---
-helm_archive_name: "helm-{{ helm_version }}-{{ ansible_system | lower }}-amd64.tar.gz"
+helm_default_archive_name: "helm-{{ helm_version }}-{{ ansible_system | lower }}-amd64.tar.gz"
 helm_binary: "/tmp/helm/{{ ansible_system | lower }}-amd64/helm"

 chart_test: "ingress-nginx"
@@ -14,6 +14,8 @@ chart_test_values:
  revisionHistoryLimit: 0
  myValue: "changed"

+default_kubeconfig_path: "~/.kube/config"
+
 test_namespace:
  - "helm-diff"
  - "helm-envvars"
@@ -26,4 +28,6 @@ test_namespace:
  - "helm-local-path-002"
  - "helm-local-path-003"
  - "helm-dep"
-  - "helm-kubeconfig"
+  - "helm-in-memory-kubeconfig"
+  - "helm-kubeconfig-with-insecure-skip-tls-verify"
+  - "helm-kubeconfig-with-ca-cert"
--- a/tests/integration/targets/helm/tasks/install.yml
+++ b/tests/integration/targets/helm/tasks/install.yml
@@ -6,7 +6,7 @@

 - name: Unarchive Helm binary
  unarchive:
-    src: 'https://get.helm.sh/{{ helm_archive_name }}'
+    src: 'https://get.helm.sh/{{ helm_archive_name | default(helm_default_archive_name) }}'
    dest: /tmp/helm/
    remote_src: yes
  retries: 10
--- a/tests/integration/targets/helm/tasks/run_test.yml
+++ b/tests/integration/targets/helm/tasks/run_test.yml
@@ -43,8 +43,8 @@
 - name: Test Skip CRDS feature in helm chart install
  include_tasks: test_crds.yml

- name: Test in-memory kubeconfig
-  include_tasks: tests_in_memory_kubeconfig.yml
+- name: Test helm modules with custom kube config, validate_certs and/or ca_cert
+  include_tasks: tests_helm_kubeconfig.yml

 - name: Test helm pull
  include_tasks: tests_helm_pull.yml
--- a/tests/integration/targets/helm/tasks/tests_in_memory_kubeconfig.yml
+++ b/tests/integration/targets/helm/tasks/tests_in_memory_kubeconfig.yml
@@ -1,30 +1,41 @@
 ---
+- name: create temporary directory
+  tempfile:
+    state: directory
+    suffix: .helm
+  register: _dir
+
+- name: Install helm binary
+  block:
+    - name: "Install {{ test_helm_version }}"
+      include_tasks: install.yml
+      vars:
+        helm_archive_name: "helm-{{ test_helm_version }}-{{ ansible_system | lower }}-amd64.tar.gz"
+
+  when: test_helm_version is defined
+
 - set_fact:
-    custom_kubeconfig_path: "~/.kube/customconfig"
-    default_kubeconfig_path: "~/.kube/config"
-    helm_in_mem_kubeconf_ns: "{{ test_namespace[11] }}"
+    saved_kubeconfig_path: "{{ _dir.path }}/config"

 - block:
    - name: Copy default kubeconfig
      copy:
        remote_src: true
        src: "{{ default_kubeconfig_path }}"
-        dest: "{{ custom_kubeconfig_path }}"
+        dest: "{{ saved_kubeconfig_path }}"

    - name: Delete default kubeconfig
      file:
        path: "{{ default_kubeconfig_path }}"
        state: absent

-    - set_fact:
-        custom_kubeconfig: "{{ lookup('file', custom_kubeconfig_path) | from_yaml }}"
-      no_log: true
-
    # helm_plugin and helm_plugin_info
    - name: Install subenv plugin
      helm_plugin:
        binary_path: "{{ helm_binary }}"
-        kubeconfig: "{{ custom_kubeconfig }}"
+        kubeconfig: "{{ test_kubeconfig | default(omit) }}"
+        validate_certs: "{{ test_validate_certs | default(omit) }}"
+        ca_cert: "{{ test_ca_cert | default(omit) }}"
        state: present
        plugin_path: https://github.com/hydeenoble/helm-subenv
      register: plugin
@@ -36,7 +47,9 @@
    - name: Gather info about all plugin
      helm_plugin_info:
        binary_path: "{{ helm_binary }}"
-        kubeconfig: "{{ custom_kubeconfig }}"
+        kubeconfig: "{{ test_kubeconfig | default(omit) }}"
+        validate_certs: "{{ test_validate_certs | default(omit) }}"
+        ca_cert: "{{ test_ca_cert | default(omit) }}"
      register: plugin_info

    - assert:
@@ -49,7 +62,9 @@
      helm_repository:
        binary_path: "{{ helm_binary }}"
        name: test_bitnami
-        kubeconfig: "{{ custom_kubeconfig }}"
+        kubeconfig: "{{ test_kubeconfig | default(omit) }}"
+        validate_certs: "{{ test_validate_certs | default(omit) }}"
+        ca_cert: "{{ test_ca_cert | default(omit) }}"
        repo_url: https://charts.bitnami.com/bitnami
      register: repository

@@ -63,9 +78,11 @@
        binary_path: "{{ helm_binary }}"
        name: rabbitmq
        chart_ref: test_bitnami/rabbitmq
-        namespace: "{{ helm_in_mem_kubeconf_ns }}"
+        namespace: "{{ helm_namespace }}"
        update_repo_cache: true
-        kubeconfig: "{{ custom_kubeconfig }}"
+        kubeconfig: "{{ test_kubeconfig | default(omit) }}"
+        validate_certs: "{{ test_validate_certs | default(omit) }}"
+        ca_cert: "{{ test_ca_cert | default(omit) }}"
        create_namespace: true
      register: deploy

@@ -77,9 +94,11 @@
    - name: Get chart content
      helm_info:
        binary_path: "{{ helm_binary }}"
-        kubeconfig: "{{ custom_kubeconfig }}"
+        kubeconfig: "{{ test_kubeconfig | default(omit) }}"
+        validate_certs: "{{ test_validate_certs | default(omit) }}"
+        ca_cert: "{{ test_ca_cert | default(omit) }}"
        name: "rabbitmq"
-        namespace: "{{ helm_in_mem_kubeconf_ns }}"
+        namespace: "{{ helm_namespace }}"
      register: chart_info

    - name: Assert chart was successfully deployed
@@ -93,8 +112,10 @@
      helm:
        binary_path: "{{ helm_binary }}"
        name: rabbitmq
-        namespace: "{{ helm_in_mem_kubeconf_ns }}"
-        kubeconfig: "{{ custom_kubeconfig }}"
+        namespace: "{{ helm_namespace }}"
+        kubeconfig: "{{ test_kubeconfig | default(omit) }}"
+        validate_certs: "{{ test_validate_certs | default(omit) }}"
+        ca_cert: "{{ test_ca_cert | default(omit) }}"
        state: absent
      register: remove_chart

@@ -106,9 +127,11 @@
    - name: Get chart content
      helm_info:
        binary_path: "{{ helm_binary }}"
-        kubeconfig: "{{ custom_kubeconfig }}"
+        kubeconfig: "{{ test_kubeconfig | default(omit) }}"
+        validate_certs: "{{ test_validate_certs | default(omit) }}"
+        ca_cert: "{{ test_ca_cert | default(omit) }}"
        name: "rabbitmq"
-        namespace: "{{ helm_in_mem_kubeconf_ns }}"
+        namespace: "{{ helm_namespace }}"
      register: chart_info

    - name: Assert chart was successfully deployed
@@ -120,7 +143,9 @@
      helm_repository:
        binary_path: "{{ helm_binary }}"
        name: test_bitnami
-        kubeconfig: "{{ custom_kubeconfig }}"
+        kubeconfig: "{{ test_kubeconfig | default(omit) }}"
+        validate_certs: "{{ test_validate_certs | default(omit) }}"
+        ca_cert: "{{ test_ca_cert | default(omit) }}"
        state: absent
      register: remove

@@ -133,16 +158,23 @@
    - name: Return kubeconfig
      copy:
        remote_src: true
-        src: "{{ custom_kubeconfig_path }}"
+        src: "{{ saved_kubeconfig_path }}"
        dest: "{{ default_kubeconfig_path }}"
      ignore_errors: true

-    - name: Delete custom config
+    - name: Delete temporary directory
      file:
-        path: "{{ custom_kubeconfig_path }}"
+        path: "{{ _dir.path }}"
        state: absent
      ignore_errors: true

+    - name: Delete temporary directory for helm install
+      file:
+        path: "{{ _helm_install.path }}"
+        state: absent
+      ignore_errors: true
+      when: _helm_install is defined
+
    - name: Remove subenv plugin
      helm_plugin:
        binary_path: "{{ helm_binary }}"
@@ -153,7 +185,7 @@
    - name: Delete namespace
      k8s:
        kind: Namespace
-        name: "{{ helm_in_mem_kubeconf_ns }}"
+        name: "{{ helm_namespace }}"
      ignore_errors: true

    - name: Delete helm repository
--- a/tests/integration/targets/helm/tasks/tests_helm_diff.yml
+++ b/tests/integration/targets/helm/tasks/tests_helm_diff.yml
@@ -2,6 +2,7 @@
 - name: Test helm diff functionality
  vars:
    test_chart_ref: "/tmp/test-chart"
+    redis_chart_version: '17.0.5'

  block:
    - set_fact:
@@ -182,7 +183,7 @@
        chart_ref: redis
        namespace: "{{ helm_namespace }}"
        name: redis-chart
-        chart_version: '16.0.0'
+        chart_version: "{{ redis_chart_version }}"
        release_values: "{{ redis_chart_values }}"

    - name: Upgrade Redis chart
@@ -192,7 +193,7 @@
        chart_ref: redis
        namespace: "{{ helm_namespace }}"
        name: redis-chart
-        chart_version: '16.0.0'
+        chart_version: "{{ redis_chart_version }}"
        release_values: "{{ redis_chart_values }}"
      check_mode: yes
      register: redis_upgrade
@@ -226,7 +227,7 @@
        chart_ref: redis
        namespace: "{{ helm_namespace }}"
        name: redis-chart
-        chart_version: '16.0.0'
+        chart_version: "{{ redis_chart_version }}"
        release_values: "{{ redis_chart_values }}"
      check_mode: yes
      register: redis_upgrade_2
--- a/tests/integration/targets/helm/tasks/tests_helm_kubeconfig.yml
+++ b/tests/integration/targets/helm/tasks/tests_helm_kubeconfig.yml
@@ -0,0 +1,22 @@
+---
+- name: Test helm with in-memory kubeconfig
+  include_tasks: "tests_kubeconfig/from_in_memory_kubeconfig.yml"
+
+- name: Test helm with custom kubeconfig and validate_certs=false
+  include_tasks: "tests_kubeconfig/from_kubeconfig_with_validate_certs.yml"
+  loop_control:
+    loop_var: test_helm_version
+  with_items:
+    - "v3.10.3"
+    - "v3.8.2"
+
+- name: Test helm with custom kubeconfig and ca_cert
+  include_tasks: "tests_kubeconfig/from_kubeconfig_with_cacert.yml"
+  loop_control:
+    loop_var: test_helm_version
+  with_items:
+    - "v3.5.1"
+    - "v3.4.2"
+
+- name: install default helm archive version
+  include_tasks: install.yml
--- a/tests/integration/targets/helm/tasks/tests_kubeconfig/from_in_memory_kubeconfig.yml
+++ b/tests/integration/targets/helm/tasks/tests_kubeconfig/from_in_memory_kubeconfig.yml
@@ -0,0 +1,9 @@
+---
+- set_fact:
+    custom_config: "{{ lookup('file', default_kubeconfig_path | expanduser) | from_yaml }}"
+
+- name: Test helm modules using in-memory kubeconfig
+  include_tasks: "../tests_helm_auth.yml"
+  vars:
+    test_kubeconfig: "{{ custom_config }}"
+    helm_namespace: "{{ test_namespace[11] }}"
--- a/tests/integration/targets/helm/tasks/tests_kubeconfig/from_kubeconfig_with_cacert.yml
+++ b/tests/integration/targets/helm/tasks/tests_kubeconfig/from_kubeconfig_with_cacert.yml
@@ -0,0 +1,76 @@
+---
+- set_fact:
+    content: "{{ lookup('file', default_kubeconfig_path) | from_yaml }}"
+    custom_content: {}
+    clusters: []
+
+- set_fact:
+    custom_content: "{{ custom_content | combine({item.key: item.value}) }}"
+  when: "{{ item.key not in ['clusters'] }}"
+  with_dict: "{{ content }}"
+
+- set_fact:
+    clusters: "{{ clusters + [item | combine({'cluster': {'certificate-authority-data': omit}}, recursive=true)] }}"
+  with_items: "{{ content.clusters }}"
+
+- set_fact:
+    custom_content: "{{ custom_content | combine({'clusters': clusters}) }}"
+
+- name: create temporary file for ca_cert
+  tempfile:
+    suffix: .cacert
+  register: ca_file
+
+- name: copy content into certificate file
+  copy:
+    content: "{{ content.clusters.0.cluster['certificate-authority-data'] | b64decode }}"
+    dest: "{{ ca_file.path }}"
+
+- name: create temporary file to save config in
+  tempfile:
+    suffix: .config
+  register: tfile
+
+- name: create custom config
+  copy:
+    content: "{{ custom_content | to_yaml }}"
+    dest: "{{ tfile.path }}"
+
+- block:
+    - name: Install Redis chart without ca_cert (should fail)
+      helm:
+        binary_path: "{{ helm_binary }}"
+        chart_repo_url: https://charts.bitnami.com/bitnami
+        chart_ref: redis
+        namespace: "{{ helm_namespace }}"
+        create_namespace: true
+        name: redis-chart
+        chart_version: '17.0.5'
+        release_values:
+          architecture: standalone
+        release_state: present
+        kubeconfig: "{{ tfile.path }}"
+      ignore_errors: true
+      register: _install
+
+    - name: assert task failed
+      assert:
+        that:
+          - _install is failed
+          - '"Error: Kubernetes cluster unreachable" in _install.msg'
+
+    - name: Test helm modules using in-memory kubeconfig
+      include_tasks: "../tests_helm_auth.yml"
+      vars:
+        test_kubeconfig: "{{ tfile.path }}"
+        test_ca_cert: "{{ ca_file.path }}"
+
+  vars:
+    helm_namespace: "{{ test_namespace[13] }}"
+
+  always:
+    - name: Delete temporary file
+      file:
+        state: absent
+        path: "{{ tfile.path }}"
+      ignore_errors: true
--- a/tests/integration/targets/helm/tasks/tests_kubeconfig/from_kubeconfig_with_validate_certs.yml
+++ b/tests/integration/targets/helm/tasks/tests_kubeconfig/from_kubeconfig_with_validate_certs.yml
@@ -0,0 +1,67 @@
+---
+- set_fact:
+    content: "{{ lookup('file', default_kubeconfig_path) | from_yaml }}"
+    custom_content: {}
+    clusters: []
+
+- set_fact:
+    custom_content: "{{ custom_content | combine({item.key: item.value}) }}"
+  when: "{{ item.key not in ['clusters'] }}"
+  with_dict: "{{ content }}"
+
+- set_fact:
+    clusters: "{{ clusters + [item | combine({'cluster': {'certificate-authority-data': omit}}, recursive=true)] }}"
+  with_items: "{{ content.clusters }}"
+
+- set_fact:
+    custom_content: "{{ custom_content | combine({'clusters': clusters}) }}"
+
+- name: create temporary file to save config in
+  tempfile:
+    suffix: .config
+  register: tfile
+
+- name: create custom config
+  copy:
+    content: "{{ custom_content | to_yaml }}"
+    dest: "{{ tfile.path }}"
+
+- block:
+    - name: Install Redis chart without validate_certs=false (should fail)
+      helm:
+        binary_path: "{{ helm_binary }}"
+        chart_repo_url: https://charts.bitnami.com/bitnami
+        chart_ref: redis
+        namespace: "{{ helm_namespace }}"
+        create_namespace: true
+        name: redis-chart
+        chart_version: '17.0.5'
+        release_values:
+          architecture: standalone
+        release_state: present
+        kubeconfig: "{{ tfile.path }}"
+        validate_certs: true
+      ignore_errors: true
+      register: _install
+
+    - name: assert task failed
+      assert:
+        that:
+          - _install is failed
+          - '"Error: Kubernetes cluster unreachable" in _install.msg'
+
+    - name: Test helm modules using in-memory kubeconfig
+      include_tasks: "../tests_helm_auth.yml"
+      vars:
+        test_kubeconfig: "{{ tfile.path }}"
+        test_validate_certs: false
+
+  vars:
+    helm_namespace: "{{ test_namespace[12] }}"
+
+  always:
+    - name: Delete temporary file
+      file:
+        state: absent
+        path: "{{ tfile.path }}"
+      ignore_errors: true